From 421077c92cefc5ad632a129d499b4096a11558fa Mon Sep 17 00:00:00 2001 From: Michael Nabil Date: Thu, 14 Mar 2024 13:48:49 +0200 Subject: [PATCH 1/5] Fix --- config/reverb.php | 9 ++++++++- src/Servers/Reverb/Factory.php | 6 ++++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/config/reverb.php b/config/reverb.php index 1dc85859..cbe5a127 100644 --- a/config/reverb.php +++ b/config/reverb.php @@ -33,7 +33,14 @@ 'port' => env('REVERB_SERVER_PORT', 8080), 'hostname' => env('REVERB_HOST'), 'options' => [ - 'tls' => [], + 'tls' => [ + 'local_cert' => env('REVERB_SSL_LOCAL_CERT'), + 'capath' => env('REVERB_SSL_CA'), + 'local_pk' => env('REVERB_SSL_LOCAL_PK'), + 'passphrase' => env('REVERB_SSL_PASSPHRASE'), + 'verify_peer' => env('APP_ENV') === 'production', + 'allow_self_signed' => env('APP_ENV') !== 'production', + ], ], 'scaling' => [ 'enabled' => env('REVERB_SCALING_ENABLED', false), diff --git a/src/Servers/Reverb/Factory.php b/src/Servers/Reverb/Factory.php index 8bbaf053..94861a1e 100644 --- a/src/Servers/Reverb/Factory.php +++ b/src/Servers/Reverb/Factory.php @@ -44,14 +44,16 @@ public static function make(string $host = '0.0.0.0', string $port = '8080', ?st default => throw new InvalidArgumentException("Unsupported protocol [{$protocol}]."), }; - if (empty($options['tls']) && $hostname && Certificate::exists($hostname)) { + $tls = $options['tls'] ?? []; + + if (empty($tls['local_cert']) && empty($tls['local_pk']) && $hostname && Certificate::exists($hostname)) { [$certificate, $key] = Certificate::resolve($hostname); $options['tls']['local_cert'] = $certificate; $options['tls']['local_pk'] = $key; } - $uri = empty($options['tls']) ? "{$host}:{$port}" : "tls://{$host}:{$port}"; + $uri = empty($tls) ? "{$host}:{$port}" : "tls://{$host}:{$port}"; return new HttpServer( new SocketServer($uri, $options, $loop), From 5139bdae882eeecb385c5784c1d76ee1d9d3285f Mon Sep 17 00:00:00 2001 From: Michael Nabil Date: Thu, 14 Mar 2024 14:08:19 +0200 Subject: [PATCH 2/5] cleaning --- src/Servers/Reverb/Factory.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/Servers/Reverb/Factory.php b/src/Servers/Reverb/Factory.php index 94861a1e..20f4944c 100644 --- a/src/Servers/Reverb/Factory.php +++ b/src/Servers/Reverb/Factory.php @@ -44,16 +44,14 @@ public static function make(string $host = '0.0.0.0', string $port = '8080', ?st default => throw new InvalidArgumentException("Unsupported protocol [{$protocol}]."), }; - $tls = $options['tls'] ?? []; - - if (empty($tls['local_cert']) && empty($tls['local_pk']) && $hostname && Certificate::exists($hostname)) { + if (empty($options['tls']['local_cert']) && empty($options['tls']['local_pk']) && $hostname && Certificate::exists($hostname)) { [$certificate, $key] = Certificate::resolve($hostname); $options['tls']['local_cert'] = $certificate; $options['tls']['local_pk'] = $key; } - $uri = empty($tls) ? "{$host}:{$port}" : "tls://{$host}:{$port}"; + $uri = empty($options['tls']) ? "{$host}:{$port}" : "tls://{$host}:{$port}"; return new HttpServer( new SocketServer($uri, $options, $loop), From bfec13ba2f494e448acaf7e0e01abe3eaff95322 Mon Sep 17 00:00:00 2001 From: Joe Dixon Date: Wed, 27 Mar 2024 11:44:00 +0000 Subject: [PATCH 3/5] remove default context --- config/reverb.php | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/config/reverb.php b/config/reverb.php index cbe5a127..1dc85859 100644 --- a/config/reverb.php +++ b/config/reverb.php @@ -33,14 +33,7 @@ 'port' => env('REVERB_SERVER_PORT', 8080), 'hostname' => env('REVERB_HOST'), 'options' => [ - 'tls' => [ - 'local_cert' => env('REVERB_SSL_LOCAL_CERT'), - 'capath' => env('REVERB_SSL_CA'), - 'local_pk' => env('REVERB_SSL_LOCAL_PK'), - 'passphrase' => env('REVERB_SSL_PASSPHRASE'), - 'verify_peer' => env('APP_ENV') === 'production', - 'allow_self_signed' => env('APP_ENV') !== 'production', - ], + 'tls' => [], ], 'scaling' => [ 'enabled' => env('REVERB_SCALING_ENABLED', false), From 882fe2126aa043c51f4eecf370617f3e2ad970f6 Mon Sep 17 00:00:00 2001 From: Joe Dixon Date: Wed, 27 Mar 2024 12:08:02 +0000 Subject: [PATCH 4/5] configure tls --- src/Servers/Reverb/Factory.php | 28 ++++++++++++++++++----- tests/Unit/Servers/Reverb/FactoryTest.php | 14 ++++++++++++ 2 files changed, 36 insertions(+), 6 deletions(-) diff --git a/src/Servers/Reverb/Factory.php b/src/Servers/Reverb/Factory.php index 20f4944c..b341eade 100644 --- a/src/Servers/Reverb/Factory.php +++ b/src/Servers/Reverb/Factory.php @@ -44,12 +44,7 @@ public static function make(string $host = '0.0.0.0', string $port = '8080', ?st default => throw new InvalidArgumentException("Unsupported protocol [{$protocol}]."), }; - if (empty($options['tls']['local_cert']) && empty($options['tls']['local_pk']) && $hostname && Certificate::exists($hostname)) { - [$certificate, $key] = Certificate::resolve($hostname); - - $options['tls']['local_cert'] = $certificate; - $options['tls']['local_pk'] = $key; - } + $options['tls'] = static::configureTls($options['tls'] ?? [], $hostname); $uri = empty($options['tls']) ? "{$host}:{$port}" : "tls://{$host}:{$port}"; @@ -101,4 +96,25 @@ protected static function pusherRoutes(): RouteCollection return $routes; } + + /** + * Configure the TLS context for the server. + * + * @param array $context + * @return array + */ + protected static function configureTls(array $context, ?string $hostname): array + { + $context = array_filter($context, fn ($value) => $value !== null); + $usesTls = ($context['local_cert'] ?? false) || ($context['local_pk'] ?? false); + + if (! $usesTls && $hostname && Certificate::exists($hostname)) { + [$certificate, $key] = Certificate::resolve($hostname); + + $context['local_cert'] = $certificate; + $context['local_pk'] = $key; + } + + return $context; + } } diff --git a/tests/Unit/Servers/Reverb/FactoryTest.php b/tests/Unit/Servers/Reverb/FactoryTest.php index 0c4dfed4..5028fc20 100644 --- a/tests/Unit/Servers/Reverb/FactoryTest.php +++ b/tests/Unit/Servers/Reverb/FactoryTest.php @@ -45,6 +45,7 @@ it('can create a server using tls on the given host and port', function () { $this->app->config->set('reverb.servers.reverb.options.tls.local_cert', '/path/to/cert.pem'); + $this->app->config->set('reverb.servers.reverb.options.tls.verify_peer', false); $server = Factory::make('127.0.0.1', '8002', options: $this->app->config->get('reverb.servers.reverb.options')); $socket = (new ReflectionProperty($server, 'socket'))->getValue($server); @@ -55,3 +56,16 @@ $server->stop(); }); + +it('can create a server without tls when context values are null', function () { + $this->app->config->set('reverb.servers.reverb.options.tls.local_cert', null); + $this->app->config->set('reverb.servers.reverb.options.tls.verify_peer', null); + $server = Factory::make('127.0.0.1', '8002', options: $this->app->config->get('reverb.servers.reverb.options')); + + $socket = (new ReflectionProperty($server, 'socket'))->getValue($server); + $socketServer = (new ReflectionProperty($socket, 'server'))->getValue($socket); + + expect($socketServer)->toBeInstanceOf(TcpServer::class); + + $server->stop(); +}); From d48fa1ff7d470632b8b692fe614cef181863ec05 Mon Sep 17 00:00:00 2001 From: Taylor Otwell Date: Wed, 27 Mar 2024 12:03:00 -0500 Subject: [PATCH 5/5] formatting --- src/Servers/Reverb/Factory.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Servers/Reverb/Factory.php b/src/Servers/Reverb/Factory.php index b341eade..51f61b67 100644 --- a/src/Servers/Reverb/Factory.php +++ b/src/Servers/Reverb/Factory.php @@ -106,6 +106,7 @@ protected static function pusherRoutes(): RouteCollection protected static function configureTls(array $context, ?string $hostname): array { $context = array_filter($context, fn ($value) => $value !== null); + $usesTls = ($context['local_cert'] ?? false) || ($context['local_pk'] ?? false); if (! $usesTls && $hostname && Certificate::exists($hostname)) {