Use ref-cast for DisplaySafeUrl (#13696)

By default, Rust does not support safe cast from `&U` to `&T` for
`#[repr(transparent)] T(U)` even if the newtype opts in. The dtolnay
ref-cast crate fills this gap, allowing to remove `DisplaySafeUrlRef`.

Author: konstin

Cargo.lock

@@ -138,6 +138,7 @@ procfs = { version = "0.17.0", default-features = false, features = ["flate2"] }
 pubgrub = { git = "https://github.com/astral-sh/pubgrub", rev = "06ec5a5f59ffaeb6cf5079c6cb184467da06c9db" }
 quote = { version = "1.0.37" }
 rayon = { version = "1.10.0" }
+ref-cast = { version = "1.0.24" }
 reflink-copy = { version = "0.1.19" }
 regex = { version = "1.10.6" }
 regex-automata = { version = "0.4.8", default-features = false, features = ["dfa-build", "dfa-search", "perf", "std", "syntax"] }

Cargo.toml

@@ -4,7 +4,6 @@ use base64::write::EncoderWriter;
 use std::borrow::Cow;
 use std::fmt;
 use uv_redacted::DisplaySafeUrl;
-use uv_redacted::DisplaySafeUrlRef;
 
 use netrc::Netrc;
 use reqwest::Request;
@@ -145,7 +144,7 @@ impl Credentials {
     /// If a username is provided, it must match the login in the netrc file or [`None`] is returned.
     pub(crate) fn from_netrc(
         netrc: &Netrc,
-        url: DisplaySafeUrlRef<'_>,
+        url: &DisplaySafeUrl,
         username: Option<&str>,
     ) -> Option<Self> {
         let host = url.host_str()?;

crates/uv-auth/src/credentials.rs

@@ -1,7 +1,7 @@
 use std::{io::Write, process::Stdio};
 use tokio::process::Command;
 use tracing::{instrument, trace, warn};
-use uv_redacted::DisplaySafeUrlRef;
+use uv_redacted::DisplaySafeUrl;
 use uv_warnings::warn_user_once;
 
 use crate::credentials::Credentials;
@@ -36,11 +36,7 @@ impl KeyringProvider {
     /// Returns [`None`] if no password was found for the username or if any errors
     /// are encountered in the keyring backend.
     #[instrument(skip_all, fields(url = % url.to_string(), username))]
-    pub async fn fetch(
-        &self,
-        url: DisplaySafeUrlRef<'_>,
-        username: Option<&str>,
-    ) -> Option<Credentials> {
+    pub async fn fetch(&self, url: &DisplaySafeUrl, username: Option<&str>) -> Option<Credentials> {
         // Validate the request
         debug_assert!(
             url.host_str().is_some(),
@@ -229,7 +225,7 @@ mod tests {
         let keyring = KeyringProvider::empty();
         // Panics due to debug assertion; returns `None` in production
         let result = std::panic::AssertUnwindSafe(
-            keyring.fetch(DisplaySafeUrlRef::from(&url), Some("user")),
+            keyring.fetch(DisplaySafeUrl::ref_cast(&url), Some("user")),
         )
         .catch_unwind()
         .await;
@@ -242,7 +238,7 @@ mod tests {
         let keyring = KeyringProvider::empty();
         // Panics due to debug assertion; returns `None` in production
         let result = std::panic::AssertUnwindSafe(
-            keyring.fetch(DisplaySafeUrlRef::from(&url), Some(url.username())),
+            keyring.fetch(DisplaySafeUrl::ref_cast(&url), Some(url.username())),
         )
         .catch_unwind()
         .await;
@@ -255,7 +251,7 @@ mod tests {
         let keyring = KeyringProvider::empty();
         // Panics due to debug assertion; returns `None` in production
         let result = std::panic::AssertUnwindSafe(
-            keyring.fetch(DisplaySafeUrlRef::from(&url), Some(url.username())),
+            keyring.fetch(DisplaySafeUrl::ref_cast(&url), Some(url.username())),
         )
         .catch_unwind()
         .await;
@@ -265,7 +261,7 @@ mod tests {
     #[tokio::test]
     async fn fetch_url_no_auth() {
         let url = Url::parse("https://example.com").unwrap();
-        let url = DisplaySafeUrlRef::from(&url);
+        let url = DisplaySafeUrl::ref_cast(&url);
         let keyring = KeyringProvider::empty();
         let credentials = keyring.fetch(url, Some("user"));
         assert!(credentials.await.is_none());
@@ -277,7 +273,7 @@ mod tests {
         let keyring = KeyringProvider::dummy([(url.host_str().unwrap(), "user", "password")]);
         assert_eq!(
             keyring
-                .fetch(DisplaySafeUrlRef::from(&url), Some("user"))
+                .fetch(DisplaySafeUrl::ref_cast(&url), Some("user"))
                 .await,
             Some(Credentials::basic(
                 Some("user".to_string()),
@@ -287,7 +283,7 @@ mod tests {
         assert_eq!(
             keyring
                 .fetch(
-                    DisplaySafeUrlRef::from(&url.join("test").unwrap()),
+                    DisplaySafeUrl::ref_cast(&url.join("test").unwrap()),
                     Some("user")
                 )
                 .await,
@@ -303,7 +299,7 @@ mod tests {
         let url = Url::parse("https://example.com").unwrap();
         let keyring = KeyringProvider::dummy([("other.com", "user", "password")]);
         let credentials = keyring
-            .fetch(DisplaySafeUrlRef::from(&url), Some("user"))
+            .fetch(DisplaySafeUrl::ref_cast(&url), Some("user"))
             .await;
         assert_eq!(credentials, None);
     }
@@ -318,7 +314,7 @@ mod tests {
         assert_eq!(
             keyring
                 .fetch(
-                    DisplaySafeUrlRef::from(&url.join("foo").unwrap()),
+                    DisplaySafeUrl::ref_cast(&url.join("foo").unwrap()),
                     Some("user")
                 )
                 .await,
@@ -329,7 +325,7 @@ mod tests {
         );
         assert_eq!(
             keyring
-                .fetch(DisplaySafeUrlRef::from(&url), Some("user"))
+                .fetch(DisplaySafeUrl::ref_cast(&url), Some("user"))
                 .await,
             Some(Credentials::basic(
                 Some("user".to_string()),
@@ -339,7 +335,7 @@ mod tests {
         assert_eq!(
             keyring
                 .fetch(
-                    DisplaySafeUrlRef::from(&url.join("bar").unwrap()),
+                    DisplaySafeUrl::ref_cast(&url.join("bar").unwrap()),
                     Some("user")
                 )
                 .await,
@@ -355,7 +351,7 @@ mod tests {
         let url = Url::parse("https://example.com").unwrap();
         let keyring = KeyringProvider::dummy([(url.host_str().unwrap(), "user", "password")]);
         let credentials = keyring
-            .fetch(DisplaySafeUrlRef::from(&url), Some("user"))
+            .fetch(DisplaySafeUrl::ref_cast(&url), Some("user"))
             .await;
         assert_eq!(
             credentials,
@@ -370,7 +366,7 @@ mod tests {
     async fn fetch_url_no_username() {
         let url = Url::parse("https://example.com").unwrap();
         let keyring = KeyringProvider::dummy([(url.host_str().unwrap(), "user", "password")]);
-        let credentials = keyring.fetch(DisplaySafeUrlRef::from(&url), None).await;
+        let credentials = keyring.fetch(DisplaySafeUrl::ref_cast(&url), None).await;
         assert_eq!(
             credentials,
             Some(Credentials::basic(
@@ -385,14 +381,14 @@ mod tests {
         let url = Url::parse("https://example.com").unwrap();
         let keyring = KeyringProvider::dummy([(url.host_str().unwrap(), "foo", "password")]);
         let credentials = keyring
-            .fetch(DisplaySafeUrlRef::from(&url), Some("bar"))
+            .fetch(DisplaySafeUrl::ref_cast(&url), Some("bar"))
             .await;
         assert_eq!(credentials, None);
 
         // Still fails if we have `foo` in the URL itself
         let url = Url::parse("https://[email protected]").unwrap();
         let credentials = keyring
-            .fetch(DisplaySafeUrlRef::from(&url), Some("bar"))
+            .fetch(DisplaySafeUrl::ref_cast(&url), Some("bar"))
             .await;
         assert_eq!(credentials, None);
     }

crates/uv-auth/src/keyring.rs

@@ -1,7 +1,11 @@
 use std::sync::{Arc, LazyLock};
 
+use anyhow::{anyhow, format_err};
 use http::{Extensions, StatusCode};
-use uv_redacted::{DisplaySafeUrl, DisplaySafeUrlRef};
+use netrc::Netrc;
+use reqwest::{Request, Response};
+use reqwest_middleware::{Error, Middleware, Next};
+use tracing::{debug, trace, warn};
 
 use crate::{
     CREDENTIALS_CACHE, CredentialsCache, KeyringProvider,
@@ -10,11 +14,7 @@ use crate::{
     index::{AuthPolicy, Indexes},
     realm::Realm,
 };
-use anyhow::{anyhow, format_err};
-use netrc::Netrc;
-use reqwest::{Request, Response};
-use reqwest_middleware::{Error, Middleware, Next};
-use tracing::{debug, trace, warn};
+use uv_redacted::DisplaySafeUrl;
 
 /// Strategy for loading netrc files.
 enum NetrcMode {
@@ -274,7 +274,7 @@ impl Middleware for AuthMiddleware {
             trace!("Checking for credentials for {url}");
             (request, None)
         };
-        let retry_request_url = DisplaySafeUrlRef::from(retry_request.url());
+        let retry_request_url = DisplaySafeUrl::ref_cast(retry_request.url());
 
         let username = credentials
             .as_ref()
@@ -283,13 +283,13 @@ impl Middleware for AuthMiddleware {
         let credentials = if let Some(index_url) = maybe_index_url {
             self.cache().get_url(index_url, &username).or_else(|| {
                 self.cache()
-                    .get_realm(Realm::from(&*retry_request_url), username)
+                    .get_realm(Realm::from(&**retry_request_url), username)
             })
         } else {
             // Since there is no known index for this URL, check if there are credentials in
             // the realm-level cache.
             self.cache()
-                .get_realm(Realm::from(&*retry_request_url), username)
+                .get_realm(Realm::from(&**retry_request_url), username)
         }
         .or(credentials);
 
@@ -433,7 +433,7 @@ impl AuthMiddleware {
         } else if let Some(credentials) = self
             .fetch_credentials(
                 Some(&credentials),
-                DisplaySafeUrlRef::from(request.url()),
+                DisplaySafeUrl::ref_cast(request.url()),
                 index_url,
                 auth_policy,
             )
@@ -468,7 +468,7 @@ impl AuthMiddleware {
     async fn fetch_credentials(
         &self,
         credentials: Option<&Credentials>,
-        url: DisplaySafeUrlRef<'_>,
+        url: &DisplaySafeUrl,
         maybe_index_url: Option<&DisplaySafeUrl>,
         auth_policy: AuthPolicy,
     ) -> Option<Arc<Credentials>> {
@@ -481,7 +481,7 @@ impl AuthMiddleware {
         let key = if let Some(index_url) = maybe_index_url {
             (FetchUrl::Index(index_url.clone()), username)
         } else {
-            (FetchUrl::Realm(Realm::from(&*url)), username)
+            (FetchUrl::Realm(Realm::from(&**url)), username)
         };
         if !self.cache().fetches.register(key.clone()) {
             let credentials = self
@@ -529,7 +529,7 @@ impl AuthMiddleware {
                 if let Some(username) = credentials.and_then(|credentials| credentials.username()) {
                     if let Some(index_url) = maybe_index_url {
                         debug!("Checking keyring for credentials for index URL {}@{}", username, index_url);
-                        keyring.fetch(DisplaySafeUrlRef::from(index_url), Some(username)).await
+                        keyring.fetch(DisplaySafeUrl::ref_cast(index_url), Some(username)).await
                     } else {
                         debug!("Checking keyring for credentials for full URL {}@{}", username, url);
                         keyring.fetch(url, Some(username)).await
@@ -539,7 +539,7 @@ impl AuthMiddleware {
                         debug!(
                             "Checking keyring for credentials for index URL {index_url} without username due to `authenticate = always`"
                         );
-                        keyring.fetch(DisplaySafeUrlRef::from(index_url), None).await
+                        keyring.fetch(DisplaySafeUrl::ref_cast(index_url), None).await
                     } else {
                         None
                     }

crates/uv-auth/src/middleware.rs

@@ -16,6 +16,7 @@ doctest = false
 workspace = true
 
 [dependencies]
+ref-cast = { workspace = true }
 schemars = { workspace = true, optional = true }
 serde = { workspace = true }
 url = { workspace = true }