From 83c90486d1a1ecbf3ebd20f9444c7799059dbd39 Mon Sep 17 00:00:00 2001
From: Emmanuel Garette <egarette@cadoles.com>
Date: Sat, 15 Oct 2022 17:21:04 +0200
Subject: [PATCH] add tls support

---
 .env.example |  5 ---
 Cargo.lock   | 94 +++++++++++++++++++++++++++++++++++++++++++++++++++-
 Cargo.toml   |  2 +-
 src/main.rs  | 17 ++++++++--
 src/util.rs  |  3 ++
 5 files changed, 112 insertions(+), 9 deletions(-)
 delete mode 100644 .env.example

diff --git a/.env.example b/.env.example
deleted file mode 100644
index 4ae302d..0000000
--- a/.env.example
+++ /dev/null
@@ -1,5 +0,0 @@
-IPINFO_TOKEN=<your ipinfo token>
-SERVER_LATITUDE=1
-SERVER_LONGITUDE=1
-ROCKET_PORT=8000
-ROCKET_ADDRESS=0.0.0.0
diff --git a/Cargo.lock b/Cargo.lock
index d1461f6..ab3e8a4 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1356,7 +1356,7 @@ dependencies = [
  "httparse",
  "log",
  "mime",
- "spin",
+ "spin 0.9.2",
  "tokio 1.19.2",
  "tokio-util 0.6.8",
  "twoway",
@@ -1891,6 +1891,21 @@ dependencies = [
  "winreg",
 ]
 
+[[package]]
+name = "ring"
+version = "0.16.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc"
+dependencies = [
+ "cc",
+ "libc",
+ "once_cell",
+ "spin 0.5.2",
+ "untrusted",
+ "web-sys",
+ "winapi 0.3.9",
+]
+
 [[package]]
 name = "rocket"
 version = "0.5.0-rc.2"
@@ -1973,12 +1988,15 @@ dependencies = [
  "percent-encoding 2.1.0",
  "pin-project-lite",
  "ref-cast",
+ "rustls",
+ "rustls-pemfile",
  "serde",
  "smallvec 1.7.0",
  "stable-pattern",
  "state",
  "time 0.3.15",
  "tokio 1.19.2",
+ "tokio-rustls",
  "uncased",
 ]
 
@@ -1997,6 +2015,27 @@ dependencies = [
  "semver",
 ]
 
+[[package]]
+name = "rustls"
+version = "0.20.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5aab8ee6c7097ed6057f43c187a62418d0c05a4bd5f18b3571db50ee0f9ce033"
+dependencies = [
+ "log",
+ "ring",
+ "sct",
+ "webpki",
+]
+
+[[package]]
+name = "rustls-pemfile"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0864aeff53f8c05aa08d86e5ef839d3dfcf07aeba2db32f12db0ef716e87bd55"
+dependencies = [
+ "base64 0.13.0",
+]
+
 [[package]]
 name = "rustversion"
 version = "1.0.5"
@@ -2037,6 +2076,16 @@ version = "1.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9c8132065adcfd6e02db789d9285a0deb2f3fcb04002865ab67d5fb103533898"
 
+[[package]]
+name = "sct"
+version = "0.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
 [[package]]
 name = "security-framework"
 version = "2.4.2"
@@ -2210,6 +2259,12 @@ dependencies = [
  "serde_with",
 ]
 
+[[package]]
+name = "spin"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
+
 [[package]]
 name = "spin"
 version = "0.9.2"
@@ -2455,6 +2510,17 @@ dependencies = [
  "tokio-sync",
 ]
 
+[[package]]
+name = "tokio-rustls"
+version = "0.23.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c43ee83903113e03984cb9e5cebe6c04a5116269e900e3ddba8f068a62adda59"
+dependencies = [
+ "rustls",
+ "tokio 1.19.2",
+ "webpki",
+]
+
 [[package]]
 name = "tokio-stream"
 version = "0.1.7"
@@ -2689,6 +2755,12 @@ dependencies = [
  "subtle",
 ]
 
+[[package]]
+name = "untrusted"
+version = "0.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
+
 [[package]]
 name = "url"
 version = "1.7.2"
@@ -2820,6 +2892,26 @@ version = "0.2.83"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1c38c045535d93ec4f0b4defec448e4291638ee608530863b1e2ba115d4fff7f"
 
+[[package]]
+name = "web-sys"
+version = "0.3.60"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bcda906d8be16e728fd5adc5b729afad4e444e106ab28cd1c7256e54fa61510f"
+dependencies = [
+ "js-sys",
+ "wasm-bindgen",
+]
+
+[[package]]
+name = "webpki"
+version = "0.22.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f095d78192e208183081cc07bc5515ef55216397af48b873e5edcd72637fa1bd"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
 [[package]]
 name = "winapi"
 version = "0.2.8"
diff --git a/Cargo.toml b/Cargo.toml
index 253068a..ce0ad6d 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -5,7 +5,7 @@ edition = "2021"
 license = "LGPL-3.0+"
 
 [dependencies]
-rocket = { version = "0.5.0-rc.2", features = ["json"] }
+rocket = { version = "0.5.0-rc.2", features = ["tls", "json"] }
 rocket-client-addr = "0.5.2"
 rand = { version = "0.8.5" }
 regex = "1"
diff --git a/src/main.rs b/src/main.rs
index d119b73..6c8c8c2 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -35,6 +35,9 @@ async fn main() -> Result<(), Box<dyn Error>> {
         .arg(arg!(-t --ipinfo_token <VALUE>).default_value(""))
         .arg(arg!(-l --latitude <VALUE>).value_parser(value_parser!(f64)).default_value("0.0"))
         .arg(arg!(-o --longitude <VALUE>).value_parser(value_parser!(f64)).default_value("0.0"))
+        .arg(arg!(--cert <VALUE>).default_value(""))
+        .arg(arg!(--key <VALUE>).default_value(""))
+        .arg(arg!(--ca_cert <VALUE>).default_value(""))
         .get_matches();
 
     let routes = routes![get_ip::get_ip, get_backend_ip_php];
@@ -63,11 +66,21 @@ async fn main() -> Result<(), Box<dyn Error>> {
         ipinfo_token: args.get_one::<String>("ipinfo_token").expect("required").to_string(),
         latitude: *args.get_one::<f64>("latitude").expect("required"),
         longitude: *args.get_one::<f64>("longitude").expect("required"),
+        tls_cert: args.get_one::<String>("cert").expect("required").to_string(),
+        tls_key: args.get_one::<String>("key").expect("required").to_string(),
+        tls_ca_cert: args.get_one::<String>("ca_cert").expect("required").to_string(),
     };
-    let figment = rocket::Config::figment()
+    let mut figment = rocket::Config::figment()
         .merge(("address", &config.ip))
         .merge(("port", &config.port));
-
+    if !config.tls_cert.is_empty() && !config.tls_key.is_empty() {
+        figment = figment.merge(("tls.certs", &config.tls_cert))
+                         .merge(("tls.key", &config.tls_key));
+    }
+    if !config.tls_ca_cert.is_empty() {
+        figment = figment.merge(("tls.mutual.ca_certs", &config.tls_ca_cert))
+                         .merge(("tls.mutual.mandatory", true));
+    }
     let asset_path = std::env::current_dir().unwrap().join(args.get_one::<String>("assets").expect("required"));
     rocket::custom(figment).mount("/", routes)
         .manage(config)
diff --git a/src/util.rs b/src/util.rs
index 5ad0136..5265c4f 100644
--- a/src/util.rs
+++ b/src/util.rs
@@ -64,4 +64,7 @@ pub struct Config {
     pub ipinfo_token: String,
     pub latitude: f64,
     pub longitude: f64,
+    pub tls_cert: String,
+    pub tls_key: String,
+    pub tls_ca_cert: String,
 }