ab/furumi-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implemented AutoTLS via RustTLS

Browse Source
This commit is contained in:
AB-UK
2026-03-10 16:20:19 +00:00
parent 588b610e08
commit bf16ff40f9
7 changed files with 411 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
furumi-client-core/Cargo.toml
View File

@@ -9,8 +9,14 @@ anyhow = "1.0.102"
prost = "0.13.5"
tokio = { version = "1.50.0", features = ["full"] }
tokio-stream = "0.1.18"
tonic = "0.12.3"
tonic = { version = "0.12.3", features = ["tls", "tls-native-roots"] }
thiserror = "2.0.18"
moka = { version = "0.12.10", features = ["sync", "future"] }
async-trait = "0.1.89"
tracing = "0.1.44"
rustls = { version = "0.23.37", features = ["ring"] }
tokio-rustls = "0.26.4"
webpki-roots = "1.0.6"
hyper-util = { version = "0.1.20", features = ["tokio"] }
hyper = { version = "1.8.1", features = ["client"] }
tower = { version = "0.5.3", features = ["util"] }

33
furumi-client-core/src/client.rs
View File

@@ -38,15 +38,40 @@ pub struct FurumiClient {
}
impl FurumiClient {
/// Connects to the Furumi-ng server with an optional bearer token.
pub async fn connect(addr: &str, token: &str) -> Result<Self> {
let endpoint = Endpoint::from_shared(addr.to_string())
/// Connects to the Furumi-ng server.
///
/// - `addr`: Server URL. Use `https://` for TLS, `http://` for plaintext.
/// - `token`: Bearer token for auth (empty = no auth).
/// - `tls_ca_pem`: Optional CA certificate PEM bytes for verifying the server.
/// If using TLS without a CA cert, pass `None` (uses system roots).
pub async fn connect(addr: &str, token: &str, tls_ca_pem: Option<Vec<u8>>) -> Result<Self> {
// Install ring as the default crypto provider for rustls
let _ = rustls::crypto::ring::default_provider().install_default();
let mut endpoint = Endpoint::from_shared(addr.to_string())
.map_err(|e| ClientError::Internal(format!("Invalid URI: {}", e)))?
.timeout(Duration::from_secs(30))
.concurrency_limit(256)
.tcp_keepalive(Some(Duration::from_secs(60)))
.http2_keep_alive_interval(Duration::from_secs(60));
// Configure TLS if using https://
if addr.starts_with("https://") {
let mut tls_config = tonic::transport::ClientTlsConfig::new()
.domain_name("furumi-ng");
if let Some(ca_pem) = tls_ca_pem {
info!("TLS enabled with server CA certificate");
tls_config = tls_config
.ca_certificate(tonic::transport::Certificate::from_pem(ca_pem));
} else {
info!("TLS enabled with system root certificates");
}
endpoint = endpoint.tls_config(tls_config)
.map_err(|e| ClientError::Internal(format!("TLS config error: {}", e)))?;
}
info!("Connecting to {}", addr);
let channel = endpoint.connect().await?;
@@ -58,7 +83,7 @@ impl FurumiClient {
let attr_cache = Cache::builder()
.max_capacity(100_000)
.time_to_live(Duration::from_secs(5)) // short TTL to catch up changes quickly
.time_to_live(Duration::from_secs(5))
.build();
Ok(Self { client, attr_cache })