further simplify proxy config

proxy/Cargo.toml

@@ -4,16 +4,16 @@ version = "0.1.0"
 edition = "2021"
 
 [dependencies]
-color-eyre = "0.6.3"
-serde = { version = "1.0.214", features = ["derive"] }
-serde_json = "1.0.132"
-tokio = { version = "1.37.0", features = ["full"] }
-tokio-rustls = "^0.26"
-toml = "0.8.19"
-tracing = { version = "0.1.40", features = ["async-await"] }
-tracing-subscriber = { version = "0.3.18", features = ["env-filter"] }
+color-eyre = "^0.6"
+serde = { version = "1", features = ["derive"] }
+serde_json = "1"
+tokio = { version = "^1.37", features = ["full"] }
+tokio-rustls = "0.26"
+toml = "0.8"
+tracing = { version = "^0.1.40", features = ["async-await"] }
+tracing-subscriber = { version = "^0.3.18", features = ["env-filter"] }
 mumble-web2-common = { workspace = true }
-salvo = { version = "0.74.2", features = [
+salvo = { version = "^0.74.2", features = [
   "quinn",
   "eyre",
   "rustls",
@@ -22,8 +22,9 @@ salvo = { version = "0.74.2", features = [
   "craft",
   "cors",
 ] }
-once_cell = "1.20.2"
+once_cell = "^1.20"
 rustls = { version = "^0.23", features = ["aws_lc_rs"] }
-rcgen = "0.13.2"
-hmac-sha256 = "1.1.8"
+rcgen = "^0.13.2"
+hmac-sha256 = "^1.1.8"
 time = "0.3"
+url = "2"

proxy/src/main.rs

@@ -1,6 +1,5 @@
 use color_eyre::eyre::{anyhow, bail, Context, Result};
-use mumble_web2_common::GuiConfig;
-use once_cell::sync::OnceCell;
+use mumble_web2_common::ClientConfig;
 use salvo::conn::rustls::{Keycert, RustlsConfig};
 use salvo::cors::{AllowOrigin, Cors};
 use salvo::logging::Logger;
@@ -9,14 +8,14 @@ use salvo::proto::quic::BidiStream;
 use serde::{Deserialize, Serialize};
 use std::net::{SocketAddr, ToSocketAddrs};
 use std::path::PathBuf;
-use std::sync::{Arc, Mutex};
+use std::sync::Arc;
 use tokio::fs;
 use tokio::io::{AsyncRead, AsyncReadExt, AsyncWrite, AsyncWriteExt};
 use tokio::net::TcpStream;
 use tokio::pin;
 use tokio_rustls::rustls::client::danger::{HandshakeSignatureValid, ServerCertVerifier};
 use tokio_rustls::rustls::pki_types::{CertificateDer, ServerName, UnixTime};
-use tokio_rustls::rustls::{ClientConfig, DigitallySignedStruct};
+use tokio_rustls::rustls::{ClientConfig as RlsClientConfig, DigitallySignedStruct};
 use tokio_rustls::{rustls, TlsConnector};
 use tracing::info;
 use tracing::info_span;
@@ -24,6 +23,7 @@ use tracing::Instrument;
 use tracing::{error, instrument};
 use tracing_subscriber::filter::LevelFilter;
 use tracing_subscriber::EnvFilter;
+use url::Url;
 
 fn default_cert_alt_names() -> Vec<String> {
     vec!["localhost".into()]
@@ -31,6 +31,7 @@ fn default_cert_alt_names() -> Vec<String> {
 
 #[derive(Debug, Deserialize, Serialize)]
 struct Config {
+    public_url: Url,
     https_listen_address: SocketAddr,
     http_listen_address: Option<SocketAddr>,
     cert_path: Option<PathBuf>,
@@ -40,12 +41,9 @@ struct Config {
     mumble_server_url: String,
     mumble_server_address: Option<SocketAddr>,
     gui_path: Option<PathBuf>,
-    gui: Mutex<GuiConfig>,
 }
 
-static CONFIG: OnceCell<Config> = OnceCell::new();
-
-fn init_config() -> Result<()> {
+fn init_config() -> Result<Config> {
     let mut config: Config = toml::from_str(
         &std::fs::read_to_string("./config.toml")
             .context("reading config.toml (try making a copy of config.toml.example)")?,
@@ -63,24 +61,22 @@ fn init_config() -> Result<()> {
             config.mumble_server_url
         ))?;
     config.mumble_server_address = Some(mumble_server_addr);
-    CONFIG
-        .set(config)
-        .map_err(|_| anyhow!("config already initialized"))?;
-    Ok(())
+    Ok(config)
 }
 
 #[tokio::main]
 async fn main() -> Result<()> {
     init_logging();
-    init_config()?;
-    let config = CONFIG.get().unwrap();
-    info!("config\n{}", toml::to_string_pretty(&config)?);
+    let server_config = Arc::new(init_config()?);
+    info!("config:\n{}", toml::to_string_pretty(&*server_config)?);
 
     rustls::crypto::aws_lc_rs::default_provider()
         .install_default()
         .map_err(|e| anyhow!("could not install crypto provider {e:?}"))?;
 
-    let (cert, key) = match (&config.cert_path, &config.key_path) {
+    let mut client_config = ClientConfig::default();
+    client_config.proxy_url = Some(server_config.public_url.join("proxy")?.to_string());
+    let (cert, key) = match (&server_config.cert_path, &server_config.key_path) {
         (None, None) => {
             info!("generating self-signed cert");
 
@@ -88,17 +84,15 @@ async fn main() -> Result<()> {
             let mut dname = rcgen::DistinguishedName::new();
             dname.push(rcgen::DnType::CommonName, "mumble-web self-signed");
             let key_pair = rcgen::KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256)?;
-            let mut cert_params = rcgen::CertificateParams::new(config.cert_alt_names.clone())?;
+            let mut cert_params =
+                rcgen::CertificateParams::new(server_config.cert_alt_names.clone())?;
             cert_params.distinguished_name = dname;
             cert_params.not_before = time::OffsetDateTime::now_utc();
             cert_params.not_after = cert_params.not_before + time::Duration::days(12);
             let cert = cert_params.self_signed(&key_pair)?;
 
             let hash = hmac_sha256::Hash::hash(cert.der().as_ref());
-            {
-                let mut gui_config = config.gui.lock().unwrap();
-                gui_config.cert_hash = Some(hash.into());
-            }
+            client_config.cert_hash = Some(hash.into());
 
             (cert.pem().into(), key_pair.serialize_pem().into())
         }
@@ -118,16 +112,22 @@ async fn main() -> Result<()> {
     };
     let rustls_config = RustlsConfig::new(Keycert::new().cert(cert.as_slice()).key(key.as_slice()));
 
+    info!(
+        "client config:\n{}",
+        toml::to_string_pretty(&client_config)?
+    );
+
     let config_craft = ConfigCraft {
-        client_config: config.gui.lock().unwrap().clone(),
+        server_config: server_config.clone(),
+        client_config,
     };
 
     // Server routing
     let mut router = Router::new()
-        .push(Router::with_path("/proxy").goal(connect_proxy))
+        .push(Router::with_path("/proxy").goal(config_craft.connect_proxy()))
         .push(Router::with_path("/config").get(config_craft.get_config()))
         .hoop(Logger::new());
-    if let Some(gui_path) = config.gui_path.clone() {
+    if let Some(gui_path) = server_config.gui_path.clone() {
         router =
             router.push(Router::with_path("/").get(StaticFile::new(gui_path.join("index.html"))));
         router = router.push(Router::with_path("/<*+rest>").get(StaticDir::new(gui_path)));
@@ -138,10 +138,10 @@ async fn main() -> Result<()> {
     let service = Service::new(router).hoop(cors);
 
     // Create http listeners
-    let http_listener = config.http_listen_address.map(TcpListener::new);
+    let http_listener = server_config.http_listen_address.map(TcpListener::new);
     let https_listener =
-        TcpListener::new(config.https_listen_address).rustls(rustls_config.clone());
-    let http3_listener = QuinnListener::new(rustls_config, config.https_listen_address);
+        TcpListener::new(server_config.https_listen_address).rustls(rustls_config.clone());
+    let http3_listener = QuinnListener::new(rustls_config, server_config.https_listen_address);
 
     // Start server
     match (http_listener, https_listener, http3_listener) {
@@ -160,76 +160,65 @@ async fn main() -> Result<()> {
 
 #[derive(Clone)]
 pub struct ConfigCraft {
-    client_config: GuiConfig,
+    server_config: Arc<Config>,
+    client_config: ClientConfig,
 }
 
 #[craft]
 impl ConfigCraft {
     #[craft(handler)]
-    async fn get_config(&self) -> Json<GuiConfig> {
+    async fn get_config(&self) -> Json<ClientConfig> {
         Json(self.client_config.clone())
     }
-}
 
-#[handler]
-#[instrument]
-async fn connect_proxy(req: &mut Request, res: &mut Response) {
-    info!("received proxy request");
-    let mumble_server_address = CONFIG.get().unwrap().mumble_server_address.unwrap();
+    #[craft(handler)]
+    async fn connect_proxy(&self, req: &mut Request, res: &mut Response) {
+        info!("received proxy request");
+        let mumble_server_address = self.server_config.mumble_server_address.unwrap();
 
-    let wt = match req.web_transport_mut().await {
-        Ok(wt) => wt,
-        Err(err) => {
-            res.status_code(StatusCode::BAD_REQUEST);
-            res.render(format!("error with webtransport: {err:?}"));
-            return;
-        }
-    };
-    info!("got webtransport for connection");
+        let wt = match req.web_transport_mut().await {
+            Ok(wt) => wt,
+            Err(err) => {
+                res.status_code(StatusCode::BAD_REQUEST);
+                res.render(format!("error with webtransport: {err:?}"));
+                return;
+            }
+        };
+        info!("got webtransport for connection");
 
-    use salvo::webtransport::server::AcceptedBi;
-    let (id, bi) = match wt.accept_bi().await {
-        Ok(Some(AcceptedBi::BidiStream(id, bi))) => (id, bi),
-        Ok(Some(AcceptedBi::Request(req, _))) => {
-            res.status_code(StatusCode::BAD_REQUEST);
-            res.render(format!(
-                "expected webtransport stream but got request {req:?}"
-            ));
-            return;
-        }
-        Ok(None) => {
-            res.status_code(StatusCode::BAD_REQUEST);
-            res.render(format!("no bidirectional connection requested"));
-            return;
-        }
-        Err(err) => {
-            res.status_code(StatusCode::INTERNAL_SERVER_ERROR);
-            res.render(format!("error with bidirectional connection: {err:?}"));
-            return;
-        }
-    };
+        use salvo::webtransport::server::AcceptedBi;
+        let (id, bi) = match wt.accept_bi().await {
+            Ok(Some(AcceptedBi::BidiStream(id, bi))) => (id, bi),
+            Ok(Some(AcceptedBi::Request(req, _))) => {
+                res.status_code(StatusCode::BAD_REQUEST);
+                res.render(format!(
+                    "expected webtransport stream but got request {req:?}"
+                ));
+                return;
+            }
+            Ok(None) => {
+                res.status_code(StatusCode::BAD_REQUEST);
+                res.render(format!("no bidirectional connection requested"));
+                return;
+            }
+            Err(err) => {
+                res.status_code(StatusCode::INTERNAL_SERVER_ERROR);
+                res.render(format!("error with bidirectional connection: {err:?}"));
+                return;
+            }
+        };
 
-    /*
-    let id = wt.session_id();
-    let bi = match wt.open_bi(id).await {
-        Ok(bi) => bi,
-        Err(err) => {
-            res.status_code(StatusCode::BAD_REQUEST);
-            res.render(format!("could not open bidirectional stream: {err:?}"));
-            return;
+        let (outgoing, incoming) = bi.split();
+        let res = tokio::spawn(async move {
+            if let Err(error) = connect_proxy_impl(mumble_server_address, incoming, outgoing).await
+            {
+                error!("error connecting proxy {error:?}")
+            }
+        })
+        .await;
+        if let Err(err) = res {
+            error!("crash in connected proxy {err:?}");
         }
-    };
-    */
-
-    let (outgoing, incoming) = bi.split();
-    let res = tokio::spawn(async move {
-        if let Err(error) = connect_proxy_impl(mumble_server_address, incoming, outgoing).await {
-            error!("error connecting proxy {error:?}")
-        }
-    })
-    .await;
-    if let Err(err) = res {
-        error!("crash in connected proxy {err:?}");
     }
 }
 
@@ -241,7 +230,7 @@ async fn connect_proxy_impl(
 ) -> Result<()> {
     info!("connecting to Mumble server...");
 
-    let config = ClientConfig::builder()
+    let config = RlsClientConfig::builder()
         .dangerous()
         .with_custom_certificate_verifier(Arc::new(NoCertificateVerification))
         .with_no_client_auth();