Patch/improve rama http (#752)

- fix CORS layer, its unwraps and design
   - rely on typed headers that we have,
     simplify the code and remove those runtime asserts

- fix remaining expect/unwrap issues in rama-http

Author: GlenDC

examples/http_connect_proxy.rs

@@ -126,6 +126,7 @@ async fn main() {
         let http_service = HttpServer::auto(exec)
             .service((
                     TraceLayer::new_for_http(),
+                    ConsumeErrLayer::default(),
                     // See [`ProxyAuthLayer::with_labels`] for more information,
                     // e.g. can also be used to extract upstream proxy filters
                     ProxyAuthLayer::new(basic!("john", "secret"))

examples/http_https_socks5_and_socks5h_connect_proxy.rs

@@ -48,7 +48,7 @@ use rama::{
             SecureTransport,
             server::{SelfSignedData, TlsPeekRouter},
         },
-        user::Basic,
+        user::credentials::basic,
     },
     proxy::socks5::{Socks5Acceptor, server::Socks5PeekRouter},
     rt::Executor,
@@ -59,7 +59,6 @@ use rama::{
         level_filters::LevelFilter,
         subscriber::{EnvFilter, fmt, layer::SubscriberExt, util::SubscriberInitExt},
     },
-    utils::str::non_empty_str,
 };
 
 #[cfg(feature = "boring")]
@@ -123,15 +122,15 @@ async fn main() {
         .await
         .expect("bind http+https+socks5+socks5h proxy to 127.0.0.1:62029");
 
-    let socks5_acceptor = Socks5Acceptor::default().with_authorizer(
-        Basic::new(non_empty_str!("john"), non_empty_str!("secret")).into_authorizer(),
-    );
+    let socks5_acceptor =
+        Socks5Acceptor::default().with_authorizer(basic!("john", "secret").into_authorizer());
 
     let exec = Executor::graceful(graceful.guard());
     let http_service = HttpServer::auto(exec).service(
         (
             TraceLayer::new_for_http(),
-            ProxyAuthLayer::new(Basic::new(non_empty_str!("tom"), non_empty_str!("clancy"))),
+            ConsumeErrLayer::default(),
+            ProxyAuthLayer::new(basic!("tom", "clancy")),
             UpgradeLayer::new(
                 MethodMatcher::CONNECT,
                 service_fn(http_connect_accept),

examples/http_mitm_proxy_boring.rs

@@ -162,6 +162,7 @@ async fn main() -> Result<(), BoxError> {
         let http_service = HttpServer::auto(exec).service(
             (
                 TraceLayer::new_for_http(),
+                ConsumeErrLayer::default(),
                 // See [`ProxyAuthLayer::with_labels`] for more information,
                 // e.g. can also be used to extract upstream proxy filters
                 ProxyAuthLayer::new(basic!("john", "secret")),

examples/http_mitm_proxy_rustls.rs

@@ -109,6 +109,7 @@ async fn main() -> Result<(), BoxError> {
         let http_service = HttpServer::auto(exec).service(
             (
                 TraceLayer::new_for_http(),
+                ConsumeErrLayer::default(),
                 // See [`ProxyAuthLayer::with_labels`] for more information,
                 // e.g. can also be used to extract upstream proxy filters
                 ProxyAuthLayer::new(basic!("john", "secret")),

examples/http_record_har.rs

@@ -68,7 +68,7 @@ use rama::{
             client::ServerVerifyMode,
             server::{SelfSignedData, ServerAuth, ServerConfig},
         },
-        user::Basic,
+        user::credentials::basic,
     },
     rt::Executor,
     service::service_fn,
@@ -89,7 +89,6 @@ use rama::{
         },
         profile::UserAgentDatabase,
     },
-    utils::str::non_empty_str,
 };
 
 use std::{
@@ -146,9 +145,10 @@ async fn main() -> Result<(), BoxError> {
         let http_service = HttpServer::auto(exec).service(
             (
                 TraceLayer::new_for_http(),
+                ConsumeErrLayer::default(),
                 // See [`ProxyAuthLayer::with_labels`] for more information,
                 // e.g. can also be used to extract upstream proxy filters
-                ProxyAuthLayer::new(Basic::new(non_empty_str!("john"), non_empty_str!("secret"))),
+                ProxyAuthLayer::new(basic!("john", "secret")),
                 // used to toggle HAR recording on and off
                 // ...
                 // NOTE that in a production proxy you would probably

examples/https_connect_proxy.rs

@@ -122,6 +122,7 @@ async fn main() {
         let http_service = HttpServer::auto(exec.clone()).service(
             (
                 TraceLayer::new_for_http(),
+                ConsumeErrLayer::default(),
                 // See [`ProxyAuthLayer::with_labels`] for more information,
                 // e.g. can also be used to extract upstream proxy filter
                 ProxyAuthLayer::new(basic!("john", "secret")),

examples/proxy_connectivity_check.rs

@@ -58,7 +58,7 @@ use rama::{
         proxy::ProxyTarget,
         stream::ClientSocketInfo,
         tls::SecureTransport,
-        user::Basic,
+        user::credentials::basic,
     },
     proxy::socks5::{
         Socks5Acceptor,
@@ -72,7 +72,6 @@ use rama::{
         level_filters::LevelFilter,
         subscriber::{EnvFilter, fmt, layer::SubscriberExt, util::SubscriberInitExt},
     },
-    utils::str::non_empty_str,
 };
 
 use std::{convert::Infallible, time::Duration};
@@ -161,7 +160,8 @@ async fn main() {
     let http_service = HttpServer::auto(Executor::graceful(graceful.guard())).service(
         (
             TraceLayer::new_for_http(),
-            ProxyAuthLayer::new(Basic::new(non_empty_str!("tom"), non_empty_str!("clancy"))),
+            ConsumeErrLayer::default(),
+            ProxyAuthLayer::new(basic!("tom", "clancy")),
             UpgradeLayer::new(
                 MethodMatcher::CONNECT,
                 service_fn(http_connect_accept),
@@ -175,9 +175,7 @@ async fn main() {
     let socks5_svc = HttpPeekRouter::new(HttpServer::auto(exec).service(proxy_service))
         .with_fallback(Forwarder::ctx());
     let socks5_acceptor = Socks5Acceptor::new()
-        .with_authorizer(
-            Basic::new(non_empty_str!("john"), non_empty_str!("secret")).into_authorizer(),
-        )
+        .with_authorizer(basic!("john", "secret").into_authorizer())
         .with_connector(LazyConnector::new(socks5_svc));
 
     let auto_socks5_acceptor = Socks5PeekRouter::new(socks5_acceptor).with_fallback(http_service);

examples/socks5_and_http_proxy.rs

@@ -38,7 +38,10 @@ use rama::{
         service::web::response::IntoResponse,
     },
     layer::ConsumeErrLayer,
-    net::{http::RequestContext, proxy::ProxyTarget, stream::ClientSocketInfo, user::Basic},
+    net::{
+        http::RequestContext, proxy::ProxyTarget, stream::ClientSocketInfo,
+        user::credentials::basic,
+    },
     proxy::socks5::{Socks5Acceptor, server::Socks5PeekRouter},
     rt::Executor,
     service::service_fn,
@@ -48,7 +51,6 @@ use rama::{
         level_filters::LevelFilter,
         subscriber::{EnvFilter, fmt, layer::SubscriberExt, util::SubscriberInitExt},
     },
-    utils::str::non_empty_str,
 };
 
 use std::{convert::Infallible, time::Duration};
@@ -70,15 +72,15 @@ async fn main() {
         .await
         .expect("bind socks5+http proxy to 127.0.0.1:62023");
 
-    let socks5_acceptor = Socks5Acceptor::default().with_authorizer(
-        Basic::new(non_empty_str!("john"), non_empty_str!("secret")).into_authorizer(),
-    );
+    let socks5_acceptor =
+        Socks5Acceptor::default().with_authorizer(basic!("john", "secret").into_authorizer());
 
     let exec = Executor::graceful(graceful.guard());
     let http_service = HttpServer::auto(exec).service(
         (
             TraceLayer::new_for_http(),
-            ProxyAuthLayer::new(Basic::new(non_empty_str!("tom"), non_empty_str!("clancy"))),
+            ConsumeErrLayer::default(),
+            ProxyAuthLayer::new(basic!("tom", "clancy")),
             UpgradeLayer::new(
                 MethodMatcher::CONNECT,
                 service_fn(http_connect_accept),

examples/socks5_bind_proxy.rs

@@ -14,7 +14,7 @@
 
 use rama::{
     extensions::Extensions,
-    net::{address::SocketAddress, user::Basic},
+    net::{address::SocketAddress, user::credentials::basic},
     proxy::socks5::{
         Socks5Acceptor, Socks5Client, client::bind::BindOutput, server::DefaultBinder,
     },
@@ -24,7 +24,6 @@ use rama::{
         level_filters::LevelFilter,
         subscriber::{EnvFilter, fmt, layer::SubscriberExt, util::SubscriberInitExt},
     },
-    utils::str::non_empty_str,
 };
 
 use tokio::io::{AsyncReadExt, AsyncWriteExt};
@@ -47,8 +46,7 @@ async fn main() {
         .await
         .expect("establish connection to socks5 server (from client)");
 
-    let socks5_client =
-        Socks5Client::new().with_auth(Basic::new(non_empty_str!("john"), non_empty_str!("secret")));
+    let socks5_client = Socks5Client::new().with_auth(basic!("john", "secret"));
 
     let binder = socks5_client
         .handshake_bind(proxy_client_stream, None)
@@ -118,9 +116,7 @@ async fn spawn_socks5_server() -> SocketAddress {
         .into();
 
     let socks5_acceptor = Socks5Acceptor::new()
-        .with_authorizer(
-            Basic::new(non_empty_str!("john"), non_empty_str!("secret")).into_authorizer(),
-        )
+        .with_authorizer(basic!("john", "secret").into_authorizer())
         .with_binder(DefaultBinder::default().with_bind_interface(SocketAddress::local_ipv4(0)));
 
     tokio::spawn(tcp_service.serve(socks5_acceptor));

examples/socks5_connect_proxy.rs

@@ -31,15 +31,14 @@
 //! ```
 
 use rama::{
-    net::user::Basic,
+    net::user::credentials::basic,
     proxy::socks5::Socks5Acceptor,
     tcp::server::TcpListener,
     telemetry::tracing::{
         self,
         level_filters::LevelFilter,
         subscriber::{EnvFilter, fmt, layer::SubscriberExt, util::SubscriberInitExt},
     },
-    utils::str::non_empty_str,
 };
 
 use std::time::Duration;
@@ -60,9 +59,8 @@ async fn main() {
     let tcp_service = TcpListener::bind("127.0.0.1:62021")
         .await
         .expect("bind proxy to 127.0.0.1:62021");
-    let socks5_acceptor = Socks5Acceptor::default().with_authorizer(
-        Basic::new(non_empty_str!("john"), non_empty_str!("secret")).into_authorizer(),
-    );
+    let socks5_acceptor =
+        Socks5Acceptor::default().with_authorizer(basic!("john", "secret").into_authorizer());
     graceful.spawn_task_fn(|guard| tcp_service.serve_graceful(guard, socks5_acceptor));
 
     graceful