Compare commits
No commits in common. "228a9b4262cbc5a07492040a4cf20fd4c77ba9a8" and "49c1a2fbd734316b7b729d4e14d52de4609efec7" have entirely different histories.
228a9b4262
...
49c1a2fbd7
|
|
@ -15,6 +15,7 @@ use crate::{
|
|||
errors::ConfigError,
|
||||
key_validity::{
|
||||
ScraperKey,
|
||||
Valid30Days,
|
||||
},
|
||||
};
|
||||
|
||||
|
|
@ -98,6 +99,7 @@ pub mod file {
|
|||
use crate::key_validity::{
|
||||
BlakeHashWrapper,
|
||||
ScraperKey,
|
||||
Valid30Days,
|
||||
};
|
||||
|
||||
#[derive (Clone, Debug, Deserialize, Serialize)]
|
||||
|
|
@ -140,7 +142,7 @@ pub mod file {
|
|||
pub servers: Option <Vec <Server>>,
|
||||
|
||||
// Adding a DB will take a while, so I'm moving these out of dev mode.
|
||||
pub scraper_keys: Option <Vec <ScraperKey>>,
|
||||
pub scraper_keys: Option <Vec <ScraperKey <Valid30Days>>>,
|
||||
|
||||
pub news_url: Option <String>,
|
||||
}
|
||||
|
|
@ -154,7 +156,7 @@ pub struct Config {
|
|||
pub address: IpAddr,
|
||||
pub port: Option <u16>,
|
||||
pub servers: HashMap <String, file::Server>,
|
||||
pub scraper_keys: HashMap <String, ScraperKey>,
|
||||
pub scraper_keys: HashMap <String, ScraperKey <Valid30Days>>,
|
||||
pub news_url: Option <String>,
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -78,17 +78,36 @@ impl Serialize for BlakeHashWrapper {
|
|||
}
|
||||
}
|
||||
|
||||
pub struct Valid7Days;
|
||||
pub struct Valid30Days;
|
||||
//pub struct Valid90Days;
|
||||
|
||||
pub trait MaxValidDuration {
|
||||
fn dur () -> Duration;
|
||||
}
|
||||
|
||||
impl MaxValidDuration for Valid7Days {
|
||||
fn dur () -> Duration {
|
||||
Duration::days (7)
|
||||
}
|
||||
}
|
||||
|
||||
impl MaxValidDuration for Valid30Days {
|
||||
fn dur () -> Duration {
|
||||
Duration::days (30)
|
||||
}
|
||||
}
|
||||
|
||||
#[derive (Deserialize)]
|
||||
pub struct ScraperKey {
|
||||
pub name: String,
|
||||
pub struct ScraperKey <V: MaxValidDuration> {
|
||||
name: String,
|
||||
|
||||
not_before: DateTime <Utc>,
|
||||
not_after: DateTime <Utc>,
|
||||
pub hash: BlakeHashWrapper,
|
||||
|
||||
#[serde (default)]
|
||||
_phantom: std::marker::PhantomData <V>,
|
||||
}
|
||||
|
||||
#[derive (Copy, Clone, Debug, PartialEq)]
|
||||
|
|
@ -102,20 +121,21 @@ pub enum KeyValidity {
|
|||
DurationNegative,
|
||||
}
|
||||
|
||||
impl ScraperKey {
|
||||
impl <V: MaxValidDuration> ScraperKey <V> {
|
||||
pub fn new_30_day <S: Into <String>> (name: S, input: &[u8]) -> Self {
|
||||
let now = Utc::now ();
|
||||
|
||||
Self {
|
||||
name: name.into (),
|
||||
not_before: now,
|
||||
not_after: now + Duration::days (30),
|
||||
not_after: now + V::dur (),
|
||||
hash: BlakeHashWrapper::from_key (input),
|
||||
_phantom: Default::default (),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl ScraperKey {
|
||||
impl <V: MaxValidDuration> ScraperKey <V> {
|
||||
#[must_use]
|
||||
pub fn is_valid (&self, now: DateTime <Utc>, input: &[u8]) -> KeyValidity {
|
||||
use KeyValidity::*;
|
||||
|
|
@ -132,6 +152,13 @@ impl ScraperKey {
|
|||
return DurationNegative;
|
||||
}
|
||||
|
||||
let max_dur = V::dur ();
|
||||
let actual_dur = self.not_after - self.not_before;
|
||||
|
||||
if actual_dur > max_dur {
|
||||
return DurationTooLong (max_dur);
|
||||
}
|
||||
|
||||
if now >= self.not_after {
|
||||
return Expired;
|
||||
}
|
||||
|
|
@ -169,11 +196,12 @@ mod tests {
|
|||
fn duration_negative () {
|
||||
let zero_time = Utc::now ();
|
||||
|
||||
let key = ScraperKey {
|
||||
let key = ScraperKey::<Valid30Days> {
|
||||
name: "automated testing".to_string (),
|
||||
not_before: zero_time + Duration::days (1 + 2),
|
||||
not_after: zero_time + Duration::days (1),
|
||||
hash: BlakeHashWrapper::from_key ("bad_password".as_bytes ()),
|
||||
_phantom: Default::default (),
|
||||
};
|
||||
|
||||
let err = DurationNegative;
|
||||
|
|
@ -187,22 +215,46 @@ mod tests {
|
|||
}
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn key_valid_too_long () {
|
||||
let zero_time = Utc::now ();
|
||||
|
||||
let key = ScraperKey::<Valid30Days> {
|
||||
name: "automated testing".to_string (),
|
||||
not_before: zero_time + Duration::days (1),
|
||||
not_after: zero_time + Duration::days (1 + 31),
|
||||
hash: BlakeHashWrapper::from_key ("bad_password".as_bytes ()),
|
||||
_phantom: Default::default (),
|
||||
};
|
||||
|
||||
let err = DurationTooLong (Duration::days (30));
|
||||
|
||||
for (input, expected) in &[
|
||||
(zero_time + Duration::days (0), err),
|
||||
(zero_time + Duration::days (2), err),
|
||||
(zero_time + Duration::days (100), err),
|
||||
] {
|
||||
assert_eq! (key.is_valid (*input, "bad_password".as_bytes ()), *expected);
|
||||
}
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn normal_key () {
|
||||
let zero_time = Utc::now ();
|
||||
|
||||
let key = ScraperKey {
|
||||
let key = ScraperKey::<Valid30Days> {
|
||||
name: "automated testing".to_string (),
|
||||
not_before: zero_time + Duration::days (1),
|
||||
not_after: zero_time + Duration::days (1 + 60),
|
||||
not_after: zero_time + Duration::days (1 + 30),
|
||||
hash: BlakeHashWrapper::from_key ("bad_password".as_bytes ()),
|
||||
_phantom: Default::default (),
|
||||
};
|
||||
|
||||
for (input, expected) in &[
|
||||
(zero_time + Duration::days (0), ClockIsBehind),
|
||||
(zero_time + Duration::days (2), Valid),
|
||||
(zero_time + Duration::days (60 - 1), Valid),
|
||||
(zero_time + Duration::days (60 + 1), Expired),
|
||||
(zero_time + Duration::days (29), Valid),
|
||||
(zero_time + Duration::days (1 + 30), Expired),
|
||||
(zero_time + Duration::days (100), Expired),
|
||||
] {
|
||||
assert_eq! (key.is_valid (*input, "bad_password".as_bytes ()), *expected);
|
||||
|
|
@ -213,11 +265,12 @@ mod tests {
|
|||
fn wrong_key () {
|
||||
let zero_time = Utc::now ();
|
||||
|
||||
let key = ScraperKey {
|
||||
let key = ScraperKey::<Valid30Days> {
|
||||
name: "automated testing".to_string (),
|
||||
not_before: zero_time + Duration::days (1),
|
||||
not_after: zero_time + Duration::days (1 + 30),
|
||||
hash: BlakeHashWrapper::from_key ("bad_password".as_bytes ()),
|
||||
_phantom: Default::default (),
|
||||
};
|
||||
|
||||
for input in &[
|
||||
|
|
|
|||
|
|
@ -127,6 +127,8 @@ async fn handle_http_request (
|
|||
return Err (UnknownServer);
|
||||
}
|
||||
|
||||
let user = get_user_name (&req);
|
||||
|
||||
let req = http_serde::RequestParts::from_hyper (req.method, uri.clone (), req.headers)
|
||||
.map_err (|_| BadRequest)?;
|
||||
|
||||
|
|
@ -134,6 +136,11 @@ async fn handle_http_request (
|
|||
|
||||
let req_id = rusty_ulid::generate_ulid_string ();
|
||||
|
||||
state.audit_log.push (AuditEvent::new (AuditData::WebClientGet {
|
||||
user,
|
||||
server_name: server_name.to_string (),
|
||||
uri,
|
||||
})).await;
|
||||
trace! ("Created request {}", req_id);
|
||||
|
||||
{
|
||||
|
|
@ -603,13 +610,6 @@ async fn handle_all (
|
|||
} => {
|
||||
let (parts, _) = req.into_parts ();
|
||||
|
||||
let user = get_user_name (&parts);
|
||||
state.audit_log.push (AuditEvent::new (AuditData::WebClientGet {
|
||||
user,
|
||||
server_name: listen_code.to_string (),
|
||||
uri: path.to_string (),
|
||||
})).await;
|
||||
|
||||
handle_http_request (parts, path.to_string (), &state, listen_code).await?
|
||||
},
|
||||
ClientServerList => handle_server_list (state, handlebars).await?,
|
||||
|
|
|
|||
|
|
@ -121,10 +121,6 @@ pub enum AuditData {
|
|||
server: crate::config::file::Server,
|
||||
},
|
||||
RelayStart,
|
||||
ScraperGet {
|
||||
key_name: String,
|
||||
path: String,
|
||||
},
|
||||
WebClientGet {
|
||||
user: Option <String>,
|
||||
server_name: String,
|
||||
|
|
@ -316,7 +312,7 @@ impl Builder {
|
|||
self
|
||||
}
|
||||
|
||||
pub fn scraper_key (mut self, key: crate::key_validity::ScraperKey)
|
||||
pub fn scraper_key (mut self, key: crate::key_validity::ScraperKey <crate::key_validity::Valid30Days>)
|
||||
-> Self
|
||||
{
|
||||
self.config.scraper_keys.insert (key.hash.encode_base64 (), key);
|
||||
|
|
|
|||
|
|
@ -127,11 +127,6 @@ async fn api_v1 (
|
|||
)
|
||||
-> Result <Response <Body>, RequestError>
|
||||
{
|
||||
use crate::{
|
||||
AuditData,
|
||||
AuditEvent,
|
||||
};
|
||||
|
||||
let api_key = req.headers ().get ("X-ApiKey");
|
||||
|
||||
let api_key = match api_key {
|
||||
|
|
@ -143,8 +138,6 @@ async fn api_v1 (
|
|||
|
||||
let bad_key = || error_reply (StatusCode::FORBIDDEN, strings::FORBIDDEN);
|
||||
|
||||
let key_name;
|
||||
|
||||
{
|
||||
let config = state.config.read ().await;
|
||||
|
||||
|
|
@ -167,15 +160,8 @@ async fn api_v1 (
|
|||
return Ok (bad_key ()?);
|
||||
},
|
||||
}
|
||||
|
||||
key_name = expected_key.name.to_string ();
|
||||
}
|
||||
|
||||
state.audit_log.push (AuditEvent::new (AuditData::ScraperGet {
|
||||
key_name,
|
||||
path: path_rest.to_string (),
|
||||
})).await;
|
||||
|
||||
if path_rest == "test" {
|
||||
Ok (error_reply (StatusCode::OK, "You're valid!")?)
|
||||
}
|
||||
|
|
@ -238,6 +224,7 @@ mod tests {
|
|||
|
||||
use tokio::runtime::Runtime;
|
||||
use crate::{
|
||||
config,
|
||||
key_validity,
|
||||
};
|
||||
use super::*;
|
||||
|
|
|
|||
|
|
@ -1,31 +0,0 @@
|
|||
# How scraper keys work
|
||||
|
||||
Come up with a random passphrase:
|
||||
|
||||
`not this, this is a bogus passphrase for documentation`
|
||||
|
||||
Run that through the `hash-api-key` subcommand of any `ptth_relay` instance:
|
||||
|
||||
`ptth_relay hash-api-key`
|
||||
|
||||
You'll get a hash like this:
|
||||
|
||||
`RUWt1hQQuHIRjftOdgeZf0PG/DtAmIaMqot/nwBAZXQ=`
|
||||
|
||||
Make sure that gets into the relay's config file, `ptth_relay.toml`:
|
||||
|
||||
```
|
||||
[[scraper_keys]]
|
||||
name = "shudder_mummy"
|
||||
not_before = "2021-08-27T19:20:25-05:00"
|
||||
not_after = "2031-08-27T19:20:25-05:00"
|
||||
hash = "RUWt1hQQuHIRjftOdgeZf0PG/DtAmIaMqot/nwBAZXQ="
|
||||
```
|
||||
|
||||
Use curl to like, try it out:
|
||||
|
||||
```
|
||||
curl \
|
||||
--header "X-ApiKey: not this, this is a bogus passphrase for documentation" \
|
||||
http://localhost:4000/scraper/v1/test
|
||||
```
|
||||
Loading…
Reference in New Issue