WIP network stack upgrade

eclipse-opendut · Nov 25, 2024 · 0e86240 · 0e86240
1 parent 54f442b
commit 0e86240
Show file tree

Hide file tree

Showing 13 changed files with 542 additions and 233 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -48,9 +48,9 @@ opendut-vpn = { path = "opendut-vpn" }
 anyhow = "1.0.79"
 assert_fs = "1.1.1"
 async-trait = "0.1.77"
-axum = "0.6.20"
-axum-server = "0.5.1"
-axum-server-dual-protocol = "0.5.2"
+axum = "0.7.5"
+axum-server = "0.6.0"
+axum-server-dual-protocol = "0.6.0"
 backon = { version = "1.2.0", default-features = false }
 base64 = "0.22.1"
 brotli = "7.0.0"
@@ -81,7 +81,7 @@ gloo-net = { version = "0.5.0" }
 gloo-timers = { version = "0.3.0" }
 googletest = { version = "0.12.0" }
 home = "0.5.5"
-http = "0.2.12"
+http = "1.1.0"
 indicatif = "0.17.7"
 indoc = "2.0.4"
 jsonwebtoken = "9.2.0"
@@ -94,27 +94,27 @@ mockall = "0.13.0"
 netlink-packet-route = "0.19.0"
 netlink-packet-utils = "0.5.2"
 nix = "0.29.0"
-oauth2 = { version = "4.4.2", default-features = false }
-openidconnect = { version = "3.5.0", default-features = false }
+oauth2 = { version = "5.0.0-alpha.4", default-features = false }
+openidconnect = { version = "4.0.0-alpha.2", default-features = false }
 openssl-sys = { version = "0.9.102", features = ["vendored"] }
 opentelemetry = "0.23.0"
 opentelemetry-appender-tracing = "0.4.0"
 opentelemetry-otlp = "0.16.0"
 opentelemetry_sdk = "0.23.0"
 opentelemetry-semantic-conventions = "0.15.0"
-pem = {version = "3.0.3", features = ["serde"]}
+pem = { version = "3.0.3", features = ["serde"] }
 phf = { version = "0.11", features = ["macros"] }
 ping-rs = { version = "0.1.2" }
 pq-sys = { version = "0.6.1", features = ["bundled"] }
 predicates = "3.0.4"
-prost = "0.12.1"
-prost-build = "0.12.1"
-prost-types = "0.12.1"
+prost = "0.13.1"
+prost-build = "0.13.1"
+prost-types = "0.13.1"
 protobuf-src = "1.1.0"
 regex = "1.10.2"
-reqwest = { version = "0.11.23", default-features = false, features = ["rustls-tls-native-roots"] }
-reqwest-middleware = "0.2.4"
-reqwest-retry = "0.3.0"
+reqwest = { version = "0.12.5", default-features = false, features = ["rustls-tls-native-roots"] }
+reqwest-middleware = "0.3.2"
+reqwest-retry = "0.6.0"
 rstest = "0.23.0"
 rtnetlink = "0.14.1"
 serde = { version = "1.0.204", default-features = false }
@@ -139,13 +139,13 @@ thiserror = "2.0.3"
 tokio = { version = "1.35.1", default-features = false }
 tokio-stream = { version = "0.1.14", default-features = false }
 toml_edit = "0.22.15"
-tonic = { version = "0.11.0", default-features = false }
-tonic-build = { version = "0.11.0", default-features = false }
-tonic-web = "0.11.0"
+tonic = { version = "0.12.0", default-features = false }
+tonic-build = { version = "0.12.0", default-features = false }
+tonic-web = "0.12.0"
 tonic-web-wasm-client = { version = "0.5.1" }
 tonic-async-interceptor = { version = "0.11.0" }
 tower = "0.4.13"
-tower-http = { version = "0.4.4", features = ["cors", "fs"] }
+tower-http = { version = "0.5.2", features = ["cors", "fs"] }
 tracing = { version = "0.1.40" }
 tracing-opentelemetry = "0.24.0"
 tracing-subscriber = { version = "0.3.18", default-features = false }

diff --git a/opendut-carl/opendut-carl-api/build.rs b/opendut-carl/opendut-carl-api/build.rs
@@ -14,7 +14,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
             ".opendut.types",
             "opendut_types::proto"
         )
-        .compile(&protos, &includes)?;
+        .compile_protos(&protos, &includes)?;
 
     Ok(())
 }
diff --git a/opendut-types/src/proto/peer/mod.rs b/opendut-types/src/proto/peer/mod.rs
@@ -384,7 +384,7 @@ mod tests {
             ok(eq(&native))
         );
 
-        assert_that!(PeerId::from(native), eq(&proto));
+        assert_that!(&PeerId::from(native), eq(&proto));
 
         Ok(())
     }

diff --git a/opendut-util/opendut-auth/Cargo.toml b/opendut-util/opendut-auth/Cargo.toml
@@ -44,10 +44,10 @@ chrono = { workspace = true, optional = true, default-features = false, features
 config = { workspace = true, optional = true }
 http = { workspace = true, optional = true }
 leptos_oidc =  { workspace = true, optional = true }
-openidconnect = { workspace = true, optional = true, default-features = false, features = ["reqwest"] }
-oauth2 = { workspace = true, default-features = false, optional = true, features = ["reqwest"] }
+openidconnect = { workspace = true, optional = true, default-features = false, features = ["reqwest-blocking"] }
+oauth2 = { workspace = true, default-features = false, optional = true, features = ["reqwest-blocking"] }
 pem = { workspace = true, optional = true, features = ["serde"]}
-reqwest = { workspace = true, default-features = false, features = ["rustls-tls-native-roots"] }
+reqwest = { workspace = true, default-features = false, features = ["blocking", "rustls-tls-native-roots"] }
 serde = { workspace = true, features = ["std", "derive"] }
 shadow-rs = { workspace = true, default-features = false, optional = true, features = ["tzdb"] }
 thiserror = { workspace = true }

diff --git a/opendut-util/opendut-auth/opendut-auth-tests/src/lib.rs b/opendut-util/opendut-auth/opendut-auth-tests/src/lib.rs
@@ -59,6 +59,8 @@ pub async fn registration_client(#[future] confidential_carl_client: Confidentia
 mod auth_tests {
     use googletest::assert_that;
     use googletest::matchers::eq;
+    use http::HeaderValue;
+    use pem::Pem;
     use rstest::rstest;
 
     use opendut_auth::registration::client::{Clients, RegistrationClientRef};

diff --git a/opendut-util/opendut-auth/src/confidential/blocking/client.rs b/opendut-util/opendut-auth/src/confidential/blocking/client.rs
@@ -1,11 +1,11 @@
 use crate::confidential::blocking::reqwest_client::OidcBlockingReqwestClient;
-use crate::confidential::config::{ConfidentialClientConfig, ConfidentialClientConfigData};
+use crate::confidential::config::{ConfidentialClientConfig, ConfidentialClientConfigData, ConfiguredClient};
 use crate::confidential::error::{ConfidentialClientError, WrappedRequestTokenError};
 use crate::TOKEN_GRACE_PERIOD;
 use backon::BlockingRetryable;
 use chrono::{NaiveDateTime, Utc};
 use config::Config;
-use oauth2::basic::{BasicClient, BasicTokenResponse};
+use oauth2::basic::BasicTokenResponse;
 use oauth2::{AccessToken, TokenResponse};
 use std::fmt::Formatter;
 use std::ops::Sub;
@@ -21,7 +21,7 @@ use tracing::debug;
 
 #[derive(Debug)]
 pub struct ConfidentialClient {
-    inner: BasicClient,
+    inner: ConfiguredClient,
     pub reqwest_client: OidcBlockingReqwestClient,
     pub config: ConfidentialClientConfigData,
 
@@ -152,7 +152,7 @@ impl ConfidentialClient {
     fn fetch_token(&self) -> Result<Token, AuthError> {
         let response = self.inner.exchange_client_credentials()
             .add_scopes(self.config.scopes.clone())
-            .request(|request| { self.reqwest_client.sync_http_client(request) })
+            .request(&|request| { self.reqwest_client.sync_http_client(request) })
             .map_err(|error| {
                 AuthError::FailedToGetToken {
                     message: "Fetching authentication token failed!".to_string(),
@@ -264,7 +264,7 @@ mod auth_tests {
         let reqwest_client = blocking::reqwest_client::OidcBlockingReqwestClient::from_pem(certificate).unwrap();
         let response = client.exchange_client_credentials()
             .add_scopes(vec![])
-            .request(|request| reqwest_client.sync_http_client(request))
+            .request(&|request| reqwest_client.sync_http_client(request))
             .expect("Failed to get token");
 
         let now = Utc::now().naive_utc();

diff --git a/opendut-util/opendut-auth/src/confidential/blocking/reqwest_client.rs b/opendut-util/opendut-auth/src/confidential/blocking/reqwest_client.rs
@@ -61,10 +61,11 @@ impl OidcBlockingReqwestClient {
         request: HttpRequest,
     ) -> Result<HttpResponse, OidcClientError> {
         let client = self.client.clone();
+
         let mut request_builder = client
-            .request(request.method, request.url.as_str())
-            .body(request.body);
-        for (name, value) in &request.headers {
+            .request(request.method().clone(), request.uri().to_string())
+            .body(request.body().clone());
+        for (name, value) in request.headers() {
             request_builder = request_builder.header(name.as_str(), value.as_bytes());
         }
         let request = request_builder.build()
@@ -81,10 +82,20 @@ impl OidcBlockingReqwestClient {
             .map_err(|cause| {
                 OidcClientError::AuthReqwest { message: cause.to_string(), status: cause.status().unwrap_or_default().to_string(), inner: cause }
             })?;
-        Ok(HttpResponse {
-            status_code,
-            headers,
-            body: data.to_vec(),
-        })
+
+        let returned_response = {
+            let mut returned_response = http::Response::builder()
+                .status(status_code);
+            for (name, value) in headers.iter() {
+                returned_response = returned_response.header(name, value);
+            }
+            returned_response
+                .body(data.to_vec())
+                .map_err(|cause| {
+                    OidcClientError::Other(format!("Failed to build response body: {cause}"))
+                })?
+        };
+
+        Ok(returned_response)
     }
 }
diff --git a/opendut-util/opendut-auth/src/confidential/client.rs b/opendut-util/opendut-auth/src/confidential/client.rs
@@ -1,20 +1,22 @@
 use std::fmt::Formatter;
 use std::ops::Sub;
 use std::sync::Arc;
+
 use chrono::{NaiveDateTime, Utc};
 use config::Config;
 use oauth2::{AccessToken, TokenResponse};
-use oauth2::basic::{BasicClient, BasicTokenResponse};
+use oauth2::basic::{BasicTokenResponse};
 use tokio::sync::{RwLock, RwLockWriteGuard};
 use tracing::debug;
-use crate::confidential::config::{ConfidentialClientConfig, ConfidentialClientConfigData};
-use crate::confidential::reqwest_client::OidcReqwestClient;
+
+use crate::confidential::config::{ConfidentialClientConfig, ConfidentialClientConfigData, ConfiguredClient};
 use crate::confidential::error::{ConfidentialClientError, WrappedRequestTokenError};
 use crate::TOKEN_GRACE_PERIOD;
+use crate::confidential::reqwest_client::OidcReqwestClient;
 
 #[derive(Debug)]
 pub struct ConfidentialClient {
-    inner: BasicClient,
+    inner: ConfiguredClient,
     pub reqwest_client: OidcReqwestClient,
     pub config: ConfidentialClientConfigData,
 
@@ -106,7 +108,7 @@ impl ConfidentialClient {
     async fn fetch_token(&self) -> Result<Token, AuthError> {
         let response = self.inner.exchange_client_credentials()
             .add_scopes(self.config.scopes.clone())
-            .request_async(|request| { self.reqwest_client.async_http_client(request) })
+            .request_async(&|request| { self.reqwest_client.async_http_client(request) })
             .await
             .map_err(|error| {
                 AuthError::FailedToGetToken {
@@ -152,9 +154,11 @@ mod auth_tests {
     use pem::Pem;
     use rstest::{fixture, rstest};
     use url::Url;
+
     use opendut_util_core::project;
-    use crate::confidential::config::ConfidentialClientConfigData;
+
     use crate::confidential::client::{ConfidentialClient, ConfidentialClientRef};
+    use crate::confidential::config::ConfidentialClientConfigData;
     use crate::confidential::pem::PemFromConfig;
     use crate::confidential::reqwest_client::OidcReqwestClient;
 

diff --git a/opendut-util/opendut-auth/src/confidential/config.rs b/opendut-util/opendut-auth/src/confidential/config.rs
@@ -1,11 +1,25 @@
 use config::Config;
-use oauth2::{AuthUrl, ClientId as OAuthClientId, ClientSecret as OAuthClientSecret, Scope as OAuthScope, TokenUrl};
+use oauth2::{AuthUrl, ClientId as OAuthClientId, ClientSecret as OAuthClientSecret, EndpointNotSet, EndpointSet, Scope as OAuthScope, TokenUrl};
 use oauth2::basic::BasicClient;
 use shadow_rs::formatcp;
 use url::Url;
 
 use crate::confidential::error::ConfidentialClientError;
 
+pub type ConfiguredClient<
+    HasAuthUrl = EndpointSet,
+    HasDeviceAuthUrl = EndpointNotSet,
+    HasIntrospectionUrl = EndpointNotSet,
+    HasRevocationUrl = EndpointNotSet,
+    HasTokenUrl = EndpointSet,
+> = BasicClient<
+    HasAuthUrl,
+    HasDeviceAuthUrl,
+    HasIntrospectionUrl,
+    HasRevocationUrl,
+    HasTokenUrl,
+>;
+
 #[derive(Clone, Debug)]
 pub enum ConfidentialClientConfig {
     Confidential(ConfidentialClientConfigData),
@@ -61,18 +75,18 @@ impl ConfidentialClientConfigData {
         }
     }
 
-    pub fn get_client(&self) -> Result<BasicClient, ConfidentialClientError> {
+    pub fn get_client(&self) -> Result<ConfiguredClient, ConfidentialClientError> {
         let auth_endpoint = self.issuer_url.join("protocol/openid-connect/auth")
             .map_err(|cause| ConfidentialClientError::Configuration { message: String::from("Failed to derive authorization url from issuer url."), cause: cause.into() })?;
         let token_endpoint = self.issuer_url.join("protocol/openid-connect/token")
             .map_err(|cause| ConfidentialClientError::Configuration { message: String::from("Failed to derive token url from issuer url."), cause: cause.into() })?;
 
-        Ok(BasicClient::new(
-            self.client_id.clone(),
-            Some(self.client_secret.clone()),
-            AuthUrl::from_url(auth_endpoint),
-            Some(TokenUrl::from_url(token_endpoint)),
-        ))
+        let client = BasicClient::new(self.client_id.clone())
+            .set_client_secret(self.client_secret.clone())
+            .set_auth_uri(AuthUrl::from_url(auth_endpoint))
+            .set_token_uri(TokenUrl::from_url(token_endpoint));
+
+        Ok(client)
     }
 }
 

diff --git a/opendut-util/opendut-auth/src/confidential/reqwest_client.rs b/opendut-util/opendut-auth/src/confidential/reqwest_client.rs
@@ -72,9 +72,9 @@ impl OidcReqwestClient {
     ) -> Result<HttpResponse, OidcClientError> {
         let client = self.client.clone();
         let mut request_builder = client
-            .request(request.method, request.url.as_str())
-            .body(request.body);
-        for (name, value) in &request.headers {
+            .request(request.method().clone(), request.uri().to_string())
+            .body(request.body().clone());
+        for (name, value) in request.headers() {
             request_builder = request_builder.header(name.as_str(), value.as_bytes());
         }
         let request = request_builder.build()
@@ -91,10 +91,20 @@ impl OidcReqwestClient {
             .map_err(|cause| {
                 OidcClientError::AuthReqwest { message: cause.to_string(), status: cause.status().unwrap_or_default().to_string(), inner: cause }
             })?;
-        Ok(HttpResponse {
-            status_code,
-            headers,
-            body: data.to_vec(),
-        })
+
+        let returned_response = {
+            let mut returned_response = http::Response::builder()
+                .status(status_code);
+            for (name, value) in headers.iter() {
+                returned_response = returned_response.header(name, value);
+            }
+            returned_response
+                .body(data.to_vec())
+                .map_err(|cause| {
+                    OidcClientError::Other(format!("Failed to build response body: {cause}"))
+                })?
+        };
+
+        Ok(returned_response)
     }
 }
diff --git a/opendut-util/opendut-auth/src/confidential/tonic_service.rs b/opendut-util/opendut-auth/src/confidential/tonic_service.rs
@@ -4,7 +4,7 @@ use std::sync::Arc;
 use std::task::{Context, Poll};
 use http::{HeaderValue, Request, Response};
 use tonic::body::BoxBody;
-use tonic::transport::{Body, Channel};
+use tonic::transport::Channel;
 use tower::Service;
 use tracing::error;
 use crate::confidential::client::ConfidentialClient;
@@ -28,10 +28,11 @@ impl TonicAuthenticationService {
 }
 
 impl Service<Request<BoxBody>> for TonicAuthenticationService {
-    type Response = Response<Body>;
+    type Response = Response<BoxBody>;
     type Error = Box<dyn std::error::Error + Send + Sync>;
     #[allow(clippy::type_complexity)]
-    type Future = Pin<Box<dyn Future<Output=Result<Self::Response, Self::Error>> + Send>>;
+    type Future = Pin<Box<dyn Future<Output=Result<Self::Response, Self::Error>>>>;
+
     fn poll_ready(&mut self, cx: &mut Context<'_>) -> Poll<Result<(), Self::Error>> {
         self.inner.poll_ready(cx).map_err(Into::into)
     }
@@ -49,7 +50,7 @@ impl Service<Request<BoxBody>> for TonicAuthenticationService {
             let token_result = confidential_client.as_ref()
                 .map(|manager| manager.get_token());
 
-            return match token_result {
+            match token_result {
                 None => {
                     // Authentication disabled
                     Ok(inner.call(request).await?)
@@ -75,7 +76,7 @@ impl Service<Request<BoxBody>> for TonicAuthenticationService {
                         }
                     }
                 }
-            };
+            }
         })
     }
 }
diff --git a/opendut-util/opendut-auth/src/registration/client.rs b/opendut-util/opendut-auth/src/registration/client.rs
@@ -1,4 +1,3 @@
-use std::ops::Not;
 use std::sync::Arc;
 
 use config::Config;
@@ -118,7 +117,7 @@ impl RegistrationClient {
                     .set_client_uri(Some(vec![(None, client_home_uri)]
                         .into_iter()
                         .collect()))
-                    .register_async(&registration_url, move |request| {
+                    .register_async(&registration_url, &move |request| {
                         self.inner.reqwest_client.async_http_client(request)
                     }).await;
                 match response {
-Original file line number
+Diff line change
@@ Expand Up / @@ -384,7 +384,7 @@ mod tests { @@
                 ok(eq(&native))
             );
-            assert_that!(PeerId::from(native), eq(&proto));
+            assert_that!(&PeerId::from(native), eq(&proto));
             Ok(())
         }
@@ Expand Down @@