warp-tech/warpgate
1
1
Fork 0
mirror of https://github.com/warp-tech/warpgate.git synced 2025-09-24 23:49:45 +08:00
Code Issues Projects Releases Packages Wiki Activity

bump vulnerable deps (#1241)

Browse source
This commit is contained in:
Eugene 2025-02-09 00:08:59 +01:00 committed by GitHub
parent 40e49a2c8e
commit 2cdf8babae
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
25 changed files with 1307 additions and 1203 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/build.yml vendored
View file

@ -52,7 +52,7 @@ jobs:
- name: cargo-deny
run: |
cargo deny check bans
cargo deny check
- name: Install admin UI deps
run: |

2217
Cargo.lock generated
View file

File diff suppressed because it is too large Load diff

14
Cargo.toml
View file

@ -31,6 +31,20 @@ tokio-stream = { version = "0.1.17", features = ["net"] }
tokio-rustls = "0.26"
enum_dispatch = "0.3.13"
rustls = "0.23"
sea-orm = { version = "1.0", default-features = false, features = ["runtime-tokio", "macros"] }
sea-orm-migration = { version = "1.0", default-features = false, features = [
"cli",
] }
poem = { version = "3.1", features = [
"cookie",
"session",
"anyhow",
"websocket",
"rustls",
"embed",
] }
password-hash = { version = "0.4", features = ["std"] }
delegate = "0.13"
[profile.release]
lto = true

63
deny.toml
View file

@ -70,7 +70,8 @@ feature-depth = 1
# A list of advisory IDs to ignore. Note that ignored advisories will still
# output a note when they are encountered.
ignore = [
#"RUSTSEC-0000-0000",
"RUSTSEC-2023-0071",
"RUSTSEC-2021-0139", # ansi-term is unmaintained
#{ id = "RUSTSEC-0000-0000", reason = "you can specify a reason the advisory is ignored" },
#"a-crate-that-is-yanked@0.1.1", # you can also ignore yanked crate versions if you wish
#{ crate = "a-crate-that-is-yanked@0.1.1", reason = "you can specify why you are ignoring the yanked crate" },
@ -87,9 +88,9 @@ ignore = [
# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html
[bans]
# Lint level for when multiple versions of the same crate are detected
multiple-versions = "warn"
# multiple-versions = "warn"
# Lint level for when a crate version requirement is `*`
wildcards = "allow"
wildcards = "warn"
# The graph highlighting used when creating dotgraphs for crates
# with multiple versions
# * lowest-version - The path to the lowest versioned duplicate is highlighted
@ -119,13 +120,19 @@ deny = [
#{ crate = "ansi_term@0.11.0", wrappers = ["this-crate-directly-depends-on-ansi_term"] },
]
# List of features to allow/deny
# Each entry the name of a crate and a version range. If version is
# not specified, all versions will be matched.
#[[bans.features]]
#crate = "reqwest"
# TODO reenable once poem updates its tokio-rustls dependency
# [[bans.features]]
# crate = "rustls"
# # Features to not allow
# deny = ["ring"]
[[bans.features]]
crate = "reqwest"
# Features to not allow
#deny = ["json"]
deny = ["rustls-tls-webpki-roots"]
# Features to allow
#allow = [
# "rustls",
@ -143,18 +150,18 @@ deny = [
#exact = true
# Certain crates/versions that will be skipped when doing duplicate detection.
skip = [
# skip = [
#"ansi_term@0.11.0",
#{ crate = "ansi_term@0.11.0", reason = "you can specify a reason why it can't be updated/removed" },
]
# ]
# Similarly to `skip` allows you to skip certain crates during duplicate
# detection. Unlike skip, it also includes the entire tree of transitive
# dependencies starting at the specified crate, up to a certain depth, which is
# by default infinite.
skip-tree = [
# skip-tree = [
#"ansi_term@0.11.0", # will be skipped along with _all_ of its direct and transitive dependencies
#{ crate = "ansi_term@0.11.0", depth = 20 },
]
# ]
# This section is considered when running `cargo deny check sources`.
# More documentation about the 'sources' section can be found here:
@ -179,3 +186,33 @@ github = []
gitlab = []
# bitbucket.org organizations to allow git sources for
bitbucket = []
[licenses]
confidence-threshold = 0.95
allow = [
"MIT",
"Apache-2.0",
"Unicode-3.0",
"ISC",
"OpenSSL",
"BSD-3-Clause",
"Zlib",
"WTFPL",
"CC0-1.0",
"LGPL-3.0",
"MPL-2.0",
]
[[licenses.clarify]]
crate = "ring"
expression = "OpenSSL"
license-files = [
{ path = "LICENSE", hash = 0xbd0eed23 },
]
[[licenses.clarify]]
crate = "webpki"
expression = "ISC"
license-files = [
{ path = "LICENSE", hash = 0x001c7e6c },
]

12
warpgate-admin/Cargo.toml
View file

@ -12,12 +12,7 @@ chrono = { version = "0.4", default-features = false }
futures.workspace = true
hex = "0.4"
mime_guess = { version = "2.0", default-features = false }
poem = { version = "3.1", features = [
"cookie",
"session",
"anyhow",
"websocket",
] }
poem.workspace = true
poem-openapi = { version = "5.1", features = [
"swagger-ui",
"chrono",
@ -26,10 +21,7 @@ poem-openapi = { version = "5.1", features = [
] }
russh.workspace = true
rust-embed = "8.3"
sea-orm = { version = "0.12", features = [
"runtime-tokio-rustls",
"macros",
], default-features = false }
sea-orm.workspace = true
serde.workspace = true
serde_json.workspace = true
thiserror = "1.0"

13
warpgate-common/Cargo.toml
View file

@ -6,16 +6,16 @@ version = "0.13.0"
[dependencies]
anyhow = "1.0"
argon2 = "0.4"
argon2 = "0.5"
async-trait = "0.1"
bytes.workspace = true
chrono = { version = "0.4", default-features = false, features = ["serde"] }
data-encoding.workspace = true
delegate = "0.6"
delegate.workspace = true
humantime-serde = "1.1"
futures.workspace = true
once_cell = "1.17"
password-hash = "0.4"
password-hash.workspace = true
poem = { version = "3.1", features = ["rustls"] }
poem-openapi = { version = "5.1", features = [
"swagger-ui",
@ -27,11 +27,8 @@ rand = "0.8"
rand_chacha = "0.3"
rand_core = { version = "0.6", features = ["std"] }
russh.workspace = true
rustls-native-certs = "0.6"
sea-orm = { version = "0.12.2", features = [
"runtime-tokio-rustls",
"macros",
], default-features = false }
rustls-native-certs = "0.8"
sea-orm.workspace = true
serde.workspace = true
serde_json.workspace = true
thiserror = "1.0"

3
warpgate-common/src/helpers/hash.rs
View file

@ -1,9 +1,8 @@
use anyhow::Result;
use argon2::password_hash::rand_core::OsRng;
use argon2::password_hash::{PasswordHash, PasswordHasher, PasswordVerifier, SaltString};
use argon2::password_hash::{Error, PasswordHash, PasswordHasher, PasswordVerifier, SaltString};
use argon2::Argon2;
use data_encoding::HEXLOWER;
use password_hash::errors::Error;
use rand::Rng;
use crate::Secret;

5
warpgate-common/src/tls/rustls_root_certs.rs
View file

@ -1,5 +1,4 @@
use once_cell::sync::Lazy;
use rustls::pki_types::CertificateDer;
use rustls::RootCertStore;
#[allow(clippy::expect_used)]
@ -8,9 +7,7 @@ pub static ROOT_CERT_STORE: Lazy<RootCertStore> = Lazy::new(|| {
for cert in
rustls_native_certs::load_native_certs().expect("could not load root TLS certificates")
{
roots
.add(CertificateDer::from(cert.0))
.expect("could not add root TLS certificate");
roots.add(cert).expect("could not add root TLS certificate");
}
roots
});

6
warpgate-common/src/types/secret.rs
View file

@ -85,9 +85,9 @@ impl<T: poem_openapi::types::Type> poem_openapi::types::Type for Secret<T> {
delegate! {
to self.0 {
fn as_raw_value(&self) -> Option<&Self::RawValueType>;
fn raw_element_iter<'a>(
&'a self,
) -> Box<dyn Iterator<Item = &'a Self::RawElementValueType> + 'a>;
fn raw_element_iter(
&'_ self,
) -> Box<dyn Iterator<Item = &'_ Self::RawElementValueType> + '_>;
fn is_empty(&self) -> bool;
fn is_none(&self) -> bool;
}

11
warpgate-core/Cargo.toml
View file

@ -10,7 +10,7 @@ warpgate-db-entities = { version = "*", path = "../warpgate-db-entities" }
warpgate-db-migrations = { version = "*", path = "../warpgate-db-migrations" }
anyhow = { version = "1.0", features = ["std"] }
argon2 = "0.4"
argon2 = "0.5"
async-trait = "0.1"
bytes.workspace = true
chrono = { version = "0.4", default-features = false, features = ["serde"] }
@ -20,8 +20,8 @@ humantime-serde = "1.1"
futures.workspace = true
once_cell = "1.17"
packet = "0.1"
password-hash = "0.4"
poem = { version = "3.1" }
password-hash.workspace = true
poem.workspace = true
poem-openapi = { version = "5.1", features = [
"swagger-ui",
"chrono",
@ -31,10 +31,7 @@ poem-openapi = { version = "5.1", features = [
rand = "0.8"
rand_chacha = "0.3"
rand_core = { version = "0.6", features = ["std"] }
sea-orm = { version = "0.12", features = [
"runtime-tokio-rustls",
"macros",
], default-features = false }
sea-orm.workspace = true
serde.workspace = true
serde_json.workspace = true
thiserror = "1.0"

2
warpgate-db-entities/Cargo.toml
View file

@ -8,7 +8,7 @@ version = "0.13.0"
bytes = "1.4"
chrono = { version = "0.4", default-features = false, features = ["serde"] }
poem-openapi = { version = "5.1", features = ["chrono", "uuid"] }
sea-orm = { version = "0.12", features = [
sea-orm = { workspace = true, features = [
"macros",
"with-chrono",
"with-uuid",

2
warpgate-db-entities/src/Recording.rs
View file

@ -6,7 +6,7 @@ use serde::Serialize;
use uuid::Uuid;
#[derive(Debug, Clone, PartialEq, Eq, EnumIter, Enum, DeriveActiveEnum, Serialize)]
#[sea_orm(rs_type = "String", db_type = "String(Some(16))")]
#[sea_orm(rs_type = "String", db_type = "String(StringLen::N(16))")]
pub enum RecordingKind {
#[sea_orm(string_value = "terminal")]
Terminal,

4
warpgate-db-entities/src/Target.rs
View file

@ -5,7 +5,7 @@ use uuid::Uuid;
use warpgate_common::{Target, TargetOptions};
#[derive(Debug, PartialEq, Eq, Serialize, Clone, Enum, EnumIter, DeriveActiveEnum)]
#[sea_orm(rs_type = "String", db_type = "String(Some(16))")]
#[sea_orm(rs_type = "String", db_type = "String(StringLen::N(16))")]
pub enum TargetKind {
#[sea_orm(string_value = "http")]
Http,
@ -32,7 +32,7 @@ impl From<&TargetOptions> for TargetKind {
}
#[derive(Debug, PartialEq, Eq, Serialize, Clone, Enum, EnumIter, DeriveActiveEnum)]
#[sea_orm(rs_type = "String", db_type = "String(Some(16))")]
#[sea_orm(rs_type = "String", db_type = "String(StringLen::N(16))")]
pub enum SshAuthKind {
#[sea_orm(string_value = "password")]
Password,

8
warpgate-db-migrations/Cargo.toml
View file

@ -11,16 +11,12 @@ version = "0.13.0"
tokio = { version = "1.20", features = ["macros", "rt-multi-thread"] }
chrono = { version = "0.4", default-features = false, features = ["serde"] }
data-encoding.workspace = true
sea-orm = { version = "0.12", features = [
"runtime-tokio-rustls",
"macros",
sea-orm = { workspace = true, features = [
"with-chrono",
"with-uuid",
"with-json",
], default-features = false }
sea-orm-migration = { version = "0.12", default-features = false, features = [
"cli",
] }
sea-orm-migration.workspace = true
russh.workspace = true
tracing.workspace = true
uuid = { version = "1.3", features = ["v4", "serde"] }

2
warpgate-db-migrations/src/m00003_create_recording.rs
View file

@ -8,7 +8,7 @@ pub mod recording {
use crate::m00002_create_session::session;
#[derive(Debug, Clone, PartialEq, Eq, EnumIter, DeriveActiveEnum)]
#[sea_orm(rs_type = "String", db_type = "String(Some(16))")]
#[sea_orm(rs_type = "String", db_type = "String(StringLen::N(16))")]
pub enum RecordingKind {
#[sea_orm(string_value = "terminal")]
Terminal,

4
warpgate-db-migrations/src/m00007_targets_and_roles.rs
View file

@ -24,7 +24,7 @@ mod target {
use uuid::Uuid;
#[derive(Debug, PartialEq, Eq, Clone, EnumIter, DeriveActiveEnum)]
#[sea_orm(rs_type = "String", db_type = "String(Some(16))")]
#[sea_orm(rs_type = "String", db_type = "String(StringLen::N(16))")]
pub enum TargetKind {
#[sea_orm(string_value = "http")]
Http,
@ -37,7 +37,7 @@ mod target {
}
#[derive(Debug, PartialEq, Eq, Clone, EnumIter, DeriveActiveEnum)]
#[sea_orm(rs_type = "String", db_type = "String(Some(16))")]
#[sea_orm(rs_type = "String", db_type = "String(StringLen::N(16))")]
pub enum SshAuthKind {
#[sea_orm(string_value = "password")]
Password,

17
warpgate-db-migrations/src/m00010_parameters.rs
View file

@ -3,7 +3,6 @@ use sea_orm_migration::prelude::*;
pub mod parameters {
use sea_orm::entity::prelude::*;
use sea_orm::Set;
use uuid::Uuid;
#[derive(Clone, Debug, PartialEq, Eq, DeriveEntityModel)]
@ -18,22 +17,6 @@ pub mod parameters {
#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
pub enum Relation {}
impl Model {
pub async fn get(db: &DatabaseConnection) -> Result<Self, DbErr> {
match Entity::find().one(db).await? {
Some(model) => Ok(model),
None => {
ActiveModel {
id: Set(Uuid::new_v4()),
allow_own_credential_management: Set(true),
}
.insert(db)
.await
}
}
}
}
}
pub struct Migration;

23
warpgate-protocol-http/Cargo.toml
View file

@ -8,34 +8,23 @@ version = "0.13.0"
anyhow = "1.0"
async-trait = "0.1"
chrono = { version = "0.4", default-features = false, features = ["serde"] }
cookie = "0.17"
cookie = "0.18"
data-encoding.workspace = true
delegate = "0.6"
delegate.workspace = true
futures.workspace = true
http = "1.0"
once_cell = "1.17"
poem = { version = "3.1", features = [
"cookie",
"session",
"anyhow",
"rustls",
"websocket",
"sse",
"embed",
] }
poem.workspace = true
poem-openapi = { version = "5.1", features = ["swagger-ui"] }
reqwest = { version = "0.12", features = [
"rustls-tls-native-roots",
"rustls-tls-native-roots-no-provider",
"stream",
], default-features = false }
sea-orm = { version = "0.12", features = [
"runtime-tokio-rustls",
"macros",
], default-features = false }
sea-orm.workspace = true
serde.workspace = true
serde_json.workspace = true
tokio = { version = "1.20", features = ["tracing", "signal"] }
tokio-tungstenite = { version = "0.24", features = ["rustls-tls-native-roots"] }
tokio-tungstenite = { version = "0.25", features = ["rustls-tls-native-roots"] }
tracing.workspace = true
warpgate-admin = { version = "*", path = "../warpgate-admin" }
warpgate-common = { version = "*", path = "../warpgate-common" }

80
warpgate-protocol-http/src/proxy.rs
View file

@ -8,7 +8,7 @@ use delegate::delegate;
use futures::{SinkExt, StreamExt, TryStreamExt};
use http::header::HeaderName;
use http::uri::{Authority, Scheme};
use http::Uri;
use http::{HeaderValue, Uri};
use once_cell::sync::Lazy;
use poem::session::Session;
use poem::web::websocket::{Message, WebSocket};
@ -50,22 +50,29 @@ impl<B> SomeResponse for http::Response<B> {
}
trait SomeRequestBuilder {
fn header<K: Into<HeaderName>>(self, k: K, v: String) -> Self;
fn header<K: Into<HeaderName>, V>(self, k: K, v: V) -> Self
where
HeaderValue: TryFrom<V>,
<HeaderValue as TryFrom<V>>::Error: Into<http::Error>;
}
impl SomeRequestBuilder for reqwest::RequestBuilder {
delegate! {
to self {
fn header<K: Into<HeaderName>>(self, k: K, v: String) -> Self;
}
fn header<K: Into<HeaderName>, V>(self, k: K, v: V) -> Self
where
HeaderValue: TryFrom<V>,
<HeaderValue as TryFrom<V>>::Error: Into<http::Error>,
{
self.header(k, v)
}
}
impl SomeRequestBuilder for http::request::Builder {
delegate! {
to self {
fn header<K: Into<HeaderName>>(self, k: K, v: String) -> Self;
}
fn header<K: Into<HeaderName>, V>(self, k: K, v: V) -> Self
where
HeaderValue: TryFrom<V>,
<HeaderValue as TryFrom<V>>::Error: Into<http::Error>,
{
self.header(k, v)
}
}
@ -150,7 +157,7 @@ fn copy_client_response<R: SomeResponse>(
fn rewrite_request<B: SomeRequestBuilder>(mut req: B, options: &TargetHTTPOptions) -> Result<B> {
if let Some(ref headers) = options.headers {
for (k, v) in headers {
req = req.header(HeaderName::try_from(k)?, v.parse()?);
req = req.header(HeaderName::try_from(k)?, v);
}
}
Ok(req)
@ -223,10 +230,10 @@ fn inject_forwarding_headers<B: SomeRequestBuilder>(req: &Request, mut target: B
if let Some(host) = req.headers().get(http::header::HOST) {
target = target.header(
X_FORWARDED_HOST.clone(),
host.to_str()?.split(':').next().unwrap().to_string(),
host.to_str()?.split(':').next().unwrap(),
);
}
target = target.header(X_FORWARDED_PROTO.clone(), req.scheme().as_str().to_owned());
target = target.header(X_FORWARDED_PROTO.clone(), req.scheme().as_str());
if let Some(addr) = req.remote_addr().as_socket_addr() {
target = target.header(X_FORWARDED_FOR.clone(), addr.ip().to_string());
}
@ -236,16 +243,13 @@ fn inject_forwarding_headers<B: SomeRequestBuilder>(req: &Request, mut target: B
async fn inject_own_headers<B: SomeRequestBuilder>(req: &Request, mut target: B) -> Result<B> {
let session = <&Session>::from_request_without_body(req).await?;
if let Some(auth) = session.get_auth() {
target = target
.header(&X_WARPGATE_USERNAME, auth.username().into())
.header(
&X_WARPGATE_AUTHENTICATION_TYPE,
match auth {
SessionAuthorization::Ticket { .. } => "ticket",
SessionAuthorization::User { .. } => "user",
}
.into(),
);
target = target.header(&X_WARPGATE_USERNAME, auth.username()).header(
&X_WARPGATE_AUTHENTICATION_TYPE,
match auth {
SessionAuthorization::Ticket { .. } => "ticket",
SessionAuthorization::User { .. } => "user",
},
);
}
Ok(target)
}
@ -445,16 +449,24 @@ async fn proxy_ws_inner(
tracing::debug!("Server: {:?}", msg);
match msg? {
Message::Binary(data) => {
client_sink.send(tungstenite::Message::Binary(data)).await?;
client_sink
.send(tungstenite::Message::Binary(data.into()))
.await?;
}
Message::Text(text) => {
client_sink.send(tungstenite::Message::Text(text)).await?;
client_sink
.send(tungstenite::Message::Text(text.into()))
.await?;
}
Message::Ping(data) => {
client_sink.send(tungstenite::Message::Ping(data)).await?;
client_sink
.send(tungstenite::Message::Ping(data.into()))
.await?;
}
Message::Pong(data) => {
client_sink.send(tungstenite::Message::Pong(data)).await?;
client_sink
.send(tungstenite::Message::Pong(data.into()))
.await?;
}
Message::Close(data) => {
client_sink
@ -476,16 +488,22 @@ async fn proxy_ws_inner(
tracing::debug!("Client: {:?}", msg);
match msg? {
tungstenite::Message::Binary(data) => {
server_sink.send(Message::Binary(data)).await?;
server_sink
.send(Message::Binary(data.as_slice().to_vec()))
.await?;
}
tungstenite::Message::Text(text) => {
server_sink.send(Message::Text(text)).await?;
server_sink.send(Message::Text(text.to_string())).await?;
}
tungstenite::Message::Ping(data) => {
server_sink.send(Message::Ping(data)).await?;
server_sink
.send(Message::Ping(data.as_slice().to_vec()))
.await?;
}
tungstenite::Message::Pong(data) => {
server_sink.send(Message::Pong(data)).await?;
server_sink
.send(Message::Pong(data.as_slice().to_vec()))
.await?;
}
tungstenite::Message::Close(data) => {
server_sink

4
warpgate-protocol-mysql/Cargo.toml
View file

@ -16,11 +16,11 @@ tokio = { version = "1.20", features = ["tracing", "signal"] }
tracing.workspace = true
uuid = { version = "1.3", features = ["v4"] }
bytes.workspace = true
mysql_common = { version = "0.29", default-features = false }
mysql_common = { version = "0.34", default-features = false }
flate2 = { version = "1", features = ["zlib"] } # flate2 requires a backend selection feature, but mysql_common does not depend on any when default-features = false
rand = "0.8"
sha1 = "0.10"
password-hash = { version = "0.2", features = ["std"] }
password-hash.workspace = true
rustls.workspace = true
rustls-pemfile = "1.0"
tokio-rustls.workspace = true

2
warpgate-protocol-postgres/Cargo.toml
View file

@ -17,7 +17,7 @@ rustls.workspace = true
rustls-pemfile = "1.0"
tokio-rustls.workspace = true
thiserror = "1.0"
rustls-native-certs = "0.6"
rustls-native-certs = "0.8"
pgwire = { version = "0.25" }
rsasl = { version = "2.1.0", default-features = false, features = ["config_builder", "scram-sha-2", "std", "plain", "provider"] }
futures.workspace = true

4
warpgate-protocol-ssh/Cargo.toml
View file

@ -15,9 +15,7 @@ curve25519-dalek = "4.0.0" # pin due to build fail on x86
ed25519-dalek = "2.0.0" # pin due to build fail on x86 in 2.1
futures.workspace = true
russh.workspace = true
sea-orm = { version = "0.12", features = [
"runtime-tokio-rustls",
], default-features = false }
sea-orm.workspace = true
thiserror = "1.0"
time = "0.3"
tokio = { version = "1.20", features = ["tracing", "signal"] }

3
warpgate-sso/Cargo.toml
View file

@ -9,9 +9,8 @@ bytes.workspace = true
thiserror = "1.0"
tokio = { version = "1.20", features = ["tracing", "macros"] }
tracing.workspace = true
openidconnect = { version = "4.0", features = [
openidconnect = { version = "4.0", default-features = false, features = [
"reqwest",
"rustls-tls",
"accept-string-booleans",
] }
serde.workspace = true

5
warpgate/Cargo.toml
View file

@ -8,10 +8,9 @@ version = "0.13.0"
ansi_term = "0.12"
anyhow = { version = "1.0", features = ["backtrace"] }
async-trait = "0.1"
atty = "0.2"
bytes.workspace = true
clap = { version = "4.0", features = ["derive"] }
config = { version = "0.13", features = ["yaml"], default-features = false }
config = { version = "0.15", features = ["yaml"], default-features = false }
console = { version = "0.15", default-features = false }
console-subscriber = { version = "0.1", optional = true }
data-encoding.workspace = true
@ -23,7 +22,7 @@ rcgen = { version = "0.10", features = ["zeroize"] }
rustls.workspace = true
serde_json.workspace = true
serde_yaml = "0.9"
sea-orm = { version = "0.12.2", default-features = false }
sea-orm.workspace = true
time = "0.3"
tokio = { version = "1.20", features = ["tracing", "signal", "macros"] }
tracing.workspace = true

4
warpgate/src/commands/common.rs
View file

@ -1,7 +1,9 @@
use std::io::IsTerminal;
use tracing::*;
pub(crate) fn assert_interactive_terminal() {
if !atty::is(atty::Stream::Stdin) {
if !std::io::stdin().is_terminal() {
error!("Please run this command from an interactive terminal.");
if is_docker() {
info!("(have you forgotten `-it`?)");