Github/aralez
1
0
Fork 0
mirror of https://github.com/sadoyan/aralez.git synced 2026-05-30 03:44:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

Cleanup. Making clippy happy.

Browse Source
This commit is contained in:
Ara Sadoyan
2026-05-08 16:35:20 +02:00
parent 783ffb27e1
commit fec9d5f1d6
19 changed files with 213 additions and 247 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Cargo.lock generated
View File

@@ -3892,9 +3892,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
[[package]] [[package]]
name = "tokio" name = "tokio"
version = "1.52.2" version = "1.52.3"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "110a78583f19d5cdb2c5ccf321d1290344e71313c6c37d43520d386027d18386" checksum = "8fc7f01b389ac15039e4dc9531aa973a135d7a4135281b12d7c1bc79fd57fffe"
dependencies = [ dependencies = [
"bytes", "bytes",
"libc", "libc",

10
Cargo.toml
View File

@@ -11,7 +11,7 @@ panic = "abort"
strip = true strip = true
[dependencies] [dependencies]
tokio = { version = "1.52.1", features = ["full"] } tokio = { version = "1.52.3", features = ["full"] }
pingora = { version = "0.8.0", features = ["lb", "openssl"] } # openssl, rustls, boringssl pingora = { version = "0.8.0", features = ["lb", "openssl"] } # openssl, rustls, boringssl
serde = { version = "1.0.228", features = ["derive"] } serde = { version = "1.0.228", features = ["derive"] }
dashmap = "7.0.0-rc2" dashmap = "7.0.0-rc2"
@@ -23,9 +23,9 @@ async-trait = "0.1.89"
env_logger = "0.11.10" env_logger = "0.11.10"
log = "0.4.29" log = "0.4.29"
futures = "0.3.32" futures = "0.3.32"
notify = "9.0.0-rc.3" notify = "9.0.0-rc.4"
axum = { version = "0.8.9" } axum = { version = "0.8.9" }
reqwest = { version = "0.13.2", features = ["json", "stream", "blocking"] } reqwest = { version = "0.13.3", features = ["json", "stream", "blocking"] }
serde_yml = "0.0.12" serde_yml = "0.0.12"
rand = "0.10.1" rand = "0.10.1"
base64 = "0.22.1" base64 = "0.22.1"
@@ -39,12 +39,12 @@ mimalloc = { version = "0.1.50", default-features = false }
prometheus = "0.14.0" prometheus = "0.14.0"
x509-parser = "0.18.1" x509-parser = "0.18.1"
rustls-pemfile = "2.2.0" rustls-pemfile = "2.2.0"
tower-http = { version = "0.6.8", features = ["fs"] } tower-http = { version = "0.6.10", features = ["fs"] }
privdrop = "0.5.6" privdrop = "0.5.6"
ctrlc = "3.5.2" ctrlc = "3.5.2"
serde_json = "1.0.149" serde_json = "1.0.149"
subtle = "2.6.1" subtle = "2.6.1"
moka = { version = "0.12.1", features = ["sync"] } moka = { version = "0.12.15", features = ["sync"] }
ahash = "0.8.12" ahash = "0.8.12"
instant-acme = "0.8.5" instant-acme = "0.8.5"
rcgen = "0.14.7" rcgen = "0.14.7"

3
Makefile
View File

@@ -7,9 +7,6 @@ features:
checkup: checkup:
cargo clippy --workspace --all-targets --all-features -- -D warnings cargo clippy --workspace --all-targets --all-features -- -D warnings
cargo check --workspace --all-targets --all-features cargo check --workspace --all-targets --all-features
# cargo shear
# cargo machete
cargo audit
fix: fix:
cargo fix cargo fix

24
README.md
View File

@@ -85,7 +85,7 @@ Make the binary executable `chmod 755 ./aralez-VERSION` and run.
File names: File names:
| File Name | Description | | File Name | Description |
|---------------------------------|--------------------------------------------------------------------------| |---------------------------------|----------------------------------------------------------------------------|
| `aralez-x86_64-musl.gz` | Static Linux x86_64 binary, without any system dependency | | `aralez-x86_64-musl.gz` | Static Linux x86_64 binary, without any system dependency |
| `aralez-x86_64-glibc.gz` | Dynamic Linux x86_64 binary, with minimal system dependencies | | `aralez-x86_64-glibc.gz` | Dynamic Linux x86_64 binary, with minimal system dependencies |
| `aralez-x86_64-compat-musl.gz` | Static Linux x86_64 binary, compatible with old pre Haswell CPUs | | `aralez-x86_64-compat-musl.gz` | Static Linux x86_64 binary, compatible with old pre Haswell CPUs |
@@ -94,16 +94,6 @@ File names:
| `aralez-aarch64-glibc.gz` | Dynamic Linux ARM64 binary, with minimal system dependencies | | `aralez-aarch64-glibc.gz` | Dynamic Linux ARM64 binary, with minimal system dependencies |
| `sadoyan/aralez` | Docker image on Debian 13 slim (<https://hub.docker.com/r/sadoyan/aralez>) | | `sadoyan/aralez` | Docker image on Debian 13 slim (<https://hub.docker.com/r/sadoyan/aralez>) |
**Via docker**
```shell
docker run -d \
-v /local/path/to/config:/etc/aralez:ro \
-p 80:80 \
-p 443:443 \
sadoyan/aralez
```
## About binaries ## About binaries
**glibc** builds are in general faster, but have few, basic, Glibc dependencies: **glibc** builds are in general faster, but have few, basic, Glibc dependencies:
@@ -116,6 +106,16 @@ The most intensive tests shows 107k-110k requests per second on **Glibc** binari
For running **Aralez** on very old hardware, CPUs prior Haswell, (launched before 2013) use `aralez-x86_64-compat-*.gz` For running **Aralez** on very old hardware, CPUs prior Haswell, (launched before 2013) use `aralez-x86_64-compat-*.gz`
For getting the best performance on newer hardware use `aralez-x86_64-*.gz`. For getting the best performance on newer hardware use `aralez-x86_64-*.gz`.
**Via docker**
```shell
docker run -d \
-v /local/path/to/config:/etc/aralez:ro \
-p 80:80 \
-p 443:443 \
sadoyan/aralez
```
## Running the Proxy ## Running the Proxy
```bash ```bash
@@ -244,7 +244,7 @@ To enable TLS for the proxy server.
- Set `proxy_address_tls` in `main.yaml` - Set `proxy_address_tls` in `main.yaml`
- Provide at least on `tls_certificate/tls_key_file` pair. - Provide at least on `tls_certificate/tls_key_file` pair.
- First pair is required tp create the TLS listener. - First pair is required to create the TLS listener.
- This pair can be anything, even self-signed with dummy domain. - This pair can be anything, even self-signed with dummy domain.
- After getting normal certificate it can be deleted - After getting normal certificate it can be deleted

9
src/tls/acme/order.rs
View File

@@ -25,7 +25,7 @@ pub async fn order(domain: &str, credsfile: &str, certs_dir: String) -> Result<S
let crt = certs_dir.clone() + "/" + domain + ".crt"; let crt = certs_dir.clone() + "/" + domain + ".crt";
let key = certs_dir.clone() + "/" + domain + ".key"; let key = certs_dir.clone() + "/" + domain + ".key";
if let None = DOMAINS.get(domain) { if DOMAINS.get(domain).is_none() {
DOMAINS.insert(domain.to_string(), true); DOMAINS.insert(domain.to_string(), true);
let mut newlist: Vec<String> = Vec::new(); let mut newlist: Vec<String> = Vec::new();
for item in DOMAINS.iter() { for item in DOMAINS.iter() {
@@ -40,15 +40,12 @@ pub async fn order(domain: &str, credsfile: &str, certs_dir: String) -> Result<S
} }
} }
let _ = match cert_expiry(crt.as_str()) { if let Ok(expiry) = cert_expiry(crt.as_str()) {
Ok(expiry) => {
let now = std::time::SystemTime::now().duration_since(std::time::UNIX_EPOCH)?.as_secs(); let now = std::time::SystemTime::now().duration_since(std::time::UNIX_EPOCH)?.as_secs();
if expiry > now + 30 * 24 * 3600 { if expiry > now + 30 * 24 * 3600 {
// println!("Fresh certificate exists. Not renewing !"); // println!("Fresh certificate exists. Not renewing !");
return Ok("Fresh certificate exists. Not renewing ! \n".to_string()); return Ok("Fresh certificate exists. Not renewing ! \n".to_string());
} }
}
Err(_) => {}
}; };
let account = get_account(credsfile).await?; let account = get_account(credsfile).await?;
@@ -73,7 +70,7 @@ pub async fn order(domain: &str, credsfile: &str, certs_dir: String) -> Result<S
let private_key = KeyPair::generate()?; let private_key = KeyPair::generate()?;
let signing_request = params.serialize_request(&private_key)?; let signing_request = params.serialize_request(&private_key)?;
let csr_der = signing_request.der(); let csr_der = signing_request.der();
order.finalize_csr(&csr_der).await?; order.finalize_csr(csr_der).await?;
// poll for certificate // poll for certificate
let cert_chain_pem = order.poll_certificate(&RetryPolicy::default()).await?; let cert_chain_pem = order.poll_certificate(&RetryPolicy::default()).await?;

26
src/tls/grades.rs
View File

@@ -16,17 +16,17 @@ const CIPHERS: CipherSuite = CipherSuite {
#[derive(Debug)] #[derive(Debug)]
pub enum TlsGrade { pub enum TlsGrade {
HIGH, High,
MEDIUM, Medium,
LEGACY, Legacy,
} }
impl TlsGrade { impl TlsGrade {
pub fn from_str(s: &str) -> Option<Self> { pub fn from_str(s: &str) -> Option<Self> {
match s.to_ascii_lowercase().as_str() { match s.to_ascii_lowercase().as_str() {
"high" => Some(TlsGrade::HIGH), "high" => Some(TlsGrade::High),
"medium" => Some(TlsGrade::MEDIUM), "medium" => Some(TlsGrade::Medium),
"unsafe" => Some(TlsGrade::LEGACY), "unsafe" => Some(TlsGrade::Legacy),
_ => None, _ => None,
} }
} }
@@ -41,22 +41,22 @@ pub fn prefer_h2<'a>(_ssl: &mut SslRef, alpn_in: &'a [u8]) -> Result<&'a [u8], A
pub fn set_tsl_grade(tls_settings: &mut TlsSettings, grade: &str) { pub fn set_tsl_grade(tls_settings: &mut TlsSettings, grade: &str) {
let config_grade = TlsGrade::from_str(grade); let config_grade = TlsGrade::from_str(grade);
match config_grade { match config_grade {
Some(TlsGrade::HIGH) => { Some(TlsGrade::High) => {
let _ = tls_settings.set_min_proto_version(Some(SslVersion::TLS1_2)); let _ = tls_settings.set_min_proto_version(Some(SslVersion::TLS1_2));
// let _ = tls_settings.set_max_proto_version(Some(SslVersion::TLS1_3)); // let _ = tls_settings.set_max_proto_version(Some(SslVersion::TLS1_3));
let _ = tls_settings.set_cipher_list(CIPHERS.high); let _ = tls_settings.set_cipher_list(CIPHERS.high);
// let _ = tls_settings.set_ciphersuites(CIPHERS.high); // let _ = tls_settings.set_ciphersuites(CIPHERS.high);
let _ = tls_settings.set_cipher_list(CIPHERS.high); let _ = tls_settings.set_cipher_list(CIPHERS.high);
info!("TLS grade: {:?}, => HIGH", tls_settings.options()); info!("TLS grade: {:?}, => High", tls_settings.options());
} }
Some(TlsGrade::MEDIUM) => { Some(TlsGrade::Medium) => {
let _ = tls_settings.set_min_proto_version(Some(SslVersion::TLS1)); let _ = tls_settings.set_min_proto_version(Some(SslVersion::TLS1));
let _ = tls_settings.set_cipher_list(CIPHERS.medium); let _ = tls_settings.set_cipher_list(CIPHERS.medium);
// let _ = tls_settings.set_ciphersuites(CIPHERS.medium); // let _ = tls_settings.set_ciphersuites(CIPHERS.medium);
let _ = tls_settings.set_cipher_list(CIPHERS.medium); let _ = tls_settings.set_cipher_list(CIPHERS.medium);
info!("TLS grade: {:?}, => MEDIUM", tls_settings.options()); info!("TLS grade: {:?}, => Medium", tls_settings.options());
} }
Some(TlsGrade::LEGACY) => { Some(TlsGrade::Legacy) => {
let _ = tls_settings.set_min_proto_version(Some(SslVersion::SSL3)); let _ = tls_settings.set_min_proto_version(Some(SslVersion::SSL3));
let _ = tls_settings.set_cipher_list(CIPHERS.legacy); let _ = tls_settings.set_cipher_list(CIPHERS.legacy);
// let _ = tls_settings.set_ciphersuites(CIPHERS.legacy); // let _ = tls_settings.set_ciphersuites(CIPHERS.legacy);
@@ -64,12 +64,12 @@ pub fn set_tsl_grade(tls_settings: &mut TlsSettings, grade: &str) {
warn!("TLS grade: {:?}, => UNSAFE", tls_settings.options()); warn!("TLS grade: {:?}, => UNSAFE", tls_settings.options());
} }
None => { None => {
// Defaults to MEDIUM // Defaults to Medium
let _ = tls_settings.set_min_proto_version(Some(SslVersion::TLS1)); let _ = tls_settings.set_min_proto_version(Some(SslVersion::TLS1));
let _ = tls_settings.set_cipher_list(CIPHERS.medium); let _ = tls_settings.set_cipher_list(CIPHERS.medium);
// let _ = tls_settings.set_ciphersuites(CIPHERS.medium); // let _ = tls_settings.set_ciphersuites(CIPHERS.medium);
let _ = tls_settings.set_cipher_list(CIPHERS.medium); let _ = tls_settings.set_cipher_list(CIPHERS.medium);
warn!("TLS grade is not detected defaulting top MEDIUM"); warn!("TLS grade is not detected defaulting top Medium");
} }
} }
} }

4
src/tls/load.rs
View File

@@ -60,7 +60,7 @@ impl Certificates {
} }
} }
Some(Self { Some(Self {
name_map: name_map, name_map,
configs: cert_infos, configs: cert_infos,
default_cert_path: default_cert.cert_path.clone(), default_cert_path: default_cert.cert_path.clone(),
default_key_path: default_cert.key_path.clone(), default_key_path: default_cert.key_path.clone(),
@@ -93,7 +93,7 @@ impl Certificates {
if let Some(name) = server_name { if let Some(name) = server_name {
match self.find_ssl_context(name) { match self.find_ssl_context(name) {
Some(ctx) => { Some(ctx) => {
ssl_ref.set_ssl_context(&*ctx).map_err(|_| SniError::ALERT_FATAL)?; ssl_ref.set_ssl_context(&ctx).map_err(|_| SniError::ALERT_FATAL)?;
} }
None => { None => {
log::debug!("No matching server name found"); log::debug!("No matching server name found");

7
src/utils/auth.rs
View File

@@ -153,9 +153,9 @@ impl AuthValidator for ForwardAuth<'_> {
impl AuthValidator for BasicAuth<'_> { impl AuthValidator for BasicAuth<'_> {
async fn validate(&self, session: &mut Session) -> bool { async fn validate(&self, session: &mut Session) -> bool {
if let Some(header) = session.get_header("authorization") { if let Some(header) = session.get_header("authorization") {
if let Some(h) = header.to_str().ok() { if let Ok(h) = header.to_str() {
if let Some((_, val)) = h.split_once(' ') { if let Some((_, val)) = h.split_once(' ') {
if let Some(decoded) = STANDARD.decode(val).ok() { if let Ok(decoded) = STANDARD.decode(val) {
if decoded.as_slice().ct_eq(self.0.as_bytes()).into() { if decoded.as_slice().ct_eq(self.0.as_bytes()).into() {
return true; return true;
} }
@@ -171,7 +171,7 @@ impl AuthValidator for BasicAuth<'_> {
impl AuthValidator for ApiKeyAuth<'_> { impl AuthValidator for ApiKeyAuth<'_> {
async fn validate(&self, session: &mut Session) -> bool { async fn validate(&self, session: &mut Session) -> bool {
if let Some(header) = session.get_header("x-api-key") { if let Some(header) = session.get_header("x-api-key") {
if let Some(h) = header.to_str().ok() { if let Ok(h) = header.to_str() {
return h.as_bytes().ct_eq(self.0.as_bytes()).into(); return h.as_bytes().ct_eq(self.0.as_bytes()).into();
} }
} }
@@ -227,6 +227,7 @@ pub fn get_query_param(session: &mut Session, key: &str) -> Option<String> {
params.get(key).and_then(|v| decode(v).ok()).map(|s| s.to_string()) params.get(key).and_then(|v| decode(v).ok()).map(|s| s.to_string())
} }
#[allow(clippy::needless_return)]
fn split_host_port(addr: &str, tls: bool) -> Option<(&str, u16, bool, &str)> { fn split_host_port(addr: &str, tls: bool) -> Option<(&str, u16, bool, &str)> {
match addr.split_once(':') { match addr.split_once(':') {
Some((h, p)) => match p.parse::<u16>() { Some((h, p)) => match p.parse::<u16>() {

9
src/utils/filewatch.rs
View File

@@ -37,18 +37,13 @@ pub async fn start(fp: String, mut toreturn: Sender<Configuration>) {
match event { match event {
Ok(e) => match e.kind { Ok(e) => match e.kind {
EventKind::Modify(ModifyKind::Data(_)) | EventKind::Create(..) | EventKind::Remove(..) => { EventKind::Modify(ModifyKind::Data(_)) | EventKind::Create(..) | EventKind::Remove(..) => {
if e.paths[0].to_str().unwrap().ends_with("yaml") { if e.paths[0].to_str().unwrap().ends_with("yaml") && start.elapsed() > Duration::from_secs(2) {
if start.elapsed() > Duration::from_secs(2) {
start = Instant::now(); start = Instant::now();
// info!("Config File changed :=> {:?}", e); // info!("Config File changed :=> {:?}", e);
let snd = load_configuration(file_path, "filepath").await.0; let snd = load_configuration(file_path, "filepath").await.0;
match snd { if let Some(snd) = snd {
Some(snd) => {
toreturn.send(snd).await.unwrap(); toreturn.send(snd).await.unwrap();
} }
None => {}
}
}
} }
} }
_ => (), _ => (),

16
src/utils/healthcheck.rs
View File

@@ -52,8 +52,8 @@ async fn build_upstreams(fullist: &UpstreamsDashMap, method: &str, client: &Clie
let path = path_entry.key(); let path = path_entry.key();
let mut innervec = Vec::new(); let mut innervec = Vec::new();
for (_, upstream) in path_entry.value().0.iter().enumerate() { for upstream in path_entry.value().0.iter() {
let tls = detect_tls(&upstream.address.to_string(), &upstream.port, &client).await; let tls = detect_tls(upstream.address.as_ref(), &upstream.port, client).await;
let is_h2 = matches!(tls.1, Some(Version::HTTP_2)); let is_h2 = matches!(tls.1, Some(Version::HTTP_2));
let link = if tls.0 { let link = if tls.0 {
@@ -75,7 +75,7 @@ async fn build_upstreams(fullist: &UpstreamsDashMap, method: &str, client: &Clie
}; };
if scheme.healthcheck.unwrap_or(true) { if scheme.healthcheck.unwrap_or(true) {
let resp = http_request(&link, method, "", &client).await; let resp = http_request(&link, method, "", client).await;
if resp.0 { if resp.0 {
if resp.1 { if resp.1 {
scheme.is_http2 = is_h2; // could be adjusted further scheme.is_http2 = is_h2; // could be adjusted further
@@ -109,12 +109,12 @@ async fn http_request(url: &str, method: &str, payload: &str, client: &Client) -
} }
} }
match send_request(&client, method, url, payload).await { match send_request(client, method, url, payload).await {
Some(response) => { Some(response) => {
let status = response.status().as_u16(); let status = response.status().as_u16();
((99..499).contains(&status), false) ((99..499).contains(&status), false)
} }
None => (ping_grpc(&url).await, true), None => (ping_grpc(url).await, true),
} }
} }
@@ -128,13 +128,9 @@ pub async fn ping_grpc(addr: &str) -> bool {
async fn detect_tls(ip: &str, port: &u16, client: &Client) -> (bool, Option<Version>) { async fn detect_tls(ip: &str, port: &u16, client: &Client) -> (bool, Option<Version>) {
let https_url = format!("https://{}:{}", ip, port); let https_url = format!("https://{}:{}", ip, port);
match client.get(&https_url).send().await { if let Ok(response) = client.get(&https_url).send().await {
Ok(response) => {
// println!("{} => {:?} (HTTPS)", https_url, response.version());
return (true, Some(response.version())); return (true, Some(response.version()));
} }
_ => {}
}
let http_url = format!("http://{}:{}", ip, port); let http_url = format!("http://{}:{}", ip, port);
match client.get(&http_url).send().await { match client.get(&http_url).send().await {
Ok(response) => { Ok(response) => {

11
src/utils/httpclient.rs
View File

@@ -23,11 +23,8 @@ pub async fn for_consul(url: String, token: Option<String>, conf: &GlobalService
let upstreams: DashMap<Arc<str>, (Vec<Arc<InnerMap>>, AtomicUsize)> = DashMap::new(); let upstreams: DashMap<Arc<str>, (Vec<Arc<InnerMap>>, AtomicUsize)> = DashMap::new();
let endpoints: Vec<ConsulService> = resp.json().await.ok()?; let endpoints: Vec<ConsulService> = resp.json().await.ok()?;
for subsets in endpoints { for subsets in endpoints {
// let addr = subsets.tagged_addresses.get("lan_ipv4").unwrap().address.clone();
// let prt = subsets.tagged_addresses.get("lan_ipv4").unwrap().port.clone();
let addr = subsets.tagged_addresses.get("lan_ipv4").unwrap().address.clone(); let addr = subsets.tagged_addresses.get("lan_ipv4").unwrap().address.clone();
let prt = subsets.tagged_addresses.get("lan_ipv4").unwrap().port.clone(); let prt = subsets.tagged_addresses.get("lan_ipv4").unwrap().port;
// let redirect_link = conf.redirect_to.as_ref().map(|www| Arc::from(www.as_str()));
let to_add = Arc::from(InnerMap { let to_add = Arc::from(InnerMap {
address: Arc::from(&*addr), address: Arc::from(&*addr),
port: prt, port: prt,
@@ -41,7 +38,7 @@ pub async fn for_consul(url: String, token: Option<String>, conf: &GlobalService
}); });
inner_vec.push(to_add); inner_vec.push(to_add);
} }
match_path(&conf, &upstreams, inner_vec.clone()); match_path(conf, &upstreams, inner_vec);
Some(upstreams) Some(upstreams)
} }
@@ -66,7 +63,7 @@ pub async fn for_kuber(url: &str, token: &str, conf: &GlobalServiceMapping) -> O
// let redirect_link = conf.redirect_to.as_ref().map(|www| Arc::from(www.as_str())); // let redirect_link = conf.redirect_to.as_ref().map(|www| Arc::from(www.as_str()));
let to_add = Arc::from(InnerMap { let to_add = Arc::from(InnerMap {
address: Arc::from(addr.ip.clone()), address: Arc::from(addr.ip.clone()),
port: port.port.clone(), port: port.port,
is_ssl: false, is_ssl: false,
is_http2: false, is_http2: false,
to_https: conf.to_https.unwrap_or(false), to_https: conf.to_https.unwrap_or(false),
@@ -78,7 +75,7 @@ pub async fn for_kuber(url: &str, token: &str, conf: &GlobalServiceMapping) -> O
inner_vec.push(to_add); inner_vec.push(to_add);
} }
} }
match_path(&conf, &upstreams, inner_vec.clone()); match_path(conf, &upstreams, inner_vec.clone());
} }
} }
} }

11
src/utils/kuberconsul.rs
View File

@@ -52,12 +52,13 @@ pub struct ConsulTaggedAddress {
#[serde(rename = "Port")] #[serde(rename = "Port")]
pub port: u16, pub port: u16,
} }
#[allow(clippy::type_complexity)]
pub fn list_to_upstreams(lt: Option<DashMap<Arc<str>, (Vec<Arc<InnerMap>>, AtomicUsize)>>, upstreams: &UpstreamsDashMap, i: &GlobalServiceMapping) { pub fn list_to_upstreams(lt: Option<DashMap<Arc<str>, (Vec<Arc<InnerMap>>, AtomicUsize)>>, upstreams: &UpstreamsDashMap, i: &GlobalServiceMapping) {
if let Some(list) = lt { if let Some(list) = lt {
match upstreams.get(&*i.hostname.clone()) { match upstreams.get(&*i.hostname.clone()) {
Some(upstr) => { Some(upstr) => {
for (k, v) in list { for (k, v) in list {
upstr.value().insert(Arc::from(k.to_owned()), v); upstr.value().insert(k.to_owned(), v);
} }
} }
None => { None => {
@@ -134,7 +135,7 @@ impl ServiceDiscovery for KubernetesDiscovery {
} }
let url = format!("https://{}/api/v1/namespaces/{}/endpoints/{}", server, namespace, service.hostname); let url = format!("https://{}/api/v1/namespaces/{}/endpoints/{}", server, namespace, service.hostname);
// let url = format!("https://{}/api/v1/namespaces/{}/endpoints?labelSelector=app", server, namespace); // let url = format!("https://{}/api/v1/namespaces/{}/endpoints?labelSelector=app", server, namespace);
let list = httpclient::for_kuber(&*url, &*token, &service).await; let list = httpclient::for_kuber(&url, &token, &service).await;
// println!("{:?}", list); // println!("{:?}", list);
list_to_upstreams(list, &upstreams, &service); list_to_upstreams(list, &upstreams, &service);
} }
@@ -209,7 +210,7 @@ impl ServiceDiscovery for ConsulDiscovery {
} }
} }
async fn clone_compare(upstreams: &UpstreamsDashMap, prev_upstreams: &UpstreamsDashMap, config: &Arc<Configuration>) -> Option<Configuration> { async fn clone_compare(upstreams: &UpstreamsDashMap, prev_upstreams: &UpstreamsDashMap, config: &Arc<Configuration>) -> Option<Configuration> {
if !compare_dashmaps(&upstreams, &prev_upstreams) { if !compare_dashmaps(upstreams, prev_upstreams) {
let tosend: Configuration = Configuration { let tosend: Configuration = Configuration {
upstreams: Default::default(), upstreams: Default::default(),
client_headers: config.client_headers.clone(), client_headers: config.client_headers.clone(),
@@ -219,8 +220,8 @@ async fn clone_compare(upstreams: &UpstreamsDashMap, prev_upstreams: &UpstreamsD
typecfg: config.typecfg.clone(), typecfg: config.typecfg.clone(),
extraparams: config.extraparams.clone(), extraparams: config.extraparams.clone(),
}; };
clone_dashmap_into(&upstreams, &prev_upstreams); clone_dashmap_into(upstreams, prev_upstreams);
clone_dashmap_into(&upstreams, &tosend.upstreams); clone_dashmap_into(upstreams, &tosend.upstreams);
print_upstreams(&tosend.upstreams); print_upstreams(&tosend.upstreams);
return Some(tosend); return Some(tosend);
}; };

10
src/utils/metrics.rs
View File

@@ -52,11 +52,11 @@ pub fn calc_metrics(metric_types: &MetricTypes) {
let timer = REQUEST_LATENCY.start_timer(); let timer = REQUEST_LATENCY.start_timer();
timer.observe_duration(); timer.observe_duration();
let version_str = match &metric_types.version { let version_str = match metric_types.version {
&Version::HTTP_11 => "HTTP/1.1", Version::HTTP_11 => "HTTP/1.1",
&Version::HTTP_2 => "HTTP/2.0", Version::HTTP_2 => "HTTP/2.0",
&Version::HTTP_3 => "HTTP/3.0", Version::HTTP_3 => "HTTP/3.0",
&Version::HTTP_10 => "HTTP/1.0", Version::HTTP_10 => "HTTP/1.0",
_ => "Unknown", _ => "Unknown",
}; };
REQUESTS_BY_VERSION.with_label_values(&[&version_str]).inc(); REQUESTS_BY_VERSION.with_label_values(&[&version_str]).inc();

8
src/utils/parceyaml.rs
View File

@@ -10,7 +10,7 @@ use std::sync::atomic::AtomicUsize;
use std::sync::{Arc, LazyLock}; use std::sync::{Arc, LazyLock};
use std::{env, fs}; use std::{env, fs};
pub static DOMAINS: LazyLock<DashMap<String, bool>> = LazyLock::new(|| DashMap::new()); pub static DOMAINS: LazyLock<DashMap<String, bool>> = LazyLock::new(DashMap::new);
pub async fn load_configuration(d: &str, kind: &str) -> (Option<Configuration>, String) { pub async fn load_configuration(d: &str, kind: &str) -> (Option<Configuration>, String) {
let mut conf_files = Vec::new(); let mut conf_files = Vec::new();
@@ -21,7 +21,7 @@ pub async fn load_configuration(d: &str, kind: &str) -> (Option<Configuration>,
let mut autocfg = Path::new(d).parent().unwrap().to_path_buf(); let mut autocfg = Path::new(d).parent().unwrap().to_path_buf();
autocfg.push("autoconfigs"); autocfg.push("autoconfigs");
if !fs::metadata(autocfg.clone()).is_ok() { if fs::metadata(autocfg.clone()).is_err() {
fs::create_dir_all(autocfg.clone()).ok(); fs::create_dir_all(autocfg.clone()).ok();
} }
autocfg.push("domains.json"); autocfg.push("domains.json");
@@ -228,8 +228,8 @@ async fn populate_file_upstreams(config: &mut Configuration, parsed: &Config) {
pub fn parce_main_config(path: &str) -> AppConfig { pub fn parce_main_config(path: &str) -> AppConfig {
let data = fs::read_to_string(path).unwrap(); let data = fs::read_to_string(path).unwrap();
let reply = DashMap::new(); let reply = DashMap::new();
let cfg: HashMap<String, String> = serde_yml::from_str(&*data).expect("Failed to parse main config file"); let cfg: HashMap<String, String> = serde_yml::from_str(&data).expect("Failed to parse main config file");
let mut cfo: AppConfig = serde_yml::from_str(&*data).expect("Failed to parse main config file"); let mut cfo: AppConfig = serde_yml::from_str(&data).expect("Failed to parse main config file");
log_builder(&cfo); log_builder(&cfo);
cfo.hc_method = cfo.hc_method.to_uppercase(); cfo.hc_method = cfo.hc_method.to_uppercase();
for (k, v) in cfg { for (k, v) in cfg {

22
src/utils/tools.rs
View File

@@ -150,7 +150,7 @@ pub fn merge_headers(target: &DashMap<Arc<str>, Vec<(String, Arc<str>)>>, source
for entry in source.iter() { for entry in source.iter() {
let global_key = entry.key().clone(); let global_key = entry.key().clone();
let global_values = entry.value().clone(); let global_values = entry.value().clone();
let mut target_entry = target.entry(global_key).or_insert_with(Vec::new); let mut target_entry = target.entry(global_key).or_default();
target_entry.extend(global_values); target_entry.extend(global_values);
} }
} }
@@ -198,7 +198,7 @@ pub fn clone_idmap_into(original: &UpstreamsDashMap, cloned: &UpstreamsIdMap) {
authorization: None, authorization: None,
}; };
cloned.insert(id, Arc::from(to_add)); cloned.insert(id, Arc::from(to_add));
cloned.insert(hh, Arc::from(x.to_owned())); cloned.insert(hh, x.to_owned());
// println!("CLONNED :===========> {:?}", cloned); // println!("CLONNED :===========> {:?}", cloned);
} }
new_inner_map.insert(path.clone(), new_vec); new_inner_map.insert(path.clone(), new_vec);
@@ -268,14 +268,14 @@ pub fn drop_priv(user: String, group: String, http_addr: String, tls_addr: Optio
thread::sleep(time::Duration::from_millis(10)); thread::sleep(time::Duration::from_millis(10));
loop { loop {
thread::sleep(time::Duration::from_millis(10)); thread::sleep(time::Duration::from_millis(10));
if port_is_available(http_addr.clone()) { if TcpListener::bind(&http_addr).is_err() {
break; break;
} }
} }
if let Some(tls_addr) = tls_addr { if let Some(tls_addr) = tls_addr {
loop { loop {
thread::sleep(time::Duration::from_millis(10)); thread::sleep(time::Duration::from_millis(10));
if port_is_available(tls_addr.clone()) { if TcpListener::bind(&tls_addr).is_err() {
break; break;
} }
} }
@@ -287,25 +287,15 @@ pub fn drop_priv(user: String, group: String, http_addr: String, tls_addr: Optio
} }
} }
fn port_is_available(addr: String) -> bool {
match TcpListener::bind(addr) {
Ok(_) => false,
Err(_) => true,
}
}
pub fn check_priv(addr: &str) { pub fn check_priv(addr: &str) {
let port = SocketAddr::from_str(addr).map(|sa| sa.port()).unwrap(); let port = SocketAddr::from_str(addr).map(|sa| sa.port()).unwrap();
match port < 1024 { if port < 1024 {
true => {
let meta = std::fs::metadata("/proc/self").map(|m| m.uid()).unwrap(); let meta = std::fs::metadata("/proc/self").map(|m| m.uid()).unwrap();
if meta != 0 { if meta != 0 {
error!("Running on privileged port requires to start as ROOT"); error!("Running on privileged port requires to start as ROOT");
process::exit(1) process::exit(1)
} }
} }
false => {}
}
} }
#[allow(dead_code)] #[allow(dead_code)]
@@ -397,7 +387,7 @@ pub fn prepend(prefix: &str, val: &Option<Arc<str>>, uri: &str, port: &str) -> O
let mut buf = String::with_capacity(32); let mut buf = String::with_capacity(32);
buf.push_str(prefix); buf.push_str(prefix);
buf.push_str(s); buf.push_str(s);
buf.push_str(":"); buf.push(':');
buf.push_str(port); buf.push_str(port);
buf.push_str(uri); buf.push_str(uri);
buf buf

27
src/web/bgservice.rs
View File

@@ -32,19 +32,20 @@ impl BackgroundService for LB {
let file_load = FromFileProvider { let file_load = FromFileProvider {
path: self.config.upstreams_conf.clone(), path: self.config.upstreams_conf.clone(),
}; };
let _ = tokio::spawn(async move { file_load.start(tx).await }); // let _ = tokio::spawn(async move { file_load.start(tx).await });
drop(tokio::spawn(async move { file_load.start(tx).await }));
} }
"kubernetes" => { "kubernetes" => {
info!("Running Kubernetes discovery, requested type is: {}", config.typecfg); info!("Running Kubernetes discovery, requested type is: {}", config.typecfg);
let cf = Arc::from(config); let cf = Arc::from(config);
let kuber_load = KubernetesProvider { config: cf.clone() }; let kuber_load = KubernetesProvider { config: cf.clone() };
let _ = tokio::spawn(async move { kuber_load.start(tx).await }); drop(tokio::spawn(async move { kuber_load.start(tx).await }));
} }
"consul" => { "consul" => {
info!("Running Consul discovery, requested type is: {}", config.typecfg); info!("Running Consul discovery, requested type is: {}", config.typecfg);
let cf = Arc::from(config); let cf = Arc::from(config);
let consul_load = ConsulProvider { config: cf.clone() }; let consul_load = ConsulProvider { config: cf.clone() };
let _ = tokio::spawn(async move { consul_load.start(tx).await }); drop(tokio::spawn(async move { consul_load.start(tx).await }));
} }
_ => { _ => {
error!("Unknown discovery type: {}", config.typecfg); error!("Unknown discovery type: {}", config.typecfg);
@@ -57,7 +58,7 @@ impl BackgroundService for LB {
let api_load = APIUpstreamProvider { let api_load = APIUpstreamProvider {
address: self.config.config_address.clone(), address: self.config.config_address.clone(),
masterkey: self.config.master_key.clone(), masterkey: self.config.master_key.clone(),
config_api_enabled: self.config.config_api_enabled.clone(), config_api_enabled: self.config.config_api_enabled,
// certs_dir: self.config.proxy_certificates.clone().unwrap_or_else(|| "/tmp".to_string()), // certs_dir: self.config.proxy_certificates.clone().unwrap_or_else(|| "/tmp".to_string()),
config_dir: confdir.clone(), config_dir: confdir.clone(),
certs_dir: certdir.clone(), certs_dir: certdir.clone(),
@@ -71,14 +72,16 @@ impl BackgroundService for LB {
}; };
// let crtdir = api_load.certs_dir.clone(); // let crtdir = api_load.certs_dir.clone();
// let tx_api = tx.clone(); // let tx_api = tx.clone();
let _ = tokio::spawn(async move { api_load.start(tx_api).await }); drop(tokio::spawn(async move { api_load.start(tx_api).await }));
let uu = self.ump_upst.clone(); let uu = self.ump_upst.clone();
let ff = self.ump_full.clone(); let ff = self.ump_full.clone();
let im = self.ump_byid.clone(); let im = self.ump_byid.clone();
let (hc_method, hc_interval) = (self.config.hc_method.clone(), self.config.hc_interval); let (hc_method, hc_interval) = (self.config.hc_method.clone(), self.config.hc_interval);
let _ = tokio::spawn(async move { healthcheck::hc2(uu, ff, im, (&*hc_method.to_string(), hc_interval.to_string().parse().unwrap())).await }); drop(tokio::spawn(async move {
let _ = tokio::spawn(async move { refresh_order(certdir, confdir).await }); healthcheck::hc2(uu, ff, im, (&*hc_method.to_string(), hc_interval.to_string().parse().unwrap())).await
}));
drop(tokio::spawn(async move { refresh_order(certdir, confdir).await }));
loop { loop {
tokio::select! { tokio::select! {
@@ -86,8 +89,7 @@ impl BackgroundService for LB {
break; break;
} }
val = rx.next() => { val = rx.next() => {
match val { if let Some(ss) = val {
Some(ss) => {
clone_dashmap_into(&ss.upstreams, &self.ump_full); clone_dashmap_into(&ss.upstreams, &self.ump_full);
clone_dashmap_into(&ss.upstreams, &self.ump_upst); clone_dashmap_into(&ss.upstreams, &self.ump_upst);
let current = self.extraparams.load_full(); let current = self.extraparams.load_full();
@@ -99,7 +101,6 @@ impl BackgroundService for LB {
self.extraparams.store(Arc::new(new)); self.extraparams.store(Arc::new(new));
self.client_headers.clear(); self.client_headers.clear();
self.server_headers.clear(); self.server_headers.clear();
for entry in ss.upstreams.iter() { for entry in ss.upstreams.iter() {
let global_key = entry.key().clone(); let global_key = entry.key().clone();
let client_global_values = DashMap::new(); let client_global_values = DashMap::new();
@@ -111,7 +112,6 @@ impl BackgroundService for LB {
server_target_entry.extend(server_global_values); server_target_entry.extend(server_global_values);
self.server_headers.insert(server_target_entry.key().to_owned(), server_target_entry.value().to_owned()); self.server_headers.insert(server_target_entry.key().to_owned(), server_target_entry.value().to_owned());
} }
for path in ss.client_headers.iter() { for path in ss.client_headers.iter() {
let path_key = path.key().clone(); let path_key = path.key().clone();
let path_headers = path.value().clone(); let path_headers = path.value().clone();
@@ -122,7 +122,6 @@ impl BackgroundService for LB {
} }
} }
} }
for path in ss.server_headers.iter() { for path in ss.server_headers.iter() {
let path_key = path.key().clone(); let path_key = path.key().clone();
let path_headers = path.value().clone(); let path_headers = path.value().clone();
@@ -133,10 +132,6 @@ impl BackgroundService for LB {
} }
} }
} }
// info!("Upstreams list is changed, updating to:");
// print_upstreams(&self.ump_full);
}
None => {}
} }
} }
} }

6
src/web/proxyhttp.rs
View File

@@ -25,7 +25,7 @@ use tokio::time::Instant;
// static RATE_LIMITER: Lazy<Rate> = Lazy::new(|| Rate::new(Duration::from_secs(1))); // static RATE_LIMITER: Lazy<Rate> = Lazy::new(|| Rate::new(Duration::from_secs(1)));
// static REVERSE_STORE: Lazy<DashMap<String, String>> = Lazy::new(|| DashMap::new()); // static REVERSE_STORE: Lazy<DashMap<String, String>> = Lazy::new(|| DashMap::new());
static REVERSE_STORE: LazyLock<DashMap<String, String>> = LazyLock::new(|| DashMap::new()); static REVERSE_STORE: LazyLock<DashMap<String, String>> = LazyLock::new(DashMap::new);
thread_local! {static IP_BUFFER: RefCell<String> = RefCell::new(String::with_capacity(50));} thread_local! {static IP_BUFFER: RefCell<String> = RefCell::new(String::with_capacity(50));}
pub static RATE_LIMITER: LazyLock<Rate> = LazyLock::new(|| Rate::new(Duration::from_secs(1))); pub static RATE_LIMITER: LazyLock<Rate> = LazyLock::new(|| Rate::new(Duration::from_secs(1)));
@@ -132,8 +132,8 @@ impl ProxyHttp for LB {
s.push_str("https://"); s.push_str("https://");
s.push_str(host); s.push_str(host);
if port != "443" { if port != "443" {
s.push_str(":"); s.push(':');
s.push_str(&port); s.push_str(port);
} }
s.push_str(uri); s.push_str(uri);
let mut resp = ResponseHeader::build(StatusCode::MOVED_PERMANENTLY, None)?; let mut resp = ResponseHeader::build(StatusCode::MOVED_PERMANENTLY, None)?;

14
src/web/start.rs
View File

@@ -18,7 +18,7 @@ use std::sync::Arc;
use std::{fs, thread}; use std::{fs, thread};
pub fn run() { pub fn run() {
// default_provider().install_default().expect("Failed to install rustls crypto provider"); // default_provider().install_default().expect("Failed to install rustls crypto provider");
let parameters = Some(Opt::parse_args()).unwrap(); let parameters = Opt::parse_args();
let file = parameters.conf.clone().unwrap(); let file = parameters.conf.clone().unwrap();
let maincfg = crate::utils::parceyaml::parce_main_config(file.as_str()); let maincfg = crate::utils::parceyaml::parce_main_config(file.as_str());
@@ -60,13 +60,12 @@ pub fn run() {
check_priv(bind_address_http.as_str()); check_priv(bind_address_http.as_str());
match bind_address_tls { if let Some(bind_address_tls) = bind_address_tls {
Some(bind_address_tls) => {
check_priv(bind_address_tls.as_str()); check_priv(bind_address_tls.as_str());
let (tx, rx): (Sender<Vec<CertificateConfig>>, Receiver<Vec<CertificateConfig>>) = channel(); let (tx, rx): (Sender<Vec<CertificateConfig>>, Receiver<Vec<CertificateConfig>>) = channel();
let certs_path = cfg.proxy_configs.clone().unwrap() + "/certificates"; let certs_path = cfg.proxy_configs.clone().unwrap() + "/certificates";
if !fs::metadata(certs_path.clone()).is_ok() { if fs::metadata(certs_path.clone()).is_err() {
fs::create_dir_all(certs_path.clone()).unwrap(); fs::create_dir_all(certs_path.clone()).unwrap();
} }
thread::spawn(move || { thread::spawn(move || {
@@ -94,17 +93,12 @@ pub fn run() {
thread::spawn(move || { thread::spawn(move || {
while let Ok(new_configs) = rx.recv() { while let Ok(new_configs) = rx.recv() {
let new_certs = load::Certificates::new(&new_configs, grade.as_str()); let new_certs = load::Certificates::new(&new_configs, grade.as_str());
match new_certs { if let Some(new_certs) = new_certs {
Some(new_certs) => {
certs_for_watcher.store(Arc::new(new_certs)); certs_for_watcher.store(Arc::new(new_certs));
}
None => {}
}; };
} }
}); });
} }
None => {}
}
info!("Running HTTP listener on :{}", bind_address_http.as_str()); info!("Running HTTP listener on :{}", bind_address_http.as_str());
proxy.add_tcp(bind_address_http.as_str()); proxy.add_tcp(bind_address_http.as_str());
server.add_service(proxy); server.add_service(proxy);

17
src/web/webserver.rs
View File

@@ -85,7 +85,7 @@ pub async fn run_server(config: &APIUpstreamProvider, mut to_return: Sender<Conf
let static_files = ServeDir::new(folder); let static_files = ServeDir::new(folder);
let static_serve: Router = Router::new().fallback_service(static_files); let static_serve: Router = Router::new().fallback_service(static_files);
let static_listen = TcpListener::bind(address).await.unwrap(); let static_listen = TcpListener::bind(address).await.unwrap();
let _ = tokio::spawn(async move { axum::serve(static_listen, static_serve).await.unwrap() }); drop(tokio::spawn(async move { axum::serve(static_listen, static_serve).await.unwrap() }));
} }
let listener = TcpListener::bind(config.address.clone()).await.unwrap(); let listener = TcpListener::bind(config.address.clone()).await.unwrap();
@@ -103,7 +103,7 @@ async fn conf(State(st): State<AppState>, Query(params): Query<HashMap<String, S
let parsed = serde_yml::from_str::<Config>(strcontent); let parsed = serde_yml::from_str::<Config>(strcontent);
match parsed { match parsed {
Ok(_) => { Ok(_) => {
let _ = tokio::spawn(async move { apply_config(content.as_str(), st).await }); drop(tokio::spawn(async move { apply_config(content.as_str(), st).await }));
return Response::builder().status(StatusCode::OK).body(Body::from("Accepted! Applying in background\n")).unwrap(); return Response::builder().status(StatusCode::OK).body(Body::from("Accepted! Applying in background\n")).unwrap();
} }
Err(err) => { Err(err) => {
@@ -172,8 +172,9 @@ async fn metrics() -> impl IntoResponse {
.unwrap() .unwrap()
} }
#[allow(clippy::needless_return)]
async fn status(State(st): State<AppState>, Query(params): Query<HashMap<String, String>>) -> impl IntoResponse { async fn status(State(st): State<AppState>, Query(params): Query<HashMap<String, String>>) -> impl IntoResponse {
if let Some(_) = params.get("live") { if params.contains_key("live") {
let r = upstreams_liveness_json(&st.full_upstreams, &st.current_upstreams); let r = upstreams_liveness_json(&st.full_upstreams, &st.current_upstreams);
return Response::builder() return Response::builder()
.status(StatusCode::OK) .status(StatusCode::OK)
@@ -181,7 +182,7 @@ async fn status(State(st): State<AppState>, Query(params): Query<HashMap<String,
.body(Body::from(format!("{}", r))) .body(Body::from(format!("{}", r)))
.unwrap(); .unwrap();
} }
if let Some(_) = params.get("all") { if params.contains_key("all") {
let resp = upstreams_to_json(&st.current_upstreams); let resp = upstreams_to_json(&st.current_upstreams);
match resp { match resp {
Ok(j) => { Ok(j) => {
@@ -201,16 +202,17 @@ async fn status(State(st): State<AppState>, Query(params): Query<HashMap<String,
} }
Response::builder() Response::builder()
.status(StatusCode::INTERNAL_SERVER_ERROR) .status(StatusCode::INTERNAL_SERVER_ERROR)
.body(Body::from(format!("{}", "Parameter mismatch"))) .body(Body::from("Parameter mismatch"))
.unwrap() .unwrap()
} }
#[allow(clippy::needless_return)]
async fn acme_create(State(state): State<AppState>, Query(params): Query<HashMap<String, String>>, headers: HeaderMap) -> impl IntoResponse { async fn acme_create(State(state): State<AppState>, Query(params): Query<HashMap<String, String>>, headers: HeaderMap) -> impl IntoResponse {
if !key_authorization(&headers, &params, &state.master_key) { if !key_authorization(&headers, &params, &state.master_key) {
return Response::builder().status(StatusCode::FORBIDDEN).body(Body::from("Access Denied !\n")).unwrap(); return Response::builder().status(StatusCode::FORBIDDEN).body(Body::from("Access Denied !\n")).unwrap();
} }
let _ = match account::load_or_create(state.cert_creds.as_str()).await { match account::load_or_create(state.cert_creds.as_str()).await {
Ok(txt) => { Ok(txt) => {
return Response::builder() return Response::builder()
.status(StatusCode::OK) .status(StatusCode::OK)
@@ -226,6 +228,7 @@ async fn acme_create(State(state): State<AppState>, Query(params): Query<HashMap
} }
}; };
} }
#[allow(clippy::needless_return)]
async fn acme_order( async fn acme_order(
State(state): State<AppState>, State(state): State<AppState>,
axum::extract::Path(domain): axum::extract::Path<String>, axum::extract::Path(domain): axum::extract::Path<String>,
@@ -237,7 +240,7 @@ async fn acme_order(
} }
let domain_clean = domain.trim_matches('/'); let domain_clean = domain.trim_matches('/');
let _ = match order::order(domain_clean, state.cert_creds.as_str(), state.certs_dir).await { match order::order(domain_clean, state.cert_creds.as_str(), state.certs_dir).await {
Ok(txt) => { Ok(txt) => {
return Response::builder() return Response::builder()
.status(StatusCode::OK) .status(StatusCode::OK)