From 193c704875d9d097e5529a63032745641e39b216 Mon Sep 17 00:00:00 2001 From: Max Brunsfeld Date: Tue, 6 Jul 2021 16:27:57 -0700 Subject: [PATCH] Start work on handling TLS for the RPC endpoint --- Cargo.lock | 76 +++++++++++++++++++++++++++++++++++++++++--- Cargo.toml | 1 + zed-rpc/src/peer.rs | 30 +++++++++++------ zed/Cargo.toml | 1 + zed/src/rpc.rs | 20 +++++++++--- zed/src/workspace.rs | 7 ++-- 6 files changed, 114 insertions(+), 21 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index b83ff00b7f..fbac9c106e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -215,6 +215,18 @@ dependencies = [ "event-listener", ] +[[package]] +name = "async-native-tls" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9e9e7a929bd34c68a82d58a4de7f86fffdaf97fb2af850162a7bb19dd7269b33" +dependencies = [ + "async-std", + "native-tls", + "thiserror", + "url", +] + [[package]] name = "async-net" version = "1.5.0" @@ -1931,9 +1943,9 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" [[package]] name = "libc" -version = "0.2.86" +version = "0.2.97" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b7282d924be3275cec7f6756ff4121987bc6481325397dde6ba3e7802b1a8b1c" +checksum = "12b8adadd720df158f4d70dfe7ccc6adb0472d7c55ca83445f6a5ab3e36f8fb6" [[package]] name = "libflate" @@ -2142,6 +2154,24 @@ version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e5ce46fe64a9d73be07dcbe690a38ce1b293be448fd8ce1e6c1b8062c9f72c6a" +[[package]] +name = "native-tls" +version = "0.2.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8d96b2e1c8da3957d58100b09f102c6d9cfdfced01b7ec5a8974044bb09dbd4" +dependencies = [ + "lazy_static", + "libc", + "log", + "openssl", + "openssl-probe", + "openssl-sys", + "schannel", + "security-framework", + "security-framework-sys", + "tempfile", +] + [[package]] name = "nb-connect" version = "1.0.3" @@ -2288,6 +2318,20 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" +[[package]] +name = "openssl" +version = "0.10.35" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "549430950c79ae24e6d02e0b7404534ecf311d94cc9f861e9e4020187d13d885" +dependencies = [ + "bitflags 1.2.1", + "cfg-if 1.0.0", + "foreign-types", + "libc", + "once_cell", + "openssl-sys", +] + [[package]] name = "openssl-probe" version = "0.1.4" @@ -2296,9 +2340,9 @@ checksum = "28988d872ab76095a6e6ac88d99b54fd267702734fd7ffe610ca27f533ddb95a" [[package]] name = "openssl-sys" -version = "0.9.63" +version = "0.9.65" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b6b0d6fb7d80f877617dfcb014e605e2b5ab2fb0afdf27935219bb6bd984cb98" +checksum = "7a7907e3bfa08bb85105209cdfcb6c63d109f8f6c1ed6ca318fff5c1853fbc1d" dependencies = [ "autocfg 1.0.1", "cc", @@ -3194,6 +3238,29 @@ version = "4.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1c107b6f4780854c8b126e228ea8869f4d7b71260f962fefb57b996b8959ba6b" +[[package]] +name = "security-framework" +version = "2.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "23a2ac85147a3a11d77ecf1bc7166ec0b92febfa4461c37944e180f319ece467" +dependencies = [ + "bitflags 1.2.1", + "core-foundation", + "core-foundation-sys", + "libc", + "security-framework-sys", +] + +[[package]] +name = "security-framework-sys" +version = "2.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7e4effb91b4b8b6fb7732e670b6cee160278ff8e6bf485c7805d9e319d76e284" +dependencies = [ + "core-foundation-sys", + "libc", +] + [[package]] name = "semver" version = "0.9.0" @@ -4312,6 +4379,7 @@ version = "0.1.0" dependencies = [ "anyhow", "arrayvec", + "async-native-tls", "cargo-bundle", "crossbeam-channel", "ctor", diff --git a/Cargo.toml b/Cargo.toml index fcced6e93b..8c87fd2d41 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -9,6 +9,7 @@ tree-sitter = { git = "https://github.com/tree-sitter/tree-sitter", rev = "d7277 cocoa = { git = "https://github.com/servo/core-foundation-rs", rev = "025dcb3c0d1ef01530f57ef65f3b1deb948f5737" } cocoa-foundation = { git = "https://github.com/servo/core-foundation-rs", rev = "025dcb3c0d1ef01530f57ef65f3b1deb948f5737" } core-foundation = { git = "https://github.com/servo/core-foundation-rs", rev = "025dcb3c0d1ef01530f57ef65f3b1deb948f5737" } +core-foundation-sys = { git = "https://github.com/servo/core-foundation-rs", rev = "025dcb3c0d1ef01530f57ef65f3b1deb948f5737" } core-graphics = { git = "https://github.com/servo/core-foundation-rs", rev = "025dcb3c0d1ef01530f57ef65f3b1deb948f5737" } [profile.dev] diff --git a/zed-rpc/src/peer.rs b/zed-rpc/src/peer.rs index 87d07c694e..45085a4ec2 100644 --- a/zed-rpc/src/peer.rs +++ b/zed-rpc/src/peer.rs @@ -1,7 +1,11 @@ use crate::proto::{self, EnvelopedMessage, MessageStream, RequestMessage}; use anyhow::{anyhow, Context, Result}; use async_lock::{Mutex, RwLock}; -use futures::{future::BoxFuture, AsyncRead, AsyncWrite, FutureExt}; +use futures::{ + future::BoxFuture, + io::{ReadHalf, WriteHalf}, + AsyncRead, AsyncReadExt, AsyncWrite, FutureExt, +}; use postage::{ mpsc, prelude::{Sink, Stream}, @@ -72,13 +76,13 @@ struct Connection { response_channels: ResponseChannels, } -pub struct ConnectionHandler { +pub struct ConnectionHandler { peer: Arc, connection_id: ConnectionId, response_channels: ResponseChannels, outgoing_rx: mpsc::Receiver, - reader: MessageStream, - writer: MessageStream, + reader: MessageStream, + writer: MessageStream, } type ResponseChannels = Arc>>>; @@ -131,9 +135,12 @@ impl Peer { pub async fn add_connection( self: &Arc, conn: Conn, - ) -> (ConnectionId, ConnectionHandler) + ) -> ( + ConnectionId, + ConnectionHandler, WriteHalf>, + ) where - Conn: Clone + AsyncRead + AsyncWrite + Unpin + Send + 'static, + Conn: AsyncRead + AsyncWrite + Unpin + Send + 'static, { let connection_id = ConnectionId( self.next_connection_id @@ -145,13 +152,15 @@ impl Peer { next_message_id: Default::default(), response_channels: Default::default(), }; + + let (read_conn, write_conn) = conn.split(); let handler = ConnectionHandler { peer: self.clone(), connection_id, response_channels: connection.response_channels.clone(), outgoing_rx, - reader: MessageStream::new(conn.clone()), - writer: MessageStream::new(conn), + reader: MessageStream::new(read_conn), + writer: MessageStream::new(write_conn), }; self.connections .write() @@ -291,9 +300,10 @@ impl Peer { } } -impl ConnectionHandler +impl ConnectionHandler where - Conn: Clone + AsyncRead + AsyncWrite + Unpin + Send + 'static, + ReadConn: AsyncRead + Unpin + Send + 'static, + WriteConn: AsyncWrite + Unpin + Send + 'static, { pub async fn run(mut self) -> Result<()> { loop { diff --git a/zed/Cargo.toml b/zed/Cargo.toml index 11095f5462..992e99b388 100644 --- a/zed/Cargo.toml +++ b/zed/Cargo.toml @@ -31,6 +31,7 @@ ignore = "0.4" lazy_static = "1.4.0" libc = "0.2" log = "0.4" +async-native-tls = "0.3" num_cpus = "1.13.0" parking_lot = "0.11.1" postage = { version="0.4.1", features=["futures-traits"] } diff --git a/zed/src/rpc.rs b/zed/src/rpc.rs index 294453422f..0bceed4d0b 100644 --- a/zed/src/rpc.rs +++ b/zed/src/rpc.rs @@ -115,13 +115,22 @@ impl Client { access_token: String, executor: &Arc, ) -> surf::Result<()> { - // TODO - If the `ZED_SERVER_URL` uses https, then wrap this stream in - // a TLS stream using `native-tls`. let stream = smol::net::TcpStream::connect(&address).await?; - log::info!("connected to rpc address {}", address); - let (connection_id, handler) = self.peer.add_connection(stream).await; - executor.spawn(handler.run()).detach(); + let connection_id = if ZED_SERVER_URL.starts_with("https") { + let host = address.split(':').next().unwrap(); + let stream = async_native_tls::connect(host, stream) + .await + .context("failed to establish TLS connection")?; + let (conn_id, handler) = self.peer.add_connection(stream).await; + executor.spawn(handler.run()).detach(); + conn_id + } else { + let (conn_id, handler) = self.peer.add_connection(stream).await; + executor.spawn(handler.run()).detach(); + conn_id + }; + log::info!("connected to rpc address {}", address); let auth_response = self .peer @@ -138,6 +147,7 @@ impl Client { Err(anyhow!("failed to authenticate with RPC server"))?; } + log::info!("authenticated rpc connection as user {}", user_id); self.state.write().await.connection_id = Some(connection_id); Ok(()) } diff --git a/zed/src/workspace.rs b/zed/src/workspace.rs index 6be96dc49c..eb6990382b 100644 --- a/zed/src/workspace.rs +++ b/zed/src/workspace.rs @@ -6,6 +6,7 @@ use crate::{ language::LanguageRegistry, rpc, settings::Settings, + util::SurfResultExt as _, worktree::{File, Worktree}, AppState, }; @@ -684,7 +685,9 @@ impl Workspace { let platform = cx.platform(); let task = cx.spawn(|this, mut cx| async move { - rpc.log_in_and_connect(&cx).await?; + rpc.log_in_and_connect(&cx) + .await + .context("failed to establish rpc connection")?; let share_task = this.update(&mut cx, |this, cx| { let worktree = this.worktrees.iter().next()?; @@ -705,7 +708,7 @@ impl Workspace { cx.spawn(|_, _| async move { if let Err(e) = task.await { - log::error!("sharing failed: {}", e); + log::error!("sharing failed: {:?}", e); } }) .detach();