mirror of
https://github.com/astral-sh/uv.git
synced 2025-08-04 02:48:17 +00:00
Support for wildcard in UV_INSECURE_HOST (#8052)
Allow '*' as a value to match all hosts, and provide `reqwest_blocking_get` for uv tests, so that they also respect UV_INSECURE_HOST (since they respect `ALL_PROXY`). This lets those tests pass with a forward proxy - we can think about setting a root certificate later so that we don't need to disable certificate verification at all. --- I tested this locally by running: ```bash GIT_SSL_NO_VERIFY=true ALL_PROXY=localhost:8080 UV_INSECURE_HOST="*" cargo nextest run sync_wheel_path_source_error ``` With my forward proxy showing: ``` 2024-10-09T18:20:16.300188Z INFO fopro: Proxied GETcc2fedbd88/cffi-1.17.1-cp310-cp310-macosx_11_0_arm64.whl(headers 480.024958ms + body 92.345666ms) 2024-10-09T18:20:16.913298Z INFO fopro: Proxied GET https://pypi.org/simple/pycparser/ (headers 509.664834ms + body 269.291µs) 2024-10-09T18:20:17.383975Z INFO fopro: Proxied GET5f610ebe42/pycparser-2.21-py2.py3-none-any.whl.metadata(headers 443.184208ms + body 2.094792ms) ```
This commit is contained in:
Amos Wenger
GitHub
parent
9351652e32
commit
a3b11dacb8
8 changed files with 137 additions and 81 deletions
|
|
@ -2,34 +2,39 @@ use serde::{Deserialize, Deserializer};
|
|||
use std::str::FromStr;
|
||||
use url::Url;
|
||||
|
||||
/// A trusted host, which could be a host or a host-port pair.
|
||||
/// A host specification (wildcard, or host, with optional scheme and/or port) for which
|
||||
/// certificates are not verified when making HTTPS requests.
|
||||
#[derive(Debug, Clone, PartialEq, Eq)]
|
||||
pub struct TrustedHost {
|
||||
scheme: Option<String>,
|
||||
host: String,
|
||||
port: Option<u16>,
|
||||
pub enum TrustedHost {
|
||||
Wildcard,
|
||||
Host {
|
||||
scheme: Option<String>,
|
||||
host: String,
|
||||
port: Option<u16>,
|
||||
},
|
||||
}
|
||||
|
||||
impl TrustedHost {
|
||||
/// Returns `true` if the [`Url`] matches this trusted host.
|
||||
pub fn matches(&self, url: &Url) -> bool {
|
||||
if self
|
||||
.scheme
|
||||
.as_ref()
|
||||
.is_some_and(|scheme| scheme != url.scheme())
|
||||
{
|
||||
return false;
|
||||
}
|
||||
match self {
|
||||
TrustedHost::Wildcard => true,
|
||||
TrustedHost::Host { scheme, host, port } => {
|
||||
if scheme.as_ref().is_some_and(|scheme| scheme != url.scheme()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if self.port.is_some_and(|port| url.port() != Some(port)) {
|
||||
return false;
|
||||
}
|
||||
if port.is_some_and(|port| url.port() != Some(port)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if Some(self.host.as_ref()) != url.host_str() {
|
||||
return false;
|
||||
}
|
||||
if Some(host.as_str()) != url.host_str() {
|
||||
return false;
|
||||
}
|
||||
|
||||
true
|
||||
true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -48,7 +53,7 @@ impl<'de> Deserialize<'de> for TrustedHost {
|
|||
serde_untagged::UntaggedEnumVisitor::new()
|
||||
.string(|string| TrustedHost::from_str(string).map_err(serde::de::Error::custom))
|
||||
.map(|map| {
|
||||
map.deserialize::<Inner>().map(|inner| TrustedHost {
|
||||
map.deserialize::<Inner>().map(|inner| TrustedHost::Host {
|
||||
scheme: inner.scheme,
|
||||
host: inner.host,
|
||||
port: inner.port,
|
||||
|
|
@ -80,6 +85,10 @@ impl std::str::FromStr for TrustedHost {
|
|||
type Err = TrustedHostError;
|
||||
|
||||
fn from_str(s: &str) -> Result<Self, Self::Err> {
|
||||
if s == "*" {
|
||||
return Ok(Self::Wildcard);
|
||||
}
|
||||
|
||||
// Detect scheme.
|
||||
let (scheme, s) = if let Some(s) = s.strip_prefix("https://") {
|
||||
(Some("https".to_string()), s)
|
||||
|
|
@ -105,20 +114,27 @@ impl std::str::FromStr for TrustedHost {
|
|||
.transpose()
|
||||
.map_err(|_| TrustedHostError::InvalidPort(s.to_string()))?;
|
||||
|
||||
Ok(Self { scheme, host, port })
|
||||
Ok(Self::Host { scheme, host, port })
|
||||
}
|
||||
}
|
||||
|
||||
impl std::fmt::Display for TrustedHost {
|
||||
fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
|
||||
if let Some(scheme) = &self.scheme {
|
||||
write!(f, "{}://{}", scheme, self.host)?;
|
||||
} else {
|
||||
write!(f, "{}", self.host)?;
|
||||
}
|
||||
match self {
|
||||
TrustedHost::Wildcard => {
|
||||
write!(f, "*")?;
|
||||
}
|
||||
TrustedHost::Host { scheme, host, port } => {
|
||||
if let Some(scheme) = &scheme {
|
||||
write!(f, "{scheme}://{host}")?;
|
||||
} else {
|
||||
write!(f, "{host}")?;
|
||||
}
|
||||
|
||||
if let Some(port) = self.port {
|
||||
write!(f, ":{port}")?;
|
||||
if let Some(port) = port {
|
||||
write!(f, ":{port}")?;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Ok(())
|
||||
|
|
|
|||
|
|
@ -1,8 +1,13 @@
|
|||
#[test]
|
||||
fn parse() {
|
||||
assert_eq!(
|
||||
"*".parse::<super::TrustedHost>().unwrap(),
|
||||
super::TrustedHost::Wildcard
|
||||
);
|
||||
|
||||
assert_eq!(
|
||||
"example.com".parse::<super::TrustedHost>().unwrap(),
|
||||
super::TrustedHost {
|
||||
super::TrustedHost::Host {
|
||||
scheme: None,
|
||||
host: "example.com".to_string(),
|
||||
port: None
|
||||
|
|
@ -11,7 +16,7 @@ fn parse() {
|
|||
|
||||
assert_eq!(
|
||||
"example.com:8080".parse::<super::TrustedHost>().unwrap(),
|
||||
super::TrustedHost {
|
||||
super::TrustedHost::Host {
|
||||
scheme: None,
|
||||
host: "example.com".to_string(),
|
||||
port: Some(8080)
|
||||
|
|
@ -20,7 +25,7 @@ fn parse() {
|
|||
|
||||
assert_eq!(
|
||||
"https://example.com".parse::<super::TrustedHost>().unwrap(),
|
||||
super::TrustedHost {
|
||||
super::TrustedHost::Host {
|
||||
scheme: Some("https".to_string()),
|
||||
host: "example.com".to_string(),
|
||||
port: None
|
||||
|
|
@ -31,7 +36,7 @@ fn parse() {
|
|||
"https://example.com/hello/world"
|
||||
.parse::<super::TrustedHost>()
|
||||
.unwrap(),
|
||||
super::TrustedHost {
|
||||
super::TrustedHost::Host {
|
||||
scheme: Some("https".to_string()),
|
||||
host: "example.com".to_string(),
|
||||
port: None
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue