Merge pull request #63 from junkurihara/develop

0.3.4

Author: junkurihara

.github/workflows/release-docker.yml

@@ -81,7 +81,7 @@ jobs:
     needs: docker_build_and_push
     steps:
       - name: check pull_request title
-        uses: kaisugi/[email protected].0
+        uses: kaisugi/[email protected].1
         id: regex-match
         with:
           text: ${{ github.event.pull_request.title }}
@@ -102,7 +102,7 @@ jobs:
 
       - name: release
         if: ${{ steps.regex-match.outputs.match != ''}}
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@v2
         with:
           files: /tmp/doh-auth-proxy-x86_64-unknown-linux-gnu.tar.gz
           name: ${{ github.event.pull_request.title }}

Cargo.toml

@@ -3,6 +3,35 @@
 members = ["proxy-bin", "proxy-lib"]
 resolver = "2"
 
+[workspace.package]
+version = "0.3.4"
+authors = ["Jun Kurihara"]
+homepage = "https://github.com/junkurihara/doh-auth-proxy"
+repository = "https://github.com/junkurihara/doh-auth-proxy"
+license = "MIT"
+readme = "./README.md"
+categories = [
+  "asynchronous",
+  "network-programming",
+  "command-line-utilities",
+  "web-programming::http-client",
+]
+keywords = [
+  "dns",
+  "https",
+  "dns-over-https",
+  "doh",
+  "oblivious-dns-over-https",
+  "odoh",
+  "mutualized-oblivious-dns",
+  "mutualized-odoh",
+  "modoh",
+  "proxy",
+  "authorization",
+]
+edition = "2021"
+publish = false
+
 [profile.release]
 codegen-units = 1
 incremental = false

proxy-bin/Cargo.toml

@@ -1,55 +1,38 @@
 [package]
 name = "doh-auth-proxy"
 description = "DNS Proxy for DoH, ODoH and Mutualized ODoH with Authorization"
-version = "0.3.3"
-authors = ["Jun Kurihara"]
-homepage = "https://github.com/junkurihara/doh-auth-proxy"
-repository = "https://github.com/junkurihara/doh-auth-proxy"
-license = "MIT"
-readme = "../README.md"
-categories = [
-  "asynchronous",
-  "network-programming",
-  "command-line-utilities",
-  "web-programming::http-client",
-]
-keywords = [
-  "dns",
-  "https",
-  "dns-over-https",
-  "doh",
-  "oblivious-dns-over-https",
-  "odoh",
-  "mutualized-oblivious-dns",
-  "mutualized-odoh",
-  "modoh",
-  "proxy",
-  "authorization",
-]
-edition = "2021"
-publish = false
+version.workspace = true
+authors.workspace = true
+homepage.workspace = true
+repository.workspace = true
+license.workspace = true
+readme.workspace = true
+categories.workspace = true
+keywords.workspace = true
+edition.workspace = true
+publish.workspace = true
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
 doh-auth-proxy-lib = { path = "../proxy-lib/" }
 
-anyhow = "1.0.79"
+anyhow = "1.0.81"
 mimalloc = { version = "*", default-features = false }
-serde = { version = "1.0.196", default-features = false, features = ["derive"] }
-derive_builder = "0.13.0"
-tokio = { version = "1.35.1", default-features = false, features = [
+serde = { version = "1.0.197", default-features = false, features = ["derive"] }
+derive_builder = "0.20.0"
+tokio = { version = "1.36.0", default-features = false, features = [
   "net",
   "rt-multi-thread",
   "time",
   "sync",
   "macros",
 ] }
-async-trait = "0.1.77"
+async-trait = "0.1.78"
 
 # config
-clap = { version = "4.4.18", features = ["std", "cargo", "wrap_help"] }
-toml = { version = "0.8.8", default-features = false, features = ["parse"] }
+clap = { version = "4.5.3", features = ["std", "cargo", "wrap_help"] }
+toml = { version = "0.8.12", default-features = false, features = ["parse"] }
 hot_reload = "0.1.5"
 
 # logging

proxy-lib/Cargo.toml

@@ -1,39 +1,23 @@
 [package]
 name = "doh-auth-proxy-lib"
 description = "DNS Proxy Library for DoH, ODoH and Mutualized ODoH with Authorization"
-version = "0.3.3"
-authors = ["Jun Kurihara"]
-homepage = "https://github.com/junkurihara/doh-auth-proxy"
-repository = "https://github.com/junkurihara/doh-auth-proxy"
-license = "MIT"
-readme = "../README.md"
-categories = [
-  "asynchronous",
-  "network-programming",
-  "command-line-utilities",
-  "web-programming::http-client",
-]
-keywords = [
-  "dns",
-  "https",
-  "dns-over-https",
-  "doh",
-  "oblivious-dns-over-https",
-  "odoh",
-  "mutualized-oblivious-dns",
-  "mutualized-odoh",
-  "modoh",
-  "proxy",
-  "authorization",
-]
-edition = "2021"
-publish = false
+version.workspace = true
+authors.workspace = true
+homepage.workspace = true
+repository.workspace = true
+license.workspace = true
+readme.workspace = true
+categories.workspace = true
+keywords.workspace = true
+edition.workspace = true
+publish.workspace = true
+
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
 rand = "0.8.5"
-tokio = { version = "1.35.1", features = [
+tokio = { version = "1.36.0", features = [
   "net",
   "rt-multi-thread",
   "time",
@@ -44,11 +28,11 @@ futures = { version = "0.3.30", default-features = false, features = [
   "std",
   "async-await",
 ] }
-anyhow = "1.0.79"
+anyhow = "1.0.81"
 tracing = "0.1.40"
-thiserror = "1.0.56"
-async-trait = "0.1.77"
-serde = { version = "1.0.196", features = ["derive"] }
+thiserror = "1.0.58"
+async-trait = "0.1.78"
+serde = { version = "1.0.197", features = ["derive"] }
 itertools = "0.12.1"
 rustc-hash = "1.1.0"
 
@@ -62,13 +46,13 @@ cedarwood = "0.4.6"
 regex = "1.10.3"
 
 # network
-socket2 = "0.5.5"
+socket2 = "0.5.6"
 
 # http client
-# TODO: change this to hyper-1.0
-reqwest = { version = "0.11.23", default-features = false, features = [
+reqwest = { version = "0.12.0", default-features = false, features = [
   "json",
-  "trust-dns",
+  "http2",
+  "hickory-dns",
   "rustls-tls",
 ] }
 url = "2.5.0"

proxy-lib/src/doh_client/cache.rs

@@ -182,7 +182,7 @@ mod tests {
 
   #[tokio::test]
   async fn test_cache() {
-    let (stream, sender) = TcpClientStream::<AsyncIoTokioAsStd<TokioTcpStream>>::new(([8, 8, 8, 8], 53).into());
+    let (stream, sender) = TcpClientStream::<AsyncIoTokioAsStd<TokioTcpStream>>::new(([1, 1, 1, 1], 53).into());
     let client = AsyncClient::new(stream, sender, None);
     // await the connection to be established
     let (mut client, bg) = client.await.expect("connection failed");

proxy-lib/src/doh_client/doh_client_healthcheck.rs

@@ -1,8 +1,6 @@
 use super::{dns_message, path_manage::DoHPath, DoHClient};
 use crate::{
-  constants::{
-    HEALTHCHECK_RETRY_WAITING_SEC, HEALTHCHECK_TARGET_ADDR, HEALTHCHECK_TARGET_FQDN, MAX_ALL_UNHEALTHY_RETRY,
-  },
+  constants::{HEALTHCHECK_RETRY_WAITING_SEC, HEALTHCHECK_TARGET_ADDR, HEALTHCHECK_TARGET_FQDN, MAX_ALL_UNHEALTHY_RETRY},
   error::*,
   log::*,
 };
@@ -49,28 +47,15 @@ impl DoHClient {
       });
 
       // health check for every path
-      let futures = self
-        .path_manager
-        .paths
-        .iter()
-        .flatten()
-        .flatten()
-        .map(|path| async move {
-          if let Err(e) = self.healthcheck(path).await {
-            warn!("Healthcheck fails for {}: {e}", path.as_url()?)
-          }
-          Ok(()) as Result<()>
-        });
+      let futures = self.path_manager.paths.iter().flatten().flatten().map(|path| async move {
+        if let Err(e) = self.healthcheck(path).await {
+          warn!("Healthcheck fails for {}: {e}", path.as_url()?)
+        }
+        Ok(()) as Result<()>
+      });
       let _ = join_all(futures).await;
 
-      if !self
-        .path_manager
-        .paths
-        .iter()
-        .flatten()
-        .flatten()
-        .any(|v| v.is_healthy())
-      {
+      if !self.path_manager.paths.iter().flatten().flatten().any(|v| v.is_healthy()) {
         all_unhealthy_cnt += 1;
         error!("All possible paths are unhealthy. Should check the Internet connection");
         if all_unhealthy_cnt > MAX_ALL_UNHEALTHY_RETRY {
@@ -88,13 +73,17 @@ impl DoHClient {
     let q_msg = dns_message::build_query_a(HEALTHCHECK_TARGET_FQDN)?;
     let packet_buf = dns_message::encode(&q_msg)?;
 
-    let Ok((_, res_msg)) = self.make_doh_query_inner(&packet_buf, path).await else {
-      path.make_unhealthy();
-      warn!(
-        "Failed to query or invalid response. Path {} is unhealthy",
-        path.as_url()?
-      );
-      return Ok(());
+    let res_msg = match self.make_doh_query_inner(&packet_buf, path).await {
+      Ok((_, res_msg)) => res_msg,
+      Err(e) => {
+        path.make_unhealthy();
+        warn!(
+          "Failed to query or invalid response. Path {} is unhealthy: {}",
+          path.as_url()?,
+          e
+        );
+        return Ok(());
+      }
     };
 
     if res_msg.header().response_code() != ResponseCode::NoError {

proxy-lib/src/doh_client/doh_client_main.rs

@@ -92,10 +92,7 @@ impl DoHClient {
     headers.insert("Accept", header::HeaderValue::from_str(&ct).unwrap());
     headers.insert("Content-Type", header::HeaderValue::from_str(&ct).unwrap());
     if let DoHType::Oblivious = doh_type {
-      headers.insert(
-        "Cache-Control",
-        header::HeaderValue::from_str("no-cache, no-store").unwrap(),
-      );
+      headers.insert("Cache-Control", header::HeaderValue::from_str("no-cache, no-store").unwrap());
     }
 
     // doh method
@@ -120,8 +117,7 @@ impl DoHClient {
     let healthcheck_period_sec = globals.proxy_config.healthcheck_period_sec;
 
     // query manipulators
-    let query_manipulators: Option<QueryManipulators> = if let Some(q) = &globals.proxy_config.query_manipulation_config
-    {
+    let query_manipulators: Option<QueryManipulators> = if let Some(q) = &globals.proxy_config.query_manipulation_config {
       q.as_ref().try_into().ok()
     } else {
       None
@@ -198,11 +194,7 @@ impl DoHClient {
 
   /// Make DoH query with a specifically given path.
   /// Note cache and plugins are disabled to be used for health check
-  pub(super) async fn make_doh_query_inner(
-    &self,
-    packet_buf: &[u8],
-    path: &Arc<DoHPath>,
-  ) -> Result<(Vec<u8>, Message)> {
+  pub(super) async fn make_doh_query_inner(&self, packet_buf: &[u8], path: &Arc<DoHPath>) -> Result<(Vec<u8>, Message)> {
     let headers = self.build_headers().await?;
     let response_buf = match self.doh_type {
       DoHType::Standard => self.serve_doh_query(packet_buf, path, headers).await,
@@ -225,10 +217,7 @@ impl DoHClient {
         debug!("build headers with http authorization header");
         let token = auth.id_token().await?;
         let token_str = format!("Bearer {}", &token);
-        headers.insert(
-          header::AUTHORIZATION,
-          header::HeaderValue::from_str(&token_str).unwrap(),
-        );
+        headers.insert(header::AUTHORIZATION, header::HeaderValue::from_str(&token_str).unwrap());
         Ok(headers)
       }
       None => Ok(headers),
@@ -269,12 +258,7 @@ impl DoHClient {
   }
 
   /// serve oblivious doh query
-  async fn serve_oblivious_doh_query(
-    &self,
-    packet_buf: &[u8],
-    odoh_path: &Arc<DoHPath>,
-    headers: HeaderMap,
-  ) -> Result<Vec<u8>> {
+  async fn serve_oblivious_doh_query(&self, packet_buf: &[u8], odoh_path: &Arc<DoHPath>, headers: HeaderMap) -> Result<Vec<u8>> {
     let target_obj = odoh_path.target();
     let path_url = odoh_path.as_url()?;
     debug!("[ODoH] target url: {}", path_url.as_str());
@@ -299,23 +283,23 @@ impl DoHClient {
       }
       DoHMethod::Post => {
         let lock = self.http_client.read().await;
-        lock
-          .post(path_url)
-          .headers(headers)
-          .body(encrypted_query_body)
-          .send()
-          .await?
+        lock.post(path_url).headers(headers).body(encrypted_query_body).send().await?
       }
     };
 
     // 401 or len=0 when 200, update doh client with renewed public key
-    let Some(content_length) = response.content_length() else {
+    // workaround related to reqwest-0.12, which returns always None with response.content_length()
+    let Some(content_length) = response
+      .headers()
+      .get("content-length")
+      .and_then(|v| v.to_str().map(|s| s.parse::<u16>().ok()).ok().flatten())
+    else {
       return Err(DapError::ODoHInvalidContentLength);
     };
     if response.status() == reqwest::StatusCode::UNAUTHORIZED
       || (response.status() == reqwest::StatusCode::OK && content_length == 0)
     {
-      warn!("ODoH public key is expired. Refetch.");
+      warn!("ODoH public key might be expired. Refetch.");
       self
         .odoh_configs
         .as_ref()