Make axum-dual-protocol a non-feature. Fix build issues.

Signed-off-by: Jason Volk <jason@zemos.net>
2024-08-15 02:35:19 +00:00 · 2024-08-15 02:35:19 +00:00 · 43300ea41e
commit 43300ea41e
parent 17a54bc4f8
7 changed files with 66 additions and 139 deletions
--- a/src/core/config/mod.rs
+++ b/src/core/config/mod.rs
@ -368,8 +368,6 @@ pub struct TlsConfig {
 	pub key: String,
 	#[serde(default)]
 	/// Whether to listen and allow for HTTP and HTTPS connections (insecure!)
-	/// Only works / does something if the `axum_dual_protocol` feature flag was
-	/// built
 	pub dual_protocol: bool,
 }

--- a/src/main/Cargo.toml
+++ b/src/main/Cargo.toml
@ -48,9 +48,6 @@ default = [
 	"zstd_compression",
 ]

-axum_dual_protocol = [
-	"conduit-router/axum_dual_protocol",
-]
 brotli_compression = [
 	"conduit-api/brotli_compression",
 	"conduit-core/brotli_compression",
--- a/src/router/Cargo.toml
+++ b/src/router/Cargo.toml
@ -41,13 +41,9 @@ brotli_compression = [
 systemd = [
 	"dep:sd-notify",
 ]
-axum_dual_protocol = [
-	"dep:axum-server-dual-protocol"
-]

 [dependencies]
 axum-client-ip.workspace = true
-axum-server-dual-protocol.optional = true
 axum-server-dual-protocol.workspace = true
 axum-server.workspace = true
 axum.workspace = true
--- a/src/router/layers.rs
+++ b/src/router/layers.rs
@ -16,9 +16,9 @@ use tower::ServiceBuilder;
 use tower_http::{
 	catch_panic::CatchPanicLayer,
 	cors::{self, CorsLayer},
+	sensitive_headers::SetSensitiveHeadersLayer,
 	set_header::SetResponseHeaderLayer,
 	trace::{DefaultOnFailure, DefaultOnRequest, DefaultOnResponse, TraceLayer},
-	ServiceBuilderExt as _,
 };
 use tracing::Level;

@ -47,7 +47,7 @@ pub(crate) fn build(services: &Arc<Services>) -> Result<(Router, Guard)> {
 	let layers = layers.layer(compression_layer(server));

 	let layers = layers
-		.sensitive_headers([header::AUTHORIZATION])
+		.layer(SetSensitiveHeadersLayer::new([header::AUTHORIZATION]))
 		.layer(axum::middleware::from_fn_with_state(Arc::clone(services), request::spawn))
 		.layer(
 			TraceLayer::new_for_http()
--- a/src/router/serve/tls.rs
+++ b/src/router/serve/tls.rs
@ -1,9 +1,11 @@
 use std::{net::SocketAddr, sync::Arc};

 use axum::Router;
-use axum_server::{bind_rustls, tls_rustls::RustlsConfig, Handle as ServerHandle};
-#[cfg(feature = "axum_dual_protocol")]
-use axum_server_dual_protocol::ServerExt;
+use axum_server::Handle as ServerHandle;
+use axum_server_dual_protocol::{
+	axum_server::{bind_rustls, tls_rustls::RustlsConfig},
+	ServerExt,
+};
 use conduit::{Result, Server};
 use tokio::task::JoinSet;
 use tracing::{debug, info, warn};
@ -13,27 +15,18 @@ pub(super) async fn serve(
 ) -> Result<()> {
 	let config = &server.config;
 	let tls = config.tls.as_ref().expect("TLS configuration");
+	let certs = &tls.certs;
+	let key = &tls.key;

-	debug!(
-		"Using direct TLS. Certificate path {} and certificate private key path {}",
-		&tls.certs, &tls.key
-	);
+	debug!("Using direct TLS. Certificate path {certs} and certificate private key path {key}",);
 	info!(
 		"Note: It is strongly recommended that you use a reverse proxy instead of running conduwuit directly with TLS."
 	);
-	let conf = RustlsConfig::from_pem_file(&tls.certs, &tls.key).await?;
-
-	if cfg!(feature = "axum_dual_protocol") {
-		info!(
-			"conduwuit was built with axum_dual_protocol feature to listen on both HTTP and HTTPS. This will only \
-			 take effect if `dual_protocol` is enabled in `[global.tls]`"
-		);
-	}
+	let conf = RustlsConfig::from_pem_file(certs, key).await?;

 	let mut join_set = JoinSet::new();
 	let app = app.into_make_service_with_connect_info::<SocketAddr>();
-	if cfg!(feature = "axum_dual_protocol") && tls.dual_protocol {
-		#[cfg(feature = "axum_dual_protocol")]
+	if tls.dual_protocol {
 		for addr in &addrs {
 			join_set.spawn_on(
 				axum_server_dual_protocol::bind_dual_protocol(*addr, conf.clone())
@ -54,13 +47,13 @@ pub(super) async fn serve(
 		}
 	}

-	if cfg!(feature = "axum_dual_protocol") && tls.dual_protocol {
+	if tls.dual_protocol {
 		warn!(
-			"Listening on {:?} with TLS certificate {} and supporting plain text (HTTP) connections too (insecure!)",
-			addrs, &tls.certs
+			"Listening on {addrs:?} with TLS certificate {certs} and supporting plain text (HTTP) connections too \
+			 (insecure!)",
 		);
 	} else {
-		info!("Listening on {:?} with TLS certificate {}", addrs, &tls.certs);
+		info!("Listening on {addrs:?} with TLS certificate {certs}");
 	}

 	while join_set.join_next().await.is_some() {}