diff options
| -rw-r--r-- | Cargo.lock | 147 | ||||
| -rw-r--r-- | Cargo.toml | 3 | ||||
| -rw-r--r-- | crates/atuin-client/src/api_client.rs | 5 | ||||
| -rw-r--r-- | crates/atuin-common/Cargo.toml | 1 | ||||
| -rw-r--r-- | crates/atuin-common/src/lib.rs | 1 | ||||
| -rw-r--r-- | crates/atuin-common/src/tls.rs | 15 | ||||
| -rw-r--r-- | crates/atuin-server/Cargo.toml | 2 | ||||
| -rw-r--r-- | crates/atuin-server/src/handlers/user.rs | 3 |
8 files changed, 32 insertions, 145 deletions
@@ -324,6 +324,7 @@ dependencies = [ "eyre", "getrandom 0.2.17", "pretty_assertions", + "rustls", "semver", "serde", "sqlx", @@ -507,28 +508,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" [[package]] -name = "aws-lc-rs" -version = "1.15.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e84ce723ab67259cfeb9877c6a639ee9eb7a27b28123abd71db7f0d5d0cc9d86" -dependencies = [ - "aws-lc-sys", - "zeroize", -] - -[[package]] -name = "aws-lc-sys" -version = "0.36.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "43a442ece363113bd4bd4c8b18977a7798dd4d3c3383f34fb61936960e8f4ad8" -dependencies = [ - "cc", - "cmake", - "dunce", - "fs_extra", -] - -[[package]] name = "axum" version = "0.7.9" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -701,8 +680,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "755d2fce177175ffca841e9a06afdb2c4ab0f593d53b4dee48147dfaade85932" dependencies = [ "find-msvc-tools", - "jobserver", - "libc", "shlex", ] @@ -828,15 +805,6 @@ dependencies = [ ] [[package]] -name = "cmake" -version = "0.1.57" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "75443c44cd6b379beb8c5b45d85d0773baf31cce901fe7bb252f4eff3008ef7d" -dependencies = [ - "cc", -] - -[[package]] name = "colorchoice" version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1359,12 +1327,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "75b325c5dbd37f80359721ad39aca5a29fb04c89279657cffdda8736d0c0b9d2" [[package]] -name = "dunce" -version = "1.0.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" - -[[package]] name = "dyn-clone" version = "1.0.20" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1622,12 +1584,6 @@ dependencies = [ ] [[package]] -name = "fs_extra" -version = "1.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" - -[[package]] name = "futures" version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1765,10 +1721,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0" dependencies = [ "cfg-if", - "js-sys", "libc", "wasi", - "wasm-bindgen", ] [[package]] @@ -1778,11 +1732,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "899def5c37c4fd7b2664648c28120ecec138e4d395b459e5ca34f9cce2dd77fd" dependencies = [ "cfg-if", - "js-sys", "libc", "r-efi", "wasip2", - "wasm-bindgen", ] [[package]] @@ -1981,7 +1933,6 @@ dependencies = [ "hyper", "hyper-util", "rustls", - "rustls-native-certs", "rustls-pki-types", "tokio", "tokio-rustls", @@ -2323,16 +2274,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8eaf4bc02d17cbdd7ff4c7438cafcdf7fb9a4613313ad11b4f8fefe7d3fa0130" [[package]] -name = "jobserver" -version = "0.1.34" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9afb3de4395d6b3e67a780b6de64b51c978ecf11cb9a462c66be7d4ca9039d33" -dependencies = [ - "getrandom 0.3.4", - "libc", -] - -[[package]] name = "js-sys" version = "0.3.85" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -2505,12 +2446,6 @@ dependencies = [ ] [[package]] -name = "lru-slab" -version = "0.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "112b39cec0b298b6c1999fee3e31427f74f676e4cb9879ed1a121b43661a4154" - -[[package]] name = "mac_address" version = "1.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -2583,19 +2518,11 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3589659543c04c7dc5526ec858591015b87cd8746583b51b48ef4353f99dbcda" dependencies = [ "base64", - "http-body-util", - "hyper", - "hyper-rustls", - "hyper-util", "indexmap 2.13.0", - "ipnet", "metrics", "metrics-util", "quanta", - "rustls", "thiserror 2.0.18", - "tokio", - "tracing", ] [[package]] @@ -3300,9 +3227,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.104" +version = "1.0.106" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9695f8df41bb4f3d222c95a67532365f569318332d03d5f3f67f37b20e6ebdf0" +checksum = "8fd00f0bb2e90d81d1044c2b32617f68fcb9fa3bb7640c23e9c748e53fb30934" dependencies = [ "unicode-ident", ] @@ -3438,62 +3365,6 @@ dependencies = [ ] [[package]] -name = "quinn" -version = "0.11.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b9e20a958963c291dc322d98411f541009df2ced7b5a4f2bd52337638cfccf20" -dependencies = [ - "bytes", - "cfg_aliases", - "pin-project-lite", - "quinn-proto", - "quinn-udp", - "rustc-hash 2.1.1", - "rustls", - "socket2 0.6.1", - "thiserror 2.0.18", - "tokio", - "tracing", - "web-time", -] - -[[package]] -name = "quinn-proto" -version = "0.11.13" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1906b49b0c3bc04b5fe5d86a77925ae6524a19b816ae38ce1e426255f1d8a31" -dependencies = [ - "aws-lc-rs", - "bytes", - "getrandom 0.3.4", - "lru-slab", - "rand 0.9.2", - "ring", - "rustc-hash 2.1.1", - "rustls", - "rustls-pki-types", - "slab", - "thiserror 2.0.18", - "tinyvec", - "tracing", - "web-time", -] - -[[package]] -name = "quinn-udp" -version = "0.5.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "addec6a0dcad8a8d96a771f815f0eaf55f9d1805756410b39f5fa81332574cbd" -dependencies = [ - "cfg_aliases", - "libc", - "once_cell", - "socket2 0.6.1", - "tracing", - "windows-sys 0.60.2", -] - -[[package]] name = "quote" version = "1.0.43" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -3793,7 +3664,6 @@ dependencies = [ "log", "percent-encoding", "pin-project-lite", - "quinn", "rustls", "rustls-pki-types", "rustls-platform-verifier", @@ -3891,12 +3761,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" [[package]] -name = "rustc-hash" -version = "2.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "357703d41365b4b27c590e3ed91eabb1b663f07c4c084095e60cbed4362dff0d" - -[[package]] name = "rustc_version" version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -3937,7 +3801,6 @@ version = "0.23.36" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c665f33d38cea657d9614f766881e4d510e0eda4239891eea56b4cadcf01801b" dependencies = [ - "aws-lc-rs", "once_cell", "ring", "rustls-pki-types", @@ -3964,7 +3827,6 @@ version = "1.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "be040f8b0a225e40375822a563fa9524378b9d63112f53e19ffff34df5d33fdd" dependencies = [ - "web-time", "zeroize", ] @@ -4001,7 +3863,6 @@ version = "0.103.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d7df23109aa6c1567d1c575b9952556388da57401e4ace1d15f79eedad0d8f53" dependencies = [ - "aws-lc-rs", "ring", "rustls-pki-types", "untrusted", @@ -4948,7 +4809,7 @@ dependencies = [ "once_cell", "pbkdf2", "rand 0.8.5", - "rustc-hash 1.1.0", + "rustc-hash", "sha2", "thiserror 1.0.69", "unicode-normalization", @@ -45,6 +45,7 @@ tracing = "0.1" sql-builder = "3" tempfile = { version = "3.19" } minijinja = "2.9.0" +rustls = { version = "0.23", default-features = false, features = ["ring", "std", "tls12"] } [workspace.dependencies.tracing-subscriber] version = "0.3" @@ -52,7 +53,7 @@ features = ["ansi", "fmt", "registry", "env-filter"] [workspace.dependencies.reqwest] version = "0.13" -features = ["json", "rustls"] +features = ["json", "rustls-no-provider"] default-features = false [workspace.dependencies.sqlx] diff --git a/crates/atuin-client/src/api_client.rs b/crates/atuin-client/src/api_client.rs index 86452d50..aeca6492 100644 --- a/crates/atuin-client/src/api_client.rs +++ b/crates/atuin-client/src/api_client.rs @@ -11,6 +11,7 @@ use reqwest::{ use atuin_common::{ api::{ATUIN_CARGO_VERSION, ATUIN_HEADER_VERSION, ATUIN_VERSION}, record::{EncryptedData, HostId, Record, RecordIdx}, + tls::ensure_crypto_provider, }; use atuin_common::{ api::{ @@ -59,6 +60,7 @@ pub async fn register( email: &str, password: &str, ) -> Result<RegisterResponse> { + ensure_crypto_provider(); let mut map = HashMap::new(); map.insert("username", username); map.insert("email", email); @@ -91,6 +93,7 @@ pub async fn register( } pub async fn login(address: &str, req: LoginRequest) -> Result<LoginResponse> { + ensure_crypto_provider(); let url = make_url(address, "/login")?; let client = reqwest::Client::new(); @@ -114,6 +117,7 @@ pub async fn login(address: &str, req: LoginRequest) -> Result<LoginResponse> { pub async fn latest_version() -> Result<Version> { use atuin_common::api::IndexResponse; + ensure_crypto_provider(); let url = "https://api.atuin.sh"; let client = reqwest::Client::new(); @@ -197,6 +201,7 @@ impl<'a> Client<'a> { connect_timeout: u64, timeout: u64, ) -> Result<Self> { + ensure_crypto_provider(); let mut headers = HeaderMap::new(); headers.insert(AUTHORIZATION, format!("Token {session_token}").parse()?); diff --git a/crates/atuin-common/Cargo.toml b/crates/atuin-common/Cargo.toml index d65bdc68..811b0bdb 100644 --- a/crates/atuin-common/Cargo.toml +++ b/crates/atuin-common/Cargo.toml @@ -25,6 +25,7 @@ directories = { workspace = true } sysinfo = "0.30.7" base64 = { workspace = true } getrandom = "0.2" +rustls = { workspace = true } [dev-dependencies] pretty_assertions = { workspace = true } diff --git a/crates/atuin-common/src/lib.rs b/crates/atuin-common/src/lib.rs index 75bfc3e9..91164a82 100644 --- a/crates/atuin-common/src/lib.rs +++ b/crates/atuin-common/src/lib.rs @@ -56,4 +56,5 @@ macro_rules! new_uuid { pub mod api; pub mod record; pub mod shell; +pub mod tls; pub mod utils; diff --git a/crates/atuin-common/src/tls.rs b/crates/atuin-common/src/tls.rs new file mode 100644 index 00000000..e8c840e0 --- /dev/null +++ b/crates/atuin-common/src/tls.rs @@ -0,0 +1,15 @@ +use std::sync::Once; + +static INIT: Once = Once::new(); + +/// Ensure the rustls crypto provider (ring) is installed. +/// +/// Must be called before creating any reqwest clients. Safe to call +/// multiple times — only the first call installs the provider. +pub fn ensure_crypto_provider() { + INIT.call_once(|| { + rustls::crypto::ring::default_provider() + .install_default() + .expect("Failed to install rustls crypto provider"); + }); +} diff --git a/crates/atuin-server/Cargo.toml b/crates/atuin-server/Cargo.toml index ea647f38..04bf61e7 100644 --- a/crates/atuin-server/Cargo.toml +++ b/crates/atuin-server/Cargo.toml @@ -30,5 +30,5 @@ tower-http = { version = "0.6", features = ["trace"] } reqwest = { workspace = true } argon2 = "0.5" semver = { workspace = true } -metrics-exporter-prometheus = "0.18" +metrics-exporter-prometheus = { version = "0.18", default-features = false } metrics = "0.24" diff --git a/crates/atuin-server/src/handlers/user.rs b/crates/atuin-server/src/handlers/user.rs index c6fec51e..6436e327 100644 --- a/crates/atuin-server/src/handlers/user.rs +++ b/crates/atuin-server/src/handlers/user.rs @@ -16,6 +16,8 @@ use metrics::counter; use rand::rngs::OsRng; use tracing::{debug, error, info, instrument}; +use atuin_common::tls::ensure_crypto_provider; + use super::{ErrorResponse, ErrorResponseStatus, RespExt}; use crate::router::{AppState, UserAuth}; use atuin_server_database::{ @@ -38,6 +40,7 @@ pub fn verify_str(hash: &str, password: &str) -> bool { // Try to send a Discord webhook once - if it fails, we don't retry. "At most once", and best effort. // Don't return the status because if this fails, we don't really care. async fn send_register_hook(url: &str, username: String, registered: String) { + ensure_crypto_provider(); let hook = HashMap::from([ ("username", username), ("content", format!("{registered} has just signed up!")), |