robin/haze
1
0
Fork 0
mirror of https://codeberg.org/icewind/haze.git synced 2026-06-03 17:14:08 +02:00
Code Issues Projects Releases Wiki Activity

push: add all local ips as trusted proxies

Browse source
This commit is contained in:
Robin Appelman 2025-08-07 18:07:25 +02:00
commit 6a043913fa
6 changed files with 116 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

95
Cargo.lock generated
View file

@ -105,7 +105,7 @@ checksum = "d556ec1359574147ec0c4fc5eb525f3f23263a592b1a9c07e0a75b427de55c97"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn", "syn 2.0.99",
] ]
[[package]] [[package]]
@ -364,7 +364,7 @@ dependencies = [
"heck", "heck",
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn", "syn 2.0.99",
] ]
[[package]] [[package]]
@ -444,7 +444,7 @@ checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn", "syn 2.0.99",
] ]
[[package]] [[package]]
@ -462,7 +462,7 @@ dependencies = [
"once_cell", "once_cell",
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn", "syn 2.0.99",
] ]
[[package]] [[package]]
@ -541,7 +541,7 @@ checksum = "162ee34ebcb7c64a8abebc059ce0fee27c2262618d7b60ed8faf72fef13c3650"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn", "syn 2.0.99",
] ]
[[package]] [[package]]
@ -649,6 +649,7 @@ dependencies = [
"hyper-reverse-proxy", "hyper-reverse-proxy",
"hyper-util", "hyper-util",
"itertools", "itertools",
"local-ip-address",
"maplit", "maplit",
"miette", "miette",
"opener", "opener",
@ -952,7 +953,7 @@ checksum = "1ec89e9337638ecdc08744df490b221a7399bf8d164eb52a665454e60e075ad6"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn", "syn 2.0.99",
] ]
[[package]] [[package]]
@ -1119,6 +1120,18 @@ version = "0.7.5"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "23fb14cb19457329c82206317a5663005a4d404783dc74f4252769b0d5f42856" checksum = "23fb14cb19457329c82206317a5663005a4d404783dc74f4252769b0d5f42856"
[[package]]
name = "local-ip-address"
version = "0.6.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "656b3b27f8893f7bbf9485148ff9a65f019e3f33bd5cdc87c83cab16b3fd9ec8"
dependencies = [
"libc",
"neli",
"thiserror 2.0.12",
"windows-sys 0.59.0",
]
[[package]] [[package]]
name = "log" name = "log"
version = "0.4.26" version = "0.4.26"
@ -1171,7 +1184,7 @@ checksum = "bf45bf44ab49be92fd1227a3be6fc6f617f1a337c06af54981048574d8783147"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn", "syn 2.0.99",
] ]
[[package]] [[package]]
@ -1200,6 +1213,31 @@ dependencies = [
"windows-sys 0.52.0", "windows-sys 0.52.0",
] ]
[[package]]
name = "neli"
version = "0.6.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "93062a0dce6da2517ea35f301dfc88184ce18d3601ec786a727a87bf535deca9"
dependencies = [
"byteorder",
"libc",
"log",
"neli-proc-macros",
]
[[package]]
name = "neli-proc-macros"
version = "0.1.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0c8034b7fbb6f9455b2a96c19e6edf8dc9fc34c70449938d8ee3b4df363f61fe"
dependencies = [
"either",
"proc-macro2",
"quote",
"serde",
"syn 1.0.109",
]
[[package]] [[package]]
name = "normpath" name = "normpath"
version = "1.3.0" version = "1.3.0"
@ -1301,7 +1339,7 @@ dependencies = [
"regex", "regex",
"regex-syntax", "regex-syntax",
"structmeta", "structmeta",
"syn", "syn 2.0.99",
] ]
[[package]] [[package]]
@ -1544,7 +1582,7 @@ checksum = "f09503e191f4e797cb8aac08e9a4a4695c5edf6a2e70e376d961ddd5c969f82b"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn", "syn 2.0.99",
] ]
[[package]] [[package]]
@ -1577,7 +1615,7 @@ checksum = "175ee3e80ae9982737ca543e96133087cbd9a485eecc3bc4de9c1a37b47ea59c"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn", "syn 2.0.99",
] ]
[[package]] [[package]]
@ -1694,7 +1732,7 @@ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
"structmeta-derive", "structmeta-derive",
"syn", "syn 2.0.99",
] ]
[[package]] [[package]]
@ -1705,7 +1743,7 @@ checksum = "152a0b65a590ff6c3da95cabe2353ee04e6167c896b28e3b14478c2636c922fc"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn", "syn 2.0.99",
] ]
[[package]] [[package]]
@ -1729,6 +1767,17 @@ version = "3.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b7401a30af6cb5818bb64852270bb722533397edcfc7344954a38f420819ece2" checksum = "b7401a30af6cb5818bb64852270bb722533397edcfc7344954a38f420819ece2"
[[package]]
name = "syn"
version = "1.0.109"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
dependencies = [
"proc-macro2",
"quote",
"unicode-ident",
]
[[package]] [[package]]
name = "syn" name = "syn"
version = "2.0.99" version = "2.0.99"
@ -1757,7 +1806,7 @@ checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn", "syn 2.0.99",
] ]
[[package]] [[package]]
@ -1829,7 +1878,7 @@ checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn", "syn 2.0.99",
] ]
[[package]] [[package]]
@ -1840,7 +1889,7 @@ checksum = "7f7cf42b4507d8ea322120659672cf1b9dbb93f8f2d4ecfd6e51350ff5b17a1d"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn", "syn 2.0.99",
] ]
[[package]] [[package]]
@ -1919,7 +1968,7 @@ checksum = "6e06d43f1345a3bcd39f6a56dbb7dcab2ba47e68e8ac134855e7e2bdbaf8cab8"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn", "syn 2.0.99",
] ]
[[package]] [[package]]
@ -2017,7 +2066,7 @@ checksum = "395ae124c09f9e6918a2310af6038fba074bcf474ac352496d5910dd59a2226d"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn", "syn 2.0.99",
] ]
[[package]] [[package]]
@ -2163,7 +2212,7 @@ dependencies = [
"log", "log",
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn", "syn 2.0.99",
"wasm-bindgen-shared", "wasm-bindgen-shared",
] ]
@ -2198,7 +2247,7 @@ checksum = "8ae87ea40c9f689fc23f209965b6fb8a99ad69aeeb0231408be24920604395de"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn", "syn 2.0.99",
"wasm-bindgen-backend", "wasm-bindgen-backend",
"wasm-bindgen-shared", "wasm-bindgen-shared",
] ]
@ -2423,7 +2472,7 @@ checksum = "2380878cad4ac9aac1e2435f3eb4020e8374b5f13c296cb75b4620ff8e229154"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn", "syn 2.0.99",
"synstructure", "synstructure",
] ]
@ -2445,7 +2494,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn", "syn 2.0.99",
] ]
[[package]] [[package]]
@ -2465,7 +2514,7 @@ checksum = "d71e5d6e06ab090c67b5e44993ec16b72dcbaabc526db883a360057678b48502"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn", "syn 2.0.99",
"synstructure", "synstructure",
] ]
@ -2488,5 +2537,5 @@ checksum = "6eafa6dfb17584ea3e2bd6e76e0cc15ad7af12b09abdd1ca55961bed9b1063c6"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn", "syn 2.0.99",
] ]

1
Cargo.toml
View file

@ -33,6 +33,7 @@ tracing-subscriber = "0.3.18"
atty = "0.2.14" atty = "0.2.14"
git2 = { version = "0.20.0", default-features = false } git2 = { version = "0.20.0", default-features = false }
itertools = { version = "0.14.0", features = ["use_alloc"] } itertools = { version = "0.14.0", features = ["use_alloc"] }
local-ip-address = "0.6.5"
hyper-reverse-proxy = { version = "0.5.2-dev", git = "https://github.com/chpio/hyper-reverse-proxy", rev = "6934877eb74465204f605cc1c05ca5a9772db7c0" } hyper-reverse-proxy = { version = "0.5.2-dev", git = "https://github.com/chpio/hyper-reverse-proxy", rev = "6934877eb74465204f605cc1c05ca5a9772db7c0" }
hyper = "1.6.0" hyper = "1.6.0"

6
src/proxy.rs
View file

@ -57,7 +57,11 @@ impl ActiveInstances {
let service = cloud let service = cloud
.services() .services()
.find(|service| service.name() == service_name)?; .find(|service| service.name() == service_name)?;
let ip = service.get_ip(&self.docker, &cloud.id).await.ok()??; let ip = service
.get_ips(&self.docker, &cloud.id)
.await
.ok()?
.next()?;
SocketAddr::new(ip, service.proxy_port()) SocketAddr::new(ip, service.proxy_port())
} else { } else {
SocketAddr::new( SocketAddr::new(

26
src/service.rs
View file

@ -36,7 +36,9 @@ use enum_dispatch::enum_dispatch;
use miette::{IntoDiagnostic, Report, Result, WrapErr}; use miette::{IntoDiagnostic, Report, Result, WrapErr};
use serde_json::Value; use serde_json::Value;
use std::collections::HashMap; use std::collections::HashMap;
use std::iter::empty;
use std::net::IpAddr; use std::net::IpAddr;
use std::str::FromStr;
use std::time::Duration; use std::time::Duration;
use tokio::time::{sleep, timeout}; use tokio::time::{sleep, timeout};
@ -128,9 +130,13 @@ pub trait ServiceTrait {
.wrap_err("Timeout after 30 seconds")? .wrap_err("Timeout after 30 seconds")?
} }
async fn get_ip(&self, docker: &Docker, cloud_id: &str) -> Result<Option<IpAddr>> { async fn get_ips(
&self,
docker: &Docker,
cloud_id: &str,
) -> Result<Box<dyn Iterator<Item = IpAddr>>> {
let Some(container) = self.container_name(cloud_id) else { let Some(container) = self.container_name(cloud_id) else {
return Ok(None); return Ok(Box::new(empty()));
}; };
docker docker
.start_container::<String>(&container, None) .start_container::<String>(&container, None)
@ -151,20 +157,16 @@ pub trait ServiceTrait {
.. ..
}) })
) { ) {
info.network_settings let ips: Vec<_> = info
.network_settings
.unwrap() .unwrap()
.networks .networks
.unwrap() .unwrap()
.values() .values()
.next() .filter_map(|network| network.ip_address.clone())
.unwrap() .filter_map(|address| IpAddr::from_str(&address).ok())
.ip_address .collect();
.clone() Ok(Box::new(ips.into_iter()))
.unwrap()
.parse()
.into_diagnostic()
.map(Some)
.wrap_err("Invalid ip address")
} else { } else {
Err(Report::msg("service not started")) Err(Report::msg("service not started"))
} }

2
src/service/oc.rs
View file

@ -86,7 +86,7 @@ impl ServiceTrait for Oc {
cloud_id: &str, cloud_id: &str,
config: &HazeConfig, config: &HazeConfig,
) -> Result<Vec<String>> { ) -> Result<Vec<String>> {
if let Some(ip) = self.get_ip(docker, cloud_id).await? { if let Some(ip) = self.get_ips(docker, cloud_id).await?.next() {
let container = self.container_name(cloud_id).unwrap(); let container = self.container_name(cloud_id).unwrap();
let addr = config.proxy.addr(&container, ip); let addr = config.proxy.addr(&container, ip);
println!("OC running on {addr}"); println!("OC running on {addr}");

31
src/service/push.rs
View file

@ -5,6 +5,7 @@ use crate::service::ServiceTrait;
use bollard::container::{Config, CreateContainerOptions, NetworkingConfig}; use bollard::container::{Config, CreateContainerOptions, NetworkingConfig};
use bollard::models::{EndpointSettings, HostConfig}; use bollard::models::{EndpointSettings, HostConfig};
use bollard::Docker; use bollard::Docker;
use local_ip_address::list_afinet_netifas;
use maplit::hashmap; use maplit::hashmap;
use miette::{IntoDiagnostic, Result}; use miette::{IntoDiagnostic, Result};
@ -87,14 +88,28 @@ impl ServiceTrait for NotifyPush {
cloud_id: &str, cloud_id: &str,
config: &HazeConfig, config: &HazeConfig,
) -> Result<Vec<String>> { ) -> Result<Vec<String>> {
let ip = self.get_ip(docker, cloud_id).await?.unwrap(); let mut ips: Vec<_> = self.get_ips(docker, cloud_id).await?.collect();
let addr = config if let Ok(local_interfaces) = list_afinet_netifas() {
.proxy ips.extend(local_interfaces.into_iter().map(|(_, ip)| ip));
.addr_with_port(&self.container_name(cloud_id).unwrap(), ip, 7867); }
Ok(vec![
format!("occ config:system:set trusted_proxies 1 --value {}", ip), let mut commands: Vec<_> = ips
format!("occ notify_push:setup {}", addr), .iter()
]) .enumerate()
.map(|(i, ip)| {
format!(
"occ config:system:set trusted_proxies {} --value {ip}",
i + 1
)
})
.collect();
let addr =
config
.proxy
.addr_with_port(&self.container_name(cloud_id).unwrap(), ips[0], 7867);
commands.push(format!("occ notify_push:setup {}", addr));
Ok(commands)
} }
fn proxy_port(&self) -> u16 { fn proxy_port(&self) -> u16 {