diff --git a/Cargo.lock b/Cargo.lock index ef6a5d6e..a77db2e7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -311,9 +311,9 @@ checksum = "d71b6127be86fdcfddb610f7182ac57211d4b18a3e9c82eb2d17662f2227ad6a" [[package]] name = "cc" -version = "1.2.36" +version = "1.2.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5252b3d2648e5eedbc1a6f501e3c795e07025c1e93bbf8bbdd6eef7f447a6d54" +checksum = "65193589c6404eb80b450d618eaf9a2cafaaafd57ecce47370519ef674a7bd44" dependencies = [ "find-msvc-tools", "jobserver", @@ -853,7 +853,7 @@ dependencies = [ "js-sys", "libc", "r-efi", - "wasi 0.14.5+wasi-0.2.4", + "wasi 0.14.7+wasi-0.2.4", "wasm-bindgen", ] @@ -1089,9 +1089,9 @@ dependencies = [ [[package]] name = "hyper-util" -version = "0.1.16" +version = "0.1.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8d9b05277c7e8da2c93a568989bb6207bef0112e8d17df7a6eda4a3cf143bc5e" +checksum = "3c6995591a8f1380fcb4ba966a252a4b29188d51d2b89e3a252f5305be65aea8" dependencies = [ "bytes", "futures-channel", @@ -1223,9 +1223,9 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.11.1" +version = "2.11.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "206a8042aec68fa4a62e8d3f7aa4ceb508177d9324faf261e1959e495b7a1921" +checksum = "92119844f513ffa41556430369ab02c295a3578af21cf945caa3e9e0c2481ac3" dependencies = [ "equivalent", "hashbrown 0.15.5", @@ -1284,9 +1284,9 @@ dependencies = [ [[package]] name = "js-sys" -version = "0.3.78" +version = "0.3.79" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c0b063578492ceec17683ef2f8c5e89121fbd0b172cbc280635ab7567db2738" +checksum = "6247da8b8658ad4e73a186e747fcc5fc2a29f979d6fe6269127fdb5fd08298d0" dependencies = [ "once_cell", "wasm-bindgen", @@ -1674,9 +1674,9 @@ checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c" [[package]] name = "plist" -version = "1.7.4" +version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3af6b589e163c5a788fab00ce0c0366f6efbb9959c2f9874b224936af7fce7e1" +checksum = "740ebea15c5d1428f910cd1a5f52cebf8d25006245ed8ade92702f4943d91e07" dependencies = [ "base64", "indexmap", @@ -2077,9 +2077,9 @@ dependencies = [ [[package]] name = "rustls-webpki" -version = "0.103.4" +version = "0.103.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0a17884ae0c1b773f1ccd2bd4a8c72f16da897310a98b0e84bf349ad5ead92fc" +checksum = "8572f3c2cb9934231157b45499fc41e1f58c589fdfb81a844ba873265e80f8eb" dependencies = [ "ring", "rustls-pki-types", @@ -2147,27 +2147,38 @@ dependencies = [ [[package]] name = "semver" -version = "1.0.26" +version = "1.0.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "56e6fa9c48d24d85fb3de5ad847117517440f6beceb7798af16b4a87d616b8d0" +checksum = "d767eb0aabc880b29956c35734170f26ed551a859dbd361d140cdbeca61ab1e2" dependencies = [ "serde", + "serde_core", ] [[package]] name = "serde" -version = "1.0.219" +version = "1.0.225" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fd6c24dee235d0da097043389623fb913daddf92c76e9f5a1db88607a0bcbd1d" +dependencies = [ + "serde_core", + "serde_derive", +] + +[[package]] +name = "serde_core" +version = "1.0.225" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6" +checksum = "659356f9a0cb1e529b24c01e43ad2bdf520ec4ceaf83047b83ddcc2251f96383" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.219" +version = "1.0.225" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00" +checksum = "0ea936adf78b1f766949a4977b91d2f5595825bd6ec079aa9543ad2685fc4516" dependencies = [ "proc-macro2", "quote", @@ -2176,33 +2187,35 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.143" +version = "1.0.145" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d401abef1d108fbd9cbaebc3e46611f4b1021f714a0597a71f41ee463f5f4a5a" +checksum = "402a6f66d8c709116cf22f558eab210f5a50187f702eb4d7e5ef38d9a7f1c79c" dependencies = [ "itoa", "memchr", "ryu", "serde", + "serde_core", ] [[package]] name = "serde_path_to_error" -version = "0.1.17" +version = "0.1.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "59fab13f937fa393d08645bf3a84bdfe86e296747b506ada67bb15f10f218b2a" +checksum = "10a9ff822e371bb5403e391ecd83e182e0e77ba7f6fe0160b795797109d1b457" dependencies = [ "itoa", "serde", + "serde_core", ] [[package]] name = "serde_spanned" -version = "1.0.0" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "40734c41988f7306bb04f0ecf60ec0f3f1caa34290e4e8ea471dcd3346483b83" +checksum = "2789234a13a53fc4be1b51ea1bab45a3c338bdb884862a257d10e5a74ae009e6" dependencies = [ - "serde", + "serde_core", ] [[package]] @@ -2554,11 +2567,11 @@ dependencies = [ [[package]] name = "toml" -version = "0.9.5" +version = "0.9.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "75129e1dc5000bfbaa9fee9d1b21f974f9fbad9daec557a521ee6e080825f6e8" +checksum = "ae2a4cf385da23d1d53bc15cdfa5c2109e93d8d362393c801e87da2f72f0e201" dependencies = [ - "serde", + "serde_core", "serde_spanned", "toml_datetime", "toml_parser", @@ -2567,11 +2580,11 @@ dependencies = [ [[package]] name = "toml_datetime" -version = "0.7.0" +version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bade1c3e902f58d73d3f294cd7f20391c1cb2fbcb643b73566bc773971df91e3" +checksum = "a197c0ec7d131bfc6f7e82c8442ba1595aeab35da7adbf05b6b73cd06a16b6be" dependencies = [ - "serde", + "serde_core", ] [[package]] @@ -2961,27 +2974,27 @@ checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b" [[package]] name = "wasi" -version = "0.14.5+wasi-0.2.4" +version = "0.14.7+wasi-0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4494f6290a82f5fe584817a676a34b9d6763e8d9d18204009fb31dceca98fd4" +checksum = "883478de20367e224c0090af9cf5f9fa85bed63a95c1abf3afc5c083ebc06e8c" dependencies = [ "wasip2", ] [[package]] name = "wasip2" -version = "1.0.0+wasi-0.2.4" +version = "1.0.1+wasi-0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "03fa2761397e5bd52002cd7e73110c71af2109aca4e521a9f40473fe685b0a24" +checksum = "0562428422c63773dad2c345a1882263bbf4d65cf3f42e90921f787ef5ad58e7" dependencies = [ "wit-bindgen", ] [[package]] name = "wasm-bindgen" -version = "0.2.101" +version = "0.2.102" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7e14915cadd45b529bb8d1f343c4ed0ac1de926144b746e2710f9cd05df6603b" +checksum = "4ad224d2776649cfb4f4471124f8176e54c1cca67a88108e30a0cd98b90e7ad3" dependencies = [ "cfg-if", "once_cell", @@ -2991,9 +3004,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-backend" -version = "0.2.101" +version = "0.2.102" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e28d1ba982ca7923fd01448d5c30c6864d0a14109560296a162f80f305fb93bb" +checksum = "3a1364104bdcd3c03f22b16a3b1c9620891469f5e9f09bc38b2db121e593e732" dependencies = [ "bumpalo", "log", @@ -3005,9 +3018,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.101" +version = "0.2.102" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7c3d463ae3eff775b0c45df9da45d68837702ac35af998361e2c84e7c5ec1b0d" +checksum = "0d7ab4ca3e367bb1ed84ddbd83cc6e41e115f8337ed047239578210214e36c76" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -3015,9 +3028,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.101" +version = "0.2.102" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7bb4ce89b08211f923caf51d527662b75bdc9c9c7aab40f86dcb9fb85ac552aa" +checksum = "4a518014843a19e2dbbd0ed5dfb6b99b23fb886b14e6192a00803a3e14c552b0" dependencies = [ "proc-macro2", "quote", @@ -3028,18 +3041,18 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.101" +version = "0.2.102" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f143854a3b13752c6950862c906306adb27c7e839f7414cec8fea35beab624c1" +checksum = "255eb0aa4cc2eea3662a00c2bbd66e93911b7361d5e0fcd62385acfd7e15dcee" dependencies = [ "unicode-ident", ] [[package]] name = "web-sys" -version = "0.3.78" +version = "0.3.79" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77e4b637749ff0d92b8fad63aa1f7cff3cbe125fd49c175cd6345e7272638b12" +checksum = "50462a022f46851b81d5441d1a6f5bac0b21a1d72d64bd4906fbdd4bf7230ec7" dependencies = [ "js-sys", "wasm-bindgen", @@ -3283,9 +3296,9 @@ checksum = "21a0236b59786fed61e2a80582dd500fe61f18b5dca67a4a067d0bc9039339cf" [[package]] name = "wit-bindgen" -version = "0.45.1" +version = "0.46.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c573471f125075647d03df72e026074b7203790d41351cd6edc96f46bcccd36" +checksum = "f17a85883d4e6d00e8a97c586de764dabcc06133f7f1d55dce5cdc070ad7fe59" [[package]] name = "writeable" diff --git a/build.rs b/build.rs index 28a7705c..18bca343 100644 --- a/build.rs +++ b/build.rs @@ -6,6 +6,22 @@ fn main() -> Result<(), Box> { Emitter::default().add_instructions(&git2)?.emit()?; tonic_prost_build::configure() + // These types contain sensitive data. + .skip_debug([ + "ActivateUserRequest", + "AuthInfoResponse", + "AuthenticateRequest", + "AuthenticateResponse", + "ClientMfaFinishResponse", + "CodeMfaSetupStartResponse", + "CodeMfaSetupFinishResponse", + "CoreRequest", + "CoreResponse", + "DeviceConfigResponse", + "InstanceInfoResponse", + "NewDevice", + "PasswordResetRequest", + ]) // Enable optional fields. .protoc_arg("--experimental_allow_proto3_optional") // Make all messages serde-serializable. diff --git a/src/enterprise/handlers/desktop_client_mfa.rs b/src/enterprise/handlers/desktop_client_mfa.rs index 91ef58e4..e4e98faa 100644 --- a/src/enterprise/handlers/desktop_client_mfa.rs +++ b/src/enterprise/handlers/desktop_client_mfa.rs @@ -95,7 +95,10 @@ pub(super) async fn mfa_auth_callback( info!("MFA authentication callback completed successfully"); Ok(private_cookies) } else { - error!("Received invalid gRPC response type during handling the MFA OpenID authentication callback: {payload:#?}"); + error!( + "Received invalid gRPC response type during handling the MFA OpenID authentication \ + callback" + ); Err(ApiError::InvalidResponseType) } } diff --git a/src/enterprise/handlers/openid_login.rs b/src/enterprise/handlers/openid_login.rs index a0390649..ea0af22b 100644 --- a/src/enterprise/handlers/openid_login.rs +++ b/src/enterprise/handlers/openid_login.rs @@ -94,7 +94,7 @@ async fn auth_info( .send(core_request::Payload::AuthInfo(request), device_info)?; let payload = get_core_response(rx).await?; if let core_response::Payload::AuthInfo(response) = payload { - debug!("Received auth info {response:?}"); + debug!("Received auth info response"); let nonce_cookie = Cookie::build((NONCE_COOKIE_NAME, response.nonce)) // .domain(cookie_domain) @@ -117,7 +117,7 @@ async fn auth_info( let auth_info = AuthInfo::new(response.url, response.button_display_name); Ok((private_cookies, Json(auth_info))) } else { - error!("Received invalid gRPC response type: {payload:#?}"); + error!("Received invalid gRPC response type"); Err(ApiError::InvalidResponseType) } } @@ -188,7 +188,10 @@ async fn auth_callback( debug!("Received auth callback response {url:?} {token:?}"); Ok((private_cookies, Json(CallbackResponseData { url, token }))) } else { - error!("Received invalid gRPC response type during handling the OpenID authentication callback: {payload:#?}"); + error!( + "Received invalid gRPC response type during handling the OpenID authentication \ + callback" + ); Err(ApiError::InvalidResponseType) } } diff --git a/src/grpc.rs b/src/grpc.rs index e57ac529..e1fef7ec 100644 --- a/src/grpc.rs +++ b/src/grpc.rs @@ -1,4 +1,5 @@ use std::{ + any::Any, collections::HashMap, net::SocketAddr, sync::{ @@ -21,7 +22,6 @@ use crate::{ // connected clients type ClientMap = HashMap>>; -#[derive(Debug)] pub(crate) struct ProxyServer { current_id: Arc, clients: Arc>, @@ -45,7 +45,7 @@ impl ProxyServer { /// Sends message to the other side of RPC, with given `payload` and optional `device_info`. /// Returns `tokio::sync::oneshot::Reveicer` to let the caller await reply. - #[instrument(name = "send_grpc_message", level = "debug", skip(self))] + #[instrument(name = "send_grpc_message", level = "debug", skip(self, payload))] pub(crate) fn send( &self, payload: core_request::Payload, @@ -127,13 +127,13 @@ impl proxy_server::Proxy for ProxyServer { loop { match stream.message().await { Ok(Some(response)) => { - debug!("Received message from Defguard core: {response:?}"); + debug!("Received message from Defguard Core ID={}", response.id); connected.store(true, Ordering::Relaxed); // Discard empty payloads. if let Some(payload) = response.payload { if let Some(rx) = results.lock().unwrap().remove(&response.id) { if let Err(err) = rx.send(payload) { - error!("Failed to send message to rx: {err:?}"); + error!("Failed to send message to rx {:?}", err.type_id()); } } else { error!("Missing receiver for response #{}", response.id); diff --git a/src/handlers/desktop_client_mfa.rs b/src/handlers/desktop_client_mfa.rs index ce00a383..4c333b61 100644 --- a/src/handlers/desktop_client_mfa.rs +++ b/src/handlers/desktop_client_mfa.rs @@ -151,7 +151,7 @@ async fn start_client_mfa( info!("Started desktop client authorization {req:?}"); Ok(Json(response)) } else { - error!("Received invalid gRPC response type: {payload:#?}"); + error!("Received invalid gRPC response type"); Err(ApiError::InvalidResponseType) } } @@ -170,7 +170,7 @@ async fn finish_client_mfa( if let core_response::Payload::ClientMfaFinish(response) = payload { Ok(Json(response)) } else { - error!("Received invalid gRPC response type: {payload:#?}"); + error!("Received invalid gRPC response type"); Err(ApiError::InvalidResponseType) } } @@ -210,7 +210,7 @@ async fn finish_remote_mfa( Err(ApiError::Unexpected(String::new())) } } else { - error!("Received invalid gRPC response type: {payload:#?}"); + error!("Received invalid gRPC response type"); Err(ApiError::InvalidResponseType) } } diff --git a/src/handlers/enrollment.rs b/src/handlers/enrollment.rs index 7d8b99b2..788df218 100644 --- a/src/handlers/enrollment.rs +++ b/src/handlers/enrollment.rs @@ -59,12 +59,12 @@ async fn start_enrollment_process( Ok((private_cookies.add(cookie), Json(response))) } else { - error!("Received invalid gRPC response type: {payload:#?}"); + error!("Received invalid gRPC response type"); Err(ApiError::InvalidResponseType) } } -#[instrument(level = "debug", skip(state))] +#[instrument(level = "debug", skip(state, req))] async fn activate_user( State(state): State, device_info: DeviceInfo, @@ -94,12 +94,12 @@ async fn activate_user( } Ok(private_cookies) } else { - error!("Received invalid gRPC response type: {payload:#?}"); + error!("Received invalid gRPC response type"); Err(ApiError::InvalidResponseType) } } -#[instrument(level = "debug", skip(state))] +#[instrument(level = "debug", skip(state, req))] async fn create_device( State(state): State, device_info: DeviceInfo, @@ -122,7 +122,7 @@ async fn create_device( info!("Added new device {name} {pubkey}"); Ok(Json(response)) } else { - error!("Received invalid gRPC response type: {payload:#?}"); + error!("Received invalid gRPC response type"); Err(ApiError::InvalidResponseType) } } @@ -150,7 +150,7 @@ async fn get_network_info( info!("Got network info for device {pubkey}"); Ok(Json(response)) } else { - error!("Received invalid gRPC response type: {payload:#?}"); + error!("Received invalid gRPC response type"); Err(ApiError::InvalidResponseType) } } diff --git a/src/handlers/mobile_client.rs b/src/handlers/mobile_client.rs index 1480d808..b39c2e98 100644 --- a/src/handlers/mobile_client.rs +++ b/src/handlers/mobile_client.rs @@ -58,7 +58,7 @@ pub(crate) async fn register_mobile_auth( info!("Registered mobile device for auth"); Ok(()) } else { - error!("Received invalid gRPC response type: {payload:#?}"); + error!("Received invalid gRPC response type"); Err(ApiError::InvalidResponseType) } } diff --git a/src/handlers/mod.rs b/src/handlers/mod.rs index aef69aeb..c01763c5 100644 --- a/src/handlers/mod.rs +++ b/src/handlers/mod.rs @@ -57,7 +57,7 @@ where pub(crate) async fn get_core_response(rx: Receiver) -> Result { debug!("Fetching core response..."); if let Ok(core_response) = timeout(CORE_RESPONSE_TIMEOUT, rx).await { - debug!("Got gRPC response from Defguard core: {core_response:?}"); + debug!("Got gRPC response from Defguard Core"); if let Ok(Payload::CoreError(core_error)) = core_response { if core_error.status_code == Code::FailedPrecondition as i32 && core_error.message == "no valid license" diff --git a/src/handlers/password_reset.rs b/src/handlers/password_reset.rs index 76e122e6..855b3830 100644 --- a/src/handlers/password_reset.rs +++ b/src/handlers/password_reset.rs @@ -36,7 +36,7 @@ async fn request_password_reset( info!("Started password reset request for {}", req.email); Ok(()) } else { - error!("Received invalid gRPC response type: {payload:#?}"); + error!("Received invalid gRPC response type"); Err(ApiError::InvalidResponseType) } } @@ -70,12 +70,12 @@ async fn start_password_reset( info!("Started password reset process"); Ok((private_cookies.add(cookie), Json(response))) } else { - error!("Received invalid gRPC response type: {payload:#?}"); + error!("Received invalid gRPC response type"); Err(ApiError::InvalidResponseType) } } -#[instrument(level = "debug", skip(state))] +#[instrument(level = "debug", skip(state, req))] async fn reset_password( State(state): State, device_info: DeviceInfo, @@ -100,7 +100,7 @@ async fn reset_password( } Ok(private_cookies) } else { - error!("Received invalid gRPC response type: {payload:#?}"); + error!("Received invalid gRPC response type"); Err(ApiError::InvalidResponseType) } } diff --git a/src/handlers/polling.rs b/src/handlers/polling.rs index 435dcee6..673e097a 100644 --- a/src/handlers/polling.rs +++ b/src/handlers/polling.rs @@ -24,7 +24,7 @@ pub(crate) async fn info( info!("Retrieved info for polling request"); Ok(Json(response)) } else { - error!("Received invalid gRPC response type: {payload:#?}"); + error!("Received invalid gRPC response type"); Err(ApiError::InvalidResponseType) } }