reactor
/
ptth
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: reactor:228a9b4262cbc5a07492040a4cf20fd4c77ba9a8
Branches Tags
reactor:main
..
compare: reactor:49c1a2fbd734316b7b729d4e14d52de4609efec7
Branches Tags
reactor:main

No commits in common. "228a9b4262cbc5a07492040a4cf20fd4c77ba9a8" and "49c1a2fbd734316b7b729d4e14d52de4609efec7" have entirely different histories.
228a9b4262 ... 49c1a2fbd7

6 changed files with 77 additions and 70 deletions
Show Stats Expand all files Collapse all files

6
crates/ptth_relay/src/config.rs
View File

@ -15,6 +15,7 @@ use crate::{
errors::ConfigError, errors::ConfigError,
key_validity::{ key_validity::{
ScraperKey, ScraperKey,
Valid30Days,
}, },
}; };
@ -98,6 +99,7 @@ pub mod file {
use crate::key_validity::{ use crate::key_validity::{
BlakeHashWrapper, BlakeHashWrapper,
ScraperKey, ScraperKey,
Valid30Days,
}; };
#[derive (Clone, Debug, Deserialize, Serialize)] #[derive (Clone, Debug, Deserialize, Serialize)]
@ -140,7 +142,7 @@ pub mod file {
pub servers: Option <Vec <Server>>, pub servers: Option <Vec <Server>>,
// Adding a DB will take a while, so I'm moving these out of dev mode. // Adding a DB will take a while, so I'm moving these out of dev mode.
pub scraper_keys: Option <Vec <ScraperKey>>, pub scraper_keys: Option <Vec <ScraperKey <Valid30Days>>>,
pub news_url: Option <String>, pub news_url: Option <String>,
} }
@ -154,7 +156,7 @@ pub struct Config {
pub address: IpAddr, pub address: IpAddr,
pub port: Option <u16>, pub port: Option <u16>,
pub servers: HashMap <String, file::Server>, pub servers: HashMap <String, file::Server>,
pub scraper_keys: HashMap <String, ScraperKey>, pub scraper_keys: HashMap <String, ScraperKey <Valid30Days>>,
pub news_url: Option <String>, pub news_url: Option <String>,
} }

75
crates/ptth_relay/src/key_validity.rs
View File

@ -78,17 +78,36 @@ impl Serialize for BlakeHashWrapper {
} }
} }
pub struct Valid7Days;
pub struct Valid30Days;
//pub struct Valid90Days;
pub trait MaxValidDuration { pub trait MaxValidDuration {
fn dur () -> Duration; fn dur () -> Duration;
} }
impl MaxValidDuration for Valid7Days {
fn dur () -> Duration {
Duration::days (7)
}
}
impl MaxValidDuration for Valid30Days {
fn dur () -> Duration {
Duration::days (30)
}
}
#[derive (Deserialize)] #[derive (Deserialize)]
pub struct ScraperKey { pub struct ScraperKey <V: MaxValidDuration> {
pub name: String, name: String,
not_before: DateTime <Utc>, not_before: DateTime <Utc>,
not_after: DateTime <Utc>, not_after: DateTime <Utc>,
pub hash: BlakeHashWrapper, pub hash: BlakeHashWrapper,
#[serde (default)]
_phantom: std::marker::PhantomData <V>,
} }
#[derive (Copy, Clone, Debug, PartialEq)] #[derive (Copy, Clone, Debug, PartialEq)]
@ -102,20 +121,21 @@ pub enum KeyValidity {
DurationNegative, DurationNegative,
} }
impl ScraperKey { impl <V: MaxValidDuration> ScraperKey <V> {
pub fn new_30_day <S: Into <String>> (name: S, input: &[u8]) -> Self { pub fn new_30_day <S: Into <String>> (name: S, input: &[u8]) -> Self {
let now = Utc::now (); let now = Utc::now ();
Self { Self {
name: name.into (), name: name.into (),
not_before: now, not_before: now,
not_after: now + Duration::days (30), not_after: now + V::dur (),
hash: BlakeHashWrapper::from_key (input), hash: BlakeHashWrapper::from_key (input),
_phantom: Default::default (),
} }
} }
} }
impl ScraperKey { impl <V: MaxValidDuration> ScraperKey <V> {
#[must_use] #[must_use]
pub fn is_valid (&self, now: DateTime <Utc>, input: &[u8]) -> KeyValidity { pub fn is_valid (&self, now: DateTime <Utc>, input: &[u8]) -> KeyValidity {
use KeyValidity::*; use KeyValidity::*;
@ -132,6 +152,13 @@ impl ScraperKey {
return DurationNegative; return DurationNegative;
} }
let max_dur = V::dur ();
let actual_dur = self.not_after - self.not_before;
if actual_dur > max_dur {
return DurationTooLong (max_dur);
}
if now >= self.not_after { if now >= self.not_after {
return Expired; return Expired;
} }
@ -169,11 +196,12 @@ mod tests {
fn duration_negative () { fn duration_negative () {
let zero_time = Utc::now (); let zero_time = Utc::now ();
let key = ScraperKey { let key = ScraperKey::<Valid30Days> {
name: "automated testing".to_string (), name: "automated testing".to_string (),
not_before: zero_time + Duration::days (1 + 2), not_before: zero_time + Duration::days (1 + 2),
not_after: zero_time + Duration::days (1), not_after: zero_time + Duration::days (1),
hash: BlakeHashWrapper::from_key ("bad_password".as_bytes ()), hash: BlakeHashWrapper::from_key ("bad_password".as_bytes ()),
_phantom: Default::default (),
}; };
let err = DurationNegative; let err = DurationNegative;
@ -187,22 +215,46 @@ mod tests {
} }
} }
#[test]
fn key_valid_too_long () {
let zero_time = Utc::now ();
let key = ScraperKey::<Valid30Days> {
name: "automated testing".to_string (),
not_before: zero_time + Duration::days (1),
not_after: zero_time + Duration::days (1 + 31),
hash: BlakeHashWrapper::from_key ("bad_password".as_bytes ()),
_phantom: Default::default (),
};
let err = DurationTooLong (Duration::days (30));
for (input, expected) in &[
(zero_time + Duration::days (0), err),
(zero_time + Duration::days (2), err),
(zero_time + Duration::days (100), err),
] {
assert_eq! (key.is_valid (*input, "bad_password".as_bytes ()), *expected);
}
}
#[test] #[test]
fn normal_key () { fn normal_key () {
let zero_time = Utc::now (); let zero_time = Utc::now ();
let key = ScraperKey { let key = ScraperKey::<Valid30Days> {
name: "automated testing".to_string (), name: "automated testing".to_string (),
not_before: zero_time + Duration::days (1), not_before: zero_time + Duration::days (1),
not_after: zero_time + Duration::days (1 + 60), not_after: zero_time + Duration::days (1 + 30),
hash: BlakeHashWrapper::from_key ("bad_password".as_bytes ()), hash: BlakeHashWrapper::from_key ("bad_password".as_bytes ()),
_phantom: Default::default (),
}; };
for (input, expected) in &[ for (input, expected) in &[
(zero_time + Duration::days (0), ClockIsBehind), (zero_time + Duration::days (0), ClockIsBehind),
(zero_time + Duration::days (2), Valid), (zero_time + Duration::days (2), Valid),
(zero_time + Duration::days (60 - 1), Valid), (zero_time + Duration::days (29), Valid),
(zero_time + Duration::days (60 + 1), Expired), (zero_time + Duration::days (1 + 30), Expired),
(zero_time + Duration::days (100), Expired), (zero_time + Duration::days (100), Expired),
] { ] {
assert_eq! (key.is_valid (*input, "bad_password".as_bytes ()), *expected); assert_eq! (key.is_valid (*input, "bad_password".as_bytes ()), *expected);
@ -213,11 +265,12 @@ mod tests {
fn wrong_key () { fn wrong_key () {
let zero_time = Utc::now (); let zero_time = Utc::now ();
let key = ScraperKey { let key = ScraperKey::<Valid30Days> {
name: "automated testing".to_string (), name: "automated testing".to_string (),
not_before: zero_time + Duration::days (1), not_before: zero_time + Duration::days (1),
not_after: zero_time + Duration::days (1 + 30), not_after: zero_time + Duration::days (1 + 30),
hash: BlakeHashWrapper::from_key ("bad_password".as_bytes ()), hash: BlakeHashWrapper::from_key ("bad_password".as_bytes ()),
_phantom: Default::default (),
}; };
for input in &[ for input in &[

14
crates/ptth_relay/src/lib.rs
View File

@ -127,6 +127,8 @@ async fn handle_http_request (
return Err (UnknownServer); return Err (UnknownServer);
} }
let user = get_user_name (&req);
let req = http_serde::RequestParts::from_hyper (req.method, uri.clone (), req.headers) let req = http_serde::RequestParts::from_hyper (req.method, uri.clone (), req.headers)
.map_err (|_| BadRequest)?; .map_err (|_| BadRequest)?;
@ -134,6 +136,11 @@ async fn handle_http_request (
let req_id = rusty_ulid::generate_ulid_string (); let req_id = rusty_ulid::generate_ulid_string ();
state.audit_log.push (AuditEvent::new (AuditData::WebClientGet {
user,
server_name: server_name.to_string (),
uri,
})).await;
trace! ("Created request {}", req_id); trace! ("Created request {}", req_id);
{ {
@ -603,13 +610,6 @@ async fn handle_all (
} => { } => {
let (parts, _) = req.into_parts (); let (parts, _) = req.into_parts ();
let user = get_user_name (&parts);
state.audit_log.push (AuditEvent::new (AuditData::WebClientGet {
user,
server_name: listen_code.to_string (),
uri: path.to_string (),
})).await;
handle_http_request (parts, path.to_string (), &state, listen_code).await? handle_http_request (parts, path.to_string (), &state, listen_code).await?
}, },
ClientServerList => handle_server_list (state, handlebars).await?, ClientServerList => handle_server_list (state, handlebars).await?,

6
crates/ptth_relay/src/relay_state.rs
View File

@ -121,10 +121,6 @@ pub enum AuditData {
server: crate::config::file::Server, server: crate::config::file::Server,
}, },
RelayStart, RelayStart,
ScraperGet {
key_name: String,
path: String,
},
WebClientGet { WebClientGet {
user: Option <String>, user: Option <String>,
server_name: String, server_name: String,
@ -316,7 +312,7 @@ impl Builder {
self self
} }
pub fn scraper_key (mut self, key: crate::key_validity::ScraperKey) pub fn scraper_key (mut self, key: crate::key_validity::ScraperKey <crate::key_validity::Valid30Days>)
-> Self -> Self
{ {
self.config.scraper_keys.insert (key.hash.encode_base64 (), key); self.config.scraper_keys.insert (key.hash.encode_base64 (), key);

15
crates/ptth_relay/src/scraper_api.rs
View File

@ -127,11 +127,6 @@ async fn api_v1 (
) )
-> Result <Response <Body>, RequestError> -> Result <Response <Body>, RequestError>
{ {
use crate::{
AuditData,
AuditEvent,
};
let api_key = req.headers ().get ("X-ApiKey"); let api_key = req.headers ().get ("X-ApiKey");
let api_key = match api_key { let api_key = match api_key {
@ -143,8 +138,6 @@ async fn api_v1 (
let bad_key = || error_reply (StatusCode::FORBIDDEN, strings::FORBIDDEN); let bad_key = || error_reply (StatusCode::FORBIDDEN, strings::FORBIDDEN);
let key_name;
{ {
let config = state.config.read ().await; let config = state.config.read ().await;
@ -167,15 +160,8 @@ async fn api_v1 (
return Ok (bad_key ()?); return Ok (bad_key ()?);
}, },
} }
key_name = expected_key.name.to_string ();
} }
state.audit_log.push (AuditEvent::new (AuditData::ScraperGet {
key_name,
path: path_rest.to_string (),
})).await;
if path_rest == "test" { if path_rest == "test" {
Ok (error_reply (StatusCode::OK, "You're valid!")?) Ok (error_reply (StatusCode::OK, "You're valid!")?)
} }
@ -238,6 +224,7 @@ mod tests {
use tokio::runtime::Runtime; use tokio::runtime::Runtime;
use crate::{ use crate::{
config,
key_validity, key_validity,
}; };
use super::*; use super::*;

31
docs/reference/scraper-keys.md
View File

@ -1,31 +0,0 @@
# How scraper keys work
Come up with a random passphrase:
`not this, this is a bogus passphrase for documentation`
Run that through the `hash-api-key` subcommand of any `ptth_relay` instance:
`ptth_relay hash-api-key`
You'll get a hash like this:
`RUWt1hQQuHIRjftOdgeZf0PG/DtAmIaMqot/nwBAZXQ=`
Make sure that gets into the relay's config file, `ptth_relay.toml`:
```
[[scraper_keys]]
name = "shudder_mummy"
not_before = "2021-08-27T19:20:25-05:00"
not_after = "2031-08-27T19:20:25-05:00"
hash = "RUWt1hQQuHIRjftOdgeZf0PG/DtAmIaMqot/nwBAZXQ="
```
Use curl to like, try it out:
```
curl \
--header "X-ApiKey: not this, this is a bogus passphrase for documentation" \
http://localhost:4000/scraper/v1/test
```