diff --git a/Cargo.lock b/Cargo.lock index 41f6b27a4..519238c7a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4,9 +4,9 @@ version = 3 [[package]] name = "addr2line" -version = "0.21.0" +version = "0.22.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a30b2e23b9e17a9f90641c7ab1549cd9b44f296d3ccbf309d2863cfe398a0cb" +checksum = "6e4503c46a5c0c7844e948c9a4d6acd9f50cccb4de1c48eb9e291ea17470c678" dependencies = [ "gimli", ] @@ -232,7 +232,7 @@ checksum = "3b43422f69d8ff38f95f1b2bb76517c91589a924d1559a0e935d7c8ce0274c11" dependencies = [ "proc-macro2", "quote", - "syn 2.0.65", + "syn 2.0.66", ] [[package]] @@ -254,7 +254,7 @@ checksum = "16e62a023e7c117e27523144c5d2459f4397fcc3cab0085af8e2224f643a0193" dependencies = [ "proc-macro2", "quote", - "syn 2.0.65", + "syn 2.0.66", ] [[package]] @@ -265,9 +265,15 @@ checksum = "c6fa2087f2753a7da8cc1c0dbfcf89579dd57458e36769de5ac750b4671737ca" dependencies = [ "proc-macro2", "quote", - "syn 2.0.65", + "syn 2.0.66", ] +[[package]] +name = "atomic-waker" +version = "1.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0" + [[package]] name = "authenticator-ctap2-2021" version = "0.3.2-dev.1" @@ -309,15 +315,43 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3b829e4e32b91e643de6eafe82b1d90675f5874230191a4ffbc1b336dec4d6bf" dependencies = [ "async-trait", - "axum-core", - "axum-macros", + "axum-core 0.3.4", "bitflags 1.3.2", "bytes", "futures-util", - "headers", - "http", - "http-body", - "hyper", + "http 0.2.12", + "http-body 0.4.6", + "hyper 0.14.28", + "itoa", + "matchit", + "memchr", + "mime", + "percent-encoding", + "pin-project-lite", + "rustversion", + "serde", + "sync_wrapper 0.1.2", + "tower", + "tower-layer", + "tower-service", +] + +[[package]] +name = "axum" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3a6c9af12842a67734c9a2e355436e5d03b22383ed60cf13cd0c18fbfe3dcbcf" +dependencies = [ + "async-trait", + "axum-core 0.4.3", + "axum-macros", + "bytes", + "futures-util", + "http 1.1.0", + "http-body 1.0.0", + "http-body-util", + "hyper 1.3.1", + "hyper-util", "itoa", "matchit", "memchr", @@ -330,7 +364,7 @@ dependencies = [ "serde_json", "serde_path_to_error", "serde_urlencoded", - "sync_wrapper", + "sync_wrapper 1.0.1", "tokio", "tower", "tower-layer", @@ -345,9 +379,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fe42cdd03ddd244e9e2f5ceb7c6e1d6a123db07cdb8570250392459ef635a016" dependencies = [ "async-trait", - "axum-core", + "axum-core 0.3.4", "base64 0.13.1", - "http", + "http 0.2.12", ] [[package]] @@ -359,84 +393,97 @@ dependencies = [ "async-trait", "bytes", "futures-util", - "http", - "http-body", + "http 0.2.12", + "http-body 0.4.6", "mime", "rustversion", "tower-layer", "tower-service", +] + +[[package]] +name = "axum-core" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a15c63fd72d41492dc4f497196f5da1fb04fb7529e631d73630d1b491e47a2e3" +dependencies = [ + "async-trait", + "bytes", + "futures-util", + "http 1.1.0", + "http-body 1.0.0", + "http-body-util", + "mime", + "pin-project-lite", + "rustversion", + "sync_wrapper 0.1.2", + "tower-layer", + "tower-service", "tracing", ] -[[package]] -name = "axum-csp" -version = "0.0.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4faf3873ea8d6828e5705070e10fdf4f61420d22523835a2a140ae4b2e8d2526" -dependencies = [ - "axum", - "http", - "regex", - "tokio", -] - [[package]] name = "axum-extra" -version = "0.7.7" +version = "0.9.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a93e433be9382c737320af3924f7d5fc6f89c155cf2bf88949d8f5126fab283f" +checksum = "0be6ea09c9b96cb5076af0de2e383bd2bc0c18f827cf1967bdd353e0b910d733" dependencies = [ - "axum", - "axum-core", + "axum 0.7.5", + "axum-core 0.4.3", "bytes", - "cookie 0.17.0", + "cookie 0.18.1", "futures-util", - "http", - "http-body", + "http 1.1.0", + "http-body 1.0.0", + "http-body-util", "mime", "pin-project-lite", "serde", - "tokio", "tower", "tower-layer", "tower-service", + "tracing", ] [[package]] name = "axum-macros" -version = "0.3.8" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cdca6a10ecad987bda04e95606ef85a5417dcaac1a78455242d72e031e2b6b62" +checksum = "00c055ee2d014ae5981ce1016374e8213682aa14d9bf40e48ab48b5f3ef20eaa" dependencies = [ "heck 0.4.1", "proc-macro2", "quote", - "syn 2.0.65", + "syn 2.0.66", ] [[package]] name = "axum-server" -version = "0.5.1" +version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "447f28c85900215cc1bea282f32d4a2f22d55c5a300afdfbc661c8d6a632e063" +checksum = "c1ad46c3ec4e12f4a4b6835e173ba21c25e484c9d02b49770bf006ce5367c036" dependencies = [ + "arc-swap", "bytes", "futures-util", - "http", - "http-body", - "hyper", + "http 1.1.0", + "http-body 1.0.0", + "http-body-util", + "hyper 1.3.1", + "hyper-util", "openssl", "pin-project-lite", "tokio", "tokio-openssl", + "tower", "tower-service", ] [[package]] name = "backtrace" -version = "0.3.71" +version = "0.3.72" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26b05800d2e817c8b3b4b54abd461726265fa9789ae34330622f2db9ee696f9d" +checksum = "17c6a35df3749d2e8bb1b7b21a976d82b15548788d2735b9d82f329268f71a11" dependencies = [ "addr2line", "cc", @@ -527,7 +574,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.65", + "syn 2.0.66", "which", ] @@ -550,7 +597,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.65", + "syn 2.0.66", "which", ] @@ -690,9 +737,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "cfg_aliases" -version = "0.1.1" +version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fd16c4719339c4530435d38e511904438d07cce7950afa3718a84ac36c10e89e" +checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724" [[package]] name = "checked_int_cast" @@ -744,9 +791,9 @@ dependencies = [ [[package]] name = "clang-sys" -version = "1.7.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "67523a3b4be3ce1989d607a828d036249522dd9c1c8de7f4dd2dae43a37369d1" +checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" dependencies = [ "glob", "libc", @@ -793,7 +840,7 @@ dependencies = [ "heck 0.5.0", "proc-macro2", "quote", - "syn 2.0.65", + "syn 2.0.66", ] [[package]] @@ -918,6 +965,17 @@ dependencies = [ "version_check", ] +[[package]] +name = "cookie" +version = "0.18.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4ddef33a339a91ea89fb53151bd0a4689cfce27055c291dfa69945475d22c747" +dependencies = [ + "percent-encoding", + "time", + "version_check", +] + [[package]] name = "cookie_store" version = "0.20.0" @@ -1126,7 +1184,7 @@ dependencies = [ "opentelemetry", "opentelemetry_api", "prctl", - "reqwest", + "reqwest 0.12.4", "sd-notify", "serde", "serde_json", @@ -1184,7 +1242,7 @@ dependencies = [ "proc-macro2", "quote", "strsim 0.11.1", - "syn 2.0.65", + "syn 2.0.66", ] [[package]] @@ -1206,7 +1264,7 @@ checksum = "733cabb43482b1a1b53eee8583c2b9e8684d592215ea83efd305dd31bc2f0178" dependencies = [ "darling_core 0.20.9", "quote", - "syn 2.0.65", + "syn 2.0.66", ] [[package]] @@ -1315,16 +1373,7 @@ version = "4.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ca3aa72a6f96ea37bbc5aa912f6788242832f75369bdfdadcb0e38423f100059" dependencies = [ - "dirs-sys 0.3.7", -] - -[[package]] -name = "dirs" -version = "5.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "44c45a9d03d6676652bcb5e724c7e988de1acad23a711b5217ab9cbecbec2225" -dependencies = [ - "dirs-sys 0.4.1", + "dirs-sys", ] [[package]] @@ -1338,18 +1387,6 @@ dependencies = [ "winapi", ] -[[package]] -name = "dirs-sys" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "520f05a5cbd335fae5a99ff7a6ab8627577660ee5cfd6a94a6a929b52ff0321c" -dependencies = [ - "libc", - "option-ext", - "redox_users", - "windows-sys 0.48.0", -] - [[package]] name = "displaydoc" version = "0.2.4" @@ -1358,7 +1395,7 @@ checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d" dependencies = [ "proc-macro2", "quote", - "syn 2.0.65", + "syn 2.0.66", ] [[package]] @@ -1417,7 +1454,7 @@ checksum = "a1ab991c1362ac86c61ab6f556cff143daa22e5a15e4e189df818b2fd19fe65b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.65", + "syn 2.0.66", ] [[package]] @@ -1437,7 +1474,7 @@ checksum = "5c785274071b1b420972453b306eeca06acf4633829db4223b58a2a8c5953bc4" dependencies = [ "proc-macro2", "quote", - "syn 2.0.65", + "syn 2.0.66", ] [[package]] @@ -1509,9 +1546,9 @@ dependencies = [ "cookie 0.16.2", "futures-core", "futures-util", - "http", - "hyper", - "hyper-tls", + "http 0.2.12", + "hyper 0.14.28", + "hyper-tls 0.5.0", "mime", "serde", "serde_json", @@ -1712,7 +1749,7 @@ checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac" dependencies = [ "proc-macro2", "quote", - "syn 2.0.65", + "syn 2.0.66", ] [[package]] @@ -1790,9 +1827,9 @@ dependencies = [ [[package]] name = "gimli" -version = "0.28.1" +version = "0.29.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4271d37baee1b8c7e4b708028c57d816cf9d2434acb33a549475f78c181f6253" +checksum = "40ecd4077b5ae9fd2e9e169b102c6c330d0605168eb0e8bf79952b256dbefffd" [[package]] name = "gix" @@ -1829,7 +1866,7 @@ dependencies = [ "gix-utils", "gix-validate", "once_cell", - "parking_lot 0.12.2", + "parking_lot 0.12.3", "smallvec", "thiserror", "unicode-normalization", @@ -2001,7 +2038,7 @@ checksum = "feb61880816d7ec4f0b20606b498147d480860ddd9133ba542628df2f548d3ca" dependencies = [ "gix-hash", "hashbrown 0.14.5", - "parking_lot 0.12.2", + "parking_lot 0.12.3", ] [[package]] @@ -2017,13 +2054,13 @@ dependencies = [ [[package]] name = "gix-macros" -version = "0.1.4" +version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1dff438f14e67e7713ab9332f5fd18c8f20eb7eb249494f6c2bf170522224032" +checksum = "999ce923619f88194171a67fb3e6d613653b8d4d6078b529b15a765da0edcc17" dependencies = [ "proc-macro2", "quote", - "syn 2.0.65", + "syn 2.0.66", ] [[package]] @@ -2059,7 +2096,7 @@ dependencies = [ "gix-pack", "gix-path", "gix-quote", - "parking_lot 0.12.2", + "parking_lot 0.12.3", "tempfile", "thiserror", ] @@ -2079,7 +2116,7 @@ dependencies = [ "gix-path", "gix-tempfile", "memmap2", - "parking_lot 0.12.2", + "parking_lot 0.12.3", "smallvec", "thiserror", ] @@ -2195,7 +2232,7 @@ dependencies = [ "gix-fs", "libc", "once_cell", - "parking_lot 0.12.2", + "parking_lot 0.12.3", "tempfile", ] @@ -2247,9 +2284,9 @@ dependencies = [ [[package]] name = "gix-validate" -version = "0.8.4" +version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e39fc6e06044985eac19dd34d474909e517307582e462b2eb4c8fa51b6241545" +checksum = "82c27dd34a49b1addf193c92070bcbf3beaf6e10f16a78544de6372e146a0acf" dependencies = [ "bstr", "thiserror", @@ -2352,7 +2389,7 @@ dependencies = [ "futures-core", "futures-sink", "gloo-utils 0.1.7", - "http", + "http 0.2.12", "js-sys", "pin-project", "serde", @@ -2464,7 +2501,26 @@ dependencies = [ "futures-core", "futures-sink", "futures-util", - "http", + "http 0.2.12", + "indexmap 2.2.6", + "slab", + "tokio", + "tokio-util", + "tracing", +] + +[[package]] +name = "h2" +version = "0.4.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fa82e28a107a8cc405f0839610bdc9b15f1e25ec7d696aa5cf173edbcb1486ab" +dependencies = [ + "atomic-waker", + "bytes", + "fnv", + "futures-core", + "futures-sink", + "http 1.1.0", "indexmap 2.2.6", "slab", "tokio", @@ -2526,30 +2582,6 @@ dependencies = [ "hashbrown 0.14.5", ] -[[package]] -name = "headers" -version = "0.3.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "06683b93020a07e3dbcf5f8c0f6d40080d725bea7936fc01ad345c01b97dc270" -dependencies = [ - "base64 0.21.7", - "bytes", - "headers-core", - "http", - "httpdate", - "mime", - "sha1", -] - -[[package]] -name = "headers-core" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7f66481bfee273957b1f20485a4ff3362987f85b2c236580d81b4eb7a326429" -dependencies = [ - "http", -] - [[package]] name = "heck" version = "0.4.1" @@ -2600,6 +2632,17 @@ dependencies = [ "itoa", ] +[[package]] +name = "http" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "21b9ddb458710bc376481b842f5da65cdf31522de232c1ca8146abce2a358258" +dependencies = [ + "bytes", + "fnv", + "itoa", +] + [[package]] name = "http-body" version = "0.4.6" @@ -2607,15 +2650,38 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7ceab25649e9960c0311ea418d17bee82c0dcec1bd053b5f9a66e265a693bed2" dependencies = [ "bytes", - "http", + "http 0.2.12", + "pin-project-lite", +] + +[[package]] +name = "http-body" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1cac85db508abc24a2e48553ba12a996e87244a0395ce011e62b37158745d643" +dependencies = [ + "bytes", + "http 1.1.0", +] + +[[package]] +name = "http-body-util" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0475f8b2ac86659c21b64320d5d653f9efe42acd2a4e560073ec61a155a34f1d" +dependencies = [ + "bytes", + "futures-core", + "http 1.1.0", + "http-body 1.0.0", "pin-project-lite", ] [[package]] name = "http-range-header" -version = "0.3.1" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "add0ab9360ddbd88cfeb3bd9574a1d85cfdfa14db10b3e21d3700dbc4328758f" +checksum = "08a397c49fec283e3d6211adbe480be95aae5f304cfb923e9970e08956d5168a" [[package]] name = "httparse" @@ -2639,9 +2705,9 @@ dependencies = [ "futures-channel", "futures-core", "futures-util", - "h2", - "http", - "http-body", + "h2 0.3.26", + "http 0.2.12", + "http-body 0.4.6", "httparse", "httpdate", "itoa", @@ -2653,13 +2719,34 @@ dependencies = [ "want", ] +[[package]] +name = "hyper" +version = "1.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fe575dd17d0862a9a33781c8c4696a55c320909004a67a00fb286ba8b1bc496d" +dependencies = [ + "bytes", + "futures-channel", + "futures-util", + "h2 0.4.5", + "http 1.1.0", + "http-body 1.0.0", + "httparse", + "httpdate", + "itoa", + "pin-project-lite", + "smallvec", + "tokio", + "want", +] + [[package]] name = "hyper-timeout" version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bbb958482e8c7be4bc3cf272a766a2b0bf1a6755e7a6ae777f017a31d11b13b1" dependencies = [ - "hyper", + "hyper 0.14.28", "pin-project-lite", "tokio", "tokio-io-timeout", @@ -2672,12 +2759,48 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d6183ddfa99b85da61a140bea0efc93fdf56ceaa041b37d553518030827f9905" dependencies = [ "bytes", - "hyper", + "hyper 0.14.28", "native-tls", "tokio", "tokio-native-tls", ] +[[package]] +name = "hyper-tls" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "70206fc6890eaca9fde8a0bf71caa2ddfc9fe045ac9e5c70df101a7dbde866e0" +dependencies = [ + "bytes", + "http-body-util", + "hyper 1.3.1", + "hyper-util", + "native-tls", + "tokio", + "tokio-native-tls", + "tower-service", +] + +[[package]] +name = "hyper-util" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7b875924a60b96e5d7b9ae7b066540b1dd1cbd90d1828f54c92e02a283351c56" +dependencies = [ + "bytes", + "futures-channel", + "futures-util", + "http 1.1.0", + "http-body 1.0.0", + "hyper 1.3.1", + "pin-project-lite", + "socket2", + "tokio", + "tower", + "tower-service", + "tracing", +] + [[package]] name = "iana-time-zone" version = "0.1.60" @@ -2916,10 +3039,10 @@ dependencies = [ "memchr", "num-cmp", "once_cell", - "parking_lot 0.12.2", + "parking_lot 0.12.3", "percent-encoding", "regex", - "reqwest", + "reqwest 0.11.27", "serde", "serde_json", "time", @@ -3022,10 +3145,11 @@ name = "kanidm_client" version = "1.3.0-dev" dependencies = [ "compact_jwt 0.4.1", - "hyper", + "http 1.1.0", + "hyper 1.3.1", "kanidm_lib_file_permissions", "kanidm_proto", - "reqwest", + "reqwest 0.12.4", "serde", "serde_json", "time", @@ -3104,7 +3228,7 @@ dependencies = [ "rpassword 7.3.1", "serde", "serde_json", - "shellexpand 2.1.2", + "shellexpand", "sketching", "time", "tokio", @@ -3170,9 +3294,8 @@ name = "kanidmd_core" version = "1.3.0-dev" dependencies = [ "async-trait", - "axum", + "axum 0.7.5", "axum-auth", - "axum-csp", "axum-extra", "axum-macros", "axum-server", @@ -3184,8 +3307,9 @@ dependencies = [ "futures", "futures-util", "hashbrown 0.14.5", - "http", - "hyper", + "http 1.1.0", + "hyper 1.3.1", + "hyper-util", "kanidm_build_profiles", "kanidm_lib_crypto", "kanidm_lib_file_permissions", @@ -3284,7 +3408,7 @@ version = "1.3.0-dev" dependencies = [ "proc-macro2", "quote", - "syn 2.0.65", + "syn 2.0.66", ] [[package]] @@ -3296,8 +3420,8 @@ dependencies = [ "escargot", "fantoccini", "futures", - "http", - "hyper-tls", + "http 1.1.0", + "hyper-tls 0.6.0", "jsonschema", "kanidm_build_profiles", "kanidm_client", @@ -3310,7 +3434,7 @@ dependencies = [ "openssl", "petgraph", "regex", - "reqwest", + "reqwest 0.12.4", "serde", "serde_json", "sketching", @@ -3733,16 +3857,15 @@ dependencies = [ [[package]] name = "multer" -version = "2.1.0" +version = "3.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "01acbdc23469fd8fe07ab135923371d5f5a422fbf9c522158677c8eb15bc51c2" +checksum = "83e87776546dc87511aa5ee218730c92b666d7264ab6ed41f9d215af9cd5224b" dependencies = [ "bytes", "encoding_rs", "futures-util", - "http", + "http 1.1.0", "httparse", - "log", "memchr", "mime", "spin", @@ -3751,11 +3874,10 @@ dependencies = [ [[package]] name = "native-tls" -version = "0.2.11" +version = "0.2.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "07226173c32f2926027b63cce4bcd8076c3552846cbe7925f3aaffeac0a3b92e" +checksum = "a8614eb2c83d59d1c8cc974dd3f920198647674a0a035e1af1fa58707e317466" dependencies = [ - "lazy_static", "libc", "log", "openssl", @@ -3769,9 +3891,9 @@ dependencies = [ [[package]] name = "nix" -version = "0.28.0" +version = "0.29.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ab2156c4fce2f8df6c499cc1c763e4394b7482525bf2a9701c9d79d215f519e4" +checksum = "71e2746dc3a24dd78b3cfcb7be93368c6de9963d30f43a6a73998a9cf4b17b46" dependencies = [ "bitflags 2.5.0", "cfg-if", @@ -3826,7 +3948,7 @@ dependencies = [ "crossbeam-channel", "file-id", "notify", - "parking_lot 0.12.2", + "parking_lot 0.12.3", "walkdir", ] @@ -4007,7 +4129,7 @@ dependencies = [ "base64 0.13.1", "chrono", "getrandom", - "http", + "http 0.2.12", "rand", "serde", "serde_json", @@ -4019,9 +4141,9 @@ dependencies = [ [[package]] name = "object" -version = "0.32.2" +version = "0.35.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a6a622008b6e321afc04970976f62ee297fdbaa6f95318ca343e3eebb9648441" +checksum = "b8ec7ab813848ba4522158d5517a6093db1ded27575b070f4177b8d12b41db5e" dependencies = [ "memchr", ] @@ -4079,7 +4201,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.65", + "syn 2.0.66", ] [[package]] @@ -4118,7 +4240,7 @@ checksum = "c7594ec0e11d8e33faf03530a4c49af7064ebba81c1480e01be67d90b356508b" dependencies = [ "async-trait", "bytes", - "http", + "http 0.2.12", "opentelemetry_api", ] @@ -4130,7 +4252,7 @@ checksum = "7e5e5a5c4135864099f3faafbe939eb4d7f9b80ebf68a8448da961b32a7c1275" dependencies = [ "async-trait", "futures-core", - "http", + "http 0.2.12", "opentelemetry-http", "opentelemetry-proto", "opentelemetry-semantic-conventions", @@ -4203,12 +4325,6 @@ dependencies = [ "tokio-stream", ] -[[package]] -name = "option-ext" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "04744f49eae99ab78e0d5c0b603ab218f515ea8cfe5a456d7629ad883a3b6e7d" - [[package]] name = "orca" version = "1.3.0-dev" @@ -4274,9 +4390,9 @@ dependencies = [ [[package]] name = "parking_lot" -version = "0.12.2" +version = "0.12.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7e4af0ca4f6caed20e900d564c242b8e5d4903fdacf31d3daf527b66fe6f42fb" +checksum = "f1bf18183cf54e8d6059647fc3063646a1801cf30896933ec2311622cc4b9a27" dependencies = [ "lock_api", "parking_lot_core 0.9.10", @@ -4448,7 +4564,7 @@ checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965" dependencies = [ "proc-macro2", "quote", - "syn 2.0.65", + "syn 2.0.66", ] [[package]] @@ -4574,7 +4690,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5f12335488a2f3b0a83b14edad48dca9879ce89b2edd10e80237e4e852dd645e" dependencies = [ "proc-macro2", - "syn 2.0.65", + "syn 2.0.66", ] [[package]] @@ -4619,9 +4735,9 @@ checksum = "dc375e1527247fe1a97d8b7156678dfe7c1af2fc075c9a4db3690ecd2a148068" [[package]] name = "proc-macro2" -version = "1.0.83" +version = "1.0.84" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b33eb56c327dec362a9e55b3ad14f9d2f0904fb5a5b03b513ab5465399e9f43" +checksum = "ec96c6a92621310b51366f1e28d05ef11489516e93be030060e5fc12024a49d6" dependencies = [ "unicode-ident", ] @@ -4857,19 +4973,55 @@ version = "0.11.27" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dd67538700a17451e7cba03ac727fb961abb7607553461627b97de0b89cf4a62" dependencies = [ - "async-compression", "base64 0.21.7", "bytes", - "cookie 0.17.0", - "cookie_store", "encoding_rs", "futures-core", "futures-util", - "h2", - "http", - "http-body", - "hyper", - "hyper-tls", + "h2 0.3.26", + "http 0.2.12", + "http-body 0.4.6", + "hyper 0.14.28", + "ipnet", + "js-sys", + "log", + "mime", + "once_cell", + "percent-encoding", + "pin-project-lite", + "serde", + "serde_json", + "serde_urlencoded", + "sync_wrapper 0.1.2", + "system-configuration", + "tokio", + "tower-service", + "url", + "wasm-bindgen", + "wasm-bindgen-futures", + "web-sys", + "winreg 0.50.0", +] + +[[package]] +name = "reqwest" +version = "0.12.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "566cafdd92868e0939d3fb961bd0dc25fcfaaed179291093b3d43e6b3150ea10" +dependencies = [ + "async-compression", + "base64 0.22.1", + "bytes", + "cookie 0.17.0", + "cookie_store", + "futures-core", + "futures-util", + "http 1.1.0", + "http-body 1.0.0", + "http-body-util", + "hyper 1.3.1", + "hyper-tls 0.6.0", + "hyper-util", "ipnet", "js-sys", "log", @@ -4883,8 +5035,7 @@ dependencies = [ "serde", "serde_json", "serde_urlencoded", - "sync_wrapper", - "system-configuration", + "sync_wrapper 0.1.2", "tokio", "tokio-native-tls", "tokio-util", @@ -4893,7 +5044,7 @@ dependencies = [ "wasm-bindgen", "wasm-bindgen-futures", "web-sys", - "winreg", + "winreg 0.52.0", ] [[package]] @@ -4982,8 +5133,7 @@ dependencies = [ "proc-macro2", "quote", "rust-embed-utils", - "shellexpand 3.1.0", - "syn 2.0.65", + "syn 2.0.66", "walkdir", ] @@ -5033,13 +5183,20 @@ dependencies = [ [[package]] name = "rustls-pemfile" -version = "1.0.4" +version = "2.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c" +checksum = "29993a25686778eb88d4189742cd713c9bce943bc54251a33509dc63cbacf73d" dependencies = [ - "base64 0.21.7", + "base64 0.22.1", + "rustls-pki-types", ] +[[package]] +name = "rustls-pki-types" +version = "1.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "976295e77ce332211c0d24d92c0e83e50f5c5f046d11082cea19f3df13a3562d" + [[package]] name = "rustversion" version = "1.0.17" @@ -5162,9 +5319,9 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.202" +version = "1.0.203" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "226b61a0d411b2ba5ff6d7f73a476ac4f8bb900373459cd00fab8512828ba395" +checksum = "7253ab4de971e72fb7be983802300c30b5a7f0c2e56fab8abfc6a214307c0094" dependencies = [ "serde_derive", ] @@ -5222,13 +5379,13 @@ dependencies = [ [[package]] name = "serde_derive" -version = "1.0.202" +version = "1.0.203" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6048858004bcff69094cd972ed40a32500f153bd3be9f716b2eed2e8217c4838" +checksum = "500cbc0ebeb6f46627f50f3f5811ccf6bf00643be300b4c3eabc0ef55dc5b5ba" dependencies = [ "proc-macro2", "quote", - "syn 2.0.65", + "syn 2.0.66", ] [[package]] @@ -5291,18 +5448,7 @@ dependencies = [ "darling 0.20.9", "proc-macro2", "quote", - "syn 2.0.65", -] - -[[package]] -name = "sha1" -version = "0.10.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba" -dependencies = [ - "cfg-if", - "cpufeatures", - "digest", + "syn 2.0.66", ] [[package]] @@ -5343,16 +5489,7 @@ version = "2.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7ccc8076840c4da029af4f87e4e8daeb0fca6b87bbb02e10cb60b791450e11e4" dependencies = [ - "dirs 4.0.0", -] - -[[package]] -name = "shellexpand" -version = "3.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da03fa3b94cc19e3ebfc88c4229c49d8f08cdbd1228870a45f0ffdf84988e14b" -dependencies = [ - "dirs 5.0.1", + "dirs", ] [[package]] @@ -5522,9 +5659,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.65" +version = "2.0.66" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d2863d96a84c6439701d7a38f9de935ec562c8832cc55d1dde0f513b52fad106" +checksum = "c42f3f41a2de00b01c0aaad383c5a45241efc8b2d1eda5661812fda5f3cdcff5" dependencies = [ "proc-macro2", "quote", @@ -5537,6 +5674,12 @@ version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2047c6ded9c721764247e62cd3b03c09ffc529b2ba5b10ec482ae507a4a70160" +[[package]] +name = "sync_wrapper" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a7065abeca94b6a8a577f9bd45aa0867a2238b74e8eb67cf10d492bc39351394" + [[package]] name = "synstructure" version = "0.12.6" @@ -5600,7 +5743,7 @@ version = "0.1.0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.65", + "syn 2.0.66", ] [[package]] @@ -5620,7 +5763,7 @@ checksum = "46c3384250002a6d5af4d114f2845d37b57521033f30d5c3f46c4d70e1197533" dependencies = [ "proc-macro2", "quote", - "syn 2.0.65", + "syn 2.0.66", ] [[package]] @@ -5727,7 +5870,7 @@ checksum = "5b8a1e28f2deaa14e508979454cb3a223b10b938b45af148bc0986de36f1923b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.65", + "syn 2.0.66", ] [[package]] @@ -5810,15 +5953,15 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3082666a3a6433f7f511c7192923fa1fe07c69332d3c6a2e6bb040b569199d5a" dependencies = [ "async-trait", - "axum", + "axum 0.6.20", "base64 0.21.7", "bytes", "futures-core", "futures-util", - "h2", - "http", - "http-body", - "hyper", + "h2 0.3.26", + "http 0.2.12", + "http-body 0.4.6", + "hyper 0.14.28", "hyper-timeout", "percent-encoding", "pin-project", @@ -5854,17 +5997,18 @@ dependencies = [ [[package]] name = "tower-http" -version = "0.4.4" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61c5bb1d698276a2443e5ecfabc1008bf15a36c12e6a7176e7bf089ea9131140" +checksum = "1e9cd434a998747dd2c4276bc96ee2e0c7a2eadf3cae88e52be55a05fa9053f5" dependencies = [ "async-compression", "bitflags 2.5.0", "bytes", "futures-core", "futures-util", - "http", - "http-body", + "http 1.1.0", + "http-body 1.0.0", + "http-body-util", "http-range-header", "httpdate", "mime", @@ -5911,7 +6055,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.65", + "syn 2.0.66", ] [[package]] @@ -6156,18 +6300,18 @@ dependencies = [ "proc-macro2", "quote", "regex", - "syn 2.0.65", + "syn 2.0.66", "url", "uuid", ] [[package]] name = "utoipa-swagger-ui" -version = "4.0.0" +version = "6.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "154517adf0d0b6e22e8e1f385628f14fcaa3db43531dc74303d3edef89d6dfe5" +checksum = "0b39868d43c011961e04b41623e050aedf2cc93652562ff7935ce0f819aaf2da" dependencies = [ - "axum", + "axum 0.7.5", "mime_guess", "regex", "rust-embed", @@ -6268,7 +6412,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.65", + "syn 2.0.66", "wasm-bindgen-shared", ] @@ -6302,7 +6446,7 @@ checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.65", + "syn 2.0.66", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -6335,7 +6479,7 @@ checksum = "b7f89739351a2e03cb94beb799d47fb2cac01759b40ec441f7de39b00cbf7ef0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.65", + "syn 2.0.66", ] [[package]] @@ -6477,7 +6621,7 @@ dependencies = [ "base64 0.13.1", "bytes", "cookie 0.16.2", - "http", + "http 0.2.12", "log", "serde", "serde_derive", @@ -6771,6 +6915,16 @@ dependencies = [ "windows-sys 0.48.0", ] +[[package]] +name = "winreg" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a277a57398d4bfa075df44f501a17cfdf8542d224f0d36095a2adc7aee4ef0a5" +dependencies = [ + "cfg-if", + "windows-sys 0.48.0", +] + [[package]] name = "x509-parser" version = "0.13.2" @@ -6875,14 +7029,14 @@ checksum = "15e934569e47891f7d9411f1a451d947a60e000ab3bd24fbb970f000387d1b3b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.65", + "syn 2.0.66", ] [[package]] name = "zeroize" -version = "1.7.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" +checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" dependencies = [ "zeroize_derive", ] @@ -6895,7 +7049,7 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.65", + "syn 2.0.66", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index 31bfc338b..5f6f0d1c1 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -89,18 +89,16 @@ serde_with = "3.7.0" argon2 = { version = "0.5.3", features = ["alloc"] } async-recursion = "1.1.0" async-trait = "^0.1.78" -axum = { version = "0.6.20", features = [ +axum = { version = "0.7.5", features = [ "form", - "headers", - "http2", "json", "macros", "multipart", "original-uri", "query", + "tokio", "tracing", ] } -axum-csp = { version = "0.0.5" } base32 = "^0.4.0" base64 = "^0.21.7" base64urlsafedata = "0.5.0" @@ -129,9 +127,10 @@ gloo = "^0.8.1" gloo-utils = "0.2.0" hashbrown = { version = "0.14.3", features = ["serde", "inline-more", "ahash"] } hex = "^0.4.3" -http = "0.2.12" -hyper = { version = "0.14.28", features = ["full"] } -hyper-tls = "0.5.0" +http = "1.1.0" +hyper = { version = "1.3.1", features = ["server", "client"] } +hyper-util = { version = "0.1.5", features = ["server", "tokio"] } +hyper-tls = "0.6.0" idlset = "^0.2.4" image = { version = "0.24.9", default-features = false, features = [ "gif", @@ -181,7 +180,7 @@ quote = "1" rand = "^0.8.5" rand_chacha = "0.3.1" regex = "1.10.3" -reqwest = { version = "0.11.26", default-features = false, features = [ +reqwest = { version = "0.12.4", default-features = false, features = [ "cookies", "json", "gzip", @@ -224,7 +223,7 @@ tracing-forest = "^0.1.6" url = "^2.5.0" urlencoding = "2.1.3" utoipa = "4.2.0" -utoipa-swagger-ui = "4.0.0" +utoipa-swagger-ui = "6.0.0" uuid = "^1.8.0" wasm-bindgen = "^0.2.92" diff --git a/libs/client/Cargo.toml b/libs/client/Cargo.toml index 82fb6de10..71fb600af 100644 --- a/libs/client/Cargo.toml +++ b/libs/client/Cargo.toml @@ -24,6 +24,8 @@ reqwest = { workspace = true, default-features = false, features = [ ] } kanidm_proto = { workspace = true } kanidm_lib_file_permissions = { workspace = true } +http = { workspace = true } +hyper = { workspace = true } serde = { workspace = true, features = ["derive"] } serde_json = { workspace = true } time = { workspace = true, features = ["serde", "std"] } @@ -39,4 +41,4 @@ toml = { workspace = true } uuid = { workspace = true, features = ["serde", "v4"] } url = { workspace = true, features = ["serde"] } webauthn-rs-proto = { workspace = true, features = ["wasm"] } -hyper = { workspace = true } +# hyper = { workspace = true } diff --git a/libs/client/src/lib.rs b/libs/client/src/lib.rs index b18d09db8..0e0f43a8f 100644 --- a/libs/client/src/lib.rs +++ b/libs/client/src/lib.rs @@ -2032,9 +2032,9 @@ impl KanidmClient { #[tokio::test] async fn test_no_client_version_check_on_502() { let res = reqwest::Response::from( - hyper::Response::builder() + http::Response::builder() .status(StatusCode::GATEWAY_TIMEOUT) - .body(hyper::Body::empty()) + .body("") .unwrap(), ); let client = KanidmClientBuilder::new() @@ -2045,9 +2045,9 @@ async fn test_no_client_version_check_on_502() { client.expect_version(&res).await; let res = reqwest::Response::from( - hyper::Response::builder() + http::Response::builder() .status(StatusCode::BAD_GATEWAY) - .body(hyper::Body::empty()) + .body("") .unwrap(), ); let client = KanidmClientBuilder::new() diff --git a/server/core/Cargo.toml b/server/core/Cargo.toml index cc5d281b3..a0821e414 100644 --- a/server/core/Cargo.toml +++ b/server/core/Cargo.toml @@ -19,10 +19,9 @@ doctest = false async-trait = { workspace = true } axum = { workspace = true } axum-auth = "0.4.1" -axum-csp = { workspace = true } -axum-extra = { version = "0.7.7", features = ["cookie"] } -axum-macros = "0.3.8" -axum-server = { version = "0.5.1", features = ["tls-openssl"] } +axum-extra = { version = "0.9.3", features = ["cookie"] } +axum-macros = "0.4.1" +axum-server = { version = "0.6.0", features = ["tls-openssl"] } bytes = { workspace = true } chrono = { workspace = true } compact_jwt = { workspace = true } @@ -33,6 +32,7 @@ futures-util = { workspace = true } hashbrown = { workspace = true } http = { workspace = true } hyper = { workspace = true } +hyper-util = { workspace = true } kanidm_proto = { workspace = true } kanidm_utils_users = { workspace = true } kanidmd_lib = { workspace = true } @@ -53,7 +53,7 @@ tokio-openssl = { workspace = true } tokio-util = { workspace = true, features = ["codec"] } toml = { workspace = true } tower = { version = "0.4.13", features = ["tokio-stream", "tracing"] } -tower-http = { version = "0.4.4", features = [ +tower-http = { version = "0.5.2", features = [ "compression-gzip", "fs", "tokio", diff --git a/server/core/src/https/extractors/mod.rs b/server/core/src/https/extractors/mod.rs index 2ce9d3c09..98bd6cc57 100644 --- a/server/core/src/https/extractors/mod.rs +++ b/server/core/src/https/extractors/mod.rs @@ -5,12 +5,12 @@ use axum::{ http::{ header::HeaderName, header::AUTHORIZATION as AUTHORISATION, request::Parts, StatusCode, }, + serve::IncomingStream, RequestPartsExt, }; use axum_extra::extract::cookie::CookieJar; -use hyper::server::conn::AddrStream; use kanidm_proto::constants::X_FORWARDED_FOR; use kanidm_proto::internal::COOKIE_BEARER_TOKEN; use kanidmd_lib::prelude::{ClientAuthInfo, ClientCertInfo, Source}; @@ -192,8 +192,17 @@ impl Connected for ClientConnInfo { } } -impl<'a> Connected<&'a AddrStream> for ClientConnInfo { - fn connect_info(target: &'a AddrStream) -> Self { +impl Connected for ClientConnInfo { + fn connect_info(addr: SocketAddr) -> Self { + ClientConnInfo { + addr, + client_cert: None, + } + } +} + +impl Connected> for ClientConnInfo { + fn connect_info(target: IncomingStream<'_>) -> Self { ClientConnInfo { addr: target.remote_addr(), client_cert: None, diff --git a/server/core/src/https/middleware/caching.rs b/server/core/src/https/middleware/caching.rs index 7276bc3fb..ee68e5450 100644 --- a/server/core/src/https/middleware/caching.rs +++ b/server/core/src/https/middleware/caching.rs @@ -1,16 +1,16 @@ use axum::{ - headers::{CacheControl, HeaderMapExt}, + body::Body, http::{header, HeaderValue, Request}, middleware::Next, response::Response, }; /// Adds `no-cache max-age=0` to the response headers. -pub async fn dont_cache_me(request: Request, next: Next) -> Response { +pub async fn dont_cache_me(request: Request, next: Next) -> Response { let mut response = next.run(request).await; response.headers_mut().insert( header::CACHE_CONTROL, - HeaderValue::from_static("no-store no-cache max-age=0"), + HeaderValue::from_static("no-store, no-cache, max-age=0"), ); response .headers_mut() @@ -20,13 +20,12 @@ pub async fn dont_cache_me(request: Request, next: Next) -> Response { } /// Adds a cache control header of 300 seconds to the response headers. -pub async fn cache_me(request: Request, next: Next) -> Response { +pub async fn cache_me(request: Request, next: Next) -> Response { let mut response = next.run(request).await; - let cache_header = CacheControl::new() - .with_max_age(std::time::Duration::from_secs(300)) - .with_private(); - - response.headers_mut().typed_insert(cache_header); + response.headers_mut().insert( + header::CACHE_CONTROL, + HeaderValue::from_static("private, max-age=300"), + ); response .headers_mut() .insert(header::PRAGMA, HeaderValue::from_static("no-cache")); diff --git a/server/core/src/https/middleware/compression.rs b/server/core/src/https/middleware/compression.rs index 60c1a91d2..96eb57b19 100644 --- a/server/core/src/https/middleware/compression.rs +++ b/server/core/src/https/middleware/compression.rs @@ -20,6 +20,7 @@ //! use tower_http::compression::CompressionLayer; + // TODO: this should skip compression on responses smaller than ~256 bytes because gzip can make them bigger. /// This builds a compression layer with the following configuration: /// diff --git a/server/core/src/https/middleware/hsts_header.rs b/server/core/src/https/middleware/hsts_header.rs index 0981ee867..9dc40f173 100644 --- a/server/core/src/https/middleware/hsts_header.rs +++ b/server/core/src/https/middleware/hsts_header.rs @@ -1,10 +1,13 @@ -use axum::http::{header, HeaderValue, Request}; -use axum::middleware::Next; -use axum::response::Response; +use axum::{ + body::Body, + http::{header, HeaderValue, Request}, + middleware::Next, + response::Response, +}; const HSTS_HEADER: &str = "max-age=86400"; -pub async fn strict_transport_security_layer(request: Request, next: Next) -> Response { +pub async fn strict_transport_security_layer(request: Request, next: Next) -> Response { // wait for the middleware to come back let mut response = next.run(request).await; diff --git a/server/core/src/https/middleware/mod.rs b/server/core/src/https/middleware/mod.rs index 5448bad45..8756c56fe 100644 --- a/server/core/src/https/middleware/mod.rs +++ b/server/core/src/https/middleware/mod.rs @@ -1,4 +1,5 @@ use axum::{ + body::Body, http::{HeaderValue, Request}, middleware::Next, response::Response, @@ -15,7 +16,7 @@ pub(crate) mod security_headers; const KANIDM_VERSION: &str = env!("CARGO_PKG_VERSION"); /// Injects a header into the response with "X-KANIDM-VERSION" matching the version of the package. -pub async fn version_middleware(request: Request, next: Next) -> Response { +pub async fn version_middleware(request: Request, next: Next) -> Response { let mut response = next.run(request).await; response .headers_mut() @@ -26,7 +27,7 @@ pub async fn version_middleware(request: Request, next: Next) -> Respon #[cfg(any(test, debug_assertions))] /// This is a debug middleware to ensure that /v1/ endpoints only return JSON #[instrument(level = "trace", name = "are_we_json_yet", skip_all)] -pub async fn are_we_json_yet(request: Request, next: Next) -> Response { +pub async fn are_we_json_yet(request: Request, next: Next) -> Response { let uri = request.uri().path().to_string(); let response = next.run(request).await; @@ -54,7 +55,7 @@ pub struct KOpId { /// This runs at the start of the request, adding an extension with `KOpId` which has useful things inside it. #[instrument(level = "trace", name = "kopid_middleware", skip_all)] -pub async fn kopid_middleware(mut request: Request, next: Next) -> Response { +pub async fn kopid_middleware(mut request: Request, next: Next) -> Response { // generate the event ID let eventid = sketching::tracing_forest::id(); diff --git a/server/core/src/https/middleware/security_headers.rs b/server/core/src/https/middleware/security_headers.rs index 6e58911c3..e9a97653b 100644 --- a/server/core/src/https/middleware/security_headers.rs +++ b/server/core/src/https/middleware/security_headers.rs @@ -1,19 +1,20 @@ -use axum::extract::State; -use axum::http::header; -use axum::http::HeaderValue; -use axum::http::Request; -use axum::middleware::Next; -use axum::response::Response; +use axum::{ + body::Body, + extract::State, + http::{header, HeaderValue, Request}, + middleware::Next, + response::Response, +}; use crate::https::ServerState; const PERMISSIONS_POLICY_VALUE: &str = "fullscreen=(), geolocation=()"; const X_CONTENT_TYPE_OPTIONS_VALUE: &str = "nosniff"; -pub async fn security_headers_layer( +pub async fn security_headers_layer( State(state): State, - request: Request, - next: Next, + request: Request, + next: Next, ) -> Response { // wait for the middleware to come back let mut response = next.run(request).await; diff --git a/server/core/src/https/mod.rs b/server/core/src/https/mod.rs index c2a8f35c8..bbde07dae 100644 --- a/server/core/src/https/mod.rs +++ b/server/core/src/https/mod.rs @@ -16,47 +16,48 @@ mod v1_scim; use self::extractors::ClientConnInfo; use self::javascript::*; +use self::v1::SessionId; use crate::actors::{QueryServerReadV1, QueryServerWriteV1}; use crate::config::{Configuration, ServerRole, TlsConfiguration}; -use axum::extract::connect_info::IntoMakeServiceWithConnectInfo; -use axum::http::{HeaderMap, HeaderValue}; -use axum::middleware::{from_fn, from_fn_with_state}; -use axum::response::Redirect; -use axum::routing::*; -use axum::Router; -use axum_csp::{CspDirectiveType, CspValue}; +use crate::CoreAction; + +use axum::{ + body::Body, + extract::connect_info::IntoMakeServiceWithConnectInfo, + http::{HeaderMap, HeaderValue, Request}, + middleware::{from_fn, from_fn_with_state}, + response::Redirect, + routing::*, + Router, +}; + use axum_extra::extract::cookie::CookieJar; use compact_jwt::{JwsCompact, JwsHs256Signer, JwsVerifier}; +use futures::pin_mut; use hashbrown::HashMap; -use hyper::server::accept::Accept; -use hyper::server::conn::{AddrStream, Http}; -use kanidm_proto::constants::KSESSIONID; -use kanidm_proto::internal::COOKIE_AUTH_SESSION_ID; -use kanidmd_lib::idm::ClientCertInfo; -use kanidmd_lib::status::StatusActor; +use hyper::body::Incoming; +use hyper_util::rt::{TokioExecutor, TokioIo}; +use kanidm_proto::{constants::KSESSIONID, internal::COOKIE_AUTH_SESSION_ID}; +use kanidmd_lib::{idm::ClientCertInfo, status::StatusActor}; use openssl::nid; use openssl::ssl::{Ssl, SslAcceptor, SslFiletype, SslMethod, SslSessionCacheMode, SslVerifyMode}; use openssl::x509::X509; -use sketching::*; -use tokio_openssl::SslStream; -use futures_util::future::poll_fn; -use tokio::net::TcpListener; +use sketching::*; +use tokio::{ + net::{TcpListener, TcpStream}, + sync::broadcast, +}; +use tokio_openssl::SslStream; +use tower::Service; +use tower_http::{services::ServeDir, trace::TraceLayer}; +use uuid::Uuid; use std::fs; use std::io::{ErrorKind, Read}; use std::path::PathBuf; use std::pin::Pin; -use std::sync::Arc; use std::{net::SocketAddr, str::FromStr}; -use tokio::sync::broadcast; -use tower_http::services::ServeDir; -use tower_http::trace::TraceLayer; -use uuid::Uuid; - -use crate::CoreAction; - -use self::v1::SessionId; #[derive(Clone)] pub struct ServerState { @@ -213,34 +214,28 @@ pub async fn create_https_server( .into_iter() .map(|f| f.hash) .collect::>(); - let mut js_directives: Vec = js_directives - .into_iter() - .map(|value| CspValue::Sha384 { value }) - .collect(); - js_directives.extend(vec![CspValue::UnsafeEval, CspValue::SelfSite]); - let csp_header = axum_csp::CspSetBuilder::new() - // default-src 'self'; - .add(CspDirectiveType::DefaultSrc, vec![CspValue::SelfSite]) - // form-action https: 'self'; - .add( - CspDirectiveType::FormAction, - vec![CspValue::SelfSite, CspValue::SchemeHttps], - ) - // base-uri 'self'; - .add( - CspDirectiveType::BaseUri, - vec![CspValue::SelfSite, CspValue::SchemeHttps], - ) - // worker-src 'none'; - .add(CspDirectiveType::WorkerSource, vec![CspValue::None]) - // frame-ancestors 'none' - .add(CspDirectiveType::FrameAncestors, vec![CspValue::None]) - .add(CspDirectiveType::ScriptSource, js_directives) - .add( - CspDirectiveType::ImgSrc, - vec![CspValue::SelfSite, CspValue::SchemeData], - ); + let js_checksums: String = js_directives + .iter() + .map(|value| format!(" 'sha384-{}'", value)) + .collect(); + + let csp_header = format!( + concat!( + "base-uri 'self' https:; ", + "default-src 'self'; ", + "form-action 'self' https:;", + "frame-ancestors 'none'; ", + "img-src 'self' data:; ", + "worker-src 'none'; ", + "script-src 'self' 'unsafe-eval'{};" + ), + js_checksums + ); + + let csp_header = HeaderValue::from_str(&csp_header).map_err(|err| { + error!(?err, "Unable to generate content security policy"); + })?; let trust_x_forward_for = config.trust_x_forward_for; @@ -251,7 +246,7 @@ pub async fn create_https_server( jws_signer, js_files, trust_x_forward_for, - csp_header: csp_header.finish(), + csp_header, domain: config.domain.clone(), secure_cookies: config.integration_test_config.is_none(), }; @@ -537,23 +532,13 @@ async fn server_loop( } let tls_acceptor = tls_builder.build(); + pin_mut!(listener); - let protocol = Arc::new(Http::new()); - let mut listener = - hyper::server::conn::AddrIncoming::from_listener(listener).map_err(|err| { - std::io::Error::new( - ErrorKind::Other, - format!("Failed to create listener: {:?}", err), - ) - })?; loop { - if let Some(Ok(stream)) = poll_fn(|cx| Pin::new(&mut listener).poll_accept(cx)).await { + if let Ok((stream, addr)) = listener.accept().await { let tls_acceptor = tls_acceptor.clone(); let app = app.clone(); - - // let svc = tower::MakeService::make_service(&mut app, &stream); - // tokio::spawn(handle_conn(tls_acceptor, stream, svc, protocol.clone())); - tokio::spawn(handle_conn(tls_acceptor, stream, app, protocol.clone())); + tokio::spawn(handle_conn(tls_acceptor, stream, app, addr)); } } } @@ -561,18 +546,15 @@ async fn server_loop( /// This handles an individual connection. pub(crate) async fn handle_conn( acceptor: SslAcceptor, - stream: AddrStream, - // svc: ResponseFuture, + stream: TcpStream, mut app: IntoMakeServiceWithConnectInfo, - protocol: Arc, + addr: SocketAddr, ) -> Result<(), std::io::Error> { let ssl = Ssl::new(acceptor.context()).map_err(|e| { error!("Failed to create TLS context: {:?}", e); std::io::Error::from(ErrorKind::ConnectionAborted) })?; - let addr = stream.remote_addr(); - let mut tls_stream = SslStream::new(ssl, stream).map_err(|e| { error!("Failed to create TLS stream: {:?}", e); std::io::Error::from(ErrorKind::ConnectionAborted) @@ -611,15 +593,33 @@ pub(crate) async fn handle_conn( debug!(?client_conn_info); - let svc = tower::MakeService::make_service(&mut app, client_conn_info); + let svc = tower::MakeService::>::make_service( + &mut app, + client_conn_info, + ); let svc = svc.await.map_err(|e| { error!("Failed to build HTTP response: {:?}", e); std::io::Error::from(ErrorKind::Other) })?; - protocol - .serve_connection(tls_stream, svc) + // Hyper has its own `AsyncRead` and `AsyncWrite` traits and doesn't use tokio. + // `TokioIo` converts between them. + let stream = TokioIo::new(tls_stream); + + // Hyper also has its own `Service` trait and doesn't use tower. We can use + // `hyper::service::service_fn` to create a hyper `Service` that calls our app through + // `tower::Service::call`. + let hyper_service = hyper::service::service_fn(move |request: Request| { + // We have to clone `tower_service` because hyper's `Service` uses `&self` whereas + // tower's `Service` requires `&mut self`. + // + // We don't need to call `poll_ready` since `Router` is always ready. + svc.clone().call(request) + }); + + hyper_util::server::conn::auto::Builder::new(TokioExecutor::new()) + .serve_connection_with_upgrades(stream, hyper_service) .await .map_err(|e| { debug!("Failed to complete connection: {:?}", e); diff --git a/server/core/src/https/oauth2.rs b/server/core/src/https/oauth2.rs index ef90c5165..8585fd4fc 100644 --- a/server/core/src/https/oauth2.rs +++ b/server/core/src/https/oauth2.rs @@ -2,19 +2,21 @@ use super::errors::WebError; use super::middleware::KOpId; use super::ServerState; use crate::https::extractors::VerifiedClientInformation; -use axum::extract::{Path, Query, State}; -use axum::http::header::{ - ACCESS_CONTROL_ALLOW_HEADERS, ACCESS_CONTROL_ALLOW_ORIGIN, CONTENT_TYPE, LOCATION, - WWW_AUTHENTICATE, +use axum::{ + body::Body, + extract::{Path, Query, State}, + http::header::{ + ACCESS_CONTROL_ALLOW_HEADERS, ACCESS_CONTROL_ALLOW_ORIGIN, CONTENT_TYPE, LOCATION, + WWW_AUTHENTICATE, + }, + http::{HeaderValue, StatusCode}, + middleware::from_fn, + response::{IntoResponse, Response}, + routing::{get, post}, + Extension, Form, Json, Router, }; -use axum::http::{HeaderValue, StatusCode}; -use axum::middleware::from_fn; -use axum::response::{IntoResponse, Response}; -use axum::routing::{get, post}; -use axum::{Extension, Form, Json, Router}; use axum_macros::debug_handler; use compact_jwt::{JwkKeySet, OidcToken}; -use hyper::Body; use kanidm_proto::constants::uri::{ OAUTH2_AUTHORISE, OAUTH2_AUTHORISE_PERMIT, OAUTH2_AUTHORISE_REJECT, }; diff --git a/server/core/src/https/v1.rs b/server/core/src/https/v1.rs index c94bee6cf..8e6c55e9f 100644 --- a/server/core/src/https/v1.rs +++ b/server/core/src/https/v1.rs @@ -2846,7 +2846,7 @@ fn auth_session_state_management( bearer_cookie.set_path("/"); jar = jar .add(bearer_cookie) - .remove(Cookie::named(COOKIE_AUTH_SESSION_ID)); + .remove(Cookie::from(COOKIE_AUTH_SESSION_ID)); Ok(ProtoAuthState::Success(token_str)) } } diff --git a/server/core/src/https/v1_scim.rs b/server/core/src/https/v1_scim.rs index 10389168b..b95fb3564 100644 --- a/server/core/src/https/v1_scim.rs +++ b/server/core/src/https/v1_scim.rs @@ -11,7 +11,6 @@ use axum::extract::{Path, State}; use axum::response::Html; use axum::routing::{get, post}; use axum::{Extension, Json, Router}; -use axum_auth::AuthBearer; use kanidm_proto::scim_v1::{ScimSyncRequest, ScimSyncState}; use kanidm_proto::v1::Entry as ProtoEntry; use kanidmd_lib::prelude::*; @@ -247,10 +246,8 @@ async fn scim_sync_get( State(state): State, Extension(kopid): Extension, VerifiedClientInformation(client_auth_info): VerifiedClientInformation, - AuthBearer(bearer): AuthBearer, ) -> Result, WebError> { // Given the token, what is it's connected sync state? - trace!(?bearer); state .qe_r_ref .handle_scim_sync_status(client_auth_info, kopid.eventid)