diff options
| author | Markus Pettersson <markus.pettersson@mullvad.net> | 2024-02-14 09:50:06 +0100 |
|---|---|---|
| committer | Markus Pettersson <markus.pettersson@mullvad.net> | 2024-02-15 16:28:38 +0100 |
| commit | 25f0f2ede5cc241741988586cc549d600d34460d (patch) | |
| tree | bb4038e1c3e8d7e9e1e63aa2bd8dadcf5c008c3b /mullvad-api/src | |
| parent | 02c2042bedc65de21847213204651c55c9dd6f6e (diff) | |
| download | mullvadvpn-25f0f2ede5cc241741988586cc549d600d34460d.tar.xz mullvadvpn-25f0f2ede5cc241741988586cc549d600d34460d.zip | |
Add `force_direct` flag to API override
Diffstat (limited to 'mullvad-api/src')
| -rw-r--r-- | mullvad-api/src/lib.rs | 67 |
1 files changed, 46 insertions, 21 deletions
diff --git a/mullvad-api/src/lib.rs b/mullvad-api/src/lib.rs index 17e80b66c0..d714d5ee3f 100644 --- a/mullvad-api/src/lib.rs +++ b/mullvad-api/src/lib.rs @@ -104,6 +104,13 @@ impl<T> Deref for LazyManual<T> { } } +pub mod env { + pub const API_HOST_VAR: &str = "MULLVAD_API_HOST"; + pub const API_ADDR_VAR: &str = "MULLVAD_API_ADDR"; + pub const API_FORCE_DIRECT_VAR: &str = "MULLVAD_API_FORCE_DIRECT"; + pub const DISABLE_TLS_VAR: &str = "MULLVAD_API_DISABLE_TLS"; +} + /// A hostname and socketaddr to reach the Mullvad REST API over. #[derive(Debug)] pub struct ApiEndpoint { @@ -128,6 +135,23 @@ pub struct ApiEndpoint { pub disable_address_cache: bool, #[cfg(feature = "api-override")] pub disable_tls: bool, + #[cfg(feature = "api-override")] + /// Whether bridges/proxies can be used to access the API or not. This is + /// useful primarily for testing purposes. + /// + /// * If `force_direct` is `true`, bridges and proxies will not be used to + /// reach the API. + /// * If `force_direct` is `false`, bridges and proxies can be used to reach the API. + /// + /// # Note + /// + /// By default, `force_direct` will be `true` if the `api-override` feature + /// is enabled. This is supposedely less error prone, as common targets such + /// as Devmole might be unreachable from behind a bridge server. + /// + /// To disable `force_direct`, set the environment variable + /// `MULLVAD_API_FORCE_DIRECT=0` before starting the daemon. + pub force_direct: bool, } impl ApiEndpoint { @@ -135,10 +159,6 @@ impl ApiEndpoint { const API_IP_DEFAULT: IpAddr = IpAddr::V4(Ipv4Addr::new(45, 83, 223, 196)); const API_PORT_DEFAULT: u16 = 443; - const API_HOST_VAR: &'static str = "MULLVAD_API_HOST"; - const API_ADDR_VAR: &'static str = "MULLVAD_API_ADDR"; - const DISABLE_TLS_VAR: &'static str = "MULLVAD_API_DISABLE_TLS"; - /// Returns the endpoint to connect to the API over. /// /// # Panics @@ -147,15 +167,19 @@ impl ApiEndpoint { /// `MULLVAD_API_DISABLE_TLS` has invalid contents. #[cfg(feature = "api-override")] pub fn from_env_vars() -> ApiEndpoint { - let host_var = Self::read_var(ApiEndpoint::API_HOST_VAR); - let address_var = Self::read_var(ApiEndpoint::API_ADDR_VAR); - let disable_tls_var = Self::read_var(ApiEndpoint::DISABLE_TLS_VAR); + let host_var = Self::read_var(env::API_HOST_VAR); + let address_var = Self::read_var(env::API_ADDR_VAR); + let disable_tls_var = Self::read_var(env::DISABLE_TLS_VAR); + let force_direct = Self::read_var(env::API_FORCE_DIRECT_VAR); let mut api = ApiEndpoint { host: None, address: None, disable_address_cache: true, disable_tls: false, + force_direct: force_direct + .map(|force_direct_env| force_direct_env.to_lowercase() != "0") + .unwrap_or(true), }; match (host_var, address_var) { @@ -164,8 +188,8 @@ impl ApiEndpoint { use std::net::ToSocketAddrs; log::debug!( "{api_addr} not found. Resolving API IP address from {api_host}={host}", - api_addr = ApiEndpoint::API_ADDR_VAR, - api_host = ApiEndpoint::API_HOST_VAR + api_addr = env::API_ADDR_VAR, + api_host = env::API_HOST_VAR ); api.address = format!("{}:{}", host, ApiEndpoint::API_PORT_DEFAULT) .to_socket_addrs() @@ -181,7 +205,7 @@ impl ApiEndpoint { let addr = address.parse().unwrap_or_else(|_| { panic!( "{api_addr}={address} is not a valid socketaddr", - api_addr = ApiEndpoint::API_ADDR_VAR, + api_addr = env::API_ADDR_VAR, ) }); api.address = Some(addr); @@ -193,9 +217,9 @@ impl ApiEndpoint { if disable_tls_var.is_some() { log::warn!( "{disable_tls} is ignored since {api_host} and {api_addr} are not set", - disable_tls = ApiEndpoint::DISABLE_TLS_VAR, - api_host = ApiEndpoint::API_HOST_VAR, - api_addr = ApiEndpoint::API_ADDR_VAR, + disable_tls = env::DISABLE_TLS_VAR, + api_host = env::API_HOST_VAR, + api_addr = env::API_ADDR_VAR, ); } } else { @@ -226,16 +250,17 @@ impl ApiEndpoint { /// `MULLVAD_API_DISABLE_TLS` has invalid contents. #[cfg(not(feature = "api-override"))] pub fn from_env_vars() -> ApiEndpoint { - let host_var = Self::read_var(ApiEndpoint::API_HOST_VAR); - let address_var = Self::read_var(ApiEndpoint::API_ADDR_VAR); - let disable_tls_var = Self::read_var(ApiEndpoint::DISABLE_TLS_VAR); + let env_vars = [ + env::API_HOST_VAR, + env::API_ADDR_VAR, + env::DISABLE_TLS_VAR, + env::API_FORCE_DIRECT_VAR, + ]; - if host_var.is_some() || address_var.is_some() || disable_tls_var.is_some() { + if env_vars.map(Self::read_var).iter().any(Option::is_some) { log::warn!( - "These variables are ignored in production builds: {api_host}, {api_addr}, {disable_tls}", - api_host = ApiEndpoint::API_HOST_VAR, - api_addr = ApiEndpoint::API_ADDR_VAR, - disable_tls = ApiEndpoint::DISABLE_TLS_VAR + "These variables are ignored in production builds: {env_vars_pretty}", + env_vars_pretty = env_vars.join(", ") ); } |