Merge pull request #1187 from AppFlowy-IO/remove-self-sign-for-appflo…

…wy-cloud chore: remove unnecessary self sign related functionality in appflowy cloud
AppFlowy-IO · Jan 22, 2025 · a133a33 · a133a33
2 parents 4a26572 + 9f546ce
commit a133a33
Show file tree

Hide file tree

Showing 6 changed files with 2 additions and 141 deletions.
diff --git a/src/application.rs b/src/application.rs
@@ -27,8 +27,6 @@ use aws_sdk_s3::types::{
   BucketInfo, BucketLocationConstraint, BucketType, CreateBucketConfiguration,
 };
 use mailer::config::MailerSetting;
-use openssl::ssl::{SslAcceptor, SslAcceptorBuilder, SslFiletype, SslMethod};
-use openssl::x509::X509;
 use secrecy::{ExposeSecret, Secret};
 use sqlx::{postgres::PgPoolOptions, PgPool};
 use tokio::sync::RwLock;
@@ -72,7 +70,6 @@ use crate::config::config::{
 use crate::mailer::AFCloudMailer;
 use crate::middleware::metrics_mw::MetricsMiddleware;
 use crate::middleware::request_id::RequestIdMiddleware;
-use crate::self_signed::create_self_signed_certificate;
 use crate::state::{AppMetrics, AppState, GoTrueAdmin, UserCache};
 
 pub struct Application {
@@ -119,11 +116,6 @@ pub async fn run_actix_server(
         e
       )
     })?;
-  let pair = get_certificate_and_server_key(&config);
-  let key = pair
-    .as_ref()
-    .map(|(_, server_key)| Key::from(server_key.expose_secret().as_bytes()))
-    .unwrap_or_else(Key::generate);
 
   let storage = state.collab_access_control_storage.clone();
 
@@ -150,7 +142,7 @@ pub async fn run_actix_server(
       .wrap(MetricsMiddleware)
       .wrap(IdentityMiddleware::default())
       .wrap(
-        SessionMiddleware::builder(redis_store.clone(), key.clone())
+        SessionMiddleware::builder(redis_store.clone(), Key::generate())
           .build(),
       )
       .wrap(RequestIdMiddleware)
@@ -178,24 +170,11 @@ pub async fn run_actix_server(
       .app_data(Data::new(state.published_collab_store.clone()))
   });
 
-  server = match pair {
-    None => server.listen(listener)?,
-    Some((certificate, _)) => {
-      server.listen_openssl(listener, make_ssl_acceptor_builder(certificate))?
-    },
-  };
+  server = server.listen(listener)?;
 
   Ok(server.run())
 }
 
-fn get_certificate_and_server_key(config: &Config) -> Option<(Secret<String>, Secret<String>)> {
-  if config.application.use_tls {
-    Some(create_self_signed_certificate().unwrap())
-  } else {
-    None
-  }
-}
-
 pub async fn init_state(config: &Config, rt_cmd_tx: CLCommandSender) -> Result<AppState, Error> {
   // Print the feature flags
 
@@ -523,22 +502,3 @@ async fn get_gotrue_client(setting: &GoTrueSetting) -> Result<gotrue::api::Clien
     .map_err(|e| anyhow::anyhow!("Failed to connect to GoTrue: {}", e));
   Ok(gotrue_client)
 }
-
-fn make_ssl_acceptor_builder(certificate: Secret<String>) -> SslAcceptorBuilder {
-  let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
-  let x509_cert = X509::from_pem(certificate.expose_secret().as_bytes()).unwrap();
-  builder.set_certificate(&x509_cert).unwrap();
-  builder
-    .set_private_key_file("./cert/key.pem", SslFiletype::PEM)
-    .unwrap();
-  builder
-    .set_certificate_chain_file("./cert/cert.pem")
-    .unwrap();
-  builder
-    .set_min_proto_version(Some(openssl::ssl::SslVersion::TLS1_2))
-    .unwrap();
-  builder
-    .set_max_proto_version(Some(openssl::ssl::SslVersion::TLS1_3))
-    .unwrap();
-  builder
-}
diff --git a/src/config/config.rs b/src/config/config.rs
@@ -97,8 +97,6 @@ impl AppFlowyAISetting {
 pub struct ApplicationSetting {
   pub port: u16,
   pub host: String,
-  pub server_key: Secret<String>,
-  pub use_tls: bool,
 }
 
 #[derive(Clone, Debug)]
@@ -209,10 +207,6 @@ pub fn get_configuration() -> Result<Config, anyhow::Error> {
     application: ApplicationSetting {
       port: get_env_var("APPFLOWY_APPLICATION_PORT", "8000").parse()?,
       host: get_env_var("APPFLOWY_APPLICATION_HOST", "0.0.0.0"),
-      use_tls: get_env_var("APPFLOWY_APPLICATION_USE_TLS", "false")
-        .parse()
-        .context("fail to get APPFLOWY_APPLICATION_USE_TLS")?,
-      server_key: get_env_var("APPFLOWY_APPLICATION_SERVER_KEY", "server_key").into(),
     },
     websocket: WebsocketSetting {
       heartbeat_interval: get_env_var("APPFLOWY_WEBSOCKET_HEARTBEAT_INTERVAL", "6").parse()?,

diff --git a/src/lib.rs b/src/lib.rs
@@ -5,6 +5,5 @@ pub mod config;
 pub mod domain;
 pub mod mailer;
 pub mod middleware;
-mod self_signed;
 pub mod state;
 pub mod telemetry;
diff --git a/src/middleware/encrypt_mw.rs b/src/middleware/encrypt_mw.rs
diff --git a/src/middleware/mod.rs b/src/middleware/mod.rs
@@ -1,3 +1,2 @@
-pub mod encrypt_mw;
 pub mod metrics_mw;
 pub mod request_id;
diff --git a/src/self_signed.rs b/src/self_signed.rs