itsi-server 0.1.1

data/ext/itsi_server/src/server/bind.rs

@@ -0,0 +1,138 @@
+use super::{tls::configure_tls, transfer_protocol::TransferProtocol};
+use itsi_error::ItsiError;
+use std::{
+    collections::HashMap,
+    net::{IpAddr, Ipv4Addr, Ipv6Addr, ToSocketAddrs},
+    path::PathBuf,
+    str::FromStr,
+};
+use tokio_rustls::rustls::ServerConfig;
+
+// Support binding to either IP or Unix Socket
+#[derive(Debug, Clone)]
+pub enum BindAddress {
+    Ip(IpAddr),
+    UnixSocket(PathBuf),
+}
+
+impl Default for BindAddress {
+    fn default() -> Self {
+        BindAddress::Ip(IpAddr::V4(Ipv4Addr::UNSPECIFIED))
+    }
+}
+
+#[derive(Debug, Default, Clone)]
+#[magnus::wrap(class = "Itsi::Bind")]
+pub struct Bind {
+    pub address: BindAddress,
+    pub port: Option<u16>, // None for Unix Sockets
+    pub protocol: TransferProtocol,
+    pub tls_config: Option<ServerConfig>,
+}
+
+impl FromStr for Bind {
+    type Err = ItsiError;
+
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        let (protocol, remainder) = if let Some((proto, rest)) = s.split_once("://") {
+            (proto.parse::<TransferProtocol>()?, rest)
+        } else {
+            (TransferProtocol::Https, s)
+        };
+
+        let (url, options) = if let Some((base, options)) = remainder.split_once('?') {
+            (base, parse_bind_options(options))
+        } else {
+            (remainder, HashMap::new())
+        };
+
+        let (host, port) = if url.starts_with('[') {
+            // IPv6 with brackets `[::]:port`
+            if let Some(end) = url.find(']') {
+                let host = &url[1..end]; // Extract `::`
+                let port = url[end + 1..]
+                    .strip_prefix(':')
+                    .and_then(|p| p.parse().ok());
+                (host, port)
+            } else {
+                return Err(ItsiError::InvalidInput(
+                    "Invalid IPv6 address format".to_owned(),
+                ));
+            }
+        } else if let Some((h, p)) = url.rsplit_once(':') {
+            // Check if `h` is an IPv6 address before assuming it's a port
+            if h.contains('.') || h.parse::<Ipv4Addr>().is_ok() {
+                (h, p.parse::<u16>().ok()) // IPv4 case
+            } else if h.parse::<Ipv6Addr>().is_ok() {
+                // If it's IPv6, require brackets for port
+                return Err(ItsiError::InvalidInput(
+                    "IPv6 addresses must use [ ] when specifying a port".to_owned(),
+                ));
+            } else {
+                (h, None) // Treat as a hostname
+            }
+        } else {
+            (url, None)
+        };
+
+        let address = if let Ok(ip) = host.parse::<IpAddr>() {
+            BindAddress::Ip(ip)
+        } else {
+            resolve_hostname(host)
+                .map(BindAddress::Ip)
+                .unwrap_or(BindAddress::Ip(IpAddr::V4(Ipv4Addr::UNSPECIFIED)))
+        };
+        let (port, address) = match protocol {
+            TransferProtocol::Http => (port.or(Some(80)), address),
+            TransferProtocol::Https => (port.or(Some(443)), address),
+            TransferProtocol::Unix => (None, BindAddress::UnixSocket(host.into())),
+        };
+
+        let tls_config = if let TransferProtocol::Http = protocol {
+            None
+        } else if let TransferProtocol::Https = protocol {
+            Some(configure_tls(host, &options)?)
+        } else if options.contains_key("cert") {
+            Some(configure_tls(host, &options)?)
+        } else {
+            None
+        };
+
+        Ok(Self {
+            address,
+            port,
+            protocol,
+            tls_config,
+        })
+    }
+}
+
+fn parse_bind_options(query: &str) -> HashMap<String, String> {
+    query
+        .split('&')
+        .filter_map(|pair| pair.split_once('='))
+        .map(|(k, v)| (k.to_owned(), v.to_owned()))
+        .collect()
+}
+
+/// Attempts to resolve a hostname into an IP address.
+fn resolve_hostname(hostname: &str) -> Option<IpAddr> {
+    (hostname, 0)
+        .to_socket_addrs()
+        .ok()?
+        .filter_map(|addr| {
+            if addr.is_ipv6() {
+                Some(addr.ip()) // Prefer IPv6
+            } else {
+                None
+            }
+        })
+        .next()
+        .or_else(|| {
+            (hostname, 0)
+                .to_socket_addrs()
+                .ok()?
+                .map(|addr| addr.ip())
+                .next()
+        }) // Fallback to IPv4
+}

data/ext/itsi_server/src/server/itsi_ca/itsi_ca.crt

@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFgTCCA2mgAwIBAgIUe316+G3qdkcWtRxYKlNBEAEenzAwDQYJKoZIhvcNAQEL
+BQAwUDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBEl0c2kxDTALBgNVBAcMBEl0c2kx
+EDAOBgNVBAoMB0l0c2kgQ0ExETAPBgNVBAMMCGl0c2kuZnlpMB4XDTI1MDIyODAy
+NTkyNVoXDTM1MDIyNjAyNTkyNVowUDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBEl0
+c2kxDTALBgNVBAcMBEl0c2kxEDAOBgNVBAoMB0l0c2kgQ0ExETAPBgNVBAMMCGl0
+c2kuZnlpMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzKAK2RIvnATa
+pOxNYubaGjOx8z4thxwWM/KxMqI8gABmgRFTa99n1vrTenlfdX4PcoRyCXEJ3krh
+nPsRmP1nnUS1BEIX4Ha9xVPIy0UoP0JN1a4kVInejZe2ZTcpRv8k2KlkafIw0ISt
+/hSoopNV2SESCMDxx2e3F9d4wzHmkfs2+6k+12TTYkkifXaXgSOXm91a5ABqTfa8
+wS6td/zmwv6W5RNBU3kS3TsqoKjc0xdu25aifJ40i/+82b5OOWhWt+psSPlTZb+Y
+5elMhlh8Hjs52S3u48wz5joPsBi9r4yLYGhgB+AiW+b+y0uss7EiTQR24U+CroEB
+4c1LA4qTgQPUvUIXyyFGC3lPsjKHGiEitbIT4sDQOz3nMMvT0FIP7DPtiSAuyx0I
+J6/3+/QQ/8dzGqZskolKTSWGToOysNWcIxbbBprDAXYseOTJvREVpwC/Qra5OUqU
+6P8K72yp2hSCu/5EQwV3kwKMw0JmjJFyaL8SC2GJnueWWCIIZjYdc0ZAA9Dvl9eo
+SfQA4emLjUcScFpj8kv3Iu5tGJxnO1gqJ4JV+NKJ/09AxXvFYpNhaBXJ0xUOTA8/
+vBTkAs9hTFV1IFIgJNP5CxEbkWr5FcFYUKAopFhDKfQkXGCKEn4s3wuNqUuzEEdE
+Sx2YVV8XKbb9eKpHN5cQ6ljeFvanKpMCAwEAAaNTMFEwHQYDVR0OBBYEFIaKuU5Z
+CCv9JAsdqvHyR5QnE1OdMB8GA1UdIwQYMBaAFIaKuU5ZCCv9JAsdqvHyR5QnE1Od
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAGslKyiOzrJzfVEA
+HwJu/4CpDs7MpZuzAJ/AS0shWR3qlpHJUn6c/NIaQBfmVIo+vfxTvwV+ih6tZ+4A
+HmIZrCQm7rn5uQm2Q9G++JQ0RgQfLngnz3FBL+aERW2wxw1vOcPwg8JWCeGUSCd4
+Lj4jtpvlniS5uIiCD2GYxRIub401egX60XAiHdR0k6rS2dKxab9vMKW28RvRddak
+YCk7UKSXOZlj39XVH/JCB8+4IokDLTikpoAUqiNfytO+kx9+1JHKti8NjSQJwjqO
+JtBd1OD2ziQqd0gVKjr3J4IwIBv3Yl3GGUi3c5HVyDejriPciPrK+4G6a4IDGiyG
+rQRTzTR98ILsPX5uvOJadF1TAyZpS8oN7xFM8BnKfdpB34x3p9KgBqk34dRIXxbF
+nM3AJRT5dHlcHkn6z1snFqRHko4QvG0bSHlZFepogLG9yOGB0B1Hp4JPTSimEb6f
+b+CL5o8mXzAMRDIzdjTkBM/nQg5NMoXaXvmKypw/zIYI/ffb6Kwu/Y6gWmXubQrA
+fJ95Ssb14RKtmW6IDmHD5mNpybjhoSzwtBZyuHAyVZT/5P8/QHNkMBwpfQsevY5f
+FmOcAZIq9bHTBvn5SNNvi2NxZfTRD7sTMogXgqKKcxwe2rs52IYecamNekQMjrPL
+jI16bCLO/G1NaQ+N9YFL4TGfvbCe
+-----END CERTIFICATE-----

data/ext/itsi_server/src/server/itsi_ca/itsi_ca.key

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDMoArZEi+cBNqk
+7E1i5toaM7HzPi2HHBYz8rEyojyAAGaBEVNr32fW+tN6eV91fg9yhHIJcQneSuGc
++xGY/WedRLUEQhfgdr3FU8jLRSg/Qk3VriRUid6Nl7ZlNylG/yTYqWRp8jDQhK3+
+FKiik1XZIRIIwPHHZ7cX13jDMeaR+zb7qT7XZNNiSSJ9dpeBI5eb3VrkAGpN9rzB
+Lq13/ObC/pblE0FTeRLdOyqgqNzTF27blqJ8njSL/7zZvk45aFa36mxI+VNlv5jl
+6UyGWHweOznZLe7jzDPmOg+wGL2vjItgaGAH4CJb5v7LS6yzsSJNBHbhT4KugQHh
+zUsDipOBA9S9QhfLIUYLeU+yMocaISK1shPiwNA7Pecwy9PQUg/sM+2JIC7LHQgn
+r/f79BD/x3MapmySiUpNJYZOg7Kw1ZwjFtsGmsMBdix45Mm9ERWnAL9Ctrk5SpTo
+/wrvbKnaFIK7/kRDBXeTAozDQmaMkXJovxILYYme55ZYIghmNh1zRkAD0O+X16hJ
+9ADh6YuNRxJwWmPyS/ci7m0YnGc7WConglX40on/T0DFe8Vik2FoFcnTFQ5MDz+8
+FOQCz2FMVXUgUiAk0/kLERuRavkVwVhQoCikWEMp9CRcYIoSfizfC42pS7MQR0RL
+HZhVXxcptv14qkc3lxDqWN4W9qcqkwIDAQABAoICADBfoVDhuLmUeC/G4SCBXIwX
+LnlHeLHZFPKg6/0BV3YXIiRe+S6mOMEcuMPaT5PSAkrbPq42t9OCNkXLIMTfGxCV
+volMKqLYz1IH1Y8gQTx7KzVZnqMRmLg2ZlsVKD/tb0N9AAz/wUR6KTvInHkahY/3
+/nBtVHsEbMdJG/ZhJJXcIopp3z5CSqqQiYPJdlWEGYIyWRtPcdIOg17T7xRPiCoO
+z5NF8wqNs8TzCMfEQ7fvcTieKrl1GQ0DnxyGna16mg2OcJzrvChwm++2MG4OGwF2
+lN1fu3rEunwxu6Wwo58NhaF76z/RX64ENLXQpPox5N76MDRhfI5OVyiPRK2IpAfO
+rgMY4tbiE+OMRqM553MpfcrmxmafxI7287OqraHWRaayHKARDrF42m5XXJG5sYUP
+2RDKlt8LOOmhQWbnpzOifzyk8Rn57yIGPda2Wqc9vvH3efMcLJ/ZhDPeHBaA2JIN
+7JWJNZ5G58muXBzh2+q4mBJTKN9RBHE+CHeNDR6Yp2/Tul0P7GesMMx78De4iNsu
+uMiBhrx6FB5qsoBlFGD5FUyBVRYyIfZXbzGGh7dEHzOl1YVcZszjE/xm6QlLr0HD
+pVH+Wf+y6rltz+Hw/XOJfvF1Wx42NmXX+FOGnVG0VPQB8s/oRnsUerYt9DrzV2BT
+1oppvacvemTeryKx6LRBAoIBAQDlnMDBRoxvbJpzNcVQtZQr9GokIVockhKn2pHb
+/2y4Y7Kl6q7LM8lEjSeCxvl2joEEDIvX6ex+mcB45D3CgKb1kCrjSsFgOgRMPjB1
+yDDyQ9wf4UqJNKXriDy5v3HQVZKiFiDQPG1X4VEofIaNxMDSo2fx9v93bO3YeCJ9
+2KTX5091Hx31UCZnBzE8siZtizz9iVqQ4qILbluxRQf8YMlLyT2KtCZzJ8wYfk9h
+zHsr+v3wyrOUzbSxTOG9NfBuBUrz4gg3z08e+2ymfrl3lZdZ11iHkBMvfSIzZPUP
+7TysZFR/DukW2Uh9szgSP8biaP8PDvqpZ+p493MwdEl2YCShAoIBAQDkJClmQ9b+
+eRk/b2CFkpV1NNT9A5RaoI+aL4qfgOdDCBA/6lQy3P3aurIn0qAjNEsFl45mOBEy
+GWCrU8HrccxhHVma48gxrTnQ0kJ7YEzgxTTN3ccqsly1e8mpNroWjZFqN85B9JwV
+rzswu6pXD+673u7m/q8nIz9JSS2A0KKFr5BXVHiyxM9EgOW+v4Lx2r5f18iATTbs
+qs8GSHMc1OPwFe/KKnrLPzpx1tGuBQkdXdv1WzSvfZdznPjMFNhapEWsvS+J5lKo
+56t2EyxOR0d/TmyZVphw0qdD/eM57aWXxlJJoIs/NF+XG2pghK0YhoP2Y0bcCkOI
+Hy1Hk6JbdM6zAoIBAQCiIkcF81AVGgYR1mVHMYC4bPVKH/bmd8sOlcsrIrjdlyC+
+AfJ9cErtyhKdSO08ZzH47vcMdpTVbLI5a0mk/31lpvBx4QadcTo5sCw97yeI2pwk
+MsyUCAYlQ+VFcEboypQpOiDfidvYEzVgtlW447cYxeQPOs93wAZPNb19Sa5U+nPk
+Cx33bCpB1BVTe6Sg85IUoZm+9xlfowTCLzGNZ7acejSnrb/8zpxSq1ZYg7ByBOCt
+2CRorbyq+dPo7J6iwcAEaJZO+mcvRHCbPJ6wL4RZHzPXPcgeX2j4C5D0NxwByzLT
+KW80ACgtApFUaY6Br4xzUKt1Vfh+hJTlISgCm68hAoIBAQCEkGKh8q99hF5gVtZu
+JwPDbCSKtEbC9mMbA574Gc3HTGssyHuOZoz3SN52d1PnwN4K7MqoqNGNG+PpCa03
+oxNQJt7HOq47910N8u8Ag6+IN+775G9zZtqp9bjzI0K0EiS55J1sA7eifgTVx2Yu
+Wqqs7dhBzyF1i2ydp/DR1elp5t7nb8UGk4egVYmp8dwjrqhKRrdRngxZLtNG4lhJ
+G4crHYQNI+vgJ+hM97c09+YY8035XrrZcg/L9R04cLBa0vNNcUyrQ3MqhBtEa9Wl
+0pM/7RD7dK71d+ILhv4+zdEXxPxRngDrhAI7aonAdbei9Z6+T2eAOlKNSRhla+q+
+W7wzAoIBAQDGX2nnfmdzDdDyFSJj5mIfj/nMG1FQg4BlxtFn6BRJmAVxCasi8tP9
+LLlMy4n6jYNxUUad5jwmFTcH3WBIaNtKyMhvzpY7lb6zp2i8U6GS6ctbzrWCobM5
+ivhuz0WuayZzI9fQGBb+EjAEhDgVRAFPG+xRowxC+vUw30kTAW15ENUN3HRRBLPo
+b2VWCatESqGIuuweu44aZcj0c7QLOQiDry4QqrpIuIR2HIzOhX8Uuxq1kdSPuXBh
+3YQBLl7YtOi/UNpRqlYrJpVlLoDZol4HgsQBqd5dqYUYCbl5fpgxM25vww6LFFjK
+cN5973/E4MpAKMt1shs0YWr3axraOhkg
+-----END PRIVATE KEY-----

data/ext/itsi_server/src/server/itsi_server.rs

@@ -0,0 +1,182 @@
+use super::{
+    bind::Bind,
+    listener::{Listener, SockAddr},
+};
+use crate::{request::itsi_request::ItsiRequest, ITSI_SERVER};
+use bytes::Bytes;
+use derive_more::Debug;
+use http_body_util::{combinators::BoxBody, Empty};
+use hyper::{
+    body::Incoming, header::HeaderName, service::service_fn, HeaderMap, Request, Response,
+    StatusCode,
+};
+use hyper_util::{rt::TokioExecutor, server::conn::auto::Builder};
+use itsi_tracing::{error, info};
+use magnus::{
+    error::Result,
+    scan_args::{get_kwargs, scan_args, Args, KwArgs},
+    value::{Opaque, ReprValue},
+    RHash, Ruby, Value,
+};
+use parking_lot::Mutex;
+use std::{collections::HashMap, convert::Infallible, sync::Arc};
+use tokio::runtime::Builder as RuntimeBuilder;
+use tokio::task::JoinSet;
+
+#[magnus::wrap(class = "Itsi::Server", free_immediately, size)]
+#[derive(Debug)]
+pub struct Server {
+    #[debug(skip)]
+    app: Opaque<Value>,
+    #[allow(unused)]
+    workers: u16,
+    #[allow(unused)]
+    threads: u16,
+    #[allow(unused)]
+    shutdown_timeout: f64,
+    script_name: String,
+    pub(crate) binds: Mutex<Vec<Bind>>,
+}
+
+impl Server {
+    pub fn new(args: &[Value]) -> Result<Self> {
+        type OptionalArgs = (
+            Option<u16>,
+            Option<u16>,
+            Option<f64>,
+            Option<String>,
+            Option<Vec<String>>,
+        );
+
+        let scan_args: Args<(), (), (), (), RHash, ()> = scan_args(args)?;
+        let args: KwArgs<(Value,), OptionalArgs, ()> = get_kwargs(
+            scan_args.keywords,
+            &["app"],
+            &[
+                "workers",
+                "threads",
+                "shutdown_timeout",
+                "script_name",
+                "binds",
+            ],
+        )?;
+        let server = Server {
+            app: Opaque::from(args.required.0),
+            workers: args.optional.0.unwrap_or(1),
+            threads: args.optional.1.unwrap_or(1),
+            shutdown_timeout: args.optional.2.unwrap_or(5.0),
+            script_name: args.optional.3.unwrap_or("".to_string()),
+            binds: Mutex::new(
+                args.optional
+                    .4
+                    .unwrap_or_else(|| vec!["localhost:3000".to_string()])
+                    .into_iter()
+                    .map(|s| s.parse().unwrap_or_else(|_| Bind::default()))
+                    .collect(),
+            ),
+        };
+        Ok(server)
+    }
+
+    pub(crate) async fn process_request(
+        hyper_request: Request<Incoming>,
+        app: Opaque<Value>,
+        script_name: String,
+        listener: Arc<Listener>,
+        addr: SockAddr,
+    ) -> itsi_error::Result<Response<BoxBody<Bytes, Infallible>>> {
+        let request = ItsiRequest::build_from(hyper_request, addr, script_name, listener).await;
+        let ruby = Ruby::get().unwrap();
+        let server = ruby.get_inner(&ITSI_SERVER);
+        let response: Result<(u16, HashMap<String, String>, Value)> =
+            server.funcall("call", (app, request));
+        if let Ok((status, headers_raw, body)) = response {
+            let mut body_buf = vec![];
+            for body_chunk in body.enumeratorize("each", ()) {
+                body_buf.push(body_chunk.unwrap().to_string())
+            }
+            body.check_funcall::<_, _, Value>("close", ());
+            let boxed_body = BoxBody::new(body_buf.join(""));
+            let mut response = Response::new(boxed_body);
+            let mut headers = HeaderMap::new();
+            headers_raw.into_iter().for_each(|(key, value)| {
+                let header_name: HeaderName = key.parse().unwrap();
+                headers.insert(header_name, value.parse().unwrap());
+            });
+            *response.headers_mut() = headers;
+            *response.status_mut() = StatusCode::from_u16(status).unwrap();
+            Ok(response)
+        } else {
+            let mut response = Response::new(BoxBody::new(Empty::new()));
+            *response.status_mut() = StatusCode::BAD_REQUEST;
+            Ok(response)
+        }
+    }
+
+    pub fn start(&self) {
+        let mut builder: RuntimeBuilder = RuntimeBuilder::new_current_thread();
+        let runtime = builder
+            .thread_name("itsi-server-accept-loop")
+            .thread_stack_size(3 * 1024 * 1024)
+            .enable_io()
+            .enable_time()
+            .build()
+            .expect("Failed to build Tokio runtime");
+
+        runtime.block_on(async {
+            let server = Arc::new(Builder::new(TokioExecutor::new()));
+            let listeners: Vec<Listener> = self
+                .binds
+                .lock()
+                .iter()
+                .cloned()
+                .map(Listener::from)
+                .collect::<Vec<_>>();
+
+            let mut set = JoinSet::new();
+
+            for listener in listeners {
+                let app = self.app;
+                let server_clone = server.clone();
+                let listener_clone = Arc::new(listener);
+                let script_name = self.script_name.clone();
+
+                set.spawn(async move {
+                    loop {
+                        let server = server_clone.clone();
+                        let listener = listener_clone.clone();
+                        let script_name = script_name.clone();
+                        let (stream, addr) = match listener.accept().await {
+                            Ok(stream) => stream,
+                            Err(e) => {
+                                error!("Failed to accept connection: {:?}", e);
+                                continue;
+                            }
+                        };
+
+                        tokio::spawn(async move {
+                            if let Err(e) = server
+                                .serve_connection_with_upgrades(
+                                    stream,
+                                    service_fn(move |hyper_request: Request<Incoming>| {
+                                        Server::process_request(
+                                            hyper_request,
+                                            app,
+                                            script_name.clone(),
+                                            listener.clone(),
+                                            addr.clone(),
+                                        )
+                                    }),
+                                )
+                                .await
+                            {
+                                info!("Closed connection due to: {:?}", e);
+                            }
+                        });
+                    }
+                });
+            }
+            while let Some(_res) = set.join_next().await {}
+        })
+    }
+}

data/ext/itsi_server/src/server/listener.rs

@@ -0,0 +1,218 @@
+use super::bind::{Bind, BindAddress};
+use super::transfer_protocol::TransferProtocol;
+use hyper_util::rt::TokioIo;
+use itsi_error::Result;
+use itsi_tracing::info;
+use socket2::{Domain, Protocol, Socket, Type};
+use std::net::{IpAddr, SocketAddr, TcpListener as StdTcpListener};
+use std::pin::Pin;
+use std::sync::Arc;
+use std::{os::unix::net::UnixListener as StdUnixListener, path::PathBuf};
+use tokio::net::{unix, TcpListener, TcpStream, UnixListener, UnixStream};
+use tokio_rustls::TlsAcceptor;
+
+pub(crate) trait IoStream:
+    tokio::io::AsyncRead + tokio::io::AsyncWrite + Send + Unpin
+{
+}
+impl<T: tokio::io::AsyncRead + tokio::io::AsyncWrite + Send + Unpin> IoStream for T {}
+
+pub(crate) enum Listener {
+    Tcp(TcpListener),
+    TcpTls((TcpListener, TlsAcceptor)),
+    Unix(UnixListener),
+    UnixTls((UnixListener, TlsAcceptor)),
+}
+
+enum Stream {
+    TcpStream((TcpStream, SocketAddr)),
+    UnixStream((UnixStream, unix::SocketAddr)),
+}
+
+#[derive(Clone, Debug)]
+pub enum SockAddr {
+    Tcp(Arc<SocketAddr>),
+    Unix(Arc<unix::SocketAddr>),
+}
+impl std::fmt::Display for SockAddr {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        match self {
+            SockAddr::Tcp(socket_addr) => write!(f, "{}", socket_addr.ip().to_canonical()),
+            SockAddr::Unix(socket_addr) => match socket_addr.as_pathname() {
+                Some(path) => write!(f, "{:?}", path),
+                None => write!(f, ""),
+            },
+        }
+    }
+}
+
+impl Listener {
+    pub(crate) async fn accept(&self) -> Result<(TokioIo<Pin<Box<dyn IoStream>>>, SockAddr)> {
+        match self {
+            Listener::Tcp(listener) => Listener::accept_tcp(listener).await,
+            Listener::TcpTls((listener, acceptor)) => {
+                Listener::accept_tls(listener, acceptor).await
+            }
+            Listener::Unix(stream) => Listener::accept_unix(stream).await,
+            Listener::UnixTls((listener, acceptor)) => {
+                Listener::accept_unix_tls(listener, acceptor).await
+            }
+        }
+    }
+
+    async fn to_tokio_io(
+        input_stream: Stream,
+        tls_acceptor: Option<&TlsAcceptor>,
+    ) -> Result<(TokioIo<Pin<Box<dyn IoStream>>>, SockAddr)> {
+        match tls_acceptor {
+            Some(acceptor) => match input_stream {
+                Stream::TcpStream((tcp_stream, socket_address)) => {
+                    match acceptor.accept(tcp_stream).await {
+                        Ok(tls_stream) => Ok((
+                            TokioIo::new(Box::pin(tls_stream) as Pin<Box<dyn IoStream>>),
+                            SockAddr::Tcp(Arc::new(socket_address)),
+                        )),
+                        Err(err) => Err(err.into()),
+                    }
+                }
+                Stream::UnixStream((unix_stream, socket_address)) => {
+                    match acceptor.accept(unix_stream).await {
+                        Ok(tls_stream) => Ok((
+                            TokioIo::new(Box::pin(tls_stream) as Pin<Box<dyn IoStream>>),
+                            SockAddr::Unix(Arc::new(socket_address)),
+                        )),
+                        Err(err) => Err(err.into()),
+                    }
+                }
+            },
+            None => match input_stream {
+                Stream::TcpStream((tcp_stream, socket_address)) => Ok((
+                    TokioIo::new(Box::pin(tcp_stream) as Pin<Box<dyn IoStream>>),
+                    SockAddr::Tcp(Arc::new(socket_address)),
+                )),
+                Stream::UnixStream((unix_stream, socket_address)) => Ok((
+                    TokioIo::new(Box::pin(unix_stream) as Pin<Box<dyn IoStream>>),
+                    SockAddr::Unix(Arc::new(socket_address)),
+                )),
+            },
+        }
+    }
+
+    async fn accept_tcp(
+        listener: &TcpListener,
+    ) -> Result<(TokioIo<Pin<Box<dyn IoStream>>>, SockAddr)> {
+        let tcp_stream = listener.accept().await?;
+        Self::to_tokio_io(Stream::TcpStream(tcp_stream), None).await
+    }
+
+    async fn accept_tls(
+        listener: &TcpListener,
+        acceptor: &TlsAcceptor,
+    ) -> Result<(TokioIo<Pin<Box<dyn IoStream>>>, SockAddr)> {
+        let tcp_stream = listener.accept().await?;
+        Self::to_tokio_io(Stream::TcpStream(tcp_stream), Some(acceptor)).await
+    }
+
+    async fn accept_unix(
+        listener: &UnixListener,
+    ) -> Result<(TokioIo<Pin<Box<dyn IoStream>>>, SockAddr)> {
+        let unix_stream = listener.accept().await?;
+        Self::to_tokio_io(Stream::UnixStream(unix_stream), None).await
+    }
+
+    async fn accept_unix_tls(
+        listener: &UnixListener,
+        acceptor: &TlsAcceptor,
+    ) -> Result<(TokioIo<Pin<Box<dyn IoStream>>>, SockAddr)> {
+        let unix_stream = listener.accept().await?;
+        Self::to_tokio_io(Stream::UnixStream(unix_stream), Some(acceptor)).await
+    }
+
+    pub(crate) fn scheme(&self) -> String {
+        match self {
+            Listener::Tcp(_) => "http".to_string(),
+            Listener::TcpTls(_) => "https".to_string(),
+            Listener::Unix(_) => "http".to_string(),
+            Listener::UnixTls(_) => "https".to_string(),
+        }
+    }
+
+    pub(crate) fn port(&self) -> u16 {
+        match self {
+            Listener::Tcp(listener) => listener.local_addr().unwrap().port(),
+            Listener::TcpTls((listener, _)) => listener.local_addr().unwrap().port(),
+            Listener::Unix(_) => 0,
+            Listener::UnixTls(_) => 0,
+        }
+    }
+
+    pub(crate) fn host(&self) -> String {
+        match self {
+            Listener::Tcp(listener) => listener.local_addr().unwrap().ip().to_string(),
+            Listener::TcpTls((listener, _)) => listener.local_addr().unwrap().ip().to_string(),
+            Listener::Unix(_) => "unix".to_string(),
+            Listener::UnixTls(_) => "unix".to_string(),
+        }
+    }
+}
+
+impl From<Bind> for Listener {
+    fn from(bind: Bind) -> Self {
+        match bind.address {
+            BindAddress::Ip(addr) => match bind.protocol {
+                TransferProtocol::Http => Listener::Tcp(
+                    TcpListener::from_std(connect_tcp_socket(addr, bind.port.unwrap())).unwrap(),
+                ),
+                TransferProtocol::Https => {
+                    let tcp_listener =
+                        TcpListener::from_std(connect_tcp_socket(addr, bind.port.unwrap()))
+                            .unwrap();
+                    let tls_acceptor = TlsAcceptor::from(Arc::new(bind.tls_config.unwrap()));
+                    Listener::TcpTls((tcp_listener, tls_acceptor))
+                }
+                _ => unreachable!(),
+            },
+            BindAddress::UnixSocket(path) => match bind.tls_config {
+                Some(tls_config) => {
+                    let tls_acceptor = TlsAcceptor::from(Arc::new(tls_config));
+                    Listener::UnixTls((
+                        UnixListener::from_std(connect_unix_socket(&path)).unwrap(),
+                        tls_acceptor,
+                    ))
+                }
+                None => Listener::Unix(UnixListener::from_std(connect_unix_socket(&path)).unwrap()),
+            },
+        }
+    }
+}
+
+fn connect_tcp_socket(addr: IpAddr, port: u16) -> StdTcpListener {
+    let domain = match addr {
+        IpAddr::V4(_) => Domain::IPV4,
+        IpAddr::V6(_) => Domain::IPV6,
+    };
+    let socket = Socket::new(domain, Type::STREAM, Some(Protocol::TCP)).unwrap();
+    let socket_address: SocketAddr = SocketAddr::new(addr, port);
+    socket.set_reuse_address(true).ok();
+    socket.set_reuse_port(true).ok();
+    socket.set_nonblocking(true).ok();
+    socket.set_nodelay(true).ok();
+    socket.set_recv_buffer_size(1_048_576).ok();
+    info!("Binding to {}", socket_address);
+    socket.bind(&socket_address.into()).unwrap();
+    socket.listen(1024).unwrap();
+    socket.into()
+}
+
+fn connect_unix_socket(path: &PathBuf) -> StdUnixListener {
+    let _ = std::fs::remove_file(path);
+    let socket = Socket::new(Domain::UNIX, Type::STREAM, None).unwrap();
+    socket.set_nonblocking(true).ok();
+    let socket_address = socket2::SockAddr::unix(path).unwrap();
+
+    info!("Binding to {:?}", path);
+    socket.bind(&socket_address).unwrap();
+    socket.listen(1024).unwrap();
+
+    socket.into()
+}

data/ext/itsi_server/src/server/mod.rs

@@ -0,0 +1,5 @@
+pub mod bind;
+pub mod itsi_server;
+pub mod listener;
+pub mod tls;
+pub mod transfer_protocol;