feat(server): configurable api key

2023-08-03 11:08:38 +02:00 · 2023-08-03 11:08:38 +02:00 · fd1c2d3647
parent 33c8477b09
commit fd1c2d3647
3 changed files with 13 additions and 8 deletions
--- a/server/src/cli.rs
+++ b/server/src/cli.rs
@ -18,6 +18,8 @@ pub struct Cli {
    pub pkg_dir: PathBuf,
    /// Directory where repository metadata & SQLite database is stored
    pub data_dir: PathBuf,
+    /// API key to authenticate private routes with
+    pub api_key: String,

    /// Database connection URL; either sqlite:// or postgres://. Defaults to rieter.sqlite in the
    /// data directory
@ -72,6 +74,7 @@ impl Cli {
            data_dir: self.data_dir.clone(),
            repo_dir: self.data_dir.join("repos"),
            pkg_dir: self.pkg_dir.clone(),
+            api_key: self.api_key.clone(),
        };
        let repo_manager = RepoGroupManager::new(&config.repo_dir, &self.pkg_dir);

@ -84,7 +87,7 @@ impl Cli {
        // build our application with a single route
        let app = Router::new()
            .nest("/api", crate::api::router())
-            .merge(crate::repo::router())
+            .merge(crate::repo::router(&self.api_key))
            .with_state(global)
            .layer(TraceLayer::new_for_http());

--- a/server/src/main.rs
+++ b/server/src/main.rs
@ -16,6 +16,7 @@ pub struct Config {
    data_dir: PathBuf,
    repo_dir: PathBuf,
    pkg_dir: PathBuf,
+    api_key: String,
 }

 #[derive(Clone)]
--- a/server/src/repo/mod.rs
+++ b/server/src/repo/mod.rs
@ -20,24 +20,24 @@ use tower_http::services::{ServeDir, ServeFile};
 use tower_http::validate_request::ValidateRequestHeaderLayer;
 use uuid::Uuid;

-pub fn router() -> Router<crate::Global> {
+pub fn router(api_key: &str) -> Router<crate::Global> {
    Router::new()
        .route(
            "/:repo",
            post(post_package_archive)
                .delete(delete_repo)
-                .route_layer(ValidateRequestHeaderLayer::bearer("test")),
+                .route_layer(ValidateRequestHeaderLayer::bearer(api_key)),
        )
        .route(
            "/:repo/:arch",
-            delete(delete_arch_repo).route_layer(ValidateRequestHeaderLayer::bearer("test")),
+            delete(delete_arch_repo).route_layer(ValidateRequestHeaderLayer::bearer(api_key)),
        )
        // Routes added after the layer do not get that layer applied, so the GET requests will not
        // be authorized
        .route(
            "/:repo/:arch/:filename",
            delete(delete_package)
-                .route_layer(ValidateRequestHeaderLayer::bearer("test"))
+                .route_layer(ValidateRequestHeaderLayer::bearer(api_key))
                .get(get_file),
        )
 }
@ -167,10 +167,11 @@ async fn delete_repo(

    let repo_clone = repo.clone();
    let repo_removed =
-        tokio::task::spawn_blocking(move || clone.write().unwrap().remove_repo(&repo_clone)).await??;
+        tokio::task::spawn_blocking(move || clone.write().unwrap().remove_repo(&repo_clone))
+            .await??;

    if repo_removed {
-        tracing::info!("Removed repo '{}'", repo);
+        tracing::info!("Removed repository '{}'", repo);

        Ok(StatusCode::OK)
    } else {
@ -184,7 +185,7 @@ async fn delete_arch_repo(
 ) -> crate::Result<StatusCode> {
    let clone = Arc::clone(&global.repo_manager);

-    let log = format!("Removed architecture '{}' from repo '{}'", arch, repo);
+    let log = format!("Removed architecture '{}' from repository '{}'", arch, repo);
    let repo_removed =
        tokio::task::spawn_blocking(move || clone.write().unwrap().remove_repo_arch(&repo, &arch))
            .await??;