use derive_builder::Builder;
use derive_more::AsRef;
use fs_mistrust::{Mistrust, MistrustBuilder};
use serde::{Deserialize, Serialize};
use std::collections::HashMap;
use std::path::Path;
use std::path::PathBuf;
use std::time::Duration;
pub use tor_chanmgr::{ChannelConfig, ChannelConfigBuilder};
pub use tor_config::convert_helper_via_multi_line_list_builder;
pub use tor_config::impl_standard_builder;
pub use tor_config::list_builder::{MultilineListBuilder, MultilineListBuilderError};
pub use tor_config::{define_list_builder_accessors, define_list_builder_helper};
pub use tor_config::{BoolOrAuto, ConfigError};
pub use tor_config::{CfgPath, CfgPathError, ConfigBuildError, ConfigurationSource, Reconfigure};
pub use tor_guardmgr::bridge::BridgeConfigBuilder;
#[cfg(feature = "bridge-client")]
#[cfg_attr(docsrs, doc(cfg(feature = "bridge-client")))]
pub use tor_guardmgr::bridge::BridgeParseError;
use tor_guardmgr::bridge::BridgeConfig;
pub mod circ {
pub use tor_circmgr::{
CircMgrConfig, CircuitTiming, CircuitTimingBuilder, PathConfig, PathConfigBuilder,
PreemptiveCircuitConfig, PreemptiveCircuitConfigBuilder,
};
}
pub mod dir {
pub use tor_dirmgr::{
Authority, AuthorityBuilder, DirMgrConfig, DirTolerance, DirToleranceBuilder,
DownloadSchedule, DownloadScheduleConfig, DownloadScheduleConfigBuilder, FallbackDir,
FallbackDirBuilder, NetworkConfig, NetworkConfigBuilder,
};
}
#[cfg(feature = "pt-client")]
pub mod pt {
pub use tor_ptmgr::config::{ManagedTransportConfig, ManagedTransportConfigBuilder};
}
#[derive(Debug, Clone, Builder, Eq, PartialEq)]
#[builder(build_fn(error = "ConfigBuildError"))]
#[builder(derive(Debug, Serialize, Deserialize))]
pub struct ClientAddrConfig {
#[builder(default)]
pub(crate) allow_local_addrs: bool,
}
impl_standard_builder! { ClientAddrConfig }
#[derive(Debug, Clone, Builder, Eq, PartialEq)]
#[builder(build_fn(error = "ConfigBuildError"))]
#[builder(derive(Debug, Serialize, Deserialize))]
#[non_exhaustive]
pub struct StreamTimeoutConfig {
#[builder(default = "default_connect_timeout()")]
#[builder_field_attr(serde(default, with = "humantime_serde::option"))]
pub(crate) connect_timeout: Duration,
#[builder(default = "default_dns_resolve_timeout()")]
#[builder_field_attr(serde(default, with = "humantime_serde::option"))]
pub(crate) resolve_timeout: Duration,
#[builder(default = "default_dns_resolve_ptr_timeout()")]
#[builder_field_attr(serde(default, with = "humantime_serde::option"))]
pub(crate) resolve_ptr_timeout: Duration,
}
impl_standard_builder! { StreamTimeoutConfig }
fn default_connect_timeout() -> Duration {
Duration::new(10, 0)
}
fn default_dns_resolve_timeout() -> Duration {
Duration::new(10, 0)
}
fn default_dns_resolve_ptr_timeout() -> Duration {
Duration::new(10, 0)
}
trait BuilderExt {
type Built;
fn build_for_arti(&self) -> Result<Self::Built, ConfigBuildError>;
}
impl BuilderExt for MistrustBuilder {
type Built = Mistrust;
fn build_for_arti(&self) -> Result<Self::Built, ConfigBuildError> {
self.clone()
.controlled_by_env_var_if_not_set(FS_PERMISSIONS_CHECKS_DISABLE_VAR)
.build()
.map_err(|e| ConfigBuildError::Invalid {
field: "permissions".to_string(),
problem: e.to_string(),
})
}
}
#[derive(Debug, Clone, Builder, Eq, PartialEq)]
#[builder(build_fn(error = "ConfigBuildError"))]
#[builder(derive(Debug, Serialize, Deserialize))]
#[non_exhaustive]
pub struct StorageConfig {
#[builder(setter(into), default = "default_cache_dir()")]
cache_dir: CfgPath,
#[builder(setter(into), default = "default_state_dir()")]
state_dir: CfgPath,
#[builder(sub_builder(fn_name = "build_for_arti"))]
#[builder_field_attr(serde(default))]
permissions: Mistrust,
}
impl_standard_builder! { StorageConfig }
fn default_cache_dir() -> CfgPath {
CfgPath::new("${ARTI_CACHE}".to_owned())
}
fn default_state_dir() -> CfgPath {
CfgPath::new("${ARTI_LOCAL_DATA}".to_owned())
}
impl StorageConfig {
pub(crate) fn expand_state_dir(&self) -> Result<PathBuf, ConfigBuildError> {
self.state_dir
.path()
.map_err(|e| ConfigBuildError::Invalid {
field: "state_dir".to_owned(),
problem: e.to_string(),
})
}
pub(crate) fn expand_cache_dir(&self) -> Result<PathBuf, ConfigBuildError> {
self.cache_dir
.path()
.map_err(|e| ConfigBuildError::Invalid {
field: "cache_dir".to_owned(),
problem: e.to_string(),
})
}
pub(crate) fn permissions(&self) -> &Mistrust {
&self.permissions
}
}
#[derive(Debug, Clone, Builder, Eq, PartialEq)]
#[builder(build_fn(validate = "validate_bridges_config", error = "ConfigBuildError"))]
#[builder(derive(Debug, Serialize, Deserialize))]
#[non_exhaustive]
#[builder_struct_attr(non_exhaustive)] pub struct BridgesConfig {
#[builder(default)]
pub(crate) enabled: BoolOrAuto,
#[builder(sub_builder, setter(custom))]
#[builder_field_attr(serde(default))]
bridges: BridgeList,
#[builder(sub_builder, setter(custom))]
#[builder_field_attr(serde(default))]
#[cfg(feature = "pt-client")]
pub(crate) transports: TransportConfigList,
}
#[cfg(feature = "pt-client")]
type TransportConfigList = Vec<pt::ManagedTransportConfig>;
#[cfg(feature = "pt-client")]
define_list_builder_helper! {
pub(crate) struct TransportConfigListBuilder {
transports: [pt::ManagedTransportConfigBuilder],
}
built: TransportConfigList = transports;
default = vec![];
}
impl_standard_builder! { BridgesConfig }
#[allow(clippy::unnecessary_wraps)]
fn validate_bridges_config(bridges: &BridgesConfigBuilder) -> Result<(), ConfigBuildError> {
let _ = bridges;
#[cfg(feature = "bridge-client")]
use BoolOrAuto as BoA;
#[cfg(feature = "bridge-client")]
match (
bridges.enabled.unwrap_or_default(),
bridges.bridges.bridges.as_deref().unwrap_or_default(),
) {
(BoA::Auto, _) | (BoA::Explicit(false), _) | (BoA::Explicit(true), [_, ..]) => {}
(BoA::Explicit(true), []) => {
return Err(ConfigBuildError::Inconsistent {
fields: ["enabled", "bridges"].map(Into::into).into_iter().collect(),
problem: "bridges enabled=true, but no bridges defined".into(),
})
}
}
Ok(())
}
impl BridgesConfig {
fn bridges_enabled(&self) -> bool {
#[cfg(feature = "bridge-client")]
{
self.enabled.as_bool().unwrap_or(!self.bridges.is_empty())
}
#[cfg(not(feature = "bridge-client"))]
{
false
}
}
}
pub type BridgeList = Vec<BridgeConfig>;
define_list_builder_helper! {
struct BridgeListBuilder {
bridges: [BridgeConfigBuilder],
}
built: BridgeList = bridges;
default = vec![];
#[serde(try_from="MultilineListBuilder<BridgeConfigBuilder>")]
#[serde(into="MultilineListBuilder<BridgeConfigBuilder>")]
}
convert_helper_via_multi_line_list_builder! {
struct BridgeListBuilder {
bridges: [BridgeConfigBuilder],
}
}
#[cfg(feature = "bridge-client")]
define_list_builder_accessors! {
struct BridgesConfigBuilder {
pub bridges: [BridgeConfigBuilder],
}
}
#[derive(Clone, Builder, Debug, Eq, PartialEq, AsRef)]
#[builder(build_fn(error = "ConfigBuildError"))]
#[builder(derive(Serialize, Deserialize, Debug))]
#[non_exhaustive]
pub struct TorClientConfig {
#[builder(sub_builder)]
#[builder_field_attr(serde(default))]
tor_network: dir::NetworkConfig,
#[builder(sub_builder)]
#[builder_field_attr(serde(default))]
pub(crate) storage: StorageConfig,
#[builder(sub_builder)]
#[builder_field_attr(serde(default))]
download_schedule: dir::DownloadScheduleConfig,
#[builder(sub_builder)]
#[builder_field_attr(serde(default))]
directory_tolerance: dir::DirTolerance,
#[builder(
sub_builder,
field(
type = "HashMap<String, i32>",
build = "convert_override_net_params(&self.override_net_params)"
)
)]
#[builder_field_attr(serde(default))]
pub(crate) override_net_params: tor_netdoc::doc::netstatus::NetParams<i32>,
#[builder(sub_builder)]
#[builder_field_attr(serde(default))]
pub(crate) bridges: BridgesConfig,
#[builder(sub_builder)]
#[builder_field_attr(serde(default))]
pub(crate) channel: ChannelConfig,
#[as_ref]
#[builder(sub_builder)]
#[builder_field_attr(serde(default))]
path_rules: circ::PathConfig,
#[as_ref]
#[builder(sub_builder)]
#[builder_field_attr(serde(default))]
preemptive_circuits: circ::PreemptiveCircuitConfig,
#[as_ref]
#[builder(sub_builder)]
#[builder_field_attr(serde(default))]
circuit_timing: circ::CircuitTiming,
#[builder(sub_builder)]
#[builder_field_attr(serde(default))]
pub(crate) address_filter: ClientAddrConfig,
#[builder(sub_builder)]
#[builder_field_attr(serde(default))]
pub(crate) stream_timeouts: StreamTimeoutConfig,
}
impl_standard_builder! { TorClientConfig }
impl tor_config::load::TopLevel for TorClientConfig {
type Builder = TorClientConfigBuilder;
}
fn convert_override_net_params(
builder: &HashMap<String, i32>,
) -> tor_netdoc::doc::netstatus::NetParams<i32> {
let mut override_net_params = tor_netdoc::doc::netstatus::NetParams::new();
for (k, v) in builder {
override_net_params.set(k.clone(), *v);
}
override_net_params
}
impl tor_circmgr::CircMgrConfig for TorClientConfig {}
impl AsRef<tor_guardmgr::fallback::FallbackList> for TorClientConfig {
fn as_ref(&self) -> &tor_guardmgr::fallback::FallbackList {
self.tor_network.fallback_caches()
}
}
impl AsRef<[BridgeConfig]> for TorClientConfig {
fn as_ref(&self) -> &[BridgeConfig] {
#[cfg(feature = "bridge-client")]
{
&self.bridges.bridges
}
#[cfg(not(feature = "bridge-client"))]
{
&[]
}
}
}
impl tor_guardmgr::GuardMgrConfig for TorClientConfig {
fn bridges_enabled(&self) -> bool {
self.bridges.bridges_enabled()
}
}
impl TorClientConfig {
#[rustfmt::skip]
pub(crate) fn dir_mgr_config(&self) -> Result<dir::DirMgrConfig, ConfigBuildError> {
Ok(dir::DirMgrConfig {
network: self.tor_network .clone(),
schedule: self.download_schedule .clone(),
tolerance: self.directory_tolerance.clone(),
cache_path: self.storage.expand_cache_dir()?,
cache_trust: self.storage.permissions.clone(),
override_net_params: self.override_net_params.clone(),
extensions: Default::default(),
})
}
pub fn fs_mistrust(&self) -> &Mistrust {
self.storage.permissions()
}
}
impl TorClientConfigBuilder {
pub fn from_directories<P, Q>(state_dir: P, cache_dir: Q) -> Self
where
P: AsRef<Path>,
Q: AsRef<Path>,
{
let mut builder = Self::default();
builder
.storage()
.cache_dir(CfgPath::new_literal(cache_dir.as_ref()))
.state_dir(CfgPath::new_literal(state_dir.as_ref()));
builder
}
}
pub fn default_config_files() -> Result<Vec<ConfigurationSource>, CfgPathError> {
["${ARTI_CONFIG}/arti.toml", "${ARTI_CONFIG}/arti.d/"]
.into_iter()
.map(|f| {
let path = CfgPath::new(f.into()).path()?;
Ok(ConfigurationSource::from_path(path))
})
.collect()
}
pub const FS_PERMISSIONS_CHECKS_DISABLE_VAR: &str = "ARTI_FS_DISABLE_PERMISSION_CHECKS";
#[deprecated(since = "0.5.0")]
pub fn fs_permissions_checks_disabled_via_env() -> bool {
std::env::var_os(FS_PERMISSIONS_CHECKS_DISABLE_VAR).is_some()
}
#[cfg(test)]
mod test {
#![allow(clippy::unwrap_used)]
use super::*;
#[test]
fn defaults() {
let dflt = TorClientConfig::default();
let b2 = TorClientConfigBuilder::default();
let dflt2 = b2.build().unwrap();
assert_eq!(&dflt, &dflt2);
}
#[test]
fn builder() {
let sec = std::time::Duration::from_secs(1);
let auth = dir::Authority::builder()
.name("Fred")
.v3ident([22; 20].into())
.clone();
let mut fallback = dir::FallbackDir::builder();
fallback
.rsa_identity([23; 20].into())
.ed_identity([99; 32].into())
.orports()
.push("127.0.0.7:7".parse().unwrap());
let mut bld = TorClientConfig::builder();
bld.tor_network().set_authorities(vec![auth]);
bld.tor_network().set_fallback_caches(vec![fallback]);
bld.storage()
.cache_dir(CfgPath::new("/var/tmp/foo".to_owned()))
.state_dir(CfgPath::new("/var/tmp/bar".to_owned()));
bld.download_schedule().retry_certs().attempts(10);
bld.download_schedule().retry_certs().initial_delay(sec);
bld.download_schedule().retry_certs().parallelism(3);
bld.download_schedule().retry_microdescs().attempts(30);
bld.download_schedule()
.retry_microdescs()
.initial_delay(10 * sec);
bld.download_schedule().retry_microdescs().parallelism(9);
bld.override_net_params()
.insert("wombats-per-quokka".to_owned(), 7);
bld.path_rules()
.ipv4_subnet_family_prefix(20)
.ipv6_subnet_family_prefix(48);
bld.circuit_timing()
.max_dirtiness(90 * sec)
.request_timeout(10 * sec)
.request_max_retries(22)
.request_loyalty(3600 * sec);
bld.address_filter().allow_local_addrs(true);
let val = bld.build().unwrap();
assert_ne!(val, TorClientConfig::default());
}
#[test]
fn check_default() {
let dflt = default_config_files().unwrap();
assert!(dflt[0].as_path().ends_with("arti.toml"));
assert!(dflt[1].as_path().ends_with("arti.d"));
assert_eq!(dflt.len(), 2);
}
}