very fast at protocol indexer with flexible filtering, xrpc queries, cursor-backed event stream, and more, built on fjall
rust
fjall
at-protocol
atproto
indexer
[firehose] 4xx is also throttle worthy now, also handle rustls AlertReceived better
+22
-3
+3
-1
src/ingest/firehose.rs
+3
-1
src/ingest/firehose.rs
···
32
32
WsError::Io(e) if is_io_error_their_fault(e) || is_tls_cert_error(e) => return true,
33
33
WsError::CannotResolveHost => return true,
34
34
WsError::Upgrade(WsUpgradeError::DidNotSwitchProtocols(status))
35
-
if (*status >= 200 && *status < 300) || is_status_their_fault(*status) =>
35
+
if (*status >= 400 && *status < 500) // its not my fault :)
36
+
|| (*status >= 200 && *status < 300)
37
+
|| is_status_their_fault(*status) =>
36
38
{
37
39
return true;
38
40
}
+19
-2
src/util/mod.rs
+19
-2
src/util/mod.rs
···
62
62
| ConnectionReset
63
63
| ConnectionAborted
64
64
| TimedOut
65
+
| UnexpectedEof
65
66
)
66
67
}
67
68
68
69
pub fn is_tls_error_their_fault(e: &rustls::Error) -> bool {
70
+
use rustls::AlertDescription;
69
71
use rustls::Error::*;
72
+
73
+
if let AlertReceived(alert) = e {
74
+
return !matches!(
75
+
alert,
76
+
// these mean we did something wrong
77
+
AlertDescription::BadCertificate
78
+
| AlertDescription::CertificateUnknown
79
+
| AlertDescription::CertificateRequired
80
+
| AlertDescription::UnknownCA
81
+
| AlertDescription::AccessDenied
82
+
| AlertDescription::InsufficientSecurity
83
+
| AlertDescription::UnknownPSKIdentity
84
+
);
85
+
}
86
+
70
87
matches!(
71
88
*e,
72
89
InvalidCertificate(_)
···
79
96
| UnsupportedNameType
80
97
| DecryptError
81
98
| PeerIncompatible(_)
82
-
| AlertReceived(_)
83
99
| InvalidCertRevocationList(_)
84
100
| InvalidEncryptedClientHello(_)
85
101
| PeerSentOversizedRecord
86
-
| NoApplicationProtocol
102
+
| NoApplicationProtocol // this is not exhaustive, so remember to look at rustls::Error on version changes
87
103
)
88
104
}
89
105
···
98
114
| 436 // some stupid ass error code idk, some domain park uses this i think???
99
115
| 403 // FORBIDDEN: sob
100
116
| 401 // UNAUTHORIZED: sob
117
+
| 410 // GONE: sob
101
118
);
102
119
}
103
120