berkus
/
actix-web
mirror of https://github.com/fafhrd91/actix-web
1
0
Fork 0
Code Issues Releases Wiki Activity

fix populate extensions for http2

This commit is contained in:
Rob Ede 2020-10-25 18:42:01 +00:00
parent ef3bf12805
commit b31803e72d
No known key found for this signature in database
GPG Key ID: C2A3B36E841A91E6
13 changed files with 295 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Cargo.toml
View File

@ -66,6 +66,12 @@ required-features = ["compress"]
[[example]]
name = "on_connect"
required-features = ["rustls"]
[[example]]
name = "client"
required-features = ["rustls"]
[dependencies]
actix-codec = "0.3.0"
@ -113,6 +119,7 @@ serde_derive = "1.0"
brotli2 = "0.3.2"
flate2 = "1.0.13"
criterion = "0.3"
webpki-roots = "0.20"
[profile.release]
lto = true
@ -128,10 +135,6 @@ actix-files = { path = "actix-files" }
actix-multipart = { path = "actix-multipart" }
awc = { path = "awc" }
[[example]]
name = "client"
required-features = ["rustls"]
[[bench]]
name = "server"
harness = false

3
actix-http/src/builder.rs
View File

@ -180,7 +180,8 @@ where
/// Set on-connect callback.
///
/// Called once per connection. Return value of the call is stored in request extensions.
#[deprecated = "Prefer the `on_connect_ext` style callback."]
///
/// *SOFT DEPRECATED*: Prefer the `on_connect_ext` style callback.
pub fn on_connect<F, I>(mut self, f: F) -> Self
where
F: Fn(&T) -> I + 'static,

8
actix-http/src/h2/dispatcher.rs
View File

@ -24,6 +24,7 @@ use crate::message::ResponseHead;
use crate::payload::Payload;
use crate::request::Request;
use crate::response::Response;
use crate::Extensions;
const CHUNK_SIZE: usize = 16_384;
@ -36,6 +37,7 @@ where
service: CloneableService<S>,
connection: Connection<T, Bytes>,
on_connect: Option<Box<dyn DataFactory>>,
on_connect_data: Extensions,
config: ServiceConfig,
peer_addr: Option<net::SocketAddr>,
ka_expire: Instant,
@ -56,6 +58,7 @@ where
service: CloneableService<S>,
connection: Connection<T, Bytes>,
on_connect: Option<Box<dyn DataFactory>>,
on_connect_data: Extensions,
config: ServiceConfig,
timeout: Option<Delay>,
peer_addr: Option<net::SocketAddr>,
@ -82,6 +85,7 @@ where
peer_addr,
connection,
on_connect,
on_connect_data,
ka_expire,
ka_timer,
_t: PhantomData,
@ -130,11 +134,15 @@ where
head.headers = parts.headers.into();
head.peer_addr = this.peer_addr;
// DEPRECATED
// set on_connect data
if let Some(ref on_connect) = this.on_connect {
on_connect.set(&mut req.extensions_mut());
}
// merge on_connect_ext data into request extensions
req.extensions_mut().drain_from(&mut this.on_connect_data);
actix_rt::spawn(ServiceResponse::<
S::Future,
S::Response,

4
actix-http/src/h2/service.rs
View File

@ -326,6 +326,7 @@ where
Some(self.cfg.clone()),
addr,
deprecated_on_connect,
Some(connect_extensions),
server::handshake(io),
),
}
@ -343,6 +344,7 @@ where
Option<ServiceConfig>,
Option<net::SocketAddr>,
Option<Box<dyn DataFactory>>,
Option<Extensions>,
Handshake<T, Bytes>,
),
}
@ -378,6 +380,7 @@ where
ref mut config,
ref peer_addr,
ref mut on_connect,
ref mut on_connect_data,
ref mut handshake,
) => match Pin::new(handshake).poll(cx) {
Poll::Ready(Ok(conn)) => {
@ -385,6 +388,7 @@ where
srv.take().unwrap(),
conn,
on_connect.take(),
on_connect_data.take().unwrap(),
config.take().unwrap(),
None,
*peer_addr,

22
actix-http/src/service.rs
View File

@ -20,7 +20,7 @@ use crate::error::{DispatchError, Error};
use crate::helpers::DataFactory;
use crate::request::Request;
use crate::response::Response;
use crate::{h1, h2::Dispatcher, ConnectCallback, Protocol};
use crate::{h1, h2::Dispatcher, ConnectCallback, Extensions, Protocol};
/// A `ServiceFactory` for HTTP/1.1 or HTTP/2 protocol.
pub struct HttpService<T, S, B, X = h1::ExpectHandler, U = h1::UpgradeHandler<T>> {
@ -562,12 +562,12 @@ where
}
fn call(&mut self, (io, proto, peer_addr): Self::Request) -> Self::Future {
let mut connect_extensions = crate::Extensions::new();
let mut connect_extensions = Extensions::new();
let legacy_on_connect = self.on_connect.as_ref().map(|handler| handler(&io));
self.on_connect_ext
.as_ref()
.map(|handler| handler(&io, &mut connect_extensions));
let deprecated_on_connect = self.on_connect.as_ref().map(|handler| handler(&io));
if let Some(ref handler) = self.on_connect_ext {
handler(&io, &mut connect_extensions);
}
match proto {
Protocol::Http2 => HttpServiceHandlerResponse {
@ -575,7 +575,8 @@ where
server::handshake(io),
self.cfg.clone(),
self.srv.clone(),
legacy_on_connect,
deprecated_on_connect,
connect_extensions,
peer_addr,
))),
},
@ -587,7 +588,7 @@ where
self.srv.clone(),
self.expect.clone(),
self.upgrade.clone(),
legacy_on_connect,
deprecated_on_connect,
connect_extensions,
peer_addr,
)),
@ -617,6 +618,7 @@ where
ServiceConfig,
CloneableService<S>,
Option<Box<dyn DataFactory>>,
Extensions,
Option<net::SocketAddr>,
)>,
),
@ -692,9 +694,9 @@ where
} else {
panic!()
};
let (_, cfg, srv, on_connect, peer_addr) = data.take().unwrap();
let (_, cfg, srv, on_connect, on_connect_data, peer_addr) = data.take().unwrap();
self.set(State::H2(Dispatcher::new(
srv, conn, on_connect, cfg, None, peer_addr,
srv, conn, on_connect, on_connect_data, cfg, None, peer_addr,
)));
self.poll(cx)
}

26
examples/certs/client-cert.pem Normal file
View File

@ -0,0 +1,26 @@
-----BEGIN CERTIFICATE-----
MIIEVDCCArygAwIBAgIRAOAgy58Y3ViVpV9G8DTyKzMwDQYJKoZIhvcNAQELBQAw
bTEeMBwGA1UEChMVbWtjZXJ0IGRldmVsb3BtZW50IENBMSEwHwYDVQQLDBhyb2JA
c29tYnJhLng1Mi5kZXYgKFJvYikxKDAmBgNVBAMMH21rY2VydCByb2JAc29tYnJh
Lng1Mi5kZXYgKFJvYikwHhcNMTkwNjAxMDAwMDAwWhcNMzAxMDI1MTczODMxWjBM
MScwJQYDVQQKEx5ta2NlcnQgZGV2ZWxvcG1lbnQgY2VydGlmaWNhdGUxITAfBgNV
BAsMGHJvYkBzb21icmEueDUyLmRldiAoUm9iKTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJsp9QFEpfEWFB3CyFTA2Rv2tUMwnpQcDtiB1hwH03EYcMlG
pEkMh1tPTK8WZo2igMJrBtP2Vf2AN0/hmFWUZV1ZEUUNXXW0QD2mHS8Rgz7nAgmq
V5XvmLLeeo2vMdw1B2qsRxCPTjbInDsZsBqv2GyXWo5/9o3PD32h4LNk3w0VyA47
f/jdpMWlcIXQoyJJV1U1FPLf92xYZvWc9Vf/+K6mStESEpoFll+b4uqjPpwrEz9Q
KBY4eyXwhGCrjQC0+jJFNlIcbV5FgQSYd4DVMcw6SWdMeV/+VtQs+JQrENjNB3am
nJ5xpoZ7mmNDOkWg4zvoYRL6o7LtqT+8EXptzMMCAwEAAaOBjzCBjDAOBgNVHQ8B
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMAwGA1UdEwEB
/wQCMAAwHwYDVR0jBBgwFoAUfpWkO5lYpQJz4omoVdVzuuZnn80wLAYDVR0RBCUw
I4IJbG9jYWxob3N0hwR/AAABhxAAAAAAAAAAAAAAAAAAAAABMA0GCSqGSIb3DQEB
CwUAA4IBgQB8ulsrStRha8SRxoPRlTNIb9WMjNl5KdZF+ePpUctBX0lFmxqn0upu
l3BoZkhMrpPRRcGlDPImuL7tfxk/IuTA6S1AEQtEHCC8WyZbq3RODPzVY6J/IOUv
H2ZwZYo0c714FyNx8igBpVSjHT6yCIeQkSQlTXsWxddToSeKYvXg8VI+M5L0DH1Y
jRb2u3GpMPdLhMqGNZPcwbLkVyMe5aj4hx334fa3uLf/CK6/5ev4+ozSNz3Qr8S7
iPE8WXrny/qEJmTEme7eq6K/QPTC9ly3j+5Ms3Uepnk0Jez9/ksOrlbYrWXhwD0P
Nwvn3HtiYy8q1HwRw5U+LMNyh6lIyfJUsu2tRmYz1fiH74tMDFb2pjDpcmvgaSJY
eSwKksOiX1No6K980ECEkCX9iQFwD5edTCnD2lz+AVGDzZPkY/551Ohl+KMh/mFG
uZNtgjUeMh0btfc9D+PLLLHjpSMVkRMEEmtm/Zi2nKeVCAdIomFfk+EFIEOdaMyk
SUZMUFzBP+4=
-----END CERTIFICATE-----

28
examples/certs/client-key.pem Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCbKfUBRKXxFhQd
wshUwNkb9rVDMJ6UHA7YgdYcB9NxGHDJRqRJDIdbT0yvFmaNooDCawbT9lX9gDdP
4ZhVlGVdWRFFDV11tEA9ph0vEYM+5wIJqleV75iy3nqNrzHcNQdqrEcQj042yJw7
GbAar9hsl1qOf/aNzw99oeCzZN8NFcgOO3/43aTFpXCF0KMiSVdVNRTy3/dsWGb1
nPVX//iupkrREhKaBZZfm+Lqoz6cKxM/UCgWOHsl8IRgq40AtPoyRTZSHG1eRYEE
mHeA1THMOklnTHlf/lbULPiUKxDYzQd2ppyecaaGe5pjQzpFoOM76GES+qOy7ak/
vBF6bczDAgMBAAECggEAOAzN/mlH8HDjT2TfbQ5E3z8dd2oGvsXr7vXn3DRPgxkr
FOo5ylGGS8u3jb/vx9Yd4R08WDEyGuLIGEkL+E4k17Wm8WTEkBJO6nYpMKmI2Z4l
NEyeWwE0DdkkOC5DOqLFTRlyil7aCBwro4XCAcHn0kJSagt7ivpzRBTH0MXtdRIL
L37nOInga2puSeHLOGj9W1Q0AX0EIiecqLPpCLmz+xotlevFBmlQ4iFT7xkoKH+s
NeqWEd0HTNYkYQZtZ9husDzNK4x59MKUYS1oWB8A8JKu5E4ovdb6R6LjyN/Y5lNl
3Z4Mg2DJ4iBN4DRnEBwiY8bdeqYboMNNyAbCU+nPYQKBgQDLP0lEYsdcSNF5Uv0c
fe5pUvAzyTUzVhP7LLOk2jdRxs85MNbYJkays40rROqm2+StSFgih3NpA9D1pl7f
ucJABlK9OkTtOshFSR6Q+0NomKLHhBGvYpouC2tIHjGsE/KjiQa4I1Pia72xpIWT
QK3isM2c11924RqdoJ0mpBKpOwKBgQDDb8k4U512u+exVvFQ8JEbro4oy4jsc74L
BZG6PbHZcIADKANmB15ahN3tCkDwJQ8iJYX7bmzn+8jR2HtznchgJwWN9aGtEP4C
qTmmyrJd09pMMs5W4/BucD7wJ7s32PwVUwj0nvW+BHE4LQk5td4a3VE1wj1EZ8bR
+JCK081yGQKBgQCG1vKtuvbWY70NR6CCwY1lNNAFG0z/RPE2pz57dQZUa5hZMeyn
NCWdMv/KIAupLaN1ztQh/Ej198Eu5/RzaxLTVR6ZScomtOPfC5aKyxe6keEUiqsM
91agi5TeIKIFrqpAEo1xpoZlZeNQsnyn57Y0+eU/U6eS/96fisoXs6xptwKBgQCy
loDqnsXCTR0AmbE0RFBlWlH/h1Ycs/tSeQlchanyR3JC8BqC7nLTBp0BUaBbkZHN
ozpWsuaD6jntQAQ3d1Q2QRI7Ud0ml+N1rQvIlWr+gGv3u2mATxRS5vEsZTIYa4iX
N+R0HJn0xHxtWAIZIU7Pf7QJCvEPhEFTd+8lXTxcaQKBgG5d4vG5AyYXuiKKmm+d
MM4PPMJNw3+u5G50hgI4D/1WlirP9m6HIpFouNNGoggxpBBUeokIBPsXbq/fnkq2
uZmkAkWZeMeWHbI0lHSsE98ZTQHg36dNJ9hRHVRJ9PA2/YTSnr3WzDaaA1v5aoTv
xJyGdLlEy+RiIZCPk9RKtVc4
-----END PRIVATE KEY-----

40
examples/certs/rootCA-key.pem Normal file
View File

@ -0,0 +1,40 @@
-----BEGIN PRIVATE KEY-----
MIIG/AIBADANBgkqhkiG9w0BAQEFAASCBuYwggbiAgEAAoIBgQCrw0DmUZg1hTEK
SekUpDXhEEmVsSCNx8ciLyGn1OhvNSKDI5Chn1bnRaYKFG64A799cgaLyKh6Oi14
09VsmPuCAwrHXfbnpy8MpVHv00p6gcFJhRSOzY3JlnfM9R5R7S1c8dEnhExYualg
p0jo0JiMNfqi4Ih6HqyKdM5JX7R1ud8e8UYRIWlR6JR2ycJGiuxr+gGf6Eifl29+
27FINgNsAOxIsOqHFjjGxAko/TS43Kws/S97AGpNJQs14cw1/RiGmLKi3+1txGpA
DNLNEi9Z4KDDQZyOo9bbv+n/H/hKHdfONPrDXFW0XtmeJbfsziBCS00ecxZWBx6q
jRNoLCj4Hftclr98FEfTHwecx1rUl5ntfz9LPJztgRrUzpmQo414ISALv7yOn9pM
z/QO68giHEfAr/08a9ZgMUmfLYl/ymrWMnroavS5bFEkeht/aQH5oXcpSzmcrj0r
D5OZlwH5JtTbnp7bA+G6zGrFediL1aN0jIKoXcHWFjESJpGIVFMCAwEAAQKCAYAk
tysTUJPBtQPjmCL7p5Jg1rN0DRXRWMgHVZ3TG17IDsqez6Zl9gKEk03Hz9BPA3YW
YZ5mmPDyl6cKsfVoLlds1iuirEJQCFu1T01xf2/nOf9QMONRFz1cvw5CwI7HonRU
7tfvo4cSXDWJlJiwM464Qf2efXKO8CmfuxIxewS/OYkpOxfoJ4U03guGTOB7Zczd
0+YvAV8sxhkuO9Xsgqc+mf/oFfE8CRL/4f23RlDTx1ACmehhWZhffzCjRu35CG2w
8wI7UpKQvnVaQJ8hpnwYpv5lFlTvh7lYHz97VdRSGs3k3szqFbuPzRyGgnwMwRbQ
W323XuSI6euAzc9aaUP4yo56CmYP+vngn/MIAXQj3YO1snMTf+RUg4AA44r8Lemw
It8dhGA3m48eVckQv5qGlCFlAwTUhdQiuEaDRymf037sNmQLcMAXp8YXDJRpGR4F
v5bgVXrFdQlg1Q54TB58G4DOtuz9J8TyKgvhQvjFS0BC2HVWCCPR+KCxKqncF/kC
gcEA20IpdVOeuJQxr6MvhUgFPD2hrKzDdAdFL28YSSSg2vOdbdavxOQ66WpUREx5
G1o4KUdf7Ex/z/XI0HRzZfjxAIKdpEcCebVa5HceOQsqb5RulLaflGc1sL8Lkc0c
sAsyj8QtCuYege/GgM3srF1V7Nu2oSMR2W9ZZuyDPzuwAyTkbQNsND/W2Y6REnSL
qlz2aK4BkkHHQqpjlmR/n8ejX00O1CERNUF6uRXi9ZN+wsMhBeuCRHf2bZHSD2aE
kNjnAoHBAMiLmaL/mZa0+sRPqdqldO1IOpGIn1L+NYngcQfqpTpLzB4FaYzZG/02
7CrPrYkojXy7Fc2dUM/i4BTOAnJIAeS9DvLA/5xmv9bid76e91+8zdXGU1R3JjYN
+n7TJbcwLXpJ6+M8vX/WDj5ZknVZHiBMWqVc+LLQLhfeupP1V3fD5qWcL1NuBrbF
P+G6y230NraoRNFzx+4E97eG7TXUSgnjeoRqiRiGOW7BAC1WWe1BHcJULKi6Gq2/
uyuMqe0ftQKBwCBwSXHyTSlBw5gYrI8reJrRA3polQI1kSbTaORpZuL95+y4NokK
uyyNbqosJj7FuklhJe/v4XkDBBLTJ7+OdRl+OZR0bQlUq33hobcOz9hyPWoDGtj5
7BeaLDwF/JiPD4v1mjRil2Dh+JxV2w4lQPEqEHsGlT12G+P+WeyhCAlvC9yVBQ01
5LOLRCtW0tMBrfMOy2y4DqLuUo2NkNQy1Rjkba00tzcJ2P5JHqr2h2qJM/mMPlmi
5fKQAGQG5tYHQQKBwG24cwZK8a0St2BQdY26mI55xhF5vjGaA5C7yxuZtWx/q92A
+I6m+jk/o1aI6VjxZvenI/aq61vRtOetDomX+/E5vsPx8+eOD8dxgDI6pv0qPzOG
nnDH/4/zdemNfEUNhtQxPW3F/afDZWeXehnZ+DGTlMSEaUzruUw1/76TrJdKBxb0
rK/osqOsp5bIrCQsSQMGbSBrSCdhcGZo279ntlpSquVnpDpWtXVzArXLWMgFqFJ5
2zU1HQOSssTQ4OdrQQKBwEjUyeaG/exb/vNzHHGTpm0qti7BEezji+nlNvSUN38u
9/eKK3m70FGhBrdB44jAtmLp4cyjQVmdluRYkZL5s4NbP+bAEAbyzCozfaU0ontJ
YTSE5W8CzQo5ayA/m4SA9uV0h8MijeItxNyveLsi2OlA04m9/peq45IGNdLHzHjm
xvm40ENrToQsRH8p8PjREipl45/xjrDG+zhGCH87+C+WOLF4BWTP0VzkTym8fX9K
nctls65dJGslcxgwD6O1rA==
-----END PRIVATE KEY-----

27
examples/certs/rootCA.pem Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN CERTIFICATE-----
MIIEqTCCAxGgAwIBAgIQL82W4ilLJ4cs8zMbhJ+7aTANBgkqhkiG9w0BAQsFADBt
MR4wHAYDVQQKExVta2NlcnQgZGV2ZWxvcG1lbnQgQ0ExITAfBgNVBAsMGHJvYkBz
b21icmEueDUyLmRldiAoUm9iKTEoMCYGA1UEAwwfbWtjZXJ0IHJvYkBzb21icmEu
eDUyLmRldiAoUm9iKTAeFw0yMDEwMjUxNzIyMzlaFw0zMDEwMjUxNjIyMzlaMG0x
HjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEhMB8GA1UECwwYcm9iQHNv
bWJyYS54NTIuZGV2IChSb2IpMSgwJgYDVQQDDB9ta2NlcnQgcm9iQHNvbWJyYS54
NTIuZGV2IChSb2IpMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAq8NA
5lGYNYUxCknpFKQ14RBJlbEgjcfHIi8hp9TobzUigyOQoZ9W50WmChRuuAO/fXIG
i8ioejoteNPVbJj7ggMKx13256cvDKVR79NKeoHBSYUUjs2NyZZ3zPUeUe0tXPHR
J4RMWLmpYKdI6NCYjDX6ouCIeh6sinTOSV+0dbnfHvFGESFpUeiUdsnCRorsa/oB
n+hIn5dvftuxSDYDbADsSLDqhxY4xsQJKP00uNysLP0vewBqTSULNeHMNf0Yhpiy
ot/tbcRqQAzSzRIvWeCgw0GcjqPW27/p/x/4Sh3XzjT6w1xVtF7ZniW37M4gQktN
HnMWVgceqo0TaCwo+B37XJa/fBRH0x8HnMda1JeZ7X8/Szyc7YEa1M6ZkKONeCEg
C7+8jp/aTM/0DuvIIhxHwK/9PGvWYDFJny2Jf8pq1jJ66Gr0uWxRJHobf2kB+aF3
KUs5nK49Kw+TmZcB+SbU256e2wPhusxqxXnYi9WjdIyCqF3B1hYxEiaRiFRTAgMB
AAGjRTBDMA4GA1UdDwEB/wQEAwICBDASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1Ud
DgQWBBR+laQ7mVilAnPiiahV1XO65mefzTANBgkqhkiG9w0BAQsFAAOCAYEAe3A5
5z5JWHSXEcQI/LstAVJfiloehyhvYgcNpImlsm5A41VzMd1iWdpLY+WSKWjHKFs0
u5Id+sGEZRHBicYDts0azH3Sklj0FrNrpRdvf8jJuMvVC1EoUFijG+V/RdL14bxq
kyp5dtxVcvtvULT+ID5vSVYBwGOBp36Fg5Qs4QOuSPkVGwjaEdJvzqb1XDLncsve
ap6ALzwOXUsN8Icrq4/GlVDX11rOnfWhNQRiWKJtin4vzxL002rPWwSsekcuLEFQ
NCBYaBBDlp4fLh2XVuB7xvKXTPm8K9hIxrTBEh8kj8p5p95DOTWpLgXuBcdXmNDV
/4NBzsWwuO3I7/ilHbH+gEsM390p056Bmv2cF0bWb+xT2vyNymhmSCn77QEmcsOF
LDqsjDc7JsQGUVIAgtM50md/QvaXxTVoAMXtSWeyK8QsC2syZqWlXiYkrwYjp+KI
6jX4EpLwKdQOzZdjgnIZvG94o5lR8cPyZlaUKVunOTvAXiT3AWeBppCk6SEH
-----END CERTIFICATE-----

25
examples/certs/server-cert.pem Normal file
View File

@ -0,0 +1,25 @@
-----BEGIN CERTIFICATE-----
MIIESjCCArKgAwIBAgIRAKNTHdWsrKKCpKt19C/sI4UwDQYJKoZIhvcNAQELBQAw
bTEeMBwGA1UEChMVbWtjZXJ0IGRldmVsb3BtZW50IENBMSEwHwYDVQQLDBhyb2JA
c29tYnJhLng1Mi5kZXYgKFJvYikxKDAmBgNVBAMMH21rY2VydCByb2JAc29tYnJh
Lng1Mi5kZXYgKFJvYikwHhcNMTkwNjAxMDAwMDAwWhcNMzAxMDI1MTczODM4WjBM
MScwJQYDVQQKEx5ta2NlcnQgZGV2ZWxvcG1lbnQgY2VydGlmaWNhdGUxITAfBgNV
BAsMGHJvYkBzb21icmEueDUyLmRldiAoUm9iKTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANDv0oRupAGtAl9ZZTeTwdToYh/Gtaj3bAyhQQz+dQ5GzLS3
+Zvo3daepwnoNABoxuPwptb/jJ6Ec8rdvUiJkKb+jAuZ0vSuEqPTcgvbnqsV+7UT
8WleCUnOIY6FB+uTaLEptu5k+Pf7i3m1RqW1gRVlYcHsLuv3NBQW0bz+XUZvcirW
KVCxz2ex2aFzWXrAZEuOwMX+x+Wicd4tRfcio4mOI+jCRCsbwW0TsyWStrimcbl0
ldbRi8DeADf3VPQCMYmcJARYsTfRwK75OFMgmD0GTi8WURWQCbTJnwzop7Famno0
/I/Ef65Dngleb6HwG91EtEVU7QHqSXlUK41Au9kCAwEAAaOBhTCBgjAOBgNVHQ8B
Af8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAfBgNV
HSMEGDAWgBR+laQ7mVilAnPiiahV1XO65mefzTAsBgNVHREEJTAjgglsb2NhbGhv
c3SHBH8AAAGHEAAAAAAAAAAAAAAAAAAAAAEwDQYJKoZIhvcNAQELBQADggGBAJJ0
7oDkVmdB/P0PX0vIn+CPmiE8IrO8stItOGlVRy9TDWFRdMpY13BOjlNY2efNU2Tz
or+lyfV7D8PiCk5q3e8sLtOlIAT32IRIrGXl5E4q7zDnOckQjZIUZwSFAFVygy4F
rPgJCS9uqz9vz086SyRD0krTM5u9yMAvG2uJLEk5oaVWAKdDRplStmMx7QQHMZ4G
iNYMDpj4dU4gkrvZeC+JKwjbSJ3hje8CZCA1atzz/5WWEt2D8Yf9tw27T/hinrMi
rrjPpEcA6C8wvHxqYpiptQC1FF5vaUyRqjF+irHgQdNUCE0nJSwAsIDW0TDiVGDD
OJKs6EYuzJ8OcWw6IFx8YNvdxZJSr8SaavrH76myHieTkqhWvjSQERUw71iUwe0q
5Nev+J2N9U7oZBTCIsD/qKOQTD9mRjJpYLnXNqEyJhzRgCA5+TQIXbTa10eo9Svg
CTkqxsixmdTKD8ZIlUPhLI9ehr0Spbt+2Xh3yAtlSrfAt5p2hgVCoxalEwWpwA==
-----END CERTIFICATE-----

28
examples/certs/server-key.pem Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDQ79KEbqQBrQJf
WWU3k8HU6GIfxrWo92wMoUEM/nUORsy0t/mb6N3WnqcJ6DQAaMbj8KbW/4yehHPK
3b1IiZCm/owLmdL0rhKj03IL256rFfu1E/FpXglJziGOhQfrk2ixKbbuZPj3+4t5
tUaltYEVZWHB7C7r9zQUFtG8/l1Gb3Iq1ilQsc9nsdmhc1l6wGRLjsDF/sflonHe
LUX3IqOJjiPowkQrG8FtE7Mlkra4pnG5dJXW0YvA3gA391T0AjGJnCQEWLE30cCu
+ThTIJg9Bk4vFlEVkAm0yZ8M6KexWpp6NPyPxH+uQ54JXm+h8BvdRLRFVO0B6kl5
VCuNQLvZAgMBAAECggEAZ8PzZVodkcd+uiQHpMZ5KWgP84AYkEXxH4SmbfGh6Ok4
mTgVe1z3b7NzefQcf2eJ/4JxGa3pBID7kPD3JKNNd+JLYyeOIX6iO0K0DTeRYZ6V
V6UD7DSLoGADQmjHOjQHdpUlCNiU3XPMHTHuWDYAWcPz/P9zfjVTY/bBS394i5W/
nFLHMEGD/9KETUm2Wdmu+84fhAg+gSbDOHKOmrqiRoSmBInfUEjTL22gU1hPkjWY
17i9veMGVPQeA89XYmFavgWIMHwiOD0Fom2y26OIDWDXAJf7oOoONElWF2OjiSAa
7IHl8EED/aDIt9Xyv8J9qXzkAtLPXO8vFG2Uq0/BQQKBgQD1MlCsnMVf3dck8yg6
YwFkFHZxnFBzBPwuDoMD2OBIZcrwcBhUQo0u8M0NohgjvBB7XUrW+/5ucF9BaecC
3Rz/JwPk7oPafYVbEFGv+CeGJFKL/lq7NwF62N7EYo3N2ijYjGYiZFmxgOVEfzSd
WRSH+b6Q923lEpWoFaeFww+5HQKBgQDaJIRTr1stXXFXVj/ETJG4uT3I7qlfR7zp
/t/YHX6QnV5dFdBCEXSW41YoqvUn12Ox28nvQMDFWVkQGfAELYqkf/ozBQ9d6ee8
3bU9V14YWaGSK1RT83cgWUtDnUjtLuk9MG+5x3EQcfq5ng6ud+Hr8ut+gz0PbLcK
gR3uTQkM7QKBgENUSarccaZdeFKBIq7FuQAOTmfsEHtFBypuebN4vj2jFhLn9QZO
MA6PuP7hX9eQMMZvW7mlALy6xq1jszeqF+hIgl0+0Z4Rkajr1kKH1fKTzsb6VVfL
RvDA1IsAtQetvEGabAFNpQOE7W/drkj2yRh9j8Km7tpUPBwnthSY95xRAoGAL5uu
oZDwxjrRhK0XJ6FKYFVVTagAoQHIEg2FDuaI+8jMkmYzWGf02QVuhVuiO3q/kE6W
iLfKGogAbwoqHs9Npc8kbMQa8XUeFVMRvfx2VbwiDgOU2OmWwyGZ0nzeMJ1/W9JZ
X+NOIretb5s2Ow+A5/zRNoAv8FDatdkuDhcT9ZUCgYBtEI9pmWYXxGfaVQErJcsS
3a8PU875sE06DiEcvooljcLp6dCmGocRQOGpSXfy3zjX4F/HZjDK+GKPg2bCirKr
nRPWf0t3DSeSyDINj+a0fg4KvYR4FcocJDzTFJh/9CrtNktqwHAqrQUSokBbW8n6
Kj/AYLWOIXATfCrOgdoAAg==
-----END PRIVATE KEY-----

100
examples/on_connect.rs
View File

@ -1,37 +1,103 @@
//! This example shows how to use `actix_web::HttpServer::on_connect`
//! This example shows how to use `actix_web::HttpServer::on_connect` to access a lower-level socket
//! properties and pass them to a handler through request-local data.
//!
//! For an example of extracting a client TLS certificate, see:
//! <https://github.com/actix/examples/tree/HEAD/rustls-client-cert>
use std::any::Any;
use std::{any::Any, env, fs::File, io::BufReader};
use actix_rt::net;
use actix_web::{dev::Extensions, web, App, HttpRequest, HttpServer};
use actix_tls::rustls::{ServerConfig, TlsStream};
use actix_web::{
dev::Extensions, rt::net::TcpStream, web, App, HttpResponse, HttpServer, Responder,
};
use log::info;
use rust_tls::{
internal::pemfile::{certs, pkcs8_private_keys},
AllowAnyAnonymousOrAuthenticatedClient, Certificate, RootCertStore, Session,
};
const CA_CERT: &str = "examples/certs/rootCA.pem";
const SERVER_CERT: &str = "examples/certs/server-cert.pem";
const SERVER_KEY: &str = "examples/certs/server-key.pem";
#[derive(Debug, Clone)]
struct ConnectionInfo(String);
async fn route_whoami(conn_info: web::ReqData<ConnectionInfo>) -> String {
format!("Here is some info about you:\n{}", &conn_info.0)
async fn route_whoami(
conn_info: web::ReqData<ConnectionInfo>,
client_cert: Option<web::ReqData<Certificate>>,
) -> impl Responder {
if let Some(cert) = client_cert {
HttpResponse::Ok().body(format!("{:?}\n\n{:?}", &conn_info, &cert))
} else {
HttpResponse::Unauthorized().body("No client certificate provided.")
}
}
fn on_connect(connection: &dyn Any, data: &mut Extensions) {
let sock = connection.downcast_ref::<net::TcpStream>().unwrap();
fn get_client_cert(connection: &dyn Any, data: &mut Extensions) {
if let Some(tls_socket) = connection.downcast_ref::<TlsStream<TcpStream>>() {
info!("TLS on_connect");
let msg = format!(
"local_addr={:?}; peer_addr={:?}",
sock.local_addr(),
sock.peer_addr()
);
let (socket, tls_session) = tls_socket.get_ref();
data.insert(ConnectionInfo(msg));
let msg = format!(
"local_addr={:?}; peer_addr={:?}",
socket.local_addr(),
socket.peer_addr()
);
data.insert(ConnectionInfo(msg));
if let Some(mut certs) = tls_session.get_peer_certificates() {
info!("client certificate found");
// insert a `rustls::Certificate` into request data
data.insert(certs.pop().unwrap());
}
} else if let Some(socket) = connection.downcast_ref::<TcpStream>() {
info!("plaintext on_connect");
let msg = format!(
"local_addr={:?}; peer_addr={:?}",
socket.local_addr(),
socket.peer_addr()
);
data.insert(ConnectionInfo(msg));
} else {
unreachable!("socket should be TLS or plaintext");
}
}
#[actix_web::main]
async fn main() -> std::io::Result<()> {
std::env::set_var("RUST_LOG", "actix_server=info,actix_web=info");
if env::var("RUST_LOG").is_err() {
env::set_var("RUST_LOG", "info");
}
env_logger::init();
let ca_cert = &mut BufReader::new(File::open(CA_CERT)?);
let mut cert_store = RootCertStore::empty();
cert_store
.add_pem_file(ca_cert)
.expect("root CA not added to store");
let client_auth = AllowAnyAnonymousOrAuthenticatedClient::new(cert_store);
let mut config = ServerConfig::new(client_auth);
let cert_file = &mut BufReader::new(File::open(SERVER_CERT)?);
let key_file = &mut BufReader::new(File::open(SERVER_KEY)?);
let cert_chain = certs(cert_file).unwrap();
let mut keys = pkcs8_private_keys(key_file).unwrap();
config.set_single_cert(cert_chain, keys.remove(0)).unwrap();
HttpServer::new(|| App::new().route("/", web::get().to(route_whoami)))
.on_connect(on_connect)
.bind(("127.0.0.1", 8080))?
.on_connect(get_client_cert)
.bind(("localhost", 8080))?
.bind_rustls(("localhost", 8443), config)?
.workers(1)
.run()
.await

8
src/server.rs
View File

@ -105,10 +105,12 @@ where
/// Sets function that will be called once for each connection.
/// It will receive &Any, which contains underlying connection type.
///
/// For example:
/// - `actix_tls::openssl::SslStream<tokio::net::TcpStream>` when using openssl.
/// - `actix_tls::rustls::TlsStream<tokio::net::TcpStream>` when using rustls.
/// - `tokio::net::TcpStream` when no encryption is used.
/// - `actix_tls::openssl::SslStream<actix_web::rt::net::TcpStream>` when using openssl.
/// - `actix_tls::rustls::TlsStream<actix_web::rt::net::TcpStream>` when using rustls.
/// - `actix_web::rt::net::TcpStream` when no encryption is used.
///
/// See `on_connect` example for additional details.
pub fn on_connect<CB>(self, f: CB) -> HttpServer<F, I, S, B>
where