diff --git a/src/config/rt/build.rs b/src/config/rt/build.rs index 228c0a4e..ab17912d 100644 --- a/src/config/rt/build.rs +++ b/src/config/rt/build.rs @@ -1,9 +1,12 @@ use super::{super::STAGE_DIR, RtcBuilder}; -use crate::config::{ - models::{Configuration, Hook, Tools}, - rt::{CoreOptions, RtcCore}, - types::{BaseUrl, Minify}, - Hooks, +use crate::{ + config::{ + models::{Configuration, Hook, Tools}, + rt::{CoreOptions, RtcCore}, + types::{BaseUrl, Minify}, + Hooks, + }, + tools::HttpClientOptions, }; use anyhow::{ensure, Context}; use std::{collections::HashMap, ops::Deref, path::PathBuf}; @@ -70,10 +73,12 @@ pub struct RtcBuild { /// `pattern_script` and `pattern_preload`. pub pattern_params: HashMap, /// Optional root certificate chain for use when downloading dependencies. + #[cfg(any(feature = "native-tls", feature = "rustls"))] pub root_certificate: Option, /// Sets if reqwest is allowed to ignore certificate validation errors (defaults to false). /// /// **WARNING**: Setting this to true can make you vulnerable to man-in-the-middle attacks. Sometimes this is necessary when working behind corporate proxies. + #[cfg(any(feature = "native-tls", feature = "rustls"))] pub accept_invalid_certs: bool, /// Control minification pub minify: Minify, @@ -191,7 +196,9 @@ impl RtcBuild { offline: build.offline, frozen: build.frozen, locked: build.locked, + #[cfg(any(feature = "native-tls", feature = "rustls"))] root_certificate: build.root_certificate.map(PathBuf::from), + #[cfg(any(feature = "native-tls", feature = "rustls"))] accept_invalid_certs: build.accept_invalid_certs, minify: build.minify, no_sri: build.no_sri, @@ -251,6 +258,16 @@ impl RtcBuild { (Minify::Always, _) => true, } } + + /// Build [`HttpClientOptions`] options form configuration. + pub fn client_options(&self) -> HttpClientOptions { + HttpClientOptions { + #[cfg(any(feature = "native-tls", feature = "rustls"))] + root_certificate: self.root_certificate.clone(), + #[cfg(any(feature = "native-tls", feature = "rustls"))] + accept_invalid_certificates: self.accept_invalid_certs, + } + } } impl RtcBuilder for RtcBuild { diff --git a/src/pipelines/rust/mod.rs b/src/pipelines/rust/mod.rs index 348c3f3e..3224f5ad 100644 --- a/src/pipelines/rust/mod.rs +++ b/src/pipelines/rust/mod.rs @@ -517,10 +517,7 @@ impl RustApp { Application::WasmBindgen, version.as_deref(), self.cfg.offline, - &tools::HttpClientOptions { - root_certificate: self.cfg.root_certificate.clone(), - accept_invalid_certificates: self.cfg.accept_invalid_certs, - }, + &self.cfg.client_options(), ) .await?; @@ -872,10 +869,7 @@ impl RustApp { Application::WasmOpt, version, self.cfg.offline, - &tools::HttpClientOptions { - root_certificate: self.cfg.root_certificate.clone(), - accept_invalid_certificates: self.cfg.accept_invalid_certs, - }, + &self.cfg.client_options(), ) .await?; diff --git a/src/pipelines/sass.rs b/src/pipelines/sass.rs index c9fa24a1..8fb8ea9e 100644 --- a/src/pipelines/sass.rs +++ b/src/pipelines/sass.rs @@ -83,10 +83,7 @@ impl Sass { Application::Sass, version, self.cfg.offline, - &tools::HttpClientOptions { - root_certificate: self.cfg.root_certificate.clone(), - accept_invalid_certificates: self.cfg.accept_invalid_certs, - }, + &self.cfg.client_options(), ) .await?; diff --git a/src/pipelines/tailwind_css.rs b/src/pipelines/tailwind_css.rs index 728376e8..c8c0340f 100644 --- a/src/pipelines/tailwind_css.rs +++ b/src/pipelines/tailwind_css.rs @@ -82,10 +82,7 @@ impl TailwindCss { Application::TailwindCss, version, self.cfg.offline, - &tools::HttpClientOptions { - root_certificate: self.cfg.root_certificate.clone(), - accept_invalid_certificates: self.cfg.accept_invalid_certs, - }, + &self.cfg.client_options(), ) .await?; diff --git a/src/serve/mod.rs b/src/serve/mod.rs index 33101cee..8a4bd34e 100644 --- a/src/serve/mod.rs +++ b/src/serve/mod.rs @@ -283,32 +283,36 @@ async fn run_server( let router = router.clone(); let shutdown_handle = shutdown_handle.clone(); match &tls { - Some(tls) => match tls.clone() { - #[cfg(feature = "rustls")] - TlsConfig::Rustls { config } => { - tasks.push( - async move { - axum_server::bind_rustls(addr, config) - .handle(shutdown_handle) - .serve(router.into_make_service()) - .await - } - .boxed(), - ); - } - #[cfg(feature = "native-tls")] - TlsConfig::Native { config } => { - tasks.push( - async move { - axum_server::bind_openssl(addr, config) - .handle(shutdown_handle) - .serve(router.into_make_service()) - .await - } - .boxed(), - ); + Some(tls) => + { + #[allow(unreachable_code)] + match tls.clone() { + #[cfg(feature = "rustls")] + TlsConfig::Rustls { config } => { + tasks.push( + async move { + axum_server::bind_rustls(addr, config) + .handle(shutdown_handle) + .serve(router.into_make_service()) + .await + } + .boxed(), + ); + } + #[cfg(feature = "native-tls")] + TlsConfig::Native { config } => { + tasks.push( + async move { + axum_server::bind_openssl(addr, config) + .handle(shutdown_handle) + .serve(router.into_make_service()) + .await + } + .boxed(), + ); + } } - }, + } None => tasks.push( async move { diff --git a/src/tools.rs b/src/tools.rs index f194df3e..0974148b 100644 --- a/src/tools.rs +++ b/src/tools.rs @@ -33,10 +33,12 @@ pub struct HttpClientOptions { /// Use this specific root certificate to validate the certificate chain. Optional. /// /// Useful when behind a corporate proxy that uses a self-signed root certificate. + #[cfg(any(feature = "native-tls", feature = "rustls"))] pub root_certificate: Option, /// Allows Trunk to accept certificates that can't be verified when fetching dependencies. Defaults to false. /// /// **WARNING**: This is inherently unsafe and can open you up to Man-in-the-middle attacks. But sometimes it is required when working behind corporate proxies. + #[cfg(any(feature = "native-tls", feature = "rustls"))] pub accept_invalid_certificates: bool, } @@ -350,6 +352,7 @@ async fn download( ) -> Result { tracing::info!(version = version, "downloading {}", app.name()); + #[cfg(any(feature = "native-tls", feature = "rustls"))] if client_options.accept_invalid_certificates { tracing::warn!( "Accept Invalid Certificates is set to true. This can open you up to MITM attacks." @@ -458,7 +461,9 @@ pub async fn cache_dir() -> Result { Ok(path) } -async fn get_http_client(client_options: &HttpClientOptions) -> Result { +async fn get_http_client( + #[allow(unused_variables)] client_options: &HttpClientOptions, +) -> Result { let builder = reqwest::ClientBuilder::new(); #[cfg(any(feature = "native-tls", feature = "rustls"))]