support_kit/deployments/
security_control.rs

1use rustls_acme::{axum::AxumAcceptor, caches::DirCache, AcmeConfig};
2use tokio_stream::StreamExt;
3
4#[derive(Debug, Default, bon::Builder)]
5pub struct SecurityControl {
6    config: super::SecurityConfig,
7}
8
9impl SecurityControl {
10    pub fn new(deployment: &super::DeploymentConfig) -> Self {
11        Self::builder().config(deployment.security.clone()).build()
12    }
13
14    pub async fn init(&self) -> Option<AxumAcceptor> {
15        match &self.config {
16            super::SecurityConfig::Acme {
17                domains,
18                emails,
19                cache,
20                production,
21                ..
22            } => {
23                let mut state = AcmeConfig::new(domains)
24                    .contact(emails.iter().map(|email| format!("mailto:{email}")))
25                    .cache_option(cache.clone().map(DirCache::new))
26                    .directory_lets_encrypt(*production)
27                    .state();
28
29                let acceptor = state.axum_acceptor(state.default_rustls_config());
30
31                tokio::spawn(async move {
32                    loop {
33                        match state.next().await.unwrap() {
34                            Ok(ok) => tracing::info!("tls certification event: {:?}", ok),
35                            Err(err) => {
36                                tracing::error!("tls certification error: {:?}", err)
37                            }
38                        }
39                    }
40                });
41
42                Some(acceptor)
43            }
44            _ => None,
45        }
46    }
47}
support_kit/deployments/security_control.rs

support_kit/deployments/
security_control.rs
