opt: optimize code

Author: wa5i

src/core.rs

@@ -119,7 +119,7 @@ impl Default for Core {
             module_manager: ModuleManager::new(),
             mount_entry_hmac_level: MountEntryHMACLevel::None,
             mounts_monitor: ArcSwapOption::empty(),
-            mounts_monitor_interval: 5,
+            mounts_monitor_interval: 0,
             state: ArcSwap::from_pointee(CoreState::default()),
         }
     }

src/http/logical.rs

@@ -42,13 +42,15 @@ async fn logical_request_handler(
     path: web::Path<String>,
     core: web::Data<Arc<Core>>,
 ) -> Result<HttpResponse, RvError> {
-    let conn = req.conn_data::<Connection>().unwrap();
+    let Some(conn) = req.conn_data::<Connection>() else {
+        return Err(RvError::ErrRequestInvalid);
+    };
     log::debug!("logical request, connection info: {conn:?}, method: {method:?}, path: {path:?}");
 
     let mut req_conn = ReqConnection::default();
     req_conn.peer_addr = conn.peer.to_string();
-    if conn.tls.is_some() {
-        req_conn.peer_tls_cert.clone_from(&conn.tls.as_ref().unwrap().client_cert_chain);
+    if let Some(tls) = &conn.tls {
+        req_conn.peer_tls_cert.clone_from(&tls.client_cert_chain);
     }
 
     let mut r = request_auth(&req);

src/lib.rs

@@ -100,7 +100,9 @@ impl RustyVault {
 
         let core = core.wrap();
 
-        core.mounts_monitor.store(Some(Arc::new(MountsMonitor::new(core.clone(), core.mounts_monitor_interval))));
+        if core.mounts_monitor_interval > 0 {
+            core.mounts_monitor.store(Some(Arc::new(MountsMonitor::new(core.clone(), core.mounts_monitor_interval))));
+        }
 
         core.module_manager.set_default_modules(core.clone())?;
 

src/logical/backend.rs

@@ -126,12 +126,12 @@ impl LogicalBackend {
     }
 
     pub fn handle_auth_renew(&self, req: &mut Request) -> Result<Option<Response>, RvError> {
-        if self.auth_renew_handler.is_none() {
+        let Some(auth_renew_handler) = self.auth_renew_handler.as_ref() else {
             log::error!("this auth type doesn't support renew");
             return Err(RvError::ErrLogicalOperationUnsupported);
-        }
+        };
 
-        (self.auth_renew_handler.as_ref().unwrap())(self, req)
+        auth_renew_handler(self, req)
     }
 
     pub fn handle_revoke_renew(&self, req: &mut Request) -> Result<Option<Response>, RvError> {

src/logical/request.rs

@@ -89,27 +89,28 @@ impl Request {
     }
 
     fn get_data_raw(&self, key: &str, default: bool) -> Result<Value, RvError> {
-        let field = self.match_path.as_ref().unwrap().get_field(key);
-        if field.is_none() {
+        let Some(match_path) = self.match_path.as_ref() else {
+            return Err(RvError::ErrRequestNotReady);
+        };
+        let Some(field) = match_path.get_field(key) else {
             return Err(RvError::ErrRequestNoDataField);
-        }
-        let field = field.unwrap();
+        };
 
-        if self.data.is_some() {
-            if let Some(data) = self.data.as_ref().unwrap().get(key) {
-                if !field.check_data_type(data) {
+        if let Some(data) = self.data.as_ref() {
+            if let Some(value) = data.get(key) {
+                if !field.check_data_type(value) {
                     return Err(RvError::ErrRequestFieldInvalid);
                 }
-                return Ok(data.clone());
+                return Ok(value.clone());
             }
         }
 
-        if self.body.is_some() {
-            if let Some(data) = self.body.as_ref().unwrap().get(key) {
-                if !field.check_data_type(data) {
+        if let Some(body) = self.body.as_ref() {
+            if let Some(value) = body.get(key) {
+                if !field.check_data_type(value) {
                     return Err(RvError::ErrRequestFieldInvalid);
                 }
-                return Ok(data.clone());
+                return Ok(value.clone());
             }
         }
 
@@ -184,10 +185,12 @@ impl Request {
     }
 
     pub fn get_field_default_or_zero(&self, key: &str) -> Result<Value, RvError> {
-        if self.match_path.is_none() {
+        let Some(match_path) = self.match_path.as_ref() else {
             return Err(RvError::ErrRequestNotReady);
-        }
-        let field = self.match_path.as_ref().unwrap().get_field(key).ok_or(RvError::ErrRequestNoDataField)?;
+        };
+        let Some(field) = match_path.get_field(key) else {
+            return Err(RvError::ErrRequestNoDataField);
+        };
         field.get_default()
     }
 
@@ -199,16 +202,16 @@ impl Request {
 
     //TODO: the sensitive data is still in the memory. Need to totally resolve this in `serde_json` someday.
     pub fn clear_data(&mut self, key: &str) {
-        if self.data.is_some() {
-            if let Some(secret_str) = self.data.as_mut().unwrap().get_mut(key) {
+        if let Some(data) = self.data.as_mut() {
+            if let Some(secret_str) = data.get_mut(key) {
                 if let Value::String(ref mut s) = *secret_str {
                     "".clone_into(s);
                 }
             }
         }
 
-        if self.body.is_some() {
-            if let Some(secret_str) = self.body.as_mut().unwrap().get_mut(key) {
+        if let Some(body) = self.body.as_mut() {
+            if let Some(secret_str) = body.get_mut(key) {
                 if let Value::String(ref mut s) = *secret_str {
                     "".clone_into(s);
                 }
@@ -217,34 +220,34 @@ impl Request {
     }
 
     pub fn storage_list(&self, prefix: &str) -> Result<Vec<String>, RvError> {
-        if self.storage.is_none() {
+        let Some(storage) = self.storage.as_ref() else {
             return Err(RvError::ErrRequestNotReady);
-        }
+        };
 
-        self.storage.as_ref().unwrap().list(prefix)
+        storage.list(prefix)
     }
 
     pub fn storage_get(&self, key: &str) -> Result<Option<StorageEntry>, RvError> {
-        if self.storage.is_none() {
+        let Some(storage) = self.storage.as_ref() else {
             return Err(RvError::ErrRequestNotReady);
-        }
+        };
 
-        self.storage.as_ref().unwrap().get(key)
+        storage.get(key)
     }
 
     pub fn storage_put(&self, entry: &StorageEntry) -> Result<(), RvError> {
-        if self.storage.is_none() {
+        let Some(storage) = self.storage.as_ref() else {
             return Err(RvError::ErrRequestNotReady);
-        }
+        };
 
-        self.storage.as_ref().unwrap().put(entry)
+        storage.put(entry)
     }
 
     pub fn storage_delete(&self, key: &str) -> Result<(), RvError> {
-        if self.storage.is_none() {
+        let Some(storage) = self.storage.as_ref() else {
             return Err(RvError::ErrRequestNotReady);
-        }
+        };
 
-        self.storage.as_ref().unwrap().delete(key)
+        storage.delete(key)
     }
 }

src/modules/auth/mod.rs

@@ -196,12 +196,11 @@ impl AuthModule {
             return Err(RvError::ErrMountPathExist);
         }
 
-        let src_match = mounts_router.router.matching_mount_entry(&src)?;
-        if src_match.is_none() {
+        let Some(src_match) = mounts_router.router.matching_mount_entry(&src)? else {
             return Err(RvError::ErrMountNotMatch);
-        }
+        };
 
-        let mut src_entry = src_match.as_ref().unwrap().write()?;
+        let mut src_entry = src_match.write()?;
         src_entry.tainted = true;
 
         mounts_router.router.taint(&src)?;
@@ -217,7 +216,7 @@ impl AuthModule {
         std::mem::drop(src_entry);
 
         if let Err(e) = mounts_router.mounts.persist(self.barrier.as_storage()) {
-            let mut src_entry = src_match.as_ref().unwrap().write()?;
+            let mut src_entry = src_match.write()?;
             src_entry.path = src_path;
             src_entry.tainted = true;
             return Err(e);
@@ -336,7 +335,9 @@ impl Module for AuthModule {
         self.load_auth(Some(&core.state.load().hmac_key), core.mount_entry_hmac_level)?;
         self.setup_auth()?;
 
-        core.mounts_monitor.load().as_ref().unwrap().add_mounts_router(self.mounts_router.clone());
+        if let Some(mounts_monitor) = core.mounts_monitor.load().as_ref() {
+            mounts_monitor.add_mounts_router(self.mounts_router.clone());
+        }
 
         expiration.restore()?;
         expiration.start_check_expired_lease_entries();
@@ -347,7 +348,9 @@ impl Module for AuthModule {
     }
 
     fn cleanup(&self, core: &Core) -> Result<(), RvError> {
-        core.mounts_monitor.load().as_ref().unwrap().remove_mounts_router(self.mounts_router.clone());
+        if let Some(mounts_monitor) = core.mounts_monitor.load().as_ref() {
+            mounts_monitor.remove_mounts_router(self.mounts_router.clone());
+        }
         core.delete_handler(self.token_store.load().as_ref().unwrap().clone() as Arc<dyn Handler>)?;
         self.delete_auth_backend("token")?;
         self.teardown_auth()?;

src/modules/auth/token_store.rs

@@ -307,11 +307,9 @@ impl TokenStore {
 
     /// Creates a token entry in the storage.
     pub fn create(&self, entry: &mut TokenEntry) -> Result<(), RvError> {
-        if self.view.is_none() {
+        let Some(view) = self.view.as_ref() else {
             return Err(RvError::ErrModuleNotInit);
-        }
-
-        let view = self.view.as_ref().unwrap();
+        };
 
         if entry.id.is_empty() {
             entry.id = generate_uuid();
@@ -338,11 +336,9 @@ impl TokenStore {
 
     /// Uses the token and decrements its use count.
     pub fn use_token(&self, entry: &mut TokenEntry) -> Result<(), RvError> {
-        if self.view.is_none() {
+        let Some(view) = self.view.as_ref() else {
             return Err(RvError::ErrModuleNotInit);
-        }
-
-        let view = self.view.as_ref().unwrap();
+        };
 
         if entry.num_uses == 0 {
             return Ok(());
@@ -403,11 +399,9 @@ impl TokenStore {
     }
 
     pub fn lookup_salted(&self, salted_id: &str) -> Result<Option<TokenEntry>, RvError> {
-        if self.view.is_none() {
+        let Some(view) = self.view.as_ref() else {
             return Err(RvError::ErrModuleNotInit);
-        }
-
-        let view = self.view.as_ref().unwrap();
+        };
 
         let path = format!("{TOKEN_LOOKUP_PREFIX}{salted_id}");
         let raw = view.get(&path)?;
@@ -429,11 +423,9 @@ impl TokenStore {
     }
 
     pub fn revoke_salted(&self, salted_id: &str) -> Result<(), RvError> {
-        if self.view.is_none() {
+        let Some(view) = self.view.as_ref() else {
             return Err(RvError::ErrModuleNotInit);
-        }
-
-        let view = self.view.as_ref().unwrap();
+        };
 
         let entry = self.lookup_salted(salted_id)?;
 
@@ -470,11 +462,9 @@ impl TokenStore {
     }
 
     pub fn revoke_tree_salted(&self, salted_id: &str) -> Result<(), RvError> {
-        if self.view.is_none() {
+        let Some(view) = self.view.as_ref() else {
             return Err(RvError::ErrModuleNotInit);
-        }
-
-        let view = self.view.as_ref().unwrap();
+        };
 
         let path = format!("{TOKEN_PARENT_PREFIX}{salted_id}/");
 

src/modules/credential/approle/path_role.rs

@@ -941,12 +941,11 @@ impl AppRoleBackendInner {
     }
 
     pub fn set_role_id(&self, req: &mut Request, role_id: &str, role_id_entry: &RoleIdEntry) -> Result<(), RvError> {
-        let salt = self.salt.load();
-        if salt.is_none() {
+        let Some(salt) = self.salt.load_full() else {
             return Err(RvError::ErrResponse("salt not found".to_string()));
-        }
+        };
 
-        let salt_id = salt.as_ref().unwrap().salt_id(role_id)?;
+        let salt_id = salt.salt_id(role_id)?;
 
         let entry = StorageEntry::new(format!("role_id/{salt_id}").as_str(), role_id_entry)?;
 
@@ -958,12 +957,11 @@ impl AppRoleBackendInner {
             return Err(RvError::ErrResponse("missing role_id".to_string()));
         }
 
-        let salt = self.salt.load();
-        if salt.is_none() {
+        let Some(salt) = self.salt.load_full() else {
             return Err(RvError::ErrResponse("salt not found".to_string()));
-        }
+        };
 
-        let salt_id = salt.as_ref().unwrap().salt_id(role_id)?;
+        let salt_id = salt.salt_id(role_id)?;
 
         req.storage_delete(format!("role_id/{salt_id}").as_str())?;
 

src/modules/system/mod.rs

@@ -597,18 +597,16 @@ impl SystemBackend {
         let policy_module = self.get_module::<PolicyModule>("policy")?;
         let auth_module = self.get_module::<AuthModule>("auth")?;
 
-        if auth_module.token_store.load().is_none() {
+        let Some(token_store) = auth_module.token_store.load_full() else {
             return Err(RvError::ErrPermissionDenied);
-        }
+        };
 
         let mut secret_mounts = Map::new();
         let mut auth_mounts = Map::new();
 
         let mut is_authed = false;
 
-        let acl: Option<ACL> = if let Some(auth) =
-            auth_module.token_store.load().as_ref().unwrap().check_token(&req.path, &req.client_token)?
-        {
+        let acl: Option<ACL> = if let Some(auth) = token_store.check_token(&req.path, &req.client_token)? {
             if auth.policies.is_empty() {
                 None
             } else {
@@ -624,10 +622,14 @@ impl SystemBackend {
                 return false;
             }
 
+            let Some(acl) = acl.as_ref() else {
+                return false;
+            };
+
             if me.table == AUTH_TABLE_TYPE {
-                acl.as_ref().unwrap().has_mount_access(&format!("{}/{}", AUTH_TABLE_TYPE, me.path))
+                acl.has_mount_access(&format!("{}/{}", AUTH_TABLE_TYPE, me.path))
             } else {
-                acl.as_ref().unwrap().has_mount_access(me.path.as_str())
+                acl.has_mount_access(me.path.as_str())
             }
         };