├── .gitattributes ├── .github └── workflows │ └── release.yaml ├── .gitignore ├── Cargo.lock ├── Cargo.toml ├── LICENSE ├── README.md ├── api_docs └── run.md ├── crate-hashes.json ├── default.nix ├── docker.nix ├── docs └── install │ ├── docker-ubuntu-20.10.md │ ├── ubuntu-20.10-gvisor.md │ └── ubuntu-20.10.md ├── run.sh ├── scripts ├── payload │ ├── assembly.json │ ├── ats.json │ ├── bash.json │ ├── c.json │ ├── clojure.json │ ├── cobol.json │ ├── coffeescript.json │ ├── cpp.json │ ├── crystal.json │ ├── csharp.json │ ├── dart.json │ ├── dlang.json │ ├── elixir.json │ ├── elm.json │ ├── erlang.json │ ├── fsharp.json │ ├── golang.json │ ├── groovy.json │ ├── haskell.json │ ├── idris.json │ ├── java.json │ ├── javascript.json │ ├── julia.json │ ├── kotlin.json │ ├── lua.json │ ├── mercury.json │ ├── nim.json │ ├── ocaml.json │ ├── perl.json │ ├── php.json │ ├── python.json │ ├── raku.json │ ├── ruby.json │ ├── rust.json │ ├── scala.json │ ├── swift.json │ └── typescript.json └── test_glot.sh ├── service.nix ├── src ├── docker_run │ ├── api │ │ ├── mod.rs │ │ ├── root.rs │ │ ├── run.rs │ │ └── version.rs │ ├── config.rs │ ├── debug.rs │ ├── docker.rs │ ├── environment.rs │ ├── http_extra.rs │ ├── mod.rs │ ├── run.rs │ └── unix_stream.rs └── main.rs └── systemd └── docker-run.service /.gitattributes: -------------------------------------------------------------------------------- 1 | Cargo.nix linguist-generated 2 | crate-hashes.json linguist-generated 3 | -------------------------------------------------------------------------------- /.github/workflows/release.yaml: -------------------------------------------------------------------------------- 1 | name: Build and upload release 2 | 3 | on: 4 | release: 5 | types: [created] 6 | 7 | env: 8 | APP_NAME: docker-run 9 | ARCHIVE_NAME: docker-run_linux-x64.tar.gz 10 | 11 | jobs: 12 | build: 13 | runs-on: ubuntu-latest 14 | 15 | steps: 16 | - name: Checkout 17 | uses: actions/checkout@v2 18 | 19 | - name: Install latest rust toolchain 20 | uses: actions-rs/toolchain@v1 21 | with: 22 | toolchain: stable 23 | default: true 24 | override: true 25 | 26 | - name: Prepare upload url 27 | run: | 28 | UPLOAD_URL="$(jq -r '.release.upload_url' "$GITHUB_EVENT_PATH" | sed -e "s/{?name,label}$/?name=${ARCHIVE_NAME}/")" 29 | echo "UPLOAD_URL=$UPLOAD_URL" >> $GITHUB_ENV 30 | 31 | - name: Build application 32 | run: | 33 | cargo build --release 34 | tar -czf $ARCHIVE_NAME -C target/release $APP_NAME 35 | 36 | - name: Upload release asset 37 | uses: actions/upload-release-asset@v1 38 | env: 39 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 40 | with: 41 | upload_url: ${{ env.UPLOAD_URL }} 42 | asset_path: ${{ env.ARCHIVE_NAME }} 43 | asset_name: ${{ env.ARCHIVE_NAME }} 44 | asset_content_type: application/gzip 45 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /target 2 | test.sh 3 | notes.txt 4 | src/tiny-http 5 | result 6 | docker-image 7 | -------------------------------------------------------------------------------- /Cargo.lock: -------------------------------------------------------------------------------- 1 | # This file is automatically @generated by Cargo. 2 | # It is not intended for manual editing. 3 | version = 3 4 | 5 | [[package]] 6 | name = "actix-codec" 7 | version = "0.5.2" 8 | source = "registry+https://github.com/rust-lang/crates.io-index" 9 | checksum = "5f7b0a21988c1bf877cf4759ef5ddaac04c1c9fe808c9142ecb78ba97d97a28a" 10 | dependencies = [ 11 | "bitflags", 12 | "bytes", 13 | "futures-core", 14 | "futures-sink", 15 | "memchr", 16 | "pin-project-lite", 17 | "tokio", 18 | "tokio-util", 19 | "tracing", 20 | ] 21 | 22 | [[package]] 23 | name = "actix-http" 24 | version = "3.9.0" 25 | source = "registry+https://github.com/rust-lang/crates.io-index" 26 | checksum = "d48f96fc3003717aeb9856ca3d02a8c7de502667ad76eeacd830b48d2e91fac4" 27 | dependencies = [ 28 | "actix-codec", 29 | "actix-rt", 30 | "actix-service", 31 | "actix-utils", 32 | "ahash", 33 | "base64", 34 | "bitflags", 35 | "brotli", 36 | "bytes", 37 | "bytestring", 38 | "derive_more", 39 | "encoding_rs", 40 | "flate2", 41 | "futures-core", 42 | "h2", 43 | "http", 44 | "httparse", 45 | "httpdate", 46 | "itoa", 47 | "language-tags", 48 | "local-channel", 49 | "mime", 50 | "percent-encoding", 51 | "pin-project-lite", 52 | "rand", 53 | "sha1", 54 | "smallvec", 55 | "tokio", 56 | "tokio-util", 57 | "tracing", 58 | "zstd", 59 | ] 60 | 61 | [[package]] 62 | name = "actix-macros" 63 | version = "0.2.4" 64 | source = "registry+https://github.com/rust-lang/crates.io-index" 65 | checksum = "e01ed3140b2f8d422c68afa1ed2e85d996ea619c988ac834d255db32138655cb" 66 | dependencies = [ 67 | "quote", 68 | "syn", 69 | ] 70 | 71 | [[package]] 72 | name = "actix-router" 73 | version = "0.5.3" 74 | source = "registry+https://github.com/rust-lang/crates.io-index" 75 | checksum = "13d324164c51f63867b57e73ba5936ea151b8a41a1d23d1031eeb9f70d0236f8" 76 | dependencies = [ 77 | "bytestring", 78 | "cfg-if", 79 | "http", 80 | "regex", 81 | "regex-lite", 82 | "serde", 83 | "tracing", 84 | ] 85 | 86 | [[package]] 87 | name = "actix-rt" 88 | version = "2.10.0" 89 | source = "registry+https://github.com/rust-lang/crates.io-index" 90 | checksum = "24eda4e2a6e042aa4e55ac438a2ae052d3b5da0ecf83d7411e1a368946925208" 91 | dependencies = [ 92 | "futures-core", 93 | "tokio", 94 | ] 95 | 96 | [[package]] 97 | name = "actix-server" 98 | version = "2.5.0" 99 | source = "registry+https://github.com/rust-lang/crates.io-index" 100 | checksum = "7ca2549781d8dd6d75c40cf6b6051260a2cc2f3c62343d761a969a0640646894" 101 | dependencies = [ 102 | "actix-rt", 103 | "actix-service", 104 | "actix-utils", 105 | "futures-core", 106 | "futures-util", 107 | "mio", 108 | "socket2", 109 | "tokio", 110 | "tracing", 111 | ] 112 | 113 | [[package]] 114 | name = "actix-service" 115 | version = "2.0.2" 116 | source = "registry+https://github.com/rust-lang/crates.io-index" 117 | checksum = "3b894941f818cfdc7ccc4b9e60fa7e53b5042a2e8567270f9147d5591893373a" 118 | dependencies = [ 119 | "futures-core", 120 | "paste", 121 | "pin-project-lite", 122 | ] 123 | 124 | [[package]] 125 | name = "actix-utils" 126 | version = "3.0.1" 127 | source = "registry+https://github.com/rust-lang/crates.io-index" 128 | checksum = "88a1dcdff1466e3c2488e1cb5c36a71822750ad43839937f85d2f4d9f8b705d8" 129 | dependencies = [ 130 | "local-waker", 131 | "pin-project-lite", 132 | ] 133 | 134 | [[package]] 135 | name = "actix-web" 136 | version = "4.9.0" 137 | source = "registry+https://github.com/rust-lang/crates.io-index" 138 | checksum = "9180d76e5cc7ccbc4d60a506f2c727730b154010262df5b910eb17dbe4b8cb38" 139 | dependencies = [ 140 | "actix-codec", 141 | "actix-http", 142 | "actix-macros", 143 | "actix-router", 144 | "actix-rt", 145 | "actix-server", 146 | "actix-service", 147 | "actix-utils", 148 | "actix-web-codegen", 149 | "ahash", 150 | "bytes", 151 | "bytestring", 152 | "cfg-if", 153 | "cookie", 154 | "derive_more", 155 | "encoding_rs", 156 | "futures-core", 157 | "futures-util", 158 | "impl-more", 159 | "itoa", 160 | "language-tags", 161 | "log", 162 | "mime", 163 | "once_cell", 164 | "pin-project-lite", 165 | "regex", 166 | "regex-lite", 167 | "serde", 168 | "serde_json", 169 | "serde_urlencoded", 170 | "smallvec", 171 | "socket2", 172 | "time", 173 | "url", 174 | ] 175 | 176 | [[package]] 177 | name = "actix-web-codegen" 178 | version = "4.3.0" 179 | source = "registry+https://github.com/rust-lang/crates.io-index" 180 | checksum = "f591380e2e68490b5dfaf1dd1aa0ebe78d84ba7067078512b4ea6e4492d622b8" 181 | dependencies = [ 182 | "actix-router", 183 | "proc-macro2", 184 | "quote", 185 | "syn", 186 | ] 187 | 188 | [[package]] 189 | name = "addr2line" 190 | version = "0.22.0" 191 | source = "registry+https://github.com/rust-lang/crates.io-index" 192 | checksum = "6e4503c46a5c0c7844e948c9a4d6acd9f50cccb4de1c48eb9e291ea17470c678" 193 | dependencies = [ 194 | "gimli", 195 | ] 196 | 197 | [[package]] 198 | name = "adler" 199 | version = "1.0.2" 200 | source = "registry+https://github.com/rust-lang/crates.io-index" 201 | checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" 202 | 203 | [[package]] 204 | name = "ahash" 205 | version = "0.8.11" 206 | source = "registry+https://github.com/rust-lang/crates.io-index" 207 | checksum = "e89da841a80418a9b391ebaea17f5c112ffaaa96f621d2c285b5174da76b9011" 208 | dependencies = [ 209 | "cfg-if", 210 | "getrandom", 211 | "once_cell", 212 | "version_check", 213 | "zerocopy", 214 | ] 215 | 216 | [[package]] 217 | name = "aho-corasick" 218 | version = "1.1.3" 219 | source = "registry+https://github.com/rust-lang/crates.io-index" 220 | checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916" 221 | dependencies = [ 222 | "memchr", 223 | ] 224 | 225 | [[package]] 226 | name = "alloc-no-stdlib" 227 | version = "2.0.4" 228 | source = "registry+https://github.com/rust-lang/crates.io-index" 229 | checksum = "cc7bb162ec39d46ab1ca8c77bf72e890535becd1751bb45f64c597edb4c8c6b3" 230 | 231 | [[package]] 232 | name = "alloc-stdlib" 233 | version = "0.2.2" 234 | source = "registry+https://github.com/rust-lang/crates.io-index" 235 | checksum = "94fb8275041c72129eb51b7d0322c29b8387a0386127718b096429201a5d6ece" 236 | dependencies = [ 237 | "alloc-no-stdlib", 238 | ] 239 | 240 | [[package]] 241 | name = "atty" 242 | version = "0.2.14" 243 | source = "registry+https://github.com/rust-lang/crates.io-index" 244 | checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8" 245 | dependencies = [ 246 | "hermit-abi 0.1.19", 247 | "libc", 248 | "winapi", 249 | ] 250 | 251 | [[package]] 252 | name = "autocfg" 253 | version = "1.3.0" 254 | source = "registry+https://github.com/rust-lang/crates.io-index" 255 | checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" 256 | 257 | [[package]] 258 | name = "backtrace" 259 | version = "0.3.73" 260 | source = "registry+https://github.com/rust-lang/crates.io-index" 261 | checksum = "5cc23269a4f8976d0a4d2e7109211a419fe30e8d88d677cd60b6bc79c5732e0a" 262 | dependencies = [ 263 | "addr2line", 264 | "cc", 265 | "cfg-if", 266 | "libc", 267 | "miniz_oxide", 268 | "object", 269 | "rustc-demangle", 270 | ] 271 | 272 | [[package]] 273 | name = "base64" 274 | version = "0.22.1" 275 | source = "registry+https://github.com/rust-lang/crates.io-index" 276 | checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" 277 | 278 | [[package]] 279 | name = "bitflags" 280 | version = "2.6.0" 281 | source = "registry+https://github.com/rust-lang/crates.io-index" 282 | checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de" 283 | 284 | [[package]] 285 | name = "block-buffer" 286 | version = "0.10.4" 287 | source = "registry+https://github.com/rust-lang/crates.io-index" 288 | checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" 289 | dependencies = [ 290 | "generic-array", 291 | ] 292 | 293 | [[package]] 294 | name = "brotli" 295 | version = "6.0.0" 296 | source = "registry+https://github.com/rust-lang/crates.io-index" 297 | checksum = "74f7971dbd9326d58187408ab83117d8ac1bb9c17b085fdacd1cf2f598719b6b" 298 | dependencies = [ 299 | "alloc-no-stdlib", 300 | "alloc-stdlib", 301 | "brotli-decompressor", 302 | ] 303 | 304 | [[package]] 305 | name = "brotli-decompressor" 306 | version = "4.0.1" 307 | source = "registry+https://github.com/rust-lang/crates.io-index" 308 | checksum = "9a45bd2e4095a8b518033b128020dd4a55aab1c0a381ba4404a472630f4bc362" 309 | dependencies = [ 310 | "alloc-no-stdlib", 311 | "alloc-stdlib", 312 | ] 313 | 314 | [[package]] 315 | name = "byteorder" 316 | version = "1.5.0" 317 | source = "registry+https://github.com/rust-lang/crates.io-index" 318 | checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" 319 | 320 | [[package]] 321 | name = "bytes" 322 | version = "1.7.1" 323 | source = "registry+https://github.com/rust-lang/crates.io-index" 324 | checksum = "8318a53db07bb3f8dca91a600466bdb3f2eaadeedfdbcf02e1accbad9271ba50" 325 | 326 | [[package]] 327 | name = "bytestring" 328 | version = "1.3.1" 329 | source = "registry+https://github.com/rust-lang/crates.io-index" 330 | checksum = "74d80203ea6b29df88012294f62733de21cfeab47f17b41af3a38bc30a03ee72" 331 | dependencies = [ 332 | "bytes", 333 | ] 334 | 335 | [[package]] 336 | name = "cc" 337 | version = "1.1.10" 338 | source = "registry+https://github.com/rust-lang/crates.io-index" 339 | checksum = "e9e8aabfac534be767c909e0690571677d49f41bd8465ae876fe043d52ba5292" 340 | dependencies = [ 341 | "jobserver", 342 | "libc", 343 | ] 344 | 345 | [[package]] 346 | name = "cfg-if" 347 | version = "1.0.0" 348 | source = "registry+https://github.com/rust-lang/crates.io-index" 349 | checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" 350 | 351 | [[package]] 352 | name = "convert_case" 353 | version = "0.4.0" 354 | source = "registry+https://github.com/rust-lang/crates.io-index" 355 | checksum = "6245d59a3e82a7fc217c5828a6692dbc6dfb63a0c8c90495621f7b9d79704a0e" 356 | 357 | [[package]] 358 | name = "cookie" 359 | version = "0.16.2" 360 | source = "registry+https://github.com/rust-lang/crates.io-index" 361 | checksum = "e859cd57d0710d9e06c381b550c06e76992472a8c6d527aecd2fc673dcc231fb" 362 | dependencies = [ 363 | "percent-encoding", 364 | "time", 365 | "version_check", 366 | ] 367 | 368 | [[package]] 369 | name = "cpufeatures" 370 | version = "0.2.12" 371 | source = "registry+https://github.com/rust-lang/crates.io-index" 372 | checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504" 373 | dependencies = [ 374 | "libc", 375 | ] 376 | 377 | [[package]] 378 | name = "crc32fast" 379 | version = "1.4.2" 380 | source = "registry+https://github.com/rust-lang/crates.io-index" 381 | checksum = "a97769d94ddab943e4510d138150169a2758b5ef3eb191a9ee688de3e23ef7b3" 382 | dependencies = [ 383 | "cfg-if", 384 | ] 385 | 386 | [[package]] 387 | name = "crypto-common" 388 | version = "0.1.6" 389 | source = "registry+https://github.com/rust-lang/crates.io-index" 390 | checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" 391 | dependencies = [ 392 | "generic-array", 393 | "typenum", 394 | ] 395 | 396 | [[package]] 397 | name = "deranged" 398 | version = "0.3.11" 399 | source = "registry+https://github.com/rust-lang/crates.io-index" 400 | checksum = "b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4" 401 | dependencies = [ 402 | "powerfmt", 403 | ] 404 | 405 | [[package]] 406 | name = "derive_more" 407 | version = "0.99.18" 408 | source = "registry+https://github.com/rust-lang/crates.io-index" 409 | checksum = "5f33878137e4dafd7fa914ad4e259e18a4e8e532b9617a2d0150262bf53abfce" 410 | dependencies = [ 411 | "convert_case", 412 | "proc-macro2", 413 | "quote", 414 | "rustc_version", 415 | "syn", 416 | ] 417 | 418 | [[package]] 419 | name = "digest" 420 | version = "0.10.7" 421 | source = "registry+https://github.com/rust-lang/crates.io-index" 422 | checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" 423 | dependencies = [ 424 | "block-buffer", 425 | "crypto-common", 426 | ] 427 | 428 | [[package]] 429 | name = "docker-run" 430 | version = "1.5.0" 431 | dependencies = [ 432 | "actix-web", 433 | "env_logger", 434 | "http", 435 | "httparse", 436 | "iowrap", 437 | "log", 438 | "serde", 439 | "serde_json", 440 | ] 441 | 442 | [[package]] 443 | name = "encoding_rs" 444 | version = "0.8.34" 445 | source = "registry+https://github.com/rust-lang/crates.io-index" 446 | checksum = "b45de904aa0b010bce2ab45264d0631681847fa7b6f2eaa7dab7619943bc4f59" 447 | dependencies = [ 448 | "cfg-if", 449 | ] 450 | 451 | [[package]] 452 | name = "env_logger" 453 | version = "0.7.1" 454 | source = "registry+https://github.com/rust-lang/crates.io-index" 455 | checksum = "44533bbbb3bb3c1fa17d9f2e4e38bbbaf8396ba82193c4cb1b6445d711445d36" 456 | dependencies = [ 457 | "atty", 458 | "humantime", 459 | "log", 460 | "regex", 461 | "termcolor", 462 | ] 463 | 464 | [[package]] 465 | name = "equivalent" 466 | version = "1.0.1" 467 | source = "registry+https://github.com/rust-lang/crates.io-index" 468 | checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" 469 | 470 | [[package]] 471 | name = "flate2" 472 | version = "1.0.31" 473 | source = "registry+https://github.com/rust-lang/crates.io-index" 474 | checksum = "7f211bbe8e69bbd0cfdea405084f128ae8b4aaa6b0b522fc8f2b009084797920" 475 | dependencies = [ 476 | "crc32fast", 477 | "miniz_oxide", 478 | ] 479 | 480 | [[package]] 481 | name = "fnv" 482 | version = "1.0.7" 483 | source = "registry+https://github.com/rust-lang/crates.io-index" 484 | checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" 485 | 486 | [[package]] 487 | name = "form_urlencoded" 488 | version = "1.2.1" 489 | source = "registry+https://github.com/rust-lang/crates.io-index" 490 | checksum = "e13624c2627564efccf4934284bdd98cbaa14e79b0b5a141218e507b3a823456" 491 | dependencies = [ 492 | "percent-encoding", 493 | ] 494 | 495 | [[package]] 496 | name = "futures-core" 497 | version = "0.3.30" 498 | source = "registry+https://github.com/rust-lang/crates.io-index" 499 | checksum = "dfc6580bb841c5a68e9ef15c77ccc837b40a7504914d52e47b8b0e9bbda25a1d" 500 | 501 | [[package]] 502 | name = "futures-sink" 503 | version = "0.3.30" 504 | source = "registry+https://github.com/rust-lang/crates.io-index" 505 | checksum = "9fb8e00e87438d937621c1c6269e53f536c14d3fbd6a042bb24879e57d474fb5" 506 | 507 | [[package]] 508 | name = "futures-task" 509 | version = "0.3.30" 510 | source = "registry+https://github.com/rust-lang/crates.io-index" 511 | checksum = "38d84fa142264698cdce1a9f9172cf383a0c82de1bddcf3092901442c4097004" 512 | 513 | [[package]] 514 | name = "futures-util" 515 | version = "0.3.30" 516 | source = "registry+https://github.com/rust-lang/crates.io-index" 517 | checksum = "3d6401deb83407ab3da39eba7e33987a73c3df0c82b4bb5813ee871c19c41d48" 518 | dependencies = [ 519 | "futures-core", 520 | "futures-task", 521 | "pin-project-lite", 522 | "pin-utils", 523 | ] 524 | 525 | [[package]] 526 | name = "generic-array" 527 | version = "0.14.7" 528 | source = "registry+https://github.com/rust-lang/crates.io-index" 529 | checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" 530 | dependencies = [ 531 | "typenum", 532 | "version_check", 533 | ] 534 | 535 | [[package]] 536 | name = "getrandom" 537 | version = "0.2.15" 538 | source = "registry+https://github.com/rust-lang/crates.io-index" 539 | checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" 540 | dependencies = [ 541 | "cfg-if", 542 | "libc", 543 | "wasi", 544 | ] 545 | 546 | [[package]] 547 | name = "gimli" 548 | version = "0.29.0" 549 | source = "registry+https://github.com/rust-lang/crates.io-index" 550 | checksum = "40ecd4077b5ae9fd2e9e169b102c6c330d0605168eb0e8bf79952b256dbefffd" 551 | 552 | [[package]] 553 | name = "h2" 554 | version = "0.3.26" 555 | source = "registry+https://github.com/rust-lang/crates.io-index" 556 | checksum = "81fe527a889e1532da5c525686d96d4c2e74cdd345badf8dfef9f6b39dd5f5e8" 557 | dependencies = [ 558 | "bytes", 559 | "fnv", 560 | "futures-core", 561 | "futures-sink", 562 | "futures-util", 563 | "http", 564 | "indexmap", 565 | "slab", 566 | "tokio", 567 | "tokio-util", 568 | "tracing", 569 | ] 570 | 571 | [[package]] 572 | name = "hashbrown" 573 | version = "0.14.5" 574 | source = "registry+https://github.com/rust-lang/crates.io-index" 575 | checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1" 576 | 577 | [[package]] 578 | name = "hermit-abi" 579 | version = "0.1.19" 580 | source = "registry+https://github.com/rust-lang/crates.io-index" 581 | checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33" 582 | dependencies = [ 583 | "libc", 584 | ] 585 | 586 | [[package]] 587 | name = "hermit-abi" 588 | version = "0.3.9" 589 | source = "registry+https://github.com/rust-lang/crates.io-index" 590 | checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024" 591 | 592 | [[package]] 593 | name = "http" 594 | version = "0.2.12" 595 | source = "registry+https://github.com/rust-lang/crates.io-index" 596 | checksum = "601cbb57e577e2f5ef5be8e7b83f0f63994f25aa94d673e54a92d5c516d101f1" 597 | dependencies = [ 598 | "bytes", 599 | "fnv", 600 | "itoa", 601 | ] 602 | 603 | [[package]] 604 | name = "httparse" 605 | version = "1.9.4" 606 | source = "registry+https://github.com/rust-lang/crates.io-index" 607 | checksum = "0fcc0b4a115bf80b728eb8ea024ad5bd707b615bfed49e0665b6e0f86fd082d9" 608 | 609 | [[package]] 610 | name = "httpdate" 611 | version = "1.0.3" 612 | source = "registry+https://github.com/rust-lang/crates.io-index" 613 | checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" 614 | 615 | [[package]] 616 | name = "humantime" 617 | version = "1.3.0" 618 | source = "registry+https://github.com/rust-lang/crates.io-index" 619 | checksum = "df004cfca50ef23c36850aaaa59ad52cc70d0e90243c3c7737a4dd32dc7a3c4f" 620 | dependencies = [ 621 | "quick-error", 622 | ] 623 | 624 | [[package]] 625 | name = "idna" 626 | version = "0.5.0" 627 | source = "registry+https://github.com/rust-lang/crates.io-index" 628 | checksum = "634d9b1461af396cad843f47fdba5597a4f9e6ddd4bfb6ff5d85028c25cb12f6" 629 | dependencies = [ 630 | "unicode-bidi", 631 | "unicode-normalization", 632 | ] 633 | 634 | [[package]] 635 | name = "impl-more" 636 | version = "0.1.6" 637 | source = "registry+https://github.com/rust-lang/crates.io-index" 638 | checksum = "206ca75c9c03ba3d4ace2460e57b189f39f43de612c2f85836e65c929701bb2d" 639 | 640 | [[package]] 641 | name = "indexmap" 642 | version = "2.3.0" 643 | source = "registry+https://github.com/rust-lang/crates.io-index" 644 | checksum = "de3fc2e30ba82dd1b3911c8de1ffc143c74a914a14e99514d7637e3099df5ea0" 645 | dependencies = [ 646 | "equivalent", 647 | "hashbrown", 648 | ] 649 | 650 | [[package]] 651 | name = "iowrap" 652 | version = "0.2.1" 653 | source = "registry+https://github.com/rust-lang/crates.io-index" 654 | checksum = "8d778bd9a4fa138d91f62017e3ac5ff905d2b829a30d3b1be473cb57d32ad15a" 655 | dependencies = [ 656 | "memchr", 657 | ] 658 | 659 | [[package]] 660 | name = "itoa" 661 | version = "1.0.11" 662 | source = "registry+https://github.com/rust-lang/crates.io-index" 663 | checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b" 664 | 665 | [[package]] 666 | name = "jobserver" 667 | version = "0.1.32" 668 | source = "registry+https://github.com/rust-lang/crates.io-index" 669 | checksum = "48d1dbcbbeb6a7fec7e059840aa538bd62aaccf972c7346c4d9d2059312853d0" 670 | dependencies = [ 671 | "libc", 672 | ] 673 | 674 | [[package]] 675 | name = "language-tags" 676 | version = "0.3.2" 677 | source = "registry+https://github.com/rust-lang/crates.io-index" 678 | checksum = "d4345964bb142484797b161f473a503a434de77149dd8c7427788c6e13379388" 679 | 680 | [[package]] 681 | name = "libc" 682 | version = "0.2.155" 683 | source = "registry+https://github.com/rust-lang/crates.io-index" 684 | checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" 685 | 686 | [[package]] 687 | name = "local-channel" 688 | version = "0.1.5" 689 | source = "registry+https://github.com/rust-lang/crates.io-index" 690 | checksum = "b6cbc85e69b8df4b8bb8b89ec634e7189099cea8927a276b7384ce5488e53ec8" 691 | dependencies = [ 692 | "futures-core", 693 | "futures-sink", 694 | "local-waker", 695 | ] 696 | 697 | [[package]] 698 | name = "local-waker" 699 | version = "0.1.4" 700 | source = "registry+https://github.com/rust-lang/crates.io-index" 701 | checksum = "4d873d7c67ce09b42110d801813efbc9364414e356be9935700d368351657487" 702 | 703 | [[package]] 704 | name = "lock_api" 705 | version = "0.4.12" 706 | source = "registry+https://github.com/rust-lang/crates.io-index" 707 | checksum = "07af8b9cdd281b7915f413fa73f29ebd5d55d0d3f0155584dade1ff18cea1b17" 708 | dependencies = [ 709 | "autocfg", 710 | "scopeguard", 711 | ] 712 | 713 | [[package]] 714 | name = "log" 715 | version = "0.4.22" 716 | source = "registry+https://github.com/rust-lang/crates.io-index" 717 | checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24" 718 | 719 | [[package]] 720 | name = "memchr" 721 | version = "2.7.4" 722 | source = "registry+https://github.com/rust-lang/crates.io-index" 723 | checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" 724 | 725 | [[package]] 726 | name = "mime" 727 | version = "0.3.17" 728 | source = "registry+https://github.com/rust-lang/crates.io-index" 729 | checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a" 730 | 731 | [[package]] 732 | name = "miniz_oxide" 733 | version = "0.7.4" 734 | source = "registry+https://github.com/rust-lang/crates.io-index" 735 | checksum = "b8a240ddb74feaf34a79a7add65a741f3167852fba007066dcac1ca548d89c08" 736 | dependencies = [ 737 | "adler", 738 | ] 739 | 740 | [[package]] 741 | name = "mio" 742 | version = "1.0.1" 743 | source = "registry+https://github.com/rust-lang/crates.io-index" 744 | checksum = "4569e456d394deccd22ce1c1913e6ea0e54519f577285001215d33557431afe4" 745 | dependencies = [ 746 | "hermit-abi 0.3.9", 747 | "libc", 748 | "log", 749 | "wasi", 750 | "windows-sys 0.52.0", 751 | ] 752 | 753 | [[package]] 754 | name = "num-conv" 755 | version = "0.1.0" 756 | source = "registry+https://github.com/rust-lang/crates.io-index" 757 | checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9" 758 | 759 | [[package]] 760 | name = "object" 761 | version = "0.36.3" 762 | source = "registry+https://github.com/rust-lang/crates.io-index" 763 | checksum = "27b64972346851a39438c60b341ebc01bba47464ae329e55cf343eb93964efd9" 764 | dependencies = [ 765 | "memchr", 766 | ] 767 | 768 | [[package]] 769 | name = "once_cell" 770 | version = "1.19.0" 771 | source = "registry+https://github.com/rust-lang/crates.io-index" 772 | checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" 773 | 774 | [[package]] 775 | name = "parking_lot" 776 | version = "0.12.3" 777 | source = "registry+https://github.com/rust-lang/crates.io-index" 778 | checksum = "f1bf18183cf54e8d6059647fc3063646a1801cf30896933ec2311622cc4b9a27" 779 | dependencies = [ 780 | "lock_api", 781 | "parking_lot_core", 782 | ] 783 | 784 | [[package]] 785 | name = "parking_lot_core" 786 | version = "0.9.10" 787 | source = "registry+https://github.com/rust-lang/crates.io-index" 788 | checksum = "1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8" 789 | dependencies = [ 790 | "cfg-if", 791 | "libc", 792 | "redox_syscall", 793 | "smallvec", 794 | "windows-targets", 795 | ] 796 | 797 | [[package]] 798 | name = "paste" 799 | version = "1.0.15" 800 | source = "registry+https://github.com/rust-lang/crates.io-index" 801 | checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" 802 | 803 | [[package]] 804 | name = "percent-encoding" 805 | version = "2.3.1" 806 | source = "registry+https://github.com/rust-lang/crates.io-index" 807 | checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e" 808 | 809 | [[package]] 810 | name = "pin-project-lite" 811 | version = "0.2.14" 812 | source = "registry+https://github.com/rust-lang/crates.io-index" 813 | checksum = "bda66fc9667c18cb2758a2ac84d1167245054bcf85d5d1aaa6923f45801bdd02" 814 | 815 | [[package]] 816 | name = "pin-utils" 817 | version = "0.1.0" 818 | source = "registry+https://github.com/rust-lang/crates.io-index" 819 | checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" 820 | 821 | [[package]] 822 | name = "pkg-config" 823 | version = "0.3.30" 824 | source = "registry+https://github.com/rust-lang/crates.io-index" 825 | checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" 826 | 827 | [[package]] 828 | name = "powerfmt" 829 | version = "0.2.0" 830 | source = "registry+https://github.com/rust-lang/crates.io-index" 831 | checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391" 832 | 833 | [[package]] 834 | name = "ppv-lite86" 835 | version = "0.2.20" 836 | source = "registry+https://github.com/rust-lang/crates.io-index" 837 | checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04" 838 | dependencies = [ 839 | "zerocopy", 840 | ] 841 | 842 | [[package]] 843 | name = "proc-macro2" 844 | version = "1.0.86" 845 | source = "registry+https://github.com/rust-lang/crates.io-index" 846 | checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77" 847 | dependencies = [ 848 | "unicode-ident", 849 | ] 850 | 851 | [[package]] 852 | name = "quick-error" 853 | version = "1.2.3" 854 | source = "registry+https://github.com/rust-lang/crates.io-index" 855 | checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0" 856 | 857 | [[package]] 858 | name = "quote" 859 | version = "1.0.36" 860 | source = "registry+https://github.com/rust-lang/crates.io-index" 861 | checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" 862 | dependencies = [ 863 | "proc-macro2", 864 | ] 865 | 866 | [[package]] 867 | name = "rand" 868 | version = "0.8.5" 869 | source = "registry+https://github.com/rust-lang/crates.io-index" 870 | checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" 871 | dependencies = [ 872 | "libc", 873 | "rand_chacha", 874 | "rand_core", 875 | ] 876 | 877 | [[package]] 878 | name = "rand_chacha" 879 | version = "0.3.1" 880 | source = "registry+https://github.com/rust-lang/crates.io-index" 881 | checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" 882 | dependencies = [ 883 | "ppv-lite86", 884 | "rand_core", 885 | ] 886 | 887 | [[package]] 888 | name = "rand_core" 889 | version = "0.6.4" 890 | source = "registry+https://github.com/rust-lang/crates.io-index" 891 | checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" 892 | dependencies = [ 893 | "getrandom", 894 | ] 895 | 896 | [[package]] 897 | name = "redox_syscall" 898 | version = "0.5.3" 899 | source = "registry+https://github.com/rust-lang/crates.io-index" 900 | checksum = "2a908a6e00f1fdd0dfd9c0eb08ce85126f6d8bbda50017e74bc4a4b7d4a926a4" 901 | dependencies = [ 902 | "bitflags", 903 | ] 904 | 905 | [[package]] 906 | name = "regex" 907 | version = "1.10.6" 908 | source = "registry+https://github.com/rust-lang/crates.io-index" 909 | checksum = "4219d74c6b67a3654a9fbebc4b419e22126d13d2f3c4a07ee0cb61ff79a79619" 910 | dependencies = [ 911 | "aho-corasick", 912 | "memchr", 913 | "regex-automata", 914 | "regex-syntax", 915 | ] 916 | 917 | [[package]] 918 | name = "regex-automata" 919 | version = "0.4.7" 920 | source = "registry+https://github.com/rust-lang/crates.io-index" 921 | checksum = "38caf58cc5ef2fed281f89292ef23f6365465ed9a41b7a7754eb4e26496c92df" 922 | dependencies = [ 923 | "aho-corasick", 924 | "memchr", 925 | "regex-syntax", 926 | ] 927 | 928 | [[package]] 929 | name = "regex-lite" 930 | version = "0.1.6" 931 | source = "registry+https://github.com/rust-lang/crates.io-index" 932 | checksum = "53a49587ad06b26609c52e423de037e7f57f20d53535d66e08c695f347df952a" 933 | 934 | [[package]] 935 | name = "regex-syntax" 936 | version = "0.8.4" 937 | source = "registry+https://github.com/rust-lang/crates.io-index" 938 | checksum = "7a66a03ae7c801facd77a29370b4faec201768915ac14a721ba36f20bc9c209b" 939 | 940 | [[package]] 941 | name = "rustc-demangle" 942 | version = "0.1.24" 943 | source = "registry+https://github.com/rust-lang/crates.io-index" 944 | checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f" 945 | 946 | [[package]] 947 | name = "rustc_version" 948 | version = "0.4.0" 949 | source = "registry+https://github.com/rust-lang/crates.io-index" 950 | checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" 951 | dependencies = [ 952 | "semver", 953 | ] 954 | 955 | [[package]] 956 | name = "ryu" 957 | version = "1.0.18" 958 | source = "registry+https://github.com/rust-lang/crates.io-index" 959 | checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" 960 | 961 | [[package]] 962 | name = "scopeguard" 963 | version = "1.2.0" 964 | source = "registry+https://github.com/rust-lang/crates.io-index" 965 | checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" 966 | 967 | [[package]] 968 | name = "semver" 969 | version = "1.0.23" 970 | source = "registry+https://github.com/rust-lang/crates.io-index" 971 | checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" 972 | 973 | [[package]] 974 | name = "serde" 975 | version = "1.0.206" 976 | source = "registry+https://github.com/rust-lang/crates.io-index" 977 | checksum = "5b3e4cd94123dd520a128bcd11e34d9e9e423e7e3e50425cb1b4b1e3549d0284" 978 | dependencies = [ 979 | "serde_derive", 980 | ] 981 | 982 | [[package]] 983 | name = "serde_derive" 984 | version = "1.0.206" 985 | source = "registry+https://github.com/rust-lang/crates.io-index" 986 | checksum = "fabfb6138d2383ea8208cf98ccf69cdfb1aff4088460681d84189aa259762f97" 987 | dependencies = [ 988 | "proc-macro2", 989 | "quote", 990 | "syn", 991 | ] 992 | 993 | [[package]] 994 | name = "serde_json" 995 | version = "1.0.123" 996 | source = "registry+https://github.com/rust-lang/crates.io-index" 997 | checksum = "a11b3b6ce5cfd25b9759a24c3ed4bf24e23893866863547de4655518c951bcd4" 998 | dependencies = [ 999 | "itoa", 1000 | "memchr", 1001 | "ryu", 1002 | "serde", 1003 | ] 1004 | 1005 | [[package]] 1006 | name = "serde_urlencoded" 1007 | version = "0.7.1" 1008 | source = "registry+https://github.com/rust-lang/crates.io-index" 1009 | checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd" 1010 | dependencies = [ 1011 | "form_urlencoded", 1012 | "itoa", 1013 | "ryu", 1014 | "serde", 1015 | ] 1016 | 1017 | [[package]] 1018 | name = "sha1" 1019 | version = "0.10.6" 1020 | source = "registry+https://github.com/rust-lang/crates.io-index" 1021 | checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba" 1022 | dependencies = [ 1023 | "cfg-if", 1024 | "cpufeatures", 1025 | "digest", 1026 | ] 1027 | 1028 | [[package]] 1029 | name = "signal-hook-registry" 1030 | version = "1.4.2" 1031 | source = "registry+https://github.com/rust-lang/crates.io-index" 1032 | checksum = "a9e9e0b4211b72e7b8b6e85c807d36c212bdb33ea8587f7569562a84df5465b1" 1033 | dependencies = [ 1034 | "libc", 1035 | ] 1036 | 1037 | [[package]] 1038 | name = "slab" 1039 | version = "0.4.9" 1040 | source = "registry+https://github.com/rust-lang/crates.io-index" 1041 | checksum = "8f92a496fb766b417c996b9c5e57daf2f7ad3b0bebe1ccfca4856390e3d3bb67" 1042 | dependencies = [ 1043 | "autocfg", 1044 | ] 1045 | 1046 | [[package]] 1047 | name = "smallvec" 1048 | version = "1.13.2" 1049 | source = "registry+https://github.com/rust-lang/crates.io-index" 1050 | checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" 1051 | 1052 | [[package]] 1053 | name = "socket2" 1054 | version = "0.5.7" 1055 | source = "registry+https://github.com/rust-lang/crates.io-index" 1056 | checksum = "ce305eb0b4296696835b71df73eb912e0f1ffd2556a501fcede6e0c50349191c" 1057 | dependencies = [ 1058 | "libc", 1059 | "windows-sys 0.52.0", 1060 | ] 1061 | 1062 | [[package]] 1063 | name = "syn" 1064 | version = "2.0.74" 1065 | source = "registry+https://github.com/rust-lang/crates.io-index" 1066 | checksum = "1fceb41e3d546d0bd83421d3409b1460cc7444cd389341a4c880fe7a042cb3d7" 1067 | dependencies = [ 1068 | "proc-macro2", 1069 | "quote", 1070 | "unicode-ident", 1071 | ] 1072 | 1073 | [[package]] 1074 | name = "termcolor" 1075 | version = "1.4.1" 1076 | source = "registry+https://github.com/rust-lang/crates.io-index" 1077 | checksum = "06794f8f6c5c898b3275aebefa6b8a1cb24cd2c6c79397ab15774837a0bc5755" 1078 | dependencies = [ 1079 | "winapi-util", 1080 | ] 1081 | 1082 | [[package]] 1083 | name = "time" 1084 | version = "0.3.36" 1085 | source = "registry+https://github.com/rust-lang/crates.io-index" 1086 | checksum = "5dfd88e563464686c916c7e46e623e520ddc6d79fa6641390f2e3fa86e83e885" 1087 | dependencies = [ 1088 | "deranged", 1089 | "itoa", 1090 | "num-conv", 1091 | "powerfmt", 1092 | "serde", 1093 | "time-core", 1094 | "time-macros", 1095 | ] 1096 | 1097 | [[package]] 1098 | name = "time-core" 1099 | version = "0.1.2" 1100 | source = "registry+https://github.com/rust-lang/crates.io-index" 1101 | checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3" 1102 | 1103 | [[package]] 1104 | name = "time-macros" 1105 | version = "0.2.18" 1106 | source = "registry+https://github.com/rust-lang/crates.io-index" 1107 | checksum = "3f252a68540fde3a3877aeea552b832b40ab9a69e318efd078774a01ddee1ccf" 1108 | dependencies = [ 1109 | "num-conv", 1110 | "time-core", 1111 | ] 1112 | 1113 | [[package]] 1114 | name = "tinyvec" 1115 | version = "1.8.0" 1116 | source = "registry+https://github.com/rust-lang/crates.io-index" 1117 | checksum = "445e881f4f6d382d5f27c034e25eb92edd7c784ceab92a0937db7f2e9471b938" 1118 | dependencies = [ 1119 | "tinyvec_macros", 1120 | ] 1121 | 1122 | [[package]] 1123 | name = "tinyvec_macros" 1124 | version = "0.1.1" 1125 | source = "registry+https://github.com/rust-lang/crates.io-index" 1126 | checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" 1127 | 1128 | [[package]] 1129 | name = "tokio" 1130 | version = "1.39.2" 1131 | source = "registry+https://github.com/rust-lang/crates.io-index" 1132 | checksum = "daa4fb1bc778bd6f04cbfc4bb2d06a7396a8f299dc33ea1900cedaa316f467b1" 1133 | dependencies = [ 1134 | "backtrace", 1135 | "bytes", 1136 | "libc", 1137 | "mio", 1138 | "parking_lot", 1139 | "pin-project-lite", 1140 | "signal-hook-registry", 1141 | "socket2", 1142 | "windows-sys 0.52.0", 1143 | ] 1144 | 1145 | [[package]] 1146 | name = "tokio-util" 1147 | version = "0.7.11" 1148 | source = "registry+https://github.com/rust-lang/crates.io-index" 1149 | checksum = "9cf6b47b3771c49ac75ad09a6162f53ad4b8088b76ac60e8ec1455b31a189fe1" 1150 | dependencies = [ 1151 | "bytes", 1152 | "futures-core", 1153 | "futures-sink", 1154 | "pin-project-lite", 1155 | "tokio", 1156 | ] 1157 | 1158 | [[package]] 1159 | name = "tracing" 1160 | version = "0.1.40" 1161 | source = "registry+https://github.com/rust-lang/crates.io-index" 1162 | checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef" 1163 | dependencies = [ 1164 | "log", 1165 | "pin-project-lite", 1166 | "tracing-core", 1167 | ] 1168 | 1169 | [[package]] 1170 | name = "tracing-core" 1171 | version = "0.1.32" 1172 | source = "registry+https://github.com/rust-lang/crates.io-index" 1173 | checksum = "c06d3da6113f116aaee68e4d601191614c9053067f9ab7f6edbcb161237daa54" 1174 | dependencies = [ 1175 | "once_cell", 1176 | ] 1177 | 1178 | [[package]] 1179 | name = "typenum" 1180 | version = "1.17.0" 1181 | source = "registry+https://github.com/rust-lang/crates.io-index" 1182 | checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" 1183 | 1184 | [[package]] 1185 | name = "unicode-bidi" 1186 | version = "0.3.15" 1187 | source = "registry+https://github.com/rust-lang/crates.io-index" 1188 | checksum = "08f95100a766bf4f8f28f90d77e0a5461bbdb219042e7679bebe79004fed8d75" 1189 | 1190 | [[package]] 1191 | name = "unicode-ident" 1192 | version = "1.0.12" 1193 | source = "registry+https://github.com/rust-lang/crates.io-index" 1194 | checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" 1195 | 1196 | [[package]] 1197 | name = "unicode-normalization" 1198 | version = "0.1.23" 1199 | source = "registry+https://github.com/rust-lang/crates.io-index" 1200 | checksum = "a56d1686db2308d901306f92a263857ef59ea39678a5458e7cb17f01415101f5" 1201 | dependencies = [ 1202 | "tinyvec", 1203 | ] 1204 | 1205 | [[package]] 1206 | name = "url" 1207 | version = "2.5.2" 1208 | source = "registry+https://github.com/rust-lang/crates.io-index" 1209 | checksum = "22784dbdf76fdde8af1aeda5622b546b422b6fc585325248a2bf9f5e41e94d6c" 1210 | dependencies = [ 1211 | "form_urlencoded", 1212 | "idna", 1213 | "percent-encoding", 1214 | ] 1215 | 1216 | [[package]] 1217 | name = "version_check" 1218 | version = "0.9.5" 1219 | source = "registry+https://github.com/rust-lang/crates.io-index" 1220 | checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" 1221 | 1222 | [[package]] 1223 | name = "wasi" 1224 | version = "0.11.0+wasi-snapshot-preview1" 1225 | source = "registry+https://github.com/rust-lang/crates.io-index" 1226 | checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" 1227 | 1228 | [[package]] 1229 | name = "winapi" 1230 | version = "0.3.9" 1231 | source = "registry+https://github.com/rust-lang/crates.io-index" 1232 | checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" 1233 | dependencies = [ 1234 | "winapi-i686-pc-windows-gnu", 1235 | "winapi-x86_64-pc-windows-gnu", 1236 | ] 1237 | 1238 | [[package]] 1239 | name = "winapi-i686-pc-windows-gnu" 1240 | version = "0.4.0" 1241 | source = "registry+https://github.com/rust-lang/crates.io-index" 1242 | checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" 1243 | 1244 | [[package]] 1245 | name = "winapi-util" 1246 | version = "0.1.9" 1247 | source = "registry+https://github.com/rust-lang/crates.io-index" 1248 | checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb" 1249 | dependencies = [ 1250 | "windows-sys 0.59.0", 1251 | ] 1252 | 1253 | [[package]] 1254 | name = "winapi-x86_64-pc-windows-gnu" 1255 | version = "0.4.0" 1256 | source = "registry+https://github.com/rust-lang/crates.io-index" 1257 | checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" 1258 | 1259 | [[package]] 1260 | name = "windows-sys" 1261 | version = "0.52.0" 1262 | source = "registry+https://github.com/rust-lang/crates.io-index" 1263 | checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" 1264 | dependencies = [ 1265 | "windows-targets", 1266 | ] 1267 | 1268 | [[package]] 1269 | name = "windows-sys" 1270 | version = "0.59.0" 1271 | source = "registry+https://github.com/rust-lang/crates.io-index" 1272 | checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b" 1273 | dependencies = [ 1274 | "windows-targets", 1275 | ] 1276 | 1277 | [[package]] 1278 | name = "windows-targets" 1279 | version = "0.52.6" 1280 | source = "registry+https://github.com/rust-lang/crates.io-index" 1281 | checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" 1282 | dependencies = [ 1283 | "windows_aarch64_gnullvm", 1284 | "windows_aarch64_msvc", 1285 | "windows_i686_gnu", 1286 | "windows_i686_gnullvm", 1287 | "windows_i686_msvc", 1288 | "windows_x86_64_gnu", 1289 | "windows_x86_64_gnullvm", 1290 | "windows_x86_64_msvc", 1291 | ] 1292 | 1293 | [[package]] 1294 | name = "windows_aarch64_gnullvm" 1295 | version = "0.52.6" 1296 | source = "registry+https://github.com/rust-lang/crates.io-index" 1297 | checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" 1298 | 1299 | [[package]] 1300 | name = "windows_aarch64_msvc" 1301 | version = "0.52.6" 1302 | source = "registry+https://github.com/rust-lang/crates.io-index" 1303 | checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" 1304 | 1305 | [[package]] 1306 | name = "windows_i686_gnu" 1307 | version = "0.52.6" 1308 | source = "registry+https://github.com/rust-lang/crates.io-index" 1309 | checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" 1310 | 1311 | [[package]] 1312 | name = "windows_i686_gnullvm" 1313 | version = "0.52.6" 1314 | source = "registry+https://github.com/rust-lang/crates.io-index" 1315 | checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" 1316 | 1317 | [[package]] 1318 | name = "windows_i686_msvc" 1319 | version = "0.52.6" 1320 | source = "registry+https://github.com/rust-lang/crates.io-index" 1321 | checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" 1322 | 1323 | [[package]] 1324 | name = "windows_x86_64_gnu" 1325 | version = "0.52.6" 1326 | source = "registry+https://github.com/rust-lang/crates.io-index" 1327 | checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" 1328 | 1329 | [[package]] 1330 | name = "windows_x86_64_gnullvm" 1331 | version = "0.52.6" 1332 | source = "registry+https://github.com/rust-lang/crates.io-index" 1333 | checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" 1334 | 1335 | [[package]] 1336 | name = "windows_x86_64_msvc" 1337 | version = "0.52.6" 1338 | source = "registry+https://github.com/rust-lang/crates.io-index" 1339 | checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" 1340 | 1341 | [[package]] 1342 | name = "zerocopy" 1343 | version = "0.7.35" 1344 | source = "registry+https://github.com/rust-lang/crates.io-index" 1345 | checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0" 1346 | dependencies = [ 1347 | "byteorder", 1348 | "zerocopy-derive", 1349 | ] 1350 | 1351 | [[package]] 1352 | name = "zerocopy-derive" 1353 | version = "0.7.35" 1354 | source = "registry+https://github.com/rust-lang/crates.io-index" 1355 | checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" 1356 | dependencies = [ 1357 | "proc-macro2", 1358 | "quote", 1359 | "syn", 1360 | ] 1361 | 1362 | [[package]] 1363 | name = "zstd" 1364 | version = "0.13.2" 1365 | source = "registry+https://github.com/rust-lang/crates.io-index" 1366 | checksum = "fcf2b778a664581e31e389454a7072dab1647606d44f7feea22cd5abb9c9f3f9" 1367 | dependencies = [ 1368 | "zstd-safe", 1369 | ] 1370 | 1371 | [[package]] 1372 | name = "zstd-safe" 1373 | version = "7.2.1" 1374 | source = "registry+https://github.com/rust-lang/crates.io-index" 1375 | checksum = "54a3ab4db68cea366acc5c897c7b4d4d1b8994a9cd6e6f841f8964566a419059" 1376 | dependencies = [ 1377 | "zstd-sys", 1378 | ] 1379 | 1380 | [[package]] 1381 | name = "zstd-sys" 1382 | version = "2.0.13+zstd.1.5.6" 1383 | source = "registry+https://github.com/rust-lang/crates.io-index" 1384 | checksum = "38ff0f21cfee8f97d94cef41359e0c89aa6113028ab0291aa8ca0038995a95aa" 1385 | dependencies = [ 1386 | "cc", 1387 | "pkg-config", 1388 | ] 1389 | -------------------------------------------------------------------------------- /Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "docker-run" 3 | version = "1.5.0" 4 | authors = ["Petter Rasmussen "] 5 | edition = "2018" 6 | 7 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 8 | 9 | [dependencies] 10 | http = "0.2.1" 11 | httparse = "1.3.4" 12 | serde = { version = "1.0.116", features = ["derive"] } 13 | serde_json = "1.0.58" 14 | iowrap = "0.2.0" 15 | log = "0.4.11" 16 | env_logger = "0.7.1" 17 | actix-web = "4" 18 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Petter Rasmussen 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # docker-run 2 | 3 | ## Overview 4 | docker-run provides a http api for running untrusted code inside transient docker containers. 5 | For every run request a new container is started and deleted. 6 | The payload is passed to the container by attaching to it and writing it to stdin. The result is read from stdout. 7 | The communication with the docker daemon happens via it's api over the unix socket. 8 | This is used to run code on [glot.io](https://glot.io). 9 | 10 | 11 | ## Api 12 | | Action | Method | Route | Requires token | 13 | |:-----------------------------|:-------|:-----------|:---------------| 14 | | Get service info | GET | / | No | 15 | | Get docker info | GET | /version | Yes | 16 | | [Run code](api_docs/run.md) | POST | /run | Yes | 17 | 18 | 19 | ## Docker images 20 | When a run request is posted to docker-run it will create a new temporary container. 21 | The container is required to listen for a json payload on stdin and must write the 22 | run result to stdout as a json object containing the properties: stdout, stderr and error. 23 | The docker images used by [glot.io](https://glot.io) can be found [here](https://github.com/glotcode/glot-images). 24 | 25 | 26 | ## Performance 27 | The following numbers were obtained using [glot-images](https://github.com/glotcode/glot-images) 28 | on a 5$ linode vm running 'Hello World' with [httpstat](https://github.com/reorx/httpstat) 29 | multiple times locally on the same host and reading the numbers manually. 30 | Not scientific numbers, but it will give an indication of the overhead involved. 31 | 32 | | Language | Min | Max | 33 | |:-----------------|:-------------|:-------------| 34 | | Python | 250 ms | 350 ms | 35 | | C | 330 ms | 430 ms | 36 | | Haskell | 500 ms | 700 ms | 37 | | Java | 2000 ms | 2200 ms | 38 | 39 | #### With [gVisor](https://gvisor.dev/) (optional) 40 | 41 | | Language | Min | Max | 42 | |:-----------------|:-------------|:-------------| 43 | | Python | 450 ms | 570 ms | 44 | | C | 1300 ms | 1500 ms | 45 | | Haskell | 1760 ms | 2060 ms | 46 | | Java | 4570 ms | 4800 ms | 47 | 48 | 49 | ## Security 50 | Docker containers are not as secure as a vm and there has been weaknesses in the past 51 | where people have been able to escape a container in specific scenarios. 52 | The recommended setup is to store any database / user data / secrets on a separate machine then the one that runs docker + docker-run, 53 | so that if anyone is able to escape the container it will limit what they get access to. 54 | That said, glot.io has been running untrusted code in docker containers since 2015 without any issues. 55 | 56 | Depending on your use-case you should also consider to: 57 | * Disable network access using `DOCKER_CONTAINER_NETWORK_DISABLED` 58 | * Drop [capabilities](https://man7.org/linux/man-pages/man7/capabilities.7.html) using `DOCKER_CONTAINER_CAP_DROP` 59 | * Use the [gVisor](https://gvisor.dev/) runtime 60 | 61 | 62 | ## Installation instructions 63 | - [Run docker-run with systemd](docs/install/ubuntu-20.10.md) (recommended) 64 | - [Run docker-run in a docker container](docs/install/docker-ubuntu-20.10.md) (some people run into issues while running docker-run in a container, see open issues) 65 | - [gVisor](docs/install/ubuntu-20.10-gvisor.md) 66 | 67 | 68 | ## FAQ 69 | 70 | **Q:** How is fork bombs handled? 71 | 72 | **A:** The number of processes a container can create can be set with the `DOCKER_CONTAINER_ULIMIT_NPROC_HARD` variable. 73 | 74 | ## 75 | 76 | **Q:** How is infinite loops handled? 77 | 78 | **A:** The container will be killed when the `RUN_MAX_EXECUTION_TIME` value is reached. 79 | 80 | ## 81 | 82 | **Q:** How is large output handled? 83 | 84 | **A:** Docker-run will stop reading the output from the container when it has read the number of bytes defined in `RUN_MAX_OUTPUT_SIZE`. 85 | 86 | ## 87 | 88 | **Q:** How is high memory usage handled? 89 | 90 | **A:** The max memory for a container can be set with the `DOCKER_CONTAINER_MEMORY` variable. 91 | 92 | 93 | ## Environment variables 94 | 95 | #### Required 96 | 97 | | Variable name | Type | Description | 98 | |:---------------------------------------|:------------------------------|:-----------------------------------------------------------------------------| 99 | | SERVER_LISTEN_ADDR | <ipv4 address> | Listen ip | 100 | | SERVER_LISTEN_PORT | 1-65535 | Listen port | 101 | | SERVER_WORKER_THREADS | <integer> | How many simultaneous requests that should be processed | 102 | | API_ACCESS_TOKEN | <string> | Access token is required in the request to run code | 103 | | DOCKER_UNIX_SOCKET_PATH | <filepath> | Path to docker unix socket | 104 | | DOCKER_UNIX_SOCKET_READ_TIMEOUT | <seconds> | Read timeout | 105 | | DOCKER_UNIX_SOCKET_WRITE_TIMEOUT | <seconds> | Write timeout | 106 | | DOCKER_CONTAINER_HOSTNAME | <string> | Hostname inside container | 107 | | DOCKER_CONTAINER_USER | <string> | User that will execute the command inside the container | 108 | | DOCKER_CONTAINER_MEMORY | <bytes> | Max memory the container is allowed to use | 109 | | DOCKER_CONTAINER_NETWORK_DISABLED | <bool> | Enable or disable network access from the container | 110 | | DOCKER_CONTAINER_ULIMIT_NOFILE_SOFT | <integer> | Soft limit for the number of files that can be opened by the container | 111 | | DOCKER_CONTAINER_ULIMIT_NOFILE_HARD | <integer> | Hard limit for the number of files that can be opened by the container | 112 | | DOCKER_CONTAINER_ULIMIT_NPROC_SOFT | <integer> | Soft limit for the number of processes that can be started by the container | 113 | | DOCKER_CONTAINER_ULIMIT_NPROC_HARD | <integer> | Hard limit for the number of processes that can be started by the container | 114 | | DOCKER_CONTAINER_CAP_DROP | <space separated list> | List of capabilies to drop | 115 | | RUN_MAX_EXECUTION_TIME | <seconds> | Maximum number of seconds a container is allowed to run | 116 | | RUN_MAX_OUTPUT_SIZE | <bytes> | Maximum number of bytes allowed from the output of a run | 117 | 118 | 119 | #### Optional 120 | 121 | | Variable name | Type | Description | 122 | |:---------------------------------------|:------------------------------|:-----------------------------------------------------------------------------| 123 | | DOCKER_CONTAINER_READONLY_ROOTFS | <bool> | Mount root as read-only (recommended) | 124 | | DOCKER_CONTAINER_TMP_DIR_PATH | <filepath> | Will add a writeable tmpfs mount at the given path | 125 | | DOCKER_CONTAINER_TMP_DIR_OPTIONS | <string> | Mount options for the tmp dir (default: rw,noexec,nosuid,size=65536k) | 126 | | DOCKER_CONTAINER_WORK_DIR_PATH | <filepath> | Will add a writeable tmpfs mount at the given path | 127 | | DOCKER_CONTAINER_WORK_DIR_OPTIONS | <string> | Mount options for the work dir (default: rw,exec,nosuid,size=131072k) | 128 | | DEBUG_KEEP_CONTAINER | <bool> | Don't remove the container after run is completed (for debugging) | 129 | -------------------------------------------------------------------------------- /api_docs/run.md: -------------------------------------------------------------------------------- 1 | # Run code api examples with glot-images 2 | 3 | 4 | ## Run code 5 | 6 | #### Request 7 | 8 | ```bash 9 | curl --request POST \ 10 | --header 'X-Access-Token: some-secret-token' \ 11 | --header 'Content-type: application/json' \ 12 | --data '{"image": "glot/python:latest", "payload": {"language": "python", "files": [{"name": "main.py", "content": "print(42)"}]}}' \ 13 | --url 'http:///run' 14 | ``` 15 | 16 | #### Response 17 | ```javascript 18 | { 19 | "stdout": "42\n", 20 | "stderr": "", 21 | "error": "" 22 | } 23 | ``` 24 | 25 | 26 | ## Read data from stdin 27 | 28 | #### Request 29 | 30 | ```bash 31 | curl --request POST \ 32 | --header 'X-Access-Token: some-secret-token' \ 33 | --header 'Content-type: application/json' \ 34 | --data '{"image": "glot/python:latest", "payload": {"language": "python", "stdin": "42", "files": [{"name": "main.py", "content": "print(input(\"Number from stdin: \"))"}]}}' \ 35 | --url 'http:///run' 36 | ``` 37 | 38 | #### Response 39 | ```javascript 40 | { 41 | "stdout": "Number from stdin: 42\n", 42 | "stderr": "", 43 | "error": "" 44 | } 45 | ``` 46 | 47 | ## Custom run command 48 | 49 | #### Request 50 | ```bash 51 | curl --request POST \ 52 | --header 'X-Access-Token: some-secret-token' \ 53 | --header 'Content-type: application/json' \ 54 | --data '{"image": "glot/bash:latest", "payload": {"language": "bash", "command": "bash main.sh 42", "files": [{"name": "main.sh", "content": "echo Number from arg: $1"}]}}' \ 55 | --url 'http:///run' 56 | ``` 57 | 58 | #### Response 59 | ```javascript 60 | { 61 | "stdout": "Number from arg: 42\n", 62 | "stderr": "", 63 | "error": "" 64 | } 65 | ``` 66 | -------------------------------------------------------------------------------- /crate-hashes.json: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /default.nix: -------------------------------------------------------------------------------- 1 | { pkgs ? import { } }: 2 | pkgs.rustPlatform.buildRustPackage rec { 3 | pname = "docker-run"; 4 | version = "1.4.0"; 5 | cargoLock.lockFile = ./Cargo.lock; 6 | src = pkgs.lib.cleanSource ./.; 7 | } 8 | -------------------------------------------------------------------------------- /docker.nix: -------------------------------------------------------------------------------- 1 | let 2 | nixpkgs = 3 | builtins.fetchGit { 4 | url = "https://github.com/NixOS/nixpkgs"; 5 | ref = "refs/heads/release-23.05"; 6 | rev = "9117c4e9dc117a6cd0319cca40f2349ed333669d"; 7 | }; 8 | 9 | pkgs = 10 | import nixpkgs {}; 11 | 12 | dockerRun = 13 | import ./default.nix { pkgs = pkgs; }; 14 | in 15 | pkgs.dockerTools.buildImage { 16 | name = "glot/docker-run"; 17 | tag = "latest"; 18 | created = "now"; 19 | 20 | config = { 21 | Env = [ 22 | "LANG=C.UTF-8" 23 | "SERVER_LISTEN_ADDR=0.0.0.0" 24 | "SERVER_LISTEN_PORT=8088" 25 | "SERVER_WORKER_THREADS=10" 26 | "API_ACCESS_TOKEN=some-secret-token" 27 | "DOCKER_UNIX_SOCKET_PATH=/var/run/docker.sock" 28 | "DOCKER_UNIX_SOCKET_READ_TIMEOUT=3" 29 | "DOCKER_UNIX_SOCKET_WRITE_TIMEOUT=3" 30 | "DOCKER_CONTAINER_HOSTNAME=glot" 31 | "DOCKER_CONTAINER_USER=glot" 32 | "DOCKER_CONTAINER_MEMORY=1000000000" 33 | "DOCKER_CONTAINER_NETWORK_DISABLED=true" 34 | "DOCKER_CONTAINER_ULIMIT_NOFILE_SOFT=90" 35 | "DOCKER_CONTAINER_ULIMIT_NOFILE_HARD=100" 36 | "DOCKER_CONTAINER_ULIMIT_NPROC_SOFT=90" 37 | "DOCKER_CONTAINER_ULIMIT_NPROC_HARD=100" 38 | "DOCKER_CONTAINER_CAP_DROP=MKNOD NET_RAW NET_BIND_SERVICE" 39 | "DOCKER_CONTAINER_READONLY_ROOTFS=true" 40 | "DOCKER_CONTAINER_TMP_DIR_PATH=/tmp" 41 | "DOCKER_CONTAINER_TMP_DIR_OPTIONS=rw,noexec,nosuid,size=65536k" 42 | "DOCKER_CONTAINER_WORK_DIR_PATH=/home/glot" 43 | "DOCKER_CONTAINER_WORK_DIR_OPTIONS=rw,exec,nosuid,size=131072k" 44 | "RUN_MAX_EXECUTION_TIME=15" 45 | "RUN_MAX_OUTPUT_SIZE=100000" 46 | "RUST_LOG=debug" 47 | ]; 48 | 49 | Cmd = [ "${dockerRun}/bin/docker-run" ]; 50 | }; 51 | } 52 | -------------------------------------------------------------------------------- /docs/install/docker-ubuntu-20.10.md: -------------------------------------------------------------------------------- 1 | # Installation instructions for ubuntu 20.10 2 | 3 | #### Install and configure docker 4 | 5 | ```bash 6 | apt install docker.io 7 | 8 | # Disable docker networking (optional) 9 | echo '{ 10 | "ip-forward": false, 11 | "iptables": false, 12 | "ipv6": false, 13 | "ip-masq": false 14 | }' > /etc/docker/daemon.json 15 | 16 | # Restart docker daemon 17 | systemctl restart docker.service 18 | ``` 19 | 20 | #### Pull the docker-run image 21 | 22 | ```bash 23 | docker pull glot/docker-run:latest 24 | ``` 25 | 26 | 27 | #### Pull images for the languages you want 28 | 29 | ```bash 30 | docker pull glot/python:latest 31 | docker pull glot/rust:latest 32 | # ... 33 | ``` 34 | 35 | #### Start the docker-run container 36 | 37 | ```bash 38 | docker run --detach --restart=always --publish 8088:8088 --volume /var/run/docker.sock:/var/run/docker.sock --env "API_ACCESS_TOKEN=my-token" glot/docker-run:latest 39 | ``` 40 | 41 | #### Check that everything is working 42 | 43 | ```bash 44 | # Print docker-run version 45 | curl http://localhost:8088 46 | 47 | # Print docker version, etc 48 | curl --header 'X-Access-Token: my-token' http://localhost:8088/version 49 | 50 | # Run python code 51 | curl --request POST --header 'X-Access-Token: my-token' --header 'Content-type: application/json' --data '{"image": "glot/python:latest", "payload": {"language": "python", "files": [{"name": "main.py", "content": "print(42)"}]}}' http://localhost:8088/run 52 | ``` 53 | -------------------------------------------------------------------------------- /docs/install/ubuntu-20.10-gvisor.md: -------------------------------------------------------------------------------- 1 | # gVisor installation instructions 2 | 3 | Installing gVisor is optional, but provides an extra layer of security. 4 | 5 | These instructions are based on the [offical gVisor instructions](https://gvisor.dev/docs/user_guide/install/) 6 | and assumes that you already have followed the [docker-run instructions for ubuntu 20.10](ubuntu-20.10.md) 7 | 8 | ```bash 9 | apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common 10 | curl -fsSL https://gvisor.dev/archive.key | sudo apt-key add - 11 | add-apt-repository "deb https://storage.googleapis.com/gvisor/releases release main" 12 | apt update 13 | apt install runsc 14 | ``` 15 | 16 | #### Set runsc as the default runtime 17 | 18 | Add a `default-runtime` field to `/etc/docker/daemon.json`. The file should look something like this: 19 | 20 | ```js 21 | { 22 | ... 23 | "default-runtime": "runsc", 24 | "runtimes": { 25 | "runsc": { 26 | "path": "/usr/bin/runsc" 27 | } 28 | } 29 | } 30 | ``` 31 | 32 | #### Restart the docker daemon 33 | 34 | ```bash 35 | systemctl restart docker.service 36 | ``` 37 | 38 | The gVisor runtime is now used when running code 39 | -------------------------------------------------------------------------------- /docs/install/ubuntu-20.10.md: -------------------------------------------------------------------------------- 1 | # Installation instructions for ubuntu 20.10 2 | 3 | #### Install and configure docker 4 | 5 | ```bash 6 | apt install docker.io 7 | 8 | # Disable docker networking (optional) 9 | echo '{ 10 | "ip-forward": false, 11 | "iptables": false, 12 | "ipv6": false, 13 | "ip-masq": false 14 | }' > /etc/docker/daemon.json 15 | 16 | systemctl restart docker.service 17 | ``` 18 | 19 | #### Create user for docker-run 20 | 21 | ```bash 22 | useradd -m glot 23 | usermod -aG docker glot 24 | ``` 25 | 26 | #### Install docker-run binary 27 | 28 | ```bash 29 | mkdir /home/glot/bin 30 | cd /home/glot/bin 31 | wget https://github.com/glotcode/docker-run/releases/download/v.1.4.0/docker-run_linux-x64.tar.gz 32 | tar -zxf docker-run_linux-x64.tar.gz 33 | rm docker-run_linux-x64.tar.gz 34 | chown -R glot:glot /home/glot/bin 35 | ``` 36 | 37 | #### Add and configure systemd service 38 | Most of the configuration from the example file is ok but the `API_ACCESS_TOKEN` should be changed 39 | 40 | ```bash 41 | curl https://raw.githubusercontent.com/glotcode/docker-run/main/systemd/docker-run.service > /etc/systemd/system/docker-run.service 42 | 43 | # Edit docker-run.service in your favorite editor 44 | 45 | systemctl enable docker-run.service 46 | systemctl start docker-run.service 47 | ``` 48 | 49 | #### Pull docker images 50 | 51 | ```bash 52 | docker pull glot/python:latest 53 | docker pull glot/rust:latest 54 | # ... 55 | ``` 56 | 57 | #### Check that everything is working 58 | 59 | ```bash 60 | # Print docker-run version 61 | curl http://localhost:8088 62 | 63 | # Print docker version, etc 64 | curl --header 'X-Access-Token: access-token-from-systemd-service' http://localhost:8088/version 65 | 66 | # Run python code 67 | curl --request POST --header 'X-Access-Token: access-token-from-systemd-service' --header 'Content-type: application/json' --data '{"image": "glot/python:latest", "payload": {"language": "python", "files": [{"name": "main.py", "content": "print(42)"}]}}' http://localhost:8088/run 68 | ``` 69 | -------------------------------------------------------------------------------- /run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | export SERVER_LISTEN_ADDR="127.0.0.1" 4 | export SERVER_LISTEN_PORT="8088" 5 | export SERVER_WORKER_THREADS="10" 6 | 7 | export API_ACCESS_TOKEN="magmatic-handyman-confirm-cauldron" 8 | 9 | export DOCKER_UNIX_SOCKET_PATH="/Users/pii/Library/Containers/com.docker.docker/Data/docker.raw.sock" 10 | export DOCKER_UNIX_SOCKET_READ_TIMEOUT="3" 11 | export DOCKER_UNIX_SOCKET_WRITE_TIMEOUT="3" 12 | 13 | export DOCKER_CONTAINER_HOSTNAME="glot" 14 | export DOCKER_CONTAINER_USER="glot" 15 | export DOCKER_CONTAINER_MEMORY="1000000000" 16 | export DOCKER_CONTAINER_NETWORK_DISABLED="true" 17 | export DOCKER_CONTAINER_ULIMIT_NOFILE_SOFT="90" 18 | export DOCKER_CONTAINER_ULIMIT_NOFILE_HARD="100" 19 | export DOCKER_CONTAINER_ULIMIT_NPROC_SOFT="90" 20 | export DOCKER_CONTAINER_ULIMIT_NPROC_HARD="100" 21 | export DOCKER_CONTAINER_CAP_DROP="MKNOD NET_RAW NET_BIND_SERVICE" 22 | export DOCKER_CONTAINER_READONLY_ROOTFS="true" 23 | export DOCKER_CONTAINER_TMP_DIR_PATH="/tmp" 24 | export DOCKER_CONTAINER_TMP_DIR_OPTIONS="rw,noexec,nosuid,size=65536k" 25 | export DOCKER_CONTAINER_WORK_DIR_PATH="/home/glot" 26 | export DOCKER_CONTAINER_WORK_DIR_OPTIONS="rw,exec,nosuid,size=131072k" 27 | 28 | 29 | export RUN_MAX_EXECUTION_TIME="10" 30 | export RUN_MAX_OUTPUT_SIZE="100000" 31 | 32 | export DEBUG_KEEP_CONTAINER="false" 33 | 34 | export RUST_LOG=debug 35 | 36 | cargo run 37 | -------------------------------------------------------------------------------- /scripts/payload/assembly.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "assembly", 3 | "files": [{ 4 | "name": "main.asm", 5 | "content": "section .data\n msg db \"Hello 🌎!\", 0ah\n\nsection .text\n global _start\n_start:\n mov rax, 1\n mov rdi, 1\n mov rsi, msg\n mov rdx, 12\n syscall\n mov rax, 60\n mov rdi, 0\n syscall\n" 6 | }] 7 | } 8 | -------------------------------------------------------------------------------- /scripts/payload/ats.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "ats", 3 | "files": [{ 4 | "name": "main.dats", 5 | "content": "implement main0 () = print\"Hello 🌎!\n\"" 6 | }] 7 | } 8 | 9 | -------------------------------------------------------------------------------- /scripts/payload/bash.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "bash", 3 | "files": [{ 4 | "name": "main.sh", 5 | "content": "echo Hello 🌎" 6 | }] 7 | } 8 | -------------------------------------------------------------------------------- /scripts/payload/c.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "c", 3 | "files": [{ 4 | "name": "main.c", 5 | "content": "#include \n\nint main(void) {\n printf(\"Hello 🌎!\\n\");\n return 0;\n}" 6 | }] 7 | } 8 | -------------------------------------------------------------------------------- /scripts/payload/clojure.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "clojure", 3 | "files": [{ 4 | "name": "main.clj", 5 | "content": "(println \"Hello 🌎!\")" 6 | }] 7 | } 8 | -------------------------------------------------------------------------------- /scripts/payload/cobol.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "cobol", 3 | "files": [{ 4 | "name": "main.cob", 5 | "content": " IDENTIFICATION DIVISION.\n PROGRAM-ID. hello.\n PROCEDURE DIVISION.\n DISPLAY 'Hello 🌎'\n GOBACK\n .\n" 6 | }] 7 | } 8 | -------------------------------------------------------------------------------- /scripts/payload/coffeescript.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "coffeescript", 3 | "files": [{ 4 | "name": "main.coffee", 5 | "content": "console.log \"Hello 🌎!\"" 6 | }] 7 | } 8 | -------------------------------------------------------------------------------- /scripts/payload/cpp.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "cpp", 3 | "files": [{ 4 | "name": "main.cpp", 5 | "content": "#include \nusing namespace std;\n\nint main() {\n cout << \"Hello 🌎!\";\n return 0;\n}" 6 | }] 7 | } 8 | -------------------------------------------------------------------------------- /scripts/payload/crystal.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "crystal", 3 | "files": [{ 4 | "name": "main.cr", 5 | "content": "puts \"Hello 🌎!\"" 6 | }] 7 | } 8 | 9 | -------------------------------------------------------------------------------- /scripts/payload/csharp.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "csharp", 3 | "files": [{ 4 | "name": "main.cs", 5 | "content": "using System;\n\nclass MainClass {\n static void Main() {\n Console.WriteLine(\"Hello 🌎!\");\n }\n}" 6 | }] 7 | } 8 | 9 | -------------------------------------------------------------------------------- /scripts/payload/dart.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "dart", 3 | "files": [{ 4 | "name": "main.dart", 5 | "content": "void main() {\n print('Hello 🌎!');\n}" 6 | }] 7 | } 8 | -------------------------------------------------------------------------------- /scripts/payload/dlang.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "d", 3 | "files": [{ 4 | "name": "main.d", 5 | "content": "import std.stdio;\n\nvoid main()\n{\n writeln(\"Hello 🌎!\");\n}\n" 6 | }] 7 | } 8 | -------------------------------------------------------------------------------- /scripts/payload/elixir.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "elixir", 3 | "files": [{ 4 | "name": "main.ex", 5 | "content": "IO.puts \"Hello 🌎!\"\n" 6 | }] 7 | } 8 | 9 | -------------------------------------------------------------------------------- /scripts/payload/elm.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "elm", 3 | "files": [{ 4 | "name": "Main.elm", 5 | "content": "module Main exposing (main)\nimport Html exposing (..)\n\nmain =\n text \"Hello 🌎!\"" 6 | }] 7 | } 8 | -------------------------------------------------------------------------------- /scripts/payload/erlang.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "erlang", 3 | "files": [{ 4 | "name": "main.erl", 5 | "content": "% escript will ignore the first line\n\nmain(_) ->\n io:setopts([{encoding, unicode}]),\n io:format(\"Hello 🌎\").\n" 6 | }] 7 | } 8 | -------------------------------------------------------------------------------- /scripts/payload/fsharp.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "fsharp", 3 | "files": [{ 4 | "name": "main.fs", 5 | "content": "printfn \"Hello 🌎!\"" 6 | }] 7 | } 8 | 9 | -------------------------------------------------------------------------------- /scripts/payload/golang.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "go", 3 | "files": [{ 4 | "name": "main.go", 5 | "content": "package main\n\nimport (\n \"fmt\"\n)\n\nfunc main() {\n fmt.Println(\"Hello 🌎!\")\n}\n" 6 | }] 7 | } 8 | -------------------------------------------------------------------------------- /scripts/payload/groovy.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "groovy", 3 | "files": [{ 4 | "name": "main.groovy", 5 | "content": "println \"Hello 🌎!\"" 6 | }] 7 | } 8 | -------------------------------------------------------------------------------- /scripts/payload/haskell.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "haskell", 3 | "files": [{ 4 | "name": "main.hs", 5 | "content": "main = putStrLn \"Hello 🌎!\"" 6 | }] 7 | } 8 | -------------------------------------------------------------------------------- /scripts/payload/idris.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "idris", 3 | "files": [{ 4 | "name": "main.idr", 5 | "content": "module Main\n\nmain : IO ()\nmain = putStrLn \"Hello 🌎!\"" 6 | }] 7 | } 8 | 9 | -------------------------------------------------------------------------------- /scripts/payload/java.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "java", 3 | "files": [{ 4 | "name": "Main.java", 5 | "content": "class Main {\n public static void main(String[] args) {\n System.out.println(\"Hello 🌎!\");\n }\n}" 6 | }] 7 | } 8 | -------------------------------------------------------------------------------- /scripts/payload/javascript.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "javascript", 3 | "files": [{ 4 | "name": "main.js", 5 | "content": "console.log(\"Hello 🌎!\");" 6 | }] 7 | } 8 | -------------------------------------------------------------------------------- /scripts/payload/julia.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "julia", 3 | "files": [{ 4 | "name": "main.jl", 5 | "content": "println(\"Hello 🌎!\")" 6 | }] 7 | } 8 | -------------------------------------------------------------------------------- /scripts/payload/kotlin.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "kotlin", 3 | "files": [{ 4 | "name": "main.kt", 5 | "content": "fun main(args : Array){\n println(\"Hello 🌎!\")\n}" 6 | }] 7 | } 8 | 9 | -------------------------------------------------------------------------------- /scripts/payload/lua.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "lua", 3 | "files": [{ 4 | "name": "main.lua", 5 | "content": "print(\"Hello 🌎!\");" 6 | }] 7 | } 8 | 9 | -------------------------------------------------------------------------------- /scripts/payload/mercury.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "mercury", 3 | "files": [{ 4 | "name": "main.m", 5 | "content": ":- module main.\n:- interface.\n:- import_module io.\n\n:- pred main(io::di, io::uo) is det.\n\n:- implementation.\n\nmain(!IO) :-\n\tio.write_string(\"Hello 🌎!\", !IO)." 6 | }] 7 | } 8 | -------------------------------------------------------------------------------- /scripts/payload/nim.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "nim", 3 | "files": [{ 4 | "name": "main.nim", 5 | "content": "echo(\"Hello 🌎!\")" 6 | }] 7 | } 8 | 9 | -------------------------------------------------------------------------------- /scripts/payload/ocaml.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "ocaml", 3 | "files": [{ 4 | "name": "main.ml", 5 | "content": "print_endline \"Hello 🌎!\"" 6 | }] 7 | } 8 | 9 | -------------------------------------------------------------------------------- /scripts/payload/perl.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "perl", 3 | "files": [{ 4 | "name": "main.pl", 5 | "content": "print \"Hello 🌎!\\n\";" 6 | }] 7 | } 8 | 9 | -------------------------------------------------------------------------------- /scripts/payload/php.json: -------------------------------------------------------------------------------- 1 | { 2 | "language": "php", 3 | "files": [{ 4 | "name": "main.php", 5 | "content": " ErrorResponse { 11 | ErrorResponse { 12 | status_code: 401, 13 | body: ErrorBody { 14 | error: "access_token".to_string(), 15 | message: "Missing or wrong access token".to_string(), 16 | }, 17 | } 18 | } 19 | 20 | pub struct SuccessResponse { 21 | pub status_code: u16, 22 | pub body: Vec, 23 | } 24 | 25 | pub enum JsonFormat { 26 | Minimal, 27 | Pretty, 28 | } 29 | 30 | pub fn prepare_json_response( 31 | body: &T, 32 | format: JsonFormat, 33 | ) -> Result { 34 | let json_to_vec = match format { 35 | JsonFormat::Minimal => serde_json::to_vec, 36 | 37 | JsonFormat::Pretty => serde_json::to_vec_pretty, 38 | }; 39 | 40 | match json_to_vec(body) { 41 | Ok(data) => Ok(SuccessResponse { 42 | status_code: 200, 43 | body: data, 44 | }), 45 | 46 | Err(err) => Err(ErrorResponse { 47 | status_code: 500, 48 | body: ErrorBody { 49 | error: "response.serialize".to_string(), 50 | message: format!("Failed to serialize response: {}", err), 51 | }, 52 | }), 53 | } 54 | } 55 | 56 | #[derive(Debug)] 57 | pub struct ErrorResponse { 58 | pub status_code: u16, 59 | pub body: ErrorBody, 60 | } 61 | 62 | #[derive(Debug, serde::Serialize, serde::Deserialize)] 63 | #[serde(rename_all = "camelCase")] 64 | pub struct ErrorBody { 65 | pub error: String, 66 | pub message: String, 67 | } 68 | -------------------------------------------------------------------------------- /src/docker_run/api/root.rs: -------------------------------------------------------------------------------- 1 | use crate::docker_run::api; 2 | 3 | const VERSION: Option<&'static str> = option_env!("CARGO_PKG_VERSION"); 4 | 5 | #[derive(Debug, serde::Serialize)] 6 | struct ServiceInfo { 7 | name: String, 8 | version: String, 9 | description: String, 10 | } 11 | 12 | pub fn handle() -> Result { 13 | api::prepare_json_response( 14 | &ServiceInfo { 15 | name: "docker-run".to_string(), 16 | version: VERSION.unwrap_or("unknown").to_string(), 17 | description: "Api for running code in transient docker containers".to_string(), 18 | }, 19 | api::JsonFormat::Pretty, 20 | ) 21 | } 22 | -------------------------------------------------------------------------------- /src/docker_run/api/run.rs: -------------------------------------------------------------------------------- 1 | use serde_json::{Map, Value}; 2 | 3 | use crate::docker_run::api; 4 | use crate::docker_run::config; 5 | use crate::docker_run::docker; 6 | use crate::docker_run::run; 7 | 8 | #[derive(Debug, serde::Deserialize)] 9 | pub struct RequestBody { 10 | pub image: String, 11 | pub payload: Map, 12 | } 13 | 14 | pub fn handle( 15 | config: &config::Config, 16 | req_body: RequestBody, 17 | ) -> Result { 18 | let container_config = run::prepare_container_config(req_body.image, config.container.clone()); 19 | 20 | let run_result = run::run( 21 | config.unix_socket.clone(), 22 | run::RunRequest { 23 | container_config, 24 | payload: req_body.payload, 25 | limits: config.run.clone(), 26 | }, 27 | config.debug.clone(), 28 | ) 29 | .map_err(handle_error)?; 30 | 31 | api::prepare_json_response(&run_result, api::JsonFormat::Minimal) 32 | } 33 | 34 | fn handle_error(err: run::Error) -> api::ErrorResponse { 35 | match &err { 36 | run::Error::UnixStream(_) => error_response(&err, 500, "docker.unixsocket"), 37 | 38 | run::Error::CreateContainer(_) => error_response(&err, 400, "docker.container.create"), 39 | 40 | run::Error::StartContainer(_) => error_response(&err, 500, "docker.container.start"), 41 | 42 | run::Error::AttachContainer(_) => error_response(&err, 500, "docker.container.attach"), 43 | 44 | run::Error::SerializePayload(_) => { 45 | error_response(&err, 400, "docker.container.stream.payload.serialize") 46 | } 47 | 48 | run::Error::ReadStream(stream_error) => match stream_error { 49 | docker::StreamError::MaxExecutionTime() => { 50 | error_response(&err, 400, "limits.execution_time") 51 | } 52 | 53 | docker::StreamError::MaxReadSize(_) => error_response(&err, 400, "limits.read.size"), 54 | 55 | _ => error_response(&err, 500, "docker.container.stream.read"), 56 | }, 57 | 58 | run::Error::StreamStdinUnexpected(_) => error_response(&err, 500, "coderunner.stdin"), 59 | 60 | run::Error::StreamStderr(_) => error_response(&err, 500, "coderunner.stderr"), 61 | 62 | run::Error::StreamStdoutDecode(_) => error_response(&err, 500, "coderunner.stdout.decode"), 63 | } 64 | } 65 | 66 | fn error_response(err: &run::Error, status_code: u16, error_code: &str) -> api::ErrorResponse { 67 | api::ErrorResponse { 68 | status_code, 69 | body: api::ErrorBody { 70 | error: error_code.to_string(), 71 | message: err.to_string(), 72 | }, 73 | } 74 | } 75 | -------------------------------------------------------------------------------- /src/docker_run/api/version.rs: -------------------------------------------------------------------------------- 1 | use std::fmt; 2 | 3 | use crate::docker_run::api; 4 | use crate::docker_run::config; 5 | use crate::docker_run::docker; 6 | use crate::docker_run::unix_stream; 7 | 8 | #[derive(Debug, serde::Serialize)] 9 | struct VersionInfo { 10 | docker: docker::VersionResponse, 11 | } 12 | 13 | pub fn handle(config: &config::Config) -> Result { 14 | let data = get_version_info(&config.unix_socket).map_err(handle_error)?; 15 | 16 | api::prepare_json_response(&data, api::JsonFormat::Pretty) 17 | } 18 | 19 | fn get_version_info(stream_config: &unix_stream::Config) -> Result { 20 | let docker_response = unix_stream::with_stream(stream_config, Error::UnixStream, |stream| { 21 | docker::version(stream).map_err(Error::Version) 22 | })?; 23 | 24 | Ok(VersionInfo { 25 | docker: docker_response.body().clone(), 26 | }) 27 | } 28 | 29 | fn handle_error(err: Error) -> api::ErrorResponse { 30 | match err { 31 | Error::UnixStream(_) => api::ErrorResponse { 32 | status_code: 500, 33 | body: api::ErrorBody { 34 | error: "docker.unixsocket".to_string(), 35 | message: err.to_string(), 36 | }, 37 | }, 38 | 39 | Error::Version(_) => api::ErrorResponse { 40 | status_code: 500, 41 | body: api::ErrorBody { 42 | error: "docker.version".to_string(), 43 | message: err.to_string(), 44 | }, 45 | }, 46 | } 47 | } 48 | 49 | pub enum Error { 50 | UnixStream(unix_stream::Error), 51 | Version(docker::Error), 52 | } 53 | 54 | impl fmt::Display for Error { 55 | fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { 56 | match self { 57 | Error::UnixStream(err) => { 58 | write!(f, "Unix socket failure: {}", err) 59 | } 60 | 61 | Error::Version(err) => { 62 | write!(f, "Failed to get docker version: {}", err) 63 | } 64 | } 65 | } 66 | } 67 | -------------------------------------------------------------------------------- /src/docker_run/config.rs: -------------------------------------------------------------------------------- 1 | use crate::docker_run::api; 2 | use crate::docker_run::debug; 3 | use crate::docker_run::run; 4 | use crate::docker_run::unix_stream; 5 | 6 | #[derive(Clone, Debug)] 7 | pub struct Config { 8 | pub server: ServerConfig, 9 | pub api: api::ApiConfig, 10 | pub unix_socket: unix_stream::Config, 11 | pub container: run::ContainerConfig, 12 | pub run: run::Limits, 13 | pub debug: debug::Config, 14 | } 15 | 16 | #[derive(Clone, Debug)] 17 | pub struct ServerConfig { 18 | pub listen_addr: String, 19 | pub listen_port: u16, 20 | pub worker_threads: usize, 21 | } 22 | -------------------------------------------------------------------------------- /src/docker_run/debug.rs: -------------------------------------------------------------------------------- 1 | #[derive(Clone, Debug)] 2 | pub struct Config { 3 | pub keep_container: bool, 4 | } 5 | -------------------------------------------------------------------------------- /src/docker_run/docker.rs: -------------------------------------------------------------------------------- 1 | use crate::docker_run::http_extra; 2 | use serde::{Deserialize, Serialize}; 3 | use std::collections::HashMap; 4 | use std::convert::TryInto; 5 | use std::fmt; 6 | use std::io; 7 | use std::io::{Read, Write}; 8 | 9 | #[derive(Debug, Serialize)] 10 | #[serde(rename_all = "PascalCase")] 11 | pub struct ContainerConfig { 12 | pub hostname: String, 13 | pub user: String, 14 | pub attach_stdin: bool, 15 | pub attach_stdout: bool, 16 | pub attach_stderr: bool, 17 | pub tty: bool, 18 | pub open_stdin: bool, 19 | pub stdin_once: bool, 20 | pub image: String, 21 | pub network_disabled: bool, 22 | pub host_config: HostConfig, 23 | } 24 | 25 | #[derive(Debug, Serialize)] 26 | #[serde(rename_all = "PascalCase")] 27 | pub struct HostConfig { 28 | pub memory: i64, 29 | pub privileged: bool, 30 | pub cap_add: Vec, 31 | pub cap_drop: Vec, 32 | pub ulimits: Vec, 33 | pub readonly_rootfs: bool, 34 | pub tmpfs: HashMap, 35 | } 36 | 37 | #[derive(Debug, Serialize)] 38 | #[serde(rename_all = "PascalCase")] 39 | pub struct Ulimit { 40 | pub name: String, 41 | pub soft: i64, 42 | pub hard: i64, 43 | } 44 | 45 | #[derive(Debug)] 46 | pub enum Error { 47 | PrepareRequest(PrepareRequestError), 48 | SendRequest(http_extra::Error), 49 | } 50 | 51 | impl fmt::Display for Error { 52 | fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { 53 | match self { 54 | Error::PrepareRequest(err) => { 55 | write!(f, "Failed to prepare request: {}", err) 56 | } 57 | 58 | Error::SendRequest(err) => { 59 | write!(f, "Failed while sending request: {}", err) 60 | } 61 | } 62 | } 63 | } 64 | 65 | #[derive(Debug)] 66 | pub enum PrepareRequestError { 67 | SerializeBody(serde_json::Error), 68 | Request(http::Error), 69 | } 70 | 71 | impl fmt::Display for PrepareRequestError { 72 | fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { 73 | match self { 74 | PrepareRequestError::SerializeBody(err) => { 75 | write!(f, "Failed to serialize request body: {}", err) 76 | } 77 | 78 | PrepareRequestError::Request(err) => { 79 | write!(f, "{}", err) 80 | } 81 | } 82 | } 83 | } 84 | 85 | #[derive(Deserialize, Serialize, Clone, Debug)] 86 | #[serde(rename_all(deserialize = "PascalCase"))] 87 | #[serde(rename_all(serialize = "camelCase"))] 88 | pub struct VersionResponse { 89 | pub version: String, 90 | pub api_version: String, 91 | pub git_commit: String, 92 | pub go_version: String, 93 | pub os: String, 94 | pub arch: String, 95 | pub kernel_version: String, 96 | pub build_time: String, 97 | pub platform: VersionPlatformResponse, 98 | pub components: Vec, 99 | } 100 | 101 | #[derive(Deserialize, Serialize, Clone, Debug)] 102 | #[serde(rename_all(deserialize = "PascalCase"))] 103 | #[serde(rename_all(serialize = "camelCase"))] 104 | pub struct VersionPlatformResponse { 105 | pub name: String, 106 | } 107 | 108 | #[derive(Deserialize, Serialize, Clone, Debug)] 109 | #[serde(rename_all(deserialize = "PascalCase"))] 110 | #[serde(rename_all(serialize = "camelCase"))] 111 | pub struct VersionComponentResponse { 112 | pub name: String, 113 | pub version: String, 114 | } 115 | 116 | pub fn version_request() -> Result, http::Error> { 117 | http::Request::get("/version") 118 | .header("Accept", "application/json") 119 | .header("Host", "127.0.0.1") 120 | .header("Connection", "close") 121 | .body(http_extra::Body::Empty()) 122 | } 123 | 124 | pub fn version( 125 | stream: Stream, 126 | ) -> Result, Error> { 127 | let req = 128 | version_request().map_err(|x| Error::PrepareRequest(PrepareRequestError::Request(x)))?; 129 | 130 | http_extra::send_request(stream, req).map_err(Error::SendRequest) 131 | } 132 | 133 | #[derive(Deserialize, Serialize, Clone, Debug)] 134 | #[serde(rename_all(deserialize = "PascalCase"))] 135 | #[serde(rename_all(serialize = "camelCase"))] 136 | pub struct ContainerCreatedResponse { 137 | pub id: String, 138 | pub warnings: Vec, 139 | } 140 | 141 | pub fn create_container_request( 142 | config: &ContainerConfig, 143 | ) -> Result, PrepareRequestError> { 144 | let body = serde_json::to_vec(config).map_err(PrepareRequestError::SerializeBody)?; 145 | 146 | http::Request::post("/containers/create") 147 | .header("Content-Type", "application/json") 148 | .header("Accept", "application/json") 149 | .header("Host", "127.0.0.1") 150 | .header("Content-Length", body.len()) 151 | .header("Connection", "close") 152 | .body(http_extra::Body::Bytes(body)) 153 | .map_err(PrepareRequestError::Request) 154 | } 155 | 156 | pub fn create_container( 157 | stream: Stream, 158 | config: &ContainerConfig, 159 | ) -> Result, Error> { 160 | let req = create_container_request(config).map_err(Error::PrepareRequest)?; 161 | 162 | http_extra::send_request(stream, req).map_err(Error::SendRequest) 163 | } 164 | 165 | pub fn start_container_request( 166 | container_id: &str, 167 | ) -> Result, http::Error> { 168 | let url = format!("/containers/{}/start", container_id); 169 | 170 | http::Request::post(url) 171 | .header("Accept", "application/json") 172 | .header("Host", "127.0.0.1") 173 | .header("Connection", "close") 174 | .body(http_extra::Body::Empty()) 175 | } 176 | 177 | pub fn start_container( 178 | stream: Stream, 179 | container_id: &str, 180 | ) -> Result, Error> { 181 | let req = start_container_request(container_id) 182 | .map_err(|x| Error::PrepareRequest(PrepareRequestError::Request(x)))?; 183 | 184 | http_extra::send_request(stream, req).map_err(Error::SendRequest) 185 | } 186 | 187 | pub fn remove_container_request( 188 | container_id: &str, 189 | ) -> Result, http::Error> { 190 | let url = format!("/containers/{}?v=1&force=1", container_id); 191 | 192 | http::Request::delete(url) 193 | .header("Accept", "application/json") 194 | .header("Host", "127.0.0.1") 195 | .header("Connection", "close") 196 | .body(http_extra::Body::Empty()) 197 | } 198 | 199 | pub fn remove_container( 200 | stream: Stream, 201 | container_id: &str, 202 | ) -> Result, Error> { 203 | let req = remove_container_request(container_id) 204 | .map_err(|x| Error::PrepareRequest(PrepareRequestError::Request(x)))?; 205 | 206 | http_extra::send_request(stream, req).map_err(Error::SendRequest) 207 | } 208 | 209 | pub fn attach_container_request( 210 | container_id: &str, 211 | ) -> Result, http::Error> { 212 | let url = format!( 213 | "/containers/{}/attach?stream=1&stdout=1&stdin=1&stderr=1", 214 | container_id 215 | ); 216 | 217 | http::Request::post(url) 218 | .header("Host", "127.0.0.1") 219 | .body(http_extra::Body::Empty()) 220 | } 221 | 222 | pub fn attach_container( 223 | stream: Stream, 224 | container_id: &str, 225 | ) -> Result, Error> { 226 | let req = attach_container_request(container_id) 227 | .map_err(|x| Error::PrepareRequest(PrepareRequestError::Request(x)))?; 228 | 229 | http_extra::send_request(stream, req).map_err(Error::SendRequest) 230 | } 231 | 232 | #[derive(Debug)] 233 | pub enum StreamError { 234 | Read(io::Error), 235 | ReadStreamType(io::Error), 236 | UnknownStreamType(u8), 237 | ReadStreamLength(io::Error), 238 | InvalidStreamLength(>::Error), 239 | MaxExecutionTime(), 240 | MaxReadSize(usize), 241 | } 242 | 243 | impl fmt::Display for StreamError { 244 | fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { 245 | match self { 246 | StreamError::Read(err) => { 247 | write!(f, "{}", err) 248 | } 249 | 250 | StreamError::ReadStreamType(err) => { 251 | write!(f, "Failed to read stream type: {}", err) 252 | } 253 | 254 | StreamError::UnknownStreamType(stream_type) => { 255 | write!(f, "Unknown stream type: (type: {})", stream_type) 256 | } 257 | 258 | StreamError::ReadStreamLength(err) => { 259 | write!(f, "Failed to read stream length: {}", err) 260 | } 261 | 262 | StreamError::InvalidStreamLength(err) => { 263 | write!(f, "Failed to parse stream length: {}", err) 264 | } 265 | 266 | StreamError::MaxExecutionTime() => { 267 | write!(f, "Max execution time exceeded") 268 | } 269 | 270 | StreamError::MaxReadSize(max_size) => { 271 | write!(f, "Max output size exceeded ({} bytes)", max_size) 272 | } 273 | } 274 | } 275 | } 276 | 277 | #[derive(Debug)] 278 | pub struct StreamOutput { 279 | pub stdin: Vec, 280 | pub stdout: Vec, 281 | pub stderr: Vec, 282 | } 283 | 284 | pub fn read_stream(r: R, max_read_size: usize) -> Result { 285 | let mut reader = iowrap::Eof::new(r); 286 | let mut read_size = 0; 287 | let mut stdin = Vec::new(); 288 | let mut stdout = Vec::new(); 289 | let mut stderr = Vec::new(); 290 | 291 | while !reader.eof().map_err(io_read_error_to_stream_error)? { 292 | let stream_type = read_stream_type(&mut reader)?; 293 | let stream_length = read_stream_length(&mut reader)?; 294 | 295 | let mut buffer = vec![0u8; stream_length]; 296 | reader 297 | .read_exact(&mut buffer) 298 | .map_err(io_read_error_to_stream_error)?; 299 | 300 | match stream_type { 301 | StreamType::Stdin() => { 302 | stdin.append(&mut buffer); 303 | } 304 | 305 | StreamType::Stdout() => { 306 | stdout.append(&mut buffer); 307 | } 308 | 309 | StreamType::Stderr() => { 310 | stderr.append(&mut buffer); 311 | } 312 | } 313 | 314 | read_size += stream_length; 315 | 316 | err_if_false( 317 | read_size <= max_read_size, 318 | StreamError::MaxReadSize(max_read_size), 319 | )?; 320 | } 321 | 322 | Ok(StreamOutput { 323 | stdin, 324 | stdout, 325 | stderr, 326 | }) 327 | } 328 | 329 | fn io_read_error_to_stream_error(err: io::Error) -> StreamError { 330 | if err.kind() == io::ErrorKind::WouldBlock { 331 | StreamError::MaxExecutionTime() 332 | } else { 333 | StreamError::Read(err) 334 | } 335 | } 336 | 337 | fn err_if_false(value: bool, err: E) -> Result<(), E> { 338 | if value { 339 | Ok(()) 340 | } else { 341 | Err(err) 342 | } 343 | } 344 | 345 | #[derive(Debug)] 346 | enum StreamType { 347 | Stdin(), 348 | Stdout(), 349 | Stderr(), 350 | } 351 | 352 | impl StreamType { 353 | fn from_byte(n: u8) -> Option { 354 | match n { 355 | 0 => Some(StreamType::Stdin()), 356 | 1 => Some(StreamType::Stdout()), 357 | 2 => Some(StreamType::Stderr()), 358 | _ => None, 359 | } 360 | } 361 | } 362 | 363 | fn read_stream_type(mut reader: R) -> Result { 364 | let mut buffer = [0; 4]; 365 | reader 366 | .read_exact(&mut buffer) 367 | .map_err(StreamError::ReadStreamType)?; 368 | 369 | StreamType::from_byte(buffer[0]).ok_or(StreamError::UnknownStreamType(buffer[0])) 370 | } 371 | 372 | fn read_stream_length(mut reader: R) -> Result { 373 | let mut buffer = [0; 4]; 374 | reader 375 | .read_exact(&mut buffer) 376 | .map_err(StreamError::ReadStreamLength)?; 377 | 378 | u32::from_be_bytes(buffer) 379 | .try_into() 380 | .map_err(StreamError::InvalidStreamLength) 381 | } 382 | -------------------------------------------------------------------------------- /src/docker_run/environment.rs: -------------------------------------------------------------------------------- 1 | use std::collections::HashMap; 2 | use std::env; 3 | use std::fmt; 4 | use std::str::FromStr; 5 | 6 | pub type Environment = HashMap; 7 | 8 | pub fn get_environment() -> Environment { 9 | env::vars().collect() 10 | } 11 | 12 | pub fn lookup(environment: &Environment, key: &'static str) -> Result 13 | where 14 | T: FromStr, 15 | T::Err: fmt::Display, 16 | { 17 | environment 18 | .get(key) 19 | .ok_or(Error::KeyNotFound(key)) 20 | .and_then(|string_value| { 21 | string_value.parse::().map_err(|err| Error::Parse { 22 | key, 23 | details: err.to_string(), 24 | }) 25 | }) 26 | } 27 | 28 | pub fn lookup_optional(environment: &Environment, key: &'static str) -> Result, Error> 29 | where 30 | T: FromStr, 31 | T::Err: fmt::Display, 32 | { 33 | match environment.get(key) { 34 | None => Ok(None), 35 | 36 | Some(string_value) => string_value 37 | .parse::() 38 | .map(Some) 39 | .map_err(|err| Error::Parse { 40 | key, 41 | details: err.to_string(), 42 | }), 43 | } 44 | } 45 | 46 | #[derive(Debug)] 47 | pub enum Error { 48 | KeyNotFound(&'static str), 49 | Parse { key: &'static str, details: String }, 50 | } 51 | 52 | impl fmt::Display for Error { 53 | fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { 54 | match self { 55 | Error::KeyNotFound(key) => write!(f, "Environment key not found: «{0}»", key), 56 | 57 | Error::Parse { key, details } => write!( 58 | f, 59 | "Failed to parse value for environment key: «{0}», details: {1}", 60 | key, details 61 | ), 62 | } 63 | } 64 | } 65 | 66 | pub fn space_separated_string(s: String) -> Vec { 67 | s.split(' ') 68 | .map(|s| s.trim().to_string()) 69 | .filter(|s| !s.is_empty()) 70 | .collect() 71 | } 72 | -------------------------------------------------------------------------------- /src/docker_run/http_extra.rs: -------------------------------------------------------------------------------- 1 | use http::header; 2 | use http::header::CONTENT_LENGTH; 3 | use http::header::TRANSFER_ENCODING; 4 | use http::response; 5 | use http::status; 6 | use http::{Request, Response}; 7 | use serde::de::DeserializeOwned; 8 | use serde::Deserialize; 9 | use std::fmt; 10 | use std::io; 11 | use std::io::BufRead; 12 | use std::io::BufReader; 13 | use std::io::{Read, Write}; 14 | use std::str::FromStr; 15 | 16 | const CARRIAGE_RETURN: u8 = 0xD; 17 | const LINE_FEED: u8 = 0xA; 18 | 19 | pub enum Body { 20 | Empty(), 21 | Bytes(Vec), 22 | } 23 | 24 | #[derive(Debug)] 25 | pub enum Error { 26 | WriteRequest(io::Error), 27 | ReadResponse(io::Error), 28 | ParseResponseHead(ParseError), 29 | BadStatus(status::StatusCode, Vec), 30 | ReadChunkedBody(ReadChunkError), 31 | ReadBody(io::Error), 32 | DeserializeBody(serde_json::Error), 33 | } 34 | 35 | impl fmt::Display for Error { 36 | fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { 37 | match self { 38 | Error::WriteRequest(err) => { 39 | write!(f, "Failed to send request: {}", err) 40 | } 41 | 42 | Error::ReadResponse(err) => { 43 | write!(f, "Failed read response: {}", err) 44 | } 45 | 46 | Error::ParseResponseHead(err) => { 47 | write!(f, "Failed parse response head: {}", err) 48 | } 49 | 50 | Error::ReadChunkedBody(err) => { 51 | write!(f, "Failed read to chunked response body: {}", err) 52 | } 53 | 54 | Error::ReadBody(err) => { 55 | write!(f, "Failed read to response body: {}", err) 56 | } 57 | 58 | Error::BadStatus(status_code, body) => { 59 | let msg = String::from_utf8(body.to_vec()).unwrap_or(format!("{:?}", body)); 60 | 61 | write!(f, "Unexpected status code {}: {}", status_code, msg) 62 | } 63 | 64 | Error::DeserializeBody(err) => { 65 | write!(f, "Failed deserialize response body: {}", err) 66 | } 67 | } 68 | } 69 | } 70 | 71 | pub fn send_request( 72 | mut stream: Stream, 73 | req: Request, 74 | ) -> Result, Error> 75 | where 76 | Stream: Read + Write, 77 | ResponseBody: DeserializeOwned, 78 | { 79 | write_request_head(&mut stream, &req).map_err(Error::WriteRequest)?; 80 | 81 | write_request_body(&mut stream, &req).map_err(Error::WriteRequest)?; 82 | 83 | let mut reader = BufReader::new(stream); 84 | 85 | let response_head = read_response_head(&mut reader).map_err(Error::ReadResponse)?; 86 | 87 | let response_parts = parse_response_head(response_head).map_err(Error::ParseResponseHead)?; 88 | 89 | // Read response body 90 | let raw_body = match get_transfer_encoding(&response_parts.headers) { 91 | TransferEncoding::Chunked() => { 92 | read_chunked_response_body(reader).map_err(Error::ReadChunkedBody)? 93 | } 94 | 95 | _ => { 96 | let content_length = get_content_length(&response_parts.headers); 97 | read_response_body(content_length, reader).map_err(Error::ReadBody)? 98 | } 99 | }; 100 | 101 | err_if_false( 102 | response_parts.status.is_success(), 103 | Error::BadStatus(response_parts.status, raw_body.clone()), 104 | )?; 105 | 106 | let body = serde_json::from_slice(&raw_body).map_err(Error::DeserializeBody)?; 107 | 108 | Ok(Response::from_parts(response_parts, body)) 109 | } 110 | 111 | fn read_response_body( 112 | content_length: usize, 113 | mut reader: R, 114 | ) -> Result, io::Error> { 115 | if content_length > 0 { 116 | let mut buffer = vec![0u8; content_length]; 117 | reader.read_exact(&mut buffer)?; 118 | Ok(buffer) 119 | } else { 120 | Ok(vec![]) 121 | } 122 | } 123 | 124 | #[derive(Debug)] 125 | pub enum ReadChunkError { 126 | ReadChunkLength(io::Error), 127 | ParseChunkLength(std::num::ParseIntError), 128 | ReadChunk(io::Error), 129 | SkipLineFeed(io::Error), 130 | } 131 | 132 | impl fmt::Display for ReadChunkError { 133 | fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { 134 | match self { 135 | ReadChunkError::ReadChunkLength(err) => { 136 | write!(f, "Failed to read chunk length: {}", err) 137 | } 138 | 139 | ReadChunkError::ParseChunkLength(err) => { 140 | write!(f, "Failed parse chunk length: {}", err) 141 | } 142 | 143 | ReadChunkError::ReadChunk(err) => { 144 | write!(f, "Failed read chunk: {}", err) 145 | } 146 | 147 | ReadChunkError::SkipLineFeed(err) => { 148 | write!(f, "Failed read line feed at end of chunk: {}", err) 149 | } 150 | } 151 | } 152 | } 153 | 154 | fn read_chunked_response_body(mut reader: R) -> Result, ReadChunkError> { 155 | let mut body = vec![]; 156 | 157 | loop { 158 | let mut chunk = read_response_chunk(&mut reader)?; 159 | 160 | if chunk.is_empty() { 161 | break; 162 | } 163 | 164 | body.append(&mut chunk) 165 | } 166 | 167 | Ok(body) 168 | } 169 | 170 | fn read_response_chunk(mut reader: R) -> Result, ReadChunkError> { 171 | let mut buffer = String::new(); 172 | 173 | reader 174 | .read_line(&mut buffer) 175 | .map_err(ReadChunkError::ReadChunkLength)?; 176 | 177 | let chunk_length = 178 | usize::from_str_radix(buffer.trim_end(), 16).map_err(ReadChunkError::ParseChunkLength)?; 179 | 180 | let chunk = read_response_body(chunk_length, &mut reader).map_err(ReadChunkError::ReadChunk)?; 181 | 182 | let mut void = String::new(); 183 | reader 184 | .read_line(&mut void) 185 | .map_err(ReadChunkError::SkipLineFeed)?; 186 | 187 | Ok(chunk) 188 | } 189 | 190 | fn get_content_length(headers: &header::HeaderMap) -> usize { 191 | headers 192 | .get(CONTENT_LENGTH) 193 | .map(|value| value.to_str().unwrap_or("").parse().unwrap_or(0)) 194 | .unwrap_or(0) 195 | } 196 | 197 | enum TransferEncoding { 198 | NoEncoding(), 199 | Chunked(), 200 | Other(String), 201 | } 202 | 203 | impl TransferEncoding { 204 | pub fn from_str(value: &str) -> TransferEncoding { 205 | match value { 206 | "chunked" => TransferEncoding::Chunked(), 207 | 208 | "" => TransferEncoding::NoEncoding(), 209 | 210 | other => TransferEncoding::Other(other.to_string()), 211 | } 212 | } 213 | } 214 | 215 | fn get_transfer_encoding(headers: &header::HeaderMap) -> TransferEncoding { 216 | let value = headers 217 | .get(TRANSFER_ENCODING) 218 | .map(|value| value.to_str().unwrap_or("").to_string()) 219 | .unwrap_or_default(); 220 | 221 | TransferEncoding::from_str(&value) 222 | } 223 | 224 | #[derive(Debug)] 225 | pub struct EmptyResponse {} 226 | 227 | impl<'de> Deserialize<'de> for EmptyResponse { 228 | fn deserialize(_: D) -> Result 229 | where 230 | D: serde::Deserializer<'de>, 231 | { 232 | Ok(EmptyResponse {}) 233 | } 234 | } 235 | 236 | pub fn format_request_line(req: &Request) -> String { 237 | let path = req.uri().path_and_query().map(|x| x.as_str()).unwrap_or(""); 238 | 239 | format!("{} {} {:?}", req.method(), path, req.version()) 240 | } 241 | 242 | pub fn format_request_headers(req: &Request) -> String { 243 | req.headers() 244 | .iter() 245 | .map(|(key, value)| format!("{}: {}", key, value.to_str().unwrap_or(""))) 246 | .collect::>() 247 | .join("\r\n") 248 | } 249 | 250 | fn write_request_head(mut writer: W, req: &Request) -> Result<(), io::Error> { 251 | let request_line = format_request_line(req); 252 | write!(writer, "{}\r\n", request_line)?; 253 | 254 | let headers = format_request_headers(req); 255 | write!(writer, "{}\r\n\r\n", headers) 256 | } 257 | 258 | fn write_request_body(mut writer: W, req: &Request) -> Result<(), io::Error> { 259 | match req.body() { 260 | Body::Empty() => Ok(()), 261 | 262 | Body::Bytes(body) => writer.write_all(body), 263 | } 264 | } 265 | 266 | fn read_response_head(mut reader: R) -> Result, io::Error> { 267 | let mut response_headers = Vec::new(); 268 | 269 | for _ in 0..20 { 270 | if response_headers.ends_with(&[CARRIAGE_RETURN, LINE_FEED, CARRIAGE_RETURN, LINE_FEED]) { 271 | break; 272 | } 273 | 274 | reader.read_until(LINE_FEED, &mut response_headers)?; 275 | } 276 | 277 | Ok(response_headers) 278 | } 279 | 280 | #[derive(Debug)] 281 | pub enum ParseError { 282 | Parse(httparse::Error), 283 | Empty(), 284 | Partial(), 285 | Response(ResponseError), 286 | } 287 | 288 | impl fmt::Display for ParseError { 289 | fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { 290 | match self { 291 | ParseError::Parse(err) => { 292 | write!(f, "{}", err) 293 | } 294 | 295 | ParseError::Empty() => { 296 | write!(f, "Received empty response") 297 | } 298 | 299 | ParseError::Partial() => { 300 | write!(f, "Received partial response") 301 | } 302 | 303 | ParseError::Response(err) => { 304 | write!(f, "Invalid response: {}", err) 305 | } 306 | } 307 | } 308 | } 309 | 310 | pub fn parse_response_head(bytes: Vec) -> Result { 311 | let mut headers = [httparse::EMPTY_HEADER; 30]; 312 | let mut resp = httparse::Response::new(&mut headers); 313 | 314 | match resp.parse(&bytes) { 315 | Ok(httparse::Status::Complete(_)) => { 316 | let parts = to_http_parts(resp).map_err(ParseError::Response)?; 317 | Ok(parts) 318 | } 319 | 320 | Ok(httparse::Status::Partial) => { 321 | if bytes.is_empty() { 322 | Err(ParseError::Empty()) 323 | } else { 324 | Err(ParseError::Partial()) 325 | } 326 | } 327 | 328 | Err(err) => Err(ParseError::Parse(err)), 329 | } 330 | } 331 | 332 | #[derive(Debug)] 333 | pub enum ResponseError { 334 | InvalidBuilder(), 335 | HeaderName(header::InvalidHeaderName), 336 | HeaderValue(header::InvalidHeaderValue), 337 | StatusCode(), 338 | Builder(http::Error), 339 | } 340 | 341 | impl fmt::Display for ResponseError { 342 | fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { 343 | match self { 344 | ResponseError::InvalidBuilder() => { 345 | write!(f, "Invalid response builder") 346 | } 347 | 348 | ResponseError::HeaderName(err) => { 349 | write!(f, "Invalid header name: {}", err) 350 | } 351 | 352 | ResponseError::HeaderValue(err) => { 353 | write!(f, "Invalid header value: {}", err) 354 | } 355 | 356 | ResponseError::StatusCode() => { 357 | write!(f, "Failed to parse status code") 358 | } 359 | 360 | ResponseError::Builder(err) => { 361 | write!(f, "Response builder error: {}", err) 362 | } 363 | } 364 | } 365 | } 366 | 367 | fn to_http_parts(parsed: httparse::Response) -> Result { 368 | let mut builder = Response::builder(); 369 | let headers = builder 370 | .headers_mut() 371 | .ok_or(ResponseError::InvalidBuilder())?; 372 | 373 | for hdr in parsed.headers.iter() { 374 | let name = header::HeaderName::from_str(hdr.name).map_err(ResponseError::HeaderName)?; 375 | 376 | let value = 377 | header::HeaderValue::from_bytes(hdr.value).map_err(ResponseError::HeaderValue)?; 378 | 379 | headers.insert(name, value); 380 | } 381 | 382 | let code = parsed.code.ok_or(ResponseError::StatusCode())?; 383 | 384 | let response = builder 385 | .status(code) 386 | .body(()) 387 | .map_err(ResponseError::Builder)?; 388 | 389 | Ok(response.into_parts().0) 390 | } 391 | 392 | fn err_if_false(value: bool, err: E) -> Result<(), E> { 393 | if value { 394 | Ok(()) 395 | } else { 396 | Err(err) 397 | } 398 | } 399 | -------------------------------------------------------------------------------- /src/docker_run/mod.rs: -------------------------------------------------------------------------------- 1 | pub mod api; 2 | pub mod config; 3 | pub mod debug; 4 | pub mod docker; 5 | pub mod environment; 6 | pub mod http_extra; 7 | pub mod run; 8 | pub mod unix_stream; 9 | -------------------------------------------------------------------------------- /src/docker_run/run.rs: -------------------------------------------------------------------------------- 1 | use serde::Serialize; 2 | use serde_json::{Map, Value}; 3 | use std::collections::HashMap; 4 | use std::fmt; 5 | use std::net; 6 | use std::os::unix::net::UnixStream; 7 | use std::str; 8 | use std::time::Duration; 9 | 10 | use crate::docker_run::debug; 11 | use crate::docker_run::docker; 12 | use crate::docker_run::unix_stream; 13 | 14 | #[derive(Debug)] 15 | pub struct RunRequest { 16 | pub container_config: docker::ContainerConfig, 17 | pub payload: Payload, 18 | pub limits: Limits, 19 | } 20 | 21 | #[derive(Clone, Debug)] 22 | pub struct Limits { 23 | pub max_execution_time: Duration, 24 | pub max_output_size: usize, 25 | } 26 | 27 | pub fn run( 28 | stream_config: unix_stream::Config, 29 | run_request: RunRequest, 30 | debug: debug::Config, 31 | ) -> Result, Error> { 32 | let container_response = 33 | unix_stream::with_stream(&stream_config, Error::UnixStream, |stream| { 34 | docker::create_container(stream, &run_request.container_config) 35 | .map_err(Error::CreateContainer) 36 | })?; 37 | 38 | let container_id = &container_response.body().id; 39 | 40 | let result = run_with_container(&stream_config, run_request, container_id); 41 | 42 | if !debug.keep_container { 43 | let _ = unix_stream::with_stream(&stream_config, Error::UnixStream, |stream| { 44 | match docker::remove_container(stream, container_id) { 45 | Ok(_) => {} 46 | 47 | Err(err) => { 48 | log::error!("Failed to remove container: {}", err); 49 | } 50 | } 51 | 52 | Ok(()) 53 | }); 54 | } 55 | 56 | result 57 | } 58 | 59 | pub fn run_with_container( 60 | stream_config: &unix_stream::Config, 61 | run_request: RunRequest, 62 | container_id: &str, 63 | ) -> Result, Error> { 64 | unix_stream::with_stream(stream_config, Error::UnixStream, |stream| { 65 | docker::start_container(stream, container_id).map_err(Error::StartContainer) 66 | })?; 67 | 68 | let run_config = unix_stream::Config { 69 | read_timeout: run_request.limits.max_execution_time, 70 | ..stream_config.clone() 71 | }; 72 | 73 | unix_stream::with_stream(&run_config, Error::UnixStream, |stream| { 74 | run_code(stream, container_id, &run_request) 75 | }) 76 | } 77 | 78 | pub fn run_code( 79 | mut stream: &UnixStream, 80 | container_id: &str, 81 | run_request: &RunRequest, 82 | ) -> Result, Error> 83 | where 84 | Payload: Serialize, 85 | { 86 | docker::attach_container(&mut stream, container_id).map_err(Error::AttachContainer)?; 87 | 88 | // Send payload 89 | serde_json::to_writer(&mut stream, &run_request.payload).map_err(Error::SerializePayload)?; 90 | 91 | // Shutdown write stream which will trigger an EOF on the reader 92 | let _ = stream.shutdown(net::Shutdown::Write); 93 | 94 | // Read response 95 | let output = docker::read_stream(stream, run_request.limits.max_output_size) 96 | .map_err(Error::ReadStream)?; 97 | 98 | // Return error if we recieved stdin or stderr data from the stream 99 | err_if_false( 100 | output.stdin.is_empty(), 101 | Error::StreamStdinUnexpected(output.stdin), 102 | )?; 103 | err_if_false(output.stderr.is_empty(), Error::StreamStderr(output.stderr))?; 104 | 105 | // Decode stdout data to dict 106 | decode_dict(&output.stdout).map_err(Error::StreamStdoutDecode) 107 | } 108 | 109 | #[derive(Debug, Clone)] 110 | pub struct ContainerConfig { 111 | pub hostname: String, 112 | pub user: String, 113 | pub memory: i64, 114 | pub network_disabled: bool, 115 | pub ulimit_nofile_soft: i64, 116 | pub ulimit_nofile_hard: i64, 117 | pub ulimit_nproc_soft: i64, 118 | pub ulimit_nproc_hard: i64, 119 | pub cap_add: Vec, 120 | pub cap_drop: Vec, 121 | pub readonly_rootfs: bool, 122 | pub tmp_dir: Option, 123 | pub work_dir: Option, 124 | } 125 | 126 | #[derive(Debug, Clone)] 127 | pub struct Tmpfs { 128 | pub path: String, 129 | pub options: String, 130 | } 131 | 132 | impl ContainerConfig { 133 | pub fn tmpfs_mounts(&self) -> HashMap { 134 | [&self.tmp_dir, &self.work_dir] 135 | .iter() 136 | .filter_map(|tmpfs| tmpfs.as_ref()) 137 | .map(|tmpfs| (tmpfs.path.clone(), tmpfs.options.clone())) 138 | .collect() 139 | } 140 | } 141 | 142 | pub fn prepare_container_config( 143 | image_name: String, 144 | config: ContainerConfig, 145 | ) -> docker::ContainerConfig { 146 | let tmpfs = config.tmpfs_mounts(); 147 | 148 | docker::ContainerConfig { 149 | hostname: config.hostname, 150 | user: config.user, 151 | attach_stdin: true, 152 | attach_stdout: true, 153 | attach_stderr: true, 154 | tty: false, 155 | open_stdin: true, 156 | stdin_once: true, 157 | image: image_name, 158 | network_disabled: config.network_disabled, 159 | host_config: docker::HostConfig { 160 | memory: config.memory, 161 | privileged: false, 162 | cap_add: config.cap_add, 163 | cap_drop: config.cap_drop, 164 | ulimits: vec![ 165 | docker::Ulimit { 166 | name: "nofile".to_string(), 167 | soft: config.ulimit_nofile_soft, 168 | hard: config.ulimit_nofile_hard, 169 | }, 170 | docker::Ulimit { 171 | name: "nproc".to_string(), 172 | soft: config.ulimit_nproc_soft, 173 | hard: config.ulimit_nproc_hard, 174 | }, 175 | ], 176 | readonly_rootfs: config.readonly_rootfs, 177 | tmpfs, 178 | }, 179 | } 180 | } 181 | 182 | #[derive(Debug)] 183 | pub enum Error { 184 | UnixStream(unix_stream::Error), 185 | CreateContainer(docker::Error), 186 | StartContainer(docker::Error), 187 | AttachContainer(docker::Error), 188 | SerializePayload(serde_json::Error), 189 | ReadStream(docker::StreamError), 190 | StreamStdinUnexpected(Vec), 191 | StreamStderr(Vec), 192 | StreamStdoutDecode(serde_json::Error), 193 | } 194 | 195 | impl fmt::Display for Error { 196 | fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { 197 | match self { 198 | Error::UnixStream(err) => { 199 | write!(f, "Unix socket failure: {}", err) 200 | } 201 | 202 | Error::CreateContainer(err) => { 203 | write!(f, "Failed to create container: {}", err) 204 | } 205 | 206 | Error::StartContainer(err) => { 207 | write!(f, "Failed to start container: {}", err) 208 | } 209 | 210 | Error::AttachContainer(err) => { 211 | write!(f, "Failed to attach to container: {}", err) 212 | } 213 | 214 | Error::SerializePayload(err) => { 215 | write!(f, "Failed to send payload to stream: {}", err) 216 | } 217 | 218 | Error::ReadStream(err) => { 219 | write!(f, "Failed while reading stream: {}", err) 220 | } 221 | 222 | Error::StreamStdinUnexpected(bytes) => { 223 | let msg = String::from_utf8(bytes.to_vec()).unwrap_or(format!("{:?}", bytes)); 224 | 225 | write!(f, "Code runner returned unexpected stdin data: {}", msg) 226 | } 227 | 228 | Error::StreamStderr(bytes) => { 229 | let msg = String::from_utf8(bytes.to_vec()).unwrap_or(format!("{:?}", bytes)); 230 | 231 | write!(f, "Code runner failed with the following message: {}", msg) 232 | } 233 | 234 | Error::StreamStdoutDecode(err) => { 235 | write!( 236 | f, 237 | "Failed to decode json returned from code runner: {}", 238 | err 239 | ) 240 | } 241 | } 242 | } 243 | } 244 | 245 | fn decode_dict(data: &[u8]) -> Result, serde_json::Error> { 246 | serde_json::from_slice(data) 247 | } 248 | 249 | fn err_if_false(value: bool, err: E) -> Result<(), E> { 250 | if value { 251 | Ok(()) 252 | } else { 253 | Err(err) 254 | } 255 | } 256 | -------------------------------------------------------------------------------- /src/docker_run/unix_stream.rs: -------------------------------------------------------------------------------- 1 | use std::fmt; 2 | use std::io; 3 | use std::net::Shutdown; 4 | use std::os::unix::net::UnixStream; 5 | use std::path::PathBuf; 6 | use std::time::Duration; 7 | 8 | #[derive(Debug, Clone)] 9 | pub struct Config { 10 | pub path: PathBuf, 11 | pub read_timeout: Duration, 12 | pub write_timeout: Duration, 13 | } 14 | 15 | pub fn with_stream( 16 | config: &Config, 17 | to_error: ErrorTagger, 18 | f: F, 19 | ) -> Result 20 | where 21 | F: FnOnce(&mut UnixStream) -> Result, 22 | ErrorTagger: Copy, 23 | ErrorTagger: FnOnce(Error) -> E, 24 | { 25 | let mut stream = UnixStream::connect(&config.path) 26 | .map_err(Error::Connect) 27 | .map_err(to_error)?; 28 | 29 | stream 30 | .set_read_timeout(Some(config.read_timeout)) 31 | .map_err(Error::SetStreamTimeout) 32 | .map_err(to_error)?; 33 | 34 | stream 35 | .set_write_timeout(Some(config.write_timeout)) 36 | .map_err(Error::SetStreamTimeout) 37 | .map_err(to_error)?; 38 | 39 | let result = f(&mut stream)?; 40 | 41 | let _ = stream.shutdown(Shutdown::Both); 42 | 43 | Ok(result) 44 | } 45 | 46 | #[derive(Debug)] 47 | pub enum Error { 48 | Connect(io::Error), 49 | SetStreamTimeout(io::Error), 50 | } 51 | 52 | impl fmt::Display for Error { 53 | fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { 54 | match self { 55 | Error::Connect(err) => { 56 | write!(f, "Failed to connect to docker unix socket: {}", err) 57 | } 58 | 59 | Error::SetStreamTimeout(err) => { 60 | write!(f, "Failed set timeout on unix socket: {}", err) 61 | } 62 | } 63 | } 64 | } 65 | -------------------------------------------------------------------------------- /src/main.rs: -------------------------------------------------------------------------------- 1 | mod docker_run; 2 | 3 | use std::process; 4 | use std::time::Duration; 5 | 6 | use actix_web::http::header::ContentType; 7 | use actix_web::http::StatusCode; 8 | use actix_web::App; 9 | use actix_web::HttpRequest; 10 | use actix_web::HttpResponse; 11 | use actix_web::HttpServer; 12 | use actix_web::{get, post, web}; 13 | 14 | use docker_run::api; 15 | use docker_run::config; 16 | use docker_run::debug; 17 | use docker_run::environment; 18 | use docker_run::run; 19 | use docker_run::unix_stream; 20 | 21 | #[actix_web::main] 22 | async fn main() -> std::io::Result<()> { 23 | env_logger::init(); 24 | 25 | let env = environment::get_environment(); 26 | let config = prepare_config(&env); 27 | 28 | let listen_addr = config.server.listen_addr.clone(); 29 | let listen_port = config.server.listen_port; 30 | let worker_threads = config.server.worker_threads; 31 | 32 | log::info!("Listening on {}:{}", listen_addr, listen_port,); 33 | 34 | HttpServer::new(move || { 35 | App::new() 36 | .app_data(web::Data::new(config.clone())) 37 | .service(index_api) 38 | .service(version_api) 39 | .service(run_api) 40 | }) 41 | .workers(worker_threads) 42 | .client_request_timeout(Duration::from_secs(60)) 43 | .bind((listen_addr, listen_port))? 44 | .run() 45 | .await 46 | } 47 | 48 | #[get("/")] 49 | async fn index_api() -> HttpResponse { 50 | api::root::handle() 51 | .map(prepare_success_response) 52 | .unwrap_or_else(prepare_error_response) 53 | } 54 | 55 | #[get("/version")] 56 | async fn version_api(req: HttpRequest, config: web::Data) -> HttpResponse { 57 | if !has_valid_access_token(&req, &config) { 58 | prepare_error_response(api::authorization_error()) 59 | } else { 60 | api::version::handle(&config) 61 | .map(prepare_success_response) 62 | .unwrap_or_else(prepare_error_response) 63 | } 64 | } 65 | 66 | #[post("/run")] 67 | async fn run_api( 68 | req: HttpRequest, 69 | req_body: web::Json, 70 | config: web::Data, 71 | ) -> HttpResponse { 72 | if !has_valid_access_token(&req, &config) { 73 | prepare_error_response(api::authorization_error()) 74 | } else { 75 | api::run::handle(&config, req_body.into_inner()) 76 | .map(prepare_success_response) 77 | .unwrap_or_else(prepare_error_response) 78 | } 79 | } 80 | 81 | fn prepare_success_response(data: api::SuccessResponse) -> HttpResponse { 82 | let status_code = StatusCode::from_u16(data.status_code).unwrap_or(StatusCode::OK); 83 | 84 | HttpResponse::build(status_code) 85 | .content_type(ContentType::json()) 86 | .body(data.body) 87 | } 88 | 89 | fn prepare_error_response(data: api::ErrorResponse) -> HttpResponse { 90 | let status_code = 91 | StatusCode::from_u16(data.status_code).unwrap_or(StatusCode::INTERNAL_SERVER_ERROR); 92 | 93 | let body = serde_json::to_vec_pretty(&data.body) 94 | .unwrap_or_else(|_| b"Failed to serialize error body".to_vec()); 95 | 96 | HttpResponse::build(status_code) 97 | .content_type(ContentType::json()) 98 | .body(body) 99 | } 100 | 101 | fn has_valid_access_token(request: &HttpRequest, config: &config::Config) -> bool { 102 | let access_token = request 103 | .headers() 104 | .get("X-Access-Token") 105 | .map(|token| token.to_str().unwrap_or("")); 106 | 107 | match access_token { 108 | Some(token) => token == config.api.access_token, 109 | None => false, 110 | } 111 | } 112 | 113 | fn prepare_config(env: &environment::Environment) -> config::Config { 114 | match build_config(env) { 115 | Ok(config) => config, 116 | 117 | Err(err) => { 118 | log::error!("Failed to build config: {}", err); 119 | process::exit(1) 120 | } 121 | } 122 | } 123 | 124 | fn build_config(env: &environment::Environment) -> Result { 125 | let server = build_server_config(env)?; 126 | let api = build_api_config(env)?; 127 | let unix_socket = build_unix_socket_config(env)?; 128 | let container = build_container_config(env)?; 129 | let run = build_run_config(env)?; 130 | let debug = build_debug_config(env)?; 131 | 132 | Ok(config::Config { 133 | server, 134 | api, 135 | unix_socket, 136 | container, 137 | run, 138 | debug, 139 | }) 140 | } 141 | 142 | fn build_server_config( 143 | env: &environment::Environment, 144 | ) -> Result { 145 | let listen_addr = environment::lookup(env, "SERVER_LISTEN_ADDR")?; 146 | let listen_port = environment::lookup(env, "SERVER_LISTEN_PORT")?; 147 | let worker_threads = environment::lookup(env, "SERVER_WORKER_THREADS")?; 148 | 149 | Ok(config::ServerConfig { 150 | listen_addr, 151 | listen_port, 152 | worker_threads, 153 | }) 154 | } 155 | 156 | fn build_api_config(env: &environment::Environment) -> Result { 157 | let access_token = environment::lookup(env, "API_ACCESS_TOKEN")?; 158 | 159 | Ok(api::ApiConfig { access_token }) 160 | } 161 | 162 | fn build_unix_socket_config( 163 | env: &environment::Environment, 164 | ) -> Result { 165 | let path = environment::lookup(env, "DOCKER_UNIX_SOCKET_PATH")?; 166 | let read_timeout = environment::lookup(env, "DOCKER_UNIX_SOCKET_READ_TIMEOUT")?; 167 | let write_timeout = environment::lookup(env, "DOCKER_UNIX_SOCKET_WRITE_TIMEOUT")?; 168 | 169 | Ok(unix_stream::Config { 170 | path, 171 | read_timeout: Duration::from_secs(read_timeout), 172 | write_timeout: Duration::from_secs(write_timeout), 173 | }) 174 | } 175 | 176 | fn build_container_config( 177 | env: &environment::Environment, 178 | ) -> Result { 179 | let hostname = environment::lookup(env, "DOCKER_CONTAINER_HOSTNAME")?; 180 | let user = environment::lookup(env, "DOCKER_CONTAINER_USER")?; 181 | let memory = environment::lookup(env, "DOCKER_CONTAINER_MEMORY")?; 182 | let network_disabled = environment::lookup(env, "DOCKER_CONTAINER_NETWORK_DISABLED")?; 183 | let ulimit_nofile_soft = environment::lookup(env, "DOCKER_CONTAINER_ULIMIT_NOFILE_SOFT")?; 184 | let ulimit_nofile_hard = environment::lookup(env, "DOCKER_CONTAINER_ULIMIT_NOFILE_HARD")?; 185 | let ulimit_nproc_soft = environment::lookup(env, "DOCKER_CONTAINER_ULIMIT_NPROC_SOFT")?; 186 | let ulimit_nproc_hard = environment::lookup(env, "DOCKER_CONTAINER_ULIMIT_NPROC_HARD")?; 187 | let cap_add = environment::lookup(env, "DOCKER_CONTAINER_CAP_ADD").unwrap_or_default(); 188 | let cap_drop = environment::lookup(env, "DOCKER_CONTAINER_CAP_DROP").unwrap_or_default(); 189 | let readonly_rootfs = 190 | environment::lookup(env, "DOCKER_CONTAINER_READONLY_ROOTFS").unwrap_or(false); 191 | let tmp_dir_path: Option = 192 | environment::lookup_optional(env, "DOCKER_CONTAINER_TMP_DIR_PATH")?; 193 | let tmp_dir_options = environment::lookup(env, "DOCKER_CONTAINER_TMP_DIR_OPTIONS") 194 | .unwrap_or_else(|_| "rw,noexec,nosuid,size=65536k".to_string()); 195 | let work_dir_path: Option = 196 | environment::lookup_optional(env, "DOCKER_CONTAINER_WORK_DIR_PATH")?; 197 | let work_dir_options = environment::lookup(env, "DOCKER_CONTAINER_WORK_DIR_OPTIONS") 198 | .unwrap_or_else(|_| "rw,exec,nosuid,size=131072k".to_string()); 199 | 200 | Ok(run::ContainerConfig { 201 | hostname, 202 | user, 203 | memory, 204 | network_disabled, 205 | ulimit_nofile_soft, 206 | ulimit_nofile_hard, 207 | ulimit_nproc_soft, 208 | ulimit_nproc_hard, 209 | cap_add: environment::space_separated_string(cap_add), 210 | cap_drop: environment::space_separated_string(cap_drop), 211 | readonly_rootfs, 212 | tmp_dir: tmp_dir_path.map(|path| run::Tmpfs { 213 | path, 214 | options: tmp_dir_options, 215 | }), 216 | work_dir: work_dir_path.map(|path| run::Tmpfs { 217 | path, 218 | options: work_dir_options, 219 | }), 220 | }) 221 | } 222 | 223 | fn build_run_config(env: &environment::Environment) -> Result { 224 | let max_execution_time = environment::lookup(env, "RUN_MAX_EXECUTION_TIME")?; 225 | let max_output_size = environment::lookup(env, "RUN_MAX_OUTPUT_SIZE")?; 226 | 227 | Ok(run::Limits { 228 | max_execution_time: Duration::from_secs(max_execution_time), 229 | max_output_size, 230 | }) 231 | } 232 | 233 | fn build_debug_config(env: &environment::Environment) -> Result { 234 | let keep_container = environment::lookup(env, "DEBUG_KEEP_CONTAINER").unwrap_or(false); 235 | 236 | Ok(debug::Config { keep_container }) 237 | } 238 | -------------------------------------------------------------------------------- /systemd/docker-run.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=docker-run 3 | 4 | [Service] 5 | User=glot 6 | Group=glot 7 | Restart=always 8 | RestartSec=10 9 | ExecStart=/home/glot/bin/docker-run 10 | Environment="SERVER_LISTEN_ADDR=0.0.0.0" 11 | Environment="SERVER_LISTEN_PORT=8088" 12 | Environment="SERVER_WORKER_THREADS=10" 13 | Environment="API_ACCESS_TOKEN=some-secret-token" 14 | Environment="DOCKER_UNIX_SOCKET_PATH=/var/run/docker.sock" 15 | Environment="DOCKER_UNIX_SOCKET_READ_TIMEOUT=3" 16 | Environment="DOCKER_UNIX_SOCKET_WRITE_TIMEOUT=3" 17 | Environment="DOCKER_CONTAINER_HOSTNAME=glot" 18 | Environment="DOCKER_CONTAINER_USER=glot" 19 | Environment="DOCKER_CONTAINER_MEMORY=1000000000" 20 | Environment="DOCKER_CONTAINER_NETWORK_DISABLED=true" 21 | Environment="DOCKER_CONTAINER_ULIMIT_NOFILE_SOFT=90" 22 | Environment="DOCKER_CONTAINER_ULIMIT_NOFILE_HARD=100" 23 | Environment="DOCKER_CONTAINER_ULIMIT_NPROC_SOFT=90" 24 | Environment="DOCKER_CONTAINER_ULIMIT_NPROC_HARD=100" 25 | Environment="DOCKER_CONTAINER_CAP_DROP=MKNOD NET_RAW NET_BIND_SERVICE" 26 | Environment="DOCKER_CONTAINER_READONLY_ROOTFS=true" 27 | Environment="DOCKER_CONTAINER_TMP_DIR_PATH=/tmp" 28 | Environment="DOCKER_CONTAINER_TMP_DIR_OPTIONS=rw,noexec,nosuid,size=65536k" 29 | Environment="DOCKER_CONTAINER_WORK_DIR_PATH=/home/glot" 30 | Environment="DOCKER_CONTAINER_WORK_DIR_OPTIONS=rw,exec,nosuid,size=131072k" 31 | Environment="RUN_MAX_EXECUTION_TIME=15" 32 | Environment="RUN_MAX_OUTPUT_SIZE=100000" 33 | Environment="RUST_LOG=debug" 34 | 35 | [Install] 36 | WantedBy=multi-user.target 37 | --------------------------------------------------------------------------------