RubyGems - itsi - Versions diffs - 0.1.9 → 0.1.12 - Mend

itsi 0.1.9 → 0.1.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (294) hide show

data/crates/itsi_server/src/server/itsi_service.rs ADDED Viewed

@@ -0,0 +1,172 @@
+use super::listener::ListenerInfo;
+use super::middleware_stack::CompressionAlgorithm;
+use super::middleware_stack::MiddlewareLayer;
+use super::request_job::RequestJob;
+use super::serve_strategy::single_mode::RunningPhase;
+use super::types::HttpRequest;
+use super::types::HttpResponse;
+use crate::ruby_types::itsi_server::itsi_server_config::ServerParams;
+use chrono;
+use chrono::Local;
+use either::Either;
+use hyper::service::Service;
+use itsi_error::ItsiError;
+use regex::Regex;
+use std::sync::OnceLock;
+use std::{future::Future, ops::Deref, pin::Pin, sync::Arc};
+use tokio::sync::watch::{self};
+#[derive(Clone)]
+pub struct ItsiService {
+    pub inner: Arc<IstiServiceInner>,
+}
+impl Deref for ItsiService {
+    type Target = Arc<IstiServiceInner>;
+    fn deref(&self) -> &Self::Target {
+        &self.inner
+    }
+}
+pub struct IstiServiceInner {
+    pub sender: async_channel::Sender<RequestJob>,
+    pub server_params: Arc<ServerParams>,
+    pub listener: Arc<ListenerInfo>,
+    pub addr: String,
+    pub shutdown_channel: watch::Receiver<RunningPhase>,
+}
+#[derive(Clone)]
+pub struct RequestContext {
+    inner: Arc<RequestContextInner>,
+}
+impl Deref for RequestContext {
+    type Target = Arc<RequestContextInner>;
+    fn deref(&self) -> &Self::Target {
+        &self.inner
+    }
+}
+impl Deref for RequestContextInner {
+    type Target = ItsiService;
+    fn deref(&self) -> &Self::Target {
+        &self.service
+    }
+}
+pub struct RequestContextInner {
+    pub request_id: i128,
+    pub service: ItsiService,
+    pub matching_pattern: Option<Arc<Regex>>,
+    pub compression_method: OnceLock<CompressionAlgorithm>,
+    pub origin: OnceLock<Option<String>>,
+    pub start_time: chrono::DateTime<chrono::Utc>,
+    pub request: Option<Arc<HttpRequest>>,
+    pub request_start_time: OnceLock<chrono::DateTime<Local>>,
+    pub if_none_match: OnceLock<Option<String>>,
+    pub etag_value: OnceLock<Option<String>>,
+}
+impl RequestContext {
+    fn new(service: ItsiService, matching_pattern: Option<Arc<Regex>>) -> Self {
+        RequestContext {
+            inner: Arc::new(RequestContextInner {
+                request_id: rand::random::<i128>(),
+                service,
+                matching_pattern,
+                compression_method: OnceLock::new(),
+                origin: OnceLock::new(),
+                start_time: chrono::Utc::now(),
+                request: None,
+                request_start_time: OnceLock::new(),
+                if_none_match: OnceLock::new(),
+                etag_value: OnceLock::new(),
+            }),
+        }
+    }
+    pub fn set_compression_method(&self, method: CompressionAlgorithm) {
+        self.inner.compression_method.set(method).unwrap();
+    }
+    pub fn set_origin(&self, origin: Option<String>) {
+        self.inner.origin.set(origin).unwrap();
+    }
+    pub fn set_if_none_match(&self, value: Option<String>) {
+        self.inner.if_none_match.set(value).unwrap();
+    }
+    pub fn get_if_none_match(&self) -> Option<String> {
+        self.inner.if_none_match.get().cloned().flatten()
+    }
+    pub fn request_id(&self) -> String {
+        self.inner.request_id.to_string()
+    }
+    pub fn track_start_time(&self) {
+        self.inner
+            .request_start_time
+            .get_or_init(chrono::Local::now);
+    }
+    pub fn start_time(&self) -> Option<chrono::DateTime<Local>> {
+        self.inner.request_start_time.get().cloned()
+    }
+    pub fn get_response_time(&self) -> Option<chrono::TimeDelta> {
+        self.inner
+            .request_start_time
+            .get()
+            .map(|instant| Local::now() - instant)
+    }
+}
+impl Service<HttpRequest> for ItsiService {
+    type Response = HttpResponse;
+    type Error = ItsiError;
+    type Future = Pin<Box<dyn Future<Output = itsi_error::Result<HttpResponse>> + Send>>;
+    // This is called once per incoming Request.
+    fn call(&self, req: HttpRequest) -> Self::Future {
+        let params = self.server_params.clone();
+        let self_clone = self.clone();
+        Box::pin(async move {
+            let mut req = req;
+            let mut resp: Option<HttpResponse> = None;
+            let (stack, matching_pattern) = params.middleware.get().unwrap().stack_for(&req);
+            let mut context = RequestContext::new(self_clone, matching_pattern);
+            let mut depth = 0;
+            for (index, elm) in stack.iter().enumerate() {
+                match elm.before(req, &mut context).await {
+                    Ok(Either::Left(r)) => req = r,
+                    Ok(Either::Right(r)) => {
+                        resp = Some(r);
+                        depth = index;
+                        break;
+                    }
+                    Err(e) => return Err(e.into()),
+                }
+            }
+            let mut resp = match resp {
+                Some(r) => r,
+                None => {
+                    return Err(ItsiError::InternalServerError(
+                        "No response returned from middleware stack".to_string(),
+                    ))
+                }
+            };
+            for elm in stack.iter().rev().skip(stack.len() - depth - 1) {
+                resp = elm.after(resp, &mut context).await;
+            }
+            Ok(resp)
+        })
+    }
+}

data/crates/itsi_server/src/server/lifecycle_event.rs CHANGED Viewed

@@ -3,7 +3,10 @@ pub enum LifecycleEvent {
     Start,
     Shutdown,
     Restart,
+    Reload,
     IncreaseWorkers,
     DecreaseWorkers,
     ForceShutdown,
+    PrintInfo,
+    ChildTerminated,
 }

data/crates/itsi_server/src/server/listener.rs CHANGED Viewed

@@ -6,7 +6,9 @@ use super::tls::ItsiTlsAcceptor;
 use itsi_error::{ItsiError, Result};
 use itsi_tracing::info;
 use socket2::{Domain, Protocol, Socket, Type};
+use std::fmt::Display;
 use std::net::{IpAddr, SocketAddr, TcpListener};
+use std::os::fd::{AsRawFd, FromRawFd, RawFd};
 use std::sync::Arc;
 use std::{os::unix::net::UnixListener, path::PathBuf};
 use tokio::net::TcpListener as TokioTcpListener;
@@ -241,26 +243,104 @@ impl std::fmt::Display for SockAddr {
         }
     }
 }
+impl Display for Listener {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        match self {
+            Listener::Tcp(listener) | Listener::TcpTls((listener, _)) => write!(
+                f,
+                "{}",
+                listener
+                    .local_addr()
+                    .map(|addr| addr.to_string())
+                    .unwrap_or_else(|_| "".to_string())
+            ),
+            Listener::Unix(listener) | Listener::UnixTls((listener, _)) => write!(
+                f,
+                "{}",
+                listener
+                    .local_addr()
+                    .map(|addr| addr
+                        .as_pathname()
+                        .map(|path| path.to_str().unwrap_or("").to_owned())
+                        .unwrap_or_default())
+                    .unwrap_or_else(|_| "".to_string())
+            ),
+        }
+    }
+}
 impl Listener {
-    pub fn to_tokio_listener(&self) -> TokioListener {
+    pub fn into_tokio_listener(self) -> TokioListener {
         match self {
-            Listener::Tcp(listener) => TokioListener::Tcp(
-                TokioTcpListener::from_std(TcpListener::try_clone(listener).unwrap()).unwrap(),
-            ),
+            Listener::Tcp(listener) => {
+                TokioListener::Tcp(TokioTcpListener::from_std(listener).unwrap())
+            }
             Listener::TcpTls((listener, acceptor)) => TokioListener::TcpTls(
-                TokioTcpListener::from_std(TcpListener::try_clone(listener).unwrap()).unwrap(),
+                TokioTcpListener::from_std(listener).unwrap(),
                 acceptor.clone(),
             ),
-            Listener::Unix(listener) => TokioListener::Unix(
-                TokioUnixListener::from_std(UnixListener::try_clone(listener).unwrap()).unwrap(),
-            ),
+            Listener::Unix(listener) => {
+                TokioListener::Unix(TokioUnixListener::from_std(listener).unwrap())
+            }
             Listener::UnixTls((listener, acceptor)) => TokioListener::UnixTls(
-                TokioUnixListener::from_std(UnixListener::try_clone(listener).unwrap()).unwrap(),
+                TokioUnixListener::from_std(listener).unwrap(),
                 acceptor.clone(),
             ),
         }
     }
+    /// Handover information when using exec to hand over the listener to a replacement process.
+    pub fn handover(&self) -> Result<(String, i32)> {
+        match self {
+            Listener::Tcp(listener) => {
+                let addr = listener.local_addr()?;
+                Ok((
+                    format!("tcp://{}:{}", addr.ip().to_canonical(), addr.port()),
+                    listener.as_raw_fd(),
+                ))
+            }
+            Listener::TcpTls((listener, _)) => {
+                let addr = listener.local_addr()?;
+                Ok((
+                    format!("tcp://{}:{}", addr.ip().to_canonical(), addr.port()),
+                    listener.as_raw_fd(),
+                ))
+            }
+            Listener::Unix(listener) => {
+                let addr = listener.local_addr()?;
+                Ok((
+                    format!("unix://{}", addr.as_pathname().unwrap().to_str().unwrap()),
+                    listener.as_raw_fd(),
+                ))
+            }
+            Listener::UnixTls((listener, _)) => {
+                let addr = listener.local_addr()?;
+                Ok((
+                    format!("unix://{}", addr.as_pathname().unwrap().to_str().unwrap()),
+                    listener.as_raw_fd(),
+                ))
+            }
+        }
+    }
+    pub fn inherit_fd(bind: Bind, fd: RawFd) -> Result<Self> {
+        let bound = match bind.address {
+            BindAddress::Ip(_) => match bind.protocol {
+                BindProtocol::Http => Listener::Tcp(revive_tcp_socket(fd)?),
+                BindProtocol::Https => {
+                    let tcp_listener = revive_tcp_socket(fd)?;
+                    Listener::TcpTls((tcp_listener, bind.tls_config.unwrap()))
+                }
+                _ => unreachable!(),
+            },
+            BindAddress::UnixSocket(_) => match bind.tls_config {
+                Some(tls_config) => Listener::UnixTls((revive_unix_socket(fd)?, tls_config)),
+                None => Listener::Unix(revive_unix_socket(fd)?),
+            },
+        };
+        Ok(bound)
+    }
 }
 impl TryFrom<Bind> for Listener {
@@ -285,6 +365,27 @@ impl TryFrom<Bind> for Listener {
     }
 }
+fn revive_tcp_socket(fd: RawFd) -> Result<TcpListener> {
+    let socket = unsafe { Socket::from_raw_fd(fd) };
+    socket.set_reuse_port(true).ok();
+    socket.set_reuse_address(true).ok();
+    socket.set_nonblocking(true).ok();
+    socket.set_nodelay(true).ok();
+    socket.set_recv_buffer_size(262_144).ok();
+    socket.set_cloexec(true)?;
+    socket.listen(1024)?;
+    Ok(socket.into())
+}
+fn revive_unix_socket(fd: RawFd) -> Result<UnixListener> {
+    let socket = unsafe { Socket::from_raw_fd(fd) };
+    socket.set_nonblocking(true).ok();
+    socket.listen(1024)?;
+    socket.set_cloexec(true)?;
+    Ok(socket.into())
+}
 fn connect_tcp_socket(addr: IpAddr, port: u16) -> Result<TcpListener> {
     let domain = match addr {
         IpAddr::V4(_) => Domain::IPV4,
@@ -297,7 +398,7 @@ fn connect_tcp_socket(addr: IpAddr, port: u16) -> Result<TcpListener> {
     socket.set_nonblocking(true).ok();
     socket.set_nodelay(true).ok();
     socket.set_recv_buffer_size(262_144).ok();
-    info!("Binding to {:?}", socket_address);
+    socket.set_only_v6(false).ok();
     socket.bind(&socket_address.into())?;
     socket.listen(1024)?;
     Ok(socket.into())
@@ -310,7 +411,6 @@ fn connect_unix_socket(path: &PathBuf) -> Result<UnixListener> {
     let socket_address = socket2::SockAddr::unix(path)?;
-    info!("Binding to {:?}", path);
     socket.bind(&socket_address)?;
     socket.listen(1024)?;

data/crates/itsi_server/src/server/middleware_stack/middleware.rs ADDED Viewed

@@ -0,0 +1,153 @@
+use super::middlewares::*;
+use crate::server::{
+    itsi_service::RequestContext,
+    types::{HttpRequest, HttpResponse},
+};
+use async_trait::async_trait;
+use either::Either;
+use magnus::error::Result;
+use std::cmp::Ordering;
+#[derive(Debug)]
+pub enum Middleware {
+    AllowList(AllowList),
+    AuthAPIKey(AuthAPIKey),
+    AuthBasic(AuthBasic),
+    AuthJwt(Box<AuthJwt>),
+    CacheControl(CacheControl),
+    Compression(Compression),
+    Cors(Box<Cors>),
+    DenyList(DenyList),
+    ETag(ETag),
+    IntrusionProtection(IntrusionProtection),
+    LogRequests(LogRequests),
+    Proxy(Proxy),
+    RateLimit(RateLimit),
+    Redirect(Redirect),
+    RequestHeaders(RequestHeaders),
+    ResponseHeaders(ResponseHeaders),
+    RubyApp(RubyApp),
+    StaticAssets(StaticAssets),
+}
+#[async_trait]
+impl MiddlewareLayer for Middleware {
+    /// Called just once, to initialize the middleware state.
+    async fn initialize(&self) -> Result<()> {
+        match self {
+            Middleware::DenyList(filter) => filter.initialize().await,
+            Middleware::AllowList(filter) => filter.initialize().await,
+            Middleware::AuthBasic(filter) => filter.initialize().await,
+            Middleware::AuthJwt(filter) => filter.initialize().await,
+            Middleware::AuthAPIKey(filter) => filter.initialize().await,
+            Middleware::IntrusionProtection(filter) => filter.initialize().await,
+            Middleware::RateLimit(filter) => filter.initialize().await,
+            Middleware::RequestHeaders(filter) => filter.initialize().await,
+            Middleware::ResponseHeaders(filter) => filter.initialize().await,
+            Middleware::CacheControl(filter) => filter.initialize().await,
+            Middleware::Cors(filter) => filter.initialize().await,
+            Middleware::ETag(filter) => filter.initialize().await,
+            Middleware::StaticAssets(filter) => filter.initialize().await,
+            Middleware::Compression(filter) => filter.initialize().await,
+            Middleware::LogRequests(filter) => filter.initialize().await,
+            Middleware::Redirect(filter) => filter.initialize().await,
+            Middleware::Proxy(filter) => filter.initialize().await,
+            Middleware::RubyApp(filter) => filter.initialize().await,
+        }
+    }
+    async fn before(
+        &self,
+        req: HttpRequest,
+        context: &mut RequestContext,
+    ) -> Result<Either<HttpRequest, HttpResponse>> {
+        match self {
+            Middleware::DenyList(filter) => filter.before(req, context).await,
+            Middleware::AllowList(filter) => filter.before(req, context).await,
+            Middleware::AuthBasic(filter) => filter.before(req, context).await,
+            Middleware::AuthJwt(filter) => filter.before(req, context).await,
+            Middleware::AuthAPIKey(filter) => filter.before(req, context).await,
+            Middleware::IntrusionProtection(filter) => filter.before(req, context).await,
+            Middleware::RequestHeaders(filter) => filter.before(req, context).await,
+            Middleware::ResponseHeaders(filter) => filter.before(req, context).await,
+            Middleware::RateLimit(filter) => filter.before(req, context).await,
+            Middleware::CacheControl(filter) => filter.before(req, context).await,
+            Middleware::Cors(filter) => filter.before(req, context).await,
+            Middleware::ETag(filter) => filter.before(req, context).await,
+            Middleware::StaticAssets(filter) => filter.before(req, context).await,
+            Middleware::Compression(filter) => filter.before(req, context).await,
+            Middleware::LogRequests(filter) => filter.before(req, context).await,
+            Middleware::Redirect(filter) => filter.before(req, context).await,
+            Middleware::Proxy(filter) => filter.before(req, context).await,
+            Middleware::RubyApp(filter) => filter.before(req, context).await,
+        }
+    }
+    async fn after(&self, res: HttpResponse, context: &mut RequestContext) -> HttpResponse {
+        match self {
+            Middleware::DenyList(filter) => filter.after(res, context).await,
+            Middleware::AllowList(filter) => filter.after(res, context).await,
+            Middleware::AuthBasic(filter) => filter.after(res, context).await,
+            Middleware::AuthJwt(filter) => filter.after(res, context).await,
+            Middleware::AuthAPIKey(filter) => filter.after(res, context).await,
+            Middleware::IntrusionProtection(filter) => filter.after(res, context).await,
+            Middleware::RateLimit(filter) => filter.after(res, context).await,
+            Middleware::RequestHeaders(filter) => filter.after(res, context).await,
+            Middleware::ResponseHeaders(filter) => filter.after(res, context).await,
+            Middleware::CacheControl(filter) => filter.after(res, context).await,
+            Middleware::Cors(filter) => filter.after(res, context).await,
+            Middleware::ETag(filter) => filter.after(res, context).await,
+            Middleware::StaticAssets(filter) => filter.after(res, context).await,
+            Middleware::Compression(filter) => filter.after(res, context).await,
+            Middleware::LogRequests(filter) => filter.after(res, context).await,
+            Middleware::Redirect(filter) => filter.after(res, context).await,
+            Middleware::Proxy(filter) => filter.after(res, context).await,
+            Middleware::RubyApp(filter) => filter.after(res, context).await,
+        }
+    }
+}
+impl Middleware {
+    fn variant_order(&self) -> usize {
+        match self {
+            Middleware::DenyList(_) => 0,
+            Middleware::AllowList(_) => 1,
+            Middleware::IntrusionProtection(_) => 2,
+            Middleware::Redirect(_) => 3,
+            Middleware::LogRequests(_) => 4,
+            Middleware::CacheControl(_) => 5,
+            Middleware::RequestHeaders(_) => 6,
+            Middleware::ResponseHeaders(_) => 7,
+            Middleware::AuthBasic(_) => 8,
+            Middleware::AuthJwt(_) => 9,
+            Middleware::AuthAPIKey(_) => 10,
+            Middleware::RateLimit(_) => 11,
+            Middleware::ETag(_) => 12,
+            Middleware::Compression(_) => 13,
+            Middleware::Proxy(_) => 14,
+            Middleware::Cors(_) => 15,
+            Middleware::StaticAssets(_) => 16,
+            Middleware::RubyApp(_) => 17,
+        }
+    }
+}
+impl PartialEq for Middleware {
+    fn eq(&self, other: &Self) -> bool {
+        self.variant_order() == other.variant_order()
+    }
+}
+impl Eq for Middleware {}
+impl PartialOrd for Middleware {
+    fn partial_cmp(&self, other: &Self) -> Option<Ordering> {
+        Some(self.variant_order().cmp(&other.variant_order()))
+    }
+}
+impl Ord for Middleware {
+    fn cmp(&self, other: &Self) -> Ordering {
+        self.variant_order().cmp(&other.variant_order())
+    }
+}

data/crates/itsi_server/src/server/middleware_stack/middlewares/allow_list.rs ADDED Viewed

@@ -0,0 +1,47 @@
+use super::{ErrorResponse, FromValue, MiddlewareLayer};
+use crate::server::{
+    itsi_service::RequestContext,
+    types::{HttpRequest, HttpResponse},
+};
+use async_trait::async_trait;
+use either::Either;
+use itsi_error::ItsiError;
+use magnus::error::Result;
+use regex::RegexSet;
+use serde::Deserialize;
+use std::sync::OnceLock;
+#[derive(Debug, Clone, Deserialize)]
+pub struct AllowList {
+    #[serde(skip_deserializing)]
+    pub allowed_ips: OnceLock<RegexSet>,
+    pub allowed_patterns: Vec<String>,
+    pub error_response: ErrorResponse,
+}
+#[async_trait]
+impl MiddlewareLayer for AllowList {
+    async fn initialize(&self) -> Result<()> {
+        let allowed_ips = RegexSet::new(&self.allowed_patterns).map_err(ItsiError::default)?;
+        self.allowed_ips
+            .set(allowed_ips)
+            .map_err(|e| ItsiError::default(format!("Failed to set allowed IPs: {:?}", e)))?;
+        Ok(())
+    }
+    async fn before(
+        &self,
+        req: HttpRequest,
+        context: &mut RequestContext,
+    ) -> Result<Either<HttpRequest, HttpResponse>> {
+        if let Some(allowed_ips) = self.allowed_ips.get() {
+            if !allowed_ips.is_match(&context.addr) {
+                return Ok(Either::Right(
+                    self.error_response.to_http_response(&req).await,
+                ));
+            }
+        }
+        Ok(Either::Left(req))
+    }
+}
+impl FromValue for AllowList {}

data/crates/itsi_server/src/server/middleware_stack/middlewares/auth_api_key.rs ADDED Viewed

@@ -0,0 +1,58 @@
+use crate::server::{
+    itsi_service::RequestContext,
+    types::{HttpRequest, HttpResponse, RequestExt},
+};
+use super::{error_response::ErrorResponse, token_source::TokenSource, FromValue, MiddlewareLayer};
+use async_trait::async_trait;
+use either::Either;
+use magnus::error::Result;
+use serde::Deserialize;
+/// A simple API key filter.
+/// The API key can be given inside the header or a query string
+/// Keys are validated against a list of allowed key values (Changing these requires a restart)
+///
+#[derive(Debug, Clone, Deserialize)]
+pub struct AuthAPIKey {
+    pub valid_keys: Vec<String>,
+    pub token_source: TokenSource,
+    pub error_response: ErrorResponse,
+}
+#[async_trait]
+impl MiddlewareLayer for AuthAPIKey {
+    async fn before(
+        &self,
+        req: HttpRequest,
+        _context: &mut RequestContext,
+    ) -> Result<Either<HttpRequest, HttpResponse>> {
+        let submitted_value = match &self.token_source {
+            TokenSource::Header { name, prefix } => {
+                if let Some(header) = req.header(name) {
+                    if let Some(prefix) = prefix {
+                        Some(header.strip_prefix(prefix).unwrap_or("").trim_ascii())
+                    } else {
+                        Some(header.trim_ascii())
+                    }
+                } else {
+                    None
+                }
+            }
+            TokenSource::Query(query_name) => req.query_param(query_name),
+        };
+        if !self
+            .valid_keys
+            .iter()
+            .any(|key| submitted_value.is_some_and(|sv| sv == key))
+        {
+            Ok(Either::Right(
+                self.error_response.to_http_response(&req).await,
+            ))
+        } else {
+            Ok(Either::Left(req))
+        }
+    }
+}
+impl FromValue for AuthAPIKey {}

data/crates/itsi_server/src/server/middleware_stack/middlewares/auth_basic.rs ADDED Viewed

@@ -0,0 +1,82 @@
+use async_trait::async_trait;
+use base64::{engine::general_purpose, Engine};
+use bytes::Bytes;
+use either::Either;
+use http::{Response, StatusCode};
+use http_body_util::{combinators::BoxBody, Full};
+use magnus::error::Result;
+use serde::{Deserialize, Serialize};
+use std::collections::HashMap;
+use std::str;
+use crate::server::{
+    itsi_service::RequestContext,
+    types::{HttpRequest, HttpResponse, RequestExt},
+};
+use super::{FromValue, MiddlewareLayer};
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct AuthBasic {
+    pub realm: String,
+    /// Maps usernames to passwords.
+    pub credential_pairs: HashMap<String, String>,
+}
+impl AuthBasic {
+    fn basic_auth_failed_response(&self) -> HttpResponse {
+        Response::builder()
+            .status(StatusCode::UNAUTHORIZED)
+            .header(
+                "WWW-Authenticate",
+                format!("Basic realm=\"{}\"", self.realm),
+            )
+            .body(BoxBody::new(Full::new(Bytes::from("Unauthorized"))))
+            .unwrap()
+    }
+}
+#[async_trait]
+impl MiddlewareLayer for AuthBasic {
+    async fn before(
+        &self,
+        req: HttpRequest,
+        _context: &mut RequestContext,
+    ) -> Result<Either<HttpRequest, HttpResponse>> {
+        // Retrieve the Authorization header.
+        let auth_header = req.header("Authorization");
+        if !auth_header.is_some_and(|header| header.starts_with("Basic ")) {
+            return Ok(Either::Right(self.basic_auth_failed_response()));
+        }
+        let auth_header = auth_header.unwrap();
+        let encoded_credentials = &auth_header["Basic ".len()..];
+        let decoded = match general_purpose::STANDARD.decode(encoded_credentials) {
+            Ok(bytes) => bytes,
+            Err(_) => {
+                return Ok(Either::Right(self.basic_auth_failed_response()));
+            }
+        };
+        let decoded_str = match str::from_utf8(&decoded) {
+            Ok(s) => s,
+            Err(_) => {
+                return Ok(Either::Right(self.basic_auth_failed_response()));
+            }
+        };
+        let mut parts = decoded_str.splitn(2, ':');
+        let username = parts.next().unwrap_or("");
+        let password = parts.next().unwrap_or("");
+        match self.credential_pairs.get(username) {
+            Some(expected_password) if expected_password == password => Ok(Either::Left(req)),
+            _ => {
+                return Ok(Either::Right(self.basic_auth_failed_response()));
+            }
+        }
+    }
+}
+impl FromValue for AuthBasic {}