Start work on handling TLS for the RPC endpoint

2024-09-16 00:47:39 +03:00 · 2021-07-06 16:27:57 -07:00 · 2021-07-06 16:27:57 -07:00 · 193c704875
commit 193c704875
parent 59fe0549cc
6 changed files with 114 additions and 21 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -215,6 +215,18 @@ dependencies = [
 "event-listener",
 ]

+[[package]]
+name = "async-native-tls"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9e9e7a929bd34c68a82d58a4de7f86fffdaf97fb2af850162a7bb19dd7269b33"
+dependencies = [
+ "async-std",
+ "native-tls",
+ "thiserror",
+ "url",
+]
+
 [[package]]
 name = "async-net"
 version = "1.5.0"
@ -1931,9 +1943,9 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"

 [[package]]
 name = "libc"
-version = "0.2.86"
+version = "0.2.97"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b7282d924be3275cec7f6756ff4121987bc6481325397dde6ba3e7802b1a8b1c"
+checksum = "12b8adadd720df158f4d70dfe7ccc6adb0472d7c55ca83445f6a5ab3e36f8fb6"

 [[package]]
 name = "libflate"
@ -2142,6 +2154,24 @@ version = "0.8.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e5ce46fe64a9d73be07dcbe690a38ce1b293be448fd8ce1e6c1b8062c9f72c6a"

+[[package]]
+name = "native-tls"
+version = "0.2.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b8d96b2e1c8da3957d58100b09f102c6d9cfdfced01b7ec5a8974044bb09dbd4"
+dependencies = [
+ "lazy_static",
+ "libc",
+ "log",
+ "openssl",
+ "openssl-probe",
+ "openssl-sys",
+ "schannel",
+ "security-framework",
+ "security-framework-sys",
+ "tempfile",
+]
+
 [[package]]
 name = "nb-connect"
 version = "1.0.3"
@ -2288,6 +2318,20 @@ version = "0.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"

+[[package]]
+name = "openssl"
+version = "0.10.35"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "549430950c79ae24e6d02e0b7404534ecf311d94cc9f861e9e4020187d13d885"
+dependencies = [
+ "bitflags 1.2.1",
+ "cfg-if 1.0.0",
+ "foreign-types",
+ "libc",
+ "once_cell",
+ "openssl-sys",
+]
+
 [[package]]
 name = "openssl-probe"
 version = "0.1.4"
@ -2296,9 +2340,9 @@ checksum = "28988d872ab76095a6e6ac88d99b54fd267702734fd7ffe610ca27f533ddb95a"

 [[package]]
 name = "openssl-sys"
-version = "0.9.63"
+version = "0.9.65"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b6b0d6fb7d80f877617dfcb014e605e2b5ab2fb0afdf27935219bb6bd984cb98"
+checksum = "7a7907e3bfa08bb85105209cdfcb6c63d109f8f6c1ed6ca318fff5c1853fbc1d"
 dependencies = [
 "autocfg 1.0.1",
 "cc",
@ -3194,6 +3238,29 @@ version = "4.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1c107b6f4780854c8b126e228ea8869f4d7b71260f962fefb57b996b8959ba6b"

+[[package]]
+name = "security-framework"
+version = "2.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "23a2ac85147a3a11d77ecf1bc7166ec0b92febfa4461c37944e180f319ece467"
+dependencies = [
+ "bitflags 1.2.1",
+ "core-foundation",
+ "core-foundation-sys",
+ "libc",
+ "security-framework-sys",
+]
+
+[[package]]
+name = "security-framework-sys"
+version = "2.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7e4effb91b4b8b6fb7732e670b6cee160278ff8e6bf485c7805d9e319d76e284"
+dependencies = [
+ "core-foundation-sys",
+ "libc",
+]
+
 [[package]]
 name = "semver"
 version = "0.9.0"
@ -4312,6 +4379,7 @@ version = "0.1.0"
 dependencies = [
 "anyhow",
 "arrayvec",
+ "async-native-tls",
 "cargo-bundle",
 "crossbeam-channel",
 "ctor",
--- a/Cargo.toml
+++ b/Cargo.toml
@ -9,6 +9,7 @@ tree-sitter = { git = "https://github.com/tree-sitter/tree-sitter", rev = "d7277
 cocoa = { git = "https://github.com/servo/core-foundation-rs", rev = "025dcb3c0d1ef01530f57ef65f3b1deb948f5737" }
 cocoa-foundation = { git = "https://github.com/servo/core-foundation-rs", rev = "025dcb3c0d1ef01530f57ef65f3b1deb948f5737" }
 core-foundation = { git = "https://github.com/servo/core-foundation-rs", rev = "025dcb3c0d1ef01530f57ef65f3b1deb948f5737" }
+core-foundation-sys = { git = "https://github.com/servo/core-foundation-rs", rev = "025dcb3c0d1ef01530f57ef65f3b1deb948f5737" }
 core-graphics = { git = "https://github.com/servo/core-foundation-rs", rev = "025dcb3c0d1ef01530f57ef65f3b1deb948f5737" }

 [profile.dev]
--- a/zed-rpc/src/peer.rs
+++ b/zed-rpc/src/peer.rs
@ -1,7 +1,11 @@
 use crate::proto::{self, EnvelopedMessage, MessageStream, RequestMessage};
 use anyhow::{anyhow, Context, Result};
 use async_lock::{Mutex, RwLock};
-use futures::{future::BoxFuture, AsyncRead, AsyncWrite, FutureExt};
+use futures::{
+    future::BoxFuture,
+    io::{ReadHalf, WriteHalf},
+    AsyncRead, AsyncReadExt, AsyncWrite, FutureExt,
+};
 use postage::{
    mpsc,
    prelude::{Sink, Stream},
@ -72,13 +76,13 @@ struct Connection {
    response_channels: ResponseChannels,
 }

-pub struct ConnectionHandler<Conn> {
+pub struct ConnectionHandler<ReadConn, WriteConn> {
    peer: Arc<Peer>,
    connection_id: ConnectionId,
    response_channels: ResponseChannels,
    outgoing_rx: mpsc::Receiver<proto::Envelope>,
-    reader: MessageStream<Conn>,
-    writer: MessageStream<Conn>,
+    reader: MessageStream<ReadConn>,
+    writer: MessageStream<WriteConn>,
 }

 type ResponseChannels = Arc<Mutex<HashMap<u32, mpsc::Sender<proto::Envelope>>>>;
@ -131,9 +135,12 @@ impl Peer {
    pub async fn add_connection<Conn>(
        self: &Arc<Self>,
        conn: Conn,
-    ) -> (ConnectionId, ConnectionHandler<Conn>)
+    ) -> (
+        ConnectionId,
+        ConnectionHandler<ReadHalf<Conn>, WriteHalf<Conn>>,
+    )
    where
-        Conn: Clone + AsyncRead + AsyncWrite + Unpin + Send + 'static,
+        Conn: AsyncRead + AsyncWrite + Unpin + Send + 'static,
    {
        let connection_id = ConnectionId(
            self.next_connection_id
@ -145,13 +152,15 @@ impl Peer {
            next_message_id: Default::default(),
            response_channels: Default::default(),
        };
+
+        let (read_conn, write_conn) = conn.split();
        let handler = ConnectionHandler {
            peer: self.clone(),
            connection_id,
            response_channels: connection.response_channels.clone(),
            outgoing_rx,
-            reader: MessageStream::new(conn.clone()),
-            writer: MessageStream::new(conn),
+            reader: MessageStream::new(read_conn),
+            writer: MessageStream::new(write_conn),
        };
        self.connections
            .write()
@ -291,9 +300,10 @@ impl Peer {
    }
 }

-impl<Conn> ConnectionHandler<Conn>
+impl<ReadConn, WriteConn> ConnectionHandler<ReadConn, WriteConn>
 where
-    Conn: Clone + AsyncRead + AsyncWrite + Unpin + Send + 'static,
+    ReadConn: AsyncRead + Unpin + Send + 'static,
+    WriteConn: AsyncWrite + Unpin + Send + 'static,
 {
    pub async fn run(mut self) -> Result<()> {
        loop {
--- a/zed/Cargo.toml
+++ b/zed/Cargo.toml
@ -31,6 +31,7 @@ ignore = "0.4"
 lazy_static = "1.4.0"
 libc = "0.2"
 log = "0.4"
+async-native-tls = "0.3"
 num_cpus = "1.13.0"
 parking_lot = "0.11.1"
 postage = { version="0.4.1", features=["futures-traits"] }
--- a/zed/src/rpc.rs
+++ b/zed/src/rpc.rs
@ -115,13 +115,22 @@ impl Client {
        access_token: String,
        executor: &Arc<Background>,
    ) -> surf::Result<()> {
-        // TODO - If the `ZED_SERVER_URL` uses https, then wrap this stream in
-        // a TLS stream using `native-tls`.
        let stream = smol::net::TcpStream::connect(&address).await?;
-        log::info!("connected to rpc address {}", address);

-        let (connection_id, handler) = self.peer.add_connection(stream).await;
-        executor.spawn(handler.run()).detach();
+        let connection_id = if ZED_SERVER_URL.starts_with("https") {
+            let host = address.split(':').next().unwrap();
+            let stream = async_native_tls::connect(host, stream)
+                .await
+                .context("failed to establish TLS connection")?;
+            let (conn_id, handler) = self.peer.add_connection(stream).await;
+            executor.spawn(handler.run()).detach();
+            conn_id
+        } else {
+            let (conn_id, handler) = self.peer.add_connection(stream).await;
+            executor.spawn(handler.run()).detach();
+            conn_id
+        };
+        log::info!("connected to rpc address {}", address);

        let auth_response = self
            .peer
@ -138,6 +147,7 @@ impl Client {
            Err(anyhow!("failed to authenticate with RPC server"))?;
        }

+        log::info!("authenticated rpc connection as user {}", user_id);
        self.state.write().await.connection_id = Some(connection_id);
        Ok(())
    }
--- a/zed/src/workspace.rs
+++ b/zed/src/workspace.rs
@ -6,6 +6,7 @@ use crate::{
    language::LanguageRegistry,
    rpc,
    settings::Settings,
+    util::SurfResultExt as _,
    worktree::{File, Worktree},
    AppState,
 };
@ -684,7 +685,9 @@ impl Workspace {
        let platform = cx.platform();

        let task = cx.spawn(|this, mut cx| async move {
-            rpc.log_in_and_connect(&cx).await?;
+            rpc.log_in_and_connect(&cx)
+                .await
+                .context("failed to establish rpc connection")?;

            let share_task = this.update(&mut cx, |this, cx| {
                let worktree = this.worktrees.iter().next()?;
@ -705,7 +708,7 @@ impl Workspace {

        cx.spawn(|_, _| async move {
            if let Err(e) = task.await {
-                log::error!("sharing failed: {}", e);
+                log::error!("sharing failed: {:?}", e);
            }
        })
        .detach();