df2f4c70c9
Some checks failed
CI/CD Pipeline / Code Format (push) Successful in 3s
CI/CD Pipeline / Clippy Lints (push) Successful in 45s
CI/CD Pipeline / All Unit Tests (push) Successful in 1m24s
CI/CD Pipeline / Security Audit (push) Successful in 4s
CI/CD Pipeline / Enrollment Tests (push) Successful in 1m14s
CI/CD Pipeline / Build Debian Package (Ubuntu 22.04) (push) Failing after 4s
CI/CD Pipeline / Verify Enrollment CLI Flag (push) Successful in 1m0s
CI/CD Pipeline / Build Debian Package (push) Failing after 5s
CI/CD Pipeline / Build Arch Package (push) Successful in 2m24s
CI/CD Pipeline / Build RPM Package (push) Successful in 2m15s
CI/CD Pipeline / Build Alpine Package (push) Failing after 3m19s
- Add custom RateLimitMiddleware using governor crate for per-IP rate limiting - Two-tier rate limiting: destructive (20 req/min, burst 10) and read (120 req/min, burst 30) - Health endpoints (/health, /api/v1/system/info) exempt from rate limiting - Add max_queue_depth to JobManager (default: 100, configurable via config.yaml) - Return 429 Too Many Requests with Retry-After header when queue is full - Add RateLimitConfig to config.yaml with all rate limit settings - Add 10 tests covering rate limiting, queue depth, and configuration defaults Co-authored-by: git-echo <git-echo@moon-dragon.us>
146 lines
3.1 KiB
TOML
146 lines
3.1 KiB
TOML
[package]
|
|
name = "linux-patch-api"
|
|
version = "1.3.2"
|
|
edition = "2021"
|
|
authors = ["Echo <echo@moon-dragon.us>"]
|
|
description = "Secure remote package management API for Linux systems"
|
|
license = "MIT"
|
|
repository = "https://gitea.moon-dragon.us/echo/linux_patch_api"
|
|
rust-version = "1.75"
|
|
|
|
[dependencies]
|
|
# Web framework (Actix-web for HTTP API)
|
|
actix-web = { version = "4", features = ["rustls-0_23"] }
|
|
actix-rt = "2"
|
|
actix-web-actors = "4"
|
|
actix = "0.13"
|
|
actix-tls = { version = "3", features = ["rustls-0_23"] }
|
|
|
|
# Rate limiting (actix-governor for per-IP rate limiting)
|
|
actix-governor = "0.6"
|
|
|
|
# Async runtime
|
|
tokio = { version = "1", features = ["full"] }
|
|
|
|
# TLS/mTLS (rustls for modern TLS 1.3)
|
|
rustls = { version = "0.23", features = ["aws_lc_rs"] }
|
|
rustls-pemfile = "2"
|
|
tokio-rustls = "0.26"
|
|
x509-parser = { version = "0.16", features = ["verify"] }
|
|
|
|
# WebSocket support (actix-web-actors provides WebSocket for Actix-web)
|
|
tokio-tungstenite = "0.21"
|
|
futures-util = "0.3"
|
|
|
|
# Serialization
|
|
serde = { version = "1", features = ["derive"] }
|
|
serde_json = "1"
|
|
serde_yaml = "0.9"
|
|
|
|
# Configuration
|
|
config = "0.14"
|
|
notify = "6"
|
|
|
|
# Logging
|
|
tracing = "0.1"
|
|
tracing-subscriber = { version = "0.3", features = ["env-filter", "json"] }
|
|
tracing-appender = "0.2"
|
|
|
|
# UUID for request IDs and job IDs
|
|
uuid = { version = "1", features = ["v4", "serde"] }
|
|
|
|
# Time/Date
|
|
chrono = { version = "0.4", features = ["serde"] }
|
|
time = "0.3"
|
|
|
|
# Error handling
|
|
thiserror = "1"
|
|
anyhow = "1"
|
|
|
|
# Async channels
|
|
async-channel = "2"
|
|
|
|
# Process management (for package operations)
|
|
sysinfo = "0.30"
|
|
|
|
# Network utilities
|
|
addr = "0.15"
|
|
if-addrs = "0.13"
|
|
|
|
# HTTP client for enrollment communication
|
|
reqwest = { version = "0.12", default-features = false, features = ["json", "rustls-tls"] }
|
|
|
|
# Clap for CLI arguments
|
|
clap = { version = "4", features = ["derive", "env"] }
|
|
|
|
# Systemd integration
|
|
systemd = "0.10"
|
|
pidlock = "0.2"
|
|
|
|
# URL parsing
|
|
url = "2"
|
|
|
|
# Socket options (SO_REUSEADDR)
|
|
socket2 = { version = "0.5", features = ["all"] }
|
|
|
|
# File locking for concurrent-safe whitelist modifications
|
|
fs2 = "0.4"
|
|
|
|
# Atomic swapping for CRL state updates without rebuilding ServerConfig
|
|
arc-swap = "1"
|
|
|
|
# Base64 decoding for PEM CRL parsing
|
|
base64 = "0.22"
|
|
|
|
[dev-dependencies]
|
|
actix-rt = "2"
|
|
tokio-test = "0.4"
|
|
wiremock = "0.6"
|
|
serial_test = "3"
|
|
tempfile = "3"
|
|
rcgen = { version = "0.13", features = ["pem", "x509-parser"] }
|
|
rand = "0.8"
|
|
hex = "0.4"
|
|
time = { version = "0.3", features = ["std"] }
|
|
criterion = { version = "0.5", features = ["html_reports"] }
|
|
|
|
# Integration tests in subdirectories
|
|
[[test]]
|
|
name = "enroll_identity"
|
|
path = "tests/unit/enroll_identity.rs"
|
|
|
|
[[test]]
|
|
name = "enrollment_test"
|
|
path = "tests/integration/enrollment_test.rs"
|
|
|
|
[[test]]
|
|
name = "enrollment_e2e"
|
|
path = "tests/e2e/test_enrollment_e2e.rs"
|
|
|
|
[[test]]
|
|
name = "auth_test"
|
|
path = "tests/integration/auth_test.rs"
|
|
|
|
[[test]]
|
|
name = "rate_limit_test"
|
|
path = "tests/unit/rate_limit_test.rs"
|
|
|
|
[[bench]]
|
|
name = "api_benchmarks"
|
|
harness = false
|
|
|
|
[profile.release]
|
|
lto = true
|
|
codegen-units = 1
|
|
panic = "abort"
|
|
strip = true
|
|
opt-level = 3
|
|
|
|
[profile.dev]
|
|
opt-level = 0
|
|
debug = true
|
|
|
|
[[bin]]
|
|
name = "linux-patch-api"
|
|
path = "src/main.rs"
|