feat(server): configurable api key
parent
33c8477b09
commit
fd1c2d3647
GPG Key ID:
B75D4F293C7052DB
|
|
@ -18,6 +18,8 @@ pub struct Cli {
|
||||||
pub pkg_dir: PathBuf,
|
pub pkg_dir: PathBuf,
|
||||||
/// Directory where repository metadata & SQLite database is stored
|
/// Directory where repository metadata & SQLite database is stored
|
||||||
pub data_dir: PathBuf,
|
pub data_dir: PathBuf,
|
||||||
|
/// API key to authenticate private routes with
|
||||||
|
pub api_key: String,
|
||||||
|
|
||||||
/// Database connection URL; either sqlite:// or postgres://. Defaults to rieter.sqlite in the
|
/// Database connection URL; either sqlite:// or postgres://. Defaults to rieter.sqlite in the
|
||||||
/// data directory
|
/// data directory
|
||||||
|
|
@ -72,6 +74,7 @@ impl Cli {
|
||||||
data_dir: self.data_dir.clone(),
|
data_dir: self.data_dir.clone(),
|
||||||
repo_dir: self.data_dir.join("repos"),
|
repo_dir: self.data_dir.join("repos"),
|
||||||
pkg_dir: self.pkg_dir.clone(),
|
pkg_dir: self.pkg_dir.clone(),
|
||||||
|
api_key: self.api_key.clone(),
|
||||||
};
|
};
|
||||||
let repo_manager = RepoGroupManager::new(&config.repo_dir, &self.pkg_dir);
|
let repo_manager = RepoGroupManager::new(&config.repo_dir, &self.pkg_dir);
|
||||||
|
|
||||||
|
|
@ -84,7 +87,7 @@ impl Cli {
|
||||||
// build our application with a single route
|
// build our application with a single route
|
||||||
let app = Router::new()
|
let app = Router::new()
|
||||||
.nest("/api", crate::api::router())
|
.nest("/api", crate::api::router())
|
||||||
.merge(crate::repo::router())
|
.merge(crate::repo::router(&self.api_key))
|
||||||
.with_state(global)
|
.with_state(global)
|
||||||
.layer(TraceLayer::new_for_http());
|
.layer(TraceLayer::new_for_http());
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -16,6 +16,7 @@ pub struct Config {
|
||||||
data_dir: PathBuf,
|
data_dir: PathBuf,
|
||||||
repo_dir: PathBuf,
|
repo_dir: PathBuf,
|
||||||
pkg_dir: PathBuf,
|
pkg_dir: PathBuf,
|
||||||
|
api_key: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Clone)]
|
#[derive(Clone)]
|
||||||
|
|
|
||||||
|
|
@ -20,24 +20,24 @@ use tower_http::services::{ServeDir, ServeFile};
|
||||||
use tower_http::validate_request::ValidateRequestHeaderLayer;
|
use tower_http::validate_request::ValidateRequestHeaderLayer;
|
||||||
use uuid::Uuid;
|
use uuid::Uuid;
|
||||||
|
|
||||||
pub fn router() -> Router<crate::Global> {
|
pub fn router(api_key: &str) -> Router<crate::Global> {
|
||||||
Router::new()
|
Router::new()
|
||||||
.route(
|
.route(
|
||||||
"/:repo",
|
"/:repo",
|
||||||
post(post_package_archive)
|
post(post_package_archive)
|
||||||
.delete(delete_repo)
|
.delete(delete_repo)
|
||||||
.route_layer(ValidateRequestHeaderLayer::bearer("test")),
|
.route_layer(ValidateRequestHeaderLayer::bearer(api_key)),
|
||||||
)
|
)
|
||||||
.route(
|
.route(
|
||||||
"/:repo/:arch",
|
"/:repo/:arch",
|
||||||
delete(delete_arch_repo).route_layer(ValidateRequestHeaderLayer::bearer("test")),
|
delete(delete_arch_repo).route_layer(ValidateRequestHeaderLayer::bearer(api_key)),
|
||||||
)
|
)
|
||||||
// Routes added after the layer do not get that layer applied, so the GET requests will not
|
// Routes added after the layer do not get that layer applied, so the GET requests will not
|
||||||
// be authorized
|
// be authorized
|
||||||
.route(
|
.route(
|
||||||
"/:repo/:arch/:filename",
|
"/:repo/:arch/:filename",
|
||||||
delete(delete_package)
|
delete(delete_package)
|
||||||
.route_layer(ValidateRequestHeaderLayer::bearer("test"))
|
.route_layer(ValidateRequestHeaderLayer::bearer(api_key))
|
||||||
.get(get_file),
|
.get(get_file),
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
@ -167,10 +167,11 @@ async fn delete_repo(
|
||||||
|
|
||||||
let repo_clone = repo.clone();
|
let repo_clone = repo.clone();
|
||||||
let repo_removed =
|
let repo_removed =
|
||||||
tokio::task::spawn_blocking(move || clone.write().unwrap().remove_repo(&repo_clone)).await??;
|
tokio::task::spawn_blocking(move || clone.write().unwrap().remove_repo(&repo_clone))
|
||||||
|
.await??;
|
||||||
|
|
||||||
if repo_removed {
|
if repo_removed {
|
||||||
tracing::info!("Removed repo '{}'", repo);
|
tracing::info!("Removed repository '{}'", repo);
|
||||||
|
|
||||||
Ok(StatusCode::OK)
|
Ok(StatusCode::OK)
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -184,7 +185,7 @@ async fn delete_arch_repo(
|
||||||
) -> crate::Result<StatusCode> {
|
) -> crate::Result<StatusCode> {
|
||||||
let clone = Arc::clone(&global.repo_manager);
|
let clone = Arc::clone(&global.repo_manager);
|
||||||
|
|
||||||
let log = format!("Removed architecture '{}' from repo '{}'", arch, repo);
|
let log = format!("Removed architecture '{}' from repository '{}'", arch, repo);
|
||||||
let repo_removed =
|
let repo_removed =
|
||||||
tokio::task::spawn_blocking(move || clone.write().unwrap().remove_repo_arch(&repo, &arch))
|
tokio::task::spawn_blocking(move || clone.write().unwrap().remove_repo_arch(&repo, &arch))
|
||||||
.await??;
|
.await??;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue