Skip to content

Commit

Permalink
build: dependency bump and maintainance (#476)
Browse files Browse the repository at this point in the history
  • Loading branch information
@CBenoit
CBenoit authored Jun 21, 2023
1 parent 9e7b97c commit a0f8abc
Show file tree
Hide file tree
Showing 14 changed files with 2,109 additions and 2,451 deletions.
813 changes: 477 additions & 336 deletions Cargo.lock
View file

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions crates/devolutions-gateway-generators/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,5 @@ publish = false
[dependencies]
devolutions-gateway = { path = "../../devolutions-gateway" }
proptest = "1.2.0"
uuid = "1.3.3"
serde = { version = "1.0.163", features = ["derive"] }
uuid = "1.3.4"
serde = { version = "1.0.164", features = ["derive"] }
2 changes: 1 addition & 1 deletion crates/devolutions-gateway-task/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,5 @@ default = []
named_tasks = ["tokio/tracing"]

[dependencies]
tokio = { version = "1.28.1", features = ["sync", "rt", "tracing"] }
tokio = { version = "1.28.2", features = ["sync", "rt", "tracing"] }
async-trait = "0.1.68"
8 changes: 4 additions & 4 deletions crates/jet-proto/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,21 +8,21 @@ publish = false
[dependencies]
log = "0.4.19"
byteorder = "1.4.3"
uuid = { version = "1.3.3", features = ["v4"] }
uuid = { version = "1.3.4", features = ["v4"] }
httparse = "1.8.0"
http = "0.2.9"

[dev-dependencies]
lazy_static = "1.4.0"
bytes = "1.4.0"
sspi = "0.8.1"
ureq = { version = "2.6.2", features = ["json"] }
ureq = { version = "2.7.1", features = ["json"] }
url = "2.4.0"
x509-parser = "0.15.0"
exitcode = "1.1.2"
tempfile = "3.6.0"
hex-literal = "0.4.1"
tokio-rustls = { version = "0.24", features = ["dangerous_configuration", "tls12"] }
serde = "1.0.163"
serde_derive = "1.0.162"
serde = "1.0.164"
serde_derive = "1.0.164"
serde_json = "1.0.97"
1 change: 1 addition & 0 deletions crates/sogar-registry/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@ edition = "2021"
publish = false

[dependencies]
tempfile = "3.5.0"
2 changes: 1 addition & 1 deletion crates/sogar-registry/src/sogar_auth.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ async fn auth_middleware(

let private_key = config.delegation_private_key.clone();
if let (Some((AuthHeaderType::Bearer, token)), Some(private_key)) = (parse_auth_header(auth_str), private_key) {
let public_key = private_key.to_public_key();
let public_key = private_key.to_public_key().unwrap();
match JwtSig::decode(token, &public_key).and_then(|jwt| jwt.validate::<SogarUser>(&NO_CHECK_VALIDATOR)) {
Ok(jwt) => {
if let Some(permission) = jwt.state.claims.permission {
Expand Down
27 changes: 13 additions & 14 deletions devolutions-gateway/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,8 @@ ceviche = "0.5.2"
picky-krb = "0.6.0"

# Serialization
serde = "1.0.163"
serde_derive = "1.0.162"
serde = "1.0.164"
serde_derive = "1.0.164"
serde_json = "1.0.97"
serde_urlencoded = "0.7.1"
humantime-serde = "1.1.1"
Expand All @@ -41,10 +41,8 @@ lazy_static = "1.4.0"
bytes = "1.4"
cfg-if = "1.0.0"
url = { version = "2.4.0", features = ["serde"] }
tempfile = "3.6.0"
indexmap = "1.9.3"
uuid = { version = "1.3.3", features = ["v4", "serde"] }
chrono = { version = "0.4.25", features = ["serde"] } # TODO: switch to `time`
uuid = { version = "1.3.4", features = ["v4", "serde"] }
chrono = { version = "0.4.26", features = ["serde"] } # TODO: switch to `time`
parking_lot = "0.12.1"
anyhow = "1.0.71"
thiserror = "1"
Expand All @@ -53,11 +51,8 @@ backoff = "0.4.0"

# Security, crypto…
zeroize = { version = "1.6.0", features = ["derive"] }
rust-argon2 = "1.0.0"
picky = { version = "7.0.0-rc.5", default-features = false, features = ["jose", "x509"] }
x509-cert = { version = "0.2.2", features = ["std"] }
sspi = "0.8.1"
multihash = "0.18.1"
picky = { version = "7.0.0-rc.6", default-features = false, features = ["jose", "x509"] }
x509-cert = { version = "0.2.3", features = ["std"] }
multibase = "0.9.1"

# Logging
Expand All @@ -69,17 +64,18 @@ tracing-appender = "0.2.2"
# Async, futures…
tokio = { version = "1.28.2", features = ["signal", "net", "io-util", "time", "rt", "rt-multi-thread", "sync", "macros", "parking_lot", "fs"] }
tokio-rustls = { version = "0.24", features = ["dangerous_configuration", "tls12"] }
reqwest = { version = "0.11.17", features = ["json"] } # TODO: directly use hyper in subscriber module
reqwest = { version = "0.11.18", features = ["json"] } # TODO: directly use hyper in subscriber module
futures = "0.3.28"
async-trait = "0.1.68"
tower = { version = "0.4.13", features = ["timeout"] }
ngrok = "0.12.2"
ngrok = "0.12.3"
windows-sys = { version = "0.45.0", features = ["Win32_Foundation"] } # temporary workaround: https://github.com/ngrok/ngrok-rust/issues/99#issuecomment-1598867386

# HTTP
hyper = "0.14.26"
axum = { version = "0.6.18", default-features = false, features = ["http1", "json", "ws", "query", "tracing", "tower-log", "headers"] }
axum-extra = { version = "0.7.4", features = ["query", "async-read-body"] }
tower-http = { version = "0.4.0", features = ["cors", "fs"] }
tower-http = { version = "0.4.1", features = ["cors", "fs"] }

# OpenAPI generator
utoipa = { version = "3.3.0", default-features = false, features = ["uuid", "chrono"], optional = true }
Expand Down Expand Up @@ -107,3 +103,6 @@ tokio-test = "0.4.2"
proptest = "1.2.0"
rstest = "0.17.0"
devolutions-gateway-generators = { path = "../crates/devolutions-gateway-generators" }

[package.metadata.cargo-machete]
ignored = ["humantime-serde"]
139 changes: 73 additions & 66 deletions devolutions-gateway/src/ngrok.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,48 +10,6 @@ use crate::config::dto::{NgrokConf, NgrokTunnelConf};
use crate::generic_client::GenericClient;
use crate::DgwState;

macro_rules! builder_call_opt {
($builder:ident . $method:ident ( $ngrok_option:expr ) ) => {{
if let Some(option) = $ngrok_option {
$builder.$method(option)
} else {
$builder
}
}};
}

macro_rules! builder_call_vec {
($builder:ident . $method:ident ( $ngrok_option:expr ) ) => {{
let mut builder = $builder;
let mut iter = $ngrok_option;
loop {
builder = match iter.next() {
Some(item) => builder.$method(item),
None => break builder,
};
}
}};
($ngrok_option:expr, $builder:ident . $method:ident ( $( $( & )? $field:ident ),+ ) ) => {{
let mut builder = $builder;
let mut iter = $ngrok_option.iter();
loop {
builder = match iter.next() {
Some(item) => builder.$method($( & item . $field ),+),
None => break builder,
};
}
}};
}

macro_rules! builder_call_flag {
($builder:ident . $method:ident ( $ngrok_option:expr ) ) => {{
match $ngrok_option {
Some(option) if option => $builder.$method(),
_ => $builder,
}
}};
}

#[derive(Clone)]
pub struct NgrokSession {
inner: ngrok::Session,
Expand All @@ -61,11 +19,23 @@ impl NgrokSession {
pub async fn connect(conf: &NgrokConf) -> anyhow::Result<Self> {
info!("Connecting to ngrok service");

let builder = ngrok::Session::builder().authtoken(&conf.authtoken);
let builder = builder_call_opt!(builder.heartbeat_interval(conf.heartbeat_interval));
let builder = builder_call_opt!(builder.heartbeat_tolerance(conf.heartbeat_tolerance));
let builder = builder_call_opt!(builder.metadata(&conf.metadata));
let builder = builder_call_opt!(builder.server_addr(&conf.server_addr));
let mut builder = ngrok::Session::builder().authtoken(&conf.authtoken);

if let Some(heartbeat_interval) = conf.heartbeat_interval {
builder = builder.heartbeat_interval(heartbeat_interval);
}

if let Some(heartbeat_tolerance) = conf.heartbeat_tolerance {
builder = builder.heartbeat_tolerance(heartbeat_tolerance);
}

if let Some(metadata) = &conf.metadata {
builder = builder.metadata(metadata);
}

if let Some(server_addr) = &conf.server_addr {
builder = builder.server_addr(server_addr);
}

// Connect the ngrok session
let session = builder.connect().await.context("connect to ngrok service")?;
Expand All @@ -82,32 +52,69 @@ impl NgrokSession {

match conf {
NgrokTunnelConf::Tcp(tcp_conf) => {
let builder = self.inner.tcp_endpoint().remote_addr(&tcp_conf.remote_addr);
let builder = builder_call_opt!(builder.metadata(&tcp_conf.metadata));
let builder = builder_call_opt!(builder.proxy_proto(tcp_conf.proxy_proto.map(ProxyProto::from)));
let builder = builder_call_vec!(builder.allow_cidr(tcp_conf.allow_cidrs.iter()));
let builder = builder_call_vec!(builder.deny_cidr(tcp_conf.deny_cidrs.iter()));
let mut builder = self.inner.tcp_endpoint().remote_addr(&tcp_conf.remote_addr);

if let Some(metadata) = &tcp_conf.metadata {
builder = builder.metadata(metadata);
}

if let Some(proxy_proto) = tcp_conf.proxy_proto {
builder = builder.proxy_proto(ProxyProto::from(proxy_proto));
}

builder = tcp_conf
.allow_cidrs
.iter()
.fold(builder, |builder, cidr| builder.allow_cidr(cidr));

builder = tcp_conf
.deny_cidrs
.iter()
.fold(builder, |builder, cidr| builder.deny_cidr(cidr));

NgrokTunnel {
name: name.to_owned(),
inner: NgrokTunnelInner::Tcp(builder),
}
}
NgrokTunnelConf::Http(http_conf) => {
let builder = self.inner.http_endpoint().domain(&http_conf.domain);
let builder = builder_call_opt!(builder.metadata(&http_conf.metadata));
let builder = builder_call_vec!(http_conf.basic_auth, builder.basic_auth(username, password));
let builder = builder_call_opt!(builder.circuit_breaker(http_conf.circuit_breaker));
let builder = builder_call_flag!(builder.compression(http_conf.compression));
let builder = builder_call_vec!(builder.allow_cidr(http_conf.allow_cidrs.iter()));
let builder = builder_call_vec!(builder.deny_cidr(http_conf.deny_cidrs.iter()));
let builder = builder_call_opt!(builder.proxy_proto(http_conf.proxy_proto.map(ProxyProto::from)));
let builder = builder_call_vec!(builder.scheme(
http_conf
.schemes
.iter()
.map(|s| Scheme::from_str(s).unwrap_or(Scheme::HTTPS))
));
let mut builder = self.inner.http_endpoint().domain(&http_conf.domain);

if let Some(metadata) = &http_conf.metadata {
builder = builder.metadata(metadata);
}

builder = http_conf.basic_auth.iter().fold(builder, |builder, basic_auth| {
builder.basic_auth(&basic_auth.username, &basic_auth.password)
});

if let Some(circuit_breaker) = http_conf.circuit_breaker {
builder = builder.circuit_breaker(circuit_breaker);
}

if matches!(http_conf.compression, Some(true)) {
builder = builder.compression();
}

builder = http_conf
.allow_cidrs
.iter()
.fold(builder, |builder, cidr| builder.allow_cidr(cidr));

builder = http_conf
.deny_cidrs
.iter()
.fold(builder, |builder, cidr| builder.deny_cidr(cidr));

if let Some(proxy_proto) = http_conf.proxy_proto {
builder = builder.proxy_proto(ProxyProto::from(proxy_proto));
}

builder = http_conf
.schemes
.iter()
.map(|scheme| Scheme::from_str(scheme).unwrap_or(Scheme::HTTPS))
.fold(builder, |builder, scheme| builder.scheme(scheme));

NgrokTunnel {
name: name.to_owned(),
Expand Down
2 changes: 1 addition & 1 deletion devolutions-gateway/tests/dvls_compatibility.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ fn priv_key() -> PrivateKey {

#[fixture]
fn pub_key() -> PublicKey {
priv_key().to_public_key()
priv_key().to_public_key().unwrap()
}

#[fixture]
Expand Down
20 changes: 10 additions & 10 deletions devolutions-gateway/tests/token_security.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -209,8 +209,8 @@ fn revocation_list(
source_ip: IpAddr,
now: i64,
) {
let provisioner_key_pub = provisioner_key.to_public_key();
let delegation_key_pub = delegation_key.to_public_key();
let provisioner_key_pub = provisioner_key.to_public_key().unwrap();
let delegation_key_pub = delegation_key.to_public_key().unwrap();

let test_impl = |items: Vec<RevocableItem>| -> anyhow::Result<()> {
// Make sure all tokens are valid before any revocation
Expand Down Expand Up @@ -317,8 +317,8 @@ fn token_cache(
source_ip_2: IpAddr,
now: i64,
) {
let provisioner_key_pub = provisioner_key.to_public_key();
let delegation_key_pub = delegation_key.to_public_key();
let provisioner_key_pub = provisioner_key.to_public_key().unwrap();
let delegation_key_pub = delegation_key.to_public_key().unwrap();

let test_impl = |same_ip: bool, claims: TokenClaims| -> anyhow::Result<()> {
let token =
Expand Down Expand Up @@ -417,9 +417,9 @@ fn with_scopes(
this_gw_id: Uuid,
now: i64,
) {
let provisioner_key_pub = provisioner_key.to_public_key();
let delegation_key_pub = delegation_key.to_public_key();
let subkey_pub = subkey.to_public_key();
let provisioner_key_pub = provisioner_key.to_public_key().unwrap();
let delegation_key_pub = delegation_key.to_public_key().unwrap();
let subkey_pub = subkey.to_public_key().unwrap();
let subkey_metadata = Subkey {
data: subkey_pub,
kid: subkey_kid.into(),
Expand Down Expand Up @@ -537,9 +537,9 @@ fn with_subkey(
this_gw_id: Uuid,
now: i64,
) {
let provisioner_key_pub = provisioner_key.to_public_key();
let delegation_key_pub = delegation_key.to_public_key();
let subkey_pub = subkey.to_public_key();
let provisioner_key_pub = provisioner_key.to_public_key().unwrap();
let delegation_key_pub = delegation_key.to_public_key().unwrap();
let subkey_pub = subkey.to_public_key().unwrap();
let subkey_metadata = Subkey {
data: subkey_pub,
kid: subkey_kid.into(),
Expand Down
Loading

0 comments on commit a0f8abc

Please sign in to comment.