wip: add Ipv6Prefix::with_client_id impl

2025-03-20 10:41:34 +01:00
5 changed files with 78 additions and 56 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -78,9 +78,9 @@ dependencies = [

 [[package]]
 name = "axum"
-version = "0.8.3"
+version = "0.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "de45108900e1f9b9242f7f2e254aa3e2c029c921c258fe9e6b4217eeebd54288"
+checksum = "6d6fd624c75e18b3b4c6b9caf42b1afe24437daaee904069137d8bab077be8b8"
 dependencies = [
 "axum-core",
 "bytes",
@ -112,9 +112,9 @@ dependencies = [

 [[package]]
 name = "axum-client-ip"
-version = "1.0.0"
+version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b9329923fe6c30624095e63cb6c25796b32ffbf5d1da8c3a95d1054c301db92a"
+checksum = "dff8ee1869817523c8f91c20bf17fd932707f66c2e7e0b0f811b29a227289562"
 dependencies = [
 "axum",
 "forwarded-header-value",
@ -123,12 +123,12 @@ dependencies = [

 [[package]]
 name = "axum-core"
-version = "0.5.2"
+version = "0.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "68464cd0412f486726fb3373129ef5d2993f90c34bc2bc1c1e9943b2f4fc7ca6"
+checksum = "df1362f362fd16024ae199c1970ce98f9661bf5ef94b9808fee734bc3698b733"
 dependencies = [
 "bytes",
- "futures-core",
+ "futures-util",
 "http",
 "http-body",
 "http-body-util",
@ -185,9 +185,9 @@ checksum = "d71b6127be86fdcfddb610f7182ac57211d4b18a3e9c82eb2d17662f2227ad6a"

 [[package]]
 name = "cc"
-version = "1.2.18"
+version = "1.2.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "525046617d8376e3db1deffb079e91cef90a89fc3ca5c185bbf8c9ecdd15cd5c"
+checksum = "be714c154be609ec7f5dad223a33bf1482fff90472de28f7362806e6d4832b8c"
 dependencies = [
 "shlex",
 ]
@ -200,9 +200,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"

 [[package]]
 name = "clap"
-version = "4.5.35"
+version = "4.5.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d8aa86934b44c19c50f87cc2790e19f54f7a67aedb64101c2e1a2e5ecfb73944"
+checksum = "6088f3ae8c3608d19260cd7445411865a485688711b78b5be70d78cd96136f83"
 dependencies = [
 "clap_builder",
 "clap_derive",
@ -220,9 +220,9 @@ dependencies = [

 [[package]]
 name = "clap_builder"
-version = "4.5.35"
+version = "4.5.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2414dbb2dd0695280da6ea9261e327479e9d37b0630f6b53ba2a11c60c679fd9"
+checksum = "22a7ef7f676155edfb82daa97f99441f3ebf4a58d5e32f295a56259f1b6facc8"
 dependencies = [
 "anstream",
 "anstyle",
@ -274,12 +274,12 @@ checksum = "34aa73646ffb006b8f5147f3dc182bd4bcb190227ce861fc4a4844bf8e3cb2c0"

 [[package]]
 name = "errno"
-version = "0.3.11"
+version = "0.3.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "976dd42dc7e85965fe702eb8164f21f450704bdde31faefd6471dba214cb594e"
+checksum = "33d852cb9b869c2a9b3df2f71a3074817f01e1844f839a144f5fcef059a4eb5d"
 dependencies = [
 "libc",
- "windows-sys 0.59.0",
+ "windows-sys 0.52.0",
 ]

 [[package]]
@ -436,9 +436,9 @@ dependencies = [

 [[package]]
 name = "hyper-util"
-version = "0.1.11"
+version = "0.1.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "497bbc33a26fdd4af9ed9c70d63f61cf56a938375fbb32df34db9b1cd6d643f2"
+checksum = "df2dcfbe0677734ab2f3ffa7fa7bfd4706bfdc1ef393f2ee30184aed67e631b4"
 dependencies = [
 "bytes",
 "futures-util",
@ -502,15 +502,15 @@ checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f"

 [[package]]
 name = "linux-raw-sys"
-version = "0.9.4"
+version = "0.9.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cd945864f07fe9f5371a27ad7b52a172b4b499999f1d97574c9fa68373937e12"
+checksum = "fe7db12097d22ec582439daf8618b8fdd1a7bef6270e9af3b1ebcd30893cf413"

 [[package]]
 name = "log"
-version = "0.4.27"
+version = "0.4.26"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94"
+checksum = "30bde2b3dc3671ae49d8e2e9f044c7c005836e7a023ee57cffa25ab82764bb9e"

 [[package]]
 name = "matchers"
@ -572,9 +572,9 @@ checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a"

 [[package]]
 name = "miniz_oxide"
-version = "0.8.8"
+version = "0.8.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3be647b768db090acb35d5ec5db2b0e1f1de11133ca123b9eacf5137868f892a"
+checksum = "8e3e04debbb59698c15bacbb6d93584a8c0ca9cc3213cb423d31f760d8843ce5"
 dependencies = [
 "adler2",
 ]
@ -617,9 +617,9 @@ dependencies = [

 [[package]]
 name = "once_cell"
-version = "1.21.3"
+version = "1.21.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d"
+checksum = "d75b0bedcc4fe52caa0e03d9f1151a323e4aa5e2d78ba3580400cd3c9e2bc4bc"

 [[package]]
 name = "overload"
@ -755,15 +755,15 @@ checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f"

 [[package]]
 name = "rustix"
-version = "1.0.5"
+version = "1.0.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d97817398dd4bb2e6da002002db259209759911da105da92bec29ccb12cf58bf"
+checksum = "e56a18552996ac8d29ecc3b190b4fdbb2d91ca4ec396de7bbffaf43f3d637e96"
 dependencies = [
 "bitflags",
 "errno",
 "libc",
 "linux-raw-sys",
- "windows-sys 0.59.0",
+ "windows-sys 0.52.0",
 ]

 [[package]]
@ -864,15 +864,15 @@ checksum = "bbbb5d9659141646ae647b42fe094daf6c6192d1620870b449d9557f748b2daa"

 [[package]]
 name = "smallvec"
-version = "1.15.0"
+version = "1.14.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8917285742e9f3e1683f0a9c4e6b57960b7314d0b08d30d1ecd426713ee2eee9"
+checksum = "7fcf8323ef1faaee30a44a340193b1ac6814fd9b7b4e88e9d4519a3e4abe1cfd"

 [[package]]
 name = "socket2"
-version = "0.5.9"
+version = "0.5.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4f5fd57c80058a56cf5c777ab8a126398ece8e442983605d280a44ce79d0edef"
+checksum = "c970269d99b64e60ec3bd6ad27270092a5394c4e309314b18ae3fe575695fbe8"
 dependencies = [
 "libc",
 "windows-sys 0.52.0",
@ -994,9 +994,9 @@ dependencies = [

 [[package]]
 name = "tokio"
-version = "1.44.2"
+version = "1.44.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e6b88822cbe49de4185e3a4cbf8321dd487cf5fe0c5c65695fef6346371e9c48"
+checksum = "f382da615b842244d4b8738c82ed1275e6c5dd90c459a30941cd07080b06c91a"
 dependencies = [
 "backtrace",
 "bytes",
--- a/Cargo.toml
+++ b/Cargo.toml
@ -3,7 +3,6 @@ description = "An HTTP server using HTTP basic auth to make secure calls to nsup
 name = "webnsupdate"
 version = "0.3.6"
 edition = "2021"
-license = "MIT"
 license-file = "LICENSE"
 readme = "README.md"
 keywords = ["dns", "dyndns", "dynamic-ip"]
@ -17,7 +16,7 @@ pedantic = { level = "warn", priority = -1 }

 [dependencies]
 axum = "0.8"
-axum-client-ip = "1.0"
+axum-client-ip = "0.7"
 base64 = "0.22"
 clap = { version = "4", features = ["derive", "env"] }
 clap-verbosity-flag = { version = "3", default-features = false, features = [
--- a/flake.lock
+++ b/flake.lock
@ -2,11 +2,11 @@
  "nodes": {
    "crane": {
      "locked": {
-        "lastModified": 1743908961,
-        "narHash": "sha256-e1idZdpnnHWuosI3KsBgAgrhMR05T2oqskXCmNzGPq0=",
+        "lastModified": 1742394900,
+        "narHash": "sha256-vVOAp9ahvnU+fQoKd4SEXB2JG2wbENkpqcwlkIXgUC0=",
        "owner": "ipetkov",
        "repo": "crane",
-        "rev": "80ceeec0dc94ef967c371dcdc56adb280328f591",
+        "rev": "70947c1908108c0c551ddfd73d4f750ff2ea67cd",
        "type": "github"
      },
      "original": {
@ -22,11 +22,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1743550720,
-        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
+        "lastModified": 1741352980,
+        "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
+        "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
        "type": "github"
      },
      "original": {
@ -37,11 +37,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1744098102,
-        "narHash": "sha256-tzCdyIJj9AjysC3OuKA+tMD/kDEDAF9mICPDU7ix0JA=",
+        "lastModified": 1742288794,
+        "narHash": "sha256-Txwa5uO+qpQXrNG4eumPSD+hHzzYi/CdaM80M9XRLCo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "c8cd81426f45942bb2906d5ed2fe21d2f19d95b7",
+        "rev": "b6eaf97c6960d97350c584de1b6dcff03c9daf42",
        "type": "github"
      },
      "original": {
@ -82,11 +82,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1743748085,
-        "narHash": "sha256-uhjnlaVTWo5iD3LXics1rp9gaKgDRQj6660+gbUU3cE=",
+        "lastModified": 1742370146,
+        "narHash": "sha256-XRE8hL4vKIQyVMDXykFh4ceo3KSpuJF3ts8GKwh5bIU=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "815e4121d6a5d504c0f96e5be2dd7f871e4fd99d",
+        "rev": "adc195eef5da3606891cedf80c0d9ce2d3190808",
        "type": "github"
      },
      "original": {
--- a/src/config.rs
+++ b/src/config.rs
@ -4,7 +4,7 @@ use std::{
    path::PathBuf,
 };

-use axum_client_ip::ClientIpSource;
+use axum_client_ip::SecureClientIpSource;
 use miette::{Context, IntoDiagnostic};

 #[derive(Debug, Default, Clone, Copy, serde::Deserialize, serde::Serialize)]
@ -99,9 +99,9 @@ pub struct Records {

    /// Set client IP source
    ///
-    /// see: <https://docs.rs/axum-client-ip/latest/axum_client_ip/enum.ClientIpSource.html>
+    /// see: <https://docs.rs/axum-client-ip/latest/axum_client_ip/enum.SecureClientIpSource.html>
    #[serde(default = "default_ip_source")]
-    pub ip_source: ClientIpSource,
+    pub ip_source: SecureClientIpSource,

    /// Set which IPs to allow updating (ipv4, ipv6 or both)
    #[serde(default = "default_ip_type")]
@ -198,8 +198,8 @@ fn default_address() -> SocketAddr {
    SocketAddr::new(IpAddr::V4(Ipv4Addr::LOCALHOST), 5353)
 }

-fn default_ip_source() -> ClientIpSource {
-    ClientIpSource::RightmostXForwardedFor
+fn default_ip_source() -> SecureClientIpSource {
+    SecureClientIpSource::RightmostXForwardedFor
 }

 fn default_ip_type() -> IpType {
--- a/src/main.rs
+++ b/src/main.rs
@ -10,7 +10,7 @@ use axum::{
    routing::get,
    Router,
 };
-use axum_client_ip::ClientIp;
+use axum_client_ip::SecureClientIp;
 use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine};
 use clap::{Parser, Subcommand};
 use clap_verbosity_flag::Verbosity;
@ -230,6 +230,29 @@ struct Ipv6Prefix {
    length: u32,
 }

+impl Ipv6Prefix {
+    /// Create an [`Ipv6Addr`] from a prefix and a client id
+    pub fn with_client_id(self, client_id: Ipv6Addr) -> Ipv6Addr {
+        let Self { prefix, length } = self;
+        // Clear the last `length` bits
+        let prefix_mask = u128::MAX << length;
+        let client_mask = !prefix_mask;
+        let prefix = prefix.to_bits();
+        let client = client_id.to_bits();
+        debug_assert_eq!(
+            prefix & client_mask,
+            0,
+            "prefix contains bits in client id part"
+        );
+        debug_assert_eq!(
+            client & prefix_mask,
+            0,
+            "client id contains bits in prefix part"
+        );
+        Ipv6Addr::from_bits((prefix & prefix_mask) | (client & client_mask))
+    }
+}
+
 impl std::fmt::Display for Ipv6Prefix {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        let Self { prefix, length } = self;
@ -456,7 +479,7 @@ impl FritzBoxUpdateParams {
 #[tracing::instrument(skip(state), level = "trace", ret(level = "info"))]
 async fn update_records(
    State(state): State<AppState<'static>>,
-    ClientIp(ip): ClientIp,
+    SecureClientIp(ip): SecureClientIp,
    Query(update_params): Query<FritzBoxUpdateParams>,
 ) -> axum::response::Result<&'static str> {
    info!("accepted update from {ip}");