cargo clippy

Reviewed-on: #3

.drone.yml

@@ -0,0 +1,13 @@
+---
+kind: pipeline
+type: docker
+name: default
+
+steps:
+- name: cargo_check
+  image: rust
+  commands:
+  - rustup component add clippy
+  - cargo clippy -- -D warnings
+  - cargo test
+

README.MD

@@ -1,4 +1,6 @@
 # TCP over HTTP
+[![Build Status](https://drone.communiquons.org/api/badges/pierre/tcp-over-http/status.svg)](https://drone.communiquons.org/pierre/tcp-over-http)
+
 This project aims to provide an easy-to-setup TCP forwarding solution:
 
 ```

renovate.json

@@ -0,0 +1,3 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json"
+}

src/main.rs

@@ -8,7 +8,7 @@ use tcp_over_http::tcp_relay_server::server_config::ServerConfig;
     author,
     version,
     about,
-    long_about = "Encapsulate TCP sockets inside HTTP WebSockets"
+    long_about = "Encapsulate TCP sockets inside HTTP WebSockets\nSource code: https://gitea.communiquons.org/pierre/tcp-over-http"
 )]
 struct CliArgs {
     #[clap(subcommand)]

src/tcp_relay_client/mod.rs

@@ -94,7 +94,7 @@ pub async fn run_app(mut args: ClientConfig) -> std::io::Result<()> {
                 port.id,
                 urlencoding::encode(args.get_auth_token())
             )
-                .replace("http", "ws"),
+            .replace("http", "ws"),
             listen_address,
             args.clone(),
         ));

src/tcp_relay_server/relay_ws.rs

@@ -108,9 +108,7 @@ impl StreamHandler<Result<ws::Message, ws::ProtocolError>> for RelayWS {
             Ok(ws::Message::Text(text)) => ctx.text(text),
             Ok(ws::Message::Close(_reason)) => ctx.stop(),
             Ok(ws::Message::Binary(data)) => {
-                if let Err(e) =
-                    futures::executor::block_on(self.tcp_write.write_all(&data.to_vec()))
-                {
+                if let Err(e) = futures::executor::block_on(self.tcp_write.write_all(&data)) {
                     log::error!("Failed to forward some data, closing connection! {:?}", e);
                     ctx.stop();
                 }
@@ -196,11 +194,16 @@ pub async fn relay_ws(
         tcp_write,
         hb: Instant::now(),
     };
+
     let resp = ws::start(relay, &req, stream);
     log::info!(
-        "Opening new WS connection for {:?} to {}",
+        "Opening new WS connection:\
+         * for {:?}\
+         * to {}\
+         * token {:?}",
         req.peer_addr(),
-        upstream_addr
+        upstream_addr,
+        query.token
     );
     resp
 }

src/tcp_relay_server/tls_cert_client_verifier.rs

@@ -86,14 +86,14 @@ impl ClientCertVerifier for CustomCertClientVerifier {
         intermediates: &[Certificate],
         now: SystemTime,
     ) -> Result<ClientCertVerified, Error> {
+        let (_rem, cert) =
+            X509Certificate::from_der(&end_entity.0).expect("Failed to read certificate!");
+
         // Check the certificates sent by the client has been revoked
         if let Some(crl) = &self.crl {
             let (_rem, crl) =
                 CertificateRevocationList::from_der(crl).expect("Failed to read CRL!");
 
-            let (_rem, cert) =
-                X509Certificate::from_der(&end_entity.0).expect("Failed to read certificate!");
-
             for revoked in crl.iter_revoked_certificates() {
                 if revoked.user_certificate == cert.serial {
                     log::error!(
@@ -106,7 +106,24 @@ impl ClientCertVerifier for CustomCertClientVerifier {
             }
         }
 
-        self.upstream_cert_verifier
-            .verify_client_cert(end_entity, intermediates, now)
+        let result = self
+            .upstream_cert_verifier
+            .verify_client_cert(end_entity, intermediates, now);
+
+        match result.as_ref() {
+            Err(e) => log::error!(
+                "FAILED authentication attempt from Serial={} / Subject={} : {}",
+                cert.serial,
+                cert.subject,
+                e
+            ),
+            Ok(_) => log::info!(
+                "SUCCESSFUL authentication attempt from Serial={} / Subject={}",
+                cert.serial,
+                cert.subject
+            ),
+        }
+
+        result
     }
 }

src/test/client_invalid_tls_configuration.rs

@@ -2,10 +2,10 @@ use tokio::task;
 
 use crate::tcp_relay_client::client_config::ClientConfig;
 use crate::tcp_relay_server::server_config::ServerConfig;
-use crate::test::{BAD_PATH, get_port_number, LOCALHOST_IP, PortsAllocation};
 use crate::test::dummy_tcp_sockets::wait_for_port;
 use crate::test::pki::Pki;
 use crate::test::test_files_utils::create_temp_file_with_random_content;
+use crate::test::{get_port_number, PortsAllocation, BAD_PATH, LOCALHOST_IP};
 
 fn port(index: u16) -> u16 {
     get_port_number(PortsAllocation::ClientInvalidTlsConfiguration, index)
@@ -26,8 +26,8 @@ async fn random_file_for_cert() {
         tls_key: Some(pki.valid_client_key.file_path()),
         ..Default::default()
     })
-        .await
-        .unwrap_err();
+    .await
+    .unwrap_err();
 }
 
 #[tokio::test()]
@@ -45,8 +45,8 @@ async fn random_file_for_key() {
         tls_key: Some(random_file.to_string_lossy().to_string()),
         ..Default::default()
     })
-        .await
-        .unwrap_err();
+    .await
+    .unwrap_err();
 }
 
 #[tokio::test()]
@@ -63,8 +63,8 @@ async fn bad_pem_file_for_cert() {
         tls_key: Some(pki.valid_client_key.file_path()),
         ..Default::default()
     })
-        .await
-        .unwrap_err();
+    .await
+    .unwrap_err();
 }
 
 #[tokio::test()]
@@ -81,8 +81,8 @@ async fn bad_pem_file_for_key() {
         tls_key: Some(pki.root_ca_crl.file_path()),
         ..Default::default()
     })
-        .await
-        .unwrap_err();
+    .await
+    .unwrap_err();
 }
 
 #[tokio::test()]
@@ -99,8 +99,8 @@ async fn non_existing_cert() {
         tls_key: Some(pki.valid_client_key.file_path()),
         ..Default::default()
     })
-        .await
-        .unwrap_err();
+    .await
+    .unwrap_err();
 }
 
 #[tokio::test()]
@@ -117,8 +117,8 @@ async fn non_existing_key() {
         tls_key: Some(BAD_PATH.to_string()),
         ..Default::default()
     })
-        .await
-        .unwrap_err();
+    .await
+    .unwrap_err();
 }
 
 #[tokio::test()]
@@ -153,7 +153,8 @@ async fn unmatched_key_cert_pair() {
                 root_certificate: Some(pki.root_ca_crt.file_path()),
                 ..Default::default()
             })
-                .await
-                .unwrap_err();
-        }).await;
+            .await
+            .unwrap_err();
+        })
+        .await;
 }

src/test/client_invalid_tls_root_certificate_file.rs

@@ -1,7 +1,7 @@
 use crate::tcp_relay_client::client_config::ClientConfig;
-use crate::test::{BAD_PATH, get_port_number, LOCALHOST_IP, PortsAllocation};
 use crate::test::pki::Pki;
 use crate::test::test_files_utils::create_temp_file_with_random_content;
+use crate::test::{get_port_number, PortsAllocation, BAD_PATH, LOCALHOST_IP};
 
 const VALID_TOKEN: &str = "AvalidTOKEN";
 
@@ -22,8 +22,8 @@ async fn invalid_file_type() {
         root_certificate: Some(pki.expired_client_key.file_path()),
         ..Default::default()
     })
-        .await
-        .unwrap_err();
+    .await
+    .unwrap_err();
 }
 
 #[tokio::test()]
@@ -37,8 +37,8 @@ async fn non_existing_file() {
         root_certificate: Some(BAD_PATH.to_string()),
         ..Default::default()
     })
-        .await
-        .unwrap_err();
+    .await
+    .unwrap_err();
 }
 
 #[tokio::test()]
@@ -54,6 +54,6 @@ async fn random_file() {
         root_certificate: Some(random_file.to_string_lossy().to_string()),
         ..Default::default()
     })
-        .await
-        .unwrap_err();
+    .await
+    .unwrap_err();
 }

src/test/mod.rs

@@ -30,9 +30,9 @@ mod dummy_tcp_sockets;
 mod pki;
 mod test_files_utils;
 
+mod client_invalid_tls_configuration;
 mod client_invalid_tls_root_certificate_file;
 mod client_try_tls_while_there_is_no_tls;
-mod client_invalid_tls_configuration;
 mod invalid_with_token_auth;
 mod server_invalid_tls_config_invalid_cert;
 mod server_invalid_tls_config_invalid_client_crl;