这是indexloc提供的服务,不要输入任何密码
Skip to content

Support TLS on REST server #91

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
May 14, 2020
Merged

Support TLS on REST server #91

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,5 @@
.vscode
.idea
.DS_Store

*.pem
190 changes: 182 additions & 8 deletions Cargo.lock
View file
Open in desktop

Large diffs are not rendered by default.

3 changes: 3 additions & 0 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,3 +98,6 @@ endif
docs:
rm -rf $(DOCS_DIR)
mdbook build

cert:
openssl req -x509 -nodes -newkey rsa:4096 -keyout ./etc/bayard-rest_key.pem -out ./etc/bayard-rest_cert.pem -days 365 -subj '/CN=localhost'
3 changes: 2 additions & 1 deletion bayard-rest/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,13 @@ actix = "0.9.0"
actix-cors = "0.2.0"
actix-rt = "1.1.1"
actix-server = "1.0.2"
actix-web = "2.0.0"
actix-web = { version = "2.0.0", features = ["rustls"] }
clap = "2.33.0"
crossbeam-channel = "0.4.2"
ctrlc = { version = "3.1.4", features = ["termination"] }
log = "0.4.8"
num_cpus = "1.13.0"
rustls = "0.16.0"
serde = { version = "1.0.106", features = ["derive"] }
serde_json = "1.0.51"
serde_qs = "0.5.2"
Expand Down
61 changes: 50 additions & 11 deletions bayard-rest/src/main.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,22 @@ async fn main() -> std::io::Result<()> {
.use_delimiter(true)
.require_delimiter(true)
.value_delimiter(","),
)
.arg(
Arg::with_name("CERT_FILE")
.help("Path to the TLS certificate file.")
.short("c")
.long("cert-file")
.value_name("PATH")
.takes_value(true),
)
.arg(
Arg::with_name("KEY_FILE")
.help("Path to the TLS key file.")
.short("k")
.long("key-file")
.value_name("PATH")
.takes_value(true),
);

let matches = app.get_matches();
Expand Down Expand Up @@ -118,26 +134,49 @@ async fn main() -> std::io::Result<()> {
.map(|s| cors_headers.push(s.to_string()))
.count();
}
let mut cert_file = "";
if let Some(_cert_file) = matches.value_of("CERT_FILE") {
cert_file = _cert_file;
}
let mut key_file = "";
if let Some(_key_file) = matches.value_of("KEY_FILE") {
key_file = _key_file;
}

let rest_address = format!("{}:{}", host, port);

let mut rest_server;
if cors_origin == "" {
rest_server = RestServer::new(rest_address.as_str(), server, http_worker_threads);
} else {
info!(
"enable CORS: origin={:?}, methods={:?}, headers={:?}",
cors_origin, cors_methods, cors_headers
);
rest_server = RestServer::new_cors(
let enable_cors =
!cors_origin.is_empty() && !cors_methods.is_empty() && !cors_headers.is_empty();
let enable_tls = !cert_file.is_empty() && !key_file.is_empty();

let mut rest_server = match (enable_tls, enable_cors) {
(false, false) => RestServer::new(rest_address.as_str(), server, http_worker_threads),
(false, true) => RestServer::new_cors(
rest_address.as_str(),
server,
http_worker_threads,
cors_origin,
cors_methods,
cors_headers,
);
}
),
(true, false) => RestServer::new_tls(
rest_address.as_str(),
server,
http_worker_threads,
cert_file,
key_file,
),
(true, true) => RestServer::new_cors_tls(
rest_address.as_str(),
server,
http_worker_threads,
cors_origin,
cors_methods,
cors_headers,
cert_file,
key_file,
),
};
info!("start rest service on {}", rest_address.as_str());

// Wait for signals for termination (SIGINT, SIGTERM).
Expand Down
106 changes: 106 additions & 0 deletions bayard-rest/src/rest/server.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,14 @@
use std::fs::File;
use std::io;
use std::io::BufReader;
use std::iter::FromIterator;
use std::sync::Mutex;

use actix_cors::Cors;
use actix_server::Server;
use actix_web::{middleware, web, App, HttpServer};
use rustls::internal::pemfile::{certs, rsa_private_keys};
use rustls::{NoClientAuth, ServerConfig};

use bayard_client::index::client::IndexClient;

Expand Down Expand Up @@ -101,6 +105,108 @@ impl RestServer {
RestServer { server }
}

pub fn new_tls(
address: &str,
index_server_address: &str,
worker_num: usize,
cert_file: &str,
key_file: &str,
) -> RestServer {
let index_client = IndexClient::new(index_server_address);
let app_data = web::Data::new(AppData {
index_client: Mutex::new(index_client),
});

// load ssl keys
let mut config = ServerConfig::new(NoClientAuth::new());
let cert = &mut BufReader::new(File::open(cert_file).unwrap());
let key = &mut BufReader::new(File::open(key_file).unwrap());
let cert_chain = certs(cert).unwrap();
let mut keys = rsa_private_keys(key).unwrap();
config.set_single_cert(cert_chain, keys.remove(0)).unwrap();

let server = HttpServer::new(move || {
App::new()
.app_data(app_data.clone())
.wrap(middleware::DefaultHeaders::new().header("X-Version", "0.2"))
.wrap(middleware::Compress::default())
.wrap(middleware::Logger::default())
.service(get)
.service(set)
.service(delete)
.service(bulk_set)
.service(bulk_delete)
.service(commit)
.service(rollback)
.service(merge)
.service(schema)
.service(search)
.service(status)
})
.bind_rustls(address, config)
.unwrap()
.workers(worker_num)
.run();

RestServer { server }
}

pub fn new_cors_tls(
address: &str,
index_server_address: &str,
worker_num: usize,
cors_origin: String,
cors_methods: Vec<String>,
cors_headers: Vec<String>,
cert_file: &str,
key_file: &str,
) -> RestServer {
let index_client = IndexClient::new(index_server_address);
let app_data = web::Data::new(AppData {
index_client: Mutex::new(index_client),
});

// load ssl keys
let mut config = ServerConfig::new(NoClientAuth::new());
let cert = &mut BufReader::new(File::open(cert_file).unwrap());
let key = &mut BufReader::new(File::open(key_file).unwrap());
let cert_chain = certs(cert).unwrap();
let mut keys = rsa_private_keys(key).unwrap();
config.set_single_cert(cert_chain, keys.remove(0)).unwrap();

let server = HttpServer::new(move || {
App::new()
.app_data(app_data.clone())
.wrap(middleware::DefaultHeaders::new().header("X-Version", "0.2"))
.wrap(middleware::Compress::default())
.wrap(middleware::Logger::default())
.wrap(
Cors::new()
.allowed_origin(cors_origin.as_ref())
.allowed_methods(Vec::from_iter(cors_methods.iter().map(String::as_str)))
.allowed_headers(Vec::from_iter(cors_headers.iter().map(String::as_str)))
.finish(),
)
.service(get)
.service(set)
.service(delete)
.service(bulk_set)
.service(bulk_delete)
.service(commit)
.service(rollback)
.service(merge)
.service(schema)
.service(search)
.service(status)
})
.bind_rustls(address, config)
.unwrap()
.workers(worker_num)
.run();

RestServer { server }
}

pub async fn shutdown(&mut self) -> io::Result<()> {
Ok(self.server.stop(true).await)
}
Expand Down
Loading