From 2a04ac5cd0f5b7d1af8706c9324f236a9fed761e Mon Sep 17 00:00:00 2001 From: Jacek Chmielewski Date: Fri, 9 Jan 2026 13:24:00 +0100 Subject: [PATCH 1/8] send private cookie jar key header when connecting to proxy --- crates/defguard_proxy_manager/src/lib.rs | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/crates/defguard_proxy_manager/src/lib.rs b/crates/defguard_proxy_manager/src/lib.rs index f71b9b289..4123a6dfa 100644 --- a/crates/defguard_proxy_manager/src/lib.rs +++ b/crates/defguard_proxy_manager/src/lib.rs @@ -22,7 +22,8 @@ use tokio::{ }; use tokio_stream::wrappers::UnboundedReceiverStream; use tonic::{ - Code, Streaming, + self, Code, Streaming, + metadata::MetadataValue, transport::{Certificate, ClientTlsConfig, Endpoint}, }; @@ -63,6 +64,9 @@ extern crate tracing; const TEN_SECS: Duration = Duration::from_secs(10); static VERSION_ZERO: Version = Version::new(0, 0, 0); +static COOKIE_KEY_HEADER: &str = "dg-cookie-key-bin"; +// TODO(jck) +static COOKIE_KEY: &[u8] = &[1; 64]; #[derive(Error, Debug)] pub enum ProxyError { @@ -288,7 +292,11 @@ impl Proxy { let mut client = ProxyClient::with_interceptor(self.endpoint.connect_lazy(), interceptor); let (tx, rx) = mpsc::unbounded_channel(); - let response = match client.bidi(UnboundedReceiverStream::new(rx)).await { + let mut request = tonic::Request::new(UnboundedReceiverStream::new(rx)); + request + .metadata_mut() + .insert_bin(COOKIE_KEY_HEADER, MetadataValue::from_bytes(COOKIE_KEY)); + let response = match client.bidi(request).await { Ok(response) => response, Err(err) => { match err.code() { From 8cc5b94bd33b7e43946cab28abc0eafb7ec3bfcb Mon Sep 17 00:00:00 2001 From: Jacek Chmielewski Date: Mon, 12 Jan 2026 10:50:35 +0100 Subject: [PATCH 2/8] rename ProxyOrchestrator -> ProxyManager --- crates/defguard/src/main.rs | 8 ++++---- crates/defguard_proxy_manager/src/lib.rs | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/crates/defguard/src/main.rs b/crates/defguard/src/main.rs index 99de57601..ef0e50c3d 100644 --- a/crates/defguard/src/main.rs +++ b/crates/defguard/src/main.rs @@ -40,7 +40,7 @@ use defguard_core::{ use defguard_event_logger::{message::EventLoggerMessage, run_event_logger}; use defguard_event_router::{RouterReceiverSet, run_event_router}; use defguard_mail::{Mail, run_mail_handler}; -use defguard_proxy_manager::{ProxyOrchestrator, ProxyTxSet}; +use defguard_proxy_manager::{ProxyManager, ProxyTxSet}; // use defguard_session_manager::run_session_manager; use secrecy::ExposeSecret; use tokio::sync::{broadcast, mpsc::unbounded_channel}; @@ -159,12 +159,12 @@ async fn main() -> Result<(), anyhow::Error> { } let proxy_tx = ProxyTxSet::new(wireguard_tx.clone(), mail_tx.clone(), bidi_event_tx.clone()); - let proxy_orchestrator = - ProxyOrchestrator::new(pool.clone(), proxy_tx, Arc::clone(&incompatible_components)); + let proxy_manager = + ProxyManager::new(pool.clone(), proxy_tx, Arc::clone(&incompatible_components)); // run services tokio::select! { - res = proxy_orchestrator.run(&config.proxy_url) => error!("ProxyOrchestrator returned early: {res:?}"), + res = proxy_manager.run(&config.proxy_url) => error!("ProxyManager returned early: {res:?}"), res = run_grpc_gateway_stream( pool.clone(), client_state, diff --git a/crates/defguard_proxy_manager/src/lib.rs b/crates/defguard_proxy_manager/src/lib.rs index 4123a6dfa..3d1b2235a 100644 --- a/crates/defguard_proxy_manager/src/lib.rs +++ b/crates/defguard_proxy_manager/src/lib.rs @@ -144,14 +144,14 @@ impl ProxyRouter { /// - instantiating and supervising proxy connections, /// - routing responses to the appropriate proxy based on correlation state, /// - providing shared infrastructure (database access, outbound channels), -pub struct ProxyOrchestrator { +pub struct ProxyManager { pool: PgPool, tx: ProxyTxSet, incompatible_components: Arc>, router: Arc>, } -impl ProxyOrchestrator { +impl ProxyManager { pub fn new( pool: PgPool, tx: ProxyTxSet, @@ -226,14 +226,14 @@ impl ProxyTxSet { /// bidirectional stream to one proxy instance, handling incoming requests /// from that proxy, and forwarding responses back through the same stream. /// Each `Proxy` runs independently and is supervised by the -/// `ProxyOrchestrator`. +/// `ProxyManager`. struct Proxy { pool: PgPool, /// Proxy server gRPC URI endpoint: Endpoint, /// gRPC servers services: ProxyServices, - /// Router shared between proxies and the orchestrator + /// Router shared between proxies and the proxy manager router: Arc>, } From 1545dcdd817a8e4e624f1651e8f0db607099b16e Mon Sep 17 00:00:00 2001 From: Jacek Chmielewski Date: Mon, 12 Jan 2026 12:14:41 +0100 Subject: [PATCH 3/8] derive proxy key from core key to avoid transmitting core master key over grpc --- Cargo.lock | 4 ++++ Cargo.toml | 1 + crates/defguard_proxy_manager/Cargo.toml | 2 ++ crates/defguard_proxy_manager/src/lib.rs | 15 ++++++++++----- 4 files changed, 17 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 557dfb66d..65f784655 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -776,8 +776,10 @@ checksum = "4ddef33a339a91ea89fb53151bd0a4689cfce27055c291dfa69945475d22c747" dependencies = [ "aes-gcm", "base64 0.22.1", + "hkdf", "percent-encoding", "rand 0.8.5", + "sha2", "subtle", "time", "version_check", @@ -1286,6 +1288,7 @@ name = "defguard_proxy_manager" version = "0.0.0" dependencies = [ "axum", + "axum-extra", "defguard_common", "defguard_core", "defguard_mail", @@ -1293,6 +1296,7 @@ dependencies = [ "defguard_version", "openidconnect", "reqwest", + "secrecy", "semver", "sqlx", "thiserror 2.0.17", diff --git a/Cargo.toml b/Cargo.toml index 177460539..90a404aae 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -30,6 +30,7 @@ axum = "0.8" axum-client-ip = "0.7" axum-extra = { version = "0.12", features = [ "cookie-private", + "cookie-key-expansion", "typed-header", "query", ] } diff --git a/crates/defguard_proxy_manager/Cargo.toml b/crates/defguard_proxy_manager/Cargo.toml index 18d4acd0b..f03aadbde 100644 --- a/crates/defguard_proxy_manager/Cargo.toml +++ b/crates/defguard_proxy_manager/Cargo.toml @@ -20,6 +20,8 @@ semver.workspace = true tokio-stream.workspace = true axum.workspace = true +axum-extra.workspace = true +secrecy.workspace = true sqlx.workspace = true thiserror.workspace = true tokio.workspace = true diff --git a/crates/defguard_proxy_manager/src/lib.rs b/crates/defguard_proxy_manager/src/lib.rs index 3d1b2235a..490348fc2 100644 --- a/crates/defguard_proxy_manager/src/lib.rs +++ b/crates/defguard_proxy_manager/src/lib.rs @@ -7,8 +7,10 @@ use std::{ }; use axum::http::Uri; +use axum_extra::extract::cookie::Key; use openidconnect::{AuthorizationCode, Nonce, Scope, core::CoreAuthenticationFlow}; use reqwest::Url; +use secrecy::ExposeSecret; use semver::Version; use sqlx::PgPool; use thiserror::Error; @@ -65,8 +67,6 @@ extern crate tracing; const TEN_SECS: Duration = Duration::from_secs(10); static VERSION_ZERO: Version = Version::new(0, 0, 0); static COOKIE_KEY_HEADER: &str = "dg-cookie-key-bin"; -// TODO(jck) -static COOKIE_KEY: &[u8] = &[1; 64]; #[derive(Error, Debug)] pub enum ProxyError { @@ -293,9 +293,14 @@ impl Proxy { ProxyClient::with_interceptor(self.endpoint.connect_lazy(), interceptor); let (tx, rx) = mpsc::unbounded_channel(); let mut request = tonic::Request::new(UnboundedReceiverStream::new(rx)); - request - .metadata_mut() - .insert_bin(COOKIE_KEY_HEADER, MetadataValue::from_bytes(COOKIE_KEY)); + let config = server_config(); + + // Derive proxy cookie key from core secret to avoid transmitting it. + let proxy_cookie_key = Key::derive_from(config.secret_key.expose_secret().as_bytes()); + request.metadata_mut().insert_bin( + COOKIE_KEY_HEADER, + MetadataValue::from_bytes(proxy_cookie_key.master()), + ); let response = match client.bidi(request).await { Ok(response) => response, Err(err) => { From 53c2cfe69d7310005e67b6d217e12cc6ce36ebc2 Mon Sep 17 00:00:00 2001 From: Jacek Chmielewski Date: Tue, 13 Jan 2026 11:10:35 +0100 Subject: [PATCH 4/8] format imports --- crates/defguard_proxy_manager/src/lib.rs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/crates/defguard_proxy_manager/src/lib.rs b/crates/defguard_proxy_manager/src/lib.rs index 8812c3f10..39283e630 100644 --- a/crates/defguard_proxy_manager/src/lib.rs +++ b/crates/defguard_proxy_manager/src/lib.rs @@ -6,8 +6,6 @@ use std::{ }; use axum_extra::extract::cookie::Key; -use secrecy::ExposeSecret; - use defguard_certs::der_to_pem; use defguard_common::{VERSION, config::server_config, db::models::Settings}; use defguard_core::{ @@ -38,6 +36,7 @@ use defguard_version::{ }; use openidconnect::{AuthorizationCode, Nonce, Scope, core::CoreAuthenticationFlow, url}; use reqwest::Url; +use secrecy::ExposeSecret; use semver::Version; use sqlx::PgPool; use thiserror::Error; From 4929dd06c1be94c39d37645aa217f366a4e76cdb Mon Sep 17 00:00:00 2001 From: Jacek Chmielewski Date: Wed, 14 Jan 2026 09:23:05 +0100 Subject: [PATCH 5/8] proxy migration --- migrations/20260113114719_proxy_management.down.sql | 1 + migrations/20260113114719_proxy_management.up.sql | 9 +++++++++ 2 files changed, 10 insertions(+) create mode 100644 migrations/20260113114719_proxy_management.down.sql create mode 100644 migrations/20260113114719_proxy_management.up.sql diff --git a/migrations/20260113114719_proxy_management.down.sql b/migrations/20260113114719_proxy_management.down.sql new file mode 100644 index 000000000..06d501493 --- /dev/null +++ b/migrations/20260113114719_proxy_management.down.sql @@ -0,0 +1 @@ +DROP TABLE proxy; diff --git a/migrations/20260113114719_proxy_management.up.sql b/migrations/20260113114719_proxy_management.up.sql new file mode 100644 index 000000000..c82036abf --- /dev/null +++ b/migrations/20260113114719_proxy_management.up.sql @@ -0,0 +1,9 @@ +CREATE TABLE proxy ( + id bigserial PRIMARY KEY, + name text NOT NULL, + address text NOT NULL, + port integer NOT NULL, + public_address text NOT NULL, + connected_at timestamp without time zone NULL, + disconnected_at timestamp without time zone NULL +); From 90ad9ea1f12c4b0f908e043740f9aa71e0df3728 Mon Sep 17 00:00:00 2001 From: Jacek Chmielewski Date: Wed, 14 Jan 2026 10:12:15 +0100 Subject: [PATCH 6/8] get proxies from the db instead of cli arg --- crates/defguard/src/main.rs | 2 +- crates/defguard_common/src/db/models/mod.rs | 1 + crates/defguard_common/src/db/models/proxy.rs | 15 +++++++++ crates/defguard_proxy_manager/src/lib.rs | 31 ++++++++++--------- 4 files changed, 34 insertions(+), 15 deletions(-) create mode 100644 crates/defguard_common/src/db/models/proxy.rs diff --git a/crates/defguard/src/main.rs b/crates/defguard/src/main.rs index 4bf6fcb96..2fdc57229 100644 --- a/crates/defguard/src/main.rs +++ b/crates/defguard/src/main.rs @@ -180,7 +180,7 @@ async fn main() -> Result<(), anyhow::Error> { // run services tokio::select! { - res = proxy_manager.run(&config.proxy_url) => error!("ProxyManager returned early: {res:?}"), + res = proxy_manager.run() => error!("ProxyManager returned early: {res:?}"), res = run_grpc_gateway_stream( pool.clone(), client_state, diff --git a/crates/defguard_common/src/db/models/mod.rs b/crates/defguard_common/src/db/models/mod.rs index 9908ea120..107cfe314 100644 --- a/crates/defguard_common/src/db/models/mod.rs +++ b/crates/defguard_common/src/db/models/mod.rs @@ -11,6 +11,7 @@ pub mod oauth2authorizedapp; pub mod oauth2client; pub mod oauth2token; pub mod polling_token; +pub mod proxy; pub mod session; pub mod settings; pub mod user; diff --git a/crates/defguard_common/src/db/models/proxy.rs b/crates/defguard_common/src/db/models/proxy.rs new file mode 100644 index 000000000..5f1939418 --- /dev/null +++ b/crates/defguard_common/src/db/models/proxy.rs @@ -0,0 +1,15 @@ +use chrono::NaiveDateTime; +use model_derive::Model; + +use crate::db::{Id, NoId}; + +#[derive(Model)] +pub struct Proxy { + pub id: I, + pub name: String, + pub address: String, + pub port: i32, + pub public_address: String, + pub connected_at: Option, + pub disconnected_at: Option, +} diff --git a/crates/defguard_proxy_manager/src/lib.rs b/crates/defguard_proxy_manager/src/lib.rs index 39283e630..d3ec328cc 100644 --- a/crates/defguard_proxy_manager/src/lib.rs +++ b/crates/defguard_proxy_manager/src/lib.rs @@ -7,7 +7,11 @@ use std::{ use axum_extra::extract::cookie::Key; use defguard_certs::der_to_pem; -use defguard_common::{VERSION, config::server_config, db::models::Settings}; +use defguard_common::{ + VERSION, + config::server_config, + db::models::{Settings, proxy::Proxy}, +}; use defguard_core::{ db::models::enrollment::{ENROLLMENT_TOKEN_TYPE, Token, TokenError}, enrollment_management::clear_unused_enrollment_tokens, @@ -197,21 +201,20 @@ impl ProxyManager { /// /// Each proxy runs in its own task and shares Core-side infrastructure /// such as routing state and compatibility tracking. - pub async fn run(self, url: &Option) -> Result<(), ProxyError> { - // TODO retrieve proxies from db - let Some(url) = url else { + // pub async fn run(self, url: &Option) -> Result<(), ProxyError> { + pub async fn run(self) -> Result<(), ProxyError> { + let proxies = Proxy::all(&self.pool).await?; + // TODO setup a channel to allow dynamic proxy connections + if proxies.is_empty() { tokio::time::sleep(Duration::MAX).await; return Ok(()); - }; - let proxies = vec![Proxy::new( - self.pool.clone(), - Url::from_str(url)?, - &self.tx, - Arc::clone(&self.router), - )]; + } let mut tasks = JoinSet::>::new(); for proxy in proxies { - tasks.spawn(proxy.run(self.tx.clone(), self.incompatible_components.clone())); + let url = Url::from_str(&format!("http://{}:{}", proxy.address, proxy.port))?; + let server = + ProxyServer::new(self.pool.clone(), url, &self.tx, Arc::clone(&self.router)); + tasks.spawn(server.run(self.tx.clone(), self.incompatible_components.clone())); } while let Some(result) = tasks.join_next().await { match result { @@ -255,7 +258,7 @@ impl ProxyTxSet { /// from that proxy, and forwarding responses back through the same stream. /// Each `Proxy` runs independently and is supervised by the /// `ProxyManager`. -struct Proxy { +struct ProxyServer { pool: PgPool, /// gRPC servers services: ProxyServices, @@ -265,7 +268,7 @@ struct Proxy { url: Url, } -impl Proxy { +impl ProxyServer { pub fn new(pool: PgPool, url: Url, tx: &ProxyTxSet, router: Arc>) -> Self { // Instantiate gRPC servers. let services = ProxyServices::new(&pool, tx); From 2235d8555e005f7be26cd6013942ae38679244bd Mon Sep 17 00:00:00 2001 From: Jacek Chmielewski Date: Wed, 14 Jan 2026 11:00:39 +0100 Subject: [PATCH 7/8] also connect to cli arg proxy --- crates/defguard_common/src/db/models/proxy.rs | 14 ++--- crates/defguard_proxy_manager/src/lib.rs | 56 ++++++++++++++++--- 2 files changed, 54 insertions(+), 16 deletions(-) diff --git a/crates/defguard_common/src/db/models/proxy.rs b/crates/defguard_common/src/db/models/proxy.rs index 5f1939418..b95e126a1 100644 --- a/crates/defguard_common/src/db/models/proxy.rs +++ b/crates/defguard_common/src/db/models/proxy.rs @@ -5,11 +5,11 @@ use crate::db::{Id, NoId}; #[derive(Model)] pub struct Proxy { - pub id: I, - pub name: String, - pub address: String, - pub port: i32, - pub public_address: String, - pub connected_at: Option, - pub disconnected_at: Option, + pub id: I, + pub name: String, + pub address: String, + pub port: i32, + pub public_address: String, + pub connected_at: Option, + pub disconnected_at: Option, } diff --git a/crates/defguard_proxy_manager/src/lib.rs b/crates/defguard_proxy_manager/src/lib.rs index d3ec328cc..808d48940 100644 --- a/crates/defguard_proxy_manager/src/lib.rs +++ b/crates/defguard_proxy_manager/src/lib.rs @@ -10,7 +10,10 @@ use defguard_certs::der_to_pem; use defguard_common::{ VERSION, config::server_config, - db::models::{Settings, proxy::Proxy}, + db::{ + Id, + models::{Settings, proxy::Proxy}, + }, }; use defguard_core::{ db::models::enrollment::{ENROLLMENT_TOKEN_TYPE, Token, TokenError}, @@ -203,18 +206,43 @@ impl ProxyManager { /// such as routing state and compatibility tracking. // pub async fn run(self, url: &Option) -> Result<(), ProxyError> { pub async fn run(self) -> Result<(), ProxyError> { - let proxies = Proxy::all(&self.pool).await?; - // TODO setup a channel to allow dynamic proxy connections - if proxies.is_empty() { + debug!("ProxyManager starting"); + // Retrieve proxies from DB. + let mut proxies: Vec = Proxy::all(&self.pool) + .await? + .iter() + .map(|proxy| { + ProxyServer::from_proxy( + proxy, + self.pool.clone(), + &self.tx, + Arc::clone(&self.router), + ) + }) + .collect::>()?; + debug!("Retrieved {} proxies from the DB", proxies.len()); + + // For backwards compatibility add the proxy specified in cli arg as well. + if let Some(ref url) = server_config().proxy_url { + debug!("Adding proxy from cli arg: {url}"); + let url = Url::from_str(url)?; + let proxy = + ProxyServer::new(self.pool.clone(), url, &self.tx, Arc::clone(&self.router)); + proxies.push(proxy); + } + + // TODO setup a channel to allow dynamic proxy connections + if proxies.is_empty() { + debug!("No proxies to connect to, waiting for changes"); tokio::time::sleep(Duration::MAX).await; return Ok(()); - } + } + + // Connect to all proxies. let mut tasks = JoinSet::>::new(); for proxy in proxies { - let url = Url::from_str(&format!("http://{}:{}", proxy.address, proxy.port))?; - let server = - ProxyServer::new(self.pool.clone(), url, &self.tx, Arc::clone(&self.router)); - tasks.spawn(server.run(self.tx.clone(), self.incompatible_components.clone())); + debug!("Spawning proxy task for proxy {}", proxy.url); + tasks.spawn(proxy.run(self.tx.clone(), self.incompatible_components.clone())); } while let Some(result) = tasks.join_next().await { match result { @@ -281,6 +309,16 @@ impl ProxyServer { } } + fn from_proxy( + proxy: &Proxy, + pool: PgPool, + tx: &ProxyTxSet, + router: Arc>, + ) -> Result { + let url = Url::from_str(&format!("http://{}:{}", proxy.address, proxy.port))?; + Ok(Self::new(pool, url, tx, router)) + } + fn endpoint(&self, scheme: Scheme) -> Result { let mut url = self.url.clone(); From e9af2962b0f81a4c5053565b31e19adf3a84fea5 Mon Sep 17 00:00:00 2001 From: Jacek Chmielewski Date: Wed, 14 Jan 2026 11:20:24 +0100 Subject: [PATCH 8/8] sqlx query data --- ...5715130ef0fc8a401ffe1dc7991abf3d025ba.json | 14 +++++ ...20a0bef9f3e0ec3ca5697130e3f506cfc2e0a.json | 56 ++++++++++++++++++ ...e7e6bdba8432097e2e04ca06b036cacf38257.json | 20 +++++++ ...1fd4acdbd1fec82a836c8e25162fe7d86b5b8.json | 27 +++++++++ ...e6e503a54e4dd6144dacd824d5e8a829f2c04.json | 58 +++++++++++++++++++ crates/defguard_proxy_manager/src/lib.rs | 1 - 6 files changed, 175 insertions(+), 1 deletion(-) create mode 100644 .sqlx/query-177b2b38a47b77f7eac5c0a1feb5715130ef0fc8a401ffe1dc7991abf3d025ba.json create mode 100644 .sqlx/query-57d87e1e6c73c6f630153227c3220a0bef9f3e0ec3ca5697130e3f506cfc2e0a.json create mode 100644 .sqlx/query-7b09429adcf009bc19f24d95905e7e6bdba8432097e2e04ca06b036cacf38257.json create mode 100644 .sqlx/query-a3e132169196b632eca55d7b0421fd4acdbd1fec82a836c8e25162fe7d86b5b8.json create mode 100644 .sqlx/query-acfc047027db4967051af1f6404e6e503a54e4dd6144dacd824d5e8a829f2c04.json diff --git a/.sqlx/query-177b2b38a47b77f7eac5c0a1feb5715130ef0fc8a401ffe1dc7991abf3d025ba.json b/.sqlx/query-177b2b38a47b77f7eac5c0a1feb5715130ef0fc8a401ffe1dc7991abf3d025ba.json new file mode 100644 index 000000000..dff599673 --- /dev/null +++ b/.sqlx/query-177b2b38a47b77f7eac5c0a1feb5715130ef0fc8a401ffe1dc7991abf3d025ba.json @@ -0,0 +1,14 @@ +{ + "db_name": "PostgreSQL", + "query": "DELETE FROM \"proxy\" WHERE id = $1", + "describe": { + "columns": [], + "parameters": { + "Left": [ + "Int8" + ] + }, + "nullable": [] + }, + "hash": "177b2b38a47b77f7eac5c0a1feb5715130ef0fc8a401ffe1dc7991abf3d025ba" +} diff --git a/.sqlx/query-57d87e1e6c73c6f630153227c3220a0bef9f3e0ec3ca5697130e3f506cfc2e0a.json b/.sqlx/query-57d87e1e6c73c6f630153227c3220a0bef9f3e0ec3ca5697130e3f506cfc2e0a.json new file mode 100644 index 000000000..1727fc222 --- /dev/null +++ b/.sqlx/query-57d87e1e6c73c6f630153227c3220a0bef9f3e0ec3ca5697130e3f506cfc2e0a.json @@ -0,0 +1,56 @@ +{ + "db_name": "PostgreSQL", + "query": "SELECT id, \"name\",\"address\",\"port\",\"public_address\",\"connected_at\",\"disconnected_at\" FROM \"proxy\"", + "describe": { + "columns": [ + { + "ordinal": 0, + "name": "id", + "type_info": "Int8" + }, + { + "ordinal": 1, + "name": "name", + "type_info": "Text" + }, + { + "ordinal": 2, + "name": "address", + "type_info": "Text" + }, + { + "ordinal": 3, + "name": "port", + "type_info": "Int4" + }, + { + "ordinal": 4, + "name": "public_address", + "type_info": "Text" + }, + { + "ordinal": 5, + "name": "connected_at", + "type_info": "Timestamp" + }, + { + "ordinal": 6, + "name": "disconnected_at", + "type_info": "Timestamp" + } + ], + "parameters": { + "Left": [] + }, + "nullable": [ + false, + false, + false, + false, + false, + true, + true + ] + }, + "hash": "57d87e1e6c73c6f630153227c3220a0bef9f3e0ec3ca5697130e3f506cfc2e0a" +} diff --git a/.sqlx/query-7b09429adcf009bc19f24d95905e7e6bdba8432097e2e04ca06b036cacf38257.json b/.sqlx/query-7b09429adcf009bc19f24d95905e7e6bdba8432097e2e04ca06b036cacf38257.json new file mode 100644 index 000000000..108c81e56 --- /dev/null +++ b/.sqlx/query-7b09429adcf009bc19f24d95905e7e6bdba8432097e2e04ca06b036cacf38257.json @@ -0,0 +1,20 @@ +{ + "db_name": "PostgreSQL", + "query": "UPDATE \"proxy\" SET \"name\" = $2,\"address\" = $3,\"port\" = $4,\"public_address\" = $5,\"connected_at\" = $6,\"disconnected_at\" = $7 WHERE id = $1", + "describe": { + "columns": [], + "parameters": { + "Left": [ + "Int8", + "Text", + "Text", + "Int4", + "Text", + "Timestamp", + "Timestamp" + ] + }, + "nullable": [] + }, + "hash": "7b09429adcf009bc19f24d95905e7e6bdba8432097e2e04ca06b036cacf38257" +} diff --git a/.sqlx/query-a3e132169196b632eca55d7b0421fd4acdbd1fec82a836c8e25162fe7d86b5b8.json b/.sqlx/query-a3e132169196b632eca55d7b0421fd4acdbd1fec82a836c8e25162fe7d86b5b8.json new file mode 100644 index 000000000..e73615683 --- /dev/null +++ b/.sqlx/query-a3e132169196b632eca55d7b0421fd4acdbd1fec82a836c8e25162fe7d86b5b8.json @@ -0,0 +1,27 @@ +{ + "db_name": "PostgreSQL", + "query": "INSERT INTO \"proxy\" (\"name\",\"address\",\"port\",\"public_address\",\"connected_at\",\"disconnected_at\") VALUES ($1,$2,$3,$4,$5,$6) RETURNING id", + "describe": { + "columns": [ + { + "ordinal": 0, + "name": "id", + "type_info": "Int8" + } + ], + "parameters": { + "Left": [ + "Text", + "Text", + "Int4", + "Text", + "Timestamp", + "Timestamp" + ] + }, + "nullable": [ + false + ] + }, + "hash": "a3e132169196b632eca55d7b0421fd4acdbd1fec82a836c8e25162fe7d86b5b8" +} diff --git a/.sqlx/query-acfc047027db4967051af1f6404e6e503a54e4dd6144dacd824d5e8a829f2c04.json b/.sqlx/query-acfc047027db4967051af1f6404e6e503a54e4dd6144dacd824d5e8a829f2c04.json new file mode 100644 index 000000000..305f3f71f --- /dev/null +++ b/.sqlx/query-acfc047027db4967051af1f6404e6e503a54e4dd6144dacd824d5e8a829f2c04.json @@ -0,0 +1,58 @@ +{ + "db_name": "PostgreSQL", + "query": "SELECT id, \"name\",\"address\",\"port\",\"public_address\",\"connected_at\",\"disconnected_at\" FROM \"proxy\" WHERE id = $1", + "describe": { + "columns": [ + { + "ordinal": 0, + "name": "id", + "type_info": "Int8" + }, + { + "ordinal": 1, + "name": "name", + "type_info": "Text" + }, + { + "ordinal": 2, + "name": "address", + "type_info": "Text" + }, + { + "ordinal": 3, + "name": "port", + "type_info": "Int4" + }, + { + "ordinal": 4, + "name": "public_address", + "type_info": "Text" + }, + { + "ordinal": 5, + "name": "connected_at", + "type_info": "Timestamp" + }, + { + "ordinal": 6, + "name": "disconnected_at", + "type_info": "Timestamp" + } + ], + "parameters": { + "Left": [ + "Int8" + ] + }, + "nullable": [ + false, + false, + false, + false, + false, + true, + true + ] + }, + "hash": "acfc047027db4967051af1f6404e6e503a54e4dd6144dacd824d5e8a829f2c04" +} diff --git a/crates/defguard_proxy_manager/src/lib.rs b/crates/defguard_proxy_manager/src/lib.rs index 808d48940..ea4ffef29 100644 --- a/crates/defguard_proxy_manager/src/lib.rs +++ b/crates/defguard_proxy_manager/src/lib.rs @@ -204,7 +204,6 @@ impl ProxyManager { /// /// Each proxy runs in its own task and shares Core-side infrastructure /// such as routing state and compatibility tracking. - // pub async fn run(self, url: &Option) -> Result<(), ProxyError> { pub async fn run(self) -> Result<(), ProxyError> { debug!("ProxyManager starting"); // Retrieve proxies from DB.