application secrets and build / deploy #5
1
.gitignore
vendored
1
.gitignore
vendored
@ -1 +1,2 @@
|
||||
/target
|
||||
.idea
|
@ -1,7 +1,9 @@
|
||||
FROM rust:1.75.0 as builder
|
||||
|
||||
WORKDIR /usr/src/chaospott-status
|
||||
COPY . .
|
||||
# git clone anstatt copy, damit Dockerfile in extra repository liegen kann. Danke @a3x
|
||||
# git ist im image enthalten, da rust image hiervon abstammt https://hub.docker.com/layers/library/buildpack-deps/bookworm-scm/images/sha256-25f20fd3e3c8be1e9626c246986beb400ccfe19b0ab13d57127399927801d499?context=explore
|
||||
RUN git clone https://git.chaospott.de/Chaospott/chaospott-status.git .
|
||||
|
||||
# use musl to create a truly static binary https://bxbrenden.github.io/
|
||||
RUN rustup component add rust-std-x86_64-unknown-linux-musl
|
||||
|
13
README.md
13
README.md
@ -16,6 +16,19 @@ To start the app, just `cargo run --release` as usual.
|
||||
|
||||
Find scripts for testing in [`scripts/`](scripts/).
|
||||
|
||||
## Build / Deploy
|
||||
|
||||
While building the Docker Container, the sources will be cloned from this repository.
|
||||
|
||||
|
||||
Set the environment variables to set the update secrets.
|
||||
|
||||
```shell
|
||||
export consumer_key=foo
|
||||
export consumer_secret=bar
|
||||
|
||||
docker compose up
|
||||
```
|
||||
|
||||
## Need help?
|
||||
|
||||
Ask chfkch, starblue, m0veax, CyReVolt or your favourite Rustacean. 🦀
|
||||
|
18
docker-compose.yaml
Normal file
18
docker-compose.yaml
Normal file
@ -0,0 +1,18 @@
|
||||
version: '3'
|
||||
services:
|
||||
spaceapi-v2:
|
||||
build: .
|
||||
container_name: spaceapi-v2
|
||||
restart: always
|
||||
labels:
|
||||
- traefik.frontend.rule=Host:status-v2.chaospott.de
|
||||
- traefik.port=3000
|
||||
- traefik.frontend.passHostHeader=true
|
||||
- traefik.enable=true
|
||||
networks:
|
||||
- extern
|
||||
|
||||
networks:
|
||||
extern:
|
||||
external:
|
||||
name: web
|
@ -1,4 +1,16 @@
|
||||
#!/bin/sh
|
||||
|
||||
## starte server mit env vars passend zum ersten aufruf
|
||||
## TODO das muss noch gescripted werden
|
||||
|
||||
# should return 201 if env vars are set like this payload states
|
||||
curl -XPOST \
|
||||
-H "Content-Type: application/json" \
|
||||
--data '{"consumer_key": "","consumer_secret":"","aerie":true }' \
|
||||
http://localhost:3000/api/update
|
||||
--data '{"consumer_key": "test123","consumer_secret":"123test","aerie":true }' \
|
||||
http://localhost:3000/api/update -vvv
|
||||
|
||||
#should return 500
|
||||
curl -XPOST \
|
||||
-H "Content-Type: application/json" \
|
||||
--data '{"consumer_key": "foo","consumer_secret":"bar","aerie":true }' \
|
||||
http://localhost:3000/api/update -vvv
|
22
src/main.rs
22
src/main.rs
@ -1,5 +1,6 @@
|
||||
use std::fs::File;
|
||||
use std::io::prelude::*;
|
||||
use std::env;
|
||||
|
||||
use axum::{
|
||||
http::StatusCode,
|
||||
@ -36,6 +37,18 @@ fn init_status() -> Status {
|
||||
status::status(sensors, state)
|
||||
}
|
||||
|
||||
// check given secret
|
||||
// https://www.youtube.com/watch?v=aHKWVLH-ibY
|
||||
fn check_secret(given_secret: String, given_key: String) -> bool {
|
||||
let consumer_secret = env::var("consumer_secret").unwrap();
|
||||
let consumer_key = env::var("consumer_key").unwrap();
|
||||
|
||||
if given_secret == consumer_secret && given_key == consumer_key {
|
||||
return true;
|
||||
}
|
||||
false
|
||||
}
|
||||
|
||||
// Write status to file and return JSON string.
|
||||
fn write_status(s: Status) -> String {
|
||||
let s = serde_json::to_string(&s).unwrap();
|
||||
@ -59,11 +72,20 @@ async fn root() -> String {
|
||||
struct TheDoors {
|
||||
aerie: Option<bool>,
|
||||
cellar: Option<bool>,
|
||||
consumer_key: String,
|
||||
consumer_secret: String
|
||||
}
|
||||
|
||||
|
||||
// The door can see through your soul.
|
||||
// https://www.youtube.com/watch?v=bDQDp00oTP4
|
||||
async fn the_doors(Json(payload): Json<TheDoors>) -> StatusCode {
|
||||
|
||||
let check_secret = check_secret(payload.consumer_secret, payload.consumer_key);
|
||||
|
||||
if !check_secret { return StatusCode::FORBIDDEN; }
|
||||
|
||||
|
||||
let status: Status = if std::path::Path::new(STATUS_FILE).exists() {
|
||||
let contents = std::fs::read_to_string(STATUS_FILE).expect("FCKAFD");
|
||||
serde_json::from_str(&contents).unwrap_or_else(|_| init_status())
|
||||
|
Loading…
Reference in New Issue
Block a user
what we build is the image ;)