diff --git a/.cargo/audit.toml b/.cargo/audit.toml index 8969ab1c..8ec19633 100644 --- a/.cargo/audit.toml +++ b/.cargo/audit.toml @@ -2,5 +2,5 @@ ignore = [ "RUSTSEC-2024-0365", # Bound by diesel 1.4 (4GB limit n/a to tokenserver) "RUSTSEC-2024-0421", # Bound by diesel 1.4, `idna` < 0.1.5, Upgrade to >=1.0.0 - "RUSTSEC-2024-0437", # Bound by grpcio 0.13 + "RUSTSEC-2024-0437", # Bound by grpcio 0.13, ] diff --git a/Cargo.lock b/Cargo.lock index c29969e0..0ca29280 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1,6 +1,6 @@ # This file is automatically @generated by Cargo. # It is not intended for manual editing. -version = 3 +version = 4 [[package]] name = "actix-codec" @@ -268,15 +268,6 @@ dependencies = [ "libc", ] -[[package]] -name = "ansi_term" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d52a9bb7ec0cf484c551830a7ce27bd20d67eac647e1befb56b0be4ee39a55d2" -dependencies = [ - "winapi", -] - [[package]] name = "anstream" version = "0.6.18" @@ -372,17 +363,6 @@ version = "1.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0" -[[package]] -name = "atty" -version = "0.2.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8" -dependencies = [ - "hermit-abi 0.1.19", - "libc", - "winapi", -] - [[package]] name = "autocfg" version = "1.4.0" @@ -412,25 +392,22 @@ checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" [[package]] name = "bindgen" -version = "0.59.2" +version = "0.69.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2bd2a9a458e8f4304c52c43ebb0cfbd520289f8379a52e329a38afda99bf8eb8" +checksum = "271383c67ccabffb7381723dea0672a673f292304fcb45c01cc648c7a8d58088" dependencies = [ - "bitflags 1.3.2", + "bitflags 2.9.0", "cexpr", "clang-sys", - "clap", - "env_logger 0.9.3", + "itertools", "lazy_static", "lazycell", - "log", - "peeking_take_while", "proc-macro2", "quote", "regex", "rustc-hash 1.1.0", "shlex", - "which", + "syn 2.0.99", ] [[package]] @@ -577,21 +554,6 @@ dependencies = [ "libloading", ] -[[package]] -name = "clap" -version = "2.34.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a0610544180c38b88101fecf2dd634b174a62eef6946f84dfc6a7127512b381c" -dependencies = [ - "ansi_term", - "atty", - "bitflags 1.3.2", - "strsim 0.8.0", - "textwrap", - "unicode-width", - "vec_map", -] - [[package]] name = "cmake" version = "0.1.54" @@ -675,9 +637,9 @@ dependencies = [ [[package]] name = "crossbeam-channel" -version = "0.5.14" +version = "0.5.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "06ba6d68e24814cb8de6bb986db8222d3a027d15872cabc0d18817bc3c0e4471" +checksum = "82b8f8f868b36967f9606790d1903570de9ceaf870a7bf9fbbd3016d636a2cb2" dependencies = [ "crossbeam-utils", ] @@ -945,19 +907,6 @@ dependencies = [ "regex", ] -[[package]] -name = "env_logger" -version = "0.9.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a12e6657c4c97ebab115a42dcee77225f7f482cdd841cf7088c657a42e9e00e7" -dependencies = [ - "atty", - "humantime", - "log", - "regex", - "termcolor", -] - [[package]] name = "env_logger" version = "0.11.6" @@ -986,16 +935,6 @@ dependencies = [ "serde 1.0.218", ] -[[package]] -name = "errno" -version = "0.3.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "33d852cb9b869c2a9b3df2f71a3074817f01e1844f839a144f5fcef059a4eb5d" -dependencies = [ - "libc", - "windows-sys 0.59.0", -] - [[package]] name = "findshlibs" version = "0.10.2" @@ -1216,8 +1155,6 @@ dependencies = [ [[package]] name = "grpcio-sys" version = "0.13.0+1.56.2-patched" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b3dae9132320ae1b03ea55b5ddc88ca72a31fb85fa631a241a40157f5feffe43" dependencies = [ "bindgen", "boringssl-src", @@ -1294,15 +1231,6 @@ version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" -[[package]] -name = "hermit-abi" -version = "0.1.19" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33" -dependencies = [ - "libc", -] - [[package]] name = "hermit-abi" version = "0.3.9" @@ -1339,15 +1267,6 @@ dependencies = [ "digest", ] -[[package]] -name = "home" -version = "0.5.11" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "589533453244b0995c858700322199b2becb13b627df2851f64a2775d024abcf" -dependencies = [ - "windows-sys 0.59.0", -] - [[package]] name = "hostname" version = "0.4.0" @@ -1704,6 +1623,15 @@ version = "1.70.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7943c866cc5cd64cbc25b2e01621d07fa8eb2a1a23160ee81ce38704e97b8ecf" +[[package]] +name = "itertools" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569" +dependencies = [ + "either", +] + [[package]] name = "itoa" version = "1.0.15" @@ -1817,12 +1745,6 @@ version = "0.5.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f" -[[package]] -name = "linux-raw-sys" -version = "0.4.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d26c52dbd32dccf2d10cac7725f8eae5296885fb5703b261f7d0a0739ec807ab" - [[package]] name = "litemap" version = "0.7.5" @@ -2099,12 +2021,6 @@ version = "1.0.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" -[[package]] -name = "peeking_take_while" -version = "0.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099" - [[package]] name = "percent-encoding" version = "1.0.1" @@ -2195,9 +2111,9 @@ checksum = "106dd99e98437432fed6519dedecfade6a06a73bb7b2a1e019fdd2bee5778d94" [[package]] name = "pyo3" -version = "0.22.6" +version = "0.24.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f402062616ab18202ae8319da13fa4279883a2b8a9d9f83f20dbade813ce1884" +checksum = "17da310086b068fbdcefbba30aeb3721d5bb9af8db4987d6735b2183ca567229" dependencies = [ "cfg-if", "indoc", @@ -2213,9 +2129,9 @@ dependencies = [ [[package]] name = "pyo3-build-config" -version = "0.22.6" +version = "0.24.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b14b5775b5ff446dd1056212d778012cbe8a0fbffd368029fd9e25b514479c38" +checksum = "e27165889bd793000a098bb966adc4300c312497ea25cf7a690a9f0ac5aa5fc1" dependencies = [ "once_cell", "target-lexicon", @@ -2223,9 +2139,9 @@ dependencies = [ [[package]] name = "pyo3-ffi" -version = "0.22.6" +version = "0.24.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9ab5bcf04a2cdcbb50c7d6105de943f543f9ed92af55818fd17b660390fc8636" +checksum = "05280526e1dbf6b420062f3ef228b78c0c54ba94e157f5cb724a609d0f2faabc" dependencies = [ "libc", "pyo3-build-config", @@ -2233,9 +2149,9 @@ dependencies = [ [[package]] name = "pyo3-macros" -version = "0.22.6" +version = "0.24.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fd24d897903a9e6d80b968368a34e1525aeb719d568dba8b3d4bfa5dc67d453" +checksum = "5c3ce5686aa4d3f63359a5100c62a127c9f15e8398e5fdeb5deef1fed5cd5f44" dependencies = [ "proc-macro2", "pyo3-macros-backend", @@ -2245,9 +2161,9 @@ dependencies = [ [[package]] name = "pyo3-macros-backend" -version = "0.22.6" +version = "0.24.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "36c011a03ba1e50152b4b394b479826cad97e7a21eb52df179cd91ac411cbfbe" +checksum = "f4cf6faa0cbfb0ed08e89beb8103ae9724eb4750e3a78084ba4017cbe94f3855" dependencies = [ "heck", "proc-macro2", @@ -2533,19 +2449,6 @@ dependencies = [ "semver", ] -[[package]] -name = "rustix" -version = "0.38.44" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fdb5bc1ae2baa591800df16c9ca78619bf65c0488b41b96ccec5d11220d8c154" -dependencies = [ - "bitflags 2.9.0", - "errno", - "libc", - "linux-raw-sys", - "windows-sys 0.59.0", -] - [[package]] name = "rustls" version = "0.23.23" @@ -2959,12 +2862,6 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f" -[[package]] -name = "strsim" -version = "0.8.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ea5119cdb4c55b55d432abb513a0429384878c15dde60cc77b1c99de1a95a6a" - [[package]] name = "strsim" version = "0.10.0" @@ -3124,7 +3021,7 @@ version = "0.18.2" dependencies = [ "async-trait", "cadence", - "env_logger 0.11.6", + "env_logger", "futures 0.3.31", "hostname", "lazy_static", @@ -3170,7 +3067,7 @@ dependencies = [ "diesel", "diesel_logger", "diesel_migrations", - "env_logger 0.11.6", + "env_logger", "futures 0.3.31", "http 1.2.0", "slog-scope", @@ -3202,7 +3099,7 @@ dependencies = [ "backtrace", "cadence", "deadpool", - "env_logger 0.11.6", + "env_logger", "form_urlencoded", "futures 0.3.31", "google-cloud-rust-raw", @@ -3240,9 +3137,9 @@ checksum = "f764005d11ee5f36500a149ace24e00e3da98b0158b3e2d53a7495660d3f4d60" [[package]] name = "target-lexicon" -version = "0.12.16" +version = "0.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61c41af27dd6d1e27b1b16b489db798443478cef1f06a660c96db617ba5de3b1" +checksum = "e502f78cdbb8ba4718f566c418c52bc729126ffd16baee5baa718cf25dd5a69a" [[package]] name = "term" @@ -3255,24 +3152,6 @@ dependencies = [ "winapi", ] -[[package]] -name = "termcolor" -version = "1.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "06794f8f6c5c898b3275aebefa6b8a1cb24cd2c6c79397ab15774837a0bc5755" -dependencies = [ - "winapi-util", -] - -[[package]] -name = "textwrap" -version = "0.11.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d326610f408c7a4eb6f51c37c330e496b08506c9457c9d34287ecc38809fb060" -dependencies = [ - "unicode-width", -] - [[package]] name = "thiserror" version = "1.0.69" @@ -3414,6 +3293,7 @@ dependencies = [ "backtrace", "http 1.2.0", "jsonwebtoken", + "pyo3", "serde 1.0.218", "serde_json", "syncserver-common", @@ -3430,7 +3310,7 @@ dependencies = [ "diesel", "diesel_logger", "diesel_migrations", - "env_logger 0.11.6", + "env_logger", "futures 0.3.31", "http 1.2.0", "serde 1.0.218", @@ -3615,12 +3495,6 @@ dependencies = [ "tinyvec", ] -[[package]] -name = "unicode-width" -version = "0.1.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7dd6e30e90baa6f72411720665d41d89b9a3d039dc45b8faea1ddd07f617f6af" - [[package]] name = "unindent" version = "0.2.4" @@ -3731,12 +3605,6 @@ version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" -[[package]] -name = "vec_map" -version = "0.8.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191" - [[package]] name = "version_check" version = "0.9.5" @@ -3877,18 +3745,6 @@ dependencies = [ "rustls-pki-types", ] -[[package]] -name = "which" -version = "4.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" -dependencies = [ - "either", - "home", - "once_cell", - "rustix", -] - [[package]] name = "winapi" version = "0.3.9" diff --git a/tokenserver-auth/Cargo.toml b/tokenserver-auth/Cargo.toml index 7dacffaf..95fa7de1 100644 --- a/tokenserver-auth/Cargo.toml +++ b/tokenserver-auth/Cargo.toml @@ -28,7 +28,7 @@ syncserver-common = { path = "../syncserver-common" } tokenserver-common = { path = "../tokenserver-common" } tokenserver-settings = { path = "../tokenserver-settings" } tokio = { workspace = true } -pyo3 = { version = "0.22", features = ["auto-initialize"], optional = true } +pyo3 = { version = "0.24", features = ["auto-initialize"], optional = true } [dev-dependencies] diff --git a/tokenserver-auth/src/oauth/py.rs b/tokenserver-auth/src/oauth/py.rs index b4c16dd0..8377b272 100644 --- a/tokenserver-auth/src/oauth/py.rs +++ b/tokenserver-auth/src/oauth/py.rs @@ -1,11 +1,13 @@ use async_trait::async_trait; use jsonwebtoken::jwk::{AlgorithmParameters, Jwk, PublicKeyUse, RSAKeyParameters}; use pyo3::{ + ffi::c_str, prelude::{Py, PyAny, PyErr, PyModule, Python}, - types::{IntoPyDict, PyAnyMethods, PyDictMethods, PyString}, + types::{IntoPyDict, PyAnyMethods, PyString}, Bound, }; use serde_json; +use std::ffi::CStr; use syncserver_common::{BlockingThreadpool, Metrics}; use tokenserver_common::TokenserverError; use tokenserver_settings::Settings; @@ -26,18 +28,16 @@ pub struct Verifier { } impl Verifier { - const FILENAME: &'static str = "verify.py"; - pub fn new( settings: &Settings, blocking_threadpool: Arc, ) -> Result { let inner: Py = Python::with_gil::<_, Result, TokenserverError>>(|py| { - let code = include_str!("verify.py"); - let module = PyModule::from_code_bound(py, code, Self::FILENAME, Self::FILENAME) + let code: &CStr = c_str!(include_str!("verify.py")); + let module = PyModule::from_code(py, code, c_str!("verify.py"), c_str!("verify.py")) .map_err(pyerr_to_tokenserver_error)?; let kwargs = { - let dict = [("server_url", &settings.fxa_oauth_server_url)].into_py_dict_bound(py); + let dict = [("server_url", &settings.fxa_oauth_server_url)].into_py_dict(py)?; let parse_jwk = |jwk: &Jwk| { let (n, e) = match &jwk.algorithm { AlgorithmParameters::RSA(RSAKeyParameters { key_type: _, n, e }) => (n, e), @@ -71,7 +71,7 @@ impl Verifier { ("n", n), ("e", e), ] - .into_py_dict_bound(py); + .into_py_dict(py)?; Ok(dict) }; @@ -85,7 +85,7 @@ impl Verifier { (Some(jwk), None) | (None, Some(jwk)) => Some(vec![parse_jwk(jwk)?]), (None, None) => None, }; - dict.set_item("jwks", jwks).unwrap(); + dict.set_item("jwks", jwks)?; dict }; let object: Py = module diff --git a/tokenserver-auth/src/token/py.rs b/tokenserver-auth/src/token/py.rs index b4682576..c056bee3 100644 --- a/tokenserver-auth/src/token/py.rs +++ b/tokenserver-auth/src/token/py.rs @@ -1,12 +1,17 @@ use crate::{MakeTokenPlaintext, TokenserverError}; use pyo3::{ - prelude::{IntoPy, PyErr, PyModule, PyObject, Python}, - types::{IntoPyDict, PyAnyMethods, PyDictMethods}, + prelude::{IntoPyObject, PyErr, PyModule, Python}, + types::{IntoPyDict, PyAnyMethods, PyDict}, + Bound, }; pub struct PyTokenlib {} -impl IntoPy for MakeTokenPlaintext { - fn into_py(self, py: Python<'_>) -> PyObject { +impl<'py> IntoPyObject<'py> for MakeTokenPlaintext { + type Target = PyDict; + type Output = Bound<'py, Self::Target>; + type Error = PyErr; + + fn into_pyobject(self, py: Python<'py>) -> Result { let dict = [ ("node", self.node), ("fxa_kid", self.fxa_kid), @@ -15,14 +20,14 @@ impl IntoPy for MakeTokenPlaintext { ("hashed_fxa_uid", self.hashed_fxa_uid), ("tokenserver_origin", self.tokenserver_origin.to_string()), ] - .into_py_dict_bound(py); + .into_py_dict(py)?; // These need to be set separately since they aren't strings, and // Rust doesn't support heterogeneous arrays - dict.set_item("expires", self.expires).unwrap(); - dict.set_item("uid", self.uid).unwrap(); + dict.set_item("expires", self.expires)?; + dict.set_item("uid", self.uid)?; - dict.into() + Ok(dict) } } impl PyTokenlib { @@ -32,12 +37,15 @@ impl PyTokenlib { ) -> Result<(String, String), TokenserverError> { Python::with_gil(|py| { // `import tokenlib` - let module = PyModule::import_bound(py, "tokenlib") + let module = PyModule::import(py, "tokenlib") .inspect_err(|e| e.print_and_set_sys_last_vars(py))?; // `kwargs = { 'secret': shared_secret }` - let kwargs = [("secret", shared_secret)].into_py_dict_bound(py); + let kwargs = [("secret", shared_secret)].into_py_dict(py)?; // `token = tokenlib.make_token(plaintext, **kwargs)` - let token = module + // Adding a note, since not having explicit string type resulted in a very pesky and hard to find + // error, described https://github.com/PyO3/pyo3/issues/4702. To reproduce, remove type annotation + // from token. + let token: String = module .getattr("make_token")? .call((plaintext,), Some(&kwargs)) .inspect_err(|e| e.print_and_set_sys_last_vars(py)) diff --git a/tokenserver-common/Cargo.toml b/tokenserver-common/Cargo.toml index 8f4e372e..8b70dc0a 100644 --- a/tokenserver-common/Cargo.toml +++ b/tokenserver-common/Cargo.toml @@ -15,4 +15,9 @@ jsonwebtoken.workspace = true thiserror.workspace = true tokio.workspace = true +pyo3 = { version = "0.24", features = ["auto-initialize"], optional = true } syncserver-common = { path = "../syncserver-common" } + +[features] +default = ["py"] +py = ["pyo3"] \ No newline at end of file diff --git a/tokenserver-common/src/error.rs b/tokenserver-common/src/error.rs index c321bd2b..d794062b 100644 --- a/tokenserver-common/src/error.rs +++ b/tokenserver-common/src/error.rs @@ -3,6 +3,7 @@ use std::{cmp::PartialEq, error::Error, fmt}; use actix_web::{HttpResponse, ResponseError}; use backtrace::Backtrace; use http::StatusCode; +use pyo3::prelude::PyErr; use serde::{ ser::{SerializeMap, Serializer}, Serialize, @@ -328,6 +329,12 @@ impl InternalError for TokenserverError { } } +impl From for TokenserverError { + fn from(err: PyErr) -> Self { + InternalError::internal_error(err.to_string()) + } +} + #[cfg(test)] mod tests { use super::TokenserverError;