From b4938c904e594f609de09f5e1327b644d7ae54aa Mon Sep 17 00:00:00 2001 From: m0veax Date: Fri, 28 Jun 2024 23:03:58 +0200 Subject: [PATCH 1/4] check if payload secrets match env variable secrets --- .gitignore | 1 + scripts/open_aerie.sh | 16 ++++++++++++++-- src/main.rs | 22 ++++++++++++++++++++++ 3 files changed, 37 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index ea8c4bf..2a0038a 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ /target +.idea \ No newline at end of file diff --git a/scripts/open_aerie.sh b/scripts/open_aerie.sh index 4870e29..050b54c 100644 --- a/scripts/open_aerie.sh +++ b/scripts/open_aerie.sh @@ -1,4 +1,16 @@ +#!/bin/sh + +## starte server mit env vars passend zum ersten aufruf +## TODO das muss noch gescripted werden + +# should return 201 curl -XPOST \ -H "Content-Type: application/json" \ - --data '{"consumer_key": "","consumer_secret":"","aerie":true }' \ - http://localhost:3000/api/update + --data '{"consumer_key": "test123","consumer_secret":"123test","aerie":true }' \ + http://localhost:3000/api/update -vvv + +#should return 500 +curl -XPOST \ + -H "Content-Type: application/json" \ + --data '{"consumer_key": "test123","consumer_secret":"123test","aerie":true }' \ + http://localhost:3000/api/update -vvv \ No newline at end of file diff --git a/src/main.rs b/src/main.rs index a301f58..ef18a72 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,5 +1,6 @@ use std::fs::File; use std::io::prelude::*; +use std::env; use axum::{ http::StatusCode, @@ -36,6 +37,18 @@ fn init_status() -> Status { status::status(sensors, state) } +// check given secret +// https://www.youtube.com/watch?v=aHKWVLH-ibY +fn check_secret(given_secret: String, given_key: String) -> bool { + let consumer_secret = env::var("consumer_secret").unwrap(); + let consumer_key = env::var("consumer_key").unwrap(); + + if given_secret == consumer_secret && given_key == consumer_key { + return true; + } + false +} + // Write status to file and return JSON string. fn write_status(s: Status) -> String { let s = serde_json::to_string(&s).unwrap(); @@ -59,11 +72,20 @@ async fn root() -> String { struct TheDoors { aerie: Option, cellar: Option, + consumer_key: String, + consumer_secret: String } + // The door can see through your soul. // https://www.youtube.com/watch?v=bDQDp00oTP4 async fn the_doors(Json(payload): Json) -> StatusCode { + + let check_secret = check_secret(payload.consumer_secret, payload.consumer_key); + + if !check_secret { return StatusCode::FORBIDDEN; } + + let status: Status = if std::path::Path::new(STATUS_FILE).exists() { let contents = std::fs::read_to_string(STATUS_FILE).expect("FCKAFD"); serde_json::from_str(&contents).unwrap_or_else(|_| init_status()) -- 2.45.2 From baf9d87556f6a96ceef4166c80902424d8338c05 Mon Sep 17 00:00:00 2001 From: m0veax Date: Sat, 29 Jun 2024 00:14:38 +0200 Subject: [PATCH 2/4] build docker container with git clone to enable automation --- Dockerfile | 4 +++- docker-compose.yaml | 18 ++++++++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 docker-compose.yaml diff --git a/Dockerfile b/Dockerfile index ae1b8d3..0235bf0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,9 @@ FROM rust:1.75.0 as builder WORKDIR /usr/src/chaospott-status -COPY . . +# git clone anstatt copy, damit Dockerfile in extra repository liegen kann. Danke @a3x +# git ist im image enthalten, da rust image hiervon abstammt https://hub.docker.com/layers/library/buildpack-deps/bookworm-scm/images/sha256-25f20fd3e3c8be1e9626c246986beb400ccfe19b0ab13d57127399927801d499?context=explore +RUN git clone https://git.chaospott.de/Chaospott/chaospott-status.git . # use musl to create a truly static binary https://bxbrenden.github.io/ RUN rustup component add rust-std-x86_64-unknown-linux-musl diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 0000000..ef25390 --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,18 @@ +version: '3' +services: + spaceapi-v2: + build: . + container_name: spaceapi-v2 + restart: always + labels: + - traefik.frontend.rule=Host:status-v2.chaospott.de + - traefik.port=3000 + - traefik.frontend.passHostHeader=true + - traefik.enable=true + networks: + - extern + +networks: + extern: + external: + name: web -- 2.45.2 From 41c111569d5d2326fa2e41aaff802cf62c9fb36d Mon Sep 17 00:00:00 2001 From: m0veax Date: Sat, 29 Jun 2024 00:41:16 +0200 Subject: [PATCH 3/4] add build / deploy instructions to readme --- README.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/README.md b/README.md index 87831e9..7d6f6f5 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,19 @@ To start the app, just `cargo run --release` as usual. Find scripts for testing in [`scripts/`](scripts/). +## Build / Deploy + +While building the Docker Container, the sources will be cloned from this repository. + +Set the environment variables to set the update secrets. + +```shell +export consumer_key=foo +export consumer_secret=bar + +docker compose up +``` + ## Need help? Ask chfkch, starblue, m0veax, CyReVolt or your favourite Rustacean. 🦀 -- 2.45.2 From 6cab009b3ae87d6dabb217e3a0ad392dbbab919a Mon Sep 17 00:00:00 2001 From: m0veax Date: Sat, 29 Jun 2024 00:45:21 +0200 Subject: [PATCH 4/4] test script failes on purpose --- scripts/open_aerie.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/open_aerie.sh b/scripts/open_aerie.sh index 050b54c..3123526 100644 --- a/scripts/open_aerie.sh +++ b/scripts/open_aerie.sh @@ -3,7 +3,7 @@ ## starte server mit env vars passend zum ersten aufruf ## TODO das muss noch gescripted werden -# should return 201 +# should return 201 if env vars are set like this payload states curl -XPOST \ -H "Content-Type: application/json" \ --data '{"consumer_key": "test123","consumer_secret":"123test","aerie":true }' \ @@ -12,5 +12,5 @@ curl -XPOST \ #should return 500 curl -XPOST \ -H "Content-Type: application/json" \ - --data '{"consumer_key": "test123","consumer_secret":"123test","aerie":true }' \ + --data '{"consumer_key": "foo","consumer_secret":"bar","aerie":true }' \ http://localhost:3000/api/update -vvv \ No newline at end of file -- 2.45.2