refactor: replace hyper with reqwest for git proxy implementation

Author: wangeguo

Cargo.lock

@@ -7,7 +7,7 @@ resolver = "2"
 [package]
 name = "backend"
 description = "Backend API and services for StackClass"
-version = "0.33.0"
+version = "0.34.0"
 edition = "2024"
 
 default-run = "stackclass-server"
@@ -33,7 +33,6 @@ gitea-client = { path = "crates/gitea-client" }
 anyhow = "1.0.98"
 axum = { version = "0.8.4" }
 axum-extra = {version = "0.10.1", features = ["typed-header"] }
-base64 = "0.22.1"
 chrono = { version = "0.4.41", features = ["serde"] }
 clap = { version = "4.5.41", features = ["derive", "env"] }
 dotenv = "0.15.0"
@@ -42,12 +41,12 @@ fs_extra = "1.3.0"
 futures = "0.3.31"
 ghrepo = "0.7.1"
 http-body-util = "0.1.3"
-hyper-util = {version = "0.1.16", features = ["client-legacy"] }
 indexmap = {version = "2.9.0", features = ["serde"] }
 jsonwebtoken = "9.3.1"
 k8s-openapi = { version = "0.25", default-features = false, features = ["latest"] }
 kube = { version = "1", default-features = false, features = ["runtime", "derive", "rustls-tls"] }
 octocrab = "0.44.1"
+reqwest = { version = "0.12", default-features = false, features = ["json", "rustls-tls"] }
 serde = { version = "1.0.219", features = ["derive"] }
 serde_json = "1.0.141"
 serde_yml = "0.0.12"

Cargo.toml

@@ -6,7 +6,7 @@
     "license": {
       "name": ""
     },
-    "version": "0.33.0"
+    "version": "0.34.0"
   },
   "paths": {
     "/v1/courses": {

openapi.json

@@ -12,12 +12,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use axum::body::Body;
 use gitea_client::GiteaClient;
-use hyper_util::{
-    client::legacy::{Client, connect::HttpConnector},
-    rt::TokioExecutor,
-};
+use reqwest::Client;
 
 use crate::{config::Config, database::Database, errors::Result};
 
@@ -36,7 +32,7 @@ pub struct Context {
     pub k8s: kube::Client,
 
     /// HTTP client for making external requests
-    pub http: Client<HttpConnector, Body>,
+    pub http: Client,
 }
 
 impl Context {
@@ -48,7 +44,7 @@ impl Context {
             config.git_server_password.clone(),
         );
         let k8s = kube::Client::try_default().await?;
-        let http = Client::builder(TokioExecutor::new()).build_http();
+        let http = Client::new();
 
         Ok(Context { config, database, git, k8s, http })
     }

src/context.rs

@@ -31,7 +31,7 @@ use jsonwebtoken::{
 use serde::{Deserialize, Serialize};
 use thiserror::Error;
 use tokio::sync::{OnceCell, RwLock};
-use tracing::{debug, error};
+use tracing::{debug, error, info};
 
 use crate::{context::Context, errors::AutoIntoResponse, repository::UserRepository};
 
@@ -41,6 +41,7 @@ static KEYS: OnceCell<Arc<RwLock<HashMap<String, DecodingKey>>>> = OnceCell::con
 /// Loads JSON Web Keys (JWKs) from the database and converts them into `DecodingKey` instances.
 /// Returns a `HashMap` mapping key IDs to their corresponding `DecodingKey`.
 async fn load_keys(ctx: Arc<Context>) -> Result<HashMap<String, DecodingKey>, ClaimsError> {
+    info!("Fetching all JSON Web Keys (JWKS) from the database");
     let keys = UserRepository::find_all_json_web_keys(&ctx.database).await.map_err(|e| {
         error!("Failed to load JSON web keys: {}", e);
         ClaimsError::KeyLoadFailure

src/extractor.rs

@@ -15,13 +15,12 @@
 use std::sync::Arc;
 
 use axum::{
-    body::Body,
+    body::{self, Body},
     extract::{Path, State},
     http::{Request, StatusCode, Uri, header},
-    response::IntoResponse,
+    response::{IntoResponse, Response},
 };
-use base64::{Engine, engine::general_purpose::STANDARD as Base64};
-use tracing::{debug, error, warn};
+use tracing::{error, info, trace, warn};
 use uuid::Uuid;
 
 use crate::{
@@ -36,11 +35,9 @@ use crate::{
 /// This function handles authentication and routing for Git operations.
 pub async fn proxy(
     State(ctx): State<Arc<Context>>,
-    Path((uuid, path)): Path<(Uuid, String)>,
-    mut req: Request<Body>,
+    Path((uuid, _)): Path<(Uuid, String)>,
+    req: Request<Body>,
 ) -> impl IntoResponse {
-    debug!(%uuid, %path, "Proxying Git request");
-
     // Look up repository information by UUID (user course ID)
     // Return NOT_FOUND if repository is invalid or doesn't exist
     let (owner, repo, email) = lookup(&ctx.database, &uuid).await.ok_or_else(|| {
@@ -51,24 +48,62 @@ pub async fn proxy(
     let Config { git_server_endpoint, auth_secret, .. } = &ctx.config;
 
     // Construct the URI for the Git server request to Gitea backend.
-    let sanitized_path = path.trim_start_matches('/');
-    let uri_str = format!("{git_server_endpoint}/{owner}/{repo}.git/{}", sanitized_path);
-    *req.uri_mut() = Uri::try_from(uri_str).map_err(|e| {
-        error!(error = %e, "Failed to construct URI for proxy destination");
+    let trimmed = strip_uuid_prefix(req.uri(), &uuid);
+    let url = format!("{git_server_endpoint}/{owner}/{repo}.git{trimmed}");
+    let url = reqwest::Url::parse(&url).map_err(|e| {
+        error!(error = %e, "Failed to parse URI for proxy destination");
+        StatusCode::INTERNAL_SERVER_ERROR
+    })?;
+    info!(url = %url, "Forwarding to Git server");
+
+    // Convert axum Request to reqwest Request
+    let (mut parts, body) = req.into_parts();
+    let body_bytes = body::to_bytes(body, usize::MAX).await.map_err(|e| {
+        error!(error = %e, "Failed to read request body");
         StatusCode::INTERNAL_SERVER_ERROR
     })?;
 
-    // Generate a password for the user's email using the auth secret and then
-    // construct the Basic Auth header value for the Git server request.
+    // Remove the original host header
+    parts.headers.remove(header::HOST);
     let password = crypto::password(&email, auth_secret);
-    let credentials = Base64.encode(format!("{owner}:{password}"));
-    let auth_header_value = format!("Basic {credentials}").parse().unwrap();
-    req.headers_mut().insert(header::AUTHORIZATION, auth_header_value);
 
-    debug!(uri = %req.uri(), "Forwarding to Git server");
-    ctx.http.request(req).await.map_err(|e| {
+    let request = ctx
+        .http
+        .request(parts.method, url)
+        .headers(parts.headers)
+        .basic_auth(owner, Some(password))
+        .body(body_bytes.to_vec())
+        .build()
+        .map_err(|e| {
+            error!(error = %e, "Failed to build reqwest request");
+            StatusCode::INTERNAL_SERVER_ERROR
+        })?;
+    trace!(?request, "Built client request for Git server");
+
+    // Execute the request
+    let response = ctx.http.execute(request).await.map_err(|e| {
         error!(error = %e, "Git server request failed");
         StatusCode::BAD_GATEWAY
+    })?;
+    trace!(?response, "Received response from Git server");
+
+    // Convert reqwest Response to axum Response
+    let status = response.status();
+    let headers = response.headers().clone();
+    let body = response.bytes().await.map_err(|e| {
+        error!(error = %e, "Failed to read response body");
+        StatusCode::INTERNAL_SERVER_ERROR
+    })?;
+    trace!(body = ?String::from_utf8_lossy(&body), "Git server response");
+
+    let mut response_builder = Response::builder().status(status);
+    for (key, value) in headers.iter() {
+        response_builder = response_builder.header(key, value);
+    }
+
+    response_builder.body(Body::from(body)).map_err(|e| {
+        error!(error = %e, "Failed to build response");
+        StatusCode::INTERNAL_SERVER_ERROR
     })
 }
 
@@ -79,3 +114,13 @@ async fn lookup(db: &Database, uuid: &Uuid) -> Option<(String, String, String)>
 
     Some((user.username(), course.course_slug, user.email))
 }
+
+/// Strip the leading "/{uuid}" from a request URI and return the remaining path+query.
+/// For example:
+///   input:  "/5a0e.../info/refs?service=git-receive-pack"
+///   output: "/info/refs?service=git-receive-pack"
+fn strip_uuid_prefix(uri: &Uri, uuid: &Uuid) -> String {
+    let path_and_query = uri.path_and_query().map(|pq| pq.as_str()).unwrap_or("");
+    let prefix = format!("/{}", uuid);
+    path_and_query.strip_prefix(&prefix).unwrap_or(path_and_query).to_string()
+}

src/handler/git.rs

@@ -12,8 +12,6 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use tracing::debug;
-
 use crate::{
     database::Database,
     model::{JsonWebKey, UserModel},
@@ -26,7 +24,6 @@ pub struct UserRepository;
 impl UserRepository {
     /// Fetch all JSON Web Keys (JWKS) from the database.
     pub async fn find_all_json_web_keys(db: &Database) -> Result<Vec<JsonWebKey>> {
-        debug!("Fetching all JSON Web Keys (JWKS) from the database");
         let keys =
             sqlx::query_as::<_, JsonWebKey>("SELECT * FROM jwks").fetch_all(db.pool()).await?;
         Ok(keys)