RubyGems - itsi-server - Versions diffs - 0.1.19 → 0.1.20 - Mend

itsi-server 0.1.19 → 0.1.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (174) hide show

data/README.md CHANGED Viewed

@@ -1,5 +1,7 @@
 ---
 type: docs
+sidebar:
+  exclude: true
 ---
 # ItsiServer

data/exe/itsi CHANGED Viewed

@@ -7,9 +7,10 @@ require "optparse"
 COMMANDS = {
   "init" => "Initialize a new Itsi.rb server configuration file",
+  "test" => "Test config file validity",
   "status" => "Show the status of the server",
-  "start" => "Start the Isti server",
-  "serve" => "Start the Isti server",
+  "start" => "Start the Itsi server",
+  "serve" => "Start the Itsi server",
   "stop" => "Stop the server",
   "reload" => "Reload the server",
   "restart" => "Restart the server",
@@ -37,7 +38,7 @@ parser = OptionParser.new do |opts|
   end
   opts.on("-d", "--daemonize", "Run the process as a daemon") do
-    Process.daemon(true)
+    options[:daemonize] = true
   end
   opts.on("-t", "--threads THREADS", Integer, "Number of threads (default: 1)") do |t|
@@ -57,7 +58,7 @@ parser = OptionParser.new do |opts|
     options[:worker_memory_limit] = ml
   end
-  opts.on("-f", "--fiber_scheduler [CLASS_NAME]", [String],
+  opts.on("-f", "--fiber_scheduler [CLASS_NAME]", String,
           "Scheduler class to use (default: nil). Provide blank or true to use Itsi::Scheduler, or a classname to use an alternative scheduler") do |scheduler_class|
     if scheduler_class.nil? || scheduler_class == "true"
       options[:scheduler_class] = "Itsi::Scheduler"
@@ -154,7 +155,6 @@ if ENV['COMP_LINE'] || ARGV.include?('--completion')
 end
 parser.parse!
 case (command = ARGV.shift)
 when *COMMANDS.keys
   required_arity = Itsi::Server.method(command).parameters&.select{|c| c.first == :req }&.length&.succ || 2

data/ext/itsi_acme/Cargo.toml ADDED Viewed

@@ -0,0 +1,86 @@
+[package]
+name = "itsi_acme"
+version = "0.1.0"
+authors = [
+  "wouterkem <wc@pico.net.nz>",
+  "dignifiedquire <me@dignifiedquire.com>",
+  "Florian Uekermann <florian@uekermann.me>",
+]
+edition = "2018"
+description = "Automatic TLS certificate management using rustls, specifically for itsi"
+license = "Apache-2.0 OR MIT"
+repository = "https://github.com/n0-computer/tokio-rustls-acme"
+documentation = "https://docs.rs/tokio-rustls-acme"
+keywords = ["acme", "rustls", "tls", "letsencrypt"]
+categories = ["asynchronous", "cryptography", "network-programming"]
+[dependencies]
+futures = "0.3.21"
+rcgen = "0.13"
+serde_json = "1.0.81"
+serde = { version = "1.0.137", features = ["derive"] }
+ring = { version = "0.17.0", features = ["std"] }
+base64 = "0.22"
+log = "0.4.17"
+webpki-roots = "0.26"
+pem = "3.0"
+thiserror = "2.0"
+x509-parser = "0.16"
+chrono = { version = "0.4.24", default-features = false, features = ["clock"] }
+async-trait = "0.1.53"
+rustls = { version = "0.23", default-features = false, features = ["ring"] }
+time = "0.3.36"                                                                 # force the transitive dependency to a more recent minimal version. The build fails with 0.3.20
+tokio = { version = "1.20.1", default-features = false }
+tokio-rustls = { version = "0.26", default-features = false, features = [
+  "tls12",
+] }
+reqwest = { version = "0.12", default-features = false, features = [
+  "rustls-tls",
+] }
+# Axum
+axum-server = { version = "0.7", features = ["tokio-rustls"], optional = true }
+[dependencies.proc-macro2]
+# This is a transitive dependency, we specify it to make sure we have
+# a recent-enough version so that -Z minimal-versions crate resolution
+# works.
+version = "1.0.78"
+[dependencies.num-bigint]
+# This is a transitive dependency, we specify it to make sure we have
+# a recent-enough version so that -Z minimal-versions crate resolution
+# works.
+version = "0.4.4"
+[dev-dependencies]
+simple_logger = "5.0"
+structopt = "0.3.26"
+clap = { version = "4", features = ["derive"] }
+axum = "0.7"
+tokio = { version = "1.19.2", features = ["full"] }
+tokio-stream = { version = "0.1.9", features = ["net"] }
+tokio-util = { version = "0.7.3", features = ["compat"] }
+warp = "0.3"
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "doc_auto_cfg"]
+[features]
+default = []
+axum = ["dep:axum-server"]
+[[example]]
+name = "low_level_axum"
+required-features = ["axum"]
+[[example]]
+name = "high_level_warp"
+[[example]]
+name = "high_level"
+[[example]]
+name = "low_level"

data/ext/itsi_acme/examples/high_level.rs ADDED Viewed

@@ -0,0 +1,63 @@
+use clap::Parser;
+use itsi_acme::caches::DirCache;
+use itsi_acme::AcmeConfig;
+use std::net::Ipv6Addr;
+use std::path::PathBuf;
+use tokio::io::AsyncWriteExt;
+use tokio_stream::wrappers::TcpListenerStream;
+use tokio_stream::StreamExt;
+#[derive(Parser, Debug)]
+struct Args {
+    /// Domains
+    #[clap(short, required = true)]
+    domains: Vec<String>,
+    /// Contact info
+    #[clap(short)]
+    email: Vec<String>,
+    /// Cache directory
+    #[clap(short)]
+    cache: Option<PathBuf>,
+    /// Use Let's Encrypt production environment
+    /// (see https://letsencrypt.org/docs/staging-environment/)
+    #[clap(long)]
+    prod: bool,
+    #[clap(short, long, default_value = "443")]
+    port: u16,
+}
+#[tokio::main]
+async fn main() {
+    simple_logger::init_with_level(log::Level::Info).unwrap();
+    let args = Args::parse();
+    let tcp_listener = tokio::net::TcpListener::bind((Ipv6Addr::UNSPECIFIED, args.port))
+        .await
+        .unwrap();
+    let tcp_incoming = TcpListenerStream::new(tcp_listener);
+    let mut tls_incoming = AcmeConfig::new(args.domains)
+        .contact(args.email.iter().map(|e| format!("mailto:{}", e)))
+        .cache_option(args.cache.clone().map(DirCache::new))
+        .directory_lets_encrypt(args.prod)
+        .incoming(tcp_incoming, Vec::new());
+    while let Some(tls) = tls_incoming.next().await {
+        let mut tls = tls.unwrap();
+        tokio::spawn(async move {
+            tls.write_all(HELLO).await.unwrap();
+            tls.shutdown().await.unwrap();
+        });
+    }
+    unreachable!()
+}
+const HELLO: &[u8] = br#"HTTP/1.1 200 OK
+Content-Length: 10
+Content-Type: text/plain; charset=utf-8
+Hello Tls!"#;

data/ext/itsi_acme/examples/high_level_warp.rs ADDED Viewed

@@ -0,0 +1,52 @@
+use clap::Parser;
+use itsi_acme::caches::DirCache;
+use itsi_acme::AcmeConfig;
+use std::net::Ipv6Addr;
+use std::path::PathBuf;
+use tokio_stream::wrappers::TcpListenerStream;
+use warp::Filter;
+#[derive(Parser, Debug)]
+struct Args {
+    /// Domains
+    #[clap(short, required = true)]
+    domains: Vec<String>,
+    /// Contact info
+    #[clap(short)]
+    email: Vec<String>,
+    /// Cache directory
+    #[clap(short)]
+    cache: Option<PathBuf>,
+    /// Use Let's Encrypt production environment
+    /// (see https://letsencrypt.org/docs/staging-environment/)
+    #[clap(long)]
+    prod: bool,
+    #[clap(short, long, default_value = "443")]
+    port: u16,
+}
+#[tokio::main]
+async fn main() {
+    simple_logger::init_with_level(log::Level::Info).unwrap();
+    let args = Args::parse();
+    let tcp_listener = tokio::net::TcpListener::bind((Ipv6Addr::UNSPECIFIED, args.port))
+        .await
+        .unwrap();
+    let tcp_incoming = TcpListenerStream::new(tcp_listener);
+    let tls_incoming = AcmeConfig::new(args.domains)
+        .contact(args.email.iter().map(|e| format!("mailto:{}", e)))
+        .cache_option(args.cache.clone().map(DirCache::new))
+        .directory_lets_encrypt(args.prod)
+        .incoming(tcp_incoming, Vec::new());
+    let route = warp::any().map(|| "Hello Tls!");
+    warp::serve(route).run_incoming(tls_incoming).await;
+    unreachable!()
+}

data/ext/itsi_acme/examples/low_level.rs ADDED Viewed

@@ -0,0 +1,87 @@
+use clap::Parser;
+use itsi_acme::caches::DirCache;
+use itsi_acme::{AcmeAcceptor, AcmeConfig};
+use rustls::ServerConfig;
+use std::net::Ipv6Addr;
+use std::path::PathBuf;
+use std::sync::Arc;
+use tokio::io::AsyncWriteExt;
+use tokio_stream::StreamExt;
+#[derive(Parser, Debug)]
+struct Args {
+    /// Domains
+    #[clap(short, required = true)]
+    domains: Vec<String>,
+    /// Contact info
+    #[clap(short)]
+    email: Vec<String>,
+    /// Cache directory
+    #[clap(short)]
+    cache: Option<PathBuf>,
+    /// Use Let's Encrypt production environment
+    /// (see https://letsencrypt.org/docs/staging-environment/)
+    #[clap(long)]
+    prod: bool,
+    #[clap(short, long, default_value = "443")]
+    port: u16,
+}
+#[tokio::main]
+async fn main() {
+    simple_logger::init_with_level(log::Level::Info).unwrap();
+    let args = Args::parse();
+    let mut state = AcmeConfig::new(args.domains)
+        .contact(args.email.iter().map(|e| format!("mailto:{}", e)))
+        .cache_option(args.cache.clone().map(DirCache::new))
+        .directory_lets_encrypt(args.prod)
+        .state();
+    let rustls_config = ServerConfig::builder()
+        .with_no_client_auth()
+        .with_cert_resolver(state.resolver());
+    let acceptor = state.acceptor();
+    tokio::spawn(async move {
+        loop {
+            match state.next().await.unwrap() {
+                Ok(ok) => log::info!("event: {:?}", ok),
+                Err(err) => log::error!("error: {:?}", err),
+            }
+        }
+    });
+    serve(acceptor, Arc::new(rustls_config), args.port).await;
+}
+async fn serve(acceptor: AcmeAcceptor, rustls_config: Arc<ServerConfig>, port: u16) {
+    let listener = tokio::net::TcpListener::bind((Ipv6Addr::UNSPECIFIED, port))
+        .await
+        .unwrap();
+    loop {
+        let tcp = listener.accept().await.unwrap().0;
+        let rustls_config = rustls_config.clone();
+        let accept_future = acceptor.accept(tcp);
+        tokio::spawn(async move {
+            match accept_future.await.unwrap() {
+                None => log::info!("received TLS-ALPN-01 validation request"),
+                Some(start_handshake) => {
+                    let mut tls = start_handshake.into_stream(rustls_config).await.unwrap();
+                    tls.write_all(HELLO).await.unwrap();
+                    tls.shutdown().await.unwrap();
+                }
+            }
+        });
+    }
+}
+const HELLO: &[u8] = br#"HTTP/1.1 200 OK
+Content-Length: 10
+Content-Type: text/plain; charset=utf-8
+Hello Tls!"#;

data/ext/itsi_acme/examples/low_level_axum.rs ADDED Viewed

@@ -0,0 +1,66 @@
+use axum::{routing::get, Router};
+use clap::Parser;
+use itsi_acme::caches::DirCache;
+use itsi_acme::AcmeConfig;
+use rustls::ServerConfig;
+use std::net::{Ipv6Addr, SocketAddr};
+use std::path::PathBuf;
+use std::sync::Arc;
+use tokio_stream::StreamExt;
+#[derive(Parser, Debug)]
+struct Args {
+    /// Domains
+    #[clap(short, required = true)]
+    domains: Vec<String>,
+    /// Contact info
+    #[clap(short)]
+    email: Vec<String>,
+    /// Cache directory
+    #[clap(short)]
+    cache: Option<PathBuf>,
+    /// Use Let's Encrypt production environment
+    /// (see https://letsencrypt.org/docs/staging-environment/)
+    #[clap(long)]
+    prod: bool,
+    #[clap(short, long, default_value = "443")]
+    port: u16,
+}
+#[tokio::main]
+async fn main() {
+    simple_logger::init_with_level(log::Level::Info).unwrap();
+    let args = Args::parse();
+    let mut state = AcmeConfig::new(args.domains)
+        .contact(args.email.iter().map(|e| format!("mailto:{}", e)))
+        .cache_option(args.cache.clone().map(DirCache::new))
+        .directory_lets_encrypt(args.prod)
+        .state();
+    let rustls_config = ServerConfig::builder()
+        .with_no_client_auth()
+        .with_cert_resolver(state.resolver());
+    let acceptor = state.axum_acceptor(Arc::new(rustls_config));
+    tokio::spawn(async move {
+        loop {
+            match state.next().await.unwrap() {
+                Ok(ok) => log::info!("event: {:?}", ok),
+                Err(err) => log::error!("error: {:?}", err),
+            }
+        }
+    });
+    let app = Router::new().route("/", get(|| async { "Hello Tls!" }));
+    let addr = SocketAddr::from((Ipv6Addr::UNSPECIFIED, args.port));
+    axum_server::bind(addr)
+        .acceptor(acceptor)
+        .serve(app.into_make_service())
+        .await
+        .unwrap();
+}

data/ext/itsi_acme/src/acceptor.rs ADDED Viewed

@@ -0,0 +1,81 @@
+use crate::acme::ACME_TLS_ALPN_NAME;
+use crate::ResolvesServerCertAcme;
+use rustls::server::Acceptor;
+use rustls::ServerConfig;
+use std::future::Future;
+use std::io;
+use std::pin::Pin;
+use std::sync::Arc;
+use std::task::{Context, Poll};
+use tokio::io::{AsyncRead, AsyncWrite};
+use tokio_rustls::{Accept, LazyConfigAcceptor, StartHandshake};
+#[derive(Clone)]
+pub struct AcmeAcceptor {
+    config: Arc<ServerConfig>,
+}
+impl AcmeAcceptor {
+    pub(crate) fn new(resolver: Arc<ResolvesServerCertAcme>) -> Self {
+        let mut config = ServerConfig::builder()
+            .with_no_client_auth()
+            .with_cert_resolver(resolver);
+        config.alpn_protocols.push(ACME_TLS_ALPN_NAME.to_vec());
+        Self {
+            config: Arc::new(config),
+        }
+    }
+    pub fn accept<IO: AsyncRead + AsyncWrite + Unpin>(&self, io: IO) -> AcmeAccept<IO> {
+        AcmeAccept::new(io, self.config.clone())
+    }
+}
+pub struct AcmeAccept<IO: AsyncRead + AsyncWrite + Unpin> {
+    acceptor: LazyConfigAcceptor<IO>,
+    config: Arc<ServerConfig>,
+    validation_accept: Option<Accept<IO>>,
+}
+impl<IO: AsyncRead + AsyncWrite + Unpin> AcmeAccept<IO> {
+    pub(crate) fn new(io: IO, config: Arc<ServerConfig>) -> Self {
+        Self {
+            acceptor: LazyConfigAcceptor::new(Acceptor::default(), io),
+            config,
+            validation_accept: None,
+        }
+    }
+}
+impl<IO: AsyncRead + AsyncWrite + Unpin> Future for AcmeAccept<IO> {
+    type Output = io::Result<Option<StartHandshake<IO>>>;
+    fn poll(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> {
+        loop {
+            if let Some(validation_accept) = &mut self.validation_accept {
+                return match Pin::new(validation_accept).poll(cx) {
+                    Poll::Ready(Ok(_)) => Poll::Ready(Ok(None)),
+                    Poll::Ready(Err(err)) => Poll::Ready(Err(err)),
+                    Poll::Pending => Poll::Pending,
+                };
+            }
+            return match Pin::new(&mut self.acceptor).poll(cx) {
+                Poll::Ready(Ok(handshake)) => {
+                    let is_validation = handshake
+                        .client_hello()
+                        .alpn()
+                        .into_iter()
+                        .flatten()
+                        .eq([ACME_TLS_ALPN_NAME]);
+                    if is_validation {
+                        self.validation_accept = Some(handshake.into_stream(self.config.clone()));
+                        continue;
+                    }
+                    Poll::Ready(Ok(Some(handshake)))
+                }
+                Poll::Ready(Err(err)) => Poll::Ready(Err(err)),
+                Poll::Pending => Poll::Pending,
+            };
+        }
+    }
+}