Migrate auth -> gel-auth

geldata · Feb 6, 2025 · d859014 · d859014
1 parent a8c5ae0
commit d859014
Show file tree

Hide file tree

Showing 15 changed files with 54 additions and 51 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -5,10 +5,10 @@ members = [
     "edb/edgeql-parser/edgeql-parser-python",
     "edb/graphql-rewrite",
     "edb/server/_rust_native",
-    "rust/auth",
     "rust/captive_postgres",
     "rust/conn_pool",
     "rust/db_proto",
+    "rust/gel-auth",
     "rust/gel-stream",
     "rust/pgrust",
     "rust/http",
@@ -22,7 +22,7 @@ tokio = { version = "1", features = ["rt", "rt-multi-thread", "macros", "time",
 tracing = "0.1.40"
 tracing-subscriber = { version = "0.3.18", features = ["registry", "env-filter"] }
 
-gel_auth = { path = "rust/auth" }
+gel-auth = { path = "rust/gel-auth" }
 gel-stream = { path = "rust/gel-stream" }
 db_proto = { path = "rust/db_proto" }
 captive_postgres = { path = "rust/captive_postgres" }

diff --git a/rust/captive_postgres/Cargo.toml b/rust/captive_postgres/Cargo.toml
@@ -10,7 +10,7 @@ edition = "2021"
 workspace = true
 
 [dependencies]
-gel_auth.workspace = true
+gel-auth.workspace = true
 
 openssl = "0.10.55"
 tempfile = "3"

diff --git a/rust/auth/Cargo.toml → rust/gel-auth/Cargo.toml b/rust/auth/Cargo.toml → rust/gel-auth/Cargo.toml
@@ -1,5 +1,5 @@
 [package]
-name = "gel_auth"
+name = "gel-auth"
 version = "0.1.0"
 license = "MIT/Apache-2.0"
 authors = ["MagicStack Inc. <[email protected]>"]
@@ -8,23 +8,26 @@ edition = "2021"
 [lints]
 workspace = true
 
+[features]
+python_extension = ["pyo3"]
+
 [dependencies]
+pyo3 = { workspace = true, optional = true }
 tracing.workspace = true
-
-rand = "0.8.5"
 md5 = "0.7.0"
-sha2 = "0.10.8"
-roaring = "0.10.6"
 constant_time_eq = "0.3"
-base64 = "0.22"
+derive_more = { version = "1", features = ["debug"] }
+rand = "0.8.5"
 unicode-normalization = "0.1.23"
-thiserror = "2"
+base64 = "0.22"
+roaring = "0.10.6"
 hmac = "0.12.1"
-derive_more = { version = "1", features = ["debug"] }
+sha2 = "0.10.8"
+thiserror = "2"
 
 [dev-dependencies]
 pretty_assertions = "1"
-rstest = "0.23.0"
+rstest = "0.24.0"
 hex-literal = "0.4.1"
 
 [lib]
diff --git a/rust/auth/README.md → rust/gel-auth/README.md b/rust/auth/README.md → rust/gel-auth/README.md
diff --git a/rust/auth/src/handshake/mod.rs → rust/gel-auth/src/handshake/mod.rs b/rust/auth/src/handshake/mod.rs → rust/gel-auth/src/handshake/mod.rs
diff --git a/rust/auth/src/handshake/server_auth.rs → rust/gel-auth/src/handshake/server_auth.rs b/rust/auth/src/handshake/server_auth.rs → rust/gel-auth/src/handshake/server_auth.rs
diff --git a/rust/auth/src/lib.rs → rust/gel-auth/src/lib.rs b/rust/auth/src/lib.rs → rust/gel-auth/src/lib.rs
@@ -1,8 +1,6 @@
 pub mod handshake;
 pub mod md5;
 pub mod scram;
-pub mod stringprep;
-mod stringprep_table;
 
 use rand::Rng;
 

diff --git a/rust/auth/src/md5.rs → rust/gel-auth/src/md5.rs b/rust/auth/src/md5.rs → rust/gel-auth/src/md5.rs
diff --git a/rust/auth/src/scram.rs → rust/gel-auth/src/scram/mod.rs b/rust/auth/src/scram.rs → rust/gel-auth/src/scram/mod.rs
@@ -74,7 +74,10 @@ use sha2::{digest::FixedOutput, Digest, Sha256};
 use std::borrow::Cow;
 use std::str::FromStr;
 
-use crate::stringprep::sasl_normalize_password_bytes;
+pub mod stringprep;
+mod stringprep_table;
+
+use stringprep::sasl_normalize_password_bytes;
 
 const CHANNEL_BINDING_ENCODED: &str = "biws";
 const MINIMUM_NONCE_LENGTH: usize = 16;

diff --git a/rust/auth/src/stringprep.rs → rust/gel-auth/src/scram/stringprep.rs b/rust/auth/src/stringprep.rs → rust/gel-auth/src/scram/stringprep.rs
@@ -8,7 +8,7 @@ use unicode_normalization::UnicodeNormalization;
 /// # Examples
 ///
 /// ```
-/// # use gel_auth::stringprep::*;
+/// # use gel_auth::scram::stringprep::*;
 /// assert_eq!(sasl_normalize_password_bytes(b"password").as_ref(), b"password");
 /// assert_eq!(sasl_normalize_password_bytes("passw\u{00A0}rd".as_bytes()).as_ref(), b"passw rd");
 /// assert_eq!(sasl_normalize_password_bytes("pass\u{200B}word".as_bytes()).as_ref(), b"password");
@@ -35,7 +35,7 @@ pub fn sasl_normalize_password_bytes(s: &[u8]) -> Cow<[u8]> {
 /// # Examples
 ///
 /// ```
-/// # use gel_auth::stringprep::*;
+/// # use gel_auth::scram::stringprep::*;
 /// assert_eq!(sasl_normalize_password("password").as_ref(), "password");
 /// assert_eq!(sasl_normalize_password("passw\u{00A0}rd").as_ref(), "passw rd");
 /// assert_eq!(sasl_normalize_password("pass\u{200B}word").as_ref(), "password");

diff --git a/rust/auth/src/stringprep_table.rs → rust/gel-auth/src/scram/stringprep_table.rs b/rust/auth/src/stringprep_table.rs → rust/gel-auth/src/scram/stringprep_table.rs
diff --git a/rust/auth/src/stringprep_table_prep.py → ...l-auth/src/scram/stringprep_table_prep.py b/rust/auth/src/stringprep_table_prep.py → ...l-auth/src/scram/stringprep_table_prep.py
diff --git a/rust/gel-stream/src/common/openssl.rs b/rust/gel-stream/src/common/openssl.rs
@@ -187,7 +187,7 @@ impl TlsDriver for OpensslDriver {
         if let (Some(cert), Some(key)) = (cert.as_ref(), key.as_ref()) {
             let builder = openssl::x509::X509::from_der(cert.as_ref())?;
             ssl.set_certificate(&builder)?;
-            let builder = openssl::pkey::PKey::private_key_from_der(&key.secret_der())?;
+            let builder = openssl::pkey::PKey::private_key_from_der(key.secret_der())?;
             ssl.set_private_key(&builder)?;
         }
 
@@ -249,8 +249,8 @@ impl TlsDriver for OpensslDriver {
         } = params;
 
         let mut ssl = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls_server())?;
-        let cert = openssl::x509::X509::from_der(&server_certificate.cert.as_ref())?;
-        let key = openssl::pkey::PKey::private_key_from_der(&server_certificate.key.secret_der())?;
+        let cert = openssl::x509::X509::from_der(server_certificate.cert.as_ref())?;
+        let key = openssl::pkey::PKey::private_key_from_der(server_certificate.key.secret_der())?;
         ssl.set_certificate(&cert)?;
         ssl.set_private_key(&key)?;
         ssl.set_min_proto_version(min_protocol_version.map(|s| s.into()))?;
@@ -290,10 +290,8 @@ impl TlsDriver for OpensslDriver {
 
         let mut stream = tokio_openssl::SslStream::new(params, stream)?;
         let res = Pin::new(&mut stream).do_handshake().await;
-        if res.is_err() {
-            if stream.ssl().verify_result() != X509VerifyResult::OK {
-                return Err(SslError::OpenSslErrorVerify(stream.ssl().verify_result()));
-            }
+        if res.is_err() && stream.ssl().verify_result() != X509VerifyResult::OK {
+            return Err(SslError::OpenSslErrorVerify(stream.ssl().verify_result()));
         }
 
         let alpn = stream
@@ -348,14 +346,14 @@ impl TlsDriver for OpensslDriver {
     }
 }
 
-fn ssl_select_next_proto<'a, 'b>(server: &'a [u8], client: &'b [u8]) -> Option<&'b [u8]> {
+fn ssl_select_next_proto<'b>(server: &[u8], client: &'b [u8]) -> Option<&'b [u8]> {
     let mut server_packet = server;
     while !server_packet.is_empty() {
-        let server_proto_len = *server_packet.get(0)? as usize;
+        let server_proto_len = *server_packet.first()? as usize;
         let server_proto = server_packet.get(1..1 + server_proto_len)?;
         let mut client_packet = client;
         while !client_packet.is_empty() {
-            let client_proto_len = *client_packet.get(0)? as usize;
+            let client_proto_len = *client_packet.first()? as usize;
             let client_proto = client_packet.get(1..1 + client_proto_len)?;
             if client_proto == server_proto {
                 return Some(client_proto);

diff --git a/rust/pgrust/Cargo.toml b/rust/pgrust/Cargo.toml
@@ -13,12 +13,12 @@ python_extension = ["pyo3/serde"]
 optimizer = []
 
 [dependencies]
-gel_auth.workspace = true
+gel-auth.workspace = true
+gel-stream = { workspace = true, features = ["client"] }
 pyo3.workspace = true
 tokio.workspace = true
 tracing.workspace = true
 db_proto.workspace = true
-gel-stream = { workspace = true, features = ["client"] }
 
 futures = "0"
 thiserror = "1"