From da6dd184db9523b329c403bbc6c727654ef9f322 Mon Sep 17 00:00:00 2001 From: Brandon Williams Date: Wed, 24 Jul 2024 09:54:42 -0500 Subject: [PATCH] chore: update hyper et al Update a number of http related libraries, including but not limited to: - hyper - rustls - axum --- Cargo.lock | 594 +++++++++--------- Cargo.toml | 44 +- consensus/core/Cargo.toml | 1 + consensus/core/src/network/tonic_network.rs | 31 +- consensus/core/src/network/tonic_tls.rs | 1 + crates/mysten-metrics/src/lib.rs | 4 +- crates/mysten-network/src/server.rs | 8 +- crates/mysten-service/src/service.rs | 8 +- .../mysten-service/tests/integration_test.rs | 5 +- crates/sui-bridge/src/server/mock_handler.rs | 14 +- crates/sui-bridge/src/server/mod.rs | 11 +- .../traffic_controller/nodefw_test_server.rs | 11 +- crates/sui-faucet/src/server.rs | 5 +- .../tests/call/simple.exp | 4 +- crates/sui-graphql-rpc/Cargo.toml | 1 + .../schema/current_progress_schema.graphql | 2 + crates/sui-graphql-rpc/src/server/builder.rs | 41 +- crates/sui-graphql-rpc/src/server/version.rs | 19 +- .../snapshot_tests__schema_sdl_export.snap | 2 + crates/sui-indexer/src/metrics.rs | 6 +- .../sui-json-rpc-tests/tests/routing_tests.rs | 3 +- crates/sui-json-rpc/Cargo.toml | 1 + crates/sui-json-rpc/src/axum_router.rs | 9 +- crates/sui-json-rpc/src/lib.rs | 19 +- crates/sui-json-rpc/src/metrics.rs | 2 +- crates/sui-node/src/admin.rs | 11 +- crates/sui-node/src/lib.rs | 16 +- crates/sui-proxy/Cargo.toml | 2 +- crates/sui-proxy/src/admin.rs | 14 +- crates/sui-proxy/src/histogram_relay.rs | 10 +- crates/sui-proxy/src/lib.rs | 8 +- crates/sui-proxy/src/metrics.rs | 10 +- crates/sui-proxy/src/middleware.rs | 33 +- crates/sui-rest-api/Cargo.toml | 2 +- crates/sui-rest-api/src/accept.rs | 6 +- crates/sui-rest-api/src/lib.rs | 10 +- crates/sui-rest-api/src/response.rs | 10 +- crates/sui-rosetta/src/lib.rs | 21 +- crates/sui-rosetta/src/main.rs | 6 +- crates/sui-rosetta/tests/rosetta_client.rs | 16 +- .../sui-source-validation-service/Cargo.toml | 2 +- .../sui-source-validation-service/src/lib.rs | 30 +- .../sui-source-validation-service/src/main.rs | 2 +- .../tests/tests.rs | 3 +- crates/sui-storage/Cargo.toml | 1 + crates/sui-storage/tests/key_value_tests.rs | 60 +- crates/sui-swarm/src/memory/container.rs | 7 +- crates/sui-swarm/src/memory/node.rs | 1 + crates/sui-swarm/src/memory/swarm.rs | 2 + crates/sui-tls/src/acceptor.rs | 5 +- crates/sui-tls/src/certgen.rs | 71 +-- crates/sui-tls/src/lib.rs | 53 +- crates/sui-tls/src/verifier.rs | 170 +++-- crates/suiop-cli/src/cli/lib/oauth/mod.rs | 5 +- deny.toml | 5 - narwhal/network/Cargo.toml | 1 - narwhal/network/src/admin.rs | 22 +- narwhal/node/src/metrics.rs | 6 +- .../tests/nodes_bootstrapping_tests.rs | 7 +- 59 files changed, 765 insertions(+), 709 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 272aa06ace5f6..56bf0f8753d44 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -176,7 +176,7 @@ dependencies = [ "quinn", "quinn-proto", "rand 0.8.5", - "rcgen 0.13.1", + "rcgen", "ring 0.17.3", "rustls 0.23.12", "rustls-webpki 0.102.6", @@ -828,38 +828,27 @@ dependencies = [ "wait-timeout", ] -[[package]] -name = "async-compression" -version = "0.3.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "942c7cd7ae39e91bde4820d74132e9862e62c2f386c3aa90ccf55949f5bad63a" -dependencies = [ - "brotli 3.3.4", - "flate2", - "futures-core", - "memchr", - "pin-project-lite", - "tokio", -] - [[package]] name = "async-compression" version = "0.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a116f46a969224200a0a97f29cfd4c50e7534e4b4826bd23ea2c3c533039c82c" dependencies = [ + "brotli 3.3.4", "flate2", "futures-core", "memchr", "pin-project-lite", "tokio", + "zstd 0.13.0", + "zstd-safe 7.0.0", ] [[package]] name = "async-graphql" -version = "6.0.7" +version = "7.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1addb0b551c59640e15de99e7566a4e3a1186cf42269e160c485ba6d8b43fe30" +checksum = "b16926f97f683ff3b47b035cc79622f3d6a374730b07a5d9051e81e88b5f1904" dependencies = [ "async-graphql-derive", "async-graphql-parser", @@ -875,20 +864,20 @@ dependencies = [ "futures-timer", "futures-util", "handlebars", - "http 0.2.9", + "http 1.1.0", "indexmap 2.2.6", "lru 0.7.8", "mime", "multer", "num-traits", "once_cell", - "opentelemetry 0.19.0", + "opentelemetry 0.21.0", "pin-project-lite", "regex", "serde", "serde_json", "serde_urlencoded", - "static_assertions", + "static_assertions_next", "tempfile", "thiserror", "tracing", @@ -897,13 +886,13 @@ dependencies = [ [[package]] name = "async-graphql-axum" -version = "6.0.7" +version = "7.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c21af134ab9419aae6658298f819a28e4737ac81f96cde8008f9d49db1802662" +checksum = "de3415c9dbaf54397292da0bb81a907e2b989661ce068e4ccfebac33dc9e245e" dependencies = [ "async-graphql", "async-trait", - "axum", + "axum 0.7.5", "bytes", "futures-util", "serde_json", @@ -915,9 +904,9 @@ dependencies = [ [[package]] name = "async-graphql-derive" -version = "6.0.7" +version = "7.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e1121ff0be2feea705c24f6940162c4f14a077e50a217b16e091e6534a8c08a" +checksum = "a6a7349168b79030e3172a620f4f0e0062268a954604e41475eff082380fe505" dependencies = [ "Inflector", "async-graphql-parser", @@ -932,9 +921,9 @@ dependencies = [ [[package]] name = "async-graphql-parser" -version = "6.0.7" +version = "7.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e0b6713fd4ffd610b8b6f6e911bf31277cbb84b7c2a9cdeeb39d1b3eed3b88e4" +checksum = "58fdc0adf9f53c2b65bb0ff5170cba1912299f248d0e48266f444b6f005deb1d" dependencies = [ "async-graphql-value", "pest", @@ -944,9 +933,9 @@ dependencies = [ [[package]] name = "async-graphql-value" -version = "6.0.7" +version = "7.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f7d74240f9daa8c1e8f73e9cfcc338d20a88d00bbeb83ded49ce8e5b4dcec0f5" +checksum = "7cf4d4e86208f4f9b81a503943c07e6e7f29ad3505e6c9ce6431fe64dc241681" dependencies = [ "bytes", "indexmap 2.2.6", @@ -1552,12 +1541,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3b829e4e32b91e643de6eafe82b1d90675f5874230191a4ffbc1b336dec4d6bf" dependencies = [ "async-trait", - "axum-core", - "base64 0.21.2", + "axum-core 0.3.4", "bitflags 1.3.2", "bytes", "futures-util", - "headers", "http 0.2.9", "http-body 0.4.5", "hyper 0.14.26", @@ -1569,16 +1556,47 @@ dependencies = [ "pin-project-lite", "rustversion", "serde", + "sync_wrapper 0.1.2", + "tower", + "tower-layer", + "tower-service", +] + +[[package]] +name = "axum" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3a6c9af12842a67734c9a2e355436e5d03b22383ed60cf13cd0c18fbfe3dcbcf" +dependencies = [ + "async-trait", + "axum-core 0.4.3", + "base64 0.21.7", + "bytes", + "futures-util", + "http 1.1.0", + "http-body 1.0.1", + "http-body-util", + "hyper 1.4.1", + "hyper-util", + "itoa", + "matchit 0.7.0", + "memchr", + "mime", + "percent-encoding", + "pin-project-lite", + "rustversion", + "serde", "serde_json", "serde_path_to_error", "serde_urlencoded", "sha1", - "sync_wrapper 0.1.2", + "sync_wrapper 1.0.1", "tokio", "tokio-tungstenite", "tower", "tower-layer", "tower-service", + "tracing", ] [[package]] @@ -1598,42 +1616,70 @@ dependencies = [ "tower-service", ] +[[package]] +name = "axum-core" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a15c63fd72d41492dc4f497196f5da1fb04fb7529e631d73630d1b491e47a2e3" +dependencies = [ + "async-trait", + "bytes", + "futures-util", + "http 1.1.0", + "http-body 1.0.1", + "http-body-util", + "mime", + "pin-project-lite", + "rustversion", + "sync_wrapper 0.1.2", + "tower-layer", + "tower-service", + "tracing", +] + [[package]] name = "axum-extra" -version = "0.4.2" +version = "0.9.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f9a320103719de37b7b4da4c8eb629d4573f6bcfd3dfe80d3208806895ccf81d" +checksum = "0be6ea09c9b96cb5076af0de2e383bd2bc0c18f827cf1967bdd353e0b910d733" dependencies = [ - "axum", + "axum 0.7.5", + "axum-core 0.4.3", "bytes", "futures-util", - "http 0.2.9", + "headers", + "http 1.1.0", + "http-body 1.0.1", + "http-body-util", "mime", "pin-project-lite", - "tokio", + "serde", "tower", - "tower-http", "tower-layer", "tower-service", + "tracing", ] [[package]] name = "axum-server" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "447f28c85900215cc1bea282f32d4a2f22d55c5a300afdfbc661c8d6a632e063" +version = "0.6.1" +source = "git+https://github.com/bmwill/axum-server.git?rev=f44323e271afdd1365fd0c8b0a4c0bbdf4956cb7#f44323e271afdd1365fd0c8b0a4c0bbdf4956cb7" dependencies = [ "arc-swap", "bytes", "futures-util", - "http 0.2.9", - "http-body 0.4.5", - "hyper 0.14.26", + "http 1.1.0", + "http-body 1.0.1", + "http-body-util", + "hyper 1.4.1", + "hyper-util", "pin-project-lite", - "rustls 0.21.12", - "rustls-pemfile 1.0.2", + "rustls 0.23.12", + "rustls-pemfile 2.1.2", + "rustls-pki-types", "tokio", - "tokio-rustls 0.24.0", + "tokio-rustls 0.26.0", + "tower", "tower-service", ] @@ -1701,9 +1747,9 @@ checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8" [[package]] name = "base64" -version = "0.21.2" +version = "0.21.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "604178f6c5c21f02dc555784810edfb88d34ac2c73b2eae109655649ee73ce3d" +checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" [[package]] name = "base64" @@ -1727,7 +1773,7 @@ version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c5b0a88aa36e9f095ee2e2b13fb8c5e4313e022783aedacc123328c0084916d" dependencies = [ - "base64 0.21.2", + "base64 0.21.7", ] [[package]] @@ -2528,7 +2574,7 @@ version = "0.8.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5286a0843c21f8367f7be734f89df9b822e0321d8bcce8d6e735aadff7d74979" dependencies = [ - "base64 0.21.2", + "base64 0.21.7", "bech32", "bs58 0.5.0", "digest 0.10.7", @@ -2647,7 +2693,7 @@ dependencies = [ "anyhow", "arc-swap", "async-trait", - "base64 0.21.2", + "base64 0.21.7", "bcs", "bytes", "cfg-if", @@ -2656,9 +2702,10 @@ dependencies = [ "enum_dispatch", "fastcrypto", "futures", - "http 0.2.9", - "hyper 0.14.26", - "hyper-rustls 0.24.0", + "http 1.1.0", + "hyper 1.4.1", + "hyper-rustls 0.27.2", + "hyper-util", "itertools 0.10.5", "mockall", "mysten-common", @@ -2667,11 +2714,11 @@ dependencies = [ "nom", "parking_lot 0.12.1", "prometheus", - "prost 0.12.3", + "prost 0.13.1", "quinn-proto", "rand 0.8.5", "rstest", - "rustls 0.21.12", + "rustls 0.23.12", "serde", "shared-crypto", "strum_macros 0.24.3", @@ -2683,10 +2730,10 @@ dependencies = [ "tempfile", "thiserror", "tokio", - "tokio-rustls 0.24.0", + "tokio-rustls 0.26.0", "tokio-stream", "tokio-util 0.7.10 (registry+https://github.com/rust-lang/crates.io-index)", - "tonic 0.11.0", + "tonic 0.12.1", "tonic-build", "tower", "tower-http", @@ -2715,7 +2762,7 @@ checksum = "fd326812b3fd01da5bb1af7d340d0d555fd3d4b641e7f1dfcf5962a902952787" dependencies = [ "futures-core", "prost 0.12.3", - "prost-types", + "prost-types 0.12.3", "tonic 0.10.0", "tracing-core", ] @@ -2732,7 +2779,7 @@ dependencies = [ "futures-task", "hdrhistogram", "humantime", - "prost-types", + "prost-types 0.12.3", "serde", "serde_json", "thread_local", @@ -4331,7 +4378,7 @@ checksum = "c2fa0857eaad0c1678f982a2f4cfbe33ebd51d273cc93de0182b7c693f2a84a1" dependencies = [ "async-trait", "auto_impl", - "base64 0.21.2", + "base64 0.21.7", "bytes", "enr", "ethers-core", @@ -5293,15 +5340,14 @@ dependencies = [ [[package]] name = "headers" -version = "0.3.8" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f3e372db8e5c0d213e0cd0b9be18be2aca3d44cf2fe30a9d46a65581cd454584" +checksum = "322106e6bd0cba2d5ead589ddb8150a13d7c4217cf80d7c4f682ca994ccc6aa9" dependencies = [ - "base64 0.13.1", - "bitflags 1.3.2", + "base64 0.21.7", "bytes", "headers-core", - "http 0.2.9", + "http 1.1.0", "httpdate", "mime", "sha1", @@ -5309,11 +5355,11 @@ dependencies = [ [[package]] name = "headers-core" -version = "0.2.0" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7f66481bfee273957b1f20485a4ff3362987f85b2c236580d81b4eb7a326429" +checksum = "54b4a22553d4242c49fddb9ba998a99962b5cc6f22cb5a3482bec22522403ce4" dependencies = [ - "http 0.2.9", + "http 1.1.0", ] [[package]] @@ -5465,9 +5511,9 @@ dependencies = [ [[package]] name = "http-range-header" -version = "0.3.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0bfe8eed0a9285ef776bb792479ea3834e8b94e13d615c2f66d03dd50a435a29" +checksum = "08a397c49fec283e3d6211adbe480be95aae5f304cfb923e9970e08956d5168a" [[package]] name = "httparse" @@ -5524,6 +5570,7 @@ dependencies = [ "http 1.1.0", "http-body 1.0.1", "httparse", + "httpdate", "itoa", "pin-project-lite", "smallvec", @@ -5560,7 +5607,6 @@ dependencies = [ "rustls-native-certs 0.6.2", "tokio", "tokio-rustls 0.24.0", - "webpki-roots 0.23.1", ] [[package]] @@ -5594,6 +5640,19 @@ dependencies = [ "tokio-io-timeout", ] +[[package]] +name = "hyper-timeout" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3203a961e5c83b6f5498933e78b6b263e208c197b63e9c6c53cc82ffd3f63793" +dependencies = [ + "hyper 1.4.1", + "hyper-util", + "pin-project-lite", + "tokio", + "tower-service", +] + [[package]] name = "hyper-util" version = "0.1.6" @@ -5910,11 +5969,12 @@ dependencies = [ [[package]] name = "iri-string" -version = "0.4.1" +version = "0.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f0f7638c1e223529f1bfdc48c8b133b9e0b434094d1d28473161ee48b235f78" +checksum = "7f5f6c2df22c009ac44f6f1499308e7a3ac7ba42cd2378475cc691510e1eef1b" dependencies = [ - "nom", + "memchr", + "serde", ] [[package]] @@ -6204,7 +6264,7 @@ version = "8.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6971da4d9c3aa03c3d8f3ff0f4155b534aad021292003895a469716b2a230378" dependencies = [ - "base64 0.21.2", + "base64 0.21.7", "pem 1.1.0", "ring 0.16.20", "serde", @@ -7582,16 +7642,15 @@ dependencies = [ [[package]] name = "multer" -version = "2.1.0" +version = "3.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "01acbdc23469fd8fe07ab135923371d5f5a422fbf9c522158677c8eb15bc51c2" +checksum = "83e87776546dc87511aa5ee218730c92b666d7264ab6ed41f9d215af9cd5224b" dependencies = [ "bytes", "encoding_rs", "futures-util", - "http 0.2.9", + "http 1.1.0", "httparse", - "log", "memchr", "mime", "spin 0.9.8", @@ -7682,7 +7741,7 @@ name = "mysten-metrics" version = "0.7.0" dependencies = [ "async-trait", - "axum", + "axum 0.7.5", "dashmap", "futures", "once_cell", @@ -7705,14 +7764,14 @@ dependencies = [ "bytes", "eyre", "futures", - "http 0.2.9", + "http 1.1.0", "multiaddr", "pin-project-lite", "serde", "snap", "tokio", "tokio-stream", - "tonic 0.11.0", + "tonic 0.12.1", "tonic-health", "tower", "tower-http", @@ -7724,7 +7783,7 @@ name = "mysten-service" version = "0.0.1" dependencies = [ "anyhow", - "axum", + "axum 0.7.5", "mysten-metrics", "prometheus", "serde", @@ -7846,7 +7905,7 @@ dependencies = [ "tempfile", "thiserror", "tokio", - "tonic 0.11.0", + "tonic 0.12.1", "tracing", "typed-store", ] @@ -7859,8 +7918,7 @@ dependencies = [ "anemo-tower", "anyhow", "async-trait", - "axum", - "axum-server", + "axum 0.7.5", "backoff", "bincode", "bytes", @@ -7888,7 +7946,7 @@ dependencies = [ "anemo", "arc-swap", "async-trait", - "axum", + "axum 0.7.5", "bytes", "cfg-if", "clap", @@ -8027,7 +8085,7 @@ dependencies = [ "telemetry-subscribers", "tempfile", "tokio", - "tonic 0.11.0", + "tonic 0.12.1", "tracing", "typed-store", ] @@ -8039,7 +8097,7 @@ dependencies = [ "anemo", "anemo-build", "anyhow", - "base64 0.21.2", + "base64 0.21.7", "bcs", "bytes", "criterion", @@ -8060,7 +8118,7 @@ dependencies = [ "prometheus", "proptest", "proptest-derive", - "prost 0.12.3", + "prost 0.13.1", "prost-build", "protobuf-src", "rand 0.8.5", @@ -8072,7 +8130,7 @@ dependencies = [ "sui-protocol-config", "thiserror", "tokio", - "tonic 0.11.0", + "tonic 0.12.1", "tonic-build", "tracing", "typed-store", @@ -8113,7 +8171,7 @@ dependencies = [ "tempfile", "thiserror", "tokio", - "tonic 0.11.0", + "tonic 0.12.1", "tower", "tracing", "typed-store", @@ -8655,22 +8713,28 @@ checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" [[package]] name = "opentelemetry" -version = "0.19.0" +version = "0.20.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f4b8347cc26099d3aeee044065ecc3ae11469796b4d65d065a23a584ed92a6f" +checksum = "9591d937bc0e6d2feb6f71a559540ab300ea49955229c347a517a28d27784c54" dependencies = [ - "opentelemetry_api 0.19.0", - "opentelemetry_sdk 0.19.0", + "opentelemetry_api", + "opentelemetry_sdk", ] [[package]] name = "opentelemetry" -version = "0.20.0" +version = "0.21.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9591d937bc0e6d2feb6f71a559540ab300ea49955229c347a517a28d27784c54" +checksum = "1e32339a5dc40459130b3bd269e9892439f55b33e772d2a9d402a789baaf4e8a" dependencies = [ - "opentelemetry_api 0.20.0", - "opentelemetry_sdk 0.20.0", + "futures-core", + "futures-sink", + "indexmap 2.2.6", + "js-sys", + "once_cell", + "pin-project-lite", + "thiserror", + "urlencoding", ] [[package]] @@ -8684,8 +8748,8 @@ dependencies = [ "http 0.2.9", "opentelemetry-proto", "opentelemetry-semantic-conventions", - "opentelemetry_api 0.20.0", - "opentelemetry_sdk 0.20.0", + "opentelemetry_api", + "opentelemetry_sdk", "prost 0.11.9", "thiserror", "tokio", @@ -8698,8 +8762,8 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b1e3f814aa9f8c905d0ee4bde026afd3b2577a97c10e1699912e3e44f0c4cbeb" dependencies = [ - "opentelemetry_api 0.20.0", - "opentelemetry_sdk 0.20.0", + "opentelemetry_api", + "opentelemetry_sdk", "prost 0.11.9", "tonic 0.9.2", ] @@ -8713,21 +8777,6 @@ dependencies = [ "opentelemetry 0.20.0", ] -[[package]] -name = "opentelemetry_api" -version = "0.19.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed41783a5bf567688eb38372f2b7a8530f5a607a4b49d38dd7573236c23ca7e2" -dependencies = [ - "futures-channel", - "futures-util", - "indexmap 1.9.3", - "once_cell", - "pin-project-lite", - "thiserror", - "urlencoding", -] - [[package]] name = "opentelemetry_api" version = "0.20.0" @@ -8744,24 +8793,6 @@ dependencies = [ "urlencoding", ] -[[package]] -name = "opentelemetry_sdk" -version = "0.19.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b3a2a91fdbfdd4d212c0dcc2ab540de2c2bcbbd90be17de7a7daf8822d010c1" -dependencies = [ - "async-trait", - "crossbeam-channel", - "futures-channel", - "futures-executor", - "futures-util", - "once_cell", - "opentelemetry_api 0.19.0", - "percent-encoding", - "rand 0.8.5", - "thiserror", -] - [[package]] name = "opentelemetry_sdk" version = "0.20.0" @@ -8774,7 +8805,7 @@ dependencies = [ "futures-executor", "futures-util", "once_cell", - "opentelemetry_api 0.20.0", + "opentelemetry_api", "ordered-float 3.9.1", "percent-encoding", "rand 0.8.5", @@ -9204,10 +9235,11 @@ checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e" [[package]] name = "pest" -version = "2.7.2" +version = "2.7.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1acb4a4365a13f749a93f1a094a7805e5cfa0955373a9de860d962eaa3a5fe5a" +checksum = "cd53dff83f26735fdc1ca837098ccf133605d794cdae66acfc2bfac3ec809d95" dependencies = [ + "memchr", "thiserror", "ucd-trie", ] @@ -9767,26 +9799,35 @@ dependencies = [ "prost-derive 0.12.3", ] +[[package]] +name = "prost" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e13db3d3fde688c61e2446b4d843bc27a7e8af269a69440c0308021dc92333cc" +dependencies = [ + "bytes", + "prost-derive 0.13.1", +] + [[package]] name = "prost-build" -version = "0.12.3" +version = "0.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c55e02e35260070b6f716a2423c2ff1c3bb1642ddca6f99e1f26d06268a0e2d2" +checksum = "5bb182580f71dd070f88d01ce3de9f4da5021db7115d2e1c3605a754153b77c1" dependencies = [ "bytes", - "heck 0.4.1", - "itertools 0.11.0", + "heck 0.5.0", + "itertools 0.13.0", "log", "multimap", "once_cell", "petgraph 0.6.2", "prettyplease 0.2.17", - "prost 0.12.3", - "prost-types", + "prost 0.13.1", + "prost-types 0.13.1", "regex", "syn 2.0.48", "tempfile", - "which", ] [[package]] @@ -9815,6 +9856,19 @@ dependencies = [ "syn 2.0.48", ] +[[package]] +name = "prost-derive" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "18bec9b0adc4eba778b33684b7ba3e7137789434769ee3ce3930463ef904cfca" +dependencies = [ + "anyhow", + "itertools 0.13.0", + "proc-macro2 1.0.78", + "quote 1.0.35", + "syn 2.0.48", +] + [[package]] name = "prost-types" version = "0.12.3" @@ -9824,6 +9878,15 @@ dependencies = [ "prost 0.12.3", ] +[[package]] +name = "prost-types" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cee5168b05f49d4b0ca581206eb14a7b22fafd963efe729ac48eb03266e25cc2" +dependencies = [ + "prost 0.13.1", +] + [[package]] name = "protobuf" version = "2.28.0" @@ -10123,18 +10186,6 @@ dependencies = [ "num_cpus", ] -[[package]] -name = "rcgen" -version = "0.9.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6413f3de1edee53342e6138e75b56d32e7bc6e332b3bd62d497b1929d4cfbcdd" -dependencies = [ - "pem 1.1.0", - "ring 0.16.20", - "time", - "yasna", -] - [[package]] name = "rcgen" version = "0.13.1" @@ -10279,7 +10330,7 @@ version = "0.11.20" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3e9ad3fe7488d7e34558a2033d45a0c90b72d97b4f80705666fea71472e2e6a1" dependencies = [ - "base64 0.21.2", + "base64 0.21.7", "bytes", "encoding_rs", "futures-core", @@ -10318,7 +10369,7 @@ version = "0.12.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c7d6d2a27d57148378eb5e111173f4276ad26340ecc5c49a4a2152167a2d6a37" dependencies = [ - "async-compression 0.4.6", + "async-compression", "base64 0.22.1", "bytes", "futures-channel", @@ -10914,7 +10965,7 @@ version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d194b56d58803a43635bdc398cd17e383d6f71f9182b9a192c127ca42494a59b" dependencies = [ - "base64 0.21.2", + "base64 0.21.7", ] [[package]] @@ -10933,16 +10984,6 @@ version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "976295e77ce332211c0d24d92c0e83e50f5c5f046d11082cea19f3df13a3562d" -[[package]] -name = "rustls-webpki" -version = "0.100.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f6a5fc258f1c1276dfe3016516945546e2d5383911efc0fc4f1cdc5df3a4ae3" -dependencies = [ - "ring 0.16.20", - "untrusted 0.7.1", -] - [[package]] name = "rustls-webpki" version = "0.101.7" @@ -11867,7 +11908,7 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "13a6dfdd7c433e0f4bb96d777c88d900c5abe3dc4d2f26d2340fd6c7caadcc6c" dependencies = [ - "base64 0.21.2", + "base64 0.21.7", "jsonwebtoken", "rsa 0.9.1", "serde", @@ -11980,6 +12021,12 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f" +[[package]] +name = "static_assertions_next" +version = "1.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d7beae5182595e9a8b683fa98c4317f956c9a2dec3b9716990d20023cc60c766" + [[package]] name = "str-buf" version = "1.0.6" @@ -12082,7 +12129,7 @@ dependencies = [ "assert_cmd", "async-recursion", "async-trait", - "axum", + "axum 0.7.5", "bcs", "bin-version", "bip32", @@ -12097,7 +12144,7 @@ dependencies = [ "fastcrypto-zkp", "fs_extra", "futures", - "http 0.2.9", + "http 1.1.0", "im", "inquire", "insta", @@ -12296,7 +12343,7 @@ dependencies = [ "arrow", "arrow-array", "async-trait", - "axum", + "axum 0.7.5", "bcs", "byteorder", "bytes", @@ -12484,7 +12531,7 @@ dependencies = [ "anyhow", "arc-swap", "async-trait", - "axum", + "axum 0.7.5", "backoff", "bcs", "bin-version", @@ -12662,7 +12709,7 @@ dependencies = [ "anyhow", "arc-swap", "async-trait", - "axum", + "axum 0.7.5", "bcs", "bytes", "chrono", @@ -12972,11 +13019,11 @@ dependencies = [ "anyhow", "async-recursion", "async-trait", - "axum", + "axum 0.7.5", "clap", "eyre", "futures", - "http 0.2.9", + "http 1.1.0", "mysten-metrics", "parking_lot 0.12.1", "prometheus", @@ -13113,7 +13160,8 @@ dependencies = [ "async-graphql-axum", "async-graphql-value", "async-trait", - "axum", + "axum 0.7.5", + "axum-extra", "bcs", "bin-version", "chrono", @@ -13127,8 +13175,8 @@ dependencies = [ "fastcrypto-zkp", "futures", "hex", - "http 0.2.9", - "hyper 0.14.26", + "http 1.1.0", + "hyper 1.4.1", "im", "insta", "itertools 0.10.5", @@ -13187,8 +13235,8 @@ name = "sui-graphql-rpc-client" version = "0.1.0" dependencies = [ "async-graphql", - "axum", - "hyper 0.14.26", + "axum 0.7.5", + "hyper 1.4.1", "reqwest 0.12.5", "serde_json", "sui-graphql-rpc-headers", @@ -13199,7 +13247,7 @@ dependencies = [ name = "sui-graphql-rpc-headers" version = "0.1.0" dependencies = [ - "axum", + "axum 0.7.5", ] [[package]] @@ -13208,7 +13256,7 @@ version = "1.31.0" dependencies = [ "anyhow", "async-trait", - "axum", + "axum 0.7.5", "backoff", "bcs", "cached", @@ -13288,7 +13336,7 @@ dependencies = [ "anyhow", "arc-swap", "async-trait", - "axum", + "axum 0.7.5", "bcs", "cached", "chrono", @@ -13296,7 +13344,8 @@ dependencies = [ "eyre", "fastcrypto", "futures", - "hyper 0.14.26", + "http-body 0.4.5", + "hyper 1.4.1", "indexmap 2.2.6", "itertools 0.10.5", "jsonrpsee", @@ -13361,7 +13410,7 @@ dependencies = [ "anyhow", "async-trait", "bcs", - "hyper 0.14.26", + "hyper 1.4.1", "jsonrpsee", "move-core-types", "move-package", @@ -13479,7 +13528,7 @@ version = "1.31.0" dependencies = [ "anyhow", "backoff", - "base64 0.21.2", + "base64 0.21.7", "chrono", "clap", "humantime", @@ -13684,7 +13733,7 @@ dependencies = [ "telemetry-subscribers", "tempfile", "tokio", - "tonic 0.11.0", + "tonic 0.12.1", "tonic-build", "tower", "tracing", @@ -13698,8 +13747,8 @@ dependencies = [ "anemo-tower", "anyhow", "arc-swap", - "axum", - "base64 0.21.2", + "axum 0.7.5", + "base64 0.21.7", "bcs", "bin-version", "clap", @@ -13828,7 +13877,7 @@ dependencies = [ "async-trait", "bcs", "eyre", - "hyper 0.14.26", + "hyper 1.4.1", "insta", "lru 0.10.0", "move-binary-format", @@ -13884,7 +13933,8 @@ name = "sui-proxy" version = "0.0.2" dependencies = [ "anyhow", - "axum", + "axum 0.7.5", + "axum-extra", "axum-server", "bin-version", "bytes", @@ -13892,8 +13942,7 @@ dependencies = [ "const-str", "fastcrypto", "hex", - "http-body 0.4.5", - "hyper 0.14.26", + "hyper 1.4.1", "ipnetwork", "itertools 0.10.5", "mime", @@ -13901,13 +13950,13 @@ dependencies = [ "mysten-metrics", "once_cell", "prometheus", - "prost 0.12.3", + "prost 0.13.1", "prost-build", "protobuf", "rand 0.8.5", "reqwest 0.12.5", - "rustls 0.21.12", - "rustls-pemfile 1.0.2", + "rustls 0.23.12", + "rustls-pemfile 2.1.2", "serde", "serde_json", "serde_with 3.8.1", @@ -13932,7 +13981,7 @@ dependencies = [ "bcs", "clap", "futures", - "http 0.2.9", + "http 1.1.0", "jsonrpsee", "lru 0.10.0", "move-binary-format", @@ -13976,7 +14025,7 @@ version = "0.1.0" dependencies = [ "anyhow", "async-trait", - "axum", + "axum 0.7.5", "bcs", "diffy", "fastcrypto", @@ -14006,14 +14055,14 @@ version = "1.31.0" dependencies = [ "anyhow", "async-trait", - "axum", + "axum 0.7.5", "axum-extra", "bcs", "clap", "eyre", "fastcrypto", "futures", - "hyper 0.14.26", + "hyper 1.4.1", "move-core-types", "mysten-metrics", "once_cell", @@ -14067,7 +14116,7 @@ dependencies = [ "telemetry-subscribers", "test-cluster", "tokio", - "tonic 0.11.0", + "tonic 0.12.1", "tracing", ] @@ -14098,7 +14147,7 @@ dependencies = [ "anyhow", "async-recursion", "async-trait", - "base64 0.21.2", + "base64 0.21.7", "bcs", "clap", "colored", @@ -14272,12 +14321,12 @@ name = "sui-source-validation-service" version = "0.1.0" dependencies = [ "anyhow", - "axum", + "axum 0.7.5", "bin-version", "clap", "expect-test", "fs_extra", - "hyper 0.14.26", + "hyper 1.4.1", "jsonrpsee", "move-compiler", "move-core-types", @@ -14310,6 +14359,7 @@ version = "0.1.0" dependencies = [ "anyhow", "async-trait", + "axum 0.7.5", "backoff", "base64-url", "bcs", @@ -14321,8 +14371,8 @@ dependencies = [ "eyre", "fastcrypto", "futures", - "hyper 0.14.26", - "hyper-rustls 0.24.0", + "hyper 1.4.1", + "hyper-rustls 0.27.2", "indicatif", "integer-encoding", "itertools 0.10.5", @@ -14474,18 +14524,18 @@ name = "sui-tls" version = "0.0.0" dependencies = [ "anyhow", - "axum", + "axum 0.7.5", "axum-server", "ed25519 1.5.3", "fastcrypto", "pkcs8 0.9.0", "rand 0.8.5", - "rcgen 0.9.3", + "rcgen", "reqwest 0.12.5", - "rustls 0.21.12", - "rustls-webpki 0.101.7", + "rustls 0.23.12", + "rustls-webpki 0.102.6", "tokio", - "tokio-rustls 0.24.0", + "tokio-rustls 0.26.0", "tower-layer", "x509-parser", ] @@ -14692,7 +14742,7 @@ dependencies = [ "tap", "thiserror", "tokio", - "tonic 0.11.0", + "tonic 0.12.1", "tracing", "typed-store-error", "url", @@ -14819,8 +14869,8 @@ name = "suiop-cli" version = "0.2.5" dependencies = [ "anyhow", - "axum", - "base64 0.21.2", + "axum 0.7.5", + "base64 0.21.7", "chrono", "clap", "colored", @@ -15056,7 +15106,7 @@ dependencies = [ "opentelemetry 0.20.0", "opentelemetry-otlp", "opentelemetry-proto", - "opentelemetry_api 0.20.0", + "opentelemetry_api", "prometheus", "prost 0.11.9", "tokio", @@ -15474,9 +15524,9 @@ dependencies = [ [[package]] name = "tokio-tungstenite" -version = "0.20.1" +version = "0.21.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "212d5dcb2a1ce06d81107c3d0ffa3121fe974b73f068c8282cb1c32328113b6c" +checksum = "c83b561d025642014097b66e6c1bb422783339e0909e4429cde4749d1990bc38" dependencies = [ "futures-util", "log", @@ -15600,8 +15650,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3082666a3a6433f7f511c7192923fa1fe07c69332d3c6a2e6bb040b569199d5a" dependencies = [ "async-trait", - "axum", - "base64 0.21.2", + "axum 0.6.20", + "base64 0.21.7", "bytes", "futures-core", "futures-util", @@ -15609,7 +15659,7 @@ dependencies = [ "http 0.2.9", "http-body 0.4.5", "hyper 0.14.26", - "hyper-timeout", + "hyper-timeout 0.4.1", "percent-encoding", "pin-project", "prost 0.11.9", @@ -15629,14 +15679,14 @@ checksum = "5469afaf78a11265c343a88969045c1568aa8ecc6c787dbf756e92e70f199861" dependencies = [ "async-stream", "async-trait", - "axum", - "base64 0.21.2", + "axum 0.6.20", + "base64 0.21.7", "bytes", "h2 0.3.26", "http 0.2.9", "http-body 0.4.5", "hyper 0.14.26", - "hyper-timeout", + "hyper-timeout 0.4.1", "percent-encoding", "pin-project", "prost 0.12.3", @@ -15650,23 +15700,26 @@ dependencies = [ [[package]] name = "tonic" -version = "0.11.0" +version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "76c4eb7a4e9ef9d4763600161f12f5070b92a578e1b634db88a6887844c91a13" +checksum = "38659f4a91aba8598d27821589f5db7dddd94601e7a01b1e485a50e5484c7401" dependencies = [ "async-stream", "async-trait", - "axum", - "base64 0.21.2", + "axum 0.7.5", + "base64 0.22.1", "bytes", - "h2 0.3.26", - "http 0.2.9", - "http-body 0.4.5", - "hyper 0.14.26", - "hyper-timeout", + "h2 0.4.5", + "http 1.1.0", + "http-body 1.0.1", + "http-body-util", + "hyper 1.4.1", + "hyper-timeout 0.5.1", + "hyper-util", "percent-encoding", "pin-project", - "prost 0.12.3", + "prost 0.13.1", + "socket2 0.5.6", "tokio", "tokio-stream", "tower", @@ -15677,9 +15730,9 @@ dependencies = [ [[package]] name = "tonic-build" -version = "0.11.0" +version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "be4ef6dd70a610078cb4e338a0f79d06bc759ff1b22d2120c2ff02ae264ba9c2" +checksum = "568392c5a2bd0020723e3f387891176aabafe36fd9fcd074ad309dfa0c8eb964" dependencies = [ "prettyplease 0.2.17", "proc-macro2 1.0.78", @@ -15690,15 +15743,15 @@ dependencies = [ [[package]] name = "tonic-health" -version = "0.11.0" +version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2cef6e24bc96871001a7e48e820ab240b3de2201e59b517cf52835df2f1d2350" +checksum = "e1e10e6a96ee08b6ce443487d4368442d328d0e746f3681f81127f7dc41b4955" dependencies = [ "async-stream", - "prost 0.12.3", + "prost 0.13.1", "tokio", "tokio-stream", - "tonic 0.11.0", + "tonic 0.12.1", ] [[package]] @@ -15737,18 +15790,19 @@ dependencies = [ [[package]] name = "tower-http" -version = "0.3.5" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f873044bf02dd1e8239e9c1293ea39dad76dc594ec16185d0a1bf31d8dc8d858" +checksum = "1e9cd434a998747dd2c4276bc96ee2e0c7a2eadf3cae88e52be55a05fa9053f5" dependencies = [ - "async-compression 0.3.15", - "base64 0.13.1", - "bitflags 1.3.2", + "async-compression", + "base64 0.21.7", + "bitflags 2.4.1", "bytes", "futures-core", "futures-util", - "http 0.2.9", - "http-body 0.4.5", + "http 1.1.0", + "http-body 1.0.1", + "http-body-util", "http-range-header", "httpdate", "iri-string", @@ -15862,7 +15916,7 @@ checksum = "75327c6b667828ddc28f5e3f169036cb793c3f588d83bf0f262a7f062ffed3c8" dependencies = [ "once_cell", "opentelemetry 0.20.0", - "opentelemetry_sdk 0.20.0", + "opentelemetry_sdk", "smallvec", "tracing", "tracing-core", @@ -15972,14 +16026,14 @@ dependencies = [ [[package]] name = "tungstenite" -version = "0.20.1" +version = "0.21.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9e3dac10fd62eaf6617d3a904ae222845979aec67c615d1c842b4002c7666fb9" +checksum = "9ef1a641ea34f399a848dea702823bbecfb4c486f911735368f1f137cb8257e1" dependencies = [ "byteorder", "bytes", "data-encoding", - "http 0.2.9", + "http 1.1.0", "httparse", "log", "rand 0.8.5", @@ -15996,7 +16050,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "97fee6b57c6a41524a810daee9286c02d7752c4253064d0b05472833a438f675" dependencies = [ "cfg-if", - "rand 0.7.3", + "rand 0.8.5", "static_assertions", ] @@ -16226,7 +16280,7 @@ version = "2.9.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f8cdd25c339e200129fe4de81451814e5228c9b771d57378817d6117cc2b3f97" dependencies = [ - "base64 0.21.2", + "base64 0.21.7", "flate2", "log", "once_cell", @@ -16534,15 +16588,6 @@ dependencies = [ "webpki", ] -[[package]] -name = "webpki-roots" -version = "0.23.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b03058f88386e5ff5310d9111d53f48b17d732b401aeb83a8d5190f2ac459338" -dependencies = [ - "rustls-webpki 0.100.3", -] - [[package]] name = "webpki-roots" version = "0.25.2" @@ -16558,17 +16603,6 @@ dependencies = [ "rustls-pki-types", ] -[[package]] -name = "which" -version = "4.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1c831fbbee9e129a8cf93e7747a82da9d95ba8e16621cae60ec2cdc849bacb7b" -dependencies = [ - "either", - "libc", - "once_cell", -] - [[package]] name = "whoami" version = "1.5.0" diff --git a/Cargo.toml b/Cargo.toml index cc92f12a0c4a3..06a78c6547ade 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -241,9 +241,9 @@ arrow = "52" arrow-array = "52" arc-swap = { version = "1.5.1", features = ["serde"] } assert_cmd = "2.0.6" -async-graphql = "6.0.7" -async-graphql-axum = "6.0.7" -async-graphql-value = "6.0.7" +async-graphql = "=7.0.1" +async-graphql-axum = "=7.0.1" +async-graphql-value = "=7.0.1" async-recursion = "1.0.4" async-trait = "0.1.61" atomic_float = "0.1" @@ -253,8 +253,7 @@ aws-sdk-dynamodb = "0.29.0" aws-sdk-s3 = "0.29.0" aws-smithy-http = "0.56" aws-smithy-runtime-api = "0.56" -axum = { version = "0.6.6", default-features = false, features = [ - "headers", +axum = { version = "0.7", default-features = false, features = [ "tokio", "http1", "http2", @@ -265,8 +264,8 @@ axum = { version = "0.6.6", default-features = false, features = [ "query", "ws", ] } -axum-extra = "0.4.2" -axum-server = { version = "0.5.1", default-features = false, features = [ +axum-extra = { version = "0.9", features = ["typed-header"] } +axum-server = { git = "https://github.com/bmwill/axum-server.git", rev = "f44323e271afdd1365fd0c8b0a4c0bbdf4956cb7", version = "0.6", default-features = false, features = [ "tls-rustls", ] } backoff = { version = "0.4.0", features = [ @@ -342,11 +341,12 @@ hdrhistogram = "7.5.1" hex = "0.4.3" hex-literal = "0.3.4" highlight = "all" -http = "0.2.8" -http-body = "0.4.5" +http = "1" +http-body = "1" humantime = "2.1.0" -hyper = "0.14.20" -hyper-rustls = { version = "0.24", features = ["webpki-roots", "http2"] } +hyper = "1" +hyper-util = "0.1.6" +hyper-rustls = { version = "0.27", default-features = false, features = ["webpki-roots", "http2", "ring", "tls12"] } im = "15" impl-trait-for-tuples = "0.2.0" indexmap = { version = "2.1.0", features = ["serde"] } @@ -405,15 +405,15 @@ prometheus-http-query = { version = "0.8", default_features = false, features = prometheus-parse = { git = "https://github.com/asonnino/prometheus-parser.git", rev = "75334db" } proptest = "1.1.0" proptest-derive = "0.3.0" -prost = "0.12.3" -prost-build = "0.12.3" +prost = "0.13" +prost-build = "0.13" protobuf = { version = "2.28", features = ["with-bytes"] } protobuf-src = "1.1.0" quinn-proto = "0.11" quote = "1.0.23" rand = "0.8.5" rayon = "1.5.3" -rcgen = "0.9.2" +rcgen = "0.13" regex = "1.7.1" reqwest = { version = "0.12", default_features = false, features = [ "blocking", @@ -439,8 +439,8 @@ rusoto_kms = { version = "0.48.0", default_features = false, features = [ russh = "0.38.0" russh-keys = "0.38.0" rust-version = "1.56.1" -rustls = { version = "0.21.12", features = ["dangerous_configuration"] } -rustls-pemfile = "1.0.2" +rustls = { version = "0.23", default-features = false, features = ["std", "tls12", "ring"] } +rustls-pemfile = "2" rustversion = "1.0.9" rustyline = "9.1.2" rustyline-derive = "0.7.0" @@ -483,7 +483,7 @@ thiserror = "1.0.40" tiny-bip39 = "1.0.0" tokio = "1.36.0" tokio-retry = "0.3" -tokio-rustls = "0.24" +tokio-rustls = { version = "0.26", default-features = false, features = ["tls12", "ring"] } tokio-stream = { version = "0.1.14", features = ["sync", "net"] } tokio-util = "0.7.10" toml = { version = "0.7.4", features = ["preserve_order"] } @@ -491,9 +491,9 @@ toml_edit = { version = "0.19.10" } # NOTE: do not enable the `tls` feature on tonic. It will break custom TLS handling # for self signed certificates. Unit tests under consensus/core and other integration # tests will fail. -tonic = { version = "0.11", features = ["transport"] } -tonic-build = { version = "0.11", features = ["prost", "transport"] } -tonic-health = "0.11" +tonic = { version = "0.12", features = ["transport"] } +tonic-build = { version = "0.12", features = ["prost", "transport"] } +tonic-health = "0.12" tower = { version = "0.4.12", features = [ "full", "util", @@ -501,7 +501,7 @@ tower = { version = "0.4.12", features = [ "load-shed", "limit", ] } -tower-http = { version = "0.3.4", features = [ +tower-http = { version = "0.5", features = [ "cors", "full", "trace", @@ -528,7 +528,7 @@ unescape = "0.1.0" ureq = "2.9.1" url = "2.3.1" uuid = { version = "1.1.2", features = ["v4", "fast-rng"] } -webpki = { version = "0.101.0", package = "rustls-webpki", features = [ +webpki = { version = "0.102", package = "rustls-webpki", features = [ "alloc", "std", ] } diff --git a/consensus/core/Cargo.toml b/consensus/core/Cargo.toml index c37c0be3415d2..067901f002a16 100644 --- a/consensus/core/Cargo.toml +++ b/consensus/core/Cargo.toml @@ -23,6 +23,7 @@ fastcrypto.workspace = true futures.workspace = true http.workspace = true hyper.workspace = true +hyper-util.workspace = true hyper-rustls.workspace = true itertools.workspace = true quinn-proto.workspace = true diff --git a/consensus/core/src/network/tonic_network.rs b/consensus/core/src/network/tonic_network.rs index b6c184c069e65..44b81406e99ef 100644 --- a/consensus/core/src/network/tonic_network.rs +++ b/consensus/core/src/network/tonic_network.rs @@ -14,7 +14,8 @@ use bytes::Bytes; use cfg_if::cfg_if; use consensus_config::{AuthorityIndex, NetworkKeyPair, NetworkPublicKey}; use futures::{stream, Stream, StreamExt as _}; -use hyper::server::conn::Http; +use hyper_util::rt::tokio::TokioIo; +use hyper_util::service::TowerToHyperService; use mysten_common::sync::notify_once::NotifyOnce; use mysten_metrics::monitored_future; use mysten_network::{ @@ -144,15 +145,18 @@ impl NetworkClient for TonicClient { let response = client.subscribe_blocks(request).await.map_err(|e| { ConsensusError::NetworkRequest(format!("subscribe_blocks failed: {e:?}")) })?; - let stream = response.into_inner().filter_map(move |b| async move { - match b { - Ok(response) => Some(response.block), - Err(e) => { - debug!("Network error received from {}: {e:?}", peer); - None + let stream = response + .into_inner() + .take_while(|b| futures::future::ready(b.is_ok())) + .filter_map(move |b| async move { + match b { + Ok(response) => Some(response.block), + Err(e) => { + debug!("Network error received from {}: {e:?}", peer); + None + } } - } - }); + }); let rate_limited_stream = tokio_stream::StreamExt::throttle(stream, self.context.parameters.min_round_delay / 2) .boxed(); @@ -692,13 +696,14 @@ impl NetworkManager for TonicManager { .max_encoding_message_size(config.message_size_limit) .max_decoding_message_size(config.message_size_limit), ) - .into_service(); + .into_router(); let inbound_metrics = self.context.metrics.network_metrics.inbound.clone(); let excessive_message_size = self.context.parameters.tonic.excessive_message_size; - let mut http = Http::new(); - http.http2_only(true); + let http = + hyper_util::server::conn::auto::Builder::new(hyper_util::rt::TokioExecutor::new()) + .http2_only(); let http = Arc::new(http); let tls_server_config = @@ -875,7 +880,7 @@ impl NetworkManager for TonicManager { .service(consensus_service.clone()); pin! { - let connection = http.serve_connection(tls_stream, svc); + let connection = http.serve_connection(TokioIo::new(tls_stream), TowerToHyperService::new(svc)); } trace!("Connection ready. Starting to serve requests for {peer_addr:?}"); diff --git a/consensus/core/src/network/tonic_tls.rs b/consensus/core/src/network/tonic_tls.rs index 1b5587ba459eb..88a40f88c4103 100644 --- a/consensus/core/src/network/tonic_tls.rs +++ b/consensus/core/src/network/tonic_tls.rs @@ -57,6 +57,7 @@ pub(crate) fn create_rustls_client_config( } // Checks if the public key from a TLS certificate belongs to one of the validators. +#[derive(Debug)] struct AllowedPublicKeys { // TODO: refactor to use key bytes keys: BTreeSet, diff --git a/crates/mysten-metrics/src/lib.rs b/crates/mysten-metrics/src/lib.rs index 4a2c01c97f01a..ae45b80f98e4f 100644 --- a/crates/mysten-metrics/src/lib.rs +++ b/crates/mysten-metrics/src/lib.rs @@ -460,8 +460,8 @@ pub fn start_prometheus_server(addr: SocketAddr) -> RegistryService { .layer(Extension(registry_service.clone())); tokio::spawn(async move { - axum::Server::bind(&addr) - .serve(app.into_make_service()) + let listener = tokio::net::TcpListener::bind(&addr).await.unwrap(); + axum::serve(listener, app.into_make_service()) .await .unwrap(); }); diff --git a/crates/mysten-network/src/server.rs b/crates/mysten-network/src/server.rs index 0a0d4ac70a7bc..4bac6fe61ae52 100644 --- a/crates/mysten-network/src/server.rs +++ b/crates/mysten-network/src/server.rs @@ -22,7 +22,7 @@ use tonic::{ BoxFuture, }, server::NamedService, - transport::{server::Router, Body}, + transport::server::Router, }; use tower::{ layer::util::{Identity, Stack}, @@ -41,7 +41,7 @@ pub struct ServerBuilder) -> Option; +type AddPathToHeaderFunction = fn(&Request) -> Option; type WrapperService = Stack< Stack< @@ -103,7 +103,7 @@ impl ServerBuilder { .global_concurrency_limit .map(tower::limit::GlobalConcurrencyLimitLayer::new); - fn add_path_to_request_header(request: &Request) -> Option { + fn add_path_to_request_header(request: &Request) -> Option { let path = request.uri().path(); Some(HeaderValue::from_str(path).unwrap()) } @@ -144,7 +144,7 @@ impl ServerBuilder { /// Add a new service to this Server. pub fn add_service(mut self, svc: S) -> Self where - S: Service, Response = Response, Error = Infallible> + S: Service, Response = Response, Error = Infallible> + NamedService + Clone + Send diff --git a/crates/mysten-service/src/service.rs b/crates/mysten-service/src/service.rs index 599796b1f4578..f6ba299b48d7b 100644 --- a/crates/mysten-service/src/service.rs +++ b/crates/mysten-service/src/service.rs @@ -23,8 +23,10 @@ where pub async fn serve(app: Router) -> Result<()> { // run it with hyper on localhost:3000 debug!("listening on http://localhost:{}", DEFAULT_PORT); - axum::Server::bind(&format!("0.0.0.0:{}", DEFAULT_PORT).parse()?) - .serve(app.into_make_service()) - .await?; + + let listener = tokio::net::TcpListener::bind(&format!("0.0.0.0:{}", DEFAULT_PORT)) + .await + .unwrap(); + axum::serve(listener, app).await?; Ok(()) } diff --git a/crates/mysten-service/tests/integration_test.rs b/crates/mysten-service/tests/integration_test.rs index f661be895e228..5ad9cd7f47a3d 100644 --- a/crates/mysten-service/tests/integration_test.rs +++ b/crates/mysten-service/tests/integration_test.rs @@ -2,7 +2,6 @@ // SPDX-License-Identifier: Apache-2.0 use axum::body::Body; -use axum::body::HttpBody; use axum::http::Request; use tower::ServiceExt; @@ -21,8 +20,8 @@ async fn test_mysten_service() { .unwrap(); assert_eq!(res.status(), 200); - let mut body = res.into_body(); - let body_data = body.data().await.unwrap().unwrap(); + let body = res.into_body(); + let body_data = axum::body::to_bytes(body, usize::MAX).await.unwrap(); println!("{}", std::str::from_utf8(&body_data).unwrap()); assert_eq!( &body_data[..], diff --git a/crates/sui-bridge/src/server/mock_handler.rs b/crates/sui-bridge/src/server/mock_handler.rs index 980d77123e8ea..f8b5e01fc912c 100644 --- a/crates/sui-bridge/src/server/mock_handler.rs +++ b/crates/sui-bridge/src/server/mock_handler.rs @@ -133,13 +133,15 @@ pub fn run_mock_server( mock_handler: BridgeRequestMockHandler, ) -> tokio::task::JoinHandle<()> { tracing::info!("Starting mock server at {}", socket_address); - let server = axum::Server::bind(&socket_address).serve( - make_router( + let listener = std::net::TcpListener::bind(socket_address).unwrap(); + listener.set_nonblocking(true).unwrap(); + let listener = tokio::net::TcpListener::from_std(listener).unwrap(); + tokio::spawn(async move { + let router = make_router( Arc::new(mock_handler), Arc::new(BridgeMetrics::new_for_testing()), Arc::new(BridgeNodePublicMetadata::empty_for_testing()), - ) - .into_make_service(), - ); - tokio::spawn(async move { server.await.unwrap() }) + ); + axum::serve(listener, router).await.unwrap() + }) } diff --git a/crates/sui-bridge/src/server/mod.rs b/crates/sui-bridge/src/server/mod.rs index 6f73472fbe362..9fad0cb0a6d30 100644 --- a/crates/sui-bridge/src/server/mod.rs +++ b/crates/sui-bridge/src/server/mod.rs @@ -83,10 +83,15 @@ pub fn run_server( metrics: Arc, metadata: Arc, ) -> tokio::task::JoinHandle<()> { - let service = axum::Server::bind(socket_address) - .serve(make_router(Arc::new(handler), metrics, metadata).into_make_service()); + let socket_address = *socket_address; tokio::spawn(async move { - service.await.unwrap(); + let listener = tokio::net::TcpListener::bind(socket_address).await.unwrap(); + axum::serve( + listener, + make_router(Arc::new(handler), metrics, metadata).into_make_service(), + ) + .await + .unwrap(); }) } diff --git a/crates/sui-core/src/traffic_controller/nodefw_test_server.rs b/crates/sui-core/src/traffic_controller/nodefw_test_server.rs index 57af7897c13b9..7b8c1f41f1763 100644 --- a/crates/sui-core/src/traffic_controller/nodefw_test_server.rs +++ b/crates/sui-core/src/traffic_controller/nodefw_test_server.rs @@ -44,18 +44,11 @@ impl NodeFwTestServer { .route("/block_addresses", post(Self::block_addresses)) .with_state(app_state.clone()); - let shutdown_signal = self.shutdown_signal.clone(); let addr = SocketAddr::from(([127, 0, 0, 1], port)); - let server = axum::Server::bind(&addr) - .serve(app.into_make_service()) - .with_graceful_shutdown(async move { - shutdown_signal.notified().await; - }); let handle = tokio::spawn(async move { - if let Err(e) = server.await { - panic!("Server error: {}", e); - } + let listener = tokio::net::TcpListener::bind(addr).await.unwrap(); + axum::serve(listener, app).await.unwrap(); }); tokio::spawn(Self::periodically_remove_expired_addresses( diff --git a/crates/sui-faucet/src/server.rs b/crates/sui-faucet/src/server.rs index 4b4f2400f6d13..cea9242ad9e64 100644 --- a/crates/sui-faucet/src/server.rs +++ b/crates/sui-faucet/src/server.rs @@ -85,9 +85,8 @@ pub async fn start_faucet( let addr = SocketAddr::new(IpAddr::V4(host_ip), port); info!("listening on {}", addr); - axum::Server::bind(&addr) - .serve(app.into_make_service()) - .await?; + let listener = tokio::net::TcpListener::bind(addr).await.unwrap(); + axum::serve(listener, app).await?; Ok(()) } diff --git a/crates/sui-graphql-e2e-tests/tests/call/simple.exp b/crates/sui-graphql-e2e-tests/tests/call/simple.exp index 9ac1393da7ca2..c9fc964fa9eb3 100644 --- a/crates/sui-graphql-e2e-tests/tests/call/simple.exp +++ b/crates/sui-graphql-e2e-tests/tests/call/simple.exp @@ -115,10 +115,8 @@ Headers: { "content-type": "application/json", "content-length": "157", "x-sui-rpc-version": "2024.7.0-testing-no-sha", + "vary": "origin, access-control-request-method, access-control-request-headers", "access-control-allow-origin": "*", - "vary": "origin", - "vary": "access-control-request-method", - "vary": "access-control-request-headers", } Service version: 2024.7.0-testing-no-sha Response: { diff --git a/crates/sui-graphql-rpc/Cargo.toml b/crates/sui-graphql-rpc/Cargo.toml index aa58529dab532..87c8a1571a9ef 100644 --- a/crates/sui-graphql-rpc/Cargo.toml +++ b/crates/sui-graphql-rpc/Cargo.toml @@ -14,6 +14,7 @@ async-graphql-axum.workspace = true async-graphql-value.workspace = true async-trait.workspace = true axum.workspace = true +axum-extra.workspace = true bin-version.workspace = true chrono.workspace = true clap.workspace = true diff --git a/crates/sui-graphql-rpc/schema/current_progress_schema.graphql b/crates/sui-graphql-rpc/schema/current_progress_schema.graphql index c5b5ae6e526c0..688f1490b5f64 100644 --- a/crates/sui-graphql-rpc/schema/current_progress_schema.graphql +++ b/crates/sui-graphql-rpc/schema/current_progress_schema.graphql @@ -4402,6 +4402,8 @@ type ZkLoginVerifyResult { errors: [String!]! } +directive @include(if: Boolean!) on FIELD | FRAGMENT_SPREAD | INLINE_FRAGMENT +directive @skip(if: Boolean!) on FIELD | FRAGMENT_SPREAD | INLINE_FRAGMENT schema { query: Query mutation: Mutation diff --git a/crates/sui-graphql-rpc/src/server/builder.rs b/crates/sui-graphql-rpc/src/server/builder.rs index 51fd2ada86411..d4726439de4a1 100644 --- a/crates/sui-graphql-rpc/src/server/builder.rs +++ b/crates/sui-graphql-rpc/src/server/builder.rs @@ -36,10 +36,9 @@ use async_graphql::extensions::Tracing; use async_graphql::EmptySubscription; use async_graphql::{extensions::ExtensionFactory, Schema, SchemaBuilder}; use async_graphql_axum::{GraphQLRequest, GraphQLResponse}; +use axum::body::Body; use axum::extract::FromRef; -use axum::extract::{ - connect_info::IntoMakeServiceWithConnectInfo, ConnectInfo, Query as AxumQuery, State, -}; +use axum::extract::{ConnectInfo, Query as AxumQuery, State}; use axum::http::{HeaderMap, StatusCode}; use axum::middleware::{self}; use axum::response::IntoResponse; @@ -48,9 +47,6 @@ use axum::Extension; use axum::Router; use chrono::Utc; use http::{HeaderValue, Method, Request}; -use hyper::server::conn::AddrIncoming as HyperAddrIncoming; -use hyper::Body; -use hyper::Server as HyperServer; use mysten_metrics::spawn_monitored_task; use mysten_network::callback::{CallbackLayer, MakeCallbackHandler, ResponseHandler}; use std::convert::Infallible; @@ -73,7 +69,9 @@ use uuid::Uuid; const DEFAULT_MAX_CHECKPOINT_LAG: Duration = Duration::from_secs(300); pub(crate) struct Server { - pub server: HyperServer>, + // pub server: HyperServer>, + router: Router, + address: String, watermark_task: WatermarkTask, system_package_task: SystemPackageTask, trigger_exchange_rates_task: TriggerExchangeRatesTask, @@ -120,13 +118,18 @@ impl Server { info!("Starting graphql service"); let cancellation_token = self.state.cancellation_token.clone(); spawn_monitored_task!(async move { - self.server - .with_graceful_shutdown(async { - cancellation_token.cancelled().await; - info!("Shutdown signal received, terminating graphql service"); - }) - .await - .map_err(|e| Error::Internal(format!("Server run failed: {}", e))) + let listener = tokio::net::TcpListener::bind(&self.address).await.unwrap(); + axum::serve( + listener, + self.router + .into_make_service_with_connect_info::(), + ) + .with_graceful_shutdown(async move { + cancellation_token.cancelled().await; + info!("Shutdown signal received, terminating graphql service"); + }) + .await + .map_err(|e| Error::Internal(format!("Server run failed: {}", e))) }) }; @@ -339,7 +342,7 @@ impl ServerBuilder { state.cancellation_token.clone(), ); - let app = router + let router = router .route_layer(middleware::from_fn_with_state( state.version, set_version_middleware, @@ -353,12 +356,8 @@ impl ServerBuilder { .layer(Self::cors()?); Ok(Server { - server: axum::Server::bind( - &address - .parse() - .map_err(|_| Error::Internal(format!("Failed to parse address {}", address)))?, - ) - .serve(app.into_make_service_with_connect_info::()), + router, + address, watermark_task, system_package_task, trigger_exchange_rates_task, diff --git a/crates/sui-graphql-rpc/src/server/version.rs b/crates/sui-graphql-rpc/src/server/version.rs index 46b7bf32be05b..0dcb46a5ba891 100644 --- a/crates/sui-graphql-rpc/src/server/version.rs +++ b/crates/sui-graphql-rpc/src/server/version.rs @@ -2,12 +2,13 @@ // SPDX-License-Identifier: Apache-2.0 use axum::{ + body::Body, extract::{Path, State}, - headers, http::{HeaderName, HeaderValue, Request, StatusCode}, middleware::Next, response::{IntoResponse, Response}, }; +use axum_extra::headers; use crate::{ config::Version, @@ -49,11 +50,11 @@ impl headers::Header for SuiRpcVersion { /// that this instance of the RPC matches that version constraint. Each RPC instance only supports /// one version of the RPC software, and it is the responsibility of the load balancer to make sure /// version constraints are met. -pub(crate) async fn check_version_middleware( +pub(crate) async fn check_version_middleware( version: Option>, State(service_version): State, - request: Request, - next: Next, + request: Request, + next: Next, ) -> Response { let Some(Path(version)) = version else { return next.run(request).await; @@ -91,10 +92,10 @@ pub(crate) async fn check_version_middleware( /// Mark every outgoing response with a header indicating the precise version of the RPC that was /// used (including the patch version and sha). -pub(crate) async fn set_version_middleware( +pub(crate) async fn set_version_middleware( State(version): State, - request: Request, - next: Next, + request: Request, + next: Next, ) -> Response { let mut response = next.run(request).await; let headers = response.headers_mut(); @@ -196,7 +197,9 @@ mod tests { } async fn response_body(response: Response) -> String { - let bytes = hyper::body::to_bytes(response.into_body()).await.unwrap(); + let bytes = axum::body::to_bytes(response.into_body(), usize::MAX) + .await + .unwrap(); let value: serde_json::Value = serde_json::from_slice(bytes.as_ref()).unwrap(); serde_json::to_string_pretty(&value).unwrap() } diff --git a/crates/sui-graphql-rpc/tests/snapshots/snapshot_tests__schema_sdl_export.snap b/crates/sui-graphql-rpc/tests/snapshots/snapshot_tests__schema_sdl_export.snap index 7746f8124de1c..fae839c9b487a 100644 --- a/crates/sui-graphql-rpc/tests/snapshots/snapshot_tests__schema_sdl_export.snap +++ b/crates/sui-graphql-rpc/tests/snapshots/snapshot_tests__schema_sdl_export.snap @@ -4406,6 +4406,8 @@ type ZkLoginVerifyResult { errors: [String!]! } +directive @include(if: Boolean!) on FIELD | FRAGMENT_SPREAD | INLINE_FRAGMENT +directive @skip(if: Boolean!) on FIELD | FRAGMENT_SPREAD | INLINE_FRAGMENT schema { query: Query mutation: Mutation diff --git a/crates/sui-indexer/src/metrics.rs b/crates/sui-indexer/src/metrics.rs index 67dbf7fe1ff43..36d788f5fd580 100644 --- a/crates/sui-indexer/src/metrics.rs +++ b/crates/sui-indexer/src/metrics.rs @@ -40,10 +40,8 @@ pub fn start_prometheus_server( .layer(Extension(registry_service.clone())); tokio::spawn(async move { - axum::Server::bind(&addr) - .serve(app.into_make_service()) - .await - .unwrap(); + let listener = tokio::net::TcpListener::bind(&addr).await.unwrap(); + axum::serve(listener, app).await.unwrap(); }); Ok((registry_service, registry)) } diff --git a/crates/sui-json-rpc-tests/tests/routing_tests.rs b/crates/sui-json-rpc-tests/tests/routing_tests.rs index 12d8c82795336..c5bc6a23edae8 100644 --- a/crates/sui-json-rpc-tests/tests/routing_tests.rs +++ b/crates/sui-json-rpc-tests/tests/routing_tests.rs @@ -2,11 +2,10 @@ // SPDX-License-Identifier: Apache-2.0 use async_trait::async_trait; -use hyper::header::HeaderValue; -use hyper::HeaderMap; use jsonrpsee::core::client::ClientT; use jsonrpsee::core::RpcResult; use jsonrpsee::http_client::HttpClientBuilder; +use jsonrpsee::http_client::{HeaderMap, HeaderValue}; use jsonrpsee::proc_macros::rpc; use jsonrpsee::rpc_params; use jsonrpsee::RpcModule; diff --git a/crates/sui-json-rpc/Cargo.toml b/crates/sui-json-rpc/Cargo.toml index e03790cecfaa4..25ddb1b48ea60 100644 --- a/crates/sui-json-rpc/Cargo.toml +++ b/crates/sui-json-rpc/Cargo.toml @@ -12,6 +12,7 @@ chrono.workspace = true fastcrypto.workspace = true jsonrpsee.workspace = true hyper.workspace = true +http-body = "0.4" itertools.workspace = true indexmap.workspace = true tower.workspace = true diff --git a/crates/sui-json-rpc/src/axum_router.rs b/crates/sui-json-rpc/src/axum_router.rs index c46cc04a74494..8ddebab687b2c 100644 --- a/crates/sui-json-rpc/src/axum_router.rs +++ b/crates/sui-json-rpc/src/axum_router.rs @@ -7,6 +7,7 @@ use std::{net::SocketAddr, sync::Arc}; use sui_types::traffic_control::RemoteFirewallConfig; use axum::extract::{ConnectInfo, Json, State}; +use axum::response::Response; use futures::StreamExt; use hyper::header::HeaderValue; use hyper::HeaderMap; @@ -101,12 +102,12 @@ impl JsonRpcService { } /// Create a response body. -fn from_template>( +fn from_template>( status: hyper::StatusCode, body: S, content_type: &'static str, -) -> hyper::Response { - hyper::Response::builder() +) -> Response { + Response::builder() .status(status) .header( "content-type", @@ -119,7 +120,7 @@ fn from_template>( } /// Create a valid JSON response. -pub(crate) fn ok_response(body: String) -> hyper::Response { +pub(crate) fn ok_response(body: String) -> Response { const JSON: &str = "application/json; charset=utf-8"; from_template(hyper::StatusCode::OK, body, JSON) } diff --git a/crates/sui-json-rpc/src/lib.rs b/crates/sui-json-rpc/src/lib.rs index 694cb2ff3e17b..08adfcfa44469 100644 --- a/crates/sui-json-rpc/src/lib.rs +++ b/crates/sui-json-rpc/src/lib.rs @@ -5,9 +5,9 @@ use std::env; use std::net::SocketAddr; use std::str::FromStr; +use axum::body::Body; use hyper::header::HeaderName; use hyper::header::HeaderValue; -use hyper::Body; use hyper::Method; use hyper::Request; use jsonrpsee::RpcModule; @@ -127,7 +127,7 @@ impl JsonRpcServerBuilder { fn trace_layer() -> TraceLayer< tower_http::classify::SharedClassifier, - impl tower_http::trace::MakeSpan + Clone, + impl tower_http::trace::MakeSpan + Clone, (), (), (), @@ -259,13 +259,18 @@ impl JsonRpcServerBuilder { ) -> Result { let app = self.to_router(server_type).await?; - let server = axum::Server::bind(&listen_address) - .serve(app.into_make_service_with_connect_info::()); - - let addr = server.local_addr(); + let listener = tokio::net::TcpListener::bind(&listen_address) + .await + .unwrap(); + let addr = listener.local_addr().unwrap(); let handle = tokio::spawn(async move { - server.await.unwrap(); + axum::serve( + listener, + app.into_make_service_with_connect_info::(), + ) + .await + .unwrap(); if let Some(cancel) = cancel { // Signal that the server is shutting down, so other tasks can clean-up. cancel.cancel(); diff --git a/crates/sui-json-rpc/src/metrics.rs b/crates/sui-json-rpc/src/metrics.rs index d4d693301906c..26b8bd6a745f1 100644 --- a/crates/sui-json-rpc/src/metrics.rs +++ b/crates/sui-json-rpc/src/metrics.rs @@ -1,10 +1,10 @@ // Copyright (c) Mysten Labs, Inc. // SPDX-License-Identifier: Apache-2.0 -use hyper::body::HttpBody; use std::collections::HashSet; use std::net::SocketAddr; +use http_body::Body; use jsonrpsee::server::logger::{HttpRequest, Logger, MethodKind, TransportProtocol}; use jsonrpsee::types::Params; use prometheus::{ diff --git a/crates/sui-node/src/admin.rs b/crates/sui-node/src/admin.rs index af0d710e229b4..228707cebd2b4 100644 --- a/crates/sui-node/src/admin.rs +++ b/crates/sui-node/src/admin.rs @@ -128,10 +128,15 @@ pub async fn run_admin_server(node: Arc, port: u16, tracing_handle: Tra "starting admin server" ); - axum::Server::bind(&socket_address) - .serve(app.into_make_service_with_connect_info::()) + let listener = tokio::net::TcpListener::bind(&socket_address) .await - .unwrap() + .unwrap(); + axum::serve( + listener, + app.into_make_service_with_connect_info::(), + ) + .await + .unwrap(); } #[derive(Deserialize)] diff --git a/crates/sui-node/src/lib.rs b/crates/sui-node/src/lib.rs index 46badb2d4ce1f..fb2b4f8416329 100644 --- a/crates/sui-node/src/lib.rs +++ b/crates/sui-node/src/lib.rs @@ -2044,11 +2044,19 @@ pub async fn build_http_server( .nest("/v2", rest_router); } - let server = axum::Server::bind(&config.json_rpc_address) - .serve(router.into_make_service_with_connect_info::()); + let listener = tokio::net::TcpListener::bind(&config.json_rpc_address) + .await + .unwrap(); + let addr = listener.local_addr().unwrap(); - let addr = server.local_addr(); - let handle = tokio::spawn(async move { server.await.unwrap() }); + let handle = tokio::spawn(async move { + axum::serve( + listener, + router.into_make_service_with_connect_info::(), + ) + .await + .unwrap() + }); info!(local_addr =? addr, "Sui JSON-RPC server listening on {addr}"); diff --git a/crates/sui-proxy/Cargo.toml b/crates/sui-proxy/Cargo.toml index 1441e047fa56c..2a05739c8491a 100644 --- a/crates/sui-proxy/Cargo.toml +++ b/crates/sui-proxy/Cargo.toml @@ -8,6 +8,7 @@ edition = "2021" [dependencies] axum.workspace = true +axum-extra.workspace = true axum-server.workspace = true anyhow.workspace = true bytes.workspace = true @@ -37,7 +38,6 @@ rustls.workspace = true rustls-pemfile.workspace = true prost.workspace = true once_cell.workspace = true -http-body.workspace = true hex.workspace = true ipnetwork.workspace = true diff --git a/crates/sui-proxy/src/admin.rs b/crates/sui-proxy/src/admin.rs index 5516c98ab16f1..d6f149d043a51 100644 --- a/crates/sui-proxy/src/admin.rs +++ b/crates/sui-proxy/src/admin.rs @@ -166,28 +166,26 @@ pub fn generate_self_cert(hostname: String) -> CertKeyPair { } /// Load a certificate for use by the listening service -fn load_certs(filename: &str) -> Vec { +fn load_certs(filename: &str) -> Vec> { let certfile = fs::File::open(filename) .unwrap_or_else(|e| panic!("cannot open certificate file: {}; {}", filename, e)); let mut reader = BufReader::new(certfile); rustls_pemfile::certs(&mut reader) + .collect::, _>>() .unwrap() - .iter() - .map(|v| rustls::Certificate(v.clone())) - .collect() } /// Load a private key -fn load_private_key(filename: &str) -> rustls::PrivateKey { +fn load_private_key(filename: &str) -> rustls::pki_types::PrivateKeyDer<'static> { let keyfile = fs::File::open(filename) .unwrap_or_else(|e| panic!("cannot open private key file {}; {}", filename, e)); let mut reader = BufReader::new(keyfile); loop { match rustls_pemfile::read_one(&mut reader).expect("cannot parse private key .pem file") { - Some(rustls_pemfile::Item::RSAKey(key)) => return rustls::PrivateKey(key), - Some(rustls_pemfile::Item::PKCS8Key(key)) => return rustls::PrivateKey(key), - Some(rustls_pemfile::Item::ECKey(key)) => return rustls::PrivateKey(key), + Some(rustls_pemfile::Item::Pkcs1Key(key)) => return key.into(), + Some(rustls_pemfile::Item::Pkcs8Key(key)) => return key.into(), + Some(rustls_pemfile::Item::Sec1Key(key)) => return key.into(), None => break, _ => {} } diff --git a/crates/sui-proxy/src/histogram_relay.rs b/crates/sui-proxy/src/histogram_relay.rs index 5ed3e302cce6c..41635819fefb9 100644 --- a/crates/sui-proxy/src/histogram_relay.rs +++ b/crates/sui-proxy/src/histogram_relay.rs @@ -45,7 +45,7 @@ static RELAY_DURATION: Lazy = Lazy::new(|| { // Creates a new http server that has as a sole purpose to expose // and endpoint that prometheus agent can use to poll for the metrics. // A RegistryService is returned that can be used to get access in prometheus Registries. -pub fn start_prometheus_server(addr: TcpListener) -> HistogramRelay { +pub fn start_prometheus_server(listener: TcpListener) -> HistogramRelay { let relay = HistogramRelay::new(); let app = Router::new() .route(METRICS_ROUTE, get(metrics)) @@ -61,11 +61,9 @@ pub fn start_prometheus_server(addr: TcpListener) -> HistogramRelay { ); tokio::spawn(async move { - axum::Server::from_tcp(addr) - .unwrap() - .serve(app.into_make_service()) - .await - .unwrap(); + listener.set_nonblocking(true).unwrap(); + let listener = tokio::net::TcpListener::from_std(listener).unwrap(); + axum::serve(listener, app).await.unwrap(); }); relay } diff --git a/crates/sui-proxy/src/lib.rs b/crates/sui-proxy/src/lib.rs index c858b4568ef2d..149eba1a31156 100644 --- a/crates/sui-proxy/src/lib.rs +++ b/crates/sui-proxy/src/lib.rs @@ -61,11 +61,9 @@ mod tests { let app = Router::new().route("/v1/push", post(handler)); // run it - axum::Server::from_tcp(listener) - .unwrap() - .serve(app.into_make_service()) - .await - .unwrap(); + listener.set_nonblocking(true).unwrap(); + let listener = tokio::net::TcpListener::from_std(listener).unwrap(); + axum::serve(listener, app).await.unwrap(); } /// axum_acceptor is a basic e2e test that creates a mock remote_write post endpoint and has a simple diff --git a/crates/sui-proxy/src/metrics.rs b/crates/sui-proxy/src/metrics.rs index 5ee5110e9db30..063d7fefd967c 100644 --- a/crates/sui-proxy/src/metrics.rs +++ b/crates/sui-proxy/src/metrics.rs @@ -14,7 +14,7 @@ const METRICS_ROUTE: &str = "/metrics"; // Creates a new http server that has as a sole purpose to expose // and endpoint that prometheus agent can use to poll for the metrics. // A RegistryService is returned that can be used to get access in prometheus Registries. -pub fn start_prometheus_server(addr: TcpListener) -> RegistryService { +pub fn start_prometheus_server(listener: TcpListener) -> RegistryService { let registry = Registry::new(); let registry_service = RegistryService::new(registry); @@ -33,11 +33,9 @@ pub fn start_prometheus_server(addr: TcpListener) -> RegistryService { ); tokio::spawn(async move { - axum::Server::from_tcp(addr) - .unwrap() - .serve(app.into_make_service()) - .await - .unwrap(); + listener.set_nonblocking(true).unwrap(); + let listener = tokio::net::TcpListener::from_std(listener).unwrap(); + axum::serve(listener, app).await.unwrap(); }); registry_service diff --git a/crates/sui-proxy/src/middleware.rs b/crates/sui-proxy/src/middleware.rs index 6af09d11ed6ae..840deb9ef1a20 100644 --- a/crates/sui-proxy/src/middleware.rs +++ b/crates/sui-proxy/src/middleware.rs @@ -3,14 +3,15 @@ use crate::{consumer::ProtobufDecoder, peers::SuiNodeProvider}; use axum::{ async_trait, + body::Body, body::Bytes, extract::{Extension, FromRequest}, - headers::{ContentLength, ContentType}, http::{Request, StatusCode}, middleware::Next, response::Response, - BoxError, TypedHeader, }; +use axum_extra::headers::{ContentLength, ContentType}; +use axum_extra::typed_header::TypedHeader; use bytes::Buf; use hyper::header::CONTENT_ENCODING; use once_cell::sync::Lazy; @@ -38,20 +39,20 @@ static MIDDLEWARE_HEADERS: Lazy = Lazy::new(|| { }); /// we expect sui-node to send us an http header content-length encoding. -pub async fn expect_content_length( +pub async fn expect_content_length( TypedHeader(content_length): TypedHeader, - request: Request, - next: Next, + request: Request, + next: Next, ) -> Result { MIDDLEWARE_HEADERS.with_label_values(&["content-length", &format!("{}", content_length.0)]); Ok(next.run(request).await) } /// we expect sui-node to send us an http header content-type encoding. -pub async fn expect_mysten_proxy_header( +pub async fn expect_mysten_proxy_header( TypedHeader(content_type): TypedHeader, - request: Request, - next: Next, + request: Request, + next: Next, ) -> Result { match format!("{content_type}").as_str() { prometheus::PROTOBUF_FORMAT => Ok(next.run(request).await), @@ -67,11 +68,11 @@ pub async fn expect_mysten_proxy_header( /// we expect that calling sui-nodes are known on the blockchain and we enforce /// their pub key tls creds here -pub async fn expect_valid_public_key( +pub async fn expect_valid_public_key( Extension(allower): Extension>, Extension(tls_connect_info): Extension, - mut request: Request, - next: Next, + mut request: Request, + next: Next, ) -> Result { let Some(public_key) = tls_connect_info.public_key() else { error!("unable to obtain public key from connecting client"); @@ -99,16 +100,16 @@ pub async fn expect_valid_public_key( pub struct LenDelimProtobuf(pub Vec); #[async_trait] -impl FromRequest for LenDelimProtobuf +impl FromRequest for LenDelimProtobuf where S: Send + Sync, - B: http_body::Body + Send + 'static, - B::Data: Send, - B::Error: Into, { type Rejection = (StatusCode, String); - async fn from_request(req: Request, state: &S) -> Result { + async fn from_request( + req: Request, + state: &S, + ) -> Result { let should_be_snappy = req .headers() .get(CONTENT_ENCODING) diff --git a/crates/sui-rest-api/Cargo.toml b/crates/sui-rest-api/Cargo.toml index eb9e78ab71dfe..95e375770bd2a 100644 --- a/crates/sui-rest-api/Cargo.toml +++ b/crates/sui-rest-api/Cargo.toml @@ -18,6 +18,7 @@ serde_yaml.workspace = true serde_with.workspace = true tap.workspace = true thiserror.workspace = true +tokio.workspace = true async-trait.workspace = true itertools.workspace = true sui-sdk2.workspace = true @@ -32,5 +33,4 @@ sui-protocol-config.workspace = true [dev-dependencies] -tokio.workspace = true diffy = "0.3" diff --git a/crates/sui-rest-api/src/accept.rs b/crates/sui-rest-api/src/accept.rs index 0348388cc60ba..b4a0d954660cd 100644 --- a/crates/sui-rest-api/src/accept.rs +++ b/crates/sui-rest-api/src/accept.rs @@ -96,7 +96,7 @@ mod tests { header::ACCEPT, "text/html, text/yaml;q=0.5, application/xhtml+xml, application/xml;q=0.9, */*;q=0.1", ) - .body(()) + .body(axum::body::Body::empty()) .unwrap(); let accept = Accept::from_request(req, &()).await.unwrap(); assert_eq!( @@ -115,14 +115,14 @@ mod tests { async fn test_accept_format() { let req = Request::builder() .header(header::ACCEPT, "*/*, application/bcs") - .body(()) + .body(axum::body::Body::empty()) .unwrap(); let accept = AcceptFormat::from_request(req, &()).await.unwrap(); assert_eq!(accept, AcceptFormat::Bcs); let req = Request::builder() .header(header::ACCEPT, "*/*") - .body(()) + .body(axum::body::Body::empty()) .unwrap(); let accept = AcceptFormat::from_request(req, &()).await.unwrap(); assert_eq!(accept, AcceptFormat::Json); diff --git a/crates/sui-rest-api/src/lib.rs b/crates/sui-rest-api/src/lib.rs index f0926fe79e6cc..9efd7f35325a1 100644 --- a/crates/sui-rest-api/src/lib.rs +++ b/crates/sui-rest-api/src/lib.rs @@ -169,10 +169,8 @@ impl RestService { app = Router::new().nest(&base, app); } - axum::Server::bind(&socket_address) - .serve(app.into_make_service()) - .await - .unwrap(); + let listener = tokio::net::TcpListener::bind(socket_address).await.unwrap(); + axum::serve(listener, app).await.unwrap(); } } @@ -285,9 +283,9 @@ mod test { let router = openapi::OpenApiDocument::new(openapi).into_router(); - axum::Server::bind(&"127.0.0.1:8000".parse().unwrap()) - .serve(router.into_make_service()) + let listener = tokio::net::TcpListener::bind("127.0.0.1:8000") .await .unwrap(); + axum::serve(listener, router).await.unwrap(); } } diff --git a/crates/sui-rest-api/src/response.rs b/crates/sui-rest-api/src/response.rs index deb57c8dd5dcf..5b3866d68db18 100644 --- a/crates/sui-rest-api/src/response.rs +++ b/crates/sui-rest-api/src/response.rs @@ -52,17 +52,17 @@ where } #[axum::async_trait] -impl axum::extract::FromRequest for Bcs +impl axum::extract::FromRequest for Bcs where T: serde::de::DeserializeOwned, S: Send + Sync, - B: axum::body::HttpBody + Send + 'static, - B::Data: Send, - B::Error: Into, { type Rejection = BcsRejection; - async fn from_request(req: axum::http::Request, state: &S) -> Result { + async fn from_request( + req: axum::http::Request, + state: &S, + ) -> Result { if bcs_content_type(req.headers()) { let bytes = axum::body::Bytes::from_request(req, state) .await diff --git a/crates/sui-rosetta/src/lib.rs b/crates/sui-rosetta/src/lib.rs index 1a1cbd34e07a2..9887a8b95a8ca 100644 --- a/crates/sui-rosetta/src/lib.rs +++ b/crates/sui-rosetta/src/lib.rs @@ -7,10 +7,8 @@ use std::sync::Arc; use axum::routing::post; use axum::{Extension, Router}; use once_cell::sync::Lazy; -use tokio::task::JoinHandle; use tracing::info; -use mysten_metrics::spawn_monitored_task; use sui_sdk::SuiClient; use crate::errors::Error; @@ -46,7 +44,7 @@ impl RosettaOnlineServer { } } - pub fn serve(self, addr: SocketAddr) -> JoinHandle> { + pub async fn serve(self, addr: SocketAddr) { // Online endpoints let app = Router::new() .route("/account/balance", post(account::balance)) @@ -60,12 +58,14 @@ impl RosettaOnlineServer { .route("/network/options", post(network::options)) .layer(Extension(self.env)) .with_state(self.context); - let server = axum::Server::bind(&addr).serve(app.into_make_service()); + + let listener = tokio::net::TcpListener::bind(&addr).await.unwrap(); + info!( "Sui Rosetta online server listening on {}", - server.local_addr() + listener.local_addr().unwrap() ); - spawn_monitored_task!(server) + axum::serve(listener, app).await.unwrap(); } } @@ -78,7 +78,7 @@ impl RosettaOfflineServer { Self { env } } - pub fn serve(self, addr: SocketAddr) -> JoinHandle> { + pub async fn serve(self, addr: SocketAddr) { // Online endpoints let app = Router::new() .route("/construction/derive", post(construction::derive)) @@ -90,11 +90,12 @@ impl RosettaOfflineServer { .route("/network/list", post(network::list)) .route("/network/options", post(network::options)) .layer(Extension(self.env)); - let server = axum::Server::bind(&addr).serve(app.into_make_service()); + let listener = tokio::net::TcpListener::bind(&addr).await.unwrap(); + info!( "Sui Rosetta offline server listening on {}", - server.local_addr() + listener.local_addr().unwrap() ); - spawn_monitored_task!(server) + axum::serve(listener, app).await.unwrap(); } } diff --git a/crates/sui-rosetta/src/main.rs b/crates/sui-rosetta/src/main.rs index 2ef4d8e0b7efb..e666929c546df 100644 --- a/crates/sui-rosetta/src/main.rs +++ b/crates/sui-rosetta/src/main.rs @@ -129,7 +129,7 @@ impl RosettaServerCommand { RosettaServerCommand::StartOfflineServer { env, addr } => { info!("Starting Rosetta Offline Server."); let server = RosettaOfflineServer::new(env); - server.serve(addr).await??; + server.serve(addr).await; } RosettaServerCommand::StartOnlineRemoteServer { env, @@ -144,7 +144,7 @@ impl RosettaServerCommand { let rosetta_path = data_path.join("rosetta_db"); info!("Rosetta db path : {rosetta_path:?}"); let rosetta = RosettaOnlineServer::new(env, sui_client); - rosetta.serve(addr).await??; + rosetta.serve(addr).await; } RosettaServerCommand::StartOnlineServer { @@ -177,7 +177,7 @@ impl RosettaServerCommand { let rosetta_path = data_path.join("rosetta_db"); info!("Rosetta db path : {rosetta_path:?}"); let rosetta = RosettaOnlineServer::new(env, sui_client); - rosetta.serve(addr).await??; + rosetta.serve(addr).await; } }; Ok(()) diff --git a/crates/sui-rosetta/tests/rosetta_client.rs b/crates/sui-rosetta/tests/rosetta_client.rs index 855fb4d86dcbe..05c3703c0a584 100644 --- a/crates/sui-rosetta/tests/rosetta_client.rs +++ b/crates/sui-rosetta/tests/rosetta_client.rs @@ -28,18 +28,24 @@ use sui_sdk::SuiClient; use sui_types::base_types::SuiAddress; use sui_types::crypto::SuiSignature; -pub async fn start_rosetta_test_server( - client: SuiClient, -) -> (RosettaClient, Vec>>) { +pub async fn start_rosetta_test_server(client: SuiClient) -> (RosettaClient, Vec>) { let online_server = RosettaOnlineServer::new(SuiEnv::LocalNet, client); let offline_server = RosettaOfflineServer::new(SuiEnv::LocalNet); let local_ip = local_ip_utils::localhost_for_testing(); let port = local_ip_utils::get_available_port(&local_ip); let rosetta_address = format!("{}:{}", local_ip, port); - let online_handle = online_server.serve(SocketAddr::from_str(&rosetta_address).unwrap()); + let online_handle = tokio::spawn(async move { + online_server + .serve(SocketAddr::from_str(&rosetta_address).unwrap()) + .await + }); let offline_port = local_ip_utils::get_available_port(&local_ip); let offline_address = format!("{}:{}", local_ip, offline_port); - let offline_handle = offline_server.serve(SocketAddr::from_str(&offline_address).unwrap()); + let offline_handle = tokio::spawn(async move { + offline_server + .serve(SocketAddr::from_str(&offline_address).unwrap()) + .await + }); // allow rosetta to process the genesis block. tokio::task::yield_now().await; diff --git a/crates/sui-source-validation-service/Cargo.toml b/crates/sui-source-validation-service/Cargo.toml index 56b3b24c04e8b..53dc311ffc3d2 100644 --- a/crates/sui-source-validation-service/Cargo.toml +++ b/crates/sui-source-validation-service/Cargo.toml @@ -16,7 +16,7 @@ name = "sui-source-validation-service" [dependencies] anyhow = { version = "1.0.64", features = ["backtrace"] } clap.workspace = true -hyper = "0.14" +hyper.workspace = true jsonrpsee.workspace = true tempfile = "3.3.0" tokio = { workspace = true, features = ["macros", "rt-multi-thread"] } diff --git a/crates/sui-source-validation-service/src/lib.rs b/crates/sui-source-validation-service/src/lib.rs index c866ad899012d..2654a92f72373 100644 --- a/crates/sui-source-validation-service/src/lib.rs +++ b/crates/sui-source-validation-service/src/lib.rs @@ -14,11 +14,10 @@ use tokio::sync::oneshot::Sender; use anyhow::{anyhow, bail}; use axum::extract::{Query, State}; use axum::response::{IntoResponse, Response}; -use axum::routing::{get, IntoMakeService}; +use axum::routing::get; use axum::Extension; -use axum::{Json, Router, Server}; +use axum::{Json, Router}; use hyper::http::{HeaderName, HeaderValue, Method}; -use hyper::server::conn::AddrIncoming; use hyper::{HeaderMap, StatusCode}; use mysten_metrics::RegistryService; use prometheus::{register_int_counter_with_registry, IntCounter, Registry}; @@ -445,9 +444,7 @@ pub struct AppState { pub sources_list: NetworkLookup, } -pub fn serve( - app_state: Arc>, -) -> anyhow::Result>> { +pub async fn serve(app_state: Arc>) -> anyhow::Result<()> { let app = Router::new() .route("/api", get(api_route)) .route("/api/list", get(list_route)) @@ -462,7 +459,10 @@ pub fn serve( ) .with_state(app_state); let listener = TcpListener::bind(host_port())?; - Ok(Server::from_tcp(listener)?.serve(app.into_make_service())) + listener.set_nonblocking(true).unwrap(); + let listener = tokio::net::TcpListener::from_std(listener)?; + axum::serve(listener, app).await?; + Ok(()) } #[derive(Deserialize)] @@ -535,10 +535,10 @@ async fn api_route( } } -async fn check_version_header( +async fn check_version_header( headers: HeaderMap, - req: hyper::Request, - next: Next, + req: hyper::Request, + next: Next, ) -> Response { let version = headers .get(SUI_SOURCE_VALIDATION_VERSION_HEADER) @@ -599,7 +599,7 @@ impl SourceServiceMetrics { } } -pub fn start_prometheus_server(addr: TcpListener) -> RegistryService { +pub fn start_prometheus_server(listener: TcpListener) -> RegistryService { let registry = Registry::new(); let registry_service = RegistryService::new(registry); @@ -609,11 +609,9 @@ pub fn start_prometheus_server(addr: TcpListener) -> RegistryService { .layer(Extension(registry_service.clone())); tokio::spawn(async move { - axum::Server::from_tcp(addr) - .unwrap() - .serve(app.into_make_service()) - .await - .unwrap(); + listener.set_nonblocking(true).unwrap(); + let listener = tokio::net::TcpListener::from_std(listener).unwrap(); + axum::serve(listener, app).await.unwrap(); }); registry_service diff --git a/crates/sui-source-validation-service/src/main.rs b/crates/sui-source-validation-service/src/main.rs index a49fe85017f18..2039976e950d7 100644 --- a/crates/sui-source-validation-service/src/main.rs +++ b/crates/sui-source-validation-service/src/main.rs @@ -80,7 +80,7 @@ pub async fn main() -> anyhow::Result<()> { } let app_state_copy = app_state.clone(); - let server = tokio::spawn(async { serve(app_state_copy)?.await.map_err(anyhow::Error::from) }); + let server = tokio::spawn(async { serve(app_state_copy).await }); threads.push(server); info!("serving on {}", host_port()); for t in threads { diff --git a/crates/sui-source-validation-service/tests/tests.rs b/crates/sui-source-validation-service/tests/tests.rs index 3fe162b11ccdd..bc6c06c2190b2 100644 --- a/crates/sui-source-validation-service/tests/tests.rs +++ b/crates/sui-source-validation-service/tests/tests.rs @@ -299,7 +299,8 @@ async fn test_api_route() -> anyhow::Result<()> { metrics: None, sources_list, })); - tokio::spawn(serve(app_state).expect("Cannot start service.")); + tokio::spawn(async move { serve(app_state).await.expect("Cannot start service.") }); + tokio::time::sleep(std::time::Duration::from_secs(1)).await; let client = Client::new(); diff --git a/crates/sui-storage/Cargo.toml b/crates/sui-storage/Cargo.toml index 77a34512daf46..9536a8d64746a 100644 --- a/crates/sui-storage/Cargo.toml +++ b/crates/sui-storage/Cargo.toml @@ -55,6 +55,7 @@ move-binary-format.workspace = true move-bytecode-utils.workspace = true [dev-dependencies] +axum.workspace = true anyhow.workspace = true criterion.workspace = true tempfile.workspace = true diff --git a/crates/sui-storage/tests/key_value_tests.rs b/crates/sui-storage/tests/key_value_tests.rs index 8d3fb1b051917..5e2957c290d14 100644 --- a/crates/sui-storage/tests/key_value_tests.rs +++ b/crates/sui-storage/tests/key_value_tests.rs @@ -428,13 +428,9 @@ async fn test_get_tx_from_fallback() { #[cfg(msim)] mod simtests { - use super::*; - use hyper::{ - service::{make_service_fn, service_fn}, - Body, Request, Response, Server, - }; - use std::convert::Infallible; + use axum::routing::get; + use axum::{body::Body, extract::Request, extract::State, response::Response}; use std::net::SocketAddr; use std::sync::Mutex; use std::time::{Duration, Instant}; @@ -443,6 +439,23 @@ mod simtests { use sui_storage::http_key_value_store::*; use tracing::info; + async fn svc( + State(state): State>>>>, + request: Request, + ) -> Response { + let path = request.uri().path().to_string(); + let key = path.trim_start_matches('/'); + let value = state.lock().unwrap().get(key).cloned(); + info!("Got request for key: {:?}, value: {:?}", key, value); + match value { + Some(v) => Response::new(Body::from(v)), + None => Response::builder() + .status(hyper::StatusCode::NOT_FOUND) + .body(Body::empty()) + .unwrap(), + } + } + async fn test_server(data: Arc>>>) { let handle = sui_simulator::runtime::Handle::current(); let builder = handle.create_node(); @@ -456,41 +469,12 @@ mod simtests { let data = data.clone(); let startup_sender = startup_sender.clone(); async move { - let make_svc = make_service_fn(move |_| { - let data = data.clone(); - async { - Ok::<_, Infallible>(service_fn(move |req: Request| { - let data = data.clone(); - async move { - let path = req.uri().path().to_string(); - let key = path.trim_start_matches('/'); - let value = data.lock().unwrap().get(key).cloned(); - info!("Got request for key: {:?}, value: {:?}", key, value); - match value { - Some(v) => { - Ok::<_, Infallible>(Response::new(Body::from(v))) - } - None => Ok::<_, Infallible>( - Response::builder() - .status(hyper::StatusCode::NOT_FOUND) - .body(Body::empty()) - .unwrap(), - ), - } - } - })) - } - }); - + let router = get(svc).with_state(data); let addr = SocketAddr::from(([10, 10, 10, 10], 8080)); - let server = Server::bind(&addr).serve(make_svc); - - let graceful = server.with_graceful_shutdown(async { - tokio::time::sleep(Duration::from_secs(86400)).await; - }); + let listener = tokio::net::TcpListener::bind(addr).await.unwrap(); tokio::spawn(async { - let _ = graceful.await; + axum::serve(listener, router).await.unwrap(); }); startup_sender.send(true).ok(); diff --git a/crates/sui-swarm/src/memory/container.rs b/crates/sui-swarm/src/memory/container.rs index 9833d150421a4..edbb5e4b4f146 100644 --- a/crates/sui-swarm/src/memory/container.rs +++ b/crates/sui-swarm/src/memory/container.rs @@ -43,8 +43,11 @@ impl Container { pub async fn spawn(config: NodeConfig, runtime: RuntimeType) -> Self { let (startup_sender, startup_receiver) = tokio::sync::oneshot::channel(); let (cancel_sender, cancel_receiver) = tokio::sync::oneshot::channel(); + let name = AuthorityPublicKeyBytes::from(config.protocol_key_pair().public()) + .concise() + .to_string(); - let thread = thread::spawn(move || { + let thread = thread::Builder::new().name(name).spawn(move || { let span = if get_global_telemetry_config() .map(|c| c.enable_otlp_tracing) .unwrap_or(false) @@ -103,7 +106,7 @@ impl Container { trace!("cancellation received; shutting down thread"); }); - }); + }).unwrap(); let node = startup_receiver.await.unwrap(); diff --git a/crates/sui-swarm/src/memory/node.rs b/crates/sui-swarm/src/memory/node.rs index 2c92966d74ca7..5cc10a6b1f7b5 100644 --- a/crates/sui-swarm/src/memory/node.rs +++ b/crates/sui-swarm/src/memory/node.rs @@ -72,6 +72,7 @@ impl Node { pub fn stop(&self) { info!(name =% self.name().concise(), "stopping in-memory node"); *self.container.lock().unwrap() = None; + info!(name =% self.name().concise(), "node stopped"); } /// If this Node is currently running diff --git a/crates/sui-swarm/src/memory/swarm.rs b/crates/sui-swarm/src/memory/swarm.rs index d6a4cb2c7911b..5c0df441d2a03 100644 --- a/crates/sui-swarm/src/memory/swarm.rs +++ b/crates/sui-swarm/src/memory/swarm.rs @@ -578,5 +578,7 @@ mod test { for fullnode in swarm.fullnodes() { fullnode.health_check(false).await.unwrap(); } + + println!("hello"); } } diff --git a/crates/sui-tls/src/acceptor.rs b/crates/sui-tls/src/acceptor.rs index 8ea59cc62a052..04f84346199b7 100644 --- a/crates/sui-tls/src/acceptor.rs +++ b/crates/sui-tls/src/acceptor.rs @@ -7,6 +7,7 @@ use axum_server::{ tls_rustls::{RustlsAcceptor, RustlsConfig}, }; use fastcrypto::ed25519::Ed25519PublicKey; +use rustls::pki_types::CertificateDer; use std::{io, sync::Arc}; use tokio::io::{AsyncRead, AsyncWrite}; use tokio_rustls::server::TlsStream; @@ -15,7 +16,7 @@ use tower_layer::Layer; #[derive(Debug, Clone)] pub struct TlsConnectionInfo { sni_hostname: Option>, - peer_certificates: Option>, + peer_certificates: Option]>>, public_key: Option, } @@ -24,7 +25,7 @@ impl TlsConnectionInfo { self.sni_hostname.as_deref() } - pub fn peer_certificates(&self) -> Option<&[rustls::Certificate]> { + pub fn peer_certificates(&self) -> Option<&[CertificateDer<'static>]> { self.peer_certificates.as_deref() } diff --git a/crates/sui-tls/src/certgen.rs b/crates/sui-tls/src/certgen.rs index 80f8c8d494485..89ee06a4126ad 100644 --- a/crates/sui-tls/src/certgen.rs +++ b/crates/sui-tls/src/certgen.rs @@ -3,44 +3,43 @@ use fastcrypto::ed25519::{Ed25519PrivateKey, Ed25519PublicKey}; use pkcs8::EncodePrivateKey; -use rcgen::{CertificateParams, KeyPair, SignatureAlgorithm}; +use rcgen::{CertificateParams, KeyPair}; +use rustls::pki_types::CertificateDer; +use rustls::pki_types::PrivateKeyDer; pub struct SelfSignedCertificate { inner: rcgen::Certificate, + key: KeyPair, } impl SelfSignedCertificate { pub fn new(private_key: Ed25519PrivateKey, server_name: &str) -> Self { - Self { - inner: generate_self_signed_tls_certificate(private_key, server_name), - } + let (cert, key) = generate_self_signed_tls_certificate(private_key, server_name); + Self { inner: cert, key } } - pub fn rustls_certificate(&self) -> rustls::Certificate { - let cert_bytes = self.inner.serialize_der().unwrap(); - rustls::Certificate(cert_bytes) + pub fn rustls_certificate(&self) -> CertificateDer<'static> { + self.inner.der().to_owned() } - pub fn rustls_private_key(&self) -> rustls::PrivateKey { - let private_key_bytes = self.inner.serialize_private_key_der(); - rustls::PrivateKey(private_key_bytes) + pub fn rustls_private_key(&self) -> PrivateKeyDer<'static> { + PrivateKeyDer::Pkcs8(self.key.serialize_der().into()) } pub fn reqwest_identity(&self) -> reqwest::tls::Identity { - let pem = self.inner.serialize_pem().unwrap() + &self.inner.serialize_private_key_pem(); + let pem = self.inner.pem() + &self.key.serialize_pem(); reqwest::tls::Identity::from_pem(pem.as_ref()).unwrap() } pub fn reqwest_certificate(&self) -> reqwest::tls::Certificate { - let cert = self.inner.serialize_der().unwrap(); - reqwest::tls::Certificate::from_der(&cert).unwrap() + reqwest::tls::Certificate::from_der(self.inner.der()).unwrap() } } fn generate_self_signed_tls_certificate( private_key: Ed25519PrivateKey, server_name: &str, -) -> rcgen::Certificate { +) -> (rcgen::Certificate, KeyPair) { let keypair = ed25519::KeypairBytes { secret_key: private_key.0.to_bytes(), // ring cannot handle the optional public key that would be legal der here @@ -48,49 +47,29 @@ fn generate_self_signed_tls_certificate( public_key: None, }; - generate_cert(&keypair, server_name) -} - -fn generate_cert(keypair: &ed25519::KeypairBytes, server_name: &str) -> rcgen::Certificate { let pkcs8 = keypair.to_pkcs8_der().unwrap(); - let key_der = rustls::PrivateKey(pkcs8.as_bytes().to_vec()); - private_key_to_certificate(vec![server_name.to_owned()], &key_der).unwrap() -} + let key_der = PrivateKeyDer::Pkcs8(pkcs8.as_bytes().to_vec().into()); + let keypair = KeyPair::from_der_and_sign_algo(&key_der, &rcgen::PKCS_ED25519).unwrap(); -fn private_key_to_certificate( - subject_names: impl Into>, - private_key: &rustls::PrivateKey, -) -> Result { - let alg = &rcgen::PKCS_ED25519; - - let certificate = gen_certificate(subject_names, (private_key.0.as_ref(), alg))?; - Ok(certificate) + (generate_cert(&keypair, server_name), keypair) } -fn gen_certificate( - subject_names: impl Into>, - key_pair: (&[u8], &'static SignatureAlgorithm), -) -> Result { - let kp = KeyPair::from_der_and_sign_algo(key_pair.0, key_pair.1)?; - - let mut cert_params = CertificateParams::new(subject_names); - cert_params.key_pair = Some(kp); - cert_params.distinguished_name = rcgen::DistinguishedName::new(); - cert_params.alg = key_pair.1; - - let cert = rcgen::Certificate::from_params(cert_params).expect( - "unreachable! from_params should only fail if the key is incompatible with params.algo", - ); - Ok(cert) +fn generate_cert(keypair: &KeyPair, server_name: &str) -> rcgen::Certificate { + CertificateParams::new(vec![server_name.to_owned()]) + .unwrap() + .self_signed(keypair) + .expect( + "unreachable! from_params should only fail if the key is incompatible with params.algo", + ) } pub(crate) fn public_key_from_certificate( - certificate: &rustls::Certificate, + certificate: &CertificateDer, ) -> Result { use fastcrypto::traits::ToFromBytes; use x509_parser::{certificate::X509Certificate, prelude::FromDer}; - let cert = X509Certificate::from_der(certificate.0.as_ref()) + let cert = X509Certificate::from_der(certificate.as_ref()) .map_err(|e| rustls::Error::General(e.to_string()))?; let spki = cert.1.public_key(); let public_key_bytes = diff --git a/crates/sui-tls/src/lib.rs b/crates/sui-tls/src/lib.rs index 39d576959ab2b..91a6cb666b267 100644 --- a/crates/sui-tls/src/lib.rs +++ b/crates/sui-tls/src/lib.rs @@ -21,8 +21,10 @@ mod tests { use super::*; use fastcrypto::ed25519::Ed25519KeyPair; use fastcrypto::traits::KeyPair; - use rustls::client::ServerCertVerifier as _; - use rustls::server::ClientCertVerifier as _; + use rustls::client::danger::ServerCertVerifier as _; + use rustls::pki_types::ServerName; + use rustls::pki_types::UnixTime; + use rustls::server::danger::ClientCertVerifier as _; #[test] fn verify_allowall() { @@ -38,11 +40,7 @@ mod tests { // The bob passes validation verifier - .verify_client_cert( - &random_cert_bob.rustls_certificate(), - &[], - std::time::SystemTime::now(), - ) + .verify_client_cert(&random_cert_bob.rustls_certificate(), &[], UnixTime::now()) .unwrap(); // The alice passes validation @@ -50,7 +48,7 @@ mod tests { .verify_client_cert( &random_cert_alice.rustls_certificate(), &[], - std::time::SystemTime::now(), + UnixTime::now(), ) .unwrap(); } @@ -74,10 +72,9 @@ mod tests { .verify_server_cert( &random_cert_bob.rustls_certificate(), &[], - &rustls::ServerName::try_from("example.com").unwrap(), - &mut Vec::<&[u8]>::new().iter().cloned(), + &ServerName::try_from("example.com").unwrap(), &[], - std::time::SystemTime::now(), + UnixTime::now(), ) .unwrap(); @@ -86,10 +83,9 @@ mod tests { .verify_server_cert( &random_cert_alice.rustls_certificate(), &[], - &rustls::ServerName::try_from("example.com").unwrap(), - &mut Vec::<&[u8]>::new().iter().cloned(), + &ServerName::try_from("example.com").unwrap(), &[], - std::time::SystemTime::now(), + UnixTime::now(), ) .unwrap_err(); assert!( @@ -123,20 +119,12 @@ mod tests { // The allowed cert passes validation verifier - .verify_client_cert( - &allowed_cert.rustls_certificate(), - &[], - std::time::SystemTime::now(), - ) + .verify_client_cert(&allowed_cert.rustls_certificate(), &[], UnixTime::now()) .unwrap(); // The disallowed cert fails validation let err = verifier - .verify_client_cert( - &disallowed_cert.rustls_certificate(), - &[], - std::time::SystemTime::now(), - ) + .verify_client_cert(&disallowed_cert.rustls_certificate(), &[], UnixTime::now()) .unwrap_err(); assert!( matches!(err, rustls::Error::General(_)), @@ -146,11 +134,7 @@ mod tests { // After removing the allowed public key from the set it now fails validation allowlist.inner_mut().write().unwrap().clear(); let err = verifier - .verify_client_cert( - &allowed_cert.rustls_certificate(), - &[], - std::time::SystemTime::now(), - ) + .verify_client_cert(&allowed_cert.rustls_certificate(), &[], UnixTime::now()) .unwrap_err(); assert!( matches!(err, rustls::Error::General(_)), @@ -178,11 +162,7 @@ mod tests { // Allowed public key but the server-name in the cert is not the required "sui" let err = client_verifier - .verify_client_cert( - &cert.rustls_certificate(), - &[], - std::time::SystemTime::now(), - ) + .verify_client_cert(&cert.rustls_certificate(), &[], UnixTime::now()) .unwrap_err(); assert_eq!( err, @@ -198,10 +178,9 @@ mod tests { .verify_server_cert( &cert.rustls_certificate(), &[], - &rustls::ServerName::try_from("example.com").unwrap(), - &mut Vec::<&[u8]>::new().iter().cloned(), + &ServerName::try_from("example.com").unwrap(), &[], - std::time::SystemTime::now(), + UnixTime::now(), ) .unwrap_err(); assert_eq!( diff --git a/crates/sui-tls/src/verifier.rs b/crates/sui-tls/src/verifier.rs index e3cb37ef717c0..b2dff221ffd7c 100644 --- a/crates/sui-tls/src/verifier.rs +++ b/crates/sui-tls/src/verifier.rs @@ -3,12 +3,24 @@ use fastcrypto::ed25519::Ed25519PublicKey; use fastcrypto::traits::ToFromBytes; +use rustls::crypto::WebPkiSupportedAlgorithms; +use rustls::pki_types::CertificateDer; +use rustls::pki_types::PrivateKeyDer; +use rustls::pki_types::ServerName; +use rustls::pki_types::SignatureVerificationAlgorithm; +use rustls::pki_types::TrustAnchor; +use rustls::pki_types::UnixTime; use std::{ collections::HashSet, sync::{Arc, RwLock}, }; -static SUPPORTED_SIG_ALGS: &[&webpki::SignatureAlgorithm] = &[&webpki::ED25519]; +static SUPPORTED_SIG_ALGS: &[&dyn SignatureVerificationAlgorithm] = &[webpki::ring::ED25519]; + +static SUPPORTED_ALGORITHMS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms { + all: SUPPORTED_SIG_ALGS, + mapping: &[(rustls::SignatureScheme::ED25519, SUPPORTED_SIG_ALGS)], +}; pub type ValidatorAllowlist = Arc>>; @@ -16,12 +28,12 @@ pub type ValidatorAllowlist = Arc>>; /// to allow a cert to be verified or not. This does not prform actual cert validation /// it only acts as a gatekeeper to decide if we should even try. For example, we may want /// to filter our actions to well known public keys. -pub trait Allower: Send + Sync { +pub trait Allower: std::fmt::Debug + Send + Sync { fn allowed(&self, key: &Ed25519PublicKey) -> bool; } /// AllowAll will allow all public certificates to be validated, it fails open -#[derive(Clone, Default)] +#[derive(Debug, Clone, Default)] pub struct AllowAll; impl Allower for AllowAll { @@ -32,7 +44,7 @@ impl Allower for AllowAll { /// HashSetAllow restricts keys to those that are found in the member set. non-members will not be /// allowed. -#[derive(Clone, Default)] +#[derive(Debug, Clone, Default)] pub struct HashSetAllow { inner: ValidatorAllowlist, } @@ -76,20 +88,22 @@ impl ClientCertVerifier { impl ClientCertVerifier { pub fn rustls_server_config( self, - certificates: Vec, - private_key: rustls::PrivateKey, + certificates: Vec>, + private_key: PrivateKeyDer<'static>, ) -> Result { - let mut config = rustls::ServerConfig::builder() - .with_safe_defaults() - .with_client_cert_verifier(std::sync::Arc::new(self)) - .with_single_cert(certificates, private_key)?; + let mut config = rustls::ServerConfig::builder_with_provider(Arc::new( + rustls::crypto::ring::default_provider(), + )) + .with_safe_default_protocol_versions()? + .with_client_cert_verifier(std::sync::Arc::new(self)) + .with_single_cert(certificates, private_key)?; config.alpn_protocols = vec![b"h2".to_vec(), b"http/1.1".to_vec()]; Ok(config) } } -impl rustls::server::ClientCertVerifier for ClientCertVerifier { +impl rustls::server::danger::ClientCertVerifier for ClientCertVerifier { fn offer_client_auth(&self) -> bool { true } @@ -98,7 +112,7 @@ impl rustls::server::ClientCertVerifier for ClientCertVerifier { true } - fn client_auth_root_subjects(&self) -> &[rustls::DistinguishedName] { + fn root_hint_subjects(&self) -> &[rustls::DistinguishedName] { // Since we're relying on self-signed certificates and not on CAs, continue the handshake // without passing a list of CA DNs &[] @@ -110,10 +124,10 @@ impl rustls::server::ClientCertVerifier for ClientCertVerifier { // 2. we call webpki's certificate verification fn verify_client_cert( &self, - end_entity: &rustls::Certificate, - intermediates: &[rustls::Certificate], - now: std::time::SystemTime, - ) -> Result { + end_entity: &CertificateDer, + intermediates: &[CertificateDer], + now: UnixTime, + ) -> Result { // Step 1: Check this matches the key we expect let public_key = public_key_from_certificate(end_entity)?; if !self.allower.allowed(&public_key) { @@ -131,7 +145,29 @@ impl rustls::server::ClientCertVerifier for ClientCertVerifier { &self.name, now, ) - .map(|_| rustls::server::ClientCertVerified::assertion()) + .map(|_| rustls::server::danger::ClientCertVerified::assertion()) + } + + fn verify_tls12_signature( + &self, + message: &[u8], + cert: &CertificateDer<'_>, + dss: &rustls::DigitallySignedStruct, + ) -> Result { + rustls::crypto::verify_tls12_signature(message, cert, dss, &SUPPORTED_ALGORITHMS) + } + + fn verify_tls13_signature( + &self, + message: &[u8], + cert: &CertificateDer<'_>, + dss: &rustls::DigitallySignedStruct, + ) -> Result { + rustls::crypto::verify_tls13_signature(message, cert, dss, &SUPPORTED_ALGORITHMS) + } + + fn supported_verify_schemes(&self) -> Vec { + SUPPORTED_ALGORITHMS.supported_schemes() } } @@ -150,28 +186,30 @@ impl ServerCertVerifier { pub fn rustls_client_config( self, - certificates: Vec, - private_key: rustls::PrivateKey, + certificates: Vec>, + private_key: PrivateKeyDer<'static>, ) -> Result { - let mut config = rustls::ClientConfig::builder() - .with_safe_defaults() - .with_custom_certificate_verifier(std::sync::Arc::new(self)) - .with_client_auth_cert(certificates, private_key)?; + let mut config = rustls::ClientConfig::builder_with_provider(Arc::new( + rustls::crypto::ring::default_provider(), + )) + .with_safe_default_protocol_versions()? + .dangerous() + .with_custom_certificate_verifier(std::sync::Arc::new(self)) + .with_client_auth_cert(certificates, private_key)?; config.alpn_protocols = vec![b"h2".to_vec()]; Ok(config) } } -impl rustls::client::ServerCertVerifier for ServerCertVerifier { +impl rustls::client::danger::ServerCertVerifier for ServerCertVerifier { fn verify_server_cert( &self, - end_entity: &rustls::Certificate, - intermediates: &[rustls::Certificate], - _server_name: &rustls::ServerName, - _scts: &mut dyn Iterator, + end_entity: &CertificateDer<'_>, + intermediates: &[CertificateDer<'_>], + _server_name: &ServerName, _ocsp_response: &[u8], - now: std::time::SystemTime, - ) -> Result { + now: UnixTime, + ) -> Result { let public_key = public_key_from_certificate(end_entity)?; if public_key != self.public_key { return Err(rustls::Error::General(format!( @@ -187,7 +225,29 @@ impl rustls::client::ServerCertVerifier for ServerCertVerifier { &self.name, now, ) - .map(|_| rustls::client::ServerCertVerified::assertion()) + .map(|_| rustls::client::danger::ServerCertVerified::assertion()) + } + + fn verify_tls12_signature( + &self, + message: &[u8], + cert: &CertificateDer<'_>, + dss: &rustls::DigitallySignedStruct, + ) -> Result { + rustls::crypto::verify_tls12_signature(message, cert, dss, &SUPPORTED_ALGORITHMS) + } + + fn verify_tls13_signature( + &self, + message: &[u8], + cert: &CertificateDer<'_>, + dss: &rustls::DigitallySignedStruct, + ) -> Result { + rustls::crypto::verify_tls13_signature(message, cert, dss, &SUPPORTED_ALGORITHMS) + } + + fn supported_verify_schemes(&self) -> Vec { + SUPPORTED_ALGORITHMS.supported_schemes() } } @@ -196,49 +256,55 @@ impl rustls::client::ServerCertVerifier for ServerCertVerifier { // placing the public key at the root of the certificate chain (as it should be for a self-signed certificate) // 2. we call webpki's certificate verification fn verify_self_signed_cert( - end_entity: &rustls::Certificate, - intermediates: &[rustls::Certificate], + end_entity: &CertificateDer, + intermediates: &[CertificateDer], usage: webpki::KeyUsage, name: &str, - now: std::time::SystemTime, + now: UnixTime, ) -> Result<(), rustls::Error> { // Check we're receiving correctly signed data with the expected key // Step 1: prepare arguments let (cert, chain, trustroots) = prepare_for_self_signed(end_entity, intermediates)?; - let now = webpki::Time::try_from(now).map_err(|_| rustls::Error::FailedToGetCurrentTime)?; // Step 2: call verification from webpki - let cert = cert - .verify_for_usage(SUPPORTED_SIG_ALGS, &trustroots, &chain, now, usage, &[]) - .map_err(pki_error) - .map(|_| cert)?; + let verified_cert = cert + .verify_for_usage( + SUPPORTED_SIG_ALGS, + &trustroots, + chain, + now, + usage, + None, + None, + ) + .map_err(pki_error)?; // Ensure the cert is valid for the network name - let dns_nameref = webpki::SubjectNameRef::try_from_ascii_str(name) - .map_err(|_| rustls::Error::UnsupportedNameType)?; - cert.verify_is_valid_for_subject_name(dns_nameref) + let subject_name = + ServerName::try_from(name).map_err(|_| rustls::Error::UnsupportedNameType)?; + verified_cert + .end_entity() + .verify_is_valid_for_subject_name(&subject_name) .map_err(pki_error) } type CertChainAndRoots<'a> = ( webpki::EndEntityCert<'a>, - Vec<&'a [u8]>, - Vec>, + &'a [CertificateDer<'a>], + Vec>, ); // This prepares arguments for webpki, including a trust anchor which is the end entity of the certificate // (which embodies a self-signed certificate by definition) fn prepare_for_self_signed<'a>( - end_entity: &'a rustls::Certificate, - intermediates: &'a [rustls::Certificate], + end_entity: &'a CertificateDer, + intermediates: &'a [CertificateDer], ) -> Result, rustls::Error> { // EE cert must appear first. - let cert = webpki::EndEntityCert::try_from(end_entity.0.as_ref()).map_err(pki_error)?; - - let intermediates: Vec<&'a [u8]> = intermediates.iter().map(|cert| cert.0.as_ref()).collect(); + let cert = webpki::EndEntityCert::try_from(end_entity).map_err(pki_error)?; // reinterpret the certificate as a root, materializing the self-signed policy - let root = webpki::TrustAnchor::try_from_cert_der(end_entity.0.as_ref()).map_err(pki_error)?; + let root = webpki::anchor_from_trusted_cert(end_entity).map_err(pki_error)?; Ok((cert, intermediates, vec![root])) } @@ -263,11 +329,11 @@ fn pki_error(error: webpki::Error) -> rustls::Error { /// Extracts the public key from a certificate. pub fn public_key_from_certificate( - certificate: &rustls::Certificate, + certificate: &CertificateDer, ) -> Result { use x509_parser::{certificate::X509Certificate, prelude::FromDer}; - let cert = X509Certificate::from_der(certificate.0.as_ref()) + let cert = X509Certificate::from_der(certificate.as_ref()) .map_err(|e| rustls::Error::General(e.to_string()))?; let spki = cert.1.public_key(); let public_key_bytes = diff --git a/crates/suiop-cli/src/cli/lib/oauth/mod.rs b/crates/suiop-cli/src/cli/lib/oauth/mod.rs index f33908e25c5f6..d882d0029efd8 100644 --- a/crates/suiop-cli/src/cli/lib/oauth/mod.rs +++ b/crates/suiop-cli/src/cli/lib/oauth/mod.rs @@ -10,7 +10,6 @@ use axum::response::IntoResponse; use axum::{extract::Query, routing::get, Router}; use chrono; use dirs; -use reqwest; use reqwest::header::{HeaderMap, HeaderValue}; use serde::{Deserialize, Serialize}; use std::fs::{self, File}; @@ -155,8 +154,8 @@ fn spawn_local_server( ); let addr = SocketAddr::from(([127, 0, 0, 1], 17846)); - axum::Server::bind(&addr) - .serve(app.into_make_service()) + let listener = tokio::net::TcpListener::bind(addr).await.unwrap(); + axum::serve(listener, app) .await .expect("couldn't start local auth server on port 17846"); }) diff --git a/deny.toml b/deny.toml index 372fba7ae9b05..b4392cda79f08 100644 --- a/deny.toml +++ b/deny.toml @@ -57,15 +57,10 @@ ignore = [ "RUSTSEC-2023-0049", # ansi_term is Unmaintained "RUSTSEC-2021-0139", - # atty - # "RUSTSEC-2021-0145", # webpki "RUSTSEC-2023-0052", # we don't do RSA signing on Sui (only verifying for zklogin) "RUSTSEC-2023-0071", - # Sui does not use object_store with authentication. - # Upgrade to object_store >= 10.2 to fix. - "RUSTSEC-2024-0358", # A few dependencies use unpatched rustls. "RUSTSEC-2024-0336", ] diff --git a/narwhal/network/Cargo.toml b/narwhal/network/Cargo.toml index 4a97a99051dbc..f13a037099151 100644 --- a/narwhal/network/Cargo.toml +++ b/narwhal/network/Cargo.toml @@ -28,7 +28,6 @@ anemo.workspace = true anemo-tower.workspace = true anyhow.workspace = true axum.workspace = true -axum-server.workspace = true tower.workspace = true [dev-dependencies] diff --git a/narwhal/network/src/admin.rs b/narwhal/network/src/admin.rs index ddf660d4dbe05..02ba0b8f7a811 100644 --- a/narwhal/network/src/admin.rs +++ b/narwhal/network/src/admin.rs @@ -2,9 +2,10 @@ // SPDX-License-Identifier: Apache-2.0 use axum::{extract::Extension, http::StatusCode, routing::get, Json, Router}; -use mysten_metrics::{spawn_logged_monitored_task, spawn_monitored_task}; -use std::net::{IpAddr, Ipv4Addr, SocketAddr, TcpListener}; +use mysten_metrics::spawn_logged_monitored_task; +use std::net::{IpAddr, Ipv4Addr, SocketAddr}; use std::time::Duration; +use tokio::net::TcpListener; use tokio::task::JoinHandle; use tokio::time::sleep; use tracing::{error, info}; @@ -27,15 +28,7 @@ pub fn start_admin_server( "starting admin server" ); - let handle = axum_server::Handle::new(); - let shutdown_handle = handle.clone(); - let mut handles = Vec::new(); - // Spawn a task to shutdown server. - handles.push(spawn_monitored_task!(async move { - _ = tr_shutdown.receiver.recv().await; - handle.clone().shutdown(); - })); handles.push(spawn_logged_monitored_task!( async move { @@ -45,11 +38,12 @@ pub fn start_admin_server( loop { total_retries -= 1; - match TcpListener::bind(socket_address) { + match TcpListener::bind(socket_address).await { Ok(listener) => { - axum_server::from_tcp(listener) - .handle(shutdown_handle) - .serve(router.into_make_service()) + axum::serve(listener, router) + .with_graceful_shutdown(async move { + _ = tr_shutdown.receiver.recv().await; + }) .await .unwrap_or_else(|err| { panic!("Failed to boot admin {}: {err}", socket_address) diff --git a/narwhal/node/src/metrics.rs b/narwhal/node/src/metrics.rs index 772c07a48aab1..8e3e06794bdc8 100644 --- a/narwhal/node/src/metrics.rs +++ b/narwhal/node/src/metrics.rs @@ -105,10 +105,8 @@ pub fn start_prometheus_server(addr: Multiaddr, registry: &Registry) -> JoinHand spawn_logged_monitored_task!( async move { - axum::Server::bind(&socket_addr) - .serve(app.into_make_service()) - .await - .unwrap(); + let listener = tokio::net::TcpListener::bind(&socket_addr).await.unwrap(); + axum::serve(listener, app).await.unwrap(); }, "MetricsServerTask" ) diff --git a/narwhal/primary/tests/nodes_bootstrapping_tests.rs b/narwhal/primary/tests/nodes_bootstrapping_tests.rs index 60c0c2293c5d5..373676bfe7cb1 100644 --- a/narwhal/primary/tests/nodes_bootstrapping_tests.rs +++ b/narwhal/primary/tests/nodes_bootstrapping_tests.rs @@ -40,12 +40,7 @@ async fn test_response_error_after_shutdown_internal_consensus() { let Err(e) = client.submit_transaction(txn).await else { panic!("Submitting transactions after Narwhal shutdown should fail!"); }; - assert!( - e.message() - .contains("error trying to connect: tcp connect error:"), - "Actual: {}", - e - ); + assert!(e.message().contains("tcp connect error:"), "Actual: {}", e); } /// Nodes will be started in a staggered fashion. This is simulating