diff options
| author | Ellie Huxtable <ellie@atuin.sh> | 2026-01-27 16:20:25 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2026-01-27 16:20:25 -0800 |
| commit | f294c5bca990f684b59f217dd468a41b7ac83d0e (patch) | |
| tree | 4a2db9fd5c8d109124876c0eba9ba91e74618bac /crates | |
| parent | fix: custom data dir test on windows (#3109) (diff) | |
| download | atuin-f294c5bca990f684b59f217dd468a41b7ac83d0e.zip | |
chore(deps): audit ssl deps (#3110)
<!-- Thank you for making a PR! Bug fixes are always welcome, but if
you're adding a new feature or changing an existing one, we'd really
appreciate if you open an issue, post on the forum, or drop in on
Discord -->
## Checks
- [ ] I am happy for maintainers to push small adjustments to this PR,
to speed up the review cycle
- [ ] I have checked that there are no existing pull requests for the
same thing
Diffstat (limited to 'crates')
| -rw-r--r-- | crates/atuin-client/src/api_client.rs | 5 | ||||
| -rw-r--r-- | crates/atuin-common/Cargo.toml | 1 | ||||
| -rw-r--r-- | crates/atuin-common/src/lib.rs | 1 | ||||
| -rw-r--r-- | crates/atuin-common/src/tls.rs | 15 | ||||
| -rw-r--r-- | crates/atuin-server/Cargo.toml | 2 | ||||
| -rw-r--r-- | crates/atuin-server/src/handlers/user.rs | 3 |
6 files changed, 26 insertions, 1 deletions
diff --git a/crates/atuin-client/src/api_client.rs b/crates/atuin-client/src/api_client.rs index 86452d50..aeca6492 100644 --- a/crates/atuin-client/src/api_client.rs +++ b/crates/atuin-client/src/api_client.rs @@ -11,6 +11,7 @@ use reqwest::{ use atuin_common::{ api::{ATUIN_CARGO_VERSION, ATUIN_HEADER_VERSION, ATUIN_VERSION}, record::{EncryptedData, HostId, Record, RecordIdx}, + tls::ensure_crypto_provider, }; use atuin_common::{ api::{ @@ -59,6 +60,7 @@ pub async fn register( email: &str, password: &str, ) -> Result<RegisterResponse> { + ensure_crypto_provider(); let mut map = HashMap::new(); map.insert("username", username); map.insert("email", email); @@ -91,6 +93,7 @@ pub async fn register( } pub async fn login(address: &str, req: LoginRequest) -> Result<LoginResponse> { + ensure_crypto_provider(); let url = make_url(address, "/login")?; let client = reqwest::Client::new(); @@ -114,6 +117,7 @@ pub async fn login(address: &str, req: LoginRequest) -> Result<LoginResponse> { pub async fn latest_version() -> Result<Version> { use atuin_common::api::IndexResponse; + ensure_crypto_provider(); let url = "https://api.atuin.sh"; let client = reqwest::Client::new(); @@ -197,6 +201,7 @@ impl<'a> Client<'a> { connect_timeout: u64, timeout: u64, ) -> Result<Self> { + ensure_crypto_provider(); let mut headers = HeaderMap::new(); headers.insert(AUTHORIZATION, format!("Token {session_token}").parse()?); diff --git a/crates/atuin-common/Cargo.toml b/crates/atuin-common/Cargo.toml index d65bdc68..811b0bdb 100644 --- a/crates/atuin-common/Cargo.toml +++ b/crates/atuin-common/Cargo.toml @@ -25,6 +25,7 @@ directories = { workspace = true } sysinfo = "0.30.7" base64 = { workspace = true } getrandom = "0.2" +rustls = { workspace = true } [dev-dependencies] pretty_assertions = { workspace = true } diff --git a/crates/atuin-common/src/lib.rs b/crates/atuin-common/src/lib.rs index 75bfc3e9..91164a82 100644 --- a/crates/atuin-common/src/lib.rs +++ b/crates/atuin-common/src/lib.rs @@ -56,4 +56,5 @@ macro_rules! new_uuid { pub mod api; pub mod record; pub mod shell; +pub mod tls; pub mod utils; diff --git a/crates/atuin-common/src/tls.rs b/crates/atuin-common/src/tls.rs new file mode 100644 index 00000000..e8c840e0 --- /dev/null +++ b/crates/atuin-common/src/tls.rs @@ -0,0 +1,15 @@ +use std::sync::Once; + +static INIT: Once = Once::new(); + +/// Ensure the rustls crypto provider (ring) is installed. +/// +/// Must be called before creating any reqwest clients. Safe to call +/// multiple times — only the first call installs the provider. +pub fn ensure_crypto_provider() { + INIT.call_once(|| { + rustls::crypto::ring::default_provider() + .install_default() + .expect("Failed to install rustls crypto provider"); + }); +} diff --git a/crates/atuin-server/Cargo.toml b/crates/atuin-server/Cargo.toml index ea647f38..04bf61e7 100644 --- a/crates/atuin-server/Cargo.toml +++ b/crates/atuin-server/Cargo.toml @@ -30,5 +30,5 @@ tower-http = { version = "0.6", features = ["trace"] } reqwest = { workspace = true } argon2 = "0.5" semver = { workspace = true } -metrics-exporter-prometheus = "0.18" +metrics-exporter-prometheus = { version = "0.18", default-features = false } metrics = "0.24" diff --git a/crates/atuin-server/src/handlers/user.rs b/crates/atuin-server/src/handlers/user.rs index c6fec51e..6436e327 100644 --- a/crates/atuin-server/src/handlers/user.rs +++ b/crates/atuin-server/src/handlers/user.rs @@ -16,6 +16,8 @@ use metrics::counter; use rand::rngs::OsRng; use tracing::{debug, error, info, instrument}; +use atuin_common::tls::ensure_crypto_provider; + use super::{ErrorResponse, ErrorResponseStatus, RespExt}; use crate::router::{AppState, UserAuth}; use atuin_server_database::{ @@ -38,6 +40,7 @@ pub fn verify_str(hash: &str, password: &str) -> bool { // Try to send a Discord webhook once - if it fails, we don't retry. "At most once", and best effort. // Don't return the status because if this fails, we don't really care. async fn send_register_hook(url: &str, username: String, registered: String) { + ensure_crypto_provider(); let hook = HashMap::from([ ("username", username), ("content", format!("{registered} has just signed up!")), |