itsi-server 0.2.22 → 0.2.24

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4c095031fc57b597bbc6a032600bbebecfbaddb2f30f4caa9880e6fd64d13604
-  data.tar.gz: 10c1b76bdb681e9cb8e5222d316d12ec5c852fcba2b30395a6b923ee899a2f63
+  metadata.gz: ccd82cdc93b38c625b3d5bd8879b6bcc9a8939cbed2b4154aa70a0e24a260113
+  data.tar.gz: 98367b1e6902d691ba4b54acb89bbe3b124e4abcd532b912c115cc1eca0be421
 SHA512:
-  metadata.gz: 72022fd6073d0c7d80ccc14e255148f23e0ded3e1bb8ab486c9ab0ef0374f96964ad744b3d019475f594387d1192cf0990cf77b16c7a6e29404b44f8124e19c0
-  data.tar.gz: 67ba7810fbe87e0843a45ae41666239a14ba6ecff0cff60ccf1335a3c9cec886848441b946b4d863fe3f984a0f982302c24f47eac813c2aa824c1d1c26a367e1
+  metadata.gz: 07e03fce5c509105addb82171086c5c881540dc01e9e4a64e5483a3099a21f0e8824bee88f3652dc9c110aff1ac0b08bbcb286696625a15c440efa578aa740eb
+  data.tar.gz: 33affa790fcb745c8f866c367f99d7d6104af31e163f014311261d9e5666c0d1923fc78bcef1e9bc57205bcd3a4f40191dde95146f2dc1a28c8498e82baac436

data/Cargo.lock

@@ -1662,7 +1662,7 @@ checksum = "4a5f13b858c8d314ee3e8f639011f7ccefe71f97f96e50151fb991f267928e2c"
 
 [[package]]
 name = "itsi-server"
-version = "0.2.22"
+version = "0.2.24"
 dependencies = [
  "argon2",
  "async-channel",

data/ext/itsi_scheduler/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "itsi-scheduler"
-version = "0.2.22"
+version = "0.2.24"
 edition = "2021"
 authors = ["Wouter Coppieters <wc@pico.net.nz>"]
 license = "MIT"

data/ext/itsi_server/Cargo.lock

@@ -984,7 +984,7 @@ checksum = "d75a2a4b1b190afb6f5425f10f6a8f959d2ea0b9c2b1d79553551850539e4674"
 
 [[package]]
 name = "itsi-scheduler"
-version = "0.1.0"
+version = "0.2.24"
 dependencies = [
  "bytes",
  "derive_more",
@@ -1002,7 +1002,7 @@ dependencies = [
 
 [[package]]
 name = "itsi-server"
-version = "0.1.0"
+version = "0.2.24"
 dependencies = [
  "async-channel",
  "async-trait",

data/ext/itsi_server/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "itsi-server"
-version = "0.2.22"
+version = "0.2.24"
 edition = "2021"
 authors = ["Wouter Coppieters <wc@pico.net.nz>"]
 license = "MIT"

data/ext/itsi_server/src/server/binds/listener.rs

@@ -14,12 +14,13 @@ use std::fmt::Display;
 use std::net::{IpAddr, SocketAddr, TcpListener};
 use std::os::fd::{AsRawFd, FromRawFd, RawFd};
 use std::sync::Arc;
+use std::time::Duration;
 use std::{os::unix::net::UnixListener, path::PathBuf};
 use tokio::net::TcpListener as TokioTcpListener;
 use tokio::net::UnixListener as TokioUnixListener;
 use tokio::net::{unix, TcpStream, UnixStream};
 use tokio::sync::watch::Receiver;
-use tokio_rustls::TlsAcceptor;
+use tokio::time::timeout;
 use tokio_stream::StreamExt;
 
 pub(crate) enum Listener {
@@ -93,7 +94,7 @@ impl TokioListener {
         }
     }
 
-    pub(crate) async fn accept(&self) -> Result<IoStream> {
+    pub(crate) async fn accept(&self) -> Result<AcceptedStream> {
         match self {
             TokioListener::Tcp(listener) => TokioListener::accept_tcp(listener).await,
             TokioListener::TcpTls(listener, acceptor) => {
@@ -106,9 +107,11 @@ impl TokioListener {
         }
     }
 
-    async fn accept_tcp(listener: &TokioTcpListener) -> Result<IoStream> {
+    async fn accept_tcp(listener: &TokioTcpListener) -> Result<AcceptedStream> {
         let tcp_stream = listener.accept().await?;
-        Self::to_tokio_io(Stream::TcpStream(tcp_stream), None).await
+        Ok(AcceptedStream::Ready(Self::to_plain_io(Stream::TcpStream(
+            tcp_stream,
+        ))))
     }
 
     pub async fn spawn_acme_event_task(&self, mut shutdown_receiver: Receiver<RunningPhase>) {
@@ -137,89 +140,131 @@ impl TokioListener {
     async fn accept_tls(
         listener: &TokioTcpListener,
         acceptor: &ItsiTlsAcceptor,
-    ) -> Result<IoStream> {
-        let tcp_stream = listener.accept().await?;
-        match acceptor {
-            ItsiTlsAcceptor::Manual(tls_acceptor) => {
-                Self::to_tokio_io(Stream::TcpStream(tcp_stream), Some(tls_acceptor)).await
-            }
-            ItsiTlsAcceptor::Automatic(acme_acceptor, _, rustls_config) => {
-                let accept_future = acme_acceptor.accept(tcp_stream.0);
-                match accept_future.await {
-                    Ok(None) => Err(ItsiError::Pass),
-                    Ok(Some(start_handshake)) => {
-                        let tls_stream = start_handshake.into_stream(rustls_config.clone()).await?;
-                        Ok(IoStream::TcpTls {
-                            stream: tls_stream,
-                            addr: SockAddr::Tcp(Arc::new(tcp_stream.1)),
-                        })
-                    }
-                    Err(error) => {
-                        error!(error = format!("{:?}", error));
-                        Err(ItsiError::Pass)
-                    }
-                }
-            }
-        }
+    ) -> Result<AcceptedStream> {
+        let (stream, addr) = listener.accept().await?;
+        Ok(AcceptedStream::TcpTls {
+            stream,
+            addr,
+            acceptor: acceptor.clone(),
+        })
     }
 
-    async fn accept_unix(listener: &TokioUnixListener) -> Result<IoStream> {
+    async fn accept_unix(listener: &TokioUnixListener) -> Result<AcceptedStream> {
         let unix_stream = listener.accept().await?;
-        Self::to_tokio_io(Stream::UnixStream(unix_stream), None).await
+        Ok(AcceptedStream::Ready(Self::to_plain_io(
+            Stream::UnixStream(unix_stream),
+        )))
     }
 
     async fn accept_unix_tls(
         listener: &TokioUnixListener,
         acceptor: &ItsiTlsAcceptor,
-    ) -> Result<IoStream> {
-        let unix_stream = listener.accept().await?;
-        match acceptor {
-            ItsiTlsAcceptor::Manual(tls_acceptor) => {
-                Self::to_tokio_io(Stream::UnixStream(unix_stream), Some(tls_acceptor)).await
-            }
-            ItsiTlsAcceptor::Automatic(_, _, _) => {
-                error!("Automatic TLS not supported on Unix sockets");
-                Err(ItsiError::UnsupportedProtocol(
-                    "Automatic TLS on Unix Sockets".to_owned(),
-                ))
-            }
+    ) -> Result<AcceptedStream> {
+        let (stream, addr) = listener.accept().await?;
+        Ok(AcceptedStream::UnixTls {
+            stream,
+            addr,
+            acceptor: acceptor.clone(),
+        })
+    }
+
+    fn to_plain_io(input_stream: Stream) -> IoStream {
+        match input_stream {
+            Stream::TcpStream((tcp_stream, socket_address)) => IoStream::Tcp {
+                stream: tcp_stream,
+                addr: SockAddr::Tcp(Arc::new(socket_address)),
+            },
+            Stream::UnixStream((unix_stream, socket_address)) => IoStream::Unix {
+                stream: unix_stream,
+                addr: SockAddr::Unix(Arc::new(socket_address)),
+            },
         }
     }
+}
 
-    async fn to_tokio_io(
-        input_stream: Stream,
-        tls_acceptor: Option<&TlsAcceptor>,
-    ) -> Result<IoStream> {
-        match tls_acceptor {
-            Some(acceptor) => match input_stream {
-                Stream::TcpStream((tcp_stream, socket_address)) => {
-                    match acceptor.accept(tcp_stream).await {
-                        Ok(tls_stream) => Ok(IoStream::TcpTls {
+pub(crate) enum AcceptedStream {
+    Ready(IoStream),
+    TcpTls {
+        stream: TcpStream,
+        addr: SocketAddr,
+        acceptor: ItsiTlsAcceptor,
+    },
+    UnixTls {
+        stream: UnixStream,
+        addr: unix::SocketAddr,
+        acceptor: ItsiTlsAcceptor,
+    },
+}
+
+impl AcceptedStream {
+    pub(crate) async fn into_io_stream(self, handshake_timeout: Duration) -> Result<IoStream> {
+        match self {
+            AcceptedStream::Ready(stream) => Ok(stream),
+            AcceptedStream::TcpTls {
+                stream,
+                addr,
+                acceptor,
+            } => match acceptor {
+                ItsiTlsAcceptor::Manual(tls_acceptor) => {
+                    match timeout(handshake_timeout, tls_acceptor.accept(stream)).await {
+                        Ok(Ok(tls_stream)) => Ok(IoStream::TcpTls {
                             stream: tls_stream,
-                            addr: SockAddr::Tcp(Arc::new(socket_address)),
+                            addr: SockAddr::Tcp(Arc::new(addr)),
                         }),
-                        Err(err) => Err(err.into()),
+                        Ok(Err(error)) => Err(error.into()),
+                        Err(_) => Err(ItsiError::Pass),
                     }
                 }
-                Stream::UnixStream((unix_stream, socket_address)) => {
-                    match acceptor.accept(unix_stream).await {
-                        Ok(tls_stream) => Ok(IoStream::UnixTls {
+                ItsiTlsAcceptor::Automatic(acme_acceptor, _, rustls_config) => {
+                    let accept_future = acme_acceptor.accept(stream);
+                    match timeout(handshake_timeout, accept_future).await {
+                        Err(_) => Err(ItsiError::Pass),
+                        Ok(accept_result) => match accept_result {
+                            Ok(None) => Err(ItsiError::Pass),
+                            Ok(Some(start_handshake)) => {
+                                match timeout(
+                                    handshake_timeout,
+                                    start_handshake.into_stream(rustls_config.clone()),
+                                )
+                                .await
+                                {
+                                    Ok(Ok(tls_stream)) => Ok(IoStream::TcpTls {
+                                        stream: tls_stream,
+                                        addr: SockAddr::Tcp(Arc::new(addr)),
+                                    }),
+                                    Ok(Err(error)) => Err(error.into()),
+                                    Err(_) => Err(ItsiError::Pass),
+                                }
+                            }
+                            Err(error) => {
+                                error!(error = format!("{:?}", error));
+                                Err(ItsiError::Pass)
+                            }
+                        },
+                    }
+                }
+            },
+            AcceptedStream::UnixTls {
+                stream,
+                addr,
+                acceptor,
+            } => match acceptor {
+                ItsiTlsAcceptor::Manual(tls_acceptor) => {
+                    match timeout(handshake_timeout, tls_acceptor.accept(stream)).await {
+                        Ok(Ok(tls_stream)) => Ok(IoStream::UnixTls {
                             stream: tls_stream,
-                            addr: SockAddr::Unix(Arc::new(socket_address)),
+                            addr: SockAddr::Unix(Arc::new(addr)),
                         }),
-                        Err(err) => Err(err.into()),
+                        Ok(Err(error)) => Err(error.into()),
+                        Err(_) => Err(ItsiError::Pass),
                     }
                 }
-            },
-            None => match input_stream {
-                Stream::TcpStream((tcp_stream, socket_address)) => Ok(IoStream::Tcp {
-                    stream: tcp_stream,
-                    addr: SockAddr::Tcp(Arc::new(socket_address)),
-                }),
-                Stream::UnixStream((unix_stream, socket_address)) => Ok(IoStream::Unix {
-                    stream: unix_stream,
-                    addr: SockAddr::Unix(Arc::new(socket_address)),
-                }),
+                ItsiTlsAcceptor::Automatic(_, _, _) => {
+                    error!("Automatic TLS not supported on Unix sockets");
+                    Err(ItsiError::UnsupportedProtocol(
+                        "Automatic TLS on Unix Sockets".to_owned(),
+                    ))
+                }
             },
         }
     }

data/ext/itsi_server/src/server/middleware_stack/mod.rs

@@ -263,7 +263,7 @@ impl MiddlewareSet {
     pub fn stack_for(
         &self,
         request: &HttpRequest,
-    ) -> Result<(&Vec<Middleware>, Option<Arc<Regex>>)> {
+    ) -> Option<(&Vec<Middleware>, Option<Arc<Regex>>)> {
         let binding = self.route_set.matches(request.uri().path());
         let matches = binding.iter();
 
@@ -276,7 +276,7 @@ impl MiddlewareSet {
             let matching_pattern = self.patterns.get(index).cloned();
             if let Some(stack) = self.stacks.get(&index) {
                 if stack.matches(request) {
-                    return Ok((&stack.layers, matching_pattern));
+                    return Some((&stack.layers, matching_pattern));
                 }
             }
         }
@@ -285,13 +285,7 @@ impl MiddlewareSet {
             request.uri().path(),
             self.route_set
         );
-        Err(magnus::Error::new(
-            magnus::Ruby::get().unwrap().exception_standard_error(),
-            format!(
-                "No matching middleware stack found for request: {:?}",
-                request
-            ),
-        ))
+        None
     }
 
     pub fn parse_middleware(middleware_type: String, parameters: Value) -> Result<Middleware> {

data/ext/itsi_server/src/server/serve_strategy/acceptor.rs

@@ -1,11 +1,15 @@
 use hyper_util::rt::TokioIo;
-use std::{ops::Deref, pin::Pin, sync::Arc, time::Duration};
+use std::{future::Future, ops::Deref, pin::Pin, sync::Arc, time::Duration};
 use tokio::task::JoinSet;
 use tracing::debug;
 
 use crate::{
     ruby_types::itsi_server::itsi_server_config::ServerParams,
-    server::{binds::listener::ListenerInfo, io_stream::IoStream, request_job::RequestJob},
+    server::{
+        binds::listener::{AcceptedStream, ListenerInfo},
+        io_stream::IoStream,
+        request_job::RequestJob,
+    },
     services::itsi_http_service::{ItsiHttpService, ItsiHttpServiceInner},
 };
 
@@ -34,19 +38,39 @@ pub struct AcceptorArgs {
 }
 
 impl Acceptor {
-    pub(crate) async fn serve_connection(&mut self, stream: IoStream) {
-        let addr = stream.addr();
-        let io: TokioIo<Pin<Box<IoStream>>> = TokioIo::new(Box::pin(stream));
+    pub(crate) async fn serve_accepted_connection(
+        &mut self,
+        stream: AcceptedStream,
+        tls_handshake_timeout: Duration,
+    ) {
+        self.spawn_connection(async move { stream.into_io_stream(tls_handshake_timeout).await });
+    }
+
+    fn spawn_connection<F>(&mut self, stream_future: F)
+    where
+        F: Future<Output = itsi_error::Result<IoStream>> + Send + 'static,
+    {
         let mut shutdown_channel = self.shutdown_receiver.clone();
         let acceptor_args = self.acceptor_args.clone();
-        let service = ItsiHttpService {
-            inner: Arc::new(ItsiHttpServiceInner {
-                acceptor_args: acceptor_args.clone(),
-                addr,
-            }),
-        };
 
         self.join_set.spawn(async move {
+            let stream = match stream_future.await {
+                Ok(stream) => stream,
+                Err(error) => {
+                    debug!("Connection setup failed: {:?}", error);
+                    return;
+                }
+            };
+
+            let addr = stream.addr();
+            let io: TokioIo<Pin<Box<IoStream>>> = TokioIo::new(Box::pin(stream));
+            let service = ItsiHttpService {
+                inner: Arc::new(ItsiHttpServiceInner {
+                    acceptor_args: acceptor_args.clone(),
+                    addr,
+                }),
+            };
+
             let executor = &acceptor_args.strategy.executor;
             let svc = hyper::service::service_fn(move |req| {
                 let service = service.clone();

data/ext/itsi_server/src/server/serve_strategy/single_mode.rs

@@ -314,6 +314,7 @@ impl SingleMode {
 
                 let shutdown_rx_for_acme_task = shutdown_receiver.clone();
                 let acme_task_listener_clone = listener.clone();
+                let tls_handshake_timeout = server_params.header_read_timeout;
 
                 let mut after_accept_wait: Option<Duration> = None::<Duration>;
 
@@ -337,7 +338,7 @@ impl SingleMode {
                         tokio::select! {
                             accept_result = listener.accept() => {
                                 match accept_result {
-                                    Ok(accepted) => acceptor.serve_connection(accepted).await,
+                                    Ok(accepted) => acceptor.serve_accepted_connection(accepted, tls_handshake_timeout).await,
                                     Err(e) => debug!("Listener.accept failed: {:?}", e)
                                 }
                                 if cfg!(target_os = "macos") {

data/ext/itsi_server/src/services/itsi_http_service.rs

@@ -188,14 +188,11 @@ impl ItsiHttpService {
         let token_preference = self.server_params.itsi_server_token_preference;
 
         let service_future = async move {
-            let middleware_stack = self
-                .server_params
-                .middleware
-                .get()
-                .unwrap()
-                .stack_for(&req)
-                .unwrap();
-            let (stack, matching_pattern) = middleware_stack;
+            let Some((stack, matching_pattern)) =
+                self.server_params.middleware.get().unwrap().stack_for(&req)
+            else {
+                return Ok(NOT_FOUND_RESPONSE.to_http_response(accept).await);
+            };
             let mut resp: Option<HttpResponse> = None;
 
             let mut context =

data/lib/itsi/server/version.rb

@@ -2,6 +2,6 @@
 
 module Itsi
   class Server
-    VERSION = "0.2.22"
+    VERSION = "0.2.24"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: itsi-server
 version: !ruby/object:Gem::Version
-  version: 0.2.22
+  version: 0.2.24
 platform: ruby
 authors:
 - Wouter Coppieters
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2026-03-17 00:00:00.000000000 Z
+date: 2026-04-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json