17 changed files with 560 additions and 1096 deletions
--- a/.gitignore
+++ b/.gitignore
@ -3,7 +3,6 @@ xcuserdata
 # Rust
 target/
 .env
 .DS_STORE
 .idea/
--- a/Apple/Burrow.xcodeproj/project.pbxproj
+++ b/Apple/Burrow.xcodeproj/project.pbxproj
@ -294,6 +294,7 @@
 			buildRules = (
 			);
 			dependencies = (
 				D082527D2B5DEB80005DA378 /* PBXTargetDependency */,
 			);
 			name = Shared;
 			productName = Shared;
@ -312,6 +313,7 @@
 			buildRules = (
 			);
 			dependencies = (
 				D08252792B5DEB78005DA378 /* PBXTargetDependency */,
 				D00117492B30373500D87C25 /* PBXTargetDependency */,
 			);
 			name = NetworkExtension;
@ -332,6 +334,7 @@
 			buildRules = (
 			);
 			dependencies = (
 				D082527B2B5DEB7D005DA378 /* PBXTargetDependency */,
 				D00117472B30373100D87C25 /* PBXTargetDependency */,
 				D020F65C29E4A697002790F6 /* PBXTargetDependency */,
 			);
@ -371,6 +374,7 @@
 			);
 			mainGroup = D05B9F6929E39EEC008CB1F9;
 			packageReferences = (
 				D08252772B5DEB6E005DA378 /* XCRemoteSwiftPackageReference "SwiftLint" */,
 			);
 			productRefGroup = D05B9F7329E39EEC008CB1F9 /* Products */;
 			projectDirPath = "";
@ -509,6 +513,18 @@
 			target = D020F65229E4A697002790F6 /* NetworkExtension */;
 			targetProxy = D020F65B29E4A697002790F6 /* PBXContainerItemProxy */;
 		};
 		D08252792B5DEB78005DA378 /* PBXTargetDependency */ = {
 			isa = PBXTargetDependency;
 			productRef = D08252782B5DEB78005DA378 /* SwiftLintPlugin */;
 		};
 		D082527B2B5DEB7D005DA378 /* PBXTargetDependency */ = {
 			isa = PBXTargetDependency;
 			productRef = D082527A2B5DEB7D005DA378 /* SwiftLintPlugin */;
 		};
 		D082527D2B5DEB80005DA378 /* PBXTargetDependency */ = {
 			isa = PBXTargetDependency;
 			productRef = D082527C2B5DEB80005DA378 /* SwiftLintPlugin */;
 		};
 /* End PBXTargetDependency section */
 /* Begin XCBuildConfiguration section */
@ -608,6 +624,35 @@
 			defaultConfigurationName = Release;
 		};
 /* End XCConfigurationList section */
 /* Begin XCRemoteSwiftPackageReference section */
 		D08252772B5DEB6E005DA378 /* XCRemoteSwiftPackageReference "SwiftLint" */ = {
 			isa = XCRemoteSwiftPackageReference;
 			repositoryURL = "https://github.com/realm/SwiftLint.git";
 			requirement = {
 				branch = main;
 				kind = branch;
 			};
 		};
 /* End XCRemoteSwiftPackageReference section */
 /* Begin XCSwiftPackageProductDependency section */
 		D08252782B5DEB78005DA378 /* SwiftLintPlugin */ = {
 			isa = XCSwiftPackageProductDependency;
 			package = D08252772B5DEB6E005DA378 /* XCRemoteSwiftPackageReference "SwiftLint" */;
 			productName = "plugin:SwiftLintPlugin";
 		};
 		D082527A2B5DEB7D005DA378 /* SwiftLintPlugin */ = {
 			isa = XCSwiftPackageProductDependency;
 			package = D08252772B5DEB6E005DA378 /* XCRemoteSwiftPackageReference "SwiftLint" */;
 			productName = "plugin:SwiftLintPlugin";
 		};
 		D082527C2B5DEB80005DA378 /* SwiftLintPlugin */ = {
 			isa = XCSwiftPackageProductDependency;
 			package = D08252772B5DEB6E005DA378 /* XCRemoteSwiftPackageReference "SwiftLint" */;
 			productName = "plugin:SwiftLintPlugin";
 		};
 /* End XCSwiftPackageProductDependency section */
 	};
 	rootObject = D05B9F6A29E39EEC008CB1F9 /* Project object */;
 }
--- a/Apple/Burrow.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved
+++ b/Apple/Burrow.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved
@ -0,0 +1,86 @@
 {
  "pins" : [
    {
      "identity" : "collectionconcurrencykit",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/JohnSundell/CollectionConcurrencyKit.git",
      "state" : {
        "revision" : "b4f23e24b5a1bff301efc5e70871083ca029ff95",
        "version" : "0.2.0"
      }
    },
    {
      "identity" : "cryptoswift",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/krzyzanowskim/CryptoSwift.git",
      "state" : {
        "revision" : "7892a123f7e8d0fe62f9f03728b17bbd4f94df5c",
        "version" : "1.8.1"
      }
    },
    {
      "identity" : "sourcekitten",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/jpsim/SourceKitten.git",
      "state" : {
        "revision" : "b6dc09ee51dfb0c66e042d2328c017483a1a5d56",
        "version" : "0.34.1"
      }
    },
    {
      "identity" : "swift-argument-parser",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/apple/swift-argument-parser.git",
      "state" : {
        "revision" : "8f4d2753f0e4778c76d5f05ad16c74f707390531",
        "version" : "1.2.3"
      }
    },
    {
      "identity" : "swift-syntax",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/apple/swift-syntax.git",
      "state" : {
        "revision" : "64889f0c732f210a935a0ad7cda38f77f876262d",
        "version" : "509.1.1"
      }
    },
    {
      "identity" : "swiftlint",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/realm/SwiftLint.git",
      "state" : {
        "branch" : "main",
        "revision" : "7595ad3fafc1a31086dc40ba01fd898bf6b42d5f"
      }
    },
    {
      "identity" : "swiftytexttable",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/scottrhoyt/SwiftyTextTable.git",
      "state" : {
        "revision" : "c6df6cf533d120716bff38f8ff9885e1ce2a4ac3",
        "version" : "0.9.0"
      }
    },
    {
      "identity" : "swxmlhash",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/drmohundro/SWXMLHash.git",
      "state" : {
        "revision" : "a853604c9e9a83ad9954c7e3d2a565273982471f",
        "version" : "7.0.2"
      }
    },
    {
      "identity" : "yams",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/jpsim/Yams.git",
      "state" : {
        "revision" : "0d9ee7ea8c4ebd4a489ad7a73d5c6cad55d6fed3",
        "version" : "5.0.6"
      }
    }
  ],
  "version" : 2
 }
--- a/Apple/NetworkExtension/libburrow/build-rust.sh
+++ b/Apple/NetworkExtension/libburrow/build-rust.sh
@ -70,7 +70,7 @@ fi
 # Run cargo without the various environment variables set by Xcode.
 # Those variables can confuse cargo and the build scripts it runs.
-env -i PATH="$CARGO_PATH" CARGO_TARGET_DIR="${CONFIGURATION_TEMP_DIR}/target" IPHONEOS_DEPLOYMENT_TARGET="$IPHONEOS_DEPLOYMENT_TARGET" MACOSX_DEPLOYMENT_TARGET="$MACOSX_DEPLOYMENT_TARGET" cargo build "${CARGO_ARGS[@]}"
+env -i PATH="$CARGO_PATH" CARGO_TARGET_DIR="${CONFIGURATION_TEMP_DIR}/target" cargo build "${CARGO_ARGS[@]}"
 mkdir -p "${BUILT_PRODUCTS_DIR}"
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@ -2,8 +2,3 @@
 members = ["burrow", "tun"]
 resolver = "2"
 exclude = ["burrow-gtk"]
 [profile.release]
 lto = true
 panic = "abort"
 opt-level = "z"
--- a/37
+++ b/37
@ -1,4 +1,4 @@
-FROM docker.io/library/rust:1.77-slim-bookworm AS builder
+FROM docker.io/library/rust:1.76.0-slim-bookworm AS builder
 ARG TARGETPLATFORM
 ARG LLVM_VERSION=16
@ -8,7 +8,7 @@ ENV KEYRINGS /etc/apt/keyrings
 RUN set -eux && \
    mkdir -p $KEYRINGS && \
    apt-get update && \
-    apt-get install --no-install-recommends -y gpg curl busybox make musl-dev && \
+    apt-get install --no-install-recommends -y gpg curl musl-dev && \
    curl --proto '=https' --tlsv1.2 -sSf https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --dearmor --output $KEYRINGS/llvm.gpg && \
    echo "deb [signed-by=$KEYRINGS/llvm.gpg] http://apt.llvm.org/bookworm/ llvm-toolchain-bookworm-$LLVM_VERSION main" > /etc/apt/sources.list.d/llvm.list && \
    apt-get update && \
@ -24,31 +24,30 @@ RUN set -eux && \
    apt-get remove -y --auto-remove && \
    rm -rf /var/lib/apt/lists/*
-RUN case $TARGETPLATFORM in \
+ARG SQLITE_VERSION=3400100
    "linux/arm64") LLVM_TARGET=aarch64-unknown-linux-musl ;; \
    "linux/amd64") LLVM_TARGET=x86_64-unknown-linux-musl ;; \
    *) exit 1 ;; \
    esac && \
    rustup target add $LLVM_TARGET
 ARG SQLITE_VERSION=3460000
 RUN case $TARGETPLATFORM in \
     "linux/arm64") LLVM_TARGET=aarch64-unknown-linux-musl MUSL_TARGET=aarch64-linux-musl ;; \
     "linux/amd64") LLVM_TARGET=x86_64-unknown-linux-musl MUSL_TARGET=x86_64-linux-musl ;; \
     *) exit 1 ;; \
    esac && \
-    curl --proto '=https' --tlsv1.2 -sSfO https://www.sqlite.org/2024/sqlite-autoconf-$SQLITE_VERSION.tar.gz && \
+    rustup target add $LLVM_TARGET && \
    curl --proto '=https' --tlsv1.2 -sSfO https://www.sqlite.org/2022/sqlite-autoconf-$SQLITE_VERSION.tar.gz && \
    tar xf sqlite-autoconf-$SQLITE_VERSION.tar.gz && \
    rm sqlite-autoconf-$SQLITE_VERSION.tar.gz && \
    cd sqlite-autoconf-$SQLITE_VERSION && \
-    ./configure --disable-shared --disable-dependency-tracking \
+    ./configure --disable-shared \
        CC="clang-$LLVM_VERSION -target $LLVM_TARGET" \
        CFLAGS="-I/usr/local/include -I/usr/include/$MUSL_TARGET" \
        LDFLAGS="-L/usr/local/lib -L/usr/lib/$MUSL_TARGET -L/lib/$MUSL_TARGET" && \
    make && \
    make install && \
    cd .. && \
-    rm -rf sqlite-autoconf-$SQLITE_VERSION sqlite-autoconf-$SQLITE_VERSION.tar.gz
+    rm -rf sqlite-autoconf-$SQLITE_VERSION
 ENV SQLITE3_STATIC=1 \
    SQLITE3_INCLUDE_DIR=/usr/local/include \
    SQLITE3_LIB_DIR=/usr/local/lib
 ENV CC_x86_64_unknown_linux_musl=clang-$LLVM_VERSION \
    AR_x86_64_unknown_linux_musl=llvm-ar-$LLVM_VERSION \
@ -56,10 +55,7 @@ ENV CC_x86_64_unknown_linux_musl=clang-$LLVM_VERSION \
    AR_aarch64_unknown_linux_musl=llvm-ar-$LLVM_VERSION \
    CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_RUSTFLAGS="-L/usr/lib/x86_64-linux-musl -L/lib/x86_64-linux-musl -C linker=rust-lld" \
    CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_RUSTFLAGS="-L/usr/lib/aarch64-linux-musl -L/lib/aarch64-linux-musl -C linker=rust-lld" \
-    CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse \
+    CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse
    SQLITE3_STATIC=1 \
    SQLITE3_INCLUDE_DIR=/usr/local/include \
    SQLITE3_LIB_DIR=/usr/local/lib
 COPY . .
@ -75,8 +71,7 @@ WORKDIR /tmp/rootfs
 RUN set -eux && \
    mkdir -p ./bin ./etc ./tmp ./data && \
    mv /usr/local/cargo/bin/burrow ./bin/burrow && \
-    cp /bin/busybox ./bin/busybox && \
+    echo 'burrow:x:10001:10001::/tmp:/sbin/nologin' > ./etc/passwd && \
    echo 'burrow:x:10001:10001::/tmp:/bin/busybox' > ./etc/passwd && \
    echo 'burrow:x:10001:' > ./etc/group && \
    chown -R 10001:10001 ./tmp ./data && \
    chmod 0777 ./tmp
@ -95,6 +90,4 @@ USER 10001:10001
 COPY --from=builder /tmp/rootfs /
 WORKDIR /data
-EXPOSE 8080
+ENTRYPOINT ["/bin/burrow"]
 CMD ["/bin/burrow", "auth-server"]
--- a/burrow/Cargo.toml
+++ b/burrow/Cargo.toml
@ -10,13 +10,12 @@ crate-type = ["lib", "staticlib"]
 [dependencies]
 anyhow = "1.0"
-tokio = { version = "1.37", features = [
+tokio = { version = "1.21", features = [
    "rt",
    "macros",
    "sync",
    "io-util",
    "rt-multi-thread",
    "signal",
    "time",
    "tracing",
 ] }
@ -51,13 +50,9 @@ futures = "0.3.28"
 once_cell = "1.19"
 console-subscriber = { version = "0.2.0", optional = true }
 console = "0.15.8"
-axum = "0.7.4"
+
-reqwest = { version = "0.12", default-features = false, features = [
+[dependencies.rusqlite]
-    "json",
+version = "0.31.0"
    "rustls-tls",
 ] }
 rusqlite = "0.31.0"
 dotenv = "0.15.0"
 [target.'cfg(target_os = "linux")'.dependencies]
 caps = "0.5"
--- a/burrow/src/auth/client.rs
+++ b/burrow/src/auth/client.rs
@ -1,24 +0,0 @@
 use std::env::var;
 use anyhow::Result;
 use reqwest::Url;
 pub async fn login() -> Result<()> {
    let state = "vt :P";
    let nonce = "no";
    let mut url = Url::parse("https://slack.com/openid/connect/authorize")?;
    let mut q = url.query_pairs_mut();
    q.append_pair("response_type", "code");
    q.append_pair("scope", "openid profile email");
    q.append_pair("client_id", &var("CLIENT_ID")?);
    q.append_pair("state", state);
    q.append_pair("team", &var("SLACK_TEAM_ID")?);
    q.append_pair("nonce", nonce);
    q.append_pair("redirect_uri", "https://burrow.rs/callback");
    drop(q);
    println!("Continue auth in your browser:\n{}", url.as_str());
    Ok(())
 }
--- a/burrow/src/auth/mod.rs
+++ b/burrow/src/auth/mod.rs
@ -1,2 +0,0 @@
 pub mod client;
 pub mod server;
--- a/burrow/src/auth/server/db.rs
+++ b/burrow/src/auth/server/db.rs
@ -1,89 +0,0 @@
 use anyhow::Result;
 pub static PATH: &str = "./server.sqlite3";
 pub fn init_db() -> Result<()> {
    let conn = rusqlite::Connection::open(PATH)?;
    conn.execute(
        "CREATE TABLE IF NOT EXISTS user (
 			id PRIMARY KEY,
 			created_at TEXT NOT NULL
 		)",
        (),
    )?;
    conn.execute(
        "CREATE TABLE IF NOT EXISTS user_connection (
 			user_id INTEGER REFERENCES user(id) ON DELETE CASCADE,
 			openid_provider TEXT NOT NULL,
 			openid_user_id TEXT NOT NULL,
 			openid_user_name TEXT NOT NULL,
 			access_token TEXT NOT NULL,
 			refresh_token TEXT,
 			PRIMARY KEY (openid_provider, openid_user_id)
        )",
        (),
    )?;
    conn.execute(
        "CREATE TABLE IF NOT EXISTS device (
            id INTEGER PRIMARY KEY AUTOINCREMENT,
            name TEXT,
            public_key TEXT NOT NULL,
            apns_token TEXT UNIQUE,
            user_id INT REFERENCES user(id) ON DELETE CASCADE,
            created_at TEXT NOT NULL DEFAULT (datetime('now')) CHECK(created_at IS datetime(created_at)),
            ipv4 TEXT NOT NULL UNIQUE,
            ipv6 TEXT NOT NULL UNIQUE,
            access_token TEXT NOT NULL UNIQUE,
            refresh_token TEXT NOT NULL UNIQUE,
            expires_at TEXT NOT NULL DEFAULT (datetime('now', '+7 days')) CHECK(expires_at IS datetime(expires_at))
        )",
        ()
    ).unwrap();
    Ok(())
 }
 pub fn store_connection(
    openid_user: super::providers::OpenIdUser,
    openid_provider: &str,
    access_token: &str,
    refresh_token: Option<&str>,
 ) -> Result<()> {
    log::debug!("Storing openid user {:#?}", openid_user);
    let conn = rusqlite::Connection::open(PATH)?;
    conn.execute(
        "INSERT OR IGNORE INTO user (id, created_at) VALUES (?, datetime('now'))",
        (&openid_user.sub,),
    )?;
    conn.execute(
        "INSERT INTO user_connection (user_id, openid_provider, openid_user_id, openid_user_name, access_token, refresh_token) VALUES (
        	(SELECT id FROM user WHERE id = ?),
         	?,
          	?,
           	?,
            ?,
            ?
        )",
        (&openid_user.sub, &openid_provider, &openid_user.sub, &openid_user.name, access_token, refresh_token),
    )?;
    Ok(())
 }
 pub fn store_device(
    openid_user: super::providers::OpenIdUser,
    openid_provider: &str,
    access_token: &str,
    refresh_token: Option<&str>,
 ) -> Result<()> {
    log::debug!("Storing openid user {:#?}", openid_user);
    let conn = rusqlite::Connection::open(PATH)?;
    // TODO
    Ok(())
 }
--- a/burrow/src/auth/server/mod.rs
+++ b/burrow/src/auth/server/mod.rs
@ -1,62 +0,0 @@
 pub mod db;
 pub mod providers;
 use anyhow::Result;
 use axum::{http::StatusCode, routing::post, Router};
 use providers::slack::auth;
 use tokio::signal;
 pub async fn serve() -> Result<()> {
    db::init_db()?;
    let app = Router::new()
        .route("/slack-auth", post(auth))
        .route("/device/new", post(device_new));
    let listener = tokio::net::TcpListener::bind("0.0.0.0:8080").await.unwrap();
    log::info!("Starting auth server on port 8080");
    axum::serve(listener, app)
        .with_graceful_shutdown(shutdown_signal())
        .await
        .unwrap();
    Ok(())
 }
 async fn device_new() -> StatusCode {
    StatusCode::OK
 }
 async fn shutdown_signal() {
    let ctrl_c = async {
        signal::ctrl_c()
            .await
            .expect("failed to install Ctrl+C handler");
    };
    #[cfg(unix)]
    let terminate = async {
        signal::unix::signal(signal::unix::SignalKind::terminate())
            .expect("failed to install signal handler")
            .recv()
            .await;
    };
    #[cfg(not(unix))]
    let terminate = std::future::pending::<()>();
    tokio::select! {
        _ = ctrl_c => {},
        _ = terminate => {},
    }
 }
 // mod db {
 //     use rusqlite::{Connection, Result};
 //     #[derive(Debug)]
 //     struct User {
 //         id: i32,
 //         created_at: String,
 //     }
 // }
--- a/burrow/src/auth/server/providers/mod.rs
+++ b/burrow/src/auth/server/providers/mod.rs
@ -1,8 +0,0 @@
 pub mod slack;
 pub use super::db;
 #[derive(serde::Deserialize, Default, Debug)]
 pub struct OpenIdUser {
    pub sub: String,
    pub name: String,
 }
--- a/burrow/src/auth/server/providers/slack.rs
+++ b/burrow/src/auth/server/providers/slack.rs
@ -1,102 +0,0 @@
 use anyhow::Result;
 use axum::{
    extract::Json,
    http::StatusCode,
    routing::{get, post},
 };
 use reqwest::header::AUTHORIZATION;
 use serde::Deserialize;
 use super::db::store_connection;
 #[derive(Deserialize)]
 pub struct SlackToken {
    slack_token: String,
 }
 pub async fn auth(Json(payload): Json<SlackToken>) -> (StatusCode, String) {
    let slack_user = match fetch_slack_user(&payload.slack_token).await {
        Ok(user) => user,
        Err(e) => {
            log::error!("Failed to fetch Slack user: {:?}", e);
            return (StatusCode::UNAUTHORIZED, String::new());
        }
    };
    log::info!(
        "Slack user {} ({}) logged in.",
        slack_user.name,
        slack_user.sub
    );
    let conn = match store_connection(slack_user, "slack", &payload.slack_token, None) {
        Ok(user) => user,
        Err(e) => {
            log::error!("Failed to fetch Slack user: {:?}", e);
            return (StatusCode::UNAUTHORIZED, String::new());
        }
    };
    (StatusCode::OK, String::new())
 }
 async fn fetch_slack_user(access_token: &str) -> Result<super::OpenIdUser> {
    let client = reqwest::Client::new();
    let res = client
        .get("https://slack.com/api/openid.connect.userInfo")
        .header(AUTHORIZATION, format!("Bearer {}", access_token))
        .send()
        .await?
        .json::<serde_json::Value>()
        .await?;
    let res_ok = res
        .get("ok")
        .and_then(|v| v.as_bool())
        .ok_or(anyhow::anyhow!("Slack user object not ok!"))?;
    if !res_ok {
        return Err(anyhow::anyhow!("Slack user object not ok!"));
    }
    Ok(serde_json::from_value(res)?)
 }
 // async fn fetch_save_slack_user_data(query: Query<CallbackQuery>) -> anyhow::Result<()> {
 //     let client = reqwest::Client::new();
 //     log::trace!("Code was {}", &query.code);
 //     let mut url = Url::parse("https://slack.com/api/openid.connect.token")?;
 //     {
 //         let mut q = url.query_pairs_mut();
 //         q.append_pair("client_id", &var("CLIENT_ID")?);
 //         q.append_pair("client_secret", &var("CLIENT_SECRET")?);
 //         q.append_pair("code", &query.code);
 //         q.append_pair("grant_type", "authorization_code");
 //         q.append_pair("redirect_uri", "https://burrow.rs/callback");
 //     }
 //     let data = client
 //         .post(url)
 //         .send()
 //         .await?
 //         .json::<slack::CodeExchangeResponse>()
 //         .await?;
 //     if !data.ok {
 //         return Err(anyhow::anyhow!("Slack code exchange response not ok!"));
 //     }
 //     if let Some(access_token) = data.access_token {
 //         log::trace!("Access token is {access_token}");
 //         let user = slack::fetch_slack_user(&access_token)
 //             .await
 //             .map_err(|err| anyhow::anyhow!("Failed to fetch Slack user info {:#?}", err))?;
 //         db::store_user(user, access_token, String::new())
 //             .map_err(|_| anyhow::anyhow!("Failed to store user in db"))?;
 //         Ok(())
 //     } else {
 //         Err(anyhow::anyhow!("Access token not found in response"))
 //     }
 // }
--- a/burrow/src/lib.rs
+++ b/burrow/src/lib.rs
@ -5,8 +5,6 @@ pub mod wireguard;
 mod daemon;
 #[cfg(any(target_os = "linux", target_vendor = "apple"))]
 pub mod database;
 #[cfg(any(target_os = "linux", target_vendor = "apple"))]
 mod auth;
 pub(crate) mod tracing;
 #[cfg(target_vendor = "apple")]
--- a/burrow/src/main.rs
+++ b/burrow/src/main.rs
@ -7,9 +7,6 @@ pub(crate) mod tracing;
 #[cfg(any(target_os = "linux", target_vendor = "apple"))]
 mod wireguard;
 #[cfg(any(target_os = "linux", target_vendor = "apple"))]
 mod auth;
 #[cfg(any(target_os = "linux", target_vendor = "apple"))]
 use daemon::{DaemonClient, DaemonCommand, DaemonStartOptions};
 use tun::TunOptions;
@ -50,15 +47,12 @@ enum Commands {
    ServerConfig,
    /// Reload Config
    ReloadConfig(ReloadConfigArgs),
    /// Authentication server
    AuthServer,
 }
 #[derive(Args)]
 struct ReloadConfigArgs {
    #[clap(long, short)]
    interface_id: String,
 }
 #[derive(Args)]
@ -139,10 +133,9 @@ async fn try_reloadconfig(interface_id: String) -> Result<()> {
 }
 #[cfg(any(target_os = "linux", target_vendor = "apple"))]
-#[tokio::main]
+#[tokio::main(flavor = "current_thread")]
 async fn main() -> Result<()> {
    tracing::initialize();
    dotenv::dotenv().ok();
    let cli = Cli::parse();
    match &cli.command {
@ -152,7 +145,6 @@ async fn main() -> Result<()> {
        Commands::ServerInfo => try_serverinfo().await?,
        Commands::ServerConfig => try_serverconfig().await?,
        Commands::ReloadConfig(args) => try_reloadconfig(args.interface_id.clone()).await?,
        Commands::AuthServer => crate::auth::server::serve().await?,
    }
    Ok(())
@ -160,5 +152,5 @@ async fn main() -> Result<()> {
 #[cfg(not(any(target_os = "linux", target_vendor = "apple")))]
 pub fn main() {
-    eprintln!("This platform is not supported")
+    eprintln!("This platform is not supported currently.")
 }
--- a/tun/Cargo.toml
+++ b/tun/Cargo.toml
@ -8,7 +8,7 @@ libc = "0.2"
 fehler = "1.0"
 nix = { version = "0.26", features = ["ioctl"] }
 socket2 = "0.5"
-tokio = { version = "1.37", default-features = false, optional = true }
+tokio = { version = "1.28", features = [] }
 byteorder = "1.4"
 tracing = "0.1"
 log = "0.4"
@ -19,7 +19,10 @@ futures = { version = "0.3.28", optional = true }
 [features]
 serde = ["dep:serde", "dep:schemars"]
-tokio = ["tokio/net", "dep:tokio", "dep:futures"]
+tokio = ["tokio/net", "dep:futures"]
 [target.'cfg(feature = "tokio")'.dev-dependencies]
 tokio = { features = ["rt", "macros"] }
 [target.'cfg(windows)'.dependencies]
 lazy_static = "1.4"
@ -34,7 +37,7 @@ windows = { version = "0.48", features = [
 [target.'cfg(windows)'.build-dependencies]
 anyhow = "1.0"
 bindgen = "0.65"
-reqwest = { version = "0.11" }
+reqwest = { version = "0.11", features = ["native-tls"] }
 ssri = { version = "9.0", default-features = false }
 tokio = { version = "1.28", features = ["rt", "macros"] }
 zip = { version = "0.6", features = ["deflate"] }