matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2026-01-03 17:02:28 +03:00
Code Activity

Use rustls-platform-verifier for cert validation

Browse Source 
This simplifies by removing the mutually exclusive `native-roots` and
`webpki-roots` features with something that is suitable for all
platforms.
This commit is contained in:
Quentin Gliech
2024-03-06 11:23:42 +01:00
parent 58d91f91d2
commit 6eb6209bd8
25 changed files with 173 additions and 258 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
crates/cli/Cargo.toml
View File

@@ -24,12 +24,12 @@ itertools = "0.12.1"
listenfd = "1.0.1"
rand.workspace = true
rand_chacha = "0.3.1"
rustls = "0.22.2"
rustls.workspace = true
serde_json.workspace = true
serde_yaml = "0.9.30"
sqlx = { version = "0.7.3", features = ["runtime-tokio-rustls", "postgres"] }
tokio = { version = "1.35.1", features = ["full"] }
tower = "0.4.13"
tower.workspace = true
tower-http = { version = "0.4.4", features = ["fs"] }
url.workspace = true
zeroize = "1.7.0"
@@ -57,7 +57,7 @@ mas-data-model.workspace = true
mas-email.workspace = true
mas-graphql.workspace = true
mas-handlers = { workspace = true }
mas-http = { workspace = true, features = ["axum", "client"] }
mas-http = { workspace = true, features = ["client"] }
mas-i18n.workspace = true
mas-iana.workspace = true
mas-keystore.workspace = true
@@ -75,18 +75,13 @@ mas-tower.workspace = true
oauth2-types.workspace = true
[features]
default = ["webpki-roots", "policy-cache"]
default = ["policy-cache"]
# Features used for the prebuilt binaries
dist = ["policy-cache", "native-roots", "mas-config/dist"]
dist = ["policy-cache", "mas-config/dist"]
# Features used in the Docker image
docker = ["native-roots", "mas-config/docker"]
docker = ["mas-config/docker"]
# Enable wasmtime compilation cache
policy-cache = ["mas-policy/cache"]
# Use the native root certificates
native-roots = ["mas-http/native-roots", "mas-handlers/native-roots"]
# Use the webpki root certificates
webpki-roots = ["mas-http/webpki-roots", "mas-handlers/webpki-roots"]

2
crates/cli/src/commands/debug.rs
View File

@@ -67,7 +67,7 @@ impl Options {
#[tracing::instrument(skip_all)]
pub async fn run(self, root: &super::Options) -> anyhow::Result<()> {
use Subcommand as SC;
let http_client_factory = HttpClientFactory::new().await?;
let http_client_factory = HttpClientFactory::new();
match self.subcommand {
SC::Http {
show_headers,

2
crates/cli/src/commands/doctor.rs
View File

@@ -41,7 +41,7 @@ impl Options {
let config: RootConfig = root.load_config()?;
// We'll need an HTTP client
let http_client_factory = HttpClientFactory::new().await?;
let http_client_factory = HttpClientFactory::new();
let base_url = config.http.public_base.as_str();
let issuer = config.http.issuer.as_ref().map(url::Url::as_str);
let issuer = issuer.unwrap_or(base_url);

2
crates/cli/src/commands/server.rs
View File

@@ -146,7 +146,7 @@ impl Options {
)
.await?;
let http_client_factory = HttpClientFactory::new().await?;
let http_client_factory = HttpClientFactory::new();
let homeserver_connection = SynapseConnection::new(
config.matrix.homeserver.clone(),

2
crates/cli/src/commands/worker.rs
View File

@@ -55,7 +55,7 @@ impl Options {
let mailer = mailer_from_config(&config.email, &templates)?;
mailer.test_connection().await?;
let http_client_factory = HttpClientFactory::new().await?;
let http_client_factory = HttpClientFactory::new();
let conn = SynapseConnection::new(
config.matrix.homeserver.clone(),
config.matrix.endpoint.clone(),

6
crates/cli/src/main.rs
View File

@@ -77,7 +77,7 @@ async fn try_main() -> anyhow::Result<()> {
telemetry_config.sentry.dsn.as_deref(),
sentry::ClientOptions {
transport: Some(Arc::new(HyperTransportFactory::new(
mas_http::make_untraced_client().await?,
mas_http::make_untraced_client(),
))),
traces_sample_rate: 1.0,
auto_session_tracking: true,
@@ -99,9 +99,7 @@ async fn try_main() -> anyhow::Result<()> {
});
// Setup OpenTelemetry tracing and metrics
let tracer = telemetry::setup(&telemetry_config)
.await
.context("failed to setup OpenTelemetry")?;
let tracer = telemetry::setup(&telemetry_config).context("failed to setup OpenTelemetry")?;
let telemetry_layer = tracer.map(|tracer| {
tracing_opentelemetry::layer()

33
crates/cli/src/telemetry.rs
View File

@@ -43,7 +43,7 @@ use url::Url;
static METER_PROVIDER: OnceCell<MeterProvider> = OnceCell::const_new();
static PROMETHEUS_REGISTRY: OnceCell<Registry> = OnceCell::const_new();
pub async fn setup(config: &TelemetryConfig) -> anyhow::Result<Option<Tracer>> {
pub fn setup(config: &TelemetryConfig) -> anyhow::Result<Option<Tracer>> {
global::set_error_handler(|e| tracing::error!("{}", e))?;
let propagator = propagator(&config.tracing.propagators);
@@ -52,9 +52,7 @@ pub async fn setup(config: &TelemetryConfig) -> anyhow::Result<Option<Tracer>> {
mas_http::set_propagator(&propagator);
global::set_text_map_propagator(propagator);
let tracer = tracer(&config.tracing.exporter)
.await
.context("Failed to configure traces exporter")?;
let tracer = tracer(&config.tracing.exporter).context("Failed to configure traces exporter")?;
init_meter(&config.metrics.exporter).context("Failed to configure metrics exporter")?;
@@ -86,13 +84,9 @@ fn propagator(propagators: &[Propagator]) -> impl TextMapPropagator {
TextMapCompositePropagator::new(propagators)
}
async fn http_client() -> anyhow::Result<impl opentelemetry_http::HttpClient + 'static> {
let client = mas_http::make_untraced_client()
.await
.context("Failed to build HTTP client used by telemetry exporter")?;
let client =
opentelemetry_http::hyper::HyperClient::new_with_timeout(client, Duration::from_secs(30));
Ok(client)
fn http_client() -> impl opentelemetry_http::HttpClient + 'static {
let client = mas_http::make_untraced_client();
opentelemetry_http::hyper::HyperClient::new_with_timeout(client, Duration::from_secs(30))
}
fn stdout_tracer_provider() -> TracerProvider {
@@ -133,12 +127,12 @@ fn jaeger_agent_tracer_provider(host: &str, port: u16) -> anyhow::Result<TracerP
Ok(tracer_provider)
}
async fn jaeger_collector_tracer_provider(
fn jaeger_collector_tracer_provider(
endpoint: &str,
username: Option<&str>,
password: Option<&str>,
) -> anyhow::Result<TracerProvider> {
let http_client = http_client().await?;
let http_client = http_client();
let mut pipeline = opentelemetry_jaeger::new_collector_pipeline()
.with_service_name(env!("CARGO_PKG_NAME"))
.with_trace_config(trace_config())
@@ -160,8 +154,8 @@ async fn jaeger_collector_tracer_provider(
Ok(tracer_provider)
}
async fn zipkin_tracer(collector_endpoint: &Option<Url>) -> anyhow::Result<Tracer> {
let http_client = http_client().await?;
fn zipkin_tracer(collector_endpoint: &Option<Url>) -> anyhow::Result<Tracer> {
let http_client = http_client();
let mut pipeline = opentelemetry_zipkin::new_pipeline()
.with_http_client(http_client)
@@ -179,7 +173,7 @@ async fn zipkin_tracer(collector_endpoint: &Option<Url>) -> anyhow::Result<Trace
Ok(tracer)
}
async fn tracer(config: &TracingExporterConfig) -> anyhow::Result<Option<Tracer>> {
fn tracer(config: &TracingExporterConfig) -> anyhow::Result<Option<Tracer>> {
let tracer_provider = match config {
TracingExporterConfig::None => return Ok(None),
TracingExporterConfig::Stdout => stdout_tracer_provider(),
@@ -195,13 +189,10 @@ async fn tracer(config: &TracingExporterConfig) -> anyhow::Result<Option<Tracer>
endpoint,
username,
password,
}) => {
jaeger_collector_tracer_provider(endpoint, username.as_deref(), password.as_deref())
.await?
}
}) => jaeger_collector_tracer_provider(endpoint, username.as_deref(), password.as_deref())?,
TracingExporterConfig::Zipkin { collector_endpoint } => {
// The Zipkin exporter already creates a tracer and installs it
return Ok(Some(zipkin_tracer(collector_endpoint).await?));
return Ok(Some(zipkin_tracer(collector_endpoint)?));
}
};