diff --git a/Cargo.lock b/Cargo.lock index 1eab733d036..946a23db1e7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -303,7 +303,7 @@ checksum = "9ac0150caa2ae65ca5bd83f25c7de183dea78d4d366469f148435e2acfbad0da" name = "captive_postgres" version = "0.1.0" dependencies = [ - "gel_auth", + "gel-auth", "nix", "openssl", "socket2", @@ -957,6 +957,27 @@ dependencies = [ "slab", ] +[[package]] +name = "gel-auth" +version = "0.1.0" +dependencies = [ + "base64", + "constant_time_eq", + "derive_more", + "hex-literal", + "hmac", + "md5", + "pretty_assertions", + "pyo3", + "rand", + "roaring", + "rstest 0.24.0", + "sha2", + "thiserror 2.0.3", + "tracing", + "unicode-normalization", +] + [[package]] name = "gel-stream" version = "0.1.0" @@ -982,26 +1003,6 @@ dependencies = [ "webpki", ] -[[package]] -name = "gel_auth" -version = "0.1.0" -dependencies = [ - "base64", - "constant_time_eq", - "derive_more", - "hex-literal", - "hmac", - "md5", - "pretty_assertions", - "rand", - "roaring", - "rstest 0.23.0", - "sha2", - "thiserror 2.0.3", - "tracing", - "unicode-normalization", -] - [[package]] name = "generic-array" version = "0.14.7" @@ -1982,8 +1983,8 @@ dependencies = [ "db_proto", "derive_more", "futures", + "gel-auth", "gel-stream", - "gel_auth", "hex-literal", "hexdump", "libc", diff --git a/Cargo.toml b/Cargo.toml index e012e8a583e..51df7775b64 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -5,10 +5,10 @@ members = [ "edb/edgeql-parser/edgeql-parser-python", "edb/graphql-rewrite", "edb/server/_rust_native", - "rust/auth", "rust/captive_postgres", "rust/conn_pool", "rust/db_proto", + "rust/gel-auth", "rust/gel-stream", "rust/pgrust", "rust/http", @@ -22,7 +22,7 @@ tokio = { version = "1", features = ["rt", "rt-multi-thread", "macros", "time", tracing = "0.1.40" tracing-subscriber = { version = "0.3.18", features = ["registry", "env-filter"] } -gel_auth = { path = "rust/auth" } +gel-auth = { path = "rust/gel-auth" } gel-stream = { path = "rust/gel-stream" } db_proto = { path = "rust/db_proto" } captive_postgres = { path = "rust/captive_postgres" } diff --git a/rust/captive_postgres/Cargo.toml b/rust/captive_postgres/Cargo.toml index 7ca25c35c55..2e51e166c3f 100644 --- a/rust/captive_postgres/Cargo.toml +++ b/rust/captive_postgres/Cargo.toml @@ -10,7 +10,7 @@ edition = "2021" workspace = true [dependencies] -gel_auth.workspace = true +gel-auth.workspace = true openssl = "0.10.55" tempfile = "3" diff --git a/rust/auth/Cargo.toml b/rust/gel-auth/Cargo.toml similarity index 80% rename from rust/auth/Cargo.toml rename to rust/gel-auth/Cargo.toml index f4ecf765b12..e88922fcac2 100644 --- a/rust/auth/Cargo.toml +++ b/rust/gel-auth/Cargo.toml @@ -1,5 +1,5 @@ [package] -name = "gel_auth" +name = "gel-auth" version = "0.1.0" license = "MIT/Apache-2.0" authors = ["MagicStack Inc. "] @@ -8,23 +8,26 @@ edition = "2021" [lints] workspace = true +[features] +python_extension = ["pyo3"] + [dependencies] +pyo3 = { workspace = true, optional = true } tracing.workspace = true - -rand = "0.8.5" md5 = "0.7.0" -sha2 = "0.10.8" -roaring = "0.10.6" constant_time_eq = "0.3" -base64 = "0.22" +derive_more = { version = "1", features = ["debug"] } +rand = "0.8.5" unicode-normalization = "0.1.23" -thiserror = "2" +base64 = "0.22" +roaring = "0.10.6" hmac = "0.12.1" -derive_more = { version = "1", features = ["debug"] } +sha2 = "0.10.8" +thiserror = "2" [dev-dependencies] pretty_assertions = "1" -rstest = "0.23.0" +rstest = "0.24.0" hex-literal = "0.4.1" [lib] diff --git a/rust/auth/README.md b/rust/gel-auth/README.md similarity index 100% rename from rust/auth/README.md rename to rust/gel-auth/README.md diff --git a/rust/auth/src/handshake/mod.rs b/rust/gel-auth/src/handshake/mod.rs similarity index 100% rename from rust/auth/src/handshake/mod.rs rename to rust/gel-auth/src/handshake/mod.rs diff --git a/rust/auth/src/handshake/server_auth.rs b/rust/gel-auth/src/handshake/server_auth.rs similarity index 100% rename from rust/auth/src/handshake/server_auth.rs rename to rust/gel-auth/src/handshake/server_auth.rs diff --git a/rust/auth/src/lib.rs b/rust/gel-auth/src/lib.rs similarity index 98% rename from rust/auth/src/lib.rs rename to rust/gel-auth/src/lib.rs index 4310b15e060..e6d98eac020 100644 --- a/rust/auth/src/lib.rs +++ b/rust/gel-auth/src/lib.rs @@ -1,8 +1,6 @@ pub mod handshake; pub mod md5; pub mod scram; -pub mod stringprep; -mod stringprep_table; use rand::Rng; diff --git a/rust/auth/src/md5.rs b/rust/gel-auth/src/md5.rs similarity index 100% rename from rust/auth/src/md5.rs rename to rust/gel-auth/src/md5.rs diff --git a/rust/auth/src/scram.rs b/rust/gel-auth/src/scram/mod.rs similarity index 99% rename from rust/auth/src/scram.rs rename to rust/gel-auth/src/scram/mod.rs index 8c1e8ace725..0b824de762b 100644 --- a/rust/auth/src/scram.rs +++ b/rust/gel-auth/src/scram/mod.rs @@ -74,7 +74,10 @@ use sha2::{digest::FixedOutput, Digest, Sha256}; use std::borrow::Cow; use std::str::FromStr; -use crate::stringprep::sasl_normalize_password_bytes; +pub mod stringprep; +mod stringprep_table; + +use stringprep::sasl_normalize_password_bytes; const CHANNEL_BINDING_ENCODED: &str = "biws"; const MINIMUM_NONCE_LENGTH: usize = 16; diff --git a/rust/auth/src/stringprep.rs b/rust/gel-auth/src/scram/stringprep.rs similarity index 98% rename from rust/auth/src/stringprep.rs rename to rust/gel-auth/src/scram/stringprep.rs index 89c3bc37d48..8b79a374660 100644 --- a/rust/auth/src/stringprep.rs +++ b/rust/gel-auth/src/scram/stringprep.rs @@ -8,7 +8,7 @@ use unicode_normalization::UnicodeNormalization; /// # Examples /// /// ``` -/// # use gel_auth::stringprep::*; +/// # use gel_auth::scram::stringprep::*; /// assert_eq!(sasl_normalize_password_bytes(b"password").as_ref(), b"password"); /// assert_eq!(sasl_normalize_password_bytes("passw\u{00A0}rd".as_bytes()).as_ref(), b"passw rd"); /// assert_eq!(sasl_normalize_password_bytes("pass\u{200B}word".as_bytes()).as_ref(), b"password"); @@ -35,7 +35,7 @@ pub fn sasl_normalize_password_bytes(s: &[u8]) -> Cow<[u8]> { /// # Examples /// /// ``` -/// # use gel_auth::stringprep::*; +/// # use gel_auth::scram::stringprep::*; /// assert_eq!(sasl_normalize_password("password").as_ref(), "password"); /// assert_eq!(sasl_normalize_password("passw\u{00A0}rd").as_ref(), "passw rd"); /// assert_eq!(sasl_normalize_password("pass\u{200B}word").as_ref(), "password"); diff --git a/rust/auth/src/stringprep_table.rs b/rust/gel-auth/src/scram/stringprep_table.rs similarity index 100% rename from rust/auth/src/stringprep_table.rs rename to rust/gel-auth/src/scram/stringprep_table.rs diff --git a/rust/auth/src/stringprep_table_prep.py b/rust/gel-auth/src/scram/stringprep_table_prep.py similarity index 100% rename from rust/auth/src/stringprep_table_prep.py rename to rust/gel-auth/src/scram/stringprep_table_prep.py diff --git a/rust/gel-stream/src/common/openssl.rs b/rust/gel-stream/src/common/openssl.rs index 40d39587fc6..4111792685d 100644 --- a/rust/gel-stream/src/common/openssl.rs +++ b/rust/gel-stream/src/common/openssl.rs @@ -187,7 +187,7 @@ impl TlsDriver for OpensslDriver { if let (Some(cert), Some(key)) = (cert.as_ref(), key.as_ref()) { let builder = openssl::x509::X509::from_der(cert.as_ref())?; ssl.set_certificate(&builder)?; - let builder = openssl::pkey::PKey::private_key_from_der(&key.secret_der())?; + let builder = openssl::pkey::PKey::private_key_from_der(key.secret_der())?; ssl.set_private_key(&builder)?; } @@ -249,8 +249,8 @@ impl TlsDriver for OpensslDriver { } = params; let mut ssl = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls_server())?; - let cert = openssl::x509::X509::from_der(&server_certificate.cert.as_ref())?; - let key = openssl::pkey::PKey::private_key_from_der(&server_certificate.key.secret_der())?; + let cert = openssl::x509::X509::from_der(server_certificate.cert.as_ref())?; + let key = openssl::pkey::PKey::private_key_from_der(server_certificate.key.secret_der())?; ssl.set_certificate(&cert)?; ssl.set_private_key(&key)?; ssl.set_min_proto_version(min_protocol_version.map(|s| s.into()))?; @@ -290,10 +290,8 @@ impl TlsDriver for OpensslDriver { let mut stream = tokio_openssl::SslStream::new(params, stream)?; let res = Pin::new(&mut stream).do_handshake().await; - if res.is_err() { - if stream.ssl().verify_result() != X509VerifyResult::OK { - return Err(SslError::OpenSslErrorVerify(stream.ssl().verify_result())); - } + if res.is_err() && stream.ssl().verify_result() != X509VerifyResult::OK { + return Err(SslError::OpenSslErrorVerify(stream.ssl().verify_result())); } let alpn = stream @@ -348,14 +346,14 @@ impl TlsDriver for OpensslDriver { } } -fn ssl_select_next_proto<'a, 'b>(server: &'a [u8], client: &'b [u8]) -> Option<&'b [u8]> { +fn ssl_select_next_proto<'b>(server: &[u8], client: &'b [u8]) -> Option<&'b [u8]> { let mut server_packet = server; while !server_packet.is_empty() { - let server_proto_len = *server_packet.get(0)? as usize; + let server_proto_len = *server_packet.first()? as usize; let server_proto = server_packet.get(1..1 + server_proto_len)?; let mut client_packet = client; while !client_packet.is_empty() { - let client_proto_len = *client_packet.get(0)? as usize; + let client_proto_len = *client_packet.first()? as usize; let client_proto = client_packet.get(1..1 + client_proto_len)?; if client_proto == server_proto { return Some(client_proto); diff --git a/rust/pgrust/Cargo.toml b/rust/pgrust/Cargo.toml index e65b8413e27..4a39e4da7fe 100644 --- a/rust/pgrust/Cargo.toml +++ b/rust/pgrust/Cargo.toml @@ -13,12 +13,12 @@ python_extension = ["pyo3/serde"] optimizer = [] [dependencies] -gel_auth.workspace = true +gel-auth.workspace = true +gel-stream = { workspace = true, features = ["client"] } pyo3.workspace = true tokio.workspace = true tracing.workspace = true db_proto.workspace = true -gel-stream = { workspace = true, features = ["client"] } futures = "0" thiserror = "1"