Enforce deny unwrap_used

apps/api/Cargo.toml

@@ -33,3 +33,6 @@ reqwest = { version = "^0.12", features = ["json", "multipart", "stream"] }
 
 [dev-dependencies]
 tempfile = "3"
+
+[lints.clippy]
+unwrap_used = "deny"

apps/api/src/cmd/generate_openapi.rs

@@ -28,7 +28,7 @@ fn action(
     _matches: &clap::ArgMatches,
 ) -> std::pin::Pin<Box<dyn std::future::Future<Output = ()> + Send>> {
     let output_path = _matches.get_one::<String>("output_path");
-    let output_path = output_path.unwrap().to_string();
+    let output_path = output_path.expect("output_path is required").to_string();
 
     Box::pin(async move {
         tracing::subscriber::with_default(log::make_temporary_subscriber(), || {

apps/api/src/cmd/start_server.rs

@@ -11,15 +11,8 @@ use crate::{
     cmd::CliCommand,
     configs::{ProgramSettings, get_program_settings, logging::LoggingSettings},
     log,
-    routes::{self, AppService, AppState},
+    routes::{self, AppState},
-    services::{
+    services::get_app_service,
-        auth::{
-            authentication::{AuthenticationServiceImpl, strategies::password::PasswordStrategy},
-            user::UserServiceImpl,
-        },
-        server_state::ServerStateService,
-        settings::SettingsService,
-    },
     tasks,
 };
 
@@ -148,19 +141,7 @@ fn get_app_state(
     AppState {
         database_connection: db_connection.clone(),
         config: Arc::new(settings.clone()),
-        service: Arc::new(AppService {
+        service: Arc::new(get_app_service(db_connection, settings)),
-            server_state: Arc::new(ServerStateService::new(db_connection.clone())),
-            settings: Arc::new(SettingsService::new(db_connection.clone())),
-            auth_state: routes::AuthState {
-                strategy: routes::AuthStrategy {
-                    password: Arc::new(PasswordStrategy::new(db_connection.clone())),
-                },
-                authentication: Arc::new(AuthenticationServiceImpl::new(
-                    settings.auth.jwt_secret.clone(),
-                )),
-            },
-            user: Arc::new(UserServiceImpl::new(db_connection.clone())),
-        }),
     }
 }
 

apps/api/src/configs.rs

@@ -1,3 +1,4 @@
+pub mod agent;
 pub mod auth;
 pub mod database;
 pub mod logging;
@@ -21,6 +22,7 @@ pub struct ProgramSettings {
     pub database: database::DatabaseSettings,
     pub server: server::ServerSettings,
     pub auth: auth::AuthSettings,
+    pub agent: agent::AgentSettings,
 }
 
 impl FromConfig for ProgramSettings {
@@ -30,6 +32,7 @@ impl FromConfig for ProgramSettings {
             database: database::DatabaseSettings::from_config(_config)?,
             server: server::ServerSettings::from_config(_config)?,
             auth: auth::AuthSettings::from_config(_config)?,
+            agent: agent::AgentSettings::from_config(_config)?,
         };
         config.validate()?;
         Ok(config)
@@ -50,6 +53,7 @@ impl FromConfig for ProgramSettings {
             database: database::DatabaseSettings::mock(),
             server: server::ServerSettings::mock(),
             auth: auth::AuthSettings::mock(),
+            agent: agent::AgentSettings::mock(),
         }
     }
 }

apps/api/src/configs/agent.rs

@@ -0,0 +1,58 @@
+use config::Config;
+use tracing::error;
+
+use crate::configs::key::AGENT_SOCK_PATH_KEY;
+
+use super::FromConfig;
+
+#[derive(Debug, Clone)]
+pub struct AgentSettings {
+    pub socket_path: String,
+}
+
+impl FromConfig for AgentSettings {
+    fn from_config(_config: &Config) -> Result<Self, String> {
+        Ok(AgentSettings {
+            socket_path: _config.get_string(AGENT_SOCK_PATH_KEY).map_err(|err| {
+                format!(
+                    "Failed to get {} from configuration. Err: {}",
+                    AGENT_SOCK_PATH_KEY, err
+                )
+            })?,
+        })
+    }
+
+    fn validate(&self) -> Result<(), String> {
+        // ensure socket_path exists and is readable and writable
+        if !std::path::Path::new(&self.socket_path).exists() {
+            let msg = format!("Agent socket path '{}' does not exist", self.socket_path);
+            error!("{}", msg);
+            return Err(msg);
+        }
+        if std::path::Path::new(&self.socket_path)
+            .metadata()
+            .map(|meta| {
+                let permissions = meta.permissions();
+                // Check read and write permissions for the owner
+                !permissions.readonly()
+            })
+            .unwrap_or(false)
+        {
+            Ok(())
+        } else {
+            let msg = format!(
+                "Agent socket path '{}' is not readable/writable",
+                self.socket_path
+            );
+            error!("{}", msg);
+            Err(msg)
+        }
+    }
+
+    #[cfg(test)]
+    fn mock() -> Self {
+        AgentSettings {
+            socket_path: "/tmp/agent.sock".to_string(),
+        }
+    }
+}

apps/api/src/configs/key.rs

@@ -14,3 +14,5 @@ pub(crate) const DATABASE_MIGRATE_ON_STARTUP_KEY: &str = "DATABASE.MIGRATION.MIG
 pub(crate) const AUTH_JWT_SECRET_KEY: &str = "AUTH.JWT_SECRET";
 pub(crate) const AUTH_DEFAULT_ADMIN_USERNAME_KEY: &str = "AUTH.DEFAULT_ADMIN_USERNAME";
 pub(crate) const AUTH_DEFAULT_ADMIN_PASSWORD_KEY: &str = "AUTH.DEFAULT_ADMIN_PASSWORD";
+//
+pub(crate) const AGENT_SOCK_PATH_KEY: &str = "AGENT.SOCK.PATH";

apps/api/src/configs/server.rs

@@ -121,7 +121,7 @@ impl FromConfig for ServerSettings {
     #[cfg(test)]
     fn mock() -> Self {
         ServerSettings {
-            address: "0.0.0.0".parse().unwrap(),
+            address: "0.0.0.0".parse().expect("Failed to parse mock IP address"),
             port: 8080,
             serve_openapi: false,
             cors: CORSSettings {

apps/api/src/routes.rs

@@ -12,12 +12,8 @@ use crate::{
     configs::{ProgramSettings, server::CORSSettings},
     middlewares,
     services::{
-        auth::{
+        AppService, ServiceState,
-            authentication::{AuthenticationService, strategies::password::PasswordStrategy},
+        auth::authentication::{AuthenticationService, strategies::password::PasswordStrategy},
-            user::UserService,
-        },
-        server_state::ServerStateStore,
-        settings::SettingsStore,
     },
 };
 
@@ -28,8 +24,6 @@ pub struct AppState {
     pub config: Arc<ProgramSettings>,
 }
 
-pub type ServiceState<T> = Arc<T>;
-
 pub struct AuthStrategy {
     pub password: ServiceState<PasswordStrategy>,
 }
@@ -39,13 +33,6 @@ pub struct AuthState {
     pub authentication: ServiceState<dyn AuthenticationService>,
 }
 
-pub struct AppService {
-    pub settings: ServiceState<dyn SettingsStore>,
-    pub auth_state: AuthState,
-    pub user: ServiceState<dyn UserService>,
-    pub server_state: ServiceState<dyn ServerStateStore>,
-}
-
 pub fn get_root_router(
     state: impl Into<Arc<AppState>>,
     cors_settings: Arc<CORSSettings>,

apps/api/src/routes/api/health/info.rs

@@ -79,6 +79,7 @@ pub async fn get_health_info(
 #[cfg(test)]
 mod test {
     use crate::configs::FromConfig;
+    use crate::services::agent_client::AgentService;
     use crate::{
         routes::{AppState, api::health::state::HealthState},
         services::{
@@ -94,6 +95,7 @@ mod test {
     };
 
     use super::*;
+    use agent_client::apis::configuration::Configuration;
     use axum::body::to_bytes;
     use axum::{
         Router,
@@ -124,6 +126,7 @@ mod test {
                 },
                 user: Arc::new(UserServiceImpl::new(db.clone())),
                 server_state: Arc::new(ServerStateService::new(db.clone())),
+                agent_client: Arc::new(AgentService::new(Configuration::default())),
             }),
         });
 
@@ -135,13 +138,21 @@ mod test {
             }));
 
         let response = app
-            .oneshot(Request::builder().uri("/info").body(Body::empty()).unwrap())
+            .oneshot(
+                Request::builder()
+                    .uri("/info")
+                    .body(Body::empty())
+                    .expect("Failed to build request"),
+            )
             .await
             .unwrap();
 
         assert_eq!(response.status(), StatusCode::OK);
-        let body = to_bytes(response.into_body(), 1024 * 1024).await.unwrap(); // Set limit to 1 MB
+        let body = to_bytes(response.into_body(), 1024 * 1024)
-        let health_info: HealthInfo = serde_json::from_slice(&body).unwrap();
+            .await
+            .expect("Failed to read response body"); // Set limit to 1 MB
+        let health_info: HealthInfo =
+            serde_json::from_slice(&body).expect("Failed to deserialize response body");
         assert_eq!(health_info.status, STATUS_HEALTHY);
         assert_eq!(health_info.version, env!("CARGO_PKG_VERSION"));
         assert!(health_info.errors.is_none());

apps/api/src/services.rs

@@ -2,3 +2,53 @@ pub mod agent_client;
 pub mod auth;
 pub mod server_state;
 pub mod settings;
+
+use std::sync::Arc;
+
+use ::agent_client::apis::configuration::Configuration;
+
+use crate::{
+    configs::ProgramSettings,
+    routes::{self, AuthState},
+    services::{
+        auth::{
+            authentication::{AuthenticationServiceImpl, strategies::password::PasswordStrategy},
+            user::{UserService, UserServiceImpl},
+        },
+        server_state::{ServerStateService, ServerStateStore},
+        settings::{SettingsService, SettingsStore},
+    },
+};
+
+pub type ServiceState<T> = Arc<T>;
+
+pub struct AppService {
+    pub settings: ServiceState<dyn SettingsStore>,
+    pub auth_state: AuthState,
+    pub user: ServiceState<dyn UserService>,
+    pub server_state: ServiceState<dyn ServerStateStore>,
+    #[allow(dead_code)]
+    pub agent_client: ServiceState<agent_client::AgentService>,
+}
+
+pub fn get_app_service(
+    db_connection: &Arc<sea_orm::DatabaseConnection>,
+    settings: &ProgramSettings,
+) -> AppService {
+    AppService {
+        server_state: Arc::new(ServerStateService::new(db_connection.clone())),
+        settings: Arc::new(SettingsService::new(db_connection.clone())),
+        auth_state: routes::AuthState {
+            strategy: routes::AuthStrategy {
+                password: Arc::new(PasswordStrategy::new(db_connection.clone())),
+            },
+            authentication: Arc::new(AuthenticationServiceImpl::new(
+                settings.auth.jwt_secret.clone(),
+            )),
+        },
+        user: Arc::new(UserServiceImpl::new(db_connection.clone())),
+        agent_client: Arc::new(agent_client::AgentService::new(Configuration::from(
+            settings.agent.clone(),
+        ))),
+    }
+}

apps/api/src/services/agent_client.rs

@@ -1,11 +1,32 @@
 use std::sync::Arc;
 
 use agent_client::apis::{ApiClient, configuration::Configuration};
+use tracing::warn;
+
+use crate::configs::agent::AgentSettings;
 
 pub struct AgentService {
     client: Arc<ApiClient>,
 }
 
+impl From<AgentSettings> for Configuration {
+    fn from(settings: AgentSettings) -> Self {
+        let mut config = Configuration::default();
+        let mut builder = reqwest::Client::builder();
+
+        let url = settings.socket_path;
+        if url.starts_with("unix://") {
+            builder = builder.unix_socket(url.to_string());
+            config.client = builder.build().expect("Failed to build reqwest client");
+        } else {
+            warn!("AgentSettings contains a non-unix socket path: {}", url);
+            config.base_path = url;
+        }
+
+        config
+    }
+}
+
 impl AgentService {
     pub fn new(config: impl Into<Arc<Configuration>>) -> Self {
         let client = ApiClient::new(config.into());
@@ -14,6 +35,7 @@ impl AgentService {
         }
     }
 
+    #[allow(dead_code)]
     pub fn get_client(&self) -> Arc<ApiClient> {
         Arc::clone(&self.client)
     }

apps/api/src/services/auth/authentication.rs

@@ -197,14 +197,17 @@ mod tests {
         let (token, _) = service
             .generate_jwt(user_id, 60)
             .await
-            .expect("generate jwt");
+            .expect("Failed to generate jwt");
 
         let valid = service
             .is_valid_jwt(&token, None)
             .await
-            .expect("validate jwt");
+            .expect("Failed to validate jwt");
         assert!(valid.is_some(), "Generated token should be valid");
-        let claims = service.parse_jwt(&token).await.expect("parse jwt");
+        let claims = service
+            .parse_jwt(&token)
+            .await
+            .expect("Failed to parse jwt");
         assert_eq!(claims.sub, user_id.to_string());
     }
 
@@ -213,10 +216,16 @@ mod tests {
         let service = AuthenticationServiceImpl::new(Some("secret".to_string()));
 
         let user_id = Uuid::new_v4();
-        let (token, _) = service.generate_jwt(user_id, 60).await.unwrap();
+        let (token, _) = service
+            .generate_jwt(user_id, 60)
+            .await
+            .expect("Failed to generate jwt");
 
         let other_sub = Uuid::new_v4().to_string();
-        let valid = service.is_valid_jwt(&token, Some(other_sub)).await.unwrap();
+        let valid = service
+            .is_valid_jwt(&token, Some(other_sub))
+            .await
+            .expect("jwt is not valid");
         assert!(
             valid.is_none(),
             "Token should be invalid for a different subject"
@@ -236,10 +245,19 @@ mod tests {
         let service = AuthenticationServiceImpl::new(Some("secret".to_string()));
 
         let user_id = Uuid::new_v4();
-        let (token, _) = service.generate_jwt(user_id, 60).await.unwrap();
+        let (token, _) = service
-        let new_token = service.refresh_jwt(&token, 120).await.unwrap();
+            .generate_jwt(user_id, 60)
+            .await
+            .expect("Failed to generate jwt");
+        let new_token = service
+            .refresh_jwt(&token, 120)
+            .await
+            .expect("Failed to refresh jwt");
 
-        let claims = service.parse_jwt(&new_token).await.unwrap();
+        let claims = service
+            .parse_jwt(&new_token)
+            .await
+            .expect("Failed to parse refreshed jwt");
         assert_eq!(claims.sub, user_id.to_string());
         assert_eq!(claims.exp - claims.iat, 120);
     }
@@ -249,10 +267,16 @@ mod tests {
         let service = AuthenticationServiceImpl::new(Some("secret".to_string()));
 
         let user_id = Uuid::new_v4();
-        let (token, claims) = service.generate_jwt(user_id, 1).await.unwrap();
+        let (token, claims) = service
+            .generate_jwt(user_id, 1)
+            .await
+            .expect("Failed to generate jwt");
         sleep(Duration::from_secs(2)).await;
 
-        let valid = service.is_valid_jwt(&token, None).await.unwrap();
+        let valid = service
+            .is_valid_jwt(&token, None)
+            .await
+            .expect("Failed to validate jwt");
         assert!(
             valid.is_none(),
             "Token should be expired and thus invalid. Current time: {:?}. Diff: {}",
@@ -266,9 +290,15 @@ mod tests {
         let service = AuthenticationServiceImpl::new(Some("secret".to_string()));
 
         let user_id = Uuid::new_v4();
-        let (token, _) = service.generate_jwt(user_id, 1).await.unwrap();
+        let (token, _) = service
+            .generate_jwt(user_id, 1)
+            .await
+            .expect("Failed to generate jwt");
 
-        service.invalidate_jwt(&token).await.unwrap();
+        service
+            .invalidate_jwt(&token)
+            .await
+            .expect("Failed to invalidate jwt");
 
         // ensure entry is present
         {

apps/api/src/services/auth/authentication/strategies/password.rs

@@ -236,7 +236,7 @@ mod test {
                 "CorrectPassword".as_bytes(),
                 &SaltString::generate(&mut OsRng),
             )
-            .unwrap()
+            .expect("Failed to hash password")
             .to_string();
         let db = MockDatabase::new(sea_orm::DatabaseBackend::Sqlite)
             .append_query_results(vec![vec![user::Model {
@@ -281,7 +281,7 @@ mod test {
                 "CorrectPassword".as_bytes(),
                 &SaltString::generate(&mut OsRng),
             )
-            .unwrap()
+            .expect("Failed to hash password")
             .to_string();
         let db = MockDatabase::new(sea_orm::DatabaseBackend::Sqlite)
             .append_query_results(vec![vec![user::Model {