From b930bf22d4974363934514919539149a69b15167 Mon Sep 17 00:00:00 2001
From: Bryan Newbold <bnewbold@robocracy.org>
Date: Mon, 31 Dec 2018 17:40:51 -0800
Subject: allow multiple 'alt' keys to be specified in env

---
 rust/src/auth.rs        |  6 ++++++
 rust/src/bin/fatcatd.rs |  8 ++++++++
 rust/src/lib.rs         | 19 ++++++++++++++++++-
 3 files changed, 32 insertions(+), 1 deletion(-)

(limited to 'rust')

diff --git a/rust/src/auth.rs b/rust/src/auth.rs
index 16fd4fe2..4b608a96 100644
--- a/rust/src/auth.rs
+++ b/rust/src/auth.rs
@@ -198,6 +198,12 @@ impl AuthConfectionary {
         .unwrap()
     }
 
+    pub fn add_keypair(&mut self, identifier: String, key_base64: String) -> Result<()> {
+        let key = BASE64.decode(key_base64.as_bytes())?;
+        self.root_keys.insert(identifier, key);
+        Ok(())
+    }
+
     pub fn create_token(
         &self,
         editor_id: FatCatId,
diff --git a/rust/src/bin/fatcatd.rs b/rust/src/bin/fatcatd.rs
index a4f20ddb..04f88948 100644
--- a/rust/src/bin/fatcatd.rs
+++ b/rust/src/bin/fatcatd.rs
@@ -39,6 +39,14 @@ fn main() {
     let formatter = DefaultLogFormatter;
 
     let server = fatcat::server().unwrap();
+    info!(
+        logger,
+        "using primary auth key: {}", server.auth_confectionary.identifier,
+    );
+    info!(
+        logger,
+        "all auth keys: {:?}", server.auth_confectionary.root_keys.keys().collect::<Vec<&String>>(),
+    );
     let mut router = fatcat_api_spec::router(server);
 
     router.get("/", root_handler, "root-redirect");
diff --git a/rust/src/lib.rs b/rust/src/lib.rs
index a31404da..7d00641a 100644
--- a/rust/src/lib.rs
+++ b/rust/src/lib.rs
@@ -122,7 +122,24 @@ pub fn env_confectionary() -> Result<AuthConfectionary> {
     let auth_location = env::var("AUTH_LOCATION").expect("AUTH_LOCATION must be set");
     let auth_key = env::var("AUTH_SECRET_KEY").expect("AUTH_SECRET_KEY must be set");
     let auth_key_ident = env::var("AUTH_KEY_IDENT").expect("AUTH_KEY_IDENT must be set");
-    AuthConfectionary::new(auth_location, auth_key_ident, auth_key)
+    info!("Loaded primary auth key: {}", auth_key_ident);
+    let mut confectionary = AuthConfectionary::new(auth_location, auth_key_ident, auth_key)?;
+    match env::var("AUTH_ALT_KEYS") {
+        Ok(var) => {
+            for pair in var.split(",") {
+                let pair: Vec<&str> = pair.split(":").collect();
+                if pair.len() != 2 {
+                    println!("{:#?}", pair);
+                    bail!("couldn't parse keypair from AUTH_ALT_KEYS (expected 'ident:key' pairs separated by commas)");
+                }
+                info!("Loading alt auth key: {}", pair[0]);
+                confectionary.add_keypair(pair[0].to_string(), pair[1].to_string())?;
+
+            }
+        },
+        Err(_) => (),
+    }
+    Ok(confectionary)
 }
 
 /// Instantiate a new API server with a pooled database connection
-- 
cgit v1.2.3