-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathCargo.toml
More file actions
139 lines (117 loc) · 5.44 KB
/
Cargo.toml
File metadata and controls
139 lines (117 loc) · 5.44 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
[package]
name = "rusthost"
version = "1.3.1"
edition = "2021"
# Bumped from 1.86 → 1.90 to match the highest MSRV in the transitive dep tree:
# arti-client 0.40 and most tor-* crates require 1.89
# typed-index-collections 3.5 (via tor-netdir) requires 1.90
rust-version = "1.90"
description = "Single-binary, zero-setup static site hosting appliance with Tor support"
license = "MIT"
authors = []
[lib]
name = "rusthost"
path = "src/lib.rs"
[[bin]]
name = "rusthost-cli"
path = "src/main.rs"
# ─── Lint configuration ───────────────────────────────────────────────────────
# clippy::all — every lint in the default set (correctness + style + perf)
# clippy::pedantic — stricter style + API lints; individual allows used where
# the rule conflicts with the module's documented design
# (e.g. too_many_arguments for the HTTP write_* stack which
# must mirror the HTTP/1.1 wire format).
[lints.rust]
unsafe_code = "forbid"
[lints.clippy]
all = { level = "deny", priority = -1 }
pedantic = { level = "deny", priority = -1 }
# nursery lints warn but do not gate CI; they surface improvement candidates.
nursery = { level = "warn", priority = -1 }
[dependencies]
rustls-pemfile = "2" # PEM parsing — used in mod.rs
x509-cert = "0.2" # cert expiry parsing — used in self_signed.rs
pem-rfc7468 = "0.7" # PEM decode for the expiry check
time = "0.3" # OffsetDateTime for rcgen cert params
# Phase 6 — TLS / HTTPS support
tokio-rustls = { version = "0.26", default-features = false, features = ["ring", "logging", "tls12"] }
tokio-util = { version = "0.7", features = ["compat", "io"] } # futures-io ↔ tokio-io compatibility bridge
rustls = { version = "0.23", features = ["ring"] } # rustls TLS implementation
rustls-acme = { version = "0.15", default-features = false, features = ["tokio", "ring"] } # ACME / Let's Encrypt automation
webpki-roots = "0.26" # Mozilla root store for ACME client TLS
rcgen = "0.13" # self-signed dev cert generation
tokio = { version = "1", features = [
"rt-multi-thread",
"net",
"io-util",
"fs",
"sync",
"time",
"macros",
"signal",
] }
# default-features = false removes the implicit "native-tls" default that
# would otherwise pull in openssl-sys and break cross-compilation.
arti-client = { version = "0.40", default-features = false, features = [
"tokio",
"rustls",
"onion-service-service",
] }
tor-hsservice = { version = "0.40", default-features = false }
tor-cell = { version = "0.40", default-features = false }
futures = "0.3"
# Terminal auto-launcher (Phase 0): TTY detection uses std::io::IsTerminal
# (stable since Rust 1.70; this project's MSRV is 1.90) — no additional crate
# required. The previously used `atty` crate has been removed: it carried a
# memory-safety vulnerability on Windows (RUSTSEC-2021-0145) and was
# unmaintained. `anyhow` is retained for use in other modules.
anyhow = "1"
sha3 = "0.10"
data-encoding = "2"
thiserror = "2"
serde = { version = "1", features = ["derive"] }
toml = "0.8"
log = "0.4"
crossterm = "0.28"
chrono = { version = "0.4", features = ["clock"] }
# OS error codes used in the accept-loop backoff to distinguish EMFILE/ENFILE
# (resource exhaustion → log error) from transient errors (log debug).
libc = "0.2"
# Force rusqlite's bundled SQLite for cross-compilation targets.
# arti-client pulls rusqlite transitively; declaring it here unifies the feature
# across the whole dep tree so cross-compiling to Linux/Windows works without a
# system sqlite3 library present on the host Mac.
rusqlite = { version = "*", features = ["bundled"] }
# Per-IP connection tracking for rate limiting (Phase 2 — C-4).
# DashMap is a concurrent hash map with fine-grained shard locking; it avoids
# the single global Mutex that would serialise every accept() call.
dashmap = "6"
# Phase 5 (M-8) — replace hand-rolled percent_decode with the audited upstream crate.
# The crate handles incomplete escape sequences and non-ASCII bytes correctly;
# the wrapper adds only the null-byte guard specific to filesystem path use.
percent-encoding = "2"
# Phase 3 (C-1, H-8, H-9, H-13) — HTTP/1.1 keep-alive, ETag, Range, compression.
# hyper provides a correct HTTP/1.1 connection loop with keep-alive; replacing
# the hand-rolled single-shot parser eliminates the 30-45 s Tor page-load
# penalty caused by Connection: close on every response.
hyper = { version = "1", features = ["http1", "server"] }
hyper-util = { version = "0.1", features = ["tokio"] }
http-body-util = "0.1"
bytes = "1"
httpdate = "1"
# async-compression provides Brotli and Gzip stream encoders. Brotli gives
# significantly better compression ratios than Gzip, which matters a lot for
# Tor users who pay per-byte in latency.
async-compression = { version = "0.4", features = ["tokio", "brotli", "gzip"] }
[dev-dependencies]
tempfile = "3"
[profile.dev.package."*"]
opt-level = 1 # dependency builds: faster compile, smaller debug symbols
[profile.dev]
opt-level = 0
debug = true
[profile.release]
opt-level = 3
lto = true
strip = true
codegen-units = 1 # maximum optimisation; slower link but smaller/faster binary