Add TLS support

2025-09-03 22:23:45 -07:00
parent 0595fbc651
commit b0dfc4146c
4 changed files with 125 additions and 8 deletions
--- a/kordophone/Cargo.toml
+++ b/kordophone/Cargo.toml
@@ -21,8 +21,9 @@ serde_json = "1.0.91"
 serde_plain = "1.0.2"
 time = { version = "0.3.17", features = ["parsing", "serde"] }
 tokio = { version = "1.37.0", features = ["full"] }
-tokio-tungstenite = "0.26.2"
+tokio-tungstenite = { version = "0.26.2", features = ["rustls-tls-webpki-roots"] }
 tokio-util = { version = "0.7.15", features = ["futures-util"] }
-tungstenite = "0.26.2"
+tungstenite = { version = "0.26.2", features = ["rustls-tls-webpki-roots"] }
 urlencoding = "2.1.3"
 uuid = { version = "1.6.1", features = ["v4", "fast-rng", "macro-diagnostics"] }
+rustls = { version = "0.23", default-features = false, features = ["ring"] }
--- a/kordophone/src/api/http_client.rs
+++ b/kordophone/src/api/http_client.rs
@@ -7,6 +7,7 @@ use crate::api::event_socket::{EventSocket, SinkMessage, SocketEvent, SocketUpda
 use crate::api::AuthenticationStore;
 use bytes::Bytes;
 use hyper::{Body, Client, Method, Request, Uri};
+use hyper_tls::HttpsConnector;

 use async_trait::async_trait;
 use serde::{de::DeserializeOwned, Deserialize, Serialize};
@@ -28,7 +29,7 @@ use crate::{
    APIInterface,
 };

-type HttpClient = Client<hyper::client::HttpConnector>;
+type HttpClient = Client<HttpsConnector<hyper::client::HttpConnector>>;

 pub struct HTTPAPIClient<K: AuthenticationStore + Send + Sync> {
    pub base_url: Uri,
@@ -458,11 +459,10 @@ impl<K: AuthenticationStore + Send + Sync> APIInterface for HTTPAPIClient<K> {

 impl<K: AuthenticationStore + Send + Sync> HTTPAPIClient<K> {
    pub fn new(base_url: Uri, auth_store: K) -> HTTPAPIClient<K> {
-        HTTPAPIClient {
-            base_url,
-            auth_store,
-            client: Client::new(),
-        }
+        let https = HttpsConnector::new();
+        let client = Client::builder().build::<_, Body>(https);
+
+        HTTPAPIClient { base_url, auth_store, client }
    }

    fn uri_for_endpoint(&self, endpoint: &str, scheme: Option<&str>) -> Result<Uri, Error> {
--- a/kordophone/src/lib.rs
+++ b/kordophone/src/lib.rs
@@ -5,3 +5,16 @@ pub use self::api::APIInterface;

 #[cfg(test)]
 pub mod tests;
+
+// Ensure a process-level rustls CryptoProvider is installed for TLS (wss).
+// Rustls 0.23 requires an explicit provider installation (e.g., ring or aws-lc).
+// We depend on rustls with feature "ring" and install it once at startup.
+#[ctor::ctor]
+fn install_rustls_crypto_provider() {
+    // If already installed, this is a no-op. Ignore the result.
+    #[allow(unused_must_use)]
+    {
+        use rustls::crypto::ring;
+        ring::default_provider().install_default();
+    }
+}