add tls support

This commit is contained in:
Emmanuel Garette 2022-10-15 17:21:04 +02:00
parent d679ae2cd2
commit 83c90486d1
5 changed files with 112 additions and 9 deletions

View file

@ -1,5 +0,0 @@
IPINFO_TOKEN=<your ipinfo token>
SERVER_LATITUDE=1
SERVER_LONGITUDE=1
ROCKET_PORT=8000
ROCKET_ADDRESS=0.0.0.0

94
Cargo.lock generated
View file

@ -1356,7 +1356,7 @@ dependencies = [
"httparse",
"log",
"mime",
"spin",
"spin 0.9.2",
"tokio 1.19.2",
"tokio-util 0.6.8",
"twoway",
@ -1891,6 +1891,21 @@ dependencies = [
"winreg",
]
[[package]]
name = "ring"
version = "0.16.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc"
dependencies = [
"cc",
"libc",
"once_cell",
"spin 0.5.2",
"untrusted",
"web-sys",
"winapi 0.3.9",
]
[[package]]
name = "rocket"
version = "0.5.0-rc.2"
@ -1973,12 +1988,15 @@ dependencies = [
"percent-encoding 2.1.0",
"pin-project-lite",
"ref-cast",
"rustls",
"rustls-pemfile",
"serde",
"smallvec 1.7.0",
"stable-pattern",
"state",
"time 0.3.15",
"tokio 1.19.2",
"tokio-rustls",
"uncased",
]
@ -1997,6 +2015,27 @@ dependencies = [
"semver",
]
[[package]]
name = "rustls"
version = "0.20.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5aab8ee6c7097ed6057f43c187a62418d0c05a4bd5f18b3571db50ee0f9ce033"
dependencies = [
"log",
"ring",
"sct",
"webpki",
]
[[package]]
name = "rustls-pemfile"
version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0864aeff53f8c05aa08d86e5ef839d3dfcf07aeba2db32f12db0ef716e87bd55"
dependencies = [
"base64 0.13.0",
]
[[package]]
name = "rustversion"
version = "1.0.5"
@ -2037,6 +2076,16 @@ version = "1.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9c8132065adcfd6e02db789d9285a0deb2f3fcb04002865ab67d5fb103533898"
[[package]]
name = "sct"
version = "0.7.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4"
dependencies = [
"ring",
"untrusted",
]
[[package]]
name = "security-framework"
version = "2.4.2"
@ -2210,6 +2259,12 @@ dependencies = [
"serde_with",
]
[[package]]
name = "spin"
version = "0.5.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
[[package]]
name = "spin"
version = "0.9.2"
@ -2455,6 +2510,17 @@ dependencies = [
"tokio-sync",
]
[[package]]
name = "tokio-rustls"
version = "0.23.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c43ee83903113e03984cb9e5cebe6c04a5116269e900e3ddba8f068a62adda59"
dependencies = [
"rustls",
"tokio 1.19.2",
"webpki",
]
[[package]]
name = "tokio-stream"
version = "0.1.7"
@ -2689,6 +2755,12 @@ dependencies = [
"subtle",
]
[[package]]
name = "untrusted"
version = "0.7.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
[[package]]
name = "url"
version = "1.7.2"
@ -2820,6 +2892,26 @@ version = "0.2.83"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1c38c045535d93ec4f0b4defec448e4291638ee608530863b1e2ba115d4fff7f"
[[package]]
name = "web-sys"
version = "0.3.60"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bcda906d8be16e728fd5adc5b729afad4e444e106ab28cd1c7256e54fa61510f"
dependencies = [
"js-sys",
"wasm-bindgen",
]
[[package]]
name = "webpki"
version = "0.22.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f095d78192e208183081cc07bc5515ef55216397af48b873e5edcd72637fa1bd"
dependencies = [
"ring",
"untrusted",
]
[[package]]
name = "winapi"
version = "0.2.8"

View file

@ -5,7 +5,7 @@ edition = "2021"
license = "LGPL-3.0+"
[dependencies]
rocket = { version = "0.5.0-rc.2", features = ["json"] }
rocket = { version = "0.5.0-rc.2", features = ["tls", "json"] }
rocket-client-addr = "0.5.2"
rand = { version = "0.8.5" }
regex = "1"

View file

@ -35,6 +35,9 @@ async fn main() -> Result<(), Box<dyn Error>> {
.arg(arg!(-t --ipinfo_token <VALUE>).default_value(""))
.arg(arg!(-l --latitude <VALUE>).value_parser(value_parser!(f64)).default_value("0.0"))
.arg(arg!(-o --longitude <VALUE>).value_parser(value_parser!(f64)).default_value("0.0"))
.arg(arg!(--cert <VALUE>).default_value(""))
.arg(arg!(--key <VALUE>).default_value(""))
.arg(arg!(--ca_cert <VALUE>).default_value(""))
.get_matches();
let routes = routes![get_ip::get_ip, get_backend_ip_php];
@ -63,11 +66,21 @@ async fn main() -> Result<(), Box<dyn Error>> {
ipinfo_token: args.get_one::<String>("ipinfo_token").expect("required").to_string(),
latitude: *args.get_one::<f64>("latitude").expect("required"),
longitude: *args.get_one::<f64>("longitude").expect("required"),
tls_cert: args.get_one::<String>("cert").expect("required").to_string(),
tls_key: args.get_one::<String>("key").expect("required").to_string(),
tls_ca_cert: args.get_one::<String>("ca_cert").expect("required").to_string(),
};
let figment = rocket::Config::figment()
let mut figment = rocket::Config::figment()
.merge(("address", &config.ip))
.merge(("port", &config.port));
if !config.tls_cert.is_empty() && !config.tls_key.is_empty() {
figment = figment.merge(("tls.certs", &config.tls_cert))
.merge(("tls.key", &config.tls_key));
}
if !config.tls_ca_cert.is_empty() {
figment = figment.merge(("tls.mutual.ca_certs", &config.tls_ca_cert))
.merge(("tls.mutual.mandatory", true));
}
let asset_path = std::env::current_dir().unwrap().join(args.get_one::<String>("assets").expect("required"));
rocket::custom(figment).mount("/", routes)
.manage(config)

View file

@ -64,4 +64,7 @@ pub struct Config {
pub ipinfo_token: String,
pub latitude: f64,
pub longitude: f64,
pub tls_cert: String,
pub tls_key: String,
pub tls_ca_cert: String,
}