upgrade to Rust 1.70, use std::sync::OnceLock

The most notable part of this is that `db::auth` no longer holds a lock during password hashing operations. That was probably never a great idea...
2025-12-03 06:22:32 -05:00 · 2023-07-04 13:45:33 -07:00
parent ebcdd76084
commit 028243532a
9 changed files with 91 additions and 138 deletions
--- a/server/db/Cargo.toml
+++ b/server/db/Cargo.toml
@@ -5,6 +5,7 @@ authors = ["Scott Lamb <slamb@slamb.org>"]
 readme = "../README.md"
 edition = "2021"
 license-file = "../../LICENSE.txt"
+rust-version = "1.70"

 [features]
 nightly = []
@@ -24,6 +25,7 @@ fnv = "1.0"
 futures = "0.3"
 h264-reader = "0.6.0"
 hashlink = "0.8.1"
+itertools = "0.10.0"
 libc = "0.2"
 nix = "0.26.1"
 num-rational = { version = "0.4.0", default-features = false, features = ["std"] }
@@ -40,12 +42,10 @@ smallvec = "1.0"
 tempfile = "3.2.0"
 time = "0.1"
 tokio = { version = "1.24", features = ["macros", "rt-multi-thread", "sync"] }
-url = { version = "2.1.1", features = ["serde"] }
-uuid = { version = "1.1.2", features = ["serde", "std", "v4"] }
-itertools = "0.10.0"
-once_cell = "1.17.0"
 tracing = "0.1.37"
 ulid = "1.0.0"
+url = { version = "2.1.1", features = ["serde"] }
+uuid = { version = "1.1.2", features = ["serde", "std", "v4"] }

 [build-dependencies]
 protobuf-codegen = "3.0"
--- a/server/db/auth.rs
+++ b/server/db/auth.rs
@@ -17,17 +17,41 @@ use std::collections::BTreeMap;
 use std::fmt;
 use std::net::IpAddr;
 use std::str::FromStr;
-use std::sync::Mutex;
+use std::sync::OnceLock;
 use tracing::info;

-static PARAMS: once_cell::sync::Lazy<Mutex<scrypt::Params>> =
-    once_cell::sync::Lazy::new(|| Mutex::new(scrypt::Params::recommended()));
+/// Wrapper around [`scrypt::Params`].
+///
+/// `scrypt::Params` does not implement `PartialEq`; so for the benefit of `set_test_config`
+/// error handling, keep track of whether these params are the recommended
+/// production ones or the cheap test ones.
+struct Params {
+    actual: scrypt::Params,
+    is_test: bool,
+}
+
+static PARAMS: OnceLock<Params> = OnceLock::new();
+
+fn params() -> &'static Params {
+    PARAMS.get_or_init(|| Params {
+        actual: scrypt::Params::recommended(),
+        is_test: false,
+    })
+}

 /// For testing only: use fast but insecure hashes.
 /// Call via `testutil::init()`.
 pub(crate) fn set_test_config() {
-    let params = scrypt::Params::new(8, 8, 1).unwrap();
-    *PARAMS.lock().unwrap() = params;
+    let test_params = scrypt::Params::new(8, 8, 1).expect("test params should be valid");
+    if let Err(existing_params) = PARAMS.set(Params {
+        actual: test_params,
+        is_test: true,
+    }) {
+        assert!(
+            existing_params.is_test,
+            "set_test_config must be called before any use of the parameters"
+        );
+    }
 }

 #[derive(Debug)]
@@ -126,9 +150,9 @@ impl UserChange {

    pub fn set_password(&mut self, pwd: String) {
        let salt = SaltString::generate(&mut scrypt::password_hash::rand_core::OsRng);
-        let params = *PARAMS.lock().unwrap();
+        let params = params();
        let hash = scrypt::Scrypt
-            .hash_password_customized(pwd.as_bytes(), None, None, params, &salt)
+            .hash_password_customized(pwd.as_bytes(), None, None, params.actual, &salt)
            .unwrap();
        self.set_password_hash = Some(Some(hash.to_string()));
    }