Github/aralez
1
0
Fork 0
mirror of https://github.com/sadoyan/aralez.git synced 2026-04-30 14:58:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: Github:v0.81.1
Branches Tags
Github:main
Github:v.0.92.3 Github:v.0.92.2 Github:v.0.92.1 Github:v.0.86.1 Github:v.0.85.2 Github:v.0.85.1 Github:v.0.84.4 Github:v.0.84.3 Github:v.0.84.2 Github:v.0.84.1 Github:v.0.83.1 Github:v.0.82.5 Github:v.0.82.4 Github:v.0.82.3 Github:v.0.82.2 Github:v.0.82.1 Github:v.0.81.6 Github:v.0.81.5 Github:v.0.81.4 Github:v.0.81.3 Github:v.0.81.2 Github:v0.81.1 Github:v.0.80.0 Github:v.0.46 Github:v.0.45 Github:v.0.43 Github:v.0.42
...
compare: Github:v.0.81.3
Branches Tags
Github:main
Github:v.0.92.3 Github:v.0.92.2 Github:v.0.92.1 Github:v.0.86.1 Github:v.0.85.2 Github:v.0.85.1 Github:v.0.84.4 Github:v.0.84.3 Github:v.0.84.2 Github:v.0.84.1 Github:v.0.83.1 Github:v.0.82.5 Github:v.0.82.4 Github:v.0.82.3 Github:v.0.82.2 Github:v.0.82.1 Github:v.0.81.6 Github:v.0.81.5 Github:v.0.81.4 Github:v.0.81.3 Github:v.0.81.2 Github:v0.81.1 Github:v.0.80.0 Github:v.0.46 Github:v.0.45 Github:v.0.43 Github:v.0.42

6 Commits
v0.81.1 ... v.0.81.3

Author SHA1 Message Date
Ara Sadoyan
21e1276ff5 Readme update 2025-07-09 15:22:38 +02:00
Ara Sadoyan
8463cdabbc Added configurable rate limiter 2025-07-09 15:01:20 +02:00
Ara Sadoyan
d0e4b52ce6 Enable/Disable config API from config 2025-07-04 15:06:05 +02:00
Ara Sadoyan
b552d24497 README 2025-07-02 19:00:05 +02:00
Ara Sadoyan
2e33d692bb Added optional minimal file server 2025-07-02 18:29:14 +02:00
Ara Sadoyan
e586967830 Code cleanup, nothing special 2025-06-30 18:24:25 +02:00
12 changed files with 171 additions and 62 deletions
Expand all files Collapse all files

38
Cargo.lock generated
View File

@@ -128,9 +128,11 @@ dependencies = [
"log",
"mimalloc",
"notify",
"once_cell",
"pingora",
"pingora-core",
"pingora-http",
"pingora-limits",
"pingora-proxy",
"prometheus 0.14.0",
"rand 0.9.1",
@@ -141,6 +143,7 @@ dependencies = [
"sha2",
"tokio",
"tonic",
"tower-http",
"urlencoding",
"x509-parser",
]
@@ -1078,6 +1081,12 @@ dependencies = [
"pin-project-lite",
]
[[package]]
name = "http-range-header"
version = "0.4.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9171a2ea8a68358193d15dd5d70c1c10a2afc3e7e4c5bc92bc9f025cebd7359c"
[[package]]
name = "httparse"
version = "1.9.5"
@@ -1617,6 +1626,16 @@ version = "0.3.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a"
[[package]]
name = "mime_guess"
version = "2.0.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f7c44f8e672c00fe5308fa235f821cb4198414e1c77935c1ab6948d3fd78550e"
dependencies = [
"mime",
"unicase",
]
[[package]]
name = "minimal-lexical"
version = "0.2.1"
@@ -2068,6 +2087,15 @@ dependencies = [
"crc32fast",
]
[[package]]
name = "pingora-limits"
version = "0.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a719a8cb5558ca06bd6076c97b8905d500ea556da89e132ba53d4272844f95b9"
dependencies = [
"ahash",
]
[[package]]
name = "pingora-load-balancing"
version = "0.5.0"
@@ -3167,14 +3195,24 @@ checksum = "adc82fd73de2a9722ac5da747f12383d2bfdb93591ee6c58486e0097890f05f2"
dependencies = [
"bitflags 2.8.0",
"bytes",
"futures-core",
"futures-util",
"http",
"http-body",
"http-body-util",
"http-range-header",
"httpdate",
"iri-string",
"mime",
"mime_guess",
"percent-encoding",
"pin-project-lite",
"tokio",
"tokio-util",
"tower",
"tower-layer",
"tower-service",
"tracing",
]
[[package]]

5
Cargo.toml
View File

@@ -19,6 +19,8 @@ dashmap = "7.0.0-rc2"
pingora-core = "0.5.0"
pingora-proxy = "0.5.0"
pingora-http = "0.5.0"
pingora-limits = "0.5.0"
#pingora-pool = "0.5.0"
async-trait = "0.1.88"
env_logger = "0.11.8"
log = "0.4.27"
@@ -46,4 +48,7 @@ lazy_static = "1.5.0"
#openssl = "0.10.73"
x509-parser = "0.17.0"
rustls-pemfile = "2.2.0"
tower-http = { version = "0.6.6", features = ["fs"] }
once_cell = "1.20.2"

33
README.md
View File

@@ -13,7 +13,9 @@ Built on Rust, on top of **Cloudflares Pingora engine**, **Aralez** delivers
- **Dynamic Config Reloads** — Upstreams can be updated live via API, no restart required.
- **TLS Termination** — Built-in OpenSSL support.
- **Automatic load of certificates** — Automatically reads and loads certificates from a folder, without a restart.
- **Upstreams TLS detection** — Aralez will automatically detect if upstreams uses secure connection.
- **Built in rate limiter** — Limit requests to server, by setting up upper limit for requests per seconds, per virtualhost.
- **Authentication** — Supports Basic Auth, API tokens, and JWT verification.
- **Basic Auth**
- **API Key** via `x-api-key` header
@@ -24,6 +26,7 @@ Built on Rust, on top of **Cloudflares Pingora engine**, **Aralez** delivers
- Failover with health checks
- Sticky sessions via cookies
- **Unified Port** — Serve HTTP and WebSocket traffic over the same connection.
- **Built in file server** — Build in minimalistic file server for serving static files, should be added as upstreams for public access.
- **Memory Safe** — Created purely on Rust.
- **High Performance** — Built with [Pingora](https://github.com/cloudflare/pingora) and tokio for async I/O.
@@ -83,6 +86,9 @@ Built on Rust, on top of **Cloudflares Pingora engine**, **Aralez** delivers
| **hc_method** | HEAD | Healthcheck method (HEAD, GET, POST are supported) UPPERCASE |
| **hc_interval** | 2 | Interval for health checks in seconds |
| **master_key** | 5aeff7f9-7b94-447c-af60-e8c488544a3e | Master key for working with API server and JWT Secret generation |
| **file_server_folder** | /some/local/folder | Optional, local folder to serve |
| **file_server_address** | 127.0.0.1:3002 | Optional, Local address for file server. Can set as upstream for public access |
| **config_api_enabled** | true | Boolean to enable/disable remote config push capability |
### 🌐 `upstreams.yaml`
@@ -110,6 +116,24 @@ File names:
| `aralez-aarch64-musl.gz` | Static Linux ARM64 binary, without any system dependency |
| `aralez-aarch64-glibc.gz` | Dynamic Linux ARM64 binary, with minimal system dependencies |
## 💡 Note
In general **glibc** builds are working faster, but have few, basic, system dependencies for example :
```
linux-vdso.so.1 (0x00007ffeea33b000)
libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f09e7377000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f09e6320000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f09e613f000)
/lib64/ld-linux-x86-64.so.2 (0x00007f09e73b1000)
```
These are common to any Linux systems, so the binary should work on almost any Linux system.
**musl** builds are 100% portable, static compiled binaries and have zero system depencecies.
In general musl builds have a little less performance.
The most intensive tests shows 107k-110k requests per second on **Glibc** binaries against 97k-100k **Musl** ones.
## 🔌 Running the Proxy
```bash
@@ -142,6 +166,7 @@ A sample `upstreams.yaml` entry:
provider: "file"
sticky_sessions: false
to_https: false
rate_limit: 10
headers:
- "Access-Control-Allow-Origin:*"
- "Access-Control-Allow-Methods:POST, GET, OPTIONS"
@@ -172,13 +197,17 @@ myhost.mydomain.com:
- Sticky sessions are disabled globally. This setting applies to all upstreams. If enabled all requests will be 301 redirected to HTTPS.
- HTTP to HTTPS redirect disabled globally, but can be overridden by `to_https` setting per upstream.
- Requests to each hosted domains will be limited to 10 requests per second per virtualhost.
- Requests limits are calculated per requester ip plus requested virtualhost.
- If the requester exceeds the limit it will receive `429 Too Many Requests` error.
- Optional. Rate limiter will be disabled if the parameter is entirely removed from config.
- Requests to `myhost.mydomain.com/` will be proxied to `127.0.0.1` and `127.0.0.2`.
- Plain HTTP to `myhost.mydomain.com/foo` will get 301 redirect to configured TLS port of Aralez.
- Requests to `myhost.mydomain.com/foo` will be proxied to `127.0.0.4` and `127.0.0.5`.
- SSL/TLS for upstreams is detected automatically, no need to set any config parameter.
- Assuming the `127.0.0.5:8443` is SSL protected. The inner traffic will use TLS.
- Self signed certificates are silently accepted.
- Global headers (CORS for this case) will be injected to all upstreams
- Self-signed certificates are silently accepted.
- Global headers (CORS for this case) will be injected to all upstreams.
- Additional headers will be injected into the request for `myhost.mydomain.com`.
- You can choose any path, deep nested paths are supported, the best match chosen.
- All requests to servers will require JWT token authentication (You can comment out the authorization to disable it),

11
etc/main.yaml
View File

@@ -1,21 +1,24 @@
# Main configuration file , applied on startup
threads: 12 # Nubber of daemon threads default setting
#user: pastor # Username for running aralez after dropping root privileges, requires program to start as root
#group: pastor # Group for running aralez after dropping root privileges, requires program to start as root
#user: aralez # Username for running aralez after dropping root privileges, requires program to start as root
#group: aralez # Group for running aralez after dropping root privileges, requires program to start as root
daemon: false # Run in background
upstream_keepalive_pool_size: 500 # Pool size for upstream keepalive connections
pid_file: /tmp/aralez.pid # Path to PID file
error_log: /tmp/aralez_err.log # Path to error log
upgrade_sock: /tmp/aralez.sock # Path to socket file
config_api_enabled: true # Boolean to enable/disable remote config push capability.
config_address: 0.0.0.0:3000 # HTTP API address for pushing upstreams.yaml from remote location
config_tls_address: 0.0.0.0:3001 # HTTP TLS API address for pushing upstreams.yaml from remote location
config_tls_certificate: etc/server.crt # Mandatory if config_tls_address is set
config_tls_key_file: etc/key.pem # Mandatory if config_tls_address is set
proxy_address_http: 0.0.0.0:6193 # Proxy HTTP bind address
proxy_address_tls: 0.0.0.0:6194 # Optional, Proxy TLS bind address
proxy_certificates: etc/yoyo # Mandatory if proxy_address_tls set, should contain certificate and key files strictly in a format {NAME}.crt, {NAME}.key.
proxy_certificates: etc/certificates # Mandatory if proxy_address_tls set, should contain certificate and key files strictly in a format {NAME}.crt, {NAME}.key.
upstreams_conf: etc/upstreams.yaml # the location of upstreams file
#file_server_folder: /some/path # Optional, local folder to serve
#file_server_address: 127.0.0.1:3002 # Optional, Local address for file server. Can set as upstream for public access.
log_level: info # info, warn, error, debug, trace, off
hc_method: HEAD # Healthcheck method (HEAD, GET, POST are supported) UPPERCASE
hc_interval: 2 #Interval for health checks in seconds
master_key: 910517d9-f9a1-48de-8826-dbadacbd84af-cb6f830e-ab16-47ec-9d8f-0090de732774 # Mater key for working with API server and JWT Secret
master_key: 910517d9-f9a1-48de-8826-dbadacbd84af-cb6f830e-ab16-47ec-9d8f-0090de732774 # Mater key for working with API server and JWT Secret

1
etc/upstreams.yaml
View File

@@ -2,6 +2,7 @@
provider: "file" # consul
sticky_sessions: false
to_ssl: false
#rate_limit: 100
headers:
- "Access-Control-Allow-Origin:*"
- "Access-Control-Allow-Methods:POST, GET, OPTIONS"

3
src/utils/discovery.rs
View File

@@ -9,11 +9,14 @@ pub struct FromFileProvider {
pub path: String,
}
pub struct APIUpstreamProvider {
pub config_api_enabled: bool,
pub address: String,
pub masterkey: String,
pub tls_address: Option<String>,
pub tls_certificate: Option<String>,
pub tls_key_file: Option<String>,
pub file_server_address: Option<String>,
pub file_server_folder: Option<String>,
}
pub struct ConsulProvider {

14
src/utils/parceyaml.rs
View File

@@ -16,6 +16,7 @@ pub fn load_configuration(d: &str, kind: &str) -> Option<Configuration> {
sticky_sessions: false,
to_https: None,
authentication: DashMap::new(),
rate_limit: None,
},
};
toreturn.upstreams = UpstreamsDashMap::new();
@@ -55,9 +56,9 @@ pub fn load_configuration(d: &str, kind: &str) -> Option<Configuration> {
}
global_headers.insert("/".to_string(), hl);
toreturn.headers.insert("GLOBAL_HEADERS".to_string(), global_headers);
toreturn.extraparams.sticky_sessions = parsed.sticky_sessions;
toreturn.extraparams.to_https = parsed.to_https;
toreturn.extraparams.rate_limit = parsed.rate_limit;
}
if let Some(auth) = &parsed.authorization {
let name = auth.get("type").unwrap().to_string();
@@ -67,7 +68,6 @@ pub fn load_configuration(d: &str, kind: &str) -> Option<Configuration> {
} else {
toreturn.extraparams.authentication = DashMap::new();
}
match parsed.provider.as_str() {
"file" => {
toreturn.typecfg = "file".to_string();
@@ -150,15 +150,5 @@ pub fn parce_main_config(path: &str) -> AppConfig {
}
}
};
// match cfo.config_tls_address.clone() {
// Some(tls_cert) => {
// if let Some((ip, port_str)) = tls_cert.split_once(':') {
// if let Ok(port) = port_str.parse::<u16>() {
// cfo.local_tls_server = Option::from((ip.to_string(), port));
// }
// }
// }
// None => {}
// };
cfo
}

15
src/utils/structs.rs
View File

@@ -19,6 +19,7 @@ pub struct Extraparams {
pub sticky_sessions: bool,
pub to_https: Option<bool>,
pub authentication: DashMap<String, Vec<String>>,
pub rate_limit: Option<isize>,
}
#[derive(Clone, Debug, Serialize, Deserialize)]
@@ -37,11 +38,13 @@ pub struct Config {
pub headers: Option<Vec<String>>,
pub authorization: Option<HashMap<String, String>>,
pub consul: Option<Consul>,
pub rate_limit: Option<isize>,
}
#[derive(Debug, Serialize, Deserialize)]
pub struct HostConfig {
pub paths: HashMap<String, PathConfig>,
pub rate_limit: Option<isize>,
}
#[derive(Debug, Serialize, Deserialize)]
@@ -49,6 +52,7 @@ pub struct PathConfig {
pub servers: Vec<String>,
pub to_https: Option<bool>,
pub headers: Option<Vec<String>>,
pub rate_limit: Option<isize>,
}
#[derive(Debug)]
pub struct Configuration {
@@ -68,19 +72,14 @@ pub struct AppConfig {
pub master_key: String,
pub config_address: String,
pub proxy_address_http: String,
pub config_api_enabled: bool,
pub config_tls_address: Option<String>,
pub config_tls_certificate: Option<String>,
pub config_tls_key_file: Option<String>,
pub proxy_address_tls: Option<String>,
pub proxy_port_tls: Option<u16>,
// pub tls_certificate: Option<String>,
// pub tls_key_file: Option<String>,
pub local_server: Option<(String, u16)>,
pub proxy_certificates: Option<String>,
pub file_server_address: Option<String>,
pub file_server_folder: Option<String>,
}
// #[derive(Debug)]
// pub struct CertificateMove {
// pub cert_tx: Sender<CertificateConfig>,
// pub cert_rx: Receiver<CertificateConfig>,
// }

4
src/web/bgservice.rs
View File

@@ -36,9 +36,12 @@ impl BackgroundService for LB {
let api_load = APIUpstreamProvider {
address: self.config.config_address.clone(),
masterkey: self.config.master_key.clone(),
config_api_enabled: self.config.config_api_enabled.clone(),
tls_address: self.config.config_tls_address.clone(),
tls_certificate: self.config.config_tls_certificate.clone(),
tls_key_file: self.config.config_tls_key_file.clone(),
file_server_address: self.config.file_server_address.clone(),
file_server_folder: self.config.file_server_folder.clone(),
};
let tx_api = tx.clone();
let _ = tokio::spawn(async move { api_load.start(tx_api).await });
@@ -64,6 +67,7 @@ impl BackgroundService for LB {
new.sticky_sessions = ss.extraparams.sticky_sessions;
new.to_https = ss.extraparams.to_https;
new.authentication = ss.extraparams.authentication.clone();
new.rate_limit = ss.extraparams.rate_limit;
self.extraparams.store(Arc::new(new));
self.headers.clear();

64
src/web/proxyhttp.rs
View File

@@ -6,13 +6,16 @@ use arc_swap::ArcSwap;
use async_trait::async_trait;
use axum::body::Bytes;
use log::{debug, warn};
use once_cell::sync::Lazy;
use pingora::http::{RequestHeader, ResponseHeader, StatusCode};
use pingora::prelude::*;
use pingora::ErrorSource::Upstream;
use pingora_core::listeners::ALPN;
use pingora_core::prelude::HttpPeer;
use pingora_limits::rate::Rate;
use pingora_proxy::{ProxyHttp, Session};
use std::sync::Arc;
use std::time::Duration;
use tokio::time::Instant;
#[derive(Clone)]
@@ -30,12 +33,15 @@ pub struct Context {
to_https: bool,
redirect_to: String,
start_time: Instant,
hostname: Option<String>,
}
// Rate limiter
static RATE_LIMITER: Lazy<Rate> = Lazy::new(|| Rate::new(Duration::from_secs(1)));
// max request per second per client
// static MAX_REQ_PER_SEC: isize = 1;
#[async_trait]
impl ProxyHttp for LB {
// type CTX = ();
// fn new_ctx(&self) -> Self::CTX {}
type CTX = Context;
fn new_ctx(&self) -> Self::CTX {
Context {
@@ -43,6 +49,7 @@ impl ProxyHttp for LB {
to_https: false,
redirect_to: String::new(),
start_time: Instant::now(),
hostname: None,
}
}
async fn request_filter(&self, session: &mut Session, _ctx: &mut Self::CTX) -> Result<bool> {
@@ -54,13 +61,33 @@ impl ProxyHttp for LB {
return Ok(true);
}
};
let hostname = return_header_host(&session);
_ctx.hostname = hostname.clone();
if let Some(rate) = self.extraparams.load().rate_limit {
match hostname {
None => return Ok(false),
Some(host) => {
let curr_window_requests = RATE_LIMITER.observe(&host, 1);
if curr_window_requests > rate {
let mut header = ResponseHeader::build(429, None).unwrap();
header.insert_header("X-Rate-Limit-Limit", rate.to_string()).unwrap();
header.insert_header("X-Rate-Limit-Remaining", "0").unwrap();
header.insert_header("X-Rate-Limit-Reset", "1").unwrap();
session.set_keepalive(None);
session.write_response_header(Box::new(header), true).await?;
debug!("Rate limited: {:?}, {}", session.client_addr(), rate);
return Ok(true);
}
}
};
}
Ok(false)
}
async fn upstream_peer(&self, session: &mut Session, ctx: &mut Self::CTX) -> Result<Box<HttpPeer>> {
let host_name = return_header_host(&session);
match host_name {
// let host_name = return_header_host(&session);
match ctx.hostname.as_ref() {
Some(hostname) => {
// session.req_header_mut().headers.insert("X-Host-Name", host.to_string().parse().unwrap());
let mut backend_id = None;
if self.extraparams.load().sticky_sessions {
@@ -87,11 +114,11 @@ impl ProxyHttp for LB {
peer.options.alpn = ALPN::H2;
}
if ssl {
peer.sni = hostname.to_string();
peer.sni = hostname.clone();
peer.options.verify_cert = false;
peer.options.verify_hostname = false;
}
// println!("{}, {}, alpn {}, h2 {:?}, to_https {}", hostname, address.as_str(), peer.options.alpn, is_h2, _to_https);
if self.extraparams.load().to_https.unwrap_or(false) || to_https {
if let Some(stream) = session.stream() {
if stream.get_ssl().is_none() {
@@ -155,6 +182,12 @@ impl ProxyHttp for LB {
Ok(())
}
// async fn request_body_filter(&self, _session: &mut Session, _body: &mut Option<Bytes>, _end_of_stream: bool, _ctx: &mut Self::CTX) -> Result<()>
// where
// Self::CTX: Send + Sync,
// {
// Ok(())
// }
async fn response_filter(&self, session: &mut Session, _upstream_response: &mut ResponseHeader, ctx: &mut Self::CTX) -> Result<()> {
// _upstream_response.insert_header("X-Proxied-From", "Fooooooooooooooo").unwrap();
if self.extraparams.load().sticky_sessions {
@@ -169,7 +202,8 @@ impl ProxyHttp for LB {
redirect_response.insert_header("Content-Length", "0")?;
session.write_response_header(Box::new(redirect_response), false).await?;
}
match return_header_host(&session) {
// match return_header_host(&session) {
match ctx.hostname.as_ref() {
Some(host) => {
let path = session.req_header().uri.path();
let host_header = host;
@@ -195,6 +229,7 @@ impl ProxyHttp for LB {
}
None => {}
}
session.set_keepalive(Some(300));
Ok(())
}
@@ -211,26 +246,19 @@ impl ProxyHttp for LB {
}
}
fn return_header_host(session: &Session) -> Option<&str> {
fn return_header_host(session: &Session) -> Option<String> {
if session.is_http2() {
match session.req_header().uri.host() {
Some(host) => Option::from(host),
Some(host) => Option::from(host.to_string()),
None => None,
}
} else {
match session.req_header().headers.get("host") {
Some(host) => {
let header_host = host.to_str().unwrap().splitn(2, ':').collect::<Vec<&str>>();
Option::from(header_host[0])
Option::from(header_host[0].to_string())
}
None => None,
}
}
}
// fn return_no_host(inp: &Option<(String, u16)>) -> Box<HttpPeer> {
// match inp {
// Some(t) => Box::new(HttpPeer::new(t, false, String::new())),
// None => Box::new(HttpPeer::new(("0.0.0.0", 0), false, String::new())),
// }
// }

24
src/web/start.rs
View File

@@ -28,34 +28,24 @@ pub fn run() {
let ff_config = Arc::new(DashMap::new());
let im_config = Arc::new(DashMap::new());
let hh_config = Arc::new(DashMap::new());
let ec_config = Arc::new(ArcSwap::from_pointee(Extraparams {
sticky_sessions: false,
to_https: None,
authentication: DashMap::new(),
rate_limit: None,
}));
let cfg = Arc::new(maincfg);
let lb = LB {
ump_upst: uf_config.clone(),
ump_full: ff_config.clone(),
ump_byid: im_config.clone(),
ump_upst: uf_config,
ump_full: ff_config,
ump_byid: im_config,
config: cfg.clone(),
headers: hh_config.clone(),
extraparams: ec_config.clone(),
headers: hh_config,
extraparams: ec_config,
};
// let bg = LB {
// ump_upst: uf_config.clone(),
// ump_full: ff_config.clone(),
// ump_byid: im_config.clone(),
// config: cfg.clone(),
// headers: hh_config.clone(),
// extraparams: ec_config.clone(),
// config_rx: Arc::from(Mutex::new(rx)),
// };
// env_logger::Env::new();
// env_logger::init();
let log_level = cfg.log_level.clone();
unsafe {

21
src/web/webserver.rs
View File

@@ -17,6 +17,7 @@ use std::collections::HashMap;
use std::net::SocketAddr;
use std::time::{Duration, SystemTime, UNIX_EPOCH};
use tokio::net::TcpListener;
use tower_http::services::ServeDir;
#[derive(Deserialize)]
struct InputKey {
@@ -34,6 +35,7 @@ struct OutToken {
struct AppState {
master_key: String,
config_sender: Sender<Configuration>,
config_api_enabled: bool,
}
#[allow(unused_mut)]
@@ -41,13 +43,16 @@ pub async fn run_server(config: &APIUpstreamProvider, mut to_return: Sender<Conf
let app_state = AppState {
master_key: config.masterkey.clone(),
config_sender: to_return.clone(),
config_api_enabled: config.config_api_enabled.clone(),
};
let app = Router::new()
// .route("/{*wildcard}", get(senderror))
// .route("/{*wildcard}", post(senderror))
// .route("/{*wildcard}", put(senderror))
// .route("/{*wildcard}", head(senderror))
// .route("/{*wildcard}", delete(senderror))
// .nest_service("/static", static_files)
.route("/jwt", post(jwt_gen))
.route("/conf", post(conf))
.route("/metrics", get(metrics))
@@ -65,14 +70,28 @@ pub async fn run_server(config: &APIUpstreamProvider, mut to_return: Sender<Conf
info!("Starting the TLS API server on: {}", value);
}
if let (Some(address), Some(folder)) = (&config.file_server_address, &config.file_server_folder) {
let static_files = ServeDir::new(folder);
let static_serve: Router = Router::new().fallback_service(static_files);
let static_listen = TcpListener::bind(address).await.unwrap();
let _ = tokio::spawn(async move { axum::serve(static_listen, static_serve).await.unwrap() });
}
let listener = TcpListener::bind(config.address.clone()).await.unwrap();
info!("Starting the API server on: {}", config.address);
axum::serve(listener, app).await.unwrap();
}
async fn conf(State(mut st): State<AppState>, Query(params): Query<HashMap<String, String>>, content: String) -> impl IntoResponse {
if !st.config_api_enabled {
return Response::builder()
.status(StatusCode::FORBIDDEN)
.body(Body::from("Config remote API is disabled !\n"))
.unwrap();
}
if let Some(s) = params.get("key") {
if s.to_owned() == st.master_key.to_owned() {
if s.to_owned() == st.master_key {
if let Some(serverlist) = crate::utils::parceyaml::load_configuration(content.as_str(), "content") {
st.config_sender.send(serverlist).await.unwrap();
return Response::builder().status(StatusCode::OK).body(Body::from("Config, conf file, updated !\n")).unwrap();