Add http feature flag with axum, hyper, hyper-util, tower, and http-body-util dependencies. Create http module with auth middleware (extracts Bearer token, calls IdentityProvider::resolve_from_token, attaches Identity to extensions) and router scaffold (default 404 fallback, no operational routes yet). Replace send_fake_nginx_404 with axum router handoff when http feature is enabled; fake 404 behavior preserved when http is disabled. Wire HttpInterface with build_router() method and pass IdentityProvider through Server to handle_connection.
111 lines
4.6 KiB
Rust
111 lines
4.6 KiB
Rust
//! # alknet-core
|
|
//!
|
|
//! Core library for [Alknet](https://git.alk.dev/alkdev/alknet), a self-hostable SSH-based
|
|
//! tunnel tool. This crate provides the transport abstraction, SOCKS5 server, port forwarding,
|
|
//! authentication, and server handler — everything needed to build an alknet client or server
|
|
//! on top of pluggable transports.
|
|
//!
|
|
//! > **Alpha software.** This crate depends on solid libraries (russh, tokio, rustls, iroh)
|
|
//! > for core functionality, but the integration layer has not been battle-tested. Use with
|
|
//! > caution and report issues.
|
|
//!
|
|
//! # Key concepts
|
|
//!
|
|
//! - **Transport trait** — produces a duplex byte stream (`AsyncRead + AsyncWrite + Unpin + Send`)
|
|
//! that SSH consumes. Implementations: TCP, TLS, iroh (QUIC P2P).
|
|
//! - **SOCKS5 server** — the primary client interface, listening on a local port and routing
|
|
//! traffic through SSH channels.
|
|
//! - **Port forwarding** — `-L` local and `-R` remote port forwards over SSH channels.
|
|
//! - **Authentication** — Ed25519 public key and OpenSSH certificate authority. No passwords.
|
|
//! - **Server handler** — accepts SSH connections via a `TransportAcceptor` and proxies
|
|
//! `direct-tcpip` channel requests to targets (directly or via outbound proxy).
|
|
//!
|
|
//! # Feature flags
|
|
//!
|
|
//! | Feature | Default | Description |
|
|
//! |---------|---------|-------------|
|
|
//! | `tls` | yes | TLS transport via `tokio-rustls` |
|
|
//! | `iroh` | yes | iroh QUIC P2P transport |
|
|
//! | `acme` | no | ACME/Let's Encrypt auto-cert provisioning (implies `tls`) |
|
|
//! | `irpc` | no | irpc service layer (AuthProtocol, AuthServiceImpl) |
|
|
//! | `testutil` | no | Test utilities (for internal use) |
|
|
//!
|
|
//! # Quick example
|
|
//!
|
|
//! ```no_run
|
|
//! use std::sync::Arc;
|
|
//! use alknet_core::transport::TcpTransport;
|
|
//! use alknet_core::client::{ClientSession, ConnectOptions, TransportMode};
|
|
//! use alknet_core::auth::keys::KeySource;
|
|
//! use alknet_core::Transport;
|
|
//!
|
|
//! #[tokio::main]
|
|
//! async fn main() -> anyhow::Result<()> {
|
|
//! let opts = ConnectOptions::new(KeySource::File("/path/to/key".into()))
|
|
//! .server("example.com:22")
|
|
//! .transport_mode(TransportMode::Tcp);
|
|
//! let transport = Arc::new(TcpTransport::new("example.com:22".parse()?));
|
|
//! let session = ClientSession::new(opts, transport).await?;
|
|
//! session.run().await?;
|
|
//! Ok(())
|
|
//! }
|
|
//! ```
|
|
|
|
pub mod auth;
|
|
pub mod call;
|
|
pub mod client;
|
|
pub mod config;
|
|
pub mod credentials;
|
|
pub mod error;
|
|
pub mod interface;
|
|
pub mod server;
|
|
pub mod socks5;
|
|
pub mod transport;
|
|
|
|
#[cfg(feature = "http")]
|
|
pub mod http;
|
|
|
|
#[cfg(feature = "http")]
|
|
pub use http::IdentityExt;
|
|
|
|
#[cfg(feature = "testutil")]
|
|
pub mod testutil;
|
|
|
|
#[cfg(feature = "irpc")]
|
|
pub use auth::{AuthProtocol, AuthResult, AuthServiceImpl};
|
|
pub use auth::{AuthToken, ConfigIdentityProvider, Identity, IdentityProvider};
|
|
pub use call::{
|
|
decode as decode_frame, decode_with_remainder as decode_frame_with_remainder,
|
|
encode as encode_frame,
|
|
};
|
|
pub use call::{
|
|
register_default_operations, services_list_spec, services_schema_spec, AccessControl,
|
|
CallError, EventEnvelope, FrameDecodeError, Handler, OperationContext, OperationEnv,
|
|
OperationRegistry, OperationRegistryBuilder, OperationSpec, OperationType, PendingRequestMap,
|
|
ResponseEnvelope,
|
|
};
|
|
pub use call::{CALL_ABORTED, CALL_COMPLETED, CALL_ERROR, CALL_REQUESTED, CALL_RESPONDED};
|
|
pub use client::channel_manager::{ChannelManager, ForwardRequest};
|
|
pub use client::connect::{ClientSession, ConnectError, ConnectOptions, TransportMode};
|
|
pub use config::{
|
|
AuthPolicy, ConfigReloadHandle, ConfigServiceImpl, DynamicConfig, ForwardingAction,
|
|
ForwardingPolicy, ForwardingRule, RateLimitConfig, StaticConfig, TargetPattern,
|
|
};
|
|
pub use credentials::{
|
|
ConfigCredentialProvider, CredentialProvider, CredentialSet, SecretStoreCredentialProvider,
|
|
};
|
|
pub use error::{AuthError, ChannelError, ConfigError, ForwardError, TransportError};
|
|
pub use interface::{
|
|
is_valid_pair, DnsInterface, DnsInterfaceConfig, HttpInterface, HttpInterfaceConfig,
|
|
InterfaceConfig, InterfaceEvent, InterfaceRequest, InterfaceResponse, InterfaceSession,
|
|
MessageInterface, MessageInterfaceConfig, MessageInterfaceKind, RawFramingConfig,
|
|
RawFramingInterface, RawFramingSession, SshInterface, SshInterfaceConfig, SshSession,
|
|
StreamInterface, StreamInterfaceConfig, StreamInterfaceKind, TransportKindBase,
|
|
TransportStream, VALID_TRANSPORT_INTERFACE_PAIRS,
|
|
};
|
|
pub use server::serve::{
|
|
DnsListenerConfig, HttpListenerConfig, ListenerConfig, ServeError, ServeOptions,
|
|
ServeTransportMode, Server, StreamListenerConfig,
|
|
};
|
|
pub use transport::{Transport, TransportAcceptor, TransportInfo, TransportKind};
|