From e0c99bced451077f5c975646b5ff264267d72bbb Mon Sep 17 00:00:00 2001 From: houseme Date: Thu, 7 Aug 2025 19:02:09 +0800 Subject: [PATCH] chore: add tls log and removing unused crates (#359) * chore: add tls log * improve code for http * improve code dependencies for `cargo.toml` and removing unused crates * modify name * improve code * fix * Update crates/config/src/constants/env.rs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * improve code * fix * add `is_enabled` and `is_disabled` --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- Cargo.lock | 69 +------- Cargo.toml | 8 +- crates/ahm/Cargo.toml | 10 -- crates/checksums/Cargo.toml | 7 - crates/config/src/constants/env.rs | 262 +++++++++++++++++++++++++++++ crates/config/src/constants/mod.rs | 1 + crates/config/src/constants/tls.rs | 15 ++ crates/config/src/lib.rs | 2 + crates/ecstore/Cargo.toml | 3 +- crates/lock/Cargo.toml | 3 - crates/notify/src/registry.rs | 18 +- crates/rio/Cargo.toml | 1 - crates/signer/Cargo.toml | 3 - crates/utils/src/certs.rs | 14 +- rustfs/Cargo.toml | 5 - rustfs/src/server/http.rs | 45 ++--- 16 files changed, 322 insertions(+), 144 deletions(-) create mode 100644 crates/config/src/constants/tls.rs diff --git a/Cargo.lock b/Cargo.lock index 43157a85..eaba4ddc 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -788,7 +788,7 @@ dependencies = [ "http 0.2.12", "http 1.3.1", "http-body 0.4.6", - "lru 0.12.5", + "lru", "percent-encoding", "regex-lite", "sha2 0.10.9", @@ -5564,15 +5564,6 @@ dependencies = [ "hashbrown 0.15.4", ] -[[package]] -name = "lru" -version = "0.16.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "86ea4e65087ff52f3862caff188d489f1fab49a0cb09e01b2e3f1a617b10aaed" -dependencies = [ - "hashbrown 0.15.4", -] - [[package]] name = "lru-slab" version = "0.1.2" @@ -8117,30 +8108,21 @@ version = "0.0.5" dependencies = [ "anyhow", "async-trait", - "bytes", "chrono", "futures", - "lazy_static", - "once_cell", - "rmp-serde", "rustfs-common", "rustfs-ecstore", "rustfs-filemeta", - "rustfs-lock", "rustfs-madmin", - "rustfs-utils", "serde", "serde_json", "serial_test", "tempfile", "thiserror 2.0.12", - "time", "tokio", - "tokio-test", "tokio-util", "tracing", "tracing-subscriber", - "url", "uuid", "walkdir", ] @@ -8161,19 +8143,12 @@ version = "0.0.5" dependencies = [ "base64-simd", "bytes", - "bytes-utils", "crc-fast", - "hex", "http 1.3.1", - "http-body 1.0.1", "md-5", - "pin-project-lite", "pretty_assertions", "sha1 0.10.6", "sha2 0.10.9", - "tokio", - "tracing", - "tracing-test", ] [[package]] @@ -8249,7 +8224,6 @@ dependencies = [ "num_cpus", "once_cell", "path-absolutize", - "path-clean", "pin-project-lite", "quick-xml 0.38.0", "rand 0.9.2", @@ -8367,10 +8341,7 @@ dependencies = [ "async-trait", "bytes", "futures", - "lazy_static", - "lru 0.16.0", "once_cell", - "rand 0.9.2", "rustfs-protos", "serde", "serde_json", @@ -8521,7 +8492,6 @@ dependencies = [ "serde", "serde_json", "tokio", - "tokio-test", "tokio-util", ] @@ -8600,12 +8570,9 @@ dependencies = [ "bytes", "http 1.3.1", "hyper 1.6.0", - "rand 0.9.2", "rustfs-utils", "s3s", - "serde", "serde_urlencoded", - "tempfile", "time", "tracing", ] @@ -10311,19 +10278,6 @@ dependencies = [ "xattr", ] -[[package]] -name = "tokio-test" -version = "0.4.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2468baabc3311435b55dd935f702f42cd1b8abb7e754fb7dfb16bd36aa88f9f7" -dependencies = [ - "async-stream", - "bytes", - "futures-core", - "tokio", - "tokio-stream", -] - [[package]] name = "tokio-util" version = "0.7.15" @@ -10668,27 +10622,6 @@ dependencies = [ "tracing-serde", ] -[[package]] -name = "tracing-test" -version = "0.2.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "557b891436fe0d5e0e363427fc7f217abf9ccd510d5136549847bdcbcd011d68" -dependencies = [ - "tracing-core", - "tracing-subscriber", - "tracing-test-macro", -] - -[[package]] -name = "tracing-test-macro" -version = "0.2.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "04659ddb06c87d233c566112c1c9c5b9e98256d9af50ec3bc9c8327f873a7568" -dependencies = [ - "quote", - "syn 2.0.104", -] - [[package]] name = "tracing-wasm" version = "0.2.1" diff --git a/Cargo.toml b/Cargo.toml index b934055a..0cd9af8d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -102,15 +102,12 @@ atomic_enum = "0.3.0" aws-config = { version = "1.8.3" } aws-sdk-s3 = "1.100.0" axum = "0.8.4" -axum-extra = "0.10.1" -axum-server = { version = "0.7.2", features = ["tls-rustls"] } base64-simd = "0.8.0" base64 = "0.22.1" brotli = "8.0.1" bytes = { version = "1.10.1", features = ["serde"] } bytesize = "2.0.1" byteorder = "1.5.0" -bytes-utils = "0.1.4" cfg-if = "1.0.1" crc-fast = "1.3.0" chacha20poly1305 = { version = "0.10.1" } @@ -156,7 +153,6 @@ keyring = { version = "3.6.3", features = [ ] } lazy_static = "1.5.0" libsystemd = { version = "0.7.2" } -lru = "0.16" local-ip-address = "0.6.5" lz4 = "1.28.1" matchit = "0.8.4" @@ -253,7 +249,6 @@ tokio = { version = "1.47.1", features = ["fs", "rt-multi-thread"] } tokio-rustls = { version = "0.26.2", default-features = false } tokio-stream = { version = "0.1.17" } tokio-tar = "0.3.1" -tokio-test = "0.4.4" tokio-util = { version = "0.7.15", features = ["io", "compat"] } tonic = { version = "0.14.0", features = ["gzip"] } tonic-prost = { version = "0.14.0" } @@ -266,7 +261,6 @@ tracing-core = "0.1.34" tracing-error = "0.2.1" tracing-opentelemetry = "0.31.0" tracing-subscriber = { version = "0.3.19", features = ["env-filter", "time"] } -tracing-test = "0.2.5" transform-stream = "0.3.1" url = "2.5.4" urlencoding = "2.1.3" @@ -283,7 +277,7 @@ zstd = "0.13.3" [workspace.metadata.cargo-shear] -ignored = ["rustfs", "rust-i18n"] +ignored = ["rustfs", "rust-i18n", "rustfs-mcp"] [profile.wasm-dev] inherits = "dev" diff --git a/crates/ahm/Cargo.toml b/crates/ahm/Cargo.toml index 8446f580..affb423a 100644 --- a/crates/ahm/Cargo.toml +++ b/crates/ahm/Cargo.toml @@ -17,31 +17,21 @@ rustfs-ecstore = { workspace = true } rustfs-common = { workspace = true } rustfs-filemeta = { workspace = true } rustfs-madmin = { workspace = true } -rustfs-utils = { workspace = true } tokio = { workspace = true, features = ["full"] } tokio-util = { workspace = true } tracing = { workspace = true } serde = { workspace = true, features = ["derive"] } serde_json = { workspace = true } thiserror = { workspace = true } -bytes = { workspace = true } -time = { workspace = true, features = ["serde"] } uuid = { workspace = true, features = ["v4", "serde"] } anyhow = { workspace = true } async-trait = { workspace = true } futures = { workspace = true } -url = { workspace = true } -rustfs-lock = { workspace = true } - -lazy_static = { workspace = true } chrono = { workspace = true } [dev-dependencies] -rmp-serde = { workspace = true } -tokio-test = { workspace = true } serde_json = { workspace = true } serial_test = "3.2.0" -once_cell = { workspace = true } tracing-subscriber = { workspace = true } walkdir = "2.5.0" tempfile = { workspace = true } diff --git a/crates/checksums/Cargo.toml b/crates/checksums/Cargo.toml index 09139f04..14840a9e 100644 --- a/crates/checksums/Cargo.toml +++ b/crates/checksums/Cargo.toml @@ -28,18 +28,11 @@ documentation = "https://docs.rs/rustfs-signer/latest/rustfs_checksum/" [dependencies] bytes = { workspace = true } crc-fast = { workspace = true } -hex = { workspace = true } http = { workspace = true } -http-body = { workspace = true } base64-simd = { workspace = true } md-5 = { workspace = true } -pin-project-lite = { workspace = true } sha1 = { workspace = true } sha2 = { workspace = true } -tracing = { workspace = true } [dev-dependencies] -bytes-utils = { workspace = true } pretty_assertions = { workspace = true } -tracing-test = { workspace = true } -tokio = { workspace = true, features = ["macros", "rt"] } \ No newline at end of file diff --git a/crates/config/src/constants/env.rs b/crates/config/src/constants/env.rs index 490a747e..22eae738 100644 --- a/crates/config/src/constants/env.rs +++ b/crates/config/src/constants/env.rs @@ -19,3 +19,265 @@ pub const ENV_WORD_DELIMITER: &str = "_"; /// Medium-drawn lines separator /// This is used to separate words in environment variable names. pub const ENV_WORD_DELIMITER_DASH: &str = "-"; + +#[derive(Debug, PartialEq, Eq, Clone, Copy, Default)] +pub enum EnableState { + True, + False, + #[default] + Empty, + Yes, + No, + On, + Off, + Enabled, + Disabled, + Ok, + NotOk, + Success, + Failure, + Active, + Inactive, + One, + Zero, +} +impl std::fmt::Display for EnableState { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + f.write_str(self.as_str()) + } +} +impl std::str::FromStr for EnableState { + type Err = (); + fn from_str(s: &str) -> Result { + match s.trim() { + s if s.eq_ignore_ascii_case("true") => Ok(EnableState::True), + s if s.eq_ignore_ascii_case("false") => Ok(EnableState::False), + "" => Ok(EnableState::Empty), + s if s.eq_ignore_ascii_case("yes") => Ok(EnableState::Yes), + s if s.eq_ignore_ascii_case("no") => Ok(EnableState::No), + s if s.eq_ignore_ascii_case("on") => Ok(EnableState::On), + s if s.eq_ignore_ascii_case("off") => Ok(EnableState::Off), + s if s.eq_ignore_ascii_case("enabled") => Ok(EnableState::Enabled), + s if s.eq_ignore_ascii_case("disabled") => Ok(EnableState::Disabled), + s if s.eq_ignore_ascii_case("ok") => Ok(EnableState::Ok), + s if s.eq_ignore_ascii_case("not_ok") => Ok(EnableState::NotOk), + s if s.eq_ignore_ascii_case("success") => Ok(EnableState::Success), + s if s.eq_ignore_ascii_case("failure") => Ok(EnableState::Failure), + s if s.eq_ignore_ascii_case("active") => Ok(EnableState::Active), + s if s.eq_ignore_ascii_case("inactive") => Ok(EnableState::Inactive), + "1" => Ok(EnableState::One), + "0" => Ok(EnableState::Zero), + _ => Err(()), + } + } +} + +impl EnableState { + /// Returns the default value for the enum. + pub fn get_default() -> Self { + Self::default() + } + /// Returns the string representation of the enum. + pub fn as_str(&self) -> &str { + match self { + EnableState::True => "true", + EnableState::False => "false", + EnableState::Empty => "", + EnableState::Yes => "yes", + EnableState::No => "no", + EnableState::On => "on", + EnableState::Off => "off", + EnableState::Enabled => "enabled", + EnableState::Disabled => "disabled", + EnableState::Ok => "ok", + EnableState::NotOk => "not_ok", + EnableState::Success => "success", + EnableState::Failure => "failure", + EnableState::Active => "active", + EnableState::Inactive => "inactive", + EnableState::One => "1", + EnableState::Zero => "0", + } + } + + /// is_enabled checks if the state represents an enabled condition. + pub fn is_enabled(self) -> bool { + matches!( + self, + EnableState::True + | EnableState::Yes + | EnableState::On + | EnableState::Enabled + | EnableState::Ok + | EnableState::Success + | EnableState::Active + | EnableState::One + ) + } + + /// is_disabled checks if the state represents a disabled condition. + pub fn is_disabled(self) -> bool { + matches!( + self, + EnableState::False + | EnableState::No + | EnableState::Off + | EnableState::Disabled + | EnableState::NotOk + | EnableState::Failure + | EnableState::Inactive + | EnableState::Zero + | EnableState::Empty + ) + } +} + +#[cfg(test)] +mod tests { + use super::*; + use std::str::FromStr; + #[test] + fn test_enable_state_display_and_fromstr() { + let cases = [ + (EnableState::True, "true"), + (EnableState::False, "false"), + (EnableState::Empty, ""), + (EnableState::Yes, "yes"), + (EnableState::No, "no"), + (EnableState::On, "on"), + (EnableState::Off, "off"), + (EnableState::Enabled, "enabled"), + (EnableState::Disabled, "disabled"), + (EnableState::Ok, "ok"), + (EnableState::NotOk, "not_ok"), + (EnableState::Success, "success"), + (EnableState::Failure, "failure"), + (EnableState::Active, "active"), + (EnableState::Inactive, "inactive"), + (EnableState::One, "1"), + (EnableState::Zero, "0"), + ]; + for (variant, string) in cases.iter() { + assert_eq!(&variant.to_string(), string); + assert_eq!(EnableState::from_str(string).unwrap(), *variant); + } + // Test invalid string + assert!(EnableState::from_str("invalid").is_err()); + } + #[test] + fn test_enable_state_enum() { + let cases = [ + (EnableState::True, "true"), + (EnableState::False, "false"), + (EnableState::Empty, ""), + (EnableState::Yes, "yes"), + (EnableState::No, "no"), + (EnableState::On, "on"), + (EnableState::Off, "off"), + (EnableState::Enabled, "enabled"), + (EnableState::Disabled, "disabled"), + (EnableState::Ok, "ok"), + (EnableState::NotOk, "not_ok"), + (EnableState::Success, "success"), + (EnableState::Failure, "failure"), + (EnableState::Active, "active"), + (EnableState::Inactive, "inactive"), + (EnableState::One, "1"), + (EnableState::Zero, "0"), + ]; + for (variant, string) in cases.iter() { + assert_eq!(variant.to_string(), *string); + } + } + + #[test] + fn test_enable_state_enum_from_str() { + let cases = [ + ("true", EnableState::True), + ("false", EnableState::False), + ("", EnableState::Empty), + ("yes", EnableState::Yes), + ("no", EnableState::No), + ("on", EnableState::On), + ("off", EnableState::Off), + ("enabled", EnableState::Enabled), + ("disabled", EnableState::Disabled), + ("ok", EnableState::Ok), + ("not_ok", EnableState::NotOk), + ("success", EnableState::Success), + ("failure", EnableState::Failure), + ("active", EnableState::Active), + ("inactive", EnableState::Inactive), + ("1", EnableState::One), + ("0", EnableState::Zero), + ]; + for (string, variant) in cases.iter() { + assert_eq!(EnableState::from_str(string).unwrap(), *variant); + } + } + + #[test] + fn test_enable_state_default() { + let default_state = EnableState::get_default(); + assert_eq!(default_state, EnableState::Empty); + assert_eq!(default_state.as_str(), ""); + } + + #[test] + fn test_enable_state_as_str() { + let cases = [ + (EnableState::True, "true"), + (EnableState::False, "false"), + (EnableState::Empty, ""), + (EnableState::Yes, "yes"), + (EnableState::No, "no"), + (EnableState::On, "on"), + (EnableState::Off, "off"), + (EnableState::Enabled, "enabled"), + (EnableState::Disabled, "disabled"), + (EnableState::Ok, "ok"), + (EnableState::NotOk, "not_ok"), + (EnableState::Success, "success"), + (EnableState::Failure, "failure"), + (EnableState::Active, "active"), + (EnableState::Inactive, "inactive"), + (EnableState::One, "1"), + (EnableState::Zero, "0"), + ]; + for (variant, string) in cases.iter() { + assert_eq!(variant.as_str(), *string); + } + } + + #[test] + fn test_enable_state_is_enabled() { + let enabled_states = [ + EnableState::True, + EnableState::Yes, + EnableState::On, + EnableState::Enabled, + EnableState::Ok, + EnableState::Success, + EnableState::Active, + EnableState::One, + ]; + for state in enabled_states.iter() { + assert!(state.is_enabled()); + } + + let disabled_states = [ + EnableState::False, + EnableState::No, + EnableState::Off, + EnableState::Disabled, + EnableState::NotOk, + EnableState::Failure, + EnableState::Inactive, + EnableState::Zero, + EnableState::Empty, + ]; + for state in disabled_states.iter() { + assert!(state.is_disabled()); + } + } +} diff --git a/crates/config/src/constants/mod.rs b/crates/config/src/constants/mod.rs index 6e990e6b..aecd55b5 100644 --- a/crates/config/src/constants/mod.rs +++ b/crates/config/src/constants/mod.rs @@ -14,3 +14,4 @@ pub(crate) mod app; pub(crate) mod env; +pub(crate) mod tls; diff --git a/crates/config/src/constants/tls.rs b/crates/config/src/constants/tls.rs new file mode 100644 index 00000000..cfda42e2 --- /dev/null +++ b/crates/config/src/constants/tls.rs @@ -0,0 +1,15 @@ +// Copyright 2024 RustFS Team +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +pub const ENV_TLS_KEYLOG: &str = "RUSTFS_TLS_KEYLOG"; diff --git a/crates/config/src/lib.rs b/crates/config/src/lib.rs index 558b56a6..1c2afecd 100644 --- a/crates/config/src/lib.rs +++ b/crates/config/src/lib.rs @@ -18,6 +18,8 @@ pub mod constants; pub use constants::app::*; #[cfg(feature = "constants")] pub use constants::env::*; +#[cfg(feature = "constants")] +pub use constants::tls::*; #[cfg(feature = "notify")] pub mod notify; #[cfg(feature = "observability")] diff --git a/crates/ecstore/Cargo.toml b/crates/ecstore/Cargo.toml index 307b06ac..1e3d815e 100644 --- a/crates/ecstore/Cargo.toml +++ b/crates/ecstore/Cargo.toml @@ -69,7 +69,6 @@ hmac = { workspace = true } sha1 = { workspace = true } sha2 = { workspace = true } hex-simd = { workspace = true } -path-clean = { workspace = true } tempfile.workspace = true hyper.workspace = true hyper-util.workspace = true @@ -123,4 +122,4 @@ harness = false [[bench]] name = "comparison_benchmark" -harness = false \ No newline at end of file +harness = false diff --git a/crates/lock/Cargo.toml b/crates/lock/Cargo.toml index cb0a8ee9..d6efed91 100644 --- a/crates/lock/Cargo.toml +++ b/crates/lock/Cargo.toml @@ -32,9 +32,7 @@ workspace = true async-trait.workspace = true bytes.workspace = true futures.workspace = true -lazy_static.workspace = true rustfs-protos.workspace = true -rand.workspace = true serde.workspace = true serde_json.workspace = true tokio.workspace = true @@ -44,4 +42,3 @@ url.workspace = true uuid.workspace = true thiserror.workspace = true once_cell.workspace = true -lru.workspace = true diff --git a/crates/notify/src/registry.rs b/crates/notify/src/registry.rs index f6a346cf..a65a9202 100644 --- a/crates/notify/src/registry.rs +++ b/crates/notify/src/registry.rs @@ -19,7 +19,7 @@ use crate::{ target::Target, }; use futures::stream::{FuturesUnordered, StreamExt}; -use rustfs_config::notify::{ENABLE_KEY, ENABLE_ON, NOTIFY_ROUTE_PREFIX}; +use rustfs_config::notify::{ENABLE_KEY, NOTIFY_ROUTE_PREFIX}; use rustfs_config::{DEFAULT_DELIMITER, ENV_PREFIX}; use rustfs_ecstore::config::{Config, KVS}; use std::collections::{HashMap, HashSet}; @@ -111,10 +111,10 @@ impl TargetRegistry { // 3.1. Instance discovery: Based on the '..._ENABLE_INSTANCEID' format let enable_prefix = format!("{ENV_PREFIX}{NOTIFY_ROUTE_PREFIX}{target_type}_{ENABLE_KEY}_").to_uppercase(); for (key, value) in &all_env { - if value.eq_ignore_ascii_case(ENABLE_ON) - || value.eq_ignore_ascii_case("true") - || value.eq_ignore_ascii_case("1") - || value.eq_ignore_ascii_case("yes") + if value.eq_ignore_ascii_case(rustfs_config::EnableState::One.as_str()) + || value.eq_ignore_ascii_case(rustfs_config::EnableState::On.as_str()) + || value.eq_ignore_ascii_case(rustfs_config::EnableState::True.as_str()) + || value.eq_ignore_ascii_case(rustfs_config::EnableState::Yes.as_str()) { if let Some(id) = key.strip_prefix(&enable_prefix) { if !id.is_empty() { @@ -202,10 +202,10 @@ impl TargetRegistry { let enabled = merged_config .lookup(ENABLE_KEY) .map(|v| { - v.eq_ignore_ascii_case(ENABLE_ON) - || v.eq_ignore_ascii_case("true") - || v.eq_ignore_ascii_case("1") - || v.eq_ignore_ascii_case("yes") + v.eq_ignore_ascii_case(rustfs_config::EnableState::One.as_str()) + || v.eq_ignore_ascii_case(rustfs_config::EnableState::On.as_str()) + || v.eq_ignore_ascii_case(rustfs_config::EnableState::True.as_str()) + || v.eq_ignore_ascii_case(rustfs_config::EnableState::Yes.as_str()) }) .unwrap_or(false); diff --git a/crates/rio/Cargo.toml b/crates/rio/Cargo.toml index 875b5fc2..07aca90e 100644 --- a/crates/rio/Cargo.toml +++ b/crates/rio/Cargo.toml @@ -45,4 +45,3 @@ serde_json.workspace = true md-5 = { workspace = true } [dev-dependencies] -tokio-test = { workspace = true } diff --git a/crates/signer/Cargo.toml b/crates/signer/Cargo.toml index d1622a3b..6613ab6e 100644 --- a/crates/signer/Cargo.toml +++ b/crates/signer/Cargo.toml @@ -31,14 +31,11 @@ bytes = { workspace = true } http.workspace = true time.workspace = true hyper.workspace = true -serde.workspace = true serde_urlencoded.workspace = true rustfs-utils = { workspace = true, features = ["full"] } s3s.workspace = true [dev-dependencies] -tempfile = { workspace = true } -rand = { workspace = true } [lints] workspace = true diff --git a/crates/utils/src/certs.rs b/crates/utils/src/certs.rs index c89b9cfd..b0c3a118 100644 --- a/crates/utils/src/certs.rs +++ b/crates/utils/src/certs.rs @@ -21,7 +21,7 @@ use std::collections::HashMap; use std::io::Error; use std::path::Path; use std::sync::Arc; -use std::{fs, io}; +use std::{env, fs, io}; use tracing::{debug, warn}; /// Load public certificate from file. @@ -194,6 +194,18 @@ pub fn create_multi_cert_resolver( }) } +/// Checks if TLS key logging is enabled. +pub fn tls_key_log() -> bool { + env::var(rustfs_config::ENV_TLS_KEYLOG) + .map(|v| { + v.eq_ignore_ascii_case(rustfs_config::EnableState::One.as_str()) + || v.eq_ignore_ascii_case(rustfs_config::EnableState::On.as_str()) + || v.eq_ignore_ascii_case(rustfs_config::EnableState::True.as_str()) + || v.eq_ignore_ascii_case(rustfs_config::EnableState::Yes.as_str()) + }) + .unwrap_or(false) +} + #[cfg(test)] mod tests { use super::*; diff --git a/rustfs/Cargo.toml b/rustfs/Cargo.toml index db51a8e6..6d753eff 100644 --- a/rustfs/Cargo.toml +++ b/rustfs/Cargo.toml @@ -33,11 +33,6 @@ path = "src/main.rs" [lints] workspace = true -[features] -default = [] -tls_fallback = [] -full = ["tls_fallback"] - [dependencies] rustfs-ahm = { workspace = true } rustfs-zip = { workspace = true } diff --git a/rustfs/src/server/http.rs b/rustfs/src/server/http.rs index 70ba5c38..76dadeac 100644 --- a/rustfs/src/server/http.rs +++ b/rustfs/src/server/http.rs @@ -60,9 +60,6 @@ pub async fn start_http_server( let server_port = server_addr.port(); let server_address = server_addr.to_string(); - // The listening address and port are obtained from the parameters - // let listener = TcpListener::bind(server_address.clone()).await?; - // The listening address and port are obtained from the parameters let listener = { let mut server_addr = server_addr; @@ -310,7 +307,9 @@ async fn setup_tls_acceptor(tls_path: &str) -> Result> { server_config.alpn_protocols = vec![b"h2".to_vec(), b"http/1.1".to_vec(), b"http/1.0".to_vec()]; // Log SNI requests - server_config.key_log = Arc::new(rustls::KeyLogFile::new()); + if rustfs_utils::tls_key_log() { + server_config.key_log = Arc::new(rustls::KeyLogFile::new()); + } return Ok(Some(TlsAcceptor::from(Arc::new(server_config)))); } @@ -333,7 +332,9 @@ async fn setup_tls_acceptor(tls_path: &str) -> Result> { server_config.alpn_protocols = vec![b"h2".to_vec(), b"http/1.1".to_vec(), b"http/1.0".to_vec()]; // Log SNI requests - server_config.key_log = Arc::new(rustls::KeyLogFile::new()); + if rustfs_utils::tls_key_log() { + server_config.key_log = Arc::new(rustls::KeyLogFile::new()); + } return Ok(Some(TlsAcceptor::from(Arc::new(server_config)))); } @@ -431,45 +432,33 @@ fn process_connection( Err(err) => { // Detailed analysis of the reasons why the TLS handshake fails let err_str = err.to_string(); + let mut key_failure_type_str: &str = "UNKNOWN"; if err_str.contains("unexpected EOF") || err_str.contains("handshake eof") { - info!( peer_addr = %peer_addr,"TLS handshake failed with EOF, attempting fallback to HTTP: {}", err); - - // Try falling back the connection to HTTP mode (this feature is only enabled in specific environments) - #[cfg(feature = "tls_fallback")] - { - // Since the original connection has been consumed, a new connection needs to be accepted - match TcpStream::connect(peer_addr.clone()).await { - Ok(new_socket) => { - debug!("Successfully reconnected to client for HTTP fallback"); - let stream = TokioIo::new(new_socket); - let conn = http_server.serve_connection(stream, hybrid_service); - if let Err(err) = graceful.watch(conn).await { - handle_connection_error(&*err); - } - return; - } - Err(e) => { - error!("Failed to reconnect for HTTP fallback: {}", e); - } - } - } + warn!(peer_addr = %peer_addr, "TLS handshake failed. If this client needs HTTP, it should connect to the HTTP port instead"); + key_failure_type_str = "UNEXPECTED_EOF"; } else if err_str.contains("protocol version") { error!( peer_addr = %peer_addr, "TLS handshake failed due to protocol version mismatch: {}", err ); + key_failure_type_str = "PROTOCOL_VERSION"; } else if err_str.contains("certificate") { error!( peer_addr = %peer_addr, "TLS handshake failed due to certificate issues: {}", err ); + key_failure_type_str = "CERTIFICATE"; } else { error!( peer_addr = %peer_addr, "TLS handshake failed: {}", err ); } - + info!( + counter.rustfs_tls_handshake_failures = 1_u64, + key_failure_type = key_failure_type_str, + "TLS handshake failure metric" + ); // Record detailed diagnostic information debug!( peer_addr = %peer_addr, @@ -478,7 +467,7 @@ fn process_connection( "TLS handshake failure details" ); - return; // End the mission + return; } } debug!("TLS handshake success");