From 9f546ce2490fddf3e508b840ba1c1e33ae81afa7 Mon Sep 17 00:00:00 2001 From: khorshuheng Date: Wed, 22 Jan 2025 15:49:03 +0800 Subject: [PATCH] chore: remove unnecessary self sign related functionality in appflowy cloud --- src/application.rs | 44 ++------------------------ src/config/config.rs | 6 ---- src/lib.rs | 1 - src/middleware/encrypt_mw.rs | 61 ------------------------------------ src/middleware/mod.rs | 1 - src/self_signed.rs | 30 ------------------ 6 files changed, 2 insertions(+), 141 deletions(-) delete mode 100644 src/middleware/encrypt_mw.rs delete mode 100644 src/self_signed.rs diff --git a/src/application.rs b/src/application.rs index 7a912121..79187ae0 100644 --- a/src/application.rs +++ b/src/application.rs @@ -27,8 +27,6 @@ use aws_sdk_s3::types::{ BucketInfo, BucketLocationConstraint, BucketType, CreateBucketConfiguration, }; use mailer::config::MailerSetting; -use openssl::ssl::{SslAcceptor, SslAcceptorBuilder, SslFiletype, SslMethod}; -use openssl::x509::X509; use secrecy::{ExposeSecret, Secret}; use sqlx::{postgres::PgPoolOptions, PgPool}; use tokio::sync::RwLock; @@ -72,7 +70,6 @@ use crate::config::config::{ use crate::mailer::AFCloudMailer; use crate::middleware::metrics_mw::MetricsMiddleware; use crate::middleware::request_id::RequestIdMiddleware; -use crate::self_signed::create_self_signed_certificate; use crate::state::{AppMetrics, AppState, GoTrueAdmin, UserCache}; pub struct Application { @@ -119,11 +116,6 @@ pub async fn run_actix_server( e ) })?; - let pair = get_certificate_and_server_key(&config); - let key = pair - .as_ref() - .map(|(_, server_key)| Key::from(server_key.expose_secret().as_bytes())) - .unwrap_or_else(Key::generate); let storage = state.collab_access_control_storage.clone(); @@ -150,7 +142,7 @@ pub async fn run_actix_server( .wrap(MetricsMiddleware) .wrap(IdentityMiddleware::default()) .wrap( - SessionMiddleware::builder(redis_store.clone(), key.clone()) + SessionMiddleware::builder(redis_store.clone(), Key::generate()) .build(), ) .wrap(RequestIdMiddleware) @@ -178,24 +170,11 @@ pub async fn run_actix_server( .app_data(Data::new(state.published_collab_store.clone())) }); - server = match pair { - None => server.listen(listener)?, - Some((certificate, _)) => { - server.listen_openssl(listener, make_ssl_acceptor_builder(certificate))? - }, - }; + server = server.listen(listener)?; Ok(server.run()) } -fn get_certificate_and_server_key(config: &Config) -> Option<(Secret, Secret)> { - if config.application.use_tls { - Some(create_self_signed_certificate().unwrap()) - } else { - None - } -} - pub async fn init_state(config: &Config, rt_cmd_tx: CLCommandSender) -> Result { // Print the feature flags @@ -523,22 +502,3 @@ async fn get_gotrue_client(setting: &GoTrueSetting) -> Result) -> SslAcceptorBuilder { - let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap(); - let x509_cert = X509::from_pem(certificate.expose_secret().as_bytes()).unwrap(); - builder.set_certificate(&x509_cert).unwrap(); - builder - .set_private_key_file("./cert/key.pem", SslFiletype::PEM) - .unwrap(); - builder - .set_certificate_chain_file("./cert/cert.pem") - .unwrap(); - builder - .set_min_proto_version(Some(openssl::ssl::SslVersion::TLS1_2)) - .unwrap(); - builder - .set_max_proto_version(Some(openssl::ssl::SslVersion::TLS1_3)) - .unwrap(); - builder -} diff --git a/src/config/config.rs b/src/config/config.rs index d1e1fda0..ff8c30d4 100644 --- a/src/config/config.rs +++ b/src/config/config.rs @@ -97,8 +97,6 @@ impl AppFlowyAISetting { pub struct ApplicationSetting { pub port: u16, pub host: String, - pub server_key: Secret, - pub use_tls: bool, } #[derive(Clone, Debug)] @@ -209,10 +207,6 @@ pub fn get_configuration() -> Result { application: ApplicationSetting { port: get_env_var("APPFLOWY_APPLICATION_PORT", "8000").parse()?, host: get_env_var("APPFLOWY_APPLICATION_HOST", "0.0.0.0"), - use_tls: get_env_var("APPFLOWY_APPLICATION_USE_TLS", "false") - .parse() - .context("fail to get APPFLOWY_APPLICATION_USE_TLS")?, - server_key: get_env_var("APPFLOWY_APPLICATION_SERVER_KEY", "server_key").into(), }, websocket: WebsocketSetting { heartbeat_interval: get_env_var("APPFLOWY_WEBSOCKET_HEARTBEAT_INTERVAL", "6").parse()?, diff --git a/src/lib.rs b/src/lib.rs index 106a129c..e2e9f670 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -5,6 +5,5 @@ pub mod config; pub mod domain; pub mod mailer; pub mod middleware; -mod self_signed; pub mod state; pub mod telemetry; diff --git a/src/middleware/encrypt_mw.rs b/src/middleware/encrypt_mw.rs deleted file mode 100644 index 591d4cb6..00000000 --- a/src/middleware/encrypt_mw.rs +++ /dev/null @@ -1,61 +0,0 @@ -use actix_http::Payload; -use actix_service::{forward_ready, Service, Transform}; -use actix_web::{dev::ServiceRequest, dev::ServiceResponse, Error}; -use bytes::Bytes; -use bytes::BytesMut; -use futures::future::Ready; -use futures_util::future::{ready, LocalBoxFuture}; -use futures_util::{stream, StreamExt}; - -pub struct DecryptPayloadMiddleware; - -impl Transform for DecryptPayloadMiddleware -where - S: Service, Error = Error>, - S::Future: 'static, - B: 'static, -{ - type Response = ServiceResponse; - type Error = Error; - type Transform = DecryptPayloadMiddlewareService; - type InitError = (); - type Future = Ready>; - - fn new_transform(&self, service: S) -> Self::Future { - ready(Ok(DecryptPayloadMiddlewareService { service })) - } -} - -pub struct DecryptPayloadMiddlewareService { - service: S, -} - -impl Service for DecryptPayloadMiddlewareService -where - S: Service, Error = Error>, - S::Future: 'static, - B: 'static, -{ - type Response = ServiceResponse; - type Error = Error; - type Future = LocalBoxFuture<'static, Result>; - - forward_ready!(service); - - fn call(&self, req: ServiceRequest) -> Self::Future { - let (http_req, mut payload) = req.into_parts(); - let payload_stream = stream::once(async move { - let mut body = BytesMut::new(); - while let Some(chunk) = payload.next().await { - body.extend_from_slice(&chunk?); - } - - Ok(Bytes::from(body)) - }); - - let payload = Box::pin(payload_stream); - let new_req = ServiceRequest::from_parts(http_req, Payload::Stream { payload }); - let fut = self.service.call(new_req); - Box::pin(fut) - } -} diff --git a/src/middleware/mod.rs b/src/middleware/mod.rs index beb81188..45d66772 100644 --- a/src/middleware/mod.rs +++ b/src/middleware/mod.rs @@ -1,3 +1,2 @@ -pub mod encrypt_mw; pub mod metrics_mw; pub mod request_id; diff --git a/src/self_signed.rs b/src/self_signed.rs deleted file mode 100644 index 84725f18..00000000 --- a/src/self_signed.rs +++ /dev/null @@ -1,30 +0,0 @@ -use rcgen::{Certificate, CertificateParams, KeyPair, RcgenError, SanType}; -use secrecy::Secret; - -pub const CA_CRT: &str = include_str!("../cert/cert.pem"); -pub const CA_KEY: &str = include_str!("../cert/key.pem"); - -pub fn create_self_signed_certificate() -> Result<(Secret, Secret), RcgenError> { - let key = KeyPair::from_pem(CA_KEY)?; - let params = CertificateParams::from_ca_cert_pem(CA_CRT, key)?; - let ca_cert = Certificate::from_params(params)?; - - let mut params = CertificateParams::default(); - params - .subject_alt_names - .push(SanType::IpAddress("127.0.0.1".parse().unwrap())); - params - .subject_alt_names - .push(SanType::IpAddress("0.0.0.0".parse().unwrap())); - params - .subject_alt_names - .push(SanType::DnsName("localhost".to_string())); - - // Generate a certificate that's valid for: - // 1. localhost - // 2. 127.0.0.1 - let gen_cert = Certificate::from_params(params)?; - let server_crt = Secret::new(gen_cert.serialize_pem_with_signer(&ca_cert)?); - let server_key = Secret::new(gen_cert.serialize_private_key_pem()); - Ok((server_crt, server_key)) -}