From d8845385237bc99d6674d2ed119cdc4c1e2bfdd5 Mon Sep 17 00:00:00 2001
From: RGBCube <RGBCube@users.noreply.github.com>
Date: Sat, 6 Jan 2024 17:05:45 +0300
Subject: [PATCH] Somewhat add SSl/TLS

---
 Cargo.lock        | 121 ++++++++++++++++++++++++++++++++++++++++++++++
 Cargo.toml        |   4 +-
 src/main.rs       |  72 +++++++++++++++++++++++----
 src/page/page.css |   2 +-
 4 files changed, 187 insertions(+), 12 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 1012e66..073ba94 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -28,6 +28,7 @@ dependencies = [
  "actix-codec",
  "actix-rt",
  "actix-service",
+ "actix-tls",
  "actix-utils",
  "ahash",
  "base64",
@@ -119,6 +120,27 @@ dependencies = [
  "pin-project-lite",
 ]
 
+[[package]]
+name = "actix-tls"
+version = "3.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "72616e7fbec0aa99c6f3164677fa48ff5a60036d0799c98cab894a44f3e0efc3"
+dependencies = [
+ "actix-rt",
+ "actix-service",
+ "actix-utils",
+ "futures-core",
+ "impl-more",
+ "pin-project-lite",
+ "rustls",
+ "rustls-webpki",
+ "tokio",
+ "tokio-rustls",
+ "tokio-util",
+ "tracing",
+ "webpki-roots",
+]
+
 [[package]]
 name = "actix-utils"
 version = "3.0.1"
@@ -142,6 +164,7 @@ dependencies = [
  "actix-rt",
  "actix-server",
  "actix-service",
+ "actix-tls",
  "actix-utils",
  "actix-web-codegen",
  "ahash",
@@ -826,6 +849,12 @@ dependencies = [
  "unicode-normalization",
 ]
 
+[[package]]
+name = "impl-more"
+version = "0.1.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "206ca75c9c03ba3d4ace2460e57b189f39f43de612c2f85836e65c929701bb2d"
+
 [[package]]
 name = "indexmap"
 version = "2.1.0"
@@ -1232,6 +1261,20 @@ version = "0.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f"
 
+[[package]]
+name = "ring"
+version = "0.17.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "688c63d65483050968b2a8937f7995f443e27041a0f7700aa59b0822aedebb74"
+dependencies = [
+ "cc",
+ "getrandom",
+ "libc",
+ "spin",
+ "untrusted",
+ "windows-sys 0.48.0",
+]
+
 [[package]]
 name = "rustc-demangle"
 version = "0.1.23"
@@ -1260,6 +1303,44 @@ dependencies = [
  "windows-sys 0.52.0",
 ]
 
+[[package]]
+name = "rustls"
+version = "0.21.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba"
+dependencies = [
+ "log",
+ "ring",
+ "rustls-webpki",
+ "sct",
+]
+
+[[package]]
+name = "rustls-pemfile"
+version = "2.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "35e4980fa29e4c4b212ffb3db068a564cbf560e51d3944b7c88bd8bf5bec64f4"
+dependencies = [
+ "base64",
+ "rustls-pki-types",
+]
+
+[[package]]
+name = "rustls-pki-types"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9e9d979b3ce68192e42760c7810125eb6cf2ea10efae545a156063e61f314e2a"
+
+[[package]]
+name = "rustls-webpki"
+version = "0.101.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
 [[package]]
 name = "ryu"
 version = "1.0.16"
@@ -1272,6 +1353,16 @@ version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
 
+[[package]]
+name = "sct"
+version = "0.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
 [[package]]
 name = "semver"
 version = "1.0.21"
@@ -1367,6 +1458,8 @@ dependencies = [
  "mime_guess",
  "minify-js",
  "pulldown-cmark",
+ "rustls",
+ "rustls-pemfile",
 ]
 
 [[package]]
@@ -1394,6 +1487,12 @@ dependencies = [
  "windows-sys 0.48.0",
 ]
 
+[[package]]
+name = "spin"
+version = "0.9.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
+
 [[package]]
 name = "strsim"
 version = "0.10.0"
@@ -1492,6 +1591,16 @@ dependencies = [
  "windows-sys 0.48.0",
 ]
 
+[[package]]
+name = "tokio-rustls"
+version = "0.24.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081"
+dependencies = [
+ "rustls",
+ "tokio",
+]
+
 [[package]]
 name = "tokio-util"
 version = "0.7.10"
@@ -1602,6 +1711,12 @@ version = "0.1.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e51733f11c9c4f72aa0c160008246859e340b00807569a0da0e7a1079b27ba85"
 
+[[package]]
+name = "untrusted"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
+
 [[package]]
 name = "url"
 version = "2.5.0"
@@ -1685,6 +1800,12 @@ version = "0.2.89"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7ab9b36309365056cd639da3134bf87fa8f3d86008abf99e612384a6eecd459f"
 
+[[package]]
+name = "webpki-roots"
+version = "0.25.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1778a42e8b3b90bff8d0f5032bf22250792889a5cdc752aa0020c84abe3aaf10"
+
 [[package]]
 name = "winapi"
 version = "0.3.9"
diff --git a/Cargo.toml b/Cargo.toml
index 49c34d5..0a7f65a 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -9,7 +9,7 @@ repositoty  = "https://github.com/RGBCube/rgbcube.github.io"
 edition     = "2021"
 
 [dependencies]
-actix-web      = "4.4.1"
+actix-web      = { version = "4.4.1", features = [ "rustls-0_21" ] }
 anyhow         = "1.0.77"
 bytes          = "1.5.0"
 cargo_toml     = "0.17.2"
@@ -22,6 +22,8 @@ maud           = { version = "0.25.0", features = [ "actix-web" ] }
 mime_guess     = "2.0.4"
 minify-js      = "0.6.0"
 pulldown-cmark = "0.9.3"
+rustls         = "0.21"
+rustls-pemfile = "2.0.0"
 
 [patch.crates-io]
 proc-macro2 = { git = "https://github.com/RGBCube/proc-macro2" }
diff --git a/src/main.rs b/src/main.rs
index 61080cb..3329342 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,4 +1,4 @@
-#![feature(lazy_cell)]
+#![feature(iterator_try_collect, lazy_cell, let_chains)]
 
 mod asset;
 mod errors;
@@ -7,6 +7,12 @@ mod minify;
 mod page;
 mod routes;
 
+use std::{
+    fs::File,
+    io::BufReader,
+    path::PathBuf,
+};
+
 use actix_web::{
     main as async_main,
     middleware,
@@ -15,16 +21,31 @@ use actix_web::{
 };
 use anyhow::Context;
 use clap::Parser;
+use rustls::{
+    pki_types::PrivateKeyDer,
+    ServerConfig,
+};
+use rustls_pemfile::{
+    certs,
+    rsa_private_keys,
+};
 
 #[derive(Parser)]
 #[command(author, version, about)]
 struct Cli {
-    /// The port to listen for connections on.
+    /// The port to listen for connections on
     #[arg(long, default_value = "8080")]
     port: u16,
-    /// The log level to log stuff with.
+    /// The log level to log stuff with
     #[arg(long, default_value = "info")]
     log_level: log::LevelFilter,
+
+    /// The path to the certificate file
+    #[arg(long)]
+    certificate: Option<PathBuf>,
+    /// The path to the key file
+    #[arg(long)]
+    key: Option<PathBuf>,
 }
 
 #[async_main]
@@ -37,17 +58,48 @@ async fn main() -> anyhow::Result<()> {
         .format_timestamp(None)
         .init();
 
-    HttpServer::new(|| {
+    let server = HttpServer::new(|| {
         App::new()
             .wrap(middleware::Logger::default())
             .wrap(errors::handler())
             .service(routes::handler())
-    })
-    .bind(("0.0.0.0", args.port))
-    .with_context(|| format!("Failed to bind to 0.0.0.0:{}", args.port))?
-    .run()
-    .await
-    .with_context(|| "Failed to run HttpServer")?;
+    });
+
+    let server = if let Some(certificate_path) = args.certificate
+        && let Some(key_path) = args.key
+    {
+        let certificates = certs(&mut BufReader::new(
+            File::open(certificate_path).with_context(|| {
+                format!(
+                    "Failed to open certificate file at {}",
+                    certificate_path.display()
+                )
+            })?,
+        ));
+
+        let mut keys = rsa_private_keys(&mut BufReader::new(
+            File::open(key_path)
+                .with_context(|| format!("Failed to open key file at {}", key_path.display()))?,
+        ));
+
+        let tls_config = ServerConfig::builder()
+            .with_no_client_auth()
+            .with_single_cert(
+                certificates.try_collect::<Vec<_>>()?,
+                PrivateKeyDer::Pkcs1(keys.next().unwrap()?),
+            )
+            .unwrap();
+
+        server.bind_rustls(("0.0.0.0", args.port), tls_config)
+    } else {
+        server.bind(("0.0.0.0", args.port))
+    };
+
+    server
+        .with_context(|| format!("Failed to bind to 0.0.0.0:{}", args.port))?
+        .run()
+        .await
+        .with_context(|| "Failed to run HttpServer")?;
 
     Ok(())
 }
diff --git a/src/page/page.css b/src/page/page.css
index f127262..17cb3a6 100644
--- a/src/page/page.css
+++ b/src/page/page.css
@@ -26,4 +26,4 @@ html {
 
 a {
   text-decoration-line: none;
-}
\ No newline at end of file
+}