#![deny(missing_docs)]
+// const_slice_from_raw_parts was stabilized in 1.64, however we support building on 1.63 as well.
+// Luckily, it seems to work fine in 1.63 with the feature flag (and RUSTC_BOOTSTRAP=1) enabled.
+#![cfg_attr(all(feature = "validation", rust_1_63), feature(const_slice_from_raw_parts))]
+
+#![allow(clippy::new_without_default)] // why is this even a lint
+#![allow(clippy::result_unit_err)] // Why in the hell is this a lint?
+#![allow(clippy::get_first)] // Sometimes this improves readability
+#![allow(clippy::needless_lifetimes)] // lifetimes improve readability
+#![allow(clippy::needless_borrow)] // borrows indicate read-only/non-move
+#![allow(clippy::too_many_arguments)] // sometimes we don't have an option
+#![allow(clippy::identity_op)] // sometimes identities improve readability for repeated actions
+#![allow(clippy::erasing_op)] // sometimes identities improve readability for repeated actions
+
extern crate alloc;
+/// The maximum number of requests we will make when building a proof or the maximum number of
+/// [`rr::RRSig`] sets we'll validate records from when validating proofs.
+// Note that this is duplicated exactly in src/lib.rs
+pub const MAX_PROOF_STEPS: usize = 20;
+
pub mod rr;
pub mod ser;
pub mod query;
+#[cfg(feature = "validation")]
+mod base32;
+#[cfg(feature = "validation")]
+mod crypto;
#[cfg(feature = "validation")]
pub mod validation;
imp::run_server(listener, resolver_sockaddr).await;
}
+#[cfg(not(feature = "build_server"))]
+fn main() { panic!("You need to enable the `build_server` feature to use the built-in server"); }
+
#[cfg(any(feature = "build_server", all(feature = "tokio", feature = "validation")))]
mod imp {
use super::*;
"AAAA" => build_aaaa_proof_async(resolver_sockaddr, &query_name).await,
_ => break 'ret_err,
};
- let proof = if let Ok(proof) = proof_res { proof } else {
+ let (proof, cache_ttl) = if let Ok(proof) = proof_res { proof } else {
response = ("404 Not Found", "Failed to generate proof for given domain");
break 'ret_err;
};
let _ = socket.write_all(
- format!("HTTP/1.1 200 OK\r\nContent-Length: {}\r\n\r\n", proof.len()).as_bytes()
+ format!(
+ "HTTP/1.1 200 OK\r\nContent-Length: {}\r\nContent-Type: application/octet-stream\r\nCache-Control: public, max-age={}, s-maxage={}\r\nAccess-Control-Allow-Origin: *\r\n\r\n",
+ proof.len(), cache_ttl, cache_ttl
+ ).as_bytes()
).await;
let _ = socket.write_all(&proof).await;
return;
}
let _ = socket.write_all(format!(
- "HTTP/1.1 {}\r\nContent-Length: {}\r\nContent-Type: text/plain\r\n\r\n{}",
+ "HTTP/1.1 {}\r\nContent-Length: {}\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\n\r\n{}",
response.0, response.1.len(), response.1,
).as_bytes()).await;
});
mod test {
use super::*;
- use crate::validation::{parse_rr_stream, verify_rr_stream};
+ use crate::ser::parse_rr_stream;
+ use crate::validation::verify_rr_stream;
use minreq;
#[tokio::test(flavor = "multi_thread", worker_threads = 1)]
async fn test_lookup_a() {
- let ns = "4.4.4.4:53".parse().unwrap();
+ let ns = "9.9.9.9:53".parse().unwrap();
let listener = tokio::net::TcpListener::bind("127.0.0.1:17493").await
.expect("Failed to bind to socket");
tokio::spawn(imp::run_server(listener, ns));
assert_eq!(resp.status_code, 200);
let rrs = parse_rr_stream(resp.as_bytes()).unwrap();
let verified_rrs = verify_rr_stream(&rrs).unwrap();
- assert_eq!(verified_rrs.verified_rrs.len(), 1);
+ assert!(verified_rrs.verified_rrs.len() >= 1);
}
#[tokio::test(flavor = "multi_thread", worker_threads = 1)]
projects / dnssec-prover / blobdiff