aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--rust/src/auth.rs6
-rw-r--r--rust/src/bin/fatcatd.rs8
-rw-r--r--rust/src/lib.rs19
3 files changed, 32 insertions, 1 deletions
diff --git a/rust/src/auth.rs b/rust/src/auth.rs
index 16fd4fe2..4b608a96 100644
--- a/rust/src/auth.rs
+++ b/rust/src/auth.rs
@@ -198,6 +198,12 @@ impl AuthConfectionary {
.unwrap()
}
+ pub fn add_keypair(&mut self, identifier: String, key_base64: String) -> Result<()> {
+ let key = BASE64.decode(key_base64.as_bytes())?;
+ self.root_keys.insert(identifier, key);
+ Ok(())
+ }
+
pub fn create_token(
&self,
editor_id: FatCatId,
diff --git a/rust/src/bin/fatcatd.rs b/rust/src/bin/fatcatd.rs
index a4f20ddb..04f88948 100644
--- a/rust/src/bin/fatcatd.rs
+++ b/rust/src/bin/fatcatd.rs
@@ -39,6 +39,14 @@ fn main() {
let formatter = DefaultLogFormatter;
let server = fatcat::server().unwrap();
+ info!(
+ logger,
+ "using primary auth key: {}", server.auth_confectionary.identifier,
+ );
+ info!(
+ logger,
+ "all auth keys: {:?}", server.auth_confectionary.root_keys.keys().collect::<Vec<&String>>(),
+ );
let mut router = fatcat_api_spec::router(server);
router.get("/", root_handler, "root-redirect");
diff --git a/rust/src/lib.rs b/rust/src/lib.rs
index a31404da..7d00641a 100644
--- a/rust/src/lib.rs
+++ b/rust/src/lib.rs
@@ -122,7 +122,24 @@ pub fn env_confectionary() -> Result<AuthConfectionary> {
let auth_location = env::var("AUTH_LOCATION").expect("AUTH_LOCATION must be set");
let auth_key = env::var("AUTH_SECRET_KEY").expect("AUTH_SECRET_KEY must be set");
let auth_key_ident = env::var("AUTH_KEY_IDENT").expect("AUTH_KEY_IDENT must be set");
- AuthConfectionary::new(auth_location, auth_key_ident, auth_key)
+ info!("Loaded primary auth key: {}", auth_key_ident);
+ let mut confectionary = AuthConfectionary::new(auth_location, auth_key_ident, auth_key)?;
+ match env::var("AUTH_ALT_KEYS") {
+ Ok(var) => {
+ for pair in var.split(",") {
+ let pair: Vec<&str> = pair.split(":").collect();
+ if pair.len() != 2 {
+ println!("{:#?}", pair);
+ bail!("couldn't parse keypair from AUTH_ALT_KEYS (expected 'ident:key' pairs separated by commas)");
+ }
+ info!("Loading alt auth key: {}", pair[0]);
+ confectionary.add_keypair(pair[0].to_string(), pair[1].to_string())?;
+
+ }
+ },
+ Err(_) => (),
+ }
+ Ok(confectionary)
}
/// Instantiate a new API server with a pooled database connection