RubyGems - itsi-server - Versions diffs - 0.1.1 → 0.2.2 - Mend

itsi-server 0.1.1 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (457) hide show

data/ext/itsi_server/src/server/middleware_stack/middlewares/compression.rs ADDED Viewed

@@ -0,0 +1,316 @@
+use crate::{
+    server::http_message_types::HttpResponse, services::itsi_http_service::HttpRequestContext,
+};
+use super::{
+    header_interpretation::{find_first_supported, header_contains},
+    FromValue, MiddlewareLayer,
+};
+use async_compression::{
+    tokio::bufread::{BrotliEncoder, DeflateEncoder, GzipEncoder, ZstdEncoder},
+    Level,
+};
+use async_trait::async_trait;
+use bytes::{Bytes, BytesMut};
+use futures::TryStreamExt;
+use http::{
+    header::{GetAll, CONTENT_ENCODING, CONTENT_LENGTH, CONTENT_TYPE},
+    HeaderValue, Response,
+};
+use http_body_util::{combinators::BoxBody, BodyExt, Full, StreamBody};
+use hyper::body::{Body, Frame};
+use serde::{Deserialize, Serialize};
+use std::convert::Infallible;
+use tokio::io::{AsyncRead, AsyncReadExt, BufReader};
+use tokio_stream::StreamExt;
+use tokio_util::io::{ReaderStream, StreamReader};
+use tracing::debug;
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct Compression {
+    min_size: usize,
+    algorithms: Vec<CompressionAlgorithm>,
+    compress_streams: bool,
+    mime_types: Vec<MimeType>,
+    level: CompressionLevel,
+}
+#[derive(Debug, Clone, Serialize, Deserialize)]
+enum CompressionLevel {
+    #[serde(rename(deserialize = "fastest"))]
+    Fastest,
+    #[serde(rename(deserialize = "best"))]
+    Best,
+    #[serde(rename(deserialize = "balanced"))]
+    Balanced,
+    #[serde(rename(deserialize = "precise"))]
+    Precise(i32),
+}
+impl CompressionLevel {
+    fn to_async_compression_level(&self) -> Level {
+        match self {
+            CompressionLevel::Fastest => Level::Fastest,
+            CompressionLevel::Best => Level::Best,
+            CompressionLevel::Balanced => Level::Default,
+            CompressionLevel::Precise(level) => Level::Precise(*level),
+        }
+    }
+}
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, PartialOrd, Eq, Ord)]
+pub enum CompressionAlgorithm {
+    #[serde(rename(deserialize = "gzip"))]
+    Gzip,
+    #[serde(rename(deserialize = "br"))]
+    Brotli,
+    #[serde(rename(deserialize = "deflate"))]
+    Deflate,
+    #[serde(rename(deserialize = "zstd"))]
+    Zstd,
+    #[serde(rename(deserialize = "identity"))]
+    Identity,
+}
+impl CompressionAlgorithm {
+    pub fn as_str(&self) -> &'static str {
+        match self {
+            CompressionAlgorithm::Gzip => "gzip",
+            CompressionAlgorithm::Brotli => "br",
+            CompressionAlgorithm::Deflate => "deflate",
+            CompressionAlgorithm::Zstd => "zstd",
+            CompressionAlgorithm::Identity => "identity",
+        }
+    }
+    pub fn header_value(&self) -> HeaderValue {
+        HeaderValue::from_str(self.as_str()).unwrap()
+    }
+}
+#[derive(Debug, Clone, Serialize, Deserialize)]
+enum MimeType {
+    #[serde(rename(deserialize = "text"))]
+    Text,
+    #[serde(rename(deserialize = "image"))]
+    Image,
+    #[serde(rename(deserialize = "application"))]
+    Application,
+    #[serde(rename(deserialize = "audio"))]
+    Audio,
+    #[serde(rename(deserialize = "video"))]
+    Video,
+    #[serde(rename(deserialize = "font"))]
+    Font,
+    #[serde(rename(deserialize = "other"))]
+    Other(String),
+    #[serde(rename(deserialize = "all"))]
+    All,
+}
+impl MimeType {
+    pub fn matches(&self, content_encodings: &GetAll<HeaderValue>) -> bool {
+        match self {
+            MimeType::Text => header_contains(content_encodings, "text/*"),
+            MimeType::Image => header_contains(content_encodings, "image/*"),
+            MimeType::Application => header_contains(content_encodings, "application/*"),
+            MimeType::Audio => header_contains(content_encodings, "audio/*"),
+            MimeType::Video => header_contains(content_encodings, "video/*"),
+            MimeType::Font => header_contains(content_encodings, "font/*"),
+            MimeType::Other(v) => header_contains(content_encodings, v),
+            MimeType::All => header_contains(content_encodings, "*"),
+        }
+    }
+}
+fn stream_encode<R>(encoder: R) -> BoxBody<Bytes, Infallible>
+where
+    R: AsyncRead + Unpin + Sync + Send + 'static,
+{
+    let encoded_stream = ReaderStream::new(encoder).map(|res| {
+        res.map(Frame::data)
+            .map_err(|_| -> Infallible { unreachable!("We handle IO errors above") })
+    });
+    BoxBody::new(StreamBody::new(encoded_stream))
+}
+fn update_content_encoding(parts: &mut http::response::Parts, new_encoding: HeaderValue) {
+    if let Some(existing) = parts.headers.get(CONTENT_ENCODING) {
+        let mut encodings = existing.to_str().unwrap_or("").to_owned();
+        if !encodings.is_empty() {
+            encodings.push_str(", ");
+        }
+        encodings.push_str(new_encoding.to_str().unwrap());
+        parts
+            .headers
+            .insert(CONTENT_ENCODING, HeaderValue::from_str(&encodings).unwrap());
+    } else {
+        parts.headers.insert(CONTENT_ENCODING, new_encoding);
+    }
+}
+#[async_trait]
+impl MiddlewareLayer for Compression {
+    /// We'll apply compression on the response, where appropriate.
+    /// This is if:
+    /// * The response body is larger than the minimum size.
+    /// * The response content type is supported.
+    /// * The client supports the compression algorithm.
+    async fn after(&self, resp: HttpResponse, context: &mut HttpRequestContext) -> HttpResponse {
+        let body_size = resp.size_hint().exact();
+        let resp = resp;
+        // Don't compress if it's not an explicitly listed compressable type
+        if !self
+            .mime_types
+            .iter()
+            .any(|mt| mt.matches(&resp.headers().get_all(CONTENT_TYPE)))
+        {
+            debug!(
+                target: "middleware::compress",
+                "Mime type not supported for compression"
+            );
+            return resp;
+        }
+        // Don't compress streams unless compress streams is enabled.
+        if body_size.is_none() && !self.compress_streams {
+            debug!(
+                target: "middleware::compress",
+                "Stream compression disabled"
+            );
+            return resp;
+        }
+        // Don't compress too small bodies
+        if body_size.is_some_and(|s| s < self.min_size as u64) {
+            debug!(
+                target: "middleware::compress",
+                "Body size too small for compression"
+            );
+            return resp;
+        }
+        // Don't recompress if we're already compressed in a supported format
+        for existing_encoding in resp.headers().get_all(CONTENT_ENCODING) {
+            if let Ok(encodings) = existing_encoding.to_str() {
+                for encoding in encodings.split(',').map(str::trim) {
+                    let encoding = encoding.split(';').next().unwrap_or(encoding).trim();
+                    if self.algorithms.iter().any(|algo| algo.as_str() == encoding) {
+                        debug!(
+                            target: "middleware::compress",
+                            "Body already compressed with supported algorithm"
+                        );
+                        return resp;
+                    }
+                }
+            }
+        }
+        let compression_method = match find_first_supported(
+            &context.supported_encoding_set,
+            self.algorithms.iter().map(|algo| algo.as_str()),
+        ) {
+            Some("gzip") => CompressionAlgorithm::Gzip,
+            Some("br") => CompressionAlgorithm::Brotli,
+            Some("deflate") => CompressionAlgorithm::Deflate,
+            Some("zstd") => CompressionAlgorithm::Zstd,
+            _ => CompressionAlgorithm::Identity,
+        };
+        debug!(
+            target: "middleware::compress",
+            "Selected compression method: {:?}", compression_method
+        );
+        if matches!(compression_method, CompressionAlgorithm::Identity) {
+            return resp;
+        }
+        let (mut parts, body) = resp.into_parts();
+        let new_body = if let Some(_size) = body_size {
+            let full_bytes: Bytes = body
+                .into_data_stream()
+                .try_fold(BytesMut::new(), |mut acc, chunk| async move {
+                    acc.extend_from_slice(&chunk);
+                    Ok(acc)
+                })
+                .await
+                .unwrap()
+                .freeze();
+            let cursor = std::io::Cursor::new(full_bytes);
+            let reader = BufReader::new(cursor);
+            let compressed_bytes = match compression_method {
+                CompressionAlgorithm::Gzip => {
+                    let mut encoder =
+                        GzipEncoder::with_quality(reader, self.level.to_async_compression_level());
+                    let mut buf = Vec::new();
+                    encoder.read_to_end(&mut buf).await.unwrap();
+                    buf
+                }
+                CompressionAlgorithm::Brotli => {
+                    let mut encoder = BrotliEncoder::with_quality(
+                        reader,
+                        self.level.to_async_compression_level(),
+                    );
+                    let mut buf = Vec::new();
+                    encoder.read_to_end(&mut buf).await.unwrap();
+                    buf
+                }
+                CompressionAlgorithm::Deflate => {
+                    let mut encoder = DeflateEncoder::with_quality(
+                        reader,
+                        self.level.to_async_compression_level(),
+                    );
+                    let mut buf = Vec::new();
+                    encoder.read_to_end(&mut buf).await.unwrap();
+                    buf
+                }
+                CompressionAlgorithm::Zstd => {
+                    let mut encoder =
+                        ZstdEncoder::with_quality(reader, self.level.to_async_compression_level());
+                    let mut buf = Vec::new();
+                    encoder.read_to_end(&mut buf).await.unwrap();
+                    buf
+                }
+                CompressionAlgorithm::Identity => unreachable!(),
+            };
+            BoxBody::new(Full::new(Bytes::from(compressed_bytes)))
+        } else {
+            let stream = body
+                .into_data_stream()
+                .map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, e));
+            let async_read_fut = StreamReader::new(stream);
+            let reader = BufReader::new(async_read_fut);
+            match compression_method {
+                CompressionAlgorithm::Gzip => stream_encode(GzipEncoder::with_quality(
+                    reader,
+                    self.level.to_async_compression_level(),
+                )),
+                CompressionAlgorithm::Brotli => stream_encode(BrotliEncoder::with_quality(
+                    reader,
+                    self.level.to_async_compression_level(),
+                )),
+                CompressionAlgorithm::Deflate => stream_encode(DeflateEncoder::with_quality(
+                    reader,
+                    self.level.to_async_compression_level(),
+                )),
+                CompressionAlgorithm::Zstd => stream_encode(ZstdEncoder::with_quality(
+                    reader,
+                    self.level.to_async_compression_level(),
+                )),
+                CompressionAlgorithm::Identity => unreachable!(),
+            }
+        };
+        update_content_encoding(&mut parts, compression_method.header_value());
+        parts.headers.remove(CONTENT_LENGTH);
+        debug!(
+            target: "middleware::compress",
+            "Response compressed"
+        );
+        Response::from_parts(parts, new_body)
+    }
+}
+impl FromValue for Compression {}

data/ext/itsi_server/src/server/middleware_stack/middlewares/cors.rs ADDED Viewed

@@ -0,0 +1,301 @@
+use super::{FromValue, MiddlewareLayer};
+use crate::{
+    server::http_message_types::{HttpRequest, HttpResponse, RequestExt},
+    services::itsi_http_service::HttpRequestContext,
+};
+use async_trait::async_trait;
+use http::{HeaderMap, Method, Response};
+use http_body_util::{combinators::BoxBody, Empty};
+use itsi_error::ItsiError;
+use magnus::error::Result;
+use serde::Deserialize;
+use tracing::debug;
+#[derive(Debug, Clone, Deserialize)]
+pub struct Cors {
+    pub allow_origins: Vec<String>,
+    pub allow_methods: Vec<HttpMethod>,
+    pub allow_headers: Vec<String>,
+    pub allow_credentials: bool,
+    pub expose_headers: Vec<String>,
+    pub max_age: Option<u64>,
+}
+#[derive(Debug, Clone, Deserialize)]
+pub enum HttpMethod {
+    #[serde(rename(deserialize = "GET"))]
+    Get,
+    #[serde(rename(deserialize = "POST"))]
+    Post,
+    #[serde(rename(deserialize = "PUT"))]
+    Put,
+    #[serde(rename(deserialize = "DELETE"))]
+    Delete,
+    #[serde(rename(deserialize = "OPTIONS"))]
+    Options,
+    #[serde(rename(deserialize = "HEAD"))]
+    Head,
+    #[serde(rename(deserialize = "PATCH"))]
+    Patch,
+}
+impl HttpMethod {
+    pub fn matches(&self, other: &str) -> bool {
+        match self {
+            HttpMethod::Get => other.eq_ignore_ascii_case("GET"),
+            HttpMethod::Post => other.eq_ignore_ascii_case("POST"),
+            HttpMethod::Put => other.eq_ignore_ascii_case("PUT"),
+            HttpMethod::Delete => other.eq_ignore_ascii_case("DELETE"),
+            HttpMethod::Options => other.eq_ignore_ascii_case("OPTIONS"),
+            HttpMethod::Head => other.eq_ignore_ascii_case("HEAD"),
+            HttpMethod::Patch => other.eq_ignore_ascii_case("PATCH"),
+        }
+    }
+    pub fn to_str(&self) -> &str {
+        match self {
+            HttpMethod::Get => "GET",
+            HttpMethod::Post => "POST",
+            HttpMethod::Put => "PUT",
+            HttpMethod::Delete => "DELETE",
+            HttpMethod::Options => "OPTIONS",
+            HttpMethod::Head => "HEAD",
+            HttpMethod::Patch => "PATCH",
+        }
+    }
+}
+impl Cors {
+    /// Generate the simple CORS headers (used in normal responses)
+    fn cors_headers(&self, origin: &str) -> Result<HeaderMap> {
+        let mut headers = HeaderMap::new();
+        headers.insert("Vary", "Origin".parse().map_err(ItsiError::new)?);
+        if origin.is_empty() {
+            // When credentials are allowed, you cannot return "*".
+            debug!(target: "middleware::cors", "Origin empty {}", origin);
+            if !self.allow_credentials {
+                headers.insert(
+                    "Access-Control-Allow-Origin",
+                    "*".parse().map_err(ItsiError::new)?,
+                );
+            }
+            return Ok(headers);
+        }
+        // Only return a header if the origin is allowed.
+        if self.allow_origins.iter().any(|o| o == origin || o == "*") {
+            // If credentials are allowed, we must echo back the exact origin.
+            let value = if self.allow_credentials {
+                origin
+            } else {
+                // If not, and if "*" is allowed, you can still use "*".
+                if self.allow_origins.iter().any(|o| o == "*") {
+                    "*"
+                } else {
+                    origin
+                }
+            };
+            headers.insert(
+                "Access-Control-Allow-Origin",
+                value.parse().map_err(ItsiError::new)?,
+            );
+        }
+        if !self.allow_methods.is_empty() {
+            headers.insert(
+                "Access-Control-Allow-Methods",
+                self.allow_methods
+                    .iter()
+                    .map(HttpMethod::to_str)
+                    .collect::<Vec<&str>>()
+                    .join(", ")
+                    .parse()
+                    .map_err(ItsiError::new)?,
+            );
+        }
+        if !self.allow_headers.is_empty() {
+            headers.insert(
+                "Access-Control-Allow-Headers",
+                self.allow_headers
+                    .join(", ")
+                    .parse()
+                    .map_err(ItsiError::new)?,
+            );
+        }
+        if self.allow_credentials {
+            headers.insert(
+                "Access-Control-Allow-Credentials",
+                "true".parse().map_err(ItsiError::new)?,
+            );
+        }
+        if let Some(max_age) = self.max_age {
+            headers.insert(
+                "Access-Control-Max-Age",
+                max_age.to_string().parse().map_err(ItsiError::new)?,
+            );
+        }
+        if !self.expose_headers.is_empty() {
+            headers.insert(
+                "Access-Control-Expose-Headers",
+                self.expose_headers
+                    .join(", ")
+                    .parse()
+                    .map_err(ItsiError::new)?,
+            );
+        }
+        Ok(headers)
+    }
+    fn preflight_headers(
+        &self,
+        origin: Option<&str>,
+        req_method: Option<&str>,
+        req_headers: Option<&str>,
+    ) -> Result<HeaderMap> {
+        let mut headers = HeaderMap::new();
+        headers.insert("Vary", "Origin".parse().map_err(ItsiError::new)?);
+        let origin = match origin {
+            Some(o) if !o.is_empty() => o,
+            _ => {
+                debug!(target: "middleware::cors", "Missing Origin – preflight fails");
+                return Ok(headers);
+            }
+        };
+        if !self
+            .allow_origins
+            .iter()
+            .any(|allowed| allowed == "*" || allowed == origin)
+        {
+            debug!(target: "middleware::cors", "Origin not allowed");
+            return Ok(headers);
+        }
+        let request_method = match req_method {
+            Some(m) if !m.is_empty() => m,
+            _ => {
+                debug!(target: "middleware::cors", "Missing request method – preflight fails");
+                return Ok(headers);
+            }
+        };
+        if !self.allow_methods.iter().any(|m| m.matches(request_method)) {
+            debug!(target: "middleware::cors", "Method not allowed");
+            return Ok(headers);
+        }
+        if let Some(request_headers) = req_headers {
+            let req_headers_list: Vec<&str> = request_headers
+                .split(',')
+                .map(|s| s.trim())
+                .filter(|s| !s.is_empty())
+                .collect();
+            for header in req_headers_list {
+                if !self
+                    .allow_headers
+                    .iter()
+                    .any(|allowed| allowed.eq_ignore_ascii_case(header))
+                {
+                    debug!(target: "middleware::cors", "Header not allowed {}", header);
+                    return Ok(headers);
+                }
+            }
+        }
+        headers.insert("Access-Control-Allow-Origin", origin.parse().unwrap());
+        headers.insert(
+            "Access-Control-Allow-Methods",
+            self.allow_methods
+                .iter()
+                .map(HttpMethod::to_str)
+                .collect::<Vec<&str>>()
+                .join(", ")
+                .parse()
+                .map_err(ItsiError::new)?,
+        );
+        headers.insert(
+            "Access-Control-Allow-Headers",
+            self.allow_headers
+                .join(", ")
+                .parse()
+                .map_err(ItsiError::new)?,
+        );
+        if self.allow_credentials {
+            headers.insert(
+                "Access-Control-Allow-Credentials",
+                "true".parse().map_err(ItsiError::new)?,
+            );
+        }
+        if let Some(max_age) = self.max_age {
+            headers.insert(
+                "Access-Control-Max-Age",
+                max_age.to_string().parse().map_err(ItsiError::new)?,
+            );
+        }
+        if !self.expose_headers.is_empty() {
+            headers.insert(
+                "Access-Control-Expose-Headers",
+                self.expose_headers
+                    .join(", ")
+                    .parse()
+                    .map_err(ItsiError::new)?,
+            );
+        }
+        Ok(headers)
+    }
+}
+#[async_trait]
+impl MiddlewareLayer for Cors {
+    // For OPTIONS (preflight) requests we:
+    // 1. Extract Origin, Access-Control-Request-Method, and Access-Control-Request-Headers.
+    // 2. Validate them using our hardened preflight_headers function.
+    // 3. If validations pass (i.e. headers is non-empty), return a 204 response with those headers.
+    // Otherwise, the absence of headers indicates the request doesn’t meet the CORS policy.
+    async fn before(
+        &self,
+        req: HttpRequest,
+        context: &mut HttpRequestContext,
+    ) -> Result<either::Either<HttpRequest, HttpResponse>> {
+        let origin = req.header("Origin");
+        debug!(target: "middleware::cors", "Origin: {:?}", origin);
+        if req.method() == Method::OPTIONS {
+            let ac_request_method = req.header("Access-Control-Request-Method");
+            let ac_request_headers = req.header("Access-Control-Request-Headers");
+            let headers = self.preflight_headers(origin, ac_request_method, ac_request_headers)?;
+            debug!(target: "middleware::cors", "Preflight Headers: {:?}", headers);
+            let mut response_builder = Response::builder().status(204);
+            *response_builder.headers_mut().unwrap() = headers;
+            let response = response_builder
+                .body(BoxBody::new(Empty::new()))
+                .map_err(ItsiError::new)?;
+            return Ok(either::Either::Right(response));
+        }
+        context.set_origin(origin.map(|s| s.to_string()));
+        Ok(either::Either::Left(req))
+    }
+    async fn after(
+        &self,
+        mut resp: HttpResponse,
+        context: &mut HttpRequestContext,
+    ) -> HttpResponse {
+        if let Some(Some(origin)) = context.origin.get() {
+            debug!(target: "middleware::cors", "fetching cors headers for origin {}", origin);
+            if let Ok(cors_headers) = self.cors_headers(origin) {
+                debug!(target: "middleware::cors", "Cors Headers: {:?}", cors_headers);
+                for (key, value) in cors_headers.iter() {
+                    resp.headers_mut().insert(key.clone(), value.clone());
+                }
+            }
+        }
+        resp
+    }
+}
+impl FromValue for Cors {}