hydra_websockets/websocket_server_config.rs
1use std::net::SocketAddr;
2use std::time::Duration;
3
4/// A set of configuration options for the websocket server.
5#[derive(Debug, Clone)]
6pub struct WebsocketServerConfig {
7 pub(crate) address: SocketAddr,
8 pub(crate) handshake_timeout: Option<Duration>,
9 pub(crate) max_message_size: Option<usize>,
10 pub(crate) max_frame_size: Option<usize>,
11 #[cfg(feature = "native-tls")]
12 pub(crate) tls_pkcs12_der: Option<Vec<u8>>,
13 #[cfg(feature = "native-tls")]
14 pub(crate) tls_pkcs12_password: Option<String>,
15 #[cfg(feature = "native-tls")]
16 pub(crate) tls_pkcs8_pem: Option<Vec<u8>>,
17 #[cfg(feature = "native-tls")]
18 pub(crate) tls_pkcs8_key: Option<Vec<u8>>,
19}
20
21impl WebsocketServerConfig {
22 /// Constructs a new [WebsocketServerConfig] with the given address to listen on.
23 pub fn new(address: SocketAddr) -> Self {
24 use tokio_tungstenite::tungstenite;
25 use tungstenite::protocol::*;
26
27 let defaults = WebSocketConfig::default();
28
29 Self {
30 address,
31 handshake_timeout: None,
32 max_message_size: defaults.max_message_size,
33 max_frame_size: defaults.max_frame_size,
34 #[cfg(feature = "native-tls")]
35 tls_pkcs12_der: None,
36 #[cfg(feature = "native-tls")]
37 tls_pkcs12_password: None,
38 #[cfg(feature = "native-tls")]
39 tls_pkcs8_pem: None,
40 #[cfg(feature = "native-tls")]
41 tls_pkcs8_key: None,
42 }
43 }
44
45 /// Sets the timeout for websocket handshakes.
46 ///
47 /// When tls is enabled, this time includes the tls handshake as well.
48 pub const fn handshake_timeout(mut self, timeout: Duration) -> Self {
49 self.handshake_timeout = Some(timeout);
50 self
51 }
52
53 /// Sets the maximum size of an incoming message. `None` means no size limit. The default value is 64 MiB
54 /// which should be reasonably big for all normal use-cases but small enough to prevent
55 /// memory eating by a malicious user.
56 pub const fn max_message_size(mut self, size: Option<usize>) -> Self {
57 self.max_message_size = size;
58 self
59 }
60
61 /// Sets the maximum size of a single incoming message frame. `None` means no size limit. The limit is for
62 /// frame payload NOT including the frame header. The default value is 16 MiB which should
63 /// be reasonably big for all normal use-cases but small enough to prevent memory eating
64 /// by a malicious user.
65 pub const fn max_frame_size(mut self, size: Option<usize>) -> Self {
66 self.max_frame_size = size;
67 self
68 }
69
70 /// Loads a DER-formatted PKCS #12 archive, using the specified `password` to decrypt the key.
71 ///
72 /// The archive should contain a leaf certificate and its private key,
73 /// as well any intermediate certificates that should be sent to clients to allow them to build a chain to a trusted root.
74 /// The chain certificates should be in order from the leaf certificate towards the root.
75 ///
76 /// PKCS #12 archives typically have the file extension .p12 or .pfx, and can be created with the OpenSSL pkcs12 tool:
77 /// ```ignore
78 /// openssl pkcs12 -export -out identity.pfx -inkey key.pem -in cert.pem -certfile chain_certs.pem
79 /// ```
80 #[cfg(feature = "native-tls")]
81 pub fn tls_pkcs12<D: Into<Vec<u8>>, S: Into<String>>(mut self, der: D, password: S) -> Self {
82 self.tls_pkcs12_der = Some(der.into());
83 self.tls_pkcs12_password = Some(password.into());
84 self
85 }
86
87 /// Loads a chain of PEM encoded X509 certificates, with the leaf certificate first.
88 /// `key` is a PEM encoded PKCS #8 formatted private key for the leaf certificate.
89 ///
90 /// The certificate chain should contain any intermediate cerficates that should be sent to clients to allow them to build a chain to a trusted root.
91 ///
92 /// A certificate chain here means a series of PEM encoded certificates concatenated together.
93 #[cfg(feature = "native-tls")]
94 pub fn tls_pkcs8<P: Into<Vec<u8>>, K: Into<Vec<u8>>>(mut self, pem: P, key: K) -> Self {
95 self.tls_pkcs8_pem = Some(pem.into());
96 self.tls_pkcs8_key = Some(key.into());
97 self
98 }
99}