tag2upload_service_manager/

dns.rs

use crate::prelude::*;

#[derive(Debug, Clone, Eq, PartialEq)]
pub struct DnsGlobPattern(glob::Pattern);

#[derive(Debug, Clone, Eq, PartialEq, Deftly)]
#[derive_deftly(DeserializeViaFromStr)]
#[deftly(deser(expect = "dns glob pattern or IP address mask"))]
pub enum AllowedClient {
    Addr(IpNet),
    /// Names must not contain `:`
    /// and their last dotted component must contain some nondigits.
    Name(DnsGlobPattern),
}

pub struct IsAllowedClient { _hidden: () }

#[derive(Error, Debug, Clone)]
#[error("syntactically invalid IP network or DNS name (or glob pattern)")]
pub struct InvalidAllowedClient;

#[derive(Error, Debug, Clone)]
#[error("client not permitted: {client}")]
pub struct DisallowedClient {
    client: ActualClient,
}

pub type Resolver = hickory_resolver::TokioResolver;
use hickory_resolver::ResolveError;

impl IsAllowedClient {
    pub fn new_unchecked() -> Self {
        IsAllowedClient { _hidden: () }
    }
}

/// Actual calling IP address, possibly DNS resolved
#[derive(Debug, Clone)]
pub struct ActualClient {
    addr: IpAddr,
    names: OnceLock<Result<Vec<String>, ResolveError>>,
}

impl ActualClient {
    pub fn new(addr: IpAddr) -> Self {
        ActualClient { addr, names: OnceLock::new() }
    }
}

impl Display for ActualClient {
    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
        write!(f, "[{}]", self.addr)?;
        match &self.names.get() {
            None => {},
            Some(Ok(names)) => {
                for n in names {
                    write!(f, "/{n:?}")?;
                }
            }
            Some(Err(e)) => {
                write!(f, "({})", e)?;
            }
        }
        Ok(())
    }
}

impl FromStr for DnsGlobPattern {
    type Err = InvalidAllowedClient;

    fn from_str(s: &str) -> Result<Self, InvalidAllowedClient> {
        (|| {
            if s.contains(':') {
                return None;
            }
            if ! "*[".chars().any(|c| s.contains(c)) {
                // It's not yet definitely a glob pattern;
                // nor is it definitely an IPv6 address.
                // See if the last component is all digits - then
                // it's probably a (possibly invalid) IP address.
                let rhs = s.rsplit_once('.').map(|(_, r)| r).unwrap_or(s);
                if rhs.chars().all(|c| c.is_ascii_digit()) {
                    return None;
                }
            }
            let s = s.to_ascii_lowercase();
            let g = glob::Pattern::new(&s).ok()?;
            Some(DnsGlobPattern(g))
        })().ok_or(InvalidAllowedClient)
    }
}

impl FromStr for AllowedClient {
    type Err = InvalidAllowedClient;
    fn from_str(s: &str) -> Result<Self, InvalidAllowedClient> {
        Ok(if let Ok(net) = s.parse() {
            AllowedClient::Addr(net)
        } else if let Ok(pat) = s.parse() {
            AllowedClient::Name(pat)
        } else {
            return Err(InvalidAllowedClient);
        })
    }
}

impl ActualClient {
    /// The `String` is the hostname, if it was found
    pub async fn allowed_by(
        &self,
        allowed: &[AllowedClient],
    ) -> Result<IsAllowedClient, DisallowedClient> {
        self.allowed_by_inner(allowed).await
            .map_err(|()| DisallowedClient { client: self.clone() })
    }

    pub async fn allowed_by_inner(
        &self,
        allowed: &[AllowedClient],
    ) -> Result<IsAllowedClient, ()> {
        let mut any_names = None;

        if let Some(y) = allowed.iter().find_map(|a| match a {
            AllowedClient::Addr(a) => a.contains(&self.addr)
                .then(|| IsAllowedClient::new_unchecked()),
            AllowedClient::Name(_) => {
                any_names = Some(());
                None
            }
        }) {
            return Ok(y);
        }

        let () = any_names.ok_or(())?;
        let names = self.resolve().await?;

        if let Some(y) = allowed.iter().find_map(|a| {
            let AllowedClient::Name(g) = a
            else { return None };

            names.iter().find_map(|n| {
                g.0.matches(n)
                    .then(|| IsAllowedClient::new_unchecked())
            })
        }) {
            return Ok(y)
        }

        Err(())
    }

    async fn resolve(&self) -> Result<&[String], ()> {
        if self.names.get().is_none() {
            // (In theory we might run this twice in parallel;
            // but we don't share &ActualClient, so that doesn't happen.)
            let new_names = Self::resolve_inner(self.addr).await;
            self.names.set(new_names)
                .unwrap_or_else(|_: Result<Vec<String>, ResolveError>| ());
        }
        self.names
            .get().expect("just resolved")
            .as_deref()
            .map_err(|_| ())
    }

    async fn resolve_inner(addr: IpAddr) -> Result<Vec<String>, ResolveError> {
        let names = globals().dns_resolver
            .reverse_lookup(addr).await?
            .iter()
            .map(|ptr| {
                let name = ptr.to_lowercase().to_ascii();
                // hickory returns a `PTR` which contains one of its `Name`s
                // for which its `.to_ascii()` produces trailing `.`.  This
                // will always be absolute since that's what a PTR is.  (This
                // code copes if hickory does something different in future.)
                let name = name.strip_suffix('.').unwrap_or(&name);
                name.to_owned()
            })
            .collect_vec();
        Ok(names)
    }
}

impl DisallowedClient {
    pub fn http_status(&self) -> rocket::http::Status {
        use rocket::http::Status as S;
        match self.client.names.get() {
            None | Some(Ok(_)) => S::Forbidden,
            // DNS resolution failure, best error code is probably 503
            Some(Err(_)) => S::InternalServerError,
        }
    }
}

#[test]
fn chk_allowed_client() {
    let chk_name = |s: &str| {
        let allow: AllowedClient = s.parse().expect(s);
        let glob = DnsGlobPattern(s.parse().expect(s));
        assert_eq!(allow, AllowedClient::Name(glob));
    };
    let chk_addr = |s: &str| {
        let allow: AllowedClient = s.parse().expect(s);
        let addr = s.parse().expect(s);
        assert_eq!(allow, AllowedClient::Addr(addr));
    };
    let chk_err = |s: &str| {
        s.parse::<AllowedClient>().err().expect(s);
    };
    chk_name("*");
    chk_name("a");
    chk_name("a.b");
    chk_name("3com");
    chk_name("a.3com");
    chk_name("[a]");

    chk_addr("::1/128");
    chk_addr("12.0.0.1/32");
    chk_addr("::/0");
    chk_addr("0.0.0.0/0");

    chk_err("1");
    chk_err("127.0.0.1");
    chk_err("::1");
}