From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 7ED681FF187 for ; Tue, 2 Dec 2025 16:57:38 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id C37FC16F11; Tue, 2 Dec 2025 16:57:48 +0100 (CET) From: Samuel Rufinatscha To: pbs-devel@lists.proxmox.com Date: Tue, 2 Dec 2025 16:56:56 +0100 Message-ID: <20251202155659.379848-6-s.rufinatscha@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20251202155659.379848-1-s.rufinatscha@proxmox.com> References: <20251202155659.379848-1-s.rufinatscha@proxmox.com> MIME-Version: 1.0 X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1764690986611 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.150 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment POISEN_SPAM_PILL 0.1 Meta: its spam POISEN_SPAM_PILL_2 0.1 random spam to be learned in bayes POISEN_SPAM_PILL_4 0.1 random spam to be learned in bayes SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pbs-devel] [PATCH proxmox 1/4] acme: reduce visibility of Request type X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" Currently, the low-level ACME Request type is publicly exposed, even though users are expected to go through AcmeClient and proxmox-acme-api handlers. This patch reduces visibility so that the Request type and related fields/methods are crate-internal only. Signed-off-by: Samuel Rufinatscha --- proxmox-acme/src/account.rs | 17 ++++++++++------- proxmox-acme/src/async_client.rs | 2 +- proxmox-acme/src/authorization.rs | 2 +- proxmox-acme/src/client.rs | 6 +++--- proxmox-acme/src/lib.rs | 4 ---- proxmox-acme/src/order.rs | 2 +- proxmox-acme/src/request.rs | 12 ++++++------ 7 files changed, 22 insertions(+), 23 deletions(-) diff --git a/proxmox-acme/src/account.rs b/proxmox-acme/src/account.rs index 0bbf0027..081ca986 100644 --- a/proxmox-acme/src/account.rs +++ b/proxmox-acme/src/account.rs @@ -92,7 +92,7 @@ impl Account { } /// Prepare a "POST-as-GET" request to fetch data. Low level helper. - pub fn get_request(&self, url: &str, nonce: &str) -> Result { + pub(crate) fn get_request(&self, url: &str, nonce: &str) -> Result { let key = PKey::private_key_from_pem(self.private_key.as_bytes())?; let body = serde_json::to_string(&Jws::new_full( &key, @@ -112,7 +112,7 @@ impl Account { } /// Prepare a JSON POST request. Low level helper. - pub fn post_request( + pub(crate) fn post_request( &self, url: &str, nonce: &str, @@ -179,7 +179,7 @@ impl Account { /// Prepare a request to update account data. /// /// This is a rather low level interface. You should know what you're doing. - pub fn update_account_request( + pub(crate) fn update_account_request( &self, nonce: &str, data: &T, @@ -188,7 +188,10 @@ impl Account { } /// Prepare a request to deactivate this account. - pub fn deactivate_account_request(&self, nonce: &str) -> Result { + pub(crate) fn deactivate_account_request( + &self, + nonce: &str, + ) -> Result { self.post_request_raw_payload( &self.location, nonce, @@ -220,7 +223,7 @@ impl Account { /// /// This returns a raw `Request` since validation takes some time and the `Authorization` /// object has to be re-queried and its `status` inspected. - pub fn validate_challenge( + pub(crate) fn validate_challenge( &self, authorization: &Authorization, challenge_index: usize, @@ -274,7 +277,7 @@ pub struct CertificateRevocation<'a> { impl CertificateRevocation<'_> { /// Create the revocation request using the specified nonce for the given directory. - pub fn request(&self, directory: &Directory, nonce: &str) -> Result { + pub(crate) fn request(&self, directory: &Directory, nonce: &str) -> Result { let revoke_cert = directory.data.revoke_cert.as_ref().ok_or_else(|| { Error::Custom("no 'revokeCert' URL specified by provider".to_string()) })?; @@ -364,7 +367,7 @@ impl AccountCreator { /// the resulting request. /// Changing the private key between using the request and passing the response to /// [`response`](AccountCreator::response()) will render the account unusable! - pub fn request(&self, directory: &Directory, nonce: &str) -> Result { + pub(crate) fn request(&self, directory: &Directory, nonce: &str) -> Result { let key = self.key.as_deref().ok_or(Error::MissingKey)?; let url = directory.new_account_url().ok_or_else(|| { Error::Custom("no 'newAccount' URL specified by provider".to_string()) diff --git a/proxmox-acme/src/async_client.rs b/proxmox-acme/src/async_client.rs index dc755fb9..2ff3ba22 100644 --- a/proxmox-acme/src/async_client.rs +++ b/proxmox-acme/src/async_client.rs @@ -10,7 +10,7 @@ use proxmox_http::{client::Client, Body}; use crate::account::AccountCreator; use crate::order::{Order, OrderData}; -use crate::Request as AcmeRequest; +use crate::request::Request as AcmeRequest; use crate::{Account, Authorization, Challenge, Directory, Error, ErrorResponse}; /// A non-blocking Acme client using tokio/hyper. diff --git a/proxmox-acme/src/authorization.rs b/proxmox-acme/src/authorization.rs index 28bc1b4b..765714fc 100644 --- a/proxmox-acme/src/authorization.rs +++ b/proxmox-acme/src/authorization.rs @@ -145,7 +145,7 @@ pub struct GetAuthorization { /// this is guaranteed to be `Some`. /// /// The response should be passed to the the [`response`](GetAuthorization::response()) method. - pub request: Option, + pub(crate) request: Option, } impl GetAuthorization { diff --git a/proxmox-acme/src/client.rs b/proxmox-acme/src/client.rs index 931f7245..5c812567 100644 --- a/proxmox-acme/src/client.rs +++ b/proxmox-acme/src/client.rs @@ -7,8 +7,8 @@ use serde::{Deserialize, Serialize}; use crate::b64u; use crate::error; use crate::order::OrderData; -use crate::request::ErrorResponse; -use crate::{Account, Authorization, Challenge, Directory, Error, Order, Request}; +use crate::request::{ErrorResponse, Request}; +use crate::{Account, Authorization, Challenge, Directory, Error, Order}; macro_rules! format_err { ($($fmt:tt)*) => { Error::Client(format!($($fmt)*)) }; @@ -564,7 +564,7 @@ impl Client { } /// Low-level API to run an n API request. This automatically updates the current nonce! - pub fn run_request(&mut self, request: Request) -> Result { + pub(crate) fn run_request(&mut self, request: Request) -> Result { self.inner.run_request(request) } diff --git a/proxmox-acme/src/lib.rs b/proxmox-acme/src/lib.rs index df722629..6722030c 100644 --- a/proxmox-acme/src/lib.rs +++ b/proxmox-acme/src/lib.rs @@ -66,10 +66,6 @@ pub use error::Error; #[doc(inline)] pub use order::Order; -#[cfg(feature = "impl")] -#[doc(inline)] -pub use request::Request; - // we don't inline these: #[cfg(feature = "impl")] pub use order::NewOrder; diff --git a/proxmox-acme/src/order.rs b/proxmox-acme/src/order.rs index b6551004..432a81a4 100644 --- a/proxmox-acme/src/order.rs +++ b/proxmox-acme/src/order.rs @@ -153,7 +153,7 @@ pub struct NewOrder { //order: OrderData, /// The request to execute to place the order. When creating a [`NewOrder`] via /// [`Account::new_order`](crate::Account::new_order) this is guaranteed to be `Some`. - pub request: Option, + pub(crate) request: Option, } impl NewOrder { diff --git a/proxmox-acme/src/request.rs b/proxmox-acme/src/request.rs index 78a90913..dadfc5af 100644 --- a/proxmox-acme/src/request.rs +++ b/proxmox-acme/src/request.rs @@ -4,21 +4,21 @@ pub(crate) const JSON_CONTENT_TYPE: &str = "application/jose+json"; pub(crate) const CREATED: u16 = 201; /// A request which should be performed on the ACME provider. -pub struct Request { +pub(crate) struct Request { /// The complete URL to send the request to. - pub url: String, + pub(crate) url: String, /// The HTTP method name to use. - pub method: &'static str, + pub(crate) method: &'static str, /// The `Content-Type` header to pass along. - pub content_type: &'static str, + pub(crate) content_type: &'static str, /// The body to pass along with request, or an empty string. - pub body: String, + pub(crate) body: String, /// The expected status code a compliant ACME provider will return on success. - pub expected: u16, + pub(crate) expected: u16, } /// An ACME error response contains a specially formatted type string, and can optionally -- 2.47.3 _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel