diff --git a/server/src/cli.rs b/server/src/cli.rs index 0725e64..8b160d5 100644 --- a/server/src/cli.rs +++ b/server/src/cli.rs @@ -18,6 +18,8 @@ pub struct Cli { pub pkg_dir: PathBuf, /// Directory where repository metadata & SQLite database is stored pub data_dir: PathBuf, + /// API key to authenticate private routes with + pub api_key: String, /// Database connection URL; either sqlite:// or postgres://. Defaults to rieter.sqlite in the /// data directory @@ -72,6 +74,7 @@ impl Cli { data_dir: self.data_dir.clone(), repo_dir: self.data_dir.join("repos"), pkg_dir: self.pkg_dir.clone(), + api_key: self.api_key.clone(), }; let repo_manager = RepoGroupManager::new(&config.repo_dir, &self.pkg_dir); @@ -84,7 +87,7 @@ impl Cli { // build our application with a single route let app = Router::new() .nest("/api", crate::api::router()) - .merge(crate::repo::router()) + .merge(crate::repo::router(&self.api_key)) .with_state(global) .layer(TraceLayer::new_for_http()); diff --git a/server/src/main.rs b/server/src/main.rs index e3dbf36..c2b0eaf 100644 --- a/server/src/main.rs +++ b/server/src/main.rs @@ -16,6 +16,7 @@ pub struct Config { data_dir: PathBuf, repo_dir: PathBuf, pkg_dir: PathBuf, + api_key: String, } #[derive(Clone)] diff --git a/server/src/repo/mod.rs b/server/src/repo/mod.rs index ad99740..2bad3d5 100644 --- a/server/src/repo/mod.rs +++ b/server/src/repo/mod.rs @@ -20,24 +20,24 @@ use tower_http::services::{ServeDir, ServeFile}; use tower_http::validate_request::ValidateRequestHeaderLayer; use uuid::Uuid; -pub fn router() -> Router { +pub fn router(api_key: &str) -> Router { Router::new() .route( "/:repo", post(post_package_archive) .delete(delete_repo) - .route_layer(ValidateRequestHeaderLayer::bearer("test")), + .route_layer(ValidateRequestHeaderLayer::bearer(api_key)), ) .route( "/:repo/:arch", - delete(delete_arch_repo).route_layer(ValidateRequestHeaderLayer::bearer("test")), + delete(delete_arch_repo).route_layer(ValidateRequestHeaderLayer::bearer(api_key)), ) // Routes added after the layer do not get that layer applied, so the GET requests will not // be authorized .route( "/:repo/:arch/:filename", delete(delete_package) - .route_layer(ValidateRequestHeaderLayer::bearer("test")) + .route_layer(ValidateRequestHeaderLayer::bearer(api_key)) .get(get_file), ) } @@ -167,10 +167,11 @@ async fn delete_repo( let repo_clone = repo.clone(); let repo_removed = - tokio::task::spawn_blocking(move || clone.write().unwrap().remove_repo(&repo_clone)).await??; + tokio::task::spawn_blocking(move || clone.write().unwrap().remove_repo(&repo_clone)) + .await??; if repo_removed { - tracing::info!("Removed repo '{}'", repo); + tracing::info!("Removed repository '{}'", repo); Ok(StatusCode::OK) } else { @@ -184,7 +185,7 @@ async fn delete_arch_repo( ) -> crate::Result { let clone = Arc::clone(&global.repo_manager); - let log = format!("Removed architecture '{}' from repo '{}'", arch, repo); + let log = format!("Removed architecture '{}' from repository '{}'", arch, repo); let repo_removed = tokio::task::spawn_blocking(move || clone.write().unwrap().remove_repo_arch(&repo, &arch)) .await??;