itsi-server 0.1.1 → 0.1.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of itsi-server might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Cargo.lock +4487 -0
- data/Cargo.toml +7 -0
- data/README.md +6 -0
- data/Rakefile +8 -1
- data/exe/itsi +141 -46
- data/ext/itsi_acme/Cargo.toml +86 -0
- data/ext/itsi_acme/examples/high_level.rs +63 -0
- data/ext/itsi_acme/examples/high_level_warp.rs +52 -0
- data/ext/itsi_acme/examples/low_level.rs +87 -0
- data/ext/itsi_acme/examples/low_level_axum.rs +66 -0
- data/ext/itsi_acme/src/acceptor.rs +81 -0
- data/ext/itsi_acme/src/acme.rs +354 -0
- data/ext/itsi_acme/src/axum.rs +86 -0
- data/ext/itsi_acme/src/cache.rs +39 -0
- data/ext/itsi_acme/src/caches/boxed.rs +80 -0
- data/ext/itsi_acme/src/caches/composite.rs +69 -0
- data/ext/itsi_acme/src/caches/dir.rs +106 -0
- data/ext/itsi_acme/src/caches/mod.rs +11 -0
- data/ext/itsi_acme/src/caches/no.rs +78 -0
- data/ext/itsi_acme/src/caches/test.rs +136 -0
- data/ext/itsi_acme/src/config.rs +172 -0
- data/ext/itsi_acme/src/https_helper.rs +69 -0
- data/ext/itsi_acme/src/incoming.rs +142 -0
- data/ext/itsi_acme/src/jose.rs +161 -0
- data/ext/itsi_acme/src/lib.rs +142 -0
- data/ext/itsi_acme/src/resolver.rs +59 -0
- data/ext/itsi_acme/src/state.rs +424 -0
- data/ext/itsi_error/Cargo.toml +3 -0
- data/ext/itsi_error/src/lib.rs +98 -24
- data/ext/itsi_error/target/debug/build/clang-sys-da71b0344e568175/out/common.rs +355 -0
- data/ext/itsi_error/target/debug/build/clang-sys-da71b0344e568175/out/dynamic.rs +276 -0
- data/ext/itsi_error/target/debug/build/clang-sys-da71b0344e568175/out/macros.rs +49 -0
- data/ext/itsi_error/target/debug/build/rb-sys-49f554618693db24/out/bindings-0.9.110-mri-arm64-darwin23-3.4.2.rs +8865 -0
- data/ext/itsi_error/target/debug/incremental/itsi_error-1mmt5sux7jb0i/s-h510z7m8v9-0bxu7yd.lock +0 -0
- data/ext/itsi_error/target/debug/incremental/itsi_error-2vn3jey74oiw0/s-h5113n0e7e-1v5qzs6.lock +0 -0
- data/ext/itsi_error/target/debug/incremental/itsi_error-37uv9dicz7awp/s-h510ykifhe-0tbnep2.lock +0 -0
- data/ext/itsi_error/target/debug/incremental/itsi_error-37uv9dicz7awp/s-h510yyocpj-0tz7ug7.lock +0 -0
- data/ext/itsi_error/target/debug/incremental/itsi_error-37uv9dicz7awp/s-h510z0xc8g-14ol18k.lock +0 -0
- data/ext/itsi_error/target/debug/incremental/itsi_error-3g5qf4y7d54uj/s-h5113n0e7d-1trk8on.lock +0 -0
- data/ext/itsi_error/target/debug/incremental/itsi_error-3lpfftm45d3e2/s-h510z7m8r3-1pxp20o.lock +0 -0
- data/ext/itsi_error/target/debug/incremental/itsi_error-3o4qownhl3d7n/s-h510ykifek-1uxasnk.lock +0 -0
- data/ext/itsi_error/target/debug/incremental/itsi_error-3o4qownhl3d7n/s-h510yyocki-11u37qm.lock +0 -0
- data/ext/itsi_error/target/debug/incremental/itsi_error-3o4qownhl3d7n/s-h510z0xc93-0pmy0zm.lock +0 -0
- data/ext/itsi_instrument_entry/Cargo.toml +15 -0
- data/ext/itsi_instrument_entry/src/lib.rs +31 -0
- data/ext/itsi_rb_helpers/Cargo.toml +3 -0
- data/ext/itsi_rb_helpers/src/heap_value.rs +139 -0
- data/ext/itsi_rb_helpers/src/lib.rs +140 -10
- data/ext/itsi_rb_helpers/target/debug/build/clang-sys-da71b0344e568175/out/common.rs +355 -0
- data/ext/itsi_rb_helpers/target/debug/build/clang-sys-da71b0344e568175/out/dynamic.rs +276 -0
- data/ext/itsi_rb_helpers/target/debug/build/clang-sys-da71b0344e568175/out/macros.rs +49 -0
- data/ext/itsi_rb_helpers/target/debug/build/rb-sys-eb9ed4ff3a60f995/out/bindings-0.9.110-mri-arm64-darwin23-3.4.2.rs +8865 -0
- data/ext/itsi_rb_helpers/target/debug/incremental/itsi_rb_helpers-040pxg6yhb3g3/s-h5113n7a1b-03bwlt4.lock +0 -0
- data/ext/itsi_rb_helpers/target/debug/incremental/itsi_rb_helpers-131g1u4dzkt1a/s-h51113xnh3-1eik1ip.lock +0 -0
- data/ext/itsi_rb_helpers/target/debug/incremental/itsi_rb_helpers-131g1u4dzkt1a/s-h5111704jj-0g4rj8x.lock +0 -0
- data/ext/itsi_rb_helpers/target/debug/incremental/itsi_rb_helpers-1q2d3drtxrzs5/s-h5113n79yl-0bxcqc5.lock +0 -0
- data/ext/itsi_rb_helpers/target/debug/incremental/itsi_rb_helpers-374a9h7ovycj0/s-h51113xoox-10de2hp.lock +0 -0
- data/ext/itsi_rb_helpers/target/debug/incremental/itsi_rb_helpers-374a9h7ovycj0/s-h5111704w7-0vdq7gq.lock +0 -0
- data/ext/itsi_scheduler/Cargo.toml +24 -0
- data/ext/itsi_scheduler/src/itsi_scheduler/io_helpers.rs +56 -0
- data/ext/itsi_scheduler/src/itsi_scheduler/io_waiter.rs +44 -0
- data/ext/itsi_scheduler/src/itsi_scheduler/timer.rs +44 -0
- data/ext/itsi_scheduler/src/itsi_scheduler.rs +308 -0
- data/ext/itsi_scheduler/src/lib.rs +38 -0
- data/ext/itsi_server/Cargo.lock +2956 -0
- data/ext/itsi_server/Cargo.toml +75 -14
- data/ext/itsi_server/extconf.rb +1 -1
- data/ext/itsi_server/src/default_responses/html/401.html +68 -0
- data/ext/itsi_server/src/default_responses/html/403.html +68 -0
- data/ext/itsi_server/src/default_responses/html/404.html +68 -0
- data/ext/itsi_server/src/default_responses/html/413.html +71 -0
- data/ext/itsi_server/src/default_responses/html/429.html +68 -0
- data/ext/itsi_server/src/default_responses/html/500.html +71 -0
- data/ext/itsi_server/src/default_responses/html/502.html +71 -0
- data/ext/itsi_server/src/default_responses/html/503.html +68 -0
- data/ext/itsi_server/src/default_responses/html/504.html +69 -0
- data/ext/itsi_server/src/default_responses/html/index.html +238 -0
- data/ext/itsi_server/src/default_responses/json/401.json +6 -0
- data/ext/itsi_server/src/default_responses/json/403.json +6 -0
- data/ext/itsi_server/src/default_responses/json/404.json +6 -0
- data/ext/itsi_server/src/default_responses/json/413.json +6 -0
- data/ext/itsi_server/src/default_responses/json/429.json +6 -0
- data/ext/itsi_server/src/default_responses/json/500.json +6 -0
- data/ext/itsi_server/src/default_responses/json/502.json +6 -0
- data/ext/itsi_server/src/default_responses/json/503.json +6 -0
- data/ext/itsi_server/src/default_responses/json/504.json +6 -0
- data/ext/itsi_server/src/default_responses/mod.rs +11 -0
- data/ext/itsi_server/src/env.rs +43 -0
- data/ext/itsi_server/src/lib.rs +132 -40
- data/ext/itsi_server/src/prelude.rs +2 -0
- data/ext/itsi_server/src/ruby_types/itsi_body_proxy/big_bytes.rs +109 -0
- data/ext/itsi_server/src/ruby_types/itsi_body_proxy/mod.rs +143 -0
- data/ext/itsi_server/src/ruby_types/itsi_grpc_call.rs +344 -0
- data/ext/itsi_server/src/ruby_types/itsi_grpc_response_stream/mod.rs +264 -0
- data/ext/itsi_server/src/ruby_types/itsi_http_request.rs +345 -0
- data/ext/itsi_server/src/ruby_types/itsi_http_response.rs +391 -0
- data/ext/itsi_server/src/ruby_types/itsi_server/file_watcher.rs +225 -0
- data/ext/itsi_server/src/ruby_types/itsi_server/itsi_server_config.rs +506 -0
- data/ext/itsi_server/src/ruby_types/itsi_server.rs +84 -0
- data/ext/itsi_server/src/ruby_types/mod.rs +48 -0
- data/ext/itsi_server/src/server/binds/bind.rs +201 -0
- data/ext/itsi_server/src/server/binds/bind_protocol.rs +37 -0
- data/ext/itsi_server/src/server/binds/listener.rs +437 -0
- data/ext/itsi_server/src/server/binds/mod.rs +4 -0
- data/ext/itsi_server/src/server/binds/tls/locked_dir_cache.rs +132 -0
- data/ext/itsi_server/src/server/binds/tls.rs +270 -0
- data/ext/itsi_server/src/server/byte_frame.rs +32 -0
- data/ext/itsi_server/src/server/http_message_types.rs +97 -0
- data/ext/itsi_server/src/server/io_stream.rs +105 -0
- data/ext/itsi_server/src/server/lifecycle_event.rs +12 -0
- data/ext/itsi_server/src/server/middleware_stack/middleware.rs +170 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/allow_list.rs +56 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/auth_api_key.rs +87 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/auth_basic.rs +86 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/auth_jwt.rs +338 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/cache_control.rs +142 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/compression.rs +289 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/cors.rs +292 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/csp.rs +179 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/deny_list.rs +55 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/error_response/default_responses.rs +190 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/error_response.rs +157 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/etag.rs +195 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/header_interpretation.rs +82 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/intrusion_protection.rs +201 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/log_requests.rs +82 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/max_body.rs +47 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/mod.rs +110 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/proxy.rs +414 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/rate_limit.rs +131 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/redirect.rs +76 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/request_headers.rs +44 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/response_headers.rs +36 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/ruby_app.rs +126 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/static_assets.rs +181 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/static_response.rs +55 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/string_rewrite.rs +163 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/token_source.rs +12 -0
- data/ext/itsi_server/src/server/middleware_stack/mod.rs +345 -0
- data/ext/itsi_server/src/server/mod.rs +12 -5
- data/ext/itsi_server/src/server/process_worker.rs +247 -0
- data/ext/itsi_server/src/server/request_job.rs +11 -0
- data/ext/itsi_server/src/server/serve_strategy/cluster_mode.rs +348 -0
- data/ext/itsi_server/src/server/serve_strategy/mod.rs +30 -0
- data/ext/itsi_server/src/server/serve_strategy/single_mode.rs +444 -0
- data/ext/itsi_server/src/server/signal.rs +76 -0
- data/ext/itsi_server/src/server/size_limited_incoming.rs +101 -0
- data/ext/itsi_server/src/server/thread_worker.rs +475 -0
- data/ext/itsi_server/src/services/cache_store.rs +74 -0
- data/ext/itsi_server/src/services/itsi_http_service.rs +239 -0
- data/ext/itsi_server/src/services/mime_types.rs +1416 -0
- data/ext/itsi_server/src/services/mod.rs +6 -0
- data/ext/itsi_server/src/services/password_hasher.rs +83 -0
- data/ext/itsi_server/src/services/rate_limiter.rs +569 -0
- data/ext/itsi_server/src/services/static_file_server.rs +1326 -0
- data/ext/itsi_tracing/Cargo.toml +5 -0
- data/ext/itsi_tracing/src/lib.rs +346 -7
- data/ext/itsi_tracing/target/debug/incremental/itsi_tracing-0994n8rpvvt9m/s-h510hfz1f6-1kbycmq.lock +0 -0
- data/ext/itsi_tracing/target/debug/incremental/itsi_tracing-0bob7bf4yq34i/s-h5113125h5-0lh4rag.lock +0 -0
- data/ext/itsi_tracing/target/debug/incremental/itsi_tracing-2fcodulrxbbxo/s-h510h2infk-0hp5kjw.lock +0 -0
- data/ext/itsi_tracing/target/debug/incremental/itsi_tracing-2iak63r1woi1l/s-h510h2in4q-0kxfzw1.lock +0 -0
- data/ext/itsi_tracing/target/debug/incremental/itsi_tracing-2kk4qj9gn5dg2/s-h5113124kv-0enwon2.lock +0 -0
- data/ext/itsi_tracing/target/debug/incremental/itsi_tracing-2mwo0yas7dtw4/s-h510hfz1ha-1udgpei.lock +0 -0
- data/lib/itsi/http_request/response_status_shortcodes.rb +74 -0
- data/lib/itsi/http_request.rb +187 -0
- data/lib/itsi/http_response.rb +41 -0
- data/lib/itsi/passfile.rb +109 -0
- data/lib/itsi/server/config/config_helpers.rb +93 -0
- data/lib/itsi/server/config/dsl.rb +626 -0
- data/lib/itsi/server/config/known_paths/KitchensinkDirectories.txt +2346 -0
- data/lib/itsi/server/config/known_paths/Randomfiles.txt +24 -0
- data/lib/itsi/server/config/known_paths/UnixDotfiles.txt +52 -0
- data/lib/itsi/server/config/known_paths/backdoors/ASP_CommonBackdoors.txt +29 -0
- data/lib/itsi/server/config/known_paths/backdoors/bot_control_panels.txt +1668 -0
- data/lib/itsi/server/config/known_paths/backdoors/shells.txt +1167 -0
- data/lib/itsi/server/config/known_paths/cgi/CGI_HTTP_POST.txt +7 -0
- data/lib/itsi/server/config/known_paths/cgi/CGI_HTTP_POST_Windows.txt +6 -0
- data/lib/itsi/server/config/known_paths/cgi/CGI_Microsoft.txt +79 -0
- data/lib/itsi/server/config/known_paths/cgi/CGI_XPlatform.txt +3948 -0
- data/lib/itsi/server/config/known_paths/cms/README.md +5 -0
- data/lib/itsi/server/config/known_paths/cms/drupal_plugins.txt +6320 -0
- data/lib/itsi/server/config/known_paths/cms/drupal_themes.txt +828 -0
- data/lib/itsi/server/config/known_paths/cms/joomla_plugins.txt +224 -0
- data/lib/itsi/server/config/known_paths/cms/joomla_themes.txt +30 -0
- data/lib/itsi/server/config/known_paths/cms/php-nuke.txt +2142 -0
- data/lib/itsi/server/config/known_paths/cms/wordpress.txt +1566 -0
- data/lib/itsi/server/config/known_paths/cms/wp_common_theme_files.txt +46 -0
- data/lib/itsi/server/config/known_paths/cms/wp_plugins.txt +13366 -0
- data/lib/itsi/server/config/known_paths/cms/wp_plugins_full.txt +68662 -0
- data/lib/itsi/server/config/known_paths/cms/wp_plugins_top225.txt +225 -0
- data/lib/itsi/server/config/known_paths/cms/wp_themes.readme +12 -0
- data/lib/itsi/server/config/known_paths/cms/wp_themes.txt +7336 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/3CharExtBrute.txt +17576 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/CommonWebExtensions.txt +80 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/Extensions.Backup.txt +14 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/Extensions.Common.txt +865 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/Extensions.Compressed.txt +186 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/Extensions.Mostcommon.txt +30 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/Extensions.Skipfish.txt +93 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/WordlistSkipfish.txt +1918 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/copy_of.txt +8 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-large-directories-lowercase.txt +56180 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-large-directories.txt +62290 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-large-extensions-lowercase.txt +2367 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-large-extensions.txt +2450 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-large-files-lowercase.txt +35323 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-large-files.txt +37037 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-large-words-lowercase.txt +107982 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-large-words.txt +119600 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-medium-directories-lowercase.txt +26593 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-medium-directories.txt +30009 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-medium-extensions-lowercase.txt +1233 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-medium-extensions.txt +1289 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-medium-files-lowercase.txt +16243 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-medium-files.txt +17128 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-medium-words-lowercase.txt +56293 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-medium-words.txt +63087 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-small-directories-lowercase.txt +17776 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-small-directories.txt +20122 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-small-extensions-lowercase.txt +914 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-small-extensions.txt +963 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-small-files-lowercase.txt +10848 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-small-files.txt +11424 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-small-words-lowercase.txt +38267 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-small-words.txt +43003 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/spanish.txt +445 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/test_demo.txt +36 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/upload_variants.txt +44 -0
- data/lib/itsi/server/config/known_paths/login-file-locations/Logins.txt +71 -0
- data/lib/itsi/server/config/known_paths/login-file-locations/cfm.txt +294 -0
- data/lib/itsi/server/config/known_paths/login-file-locations/html.txt +295 -0
- data/lib/itsi/server/config/known_paths/login-file-locations/jsp.txt +294 -0
- data/lib/itsi/server/config/known_paths/login-file-locations/php.txt +294 -0
- data/lib/itsi/server/config/known_paths/login-file-locations/windows-asp.txt +294 -0
- data/lib/itsi/server/config/known_paths/login-file-locations/windows-aspx.txt +294 -0
- data/lib/itsi/server/config/known_paths/password-file-locations/Passwords.txt +47 -0
- data/lib/itsi/server/config/known_paths/php/PHP.txt +30 -0
- data/lib/itsi/server/config/known_paths/php/PHP_CommonBackdoors.txt +5 -0
- data/lib/itsi/server/config/known_paths/proxy-conf.txt +31 -0
- data/lib/itsi/server/config/known_paths/tftp.txt +79 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/ADFS.txt +86 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/AdobeXML.txt +16 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/Apache.txt +101 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/ApacheTomcat.txt +47 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/Apache_Axis.txt +16 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/ColdFusion.txt +111 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/FatwireCMS.txt +390 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/Frontpage.txt +38 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/HP_System_Mgmt_Homepage.txt +239 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/HTTP_POST_Microsoft.txt +2 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/Hyperion.txt +578 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/IIS.txt +187 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/JBoss.txt +5 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/JRun.txt +13 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/JavaServlets_Common.txt +3 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/Joomla_exploitable.txt +1937 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/LotusNotes.txt +206 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/Netware.txt +18 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/Oracle9i.txt +60 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/OracleAppServer.txt +192 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/README.md +6 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/Ruby_Rails.txt +121 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/SAP.txt +463 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/Sharepoint.txt +1707 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/SiteMinder.txt +19 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/SunAppServerGlassfish.txt +51 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/SuniPlanet.txt +35 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/Vignette.txt +73 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/Weblogic.txt +160 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/Websphere.txt +366 -0
- data/lib/itsi/server/config/known_paths/wellknown-rfc5785.txt +30 -0
- data/lib/itsi/server/config/known_paths.rb +17 -0
- data/lib/itsi/server/config/middleware/_index.md +54 -0
- data/lib/itsi/server/config/middleware/log_requests.md +63 -0
- data/lib/itsi/server/config/middleware/log_requests.rb +33 -0
- data/lib/itsi/server/config/middleware.rb +9 -0
- data/lib/itsi/server/config/option.rb +9 -0
- data/lib/itsi/server/config/options/_index.md +36 -0
- data/lib/itsi/server/config/options/fiber_scheduler.md +35 -0
- data/lib/itsi/server/config/options/fiber_scheduler.rb +18 -0
- data/lib/itsi/server/config/options/threads.md +39 -0
- data/lib/itsi/server/config/options/threads.rb +17 -0
- data/lib/itsi/server/config/options/workers.md +43 -0
- data/lib/itsi/server/config/options/workers.rb +17 -0
- data/lib/itsi/server/config/typed_struct.rb +203 -0
- data/lib/itsi/server/config.rb +260 -0
- data/lib/itsi/server/default_app/default_app.rb +34 -0
- data/lib/itsi/server/default_app/index.html +115 -0
- data/lib/itsi/server/default_config/Itsi-rackup.rb +119 -0
- data/lib/itsi/server/default_config/Itsi.rb +107 -0
- data/lib/itsi/server/grpc/grpc_call.rb +246 -0
- data/lib/itsi/server/grpc/grpc_interface.rb +100 -0
- data/lib/itsi/server/grpc/reflection/v1/reflection_pb.rb +26 -0
- data/lib/itsi/server/grpc/reflection/v1/reflection_services_pb.rb +122 -0
- data/lib/itsi/server/rack/handler/itsi.rb +27 -0
- data/lib/itsi/server/rack_interface.rb +94 -0
- data/lib/itsi/server/route_tester.rb +107 -0
- data/lib/itsi/server/scheduler_interface.rb +21 -0
- data/lib/itsi/server/scheduler_mode.rb +10 -0
- data/lib/itsi/server/signal_trap.rb +33 -0
- data/lib/itsi/server/typed_handlers/param_parser.rb +200 -0
- data/lib/itsi/server/typed_handlers/source_parser.rb +55 -0
- data/lib/itsi/server/typed_handlers.rb +17 -0
- data/lib/itsi/server/version.rb +1 -1
- data/lib/itsi/server.rb +181 -9
- data/lib/itsi/standard_headers.rb +86 -0
- data/lib/ruby_lsp/itsi/addon.rb +127 -0
- data/lib/shell_completions/completions.rb +26 -0
- metadata +321 -28
- data/CHANGELOG.md +0 -5
- data/CODE_OF_CONDUCT.md +0 -132
- data/LICENSE.txt +0 -21
- data/ext/itsi_server/src/request/itsi_request.rs +0 -143
- data/ext/itsi_server/src/request/mod.rs +0 -1
- data/ext/itsi_server/src/server/bind.rs +0 -138
- data/ext/itsi_server/src/server/itsi_ca/itsi_ca.crt +0 -32
- data/ext/itsi_server/src/server/itsi_ca/itsi_ca.key +0 -52
- data/ext/itsi_server/src/server/itsi_server.rs +0 -182
- data/ext/itsi_server/src/server/listener.rs +0 -218
- data/ext/itsi_server/src/server/tls.rs +0 -138
- data/ext/itsi_server/src/server/transfer_protocol.rs +0 -23
- data/ext/itsi_server/src/stream_writer/mod.rs +0 -21
- data/lib/itsi/request.rb +0 -39
|
@@ -0,0 +1,338 @@
|
|
|
1
|
+
use super::{error_response::ErrorResponse, token_source::TokenSource, FromValue, MiddlewareLayer};
|
|
2
|
+
use crate::{
|
|
3
|
+
server::http_message_types::{HttpRequest, HttpResponse, RequestExt},
|
|
4
|
+
services::itsi_http_service::HttpRequestContext,
|
|
5
|
+
};
|
|
6
|
+
|
|
7
|
+
use async_trait::async_trait;
|
|
8
|
+
use base64::{engine::general_purpose, Engine};
|
|
9
|
+
use derive_more::Debug;
|
|
10
|
+
use either::Either;
|
|
11
|
+
use itsi_error::ItsiError;
|
|
12
|
+
use jsonwebtoken::{
|
|
13
|
+
decode, decode_header, Algorithm as JwtAlg, DecodingKey, TokenData, Validation,
|
|
14
|
+
};
|
|
15
|
+
use magnus::error::Result;
|
|
16
|
+
use serde::Deserialize;
|
|
17
|
+
use std::{
|
|
18
|
+
collections::{HashMap, HashSet},
|
|
19
|
+
sync::OnceLock,
|
|
20
|
+
};
|
|
21
|
+
use tracing::{debug, error};
|
|
22
|
+
|
|
23
|
+
#[derive(Debug, Clone, Deserialize)]
|
|
24
|
+
pub struct AuthJwt {
|
|
25
|
+
pub token_source: TokenSource,
|
|
26
|
+
// The verifiers map still holds base64-encoded key strings keyed by algorithm.
|
|
27
|
+
pub verifiers: HashMap<JwtAlgorithm, Vec<String>>,
|
|
28
|
+
// We now store jsonwebtoken’s DecodingKey in our OnceLock.
|
|
29
|
+
#[serde(skip_deserializing)]
|
|
30
|
+
#[debug(skip)]
|
|
31
|
+
pub keys: OnceLock<HashMap<JwtAlgorithm, Vec<DecodingKey>>>,
|
|
32
|
+
pub audiences: Option<HashSet<String>>,
|
|
33
|
+
pub subjects: Option<HashSet<String>>,
|
|
34
|
+
pub issuers: Option<HashSet<String>>,
|
|
35
|
+
pub leeway: Option<u64>,
|
|
36
|
+
#[serde(default = "unauthorized_error_response")]
|
|
37
|
+
pub error_response: ErrorResponse,
|
|
38
|
+
}
|
|
39
|
+
|
|
40
|
+
fn unauthorized_error_response() -> ErrorResponse {
|
|
41
|
+
ErrorResponse::unauthorized()
|
|
42
|
+
}
|
|
43
|
+
|
|
44
|
+
#[derive(Debug, Clone, Deserialize, PartialEq, Eq, Hash)]
|
|
45
|
+
pub enum JwtAlgorithm {
|
|
46
|
+
#[serde(rename(deserialize = "hs256"))]
|
|
47
|
+
Hs256,
|
|
48
|
+
#[serde(rename(deserialize = "hs384"))]
|
|
49
|
+
Hs384,
|
|
50
|
+
#[serde(rename(deserialize = "hs512"))]
|
|
51
|
+
Hs512,
|
|
52
|
+
#[serde(rename(deserialize = "rs256"))]
|
|
53
|
+
Rs256,
|
|
54
|
+
#[serde(rename(deserialize = "rs384"))]
|
|
55
|
+
Rs384,
|
|
56
|
+
#[serde(rename(deserialize = "rs512"))]
|
|
57
|
+
Rs512,
|
|
58
|
+
#[serde(rename(deserialize = "es256"))]
|
|
59
|
+
Es256,
|
|
60
|
+
#[serde(rename(deserialize = "es384"))]
|
|
61
|
+
Es384,
|
|
62
|
+
#[serde(rename(deserialize = "ps256"))]
|
|
63
|
+
Ps256,
|
|
64
|
+
#[serde(rename(deserialize = "ps384"))]
|
|
65
|
+
Ps384,
|
|
66
|
+
#[serde(rename(deserialize = "ps512"))]
|
|
67
|
+
Ps512,
|
|
68
|
+
}
|
|
69
|
+
|
|
70
|
+
// Allow conversion from jsonwebtoken’s Algorithm to our JwtAlgorithm.
|
|
71
|
+
impl From<JwtAlg> for JwtAlgorithm {
|
|
72
|
+
fn from(alg: JwtAlg) -> Self {
|
|
73
|
+
match alg {
|
|
74
|
+
JwtAlg::HS256 => JwtAlgorithm::Hs256,
|
|
75
|
+
JwtAlg::HS384 => JwtAlgorithm::Hs384,
|
|
76
|
+
JwtAlg::HS512 => JwtAlgorithm::Hs512,
|
|
77
|
+
JwtAlg::RS256 => JwtAlgorithm::Rs256,
|
|
78
|
+
JwtAlg::RS384 => JwtAlgorithm::Rs384,
|
|
79
|
+
JwtAlg::RS512 => JwtAlgorithm::Rs512,
|
|
80
|
+
JwtAlg::ES256 => JwtAlgorithm::Es256,
|
|
81
|
+
JwtAlg::ES384 => JwtAlgorithm::Es384,
|
|
82
|
+
JwtAlg::PS256 => JwtAlgorithm::Ps256,
|
|
83
|
+
JwtAlg::PS384 => JwtAlgorithm::Ps384,
|
|
84
|
+
JwtAlg::PS512 => JwtAlgorithm::Ps512,
|
|
85
|
+
_ => panic!("Unsupported algorithm"),
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
|
|
90
|
+
impl JwtAlgorithm {
|
|
91
|
+
/// Given a base64-encoded key string, decode and construct a jsonwebtoken::DecodingKey.
|
|
92
|
+
pub fn key_from(&self, base64: &str) -> itsi_error::Result<DecodingKey> {
|
|
93
|
+
match self {
|
|
94
|
+
// For HMAC algorithms, use the secret directly.
|
|
95
|
+
JwtAlgorithm::Hs256 | JwtAlgorithm::Hs384 | JwtAlgorithm::Hs512 => {
|
|
96
|
+
Ok(DecodingKey::from_secret(
|
|
97
|
+
&general_purpose::STANDARD
|
|
98
|
+
.decode(base64)
|
|
99
|
+
.map_err(ItsiError::new)?,
|
|
100
|
+
))
|
|
101
|
+
}
|
|
102
|
+
// For RSA (and PS) algorithms, expect a PEM-formatted key.
|
|
103
|
+
JwtAlgorithm::Rs256
|
|
104
|
+
| JwtAlgorithm::Rs384
|
|
105
|
+
| JwtAlgorithm::Rs512
|
|
106
|
+
| JwtAlgorithm::Ps256
|
|
107
|
+
| JwtAlgorithm::Ps384
|
|
108
|
+
| JwtAlgorithm::Ps512 => DecodingKey::from_rsa_pem(base64.trim_ascii().as_bytes())
|
|
109
|
+
.map_err(|e| ItsiError::new(e.to_string())),
|
|
110
|
+
// For ECDSA algorithms, expect a PEM-formatted key.
|
|
111
|
+
JwtAlgorithm::Es256 | JwtAlgorithm::Es384 => {
|
|
112
|
+
DecodingKey::from_ec_pem(base64.trim_ascii().as_bytes())
|
|
113
|
+
.map_err(|e| ItsiError::new(e.to_string()))
|
|
114
|
+
}
|
|
115
|
+
}
|
|
116
|
+
}
|
|
117
|
+
}
|
|
118
|
+
|
|
119
|
+
#[derive(Debug, Deserialize)]
|
|
120
|
+
#[serde(untagged)]
|
|
121
|
+
enum Audience {
|
|
122
|
+
Single(String),
|
|
123
|
+
Multiple(Vec<String>),
|
|
124
|
+
}
|
|
125
|
+
|
|
126
|
+
#[derive(Debug, Deserialize)]
|
|
127
|
+
struct Claims {
|
|
128
|
+
// Here we assume the token includes an expiration.
|
|
129
|
+
#[allow(dead_code)]
|
|
130
|
+
exp: usize,
|
|
131
|
+
// The audience claim may be a single string or an array.
|
|
132
|
+
aud: Option<Audience>,
|
|
133
|
+
sub: Option<String>,
|
|
134
|
+
iss: Option<String>,
|
|
135
|
+
}
|
|
136
|
+
|
|
137
|
+
#[async_trait]
|
|
138
|
+
impl MiddlewareLayer for AuthJwt {
|
|
139
|
+
async fn initialize(&self) -> Result<()> {
|
|
140
|
+
debug!(
|
|
141
|
+
target: "middleware::auth_jwt",
|
|
142
|
+
"Instantiating auth_jwt with {} verifiers", self.verifiers.len()
|
|
143
|
+
);
|
|
144
|
+
|
|
145
|
+
let keys: HashMap<JwtAlgorithm, Vec<DecodingKey>> = self
|
|
146
|
+
.verifiers
|
|
147
|
+
.iter()
|
|
148
|
+
.map(|(algorithm, key_strings)| {
|
|
149
|
+
let algo = algorithm.clone();
|
|
150
|
+
let keys: itsi_error::Result<Vec<DecodingKey>> = key_strings
|
|
151
|
+
.iter()
|
|
152
|
+
.map(|key_string| algorithm.key_from(key_string))
|
|
153
|
+
.inspect(|key_result| {
|
|
154
|
+
if key_result.is_err() {
|
|
155
|
+
debug!(
|
|
156
|
+
target: "middleware::auth_jwt",
|
|
157
|
+
"Failed to load key for algorithm {:?}", algorithm
|
|
158
|
+
)
|
|
159
|
+
} else {
|
|
160
|
+
debug!(
|
|
161
|
+
target: "middleware::auth_jwt",
|
|
162
|
+
"Loaded key for algorithm {:?}", algorithm
|
|
163
|
+
)
|
|
164
|
+
}
|
|
165
|
+
})
|
|
166
|
+
.collect();
|
|
167
|
+
keys.map(|keys| (algo, keys))
|
|
168
|
+
})
|
|
169
|
+
.collect::<itsi_error::Result<HashMap<JwtAlgorithm, Vec<DecodingKey>>>>()?;
|
|
170
|
+
|
|
171
|
+
self.keys
|
|
172
|
+
.set(keys)
|
|
173
|
+
.map_err(|_| ItsiError::new("Failed to set keys"))?;
|
|
174
|
+
Ok(())
|
|
175
|
+
}
|
|
176
|
+
|
|
177
|
+
async fn before(
|
|
178
|
+
&self,
|
|
179
|
+
req: HttpRequest,
|
|
180
|
+
_: &mut HttpRequestContext,
|
|
181
|
+
) -> Result<Either<HttpRequest, HttpResponse>> {
|
|
182
|
+
// Retrieve the JWT token from either a header or a query parameter.
|
|
183
|
+
let token_str = match &self.token_source {
|
|
184
|
+
TokenSource::Header { name, prefix } => {
|
|
185
|
+
debug!(
|
|
186
|
+
target: "middleware::auth_jwt",
|
|
187
|
+
"Extracting JWT from header: {}, prefix: {:?}",
|
|
188
|
+
name, prefix
|
|
189
|
+
);
|
|
190
|
+
if let Some(header) = req.header(name) {
|
|
191
|
+
if let Some(prefix) = prefix {
|
|
192
|
+
Some(header.strip_prefix(prefix).unwrap_or("").trim_ascii())
|
|
193
|
+
} else {
|
|
194
|
+
Some(header.trim_ascii())
|
|
195
|
+
}
|
|
196
|
+
} else {
|
|
197
|
+
None
|
|
198
|
+
}
|
|
199
|
+
}
|
|
200
|
+
TokenSource::Query(query_name) => {
|
|
201
|
+
debug!(
|
|
202
|
+
target: "middleware::auth_jwt",
|
|
203
|
+
"Extracting JWT from query parameter: {}",
|
|
204
|
+
query_name
|
|
205
|
+
);
|
|
206
|
+
req.query_param(query_name)
|
|
207
|
+
}
|
|
208
|
+
};
|
|
209
|
+
|
|
210
|
+
if token_str.is_none() {
|
|
211
|
+
debug!(
|
|
212
|
+
target: "middleware::auth_jwt",
|
|
213
|
+
"No JWT found in headers or query parameters"
|
|
214
|
+
);
|
|
215
|
+
return Ok(Either::Right(
|
|
216
|
+
self.error_response
|
|
217
|
+
.to_http_response(req.accept().into())
|
|
218
|
+
.await,
|
|
219
|
+
));
|
|
220
|
+
}
|
|
221
|
+
let token_str = token_str.unwrap();
|
|
222
|
+
let header =
|
|
223
|
+
decode_header(token_str).map_err(|_| ItsiError::new("Invalid token header"))?;
|
|
224
|
+
|
|
225
|
+
let alg: JwtAlgorithm = header.alg.into();
|
|
226
|
+
|
|
227
|
+
debug!(
|
|
228
|
+
target: "middleware::auth_jwt",
|
|
229
|
+
"Matched algorithm {:?}", alg
|
|
230
|
+
);
|
|
231
|
+
if !self.verifiers.contains_key(&alg) {
|
|
232
|
+
return Ok(Either::Right(
|
|
233
|
+
self.error_response
|
|
234
|
+
.to_http_response(req.accept().into())
|
|
235
|
+
.await,
|
|
236
|
+
));
|
|
237
|
+
}
|
|
238
|
+
let keys = self.keys.get().unwrap().get(&alg).unwrap();
|
|
239
|
+
|
|
240
|
+
// Build validation based on the algorithm and optional leeway.
|
|
241
|
+
let mut validation = Validation::new(match alg {
|
|
242
|
+
JwtAlgorithm::Hs256 => JwtAlg::HS256,
|
|
243
|
+
JwtAlgorithm::Hs384 => JwtAlg::HS384,
|
|
244
|
+
JwtAlgorithm::Hs512 => JwtAlg::HS512,
|
|
245
|
+
JwtAlgorithm::Rs256 => JwtAlg::RS256,
|
|
246
|
+
JwtAlgorithm::Rs384 => JwtAlg::RS384,
|
|
247
|
+
JwtAlgorithm::Rs512 => JwtAlg::RS512,
|
|
248
|
+
JwtAlgorithm::Es256 => JwtAlg::ES256,
|
|
249
|
+
JwtAlgorithm::Es384 => JwtAlg::ES384,
|
|
250
|
+
JwtAlgorithm::Ps256 => JwtAlg::PS256,
|
|
251
|
+
JwtAlgorithm::Ps384 => JwtAlg::PS384,
|
|
252
|
+
JwtAlgorithm::Ps512 => JwtAlg::PS512,
|
|
253
|
+
});
|
|
254
|
+
|
|
255
|
+
if let Some(leeway) = self.leeway {
|
|
256
|
+
validation.leeway = leeway;
|
|
257
|
+
}
|
|
258
|
+
|
|
259
|
+
let token_data: Option<TokenData<Claims>> =
|
|
260
|
+
keys.iter()
|
|
261
|
+
.find_map(|key| match decode::<Claims>(token_str, key, &validation) {
|
|
262
|
+
Ok(data) => Some(data),
|
|
263
|
+
Err(e) => {
|
|
264
|
+
error!("Token validation failed: {:?}", e);
|
|
265
|
+
None
|
|
266
|
+
}
|
|
267
|
+
});
|
|
268
|
+
|
|
269
|
+
let token_data = if let Some(data) = token_data {
|
|
270
|
+
data
|
|
271
|
+
} else {
|
|
272
|
+
return Ok(Either::Right(
|
|
273
|
+
self.error_response
|
|
274
|
+
.to_http_response(req.accept().into())
|
|
275
|
+
.await,
|
|
276
|
+
));
|
|
277
|
+
};
|
|
278
|
+
|
|
279
|
+
let claims = token_data.claims;
|
|
280
|
+
|
|
281
|
+
if let Some(expected_audiences) = &self.audiences {
|
|
282
|
+
if let Some(aud) = &claims.aud {
|
|
283
|
+
let token_auds: HashSet<String> = match aud {
|
|
284
|
+
Audience::Single(s) => [s.clone()].into_iter().collect(),
|
|
285
|
+
Audience::Multiple(v) => v.iter().cloned().collect(),
|
|
286
|
+
};
|
|
287
|
+
if expected_audiences.is_disjoint(&token_auds) {
|
|
288
|
+
debug!(
|
|
289
|
+
"AUD check failed, token_auds: {:?}, expected_audiences: {:?}",
|
|
290
|
+
token_auds, expected_audiences
|
|
291
|
+
);
|
|
292
|
+
return Ok(Either::Right(
|
|
293
|
+
self.error_response
|
|
294
|
+
.to_http_response(req.accept().into())
|
|
295
|
+
.await,
|
|
296
|
+
));
|
|
297
|
+
}
|
|
298
|
+
}
|
|
299
|
+
}
|
|
300
|
+
|
|
301
|
+
if let Some(expected_subjects) = &self.subjects {
|
|
302
|
+
if let Some(sub) = &claims.sub {
|
|
303
|
+
if !expected_subjects.contains(sub) {
|
|
304
|
+
debug!(
|
|
305
|
+
"SUB check failed, token_sub: {:?}, expected_subjects: {:?}",
|
|
306
|
+
sub, expected_subjects
|
|
307
|
+
);
|
|
308
|
+
return Ok(Either::Right(
|
|
309
|
+
self.error_response
|
|
310
|
+
.to_http_response(req.accept().into())
|
|
311
|
+
.await,
|
|
312
|
+
));
|
|
313
|
+
}
|
|
314
|
+
}
|
|
315
|
+
}
|
|
316
|
+
|
|
317
|
+
// Verify expected issuer.
|
|
318
|
+
if let Some(expected_issuers) = &self.issuers {
|
|
319
|
+
if let Some(iss) = &claims.iss {
|
|
320
|
+
if !expected_issuers.contains(iss) {
|
|
321
|
+
debug!(
|
|
322
|
+
"ISS check failed, token_iss: {:?}, expected_issuers: {:?}",
|
|
323
|
+
iss, expected_issuers
|
|
324
|
+
);
|
|
325
|
+
return Ok(Either::Right(
|
|
326
|
+
self.error_response
|
|
327
|
+
.to_http_response(req.accept().into())
|
|
328
|
+
.await,
|
|
329
|
+
));
|
|
330
|
+
}
|
|
331
|
+
}
|
|
332
|
+
}
|
|
333
|
+
|
|
334
|
+
Ok(Either::Left(req))
|
|
335
|
+
}
|
|
336
|
+
}
|
|
337
|
+
|
|
338
|
+
impl FromValue for AuthJwt {}
|
|
@@ -0,0 +1,142 @@
|
|
|
1
|
+
use crate::{
|
|
2
|
+
server::http_message_types::HttpResponse, services::itsi_http_service::HttpRequestContext,
|
|
3
|
+
};
|
|
4
|
+
|
|
5
|
+
use super::{FromValue, MiddlewareLayer};
|
|
6
|
+
use async_trait::async_trait;
|
|
7
|
+
use http::{HeaderName, HeaderValue};
|
|
8
|
+
use magnus::error::Result;
|
|
9
|
+
use serde::Deserialize;
|
|
10
|
+
use std::{collections::HashMap, sync::OnceLock};
|
|
11
|
+
|
|
12
|
+
#[derive(Debug, Clone, Deserialize)]
|
|
13
|
+
pub struct CacheControl {
|
|
14
|
+
#[serde(default)]
|
|
15
|
+
pub max_age: Option<u64>,
|
|
16
|
+
#[serde(default)]
|
|
17
|
+
pub s_max_age: Option<u64>,
|
|
18
|
+
#[serde(default)]
|
|
19
|
+
pub stale_while_revalidate: Option<u64>,
|
|
20
|
+
#[serde(default)]
|
|
21
|
+
pub stale_if_error: Option<u64>,
|
|
22
|
+
#[serde(default)]
|
|
23
|
+
pub public: bool,
|
|
24
|
+
#[serde(default)]
|
|
25
|
+
pub private: bool,
|
|
26
|
+
#[serde(default)]
|
|
27
|
+
pub no_cache: bool,
|
|
28
|
+
#[serde(default)]
|
|
29
|
+
pub no_store: bool,
|
|
30
|
+
#[serde(default)]
|
|
31
|
+
pub must_revalidate: bool,
|
|
32
|
+
#[serde(default)]
|
|
33
|
+
pub proxy_revalidate: bool,
|
|
34
|
+
#[serde(default)]
|
|
35
|
+
pub immutable: bool,
|
|
36
|
+
#[serde(default)]
|
|
37
|
+
pub vary: Vec<String>,
|
|
38
|
+
#[serde(default)]
|
|
39
|
+
pub additional_headers: HashMap<String, String>,
|
|
40
|
+
#[serde(skip_deserializing)]
|
|
41
|
+
pub cache_control_str: OnceLock<String>,
|
|
42
|
+
}
|
|
43
|
+
|
|
44
|
+
#[async_trait]
|
|
45
|
+
impl MiddlewareLayer for CacheControl {
|
|
46
|
+
async fn initialize(&self) -> Result<()> {
|
|
47
|
+
let mut directives = Vec::new();
|
|
48
|
+
|
|
49
|
+
if self.public && !self.private {
|
|
50
|
+
directives.push("public".to_owned());
|
|
51
|
+
} else if self.private && !self.public {
|
|
52
|
+
directives.push("private".to_owned());
|
|
53
|
+
}
|
|
54
|
+
if self.no_cache {
|
|
55
|
+
directives.push("no-cache".to_owned());
|
|
56
|
+
}
|
|
57
|
+
if self.no_store {
|
|
58
|
+
directives.push("no-store".to_owned());
|
|
59
|
+
}
|
|
60
|
+
if self.must_revalidate {
|
|
61
|
+
directives.push("must-revalidate".to_owned());
|
|
62
|
+
}
|
|
63
|
+
if self.proxy_revalidate {
|
|
64
|
+
directives.push("proxy-revalidate".to_owned());
|
|
65
|
+
}
|
|
66
|
+
if self.immutable {
|
|
67
|
+
directives.push("immutable".to_owned());
|
|
68
|
+
}
|
|
69
|
+
|
|
70
|
+
// Add age parameters
|
|
71
|
+
if let Some(max_age) = self.max_age {
|
|
72
|
+
directives.push(format!("max-age={}", max_age));
|
|
73
|
+
}
|
|
74
|
+
|
|
75
|
+
if let Some(s_max_age) = self.s_max_age {
|
|
76
|
+
directives.push(format!("s-maxage={}", s_max_age));
|
|
77
|
+
}
|
|
78
|
+
|
|
79
|
+
if let Some(stale_while_revalidate) = self.stale_while_revalidate {
|
|
80
|
+
directives.push(format!("stale-while-revalidate={}", stale_while_revalidate));
|
|
81
|
+
}
|
|
82
|
+
|
|
83
|
+
if let Some(stale_if_error) = self.stale_if_error {
|
|
84
|
+
directives.push(format!("stale-if-error={}", stale_if_error));
|
|
85
|
+
}
|
|
86
|
+
|
|
87
|
+
// Set the Cache-Control header if we have directives
|
|
88
|
+
if !directives.is_empty() {
|
|
89
|
+
let cache_control_value = directives.join(", ");
|
|
90
|
+
self.cache_control_str.set(cache_control_value).unwrap();
|
|
91
|
+
}
|
|
92
|
+
|
|
93
|
+
Ok(())
|
|
94
|
+
}
|
|
95
|
+
|
|
96
|
+
async fn after(&self, mut resp: HttpResponse, _: &mut HttpRequestContext) -> HttpResponse {
|
|
97
|
+
// Skip for statuses where caching doesn't make sense
|
|
98
|
+
let status = resp.status().as_u16();
|
|
99
|
+
if matches!(status, 401 | 403 | 500..=599) {
|
|
100
|
+
return resp;
|
|
101
|
+
}
|
|
102
|
+
|
|
103
|
+
// Set the Cache-Control header if we have directives
|
|
104
|
+
if let Some(cache_control_value) = self.cache_control_str.get() {
|
|
105
|
+
if let Ok(value) = HeaderValue::from_str(cache_control_value) {
|
|
106
|
+
resp.headers_mut().insert("Cache-Control", value);
|
|
107
|
+
}
|
|
108
|
+
}
|
|
109
|
+
|
|
110
|
+
// Set Expires header based on max-age if present
|
|
111
|
+
if let Some(max_age) = self.max_age {
|
|
112
|
+
// Set the Expires header based on max-age
|
|
113
|
+
// Use a helper to format the HTTP date correctly
|
|
114
|
+
let expires = chrono::Utc::now() + chrono::Duration::seconds(max_age as i64);
|
|
115
|
+
let expires_str = expires.format("%a, %d %b %Y %H:%M:%S GMT").to_string();
|
|
116
|
+
if let Ok(value) = HeaderValue::from_str(&expires_str) {
|
|
117
|
+
resp.headers_mut().insert("Expires", value);
|
|
118
|
+
}
|
|
119
|
+
}
|
|
120
|
+
|
|
121
|
+
// Set Vary header
|
|
122
|
+
if !self.vary.is_empty() {
|
|
123
|
+
let vary_value = self.vary.join(", ");
|
|
124
|
+
if let Ok(value) = HeaderValue::from_str(&vary_value) {
|
|
125
|
+
resp.headers_mut().insert("Vary", value);
|
|
126
|
+
}
|
|
127
|
+
}
|
|
128
|
+
|
|
129
|
+
// Set additional custom headers
|
|
130
|
+
for (name, value) in &self.additional_headers {
|
|
131
|
+
if let Ok(header_value) = HeaderValue::from_str(value) {
|
|
132
|
+
if let Ok(header_name) = name.parse::<HeaderName>() {
|
|
133
|
+
resp.headers_mut().insert(header_name, header_value);
|
|
134
|
+
}
|
|
135
|
+
}
|
|
136
|
+
}
|
|
137
|
+
|
|
138
|
+
resp
|
|
139
|
+
}
|
|
140
|
+
}
|
|
141
|
+
|
|
142
|
+
impl FromValue for CacheControl {}
|