dandri/simplexmq
1
0
Fork 0
mirror of https://github.com/simplex-chat/simplexmq.git synced 2026-03-30 22:55:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ep/spec-2
simplexmq/spec/modules/Simplex/Messaging/Server/CLI.md
Evgeny @ SimpleX Chat f7be44981a SMP router specs
2026-03-12 18:13:12 +00:00

2.4 KiB
Raw Permalink Blame History

Simplex.Messaging.Server.CLI

CLI argument parsing, INI configuration reading, X.509 certificate generation, and utility functions.

Source: CLI.hs

strictIni / iniOnOff — error semantics

strictIni calls error on missing INI keys — no structured error, no recovery. readStrictIni chains this with read, so both "key missing" and "key present but unparseable" produce exceptions indistinguishable by callers.

iniOnOff returns Maybe Bool: "on" → Just True, "off" → Just False, missing key → Nothing, any other value → error (not a parse failure). This tri-valued logic drives the implicit-default pattern in Main.md.

iniTransports — port reuse prevention

SMP ports are parsed first. When explicit WebSocket ports are provided, they are filtered to exclude already-used SMP ports (ports ws \\ smpPorts). However, when "websockets" is "on" with no explicit port, it defaults to ["80"] without filtering against SMP ports. This means if SMP is also on port 80, the default WebSocket configuration would conflict.

iniDBOptions — schema creation disabled at CLI

When reading database options from INI, createSchema is always set to False regardless of INI content. This enforces a security invariant: database schemas must be created manually or by migration, never automatically by the router.

createServerX509_ — external tool dependency

Certificate generation shells out to openssl commands via readCreateProcess, which throws IOError on non-zero exit codes. Failures are thus detected but propagate as uncaught exceptions — no structured error handling wraps the certificate generation sequence.

checkSavedFingerprint — startup invariant

Fingerprint is extracted from the CA certificate and saved during init. On every router start, the saved fingerprint is compared against the current certificate. Mismatch → startup failure. See Main.md#initializeserver--fingerprint-invariant.

genOnline — existing certificate dependency

When signAlgorithm_ or commonName_ are not provided, genOnline reads them from the existing certificate. This creates a hidden dependency on current certificate state that's not visible from the function signature. Expects exactly one certificate in the PEM file.

Reference in New Issue View Git Blame Copy Permalink