feat: Implement rudimentary tokenserver route in syncstorage-rs

[fzzzy]

Description

Add the hacky initial tokenserver route. Uses an existing tokenserver mysql database.

Testing

First, you need python3 and to run pip3 install tokenlib.

Need a tokenserver mysql database:

create table services (id int(11) auto_increment not null, service varchar(30), pattern varchar(128), primary key(id));
create table nodes (
  id bigint(20) auto_increment not null, service int(11) not null,
  node varchar(64) not null, available int(11) not null, current_load int(11) not null,
  capacity int(11) not null, downed int(11) not null, backoff int(11) not null,
  primary key(id), foreign key(service) references services(id)
);
create table users (
  uid bigint(20) auto_increment not null, service int(11) not null,
  email varchar(255) not null, generation bigint(20) not null,
  client_state varchar(32) not null, created_at bigint(20) not null,
  replaced_at bigint(20), nodeid bigint(20) not null,
  keys_changed_at bigint(20), primary key(uid),
  foreign key(nodeid) references nodes(id)
);

Run syncstorage-rs.

In firefox, create a new profile. In about:config, set identity.sync.tokenserver.uri to http://localhost:8000/1.0/sync/1.5

Log in to sync with your normal prod fxa credentials. It should be able to put your stuff in your localhost syncstorage-rs.

Issue(s)

Fix #864

[jrconlin]

It looks ok, but still seems a bit WIP.

I'd feel better with less println! and hard coded values, particularly if we're going to land this in master.

[fzzzy]

There's obviously a tension between stuff being wip and landing on master. As the new tokenserver route is not used yet, I feel it is prudent to land rougher code since it breaks the larger task up into smaller chunks, which we have been having a difficult time doing.

[pjenvey]

Now that this route does something other than nothing, we should probably disable this during development somehow on the live service. A setting or maybe something as simple as detecting a debug build (but note the docker-compose tests in ci run against release mode)

[fzzzy]

The docker-compose tests don't hit this tokenserver yet, so that should be fine.

[fzzzy]

You have to go far out of your way to configure your firefox to use this new tokenserver route and it's not documented anywhere, so does this really buy anything? [edit] I'm not sure if ops has a whitelist of urls on the nginx frontend. If they do, presumably nobody would even be able to hit this route on production?

[pjenvey]

I'll admit I'm being pedantic but I think it makes sense at some point to disable the route when it's not needed anyway (thinking about it more, presence of TOKENSERVER_DATABASE_URL would be a good toggle).

Definitely a long shot anyone hits this endpoint but I was more concerned about it being untested/load tested, particularly w/ this handler potentially loading the Python runtime. So I'd rather just disable it sooner rather than later so there's one less thing on prod to worry about while it's still under development.

[jrconlin]

nit: Tempted to move these up a bit in a future release. They'd be the trigger that @pjenvey is looking for and would save the cycles of building the token_data above.