fix tls redis parsing

2026-06-03 08:34:13 +02:00 · 2025-05-02 09:21:16 +02:00 · 2025-05-02 09:21:16 +02:00 · 83ba84fa2d
commit 83ba84fa2d
parent 88b64b402d
7 changed files with 137 additions and 51 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -836,7 +836,7 @@ dependencies = [

 [[package]]
 name = "nextcloud-config-parser"
-version = "0.13.0"
+version = "0.13.1"
 dependencies = [
 "form_urlencoded",
 "itertools",
--- a/Cargo.toml
+++ b/Cargo.toml
@ -1,7 +1,7 @@
 [package]
 name = "nextcloud-config-parser"
 description = "Rust parser for nextcloud config files"
-version = "0.13.0"
+version = "0.13.1"
 authors = ["Robin Appelman <robin@icewind.nl>"]
 edition = "2021"
 license = "MIT OR Apache-2.0"
--- a/src/lib.rs
+++ b/src/lib.rs
@ -5,6 +5,7 @@ use itertools::Either;
 use miette::Diagnostic;
 use std::iter::once;
 use std::path::PathBuf;
+use std::str::FromStr;
 use thiserror::Error;

 pub use nc::{parse, parse_glob};
@ -32,12 +33,40 @@ impl RedisConfig {
    }
 }

-#[derive(Clone, Debug)]
+#[derive(Clone, Debug, PartialOrd, PartialEq, Ord, Eq)]
 pub enum RedisConnectionAddr {
-    Tcp { host: String, port: u16 },
+    Tcp { host: String, port: u16, tls: bool },
    Unix { path: PathBuf },
 }

+impl RedisConnectionAddr {
+    fn parse(mut host: &str, port: Option<u16>, tls: bool) -> Self {
+        if host.starts_with("/") {
+            RedisConnectionAddr::Unix { path: host.into() }
+        } else {
+            let tls = if host.starts_with("tls://") || host.starts_with("rediss://") {
+                host = host.split_once("://").unwrap().1;
+                true
+            } else {
+                tls
+            };
+            if host == "localhost" {
+                host = "127.0.0.1";
+            }
+            let (host, port, _) = if let Some(port) = port {
+                (host, Some(port), None)
+            } else {
+                split_host(host)
+            };
+            RedisConnectionAddr::Tcp {
+                host: host.into(),
+                port: port.unwrap_or(6379),
+                tls,
+            }
+        }
+    }
+}
+
 #[derive(Clone, Debug)]
 pub struct RedisClusterConnectionInfo {
    pub addr: Vec<RedisConnectionAddr>,
@ -321,3 +350,19 @@ impl Database {
        }
    }
 }
+
+fn split_host(host: &str) -> (&str, Option<u16>, Option<&str>) {
+    if host.starts_with('/') {
+        return ("localhost", None, Some(host));
+    }
+    let mut parts = host.split(':');
+    let host = parts.next().unwrap();
+    match parts
+        .next()
+        .map(|port_or_socket| u16::from_str(port_or_socket).map_err(|_| port_or_socket))
+    {
+        Some(Ok(port)) => (host, Some(port), None),
+        Some(Err(socket)) => (host, None, Some(socket)),
+        None => (host, None, None),
+    }
+}
--- a/src/nc.rs
+++ b/src/nc.rs
@ -1,5 +1,5 @@
 use crate::{
-    Config, Database, DbConnect, DbError, Error, NotAConfigError, PhpParseError,
+    split_host, Config, Database, DbConnect, DbError, Error, NotAConfigError, PhpParseError,
    RedisClusterConnectionInfo, RedisConnectionInfo, RedisTlsParams, Result, SslOptions,
 };
 use crate::{RedisConfig, RedisConnectionAddr};
@ -279,22 +279,6 @@ fn parse_db_options(parsed: &Value) -> Result<Database> {
    }
 }

-fn split_host(host: &str) -> (&str, Option<u16>, Option<&str>) {
-    if host.starts_with('/') {
-        return ("localhost", None, Some(host));
-    }
-    let mut parts = host.split(':');
-    let host = parts.next().unwrap();
-    match parts
-        .next()
-        .map(|port_or_socket| u16::from_str(port_or_socket).map_err(|_| port_or_socket))
-    {
-        Some(Ok(port)) => (host, Some(port), None),
-        Some(Err(socket)) => (host, None, Some(socket)),
-        None => (host, None, None),
-    }
-}
-
 enum RedisAddress {
    Single(RedisConnectionAddr),
    Cluster(Vec<RedisConnectionAddr>),
@ -304,36 +288,24 @@ fn parse_redis_options(parsed: &Value) -> RedisConfig {
    let (redis_options, address) = if parsed["redis.cluster"].is_array() {
        let redis_options = &parsed["redis.cluster"];
        let seeds = redis_options["seeds"].values();
-        let addresses = seeds
+        let mut addresses = seeds
            .filter_map(|seed| seed.as_str())
-            .map(split_host)
-            .filter_map(|(host, port, _)| {
-                Some(RedisConnectionAddr::Tcp {
-                    host: host.into(),
-                    port: port?,
-                })
+            .map(|seed| {
+                RedisConnectionAddr::parse(seed, None, redis_options["ssl_context"].is_array())
            })
            .collect::<Vec<_>>();
+        addresses.sort();
        (redis_options, RedisAddress::Cluster(addresses))
    } else {
        let redis_options = &parsed["redis"];
-        let mut host = redis_options["host"].as_str().unwrap_or("127.0.0.1");
-        let address = if host.starts_with('/') {
-            RedisAddress::Single(RedisConnectionAddr::Unix { path: host.into() })
-        } else {
-            if host == "localhost" {
-                host = "127.0.0.1";
-            }
-            let (host, port, _) = if let Some(port) = redis_options["port"].as_int() {
-                (host, Some(port as u16), None)
-            } else {
-                split_host(host)
-            };
-            RedisAddress::Single(RedisConnectionAddr::Tcp {
-                host: host.into(),
-                port: port.unwrap_or(6379),
-            })
-        };
+        let host = redis_options["host"].as_str().unwrap_or("127.0.0.1");
+        let address = RedisAddress::Single(RedisConnectionAddr::parse(
+            host,
+            redis_options["port"]
+                .as_int()
+                .and_then(|port| u16::try_from(port).ok()),
+            redis_options["ssl_context"].is_array(),
+        ));
        (redis_options, address)
    };

--- a/tests/configs.rs
+++ b/tests/configs.rs
@ -1,6 +1,6 @@
 use nextcloud_config_parser::{
-    parse, parse_glob, Config, Database, DbConnect, RedisConfig, RedisConnectionAddr,
-    RedisConnectionInfo, RedisTlsParams, SslOptions,
+    parse, parse_glob, Config, Database, DbConnect, RedisClusterConnectionInfo, RedisConfig,
+    RedisConnectionAddr, RedisConnectionInfo, RedisTlsParams, SslOptions,
 };
 use std::fmt::Debug;

@ -24,9 +24,16 @@ fn config_from_file(path: &str) -> Config {
 fn parse_redis(cfg: &str) -> RedisConnectionInfo {
    let redis = ConnectionInfo::from_str(cfg).unwrap();
    let addr = match redis.addr {
-        ConnectionAddr::Tcp(host, port) | ConnectionAddr::TcpTls { host, port, .. } => {
-            RedisConnectionAddr::Tcp { host, port }
-        }
+        ConnectionAddr::Tcp(host, port) => RedisConnectionAddr::Tcp {
+            host,
+            port,
+            tls: false,
+        },
+        ConnectionAddr::TcpTls { host, port, .. } => RedisConnectionAddr::Tcp {
+            host,
+            port,
+            tls: true,
+        },
        ConnectionAddr::Unix(path) => RedisConnectionAddr::Unix { path },
    };
    RedisConnectionInfo {
@ -109,6 +116,7 @@ fn test_parse_redis_tls() {
            addr: RedisConnectionAddr::Tcp {
                host: "127.0.0.1".into(),
                port: 6379,
+                tls: true,
            },
            db: 0,
            username: None,
@ -125,6 +133,38 @@ fn test_parse_redis_tls() {
    );
 }

+#[test]
+fn test_parse_redis_cluster_tls() {
+    let config = config_from_file("tests/configs/redis_cluster_tls.php");
+    assert_debug_equal(
+        RedisConfig::Cluster(RedisClusterConnectionInfo {
+            addr: vec![
+                RedisConnectionAddr::Tcp {
+                    host: "db1".into(),
+                    port: 6380,
+                    tls: true,
+                },
+                RedisConnectionAddr::Tcp {
+                    host: "db1".into(),
+                    port: 6381,
+                    tls: true,
+                },
+            ],
+            db: 0,
+            username: None,
+            password: Some("xxx".into()),
+            tls_params: Some(RedisTlsParams {
+                local_cert: Some("/certs/redis.crt".into()),
+                local_pk: Some("/certs/redis.key".into()),
+                ca_file: Some("/certs/ca.crt".into()),
+                insecure: false,
+                accept_invalid_hostname: false,
+            }),
+        }),
+        config.redis,
+    );
+}
+
 #[test]
 fn test_parse_comment_whitespace() {
    let config = config_from_file("tests/configs/comment_whitespace.php");
--- a/tests/configs/redis_cluster_tls.php
+++ b/tests/configs/redis_cluster_tls.php
@ -0,0 +1,29 @@
+<?php
+
+$CONFIG = [
+	'overwrite.cli.url' => 'https://cloud.example.com',
+	'dbtype' => 'mysql',
+	'dbname' => 'nextcloud',
+	'dbhost' => '127.0.0.1',
+	'dbport' => '',
+	'dbtableprefix' => 'oc_',
+	'dbuser' => 'nextcloud',
+	'dbpassword' => 'secret',
+     'redis.cluster' =>
+      array (
+        'seeds' =>
+        array (
+          0 => 'db1:6380',
+          1 => 'db1:6381',
+        ),
+        'password' => 'xxx',
+        'timeout' => 0.0,
+        'read_timeout' => 0.0,
+        'failover_mode' => \RedisCluster::FAILOVER_ERROR,
+        'ssl_context' => [
+          'local_cert' => '/certs/redis.crt',
+          'local_pk' => '/certs/redis.key',
+          'cafile' => '/certs/ca.crt'
+        ]
+      ),
+];
--- a/tests/configs/redis_tls.php
+++ b/tests/configs/redis_tls.php
@ -9,7 +9,7 @@ $CONFIG = [
 	'dbuser' => 'nextcloud',
 	'dbpassword' => 'secret',
 	'redis' => [
-		'host' => 'localhost',
+		'host' => 'tls://localhost',
    'ssl_context' => [
      'local_cert' => '/certs/redis.crt',
      'local_pk' => '/certs/redis.key',