application secrets and build / deploy #5
1
.gitignore
vendored
1
.gitignore
vendored
@ -1 +1,2 @@
|
|||||||
/target
|
/target
|
||||||
|
.idea
|
@ -1,7 +1,9 @@
|
|||||||
FROM rust:1.75.0 as builder
|
FROM rust:1.75.0 as builder
|
||||||
|
|
||||||
WORKDIR /usr/src/chaospott-status
|
WORKDIR /usr/src/chaospott-status
|
||||||
COPY . .
|
# git clone anstatt copy, damit Dockerfile in extra repository liegen kann. Danke @a3x
|
||||||
|
# git ist im image enthalten, da rust image hiervon abstammt https://hub.docker.com/layers/library/buildpack-deps/bookworm-scm/images/sha256-25f20fd3e3c8be1e9626c246986beb400ccfe19b0ab13d57127399927801d499?context=explore
|
||||||
|
RUN git clone https://git.chaospott.de/Chaospott/chaospott-status.git .
|
||||||
|
|
||||||
# use musl to create a truly static binary https://bxbrenden.github.io/
|
# use musl to create a truly static binary https://bxbrenden.github.io/
|
||||||
RUN rustup component add rust-std-x86_64-unknown-linux-musl
|
RUN rustup component add rust-std-x86_64-unknown-linux-musl
|
||||||
|
13
README.md
13
README.md
@ -16,6 +16,19 @@ To start the app, just `cargo run --release` as usual.
|
|||||||
|
|
||||||
Find scripts for testing in [`scripts/`](scripts/).
|
Find scripts for testing in [`scripts/`](scripts/).
|
||||||
|
|
||||||
|
## Build / Deploy
|
||||||
|
|
||||||
|
While building the Docker Container, the sources will be cloned from this repository.
|
||||||
|
|||||||
|
|
||||||
|
Set the environment variables to set the update secrets.
|
||||||
|
|
||||||
|
```shell
|
||||||
|
export consumer_key=foo
|
||||||
|
export consumer_secret=bar
|
||||||
|
|
||||||
|
docker compose up
|
||||||
|
```
|
||||||
|
|
||||||
## Need help?
|
## Need help?
|
||||||
|
|
||||||
Ask chfkch, starblue, m0veax, CyReVolt or your favourite Rustacean. 🦀
|
Ask chfkch, starblue, m0veax, CyReVolt or your favourite Rustacean. 🦀
|
||||||
|
18
docker-compose.yaml
Normal file
18
docker-compose.yaml
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
version: '3'
|
||||||
|
services:
|
||||||
|
spaceapi-v2:
|
||||||
|
build: .
|
||||||
|
container_name: spaceapi-v2
|
||||||
|
restart: always
|
||||||
|
labels:
|
||||||
|
- traefik.frontend.rule=Host:status-v2.chaospott.de
|
||||||
|
- traefik.port=3000
|
||||||
|
- traefik.frontend.passHostHeader=true
|
||||||
|
- traefik.enable=true
|
||||||
|
networks:
|
||||||
|
- extern
|
||||||
|
|
||||||
|
networks:
|
||||||
|
extern:
|
||||||
|
external:
|
||||||
|
name: web
|
@ -1,4 +1,16 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
## starte server mit env vars passend zum ersten aufruf
|
||||||
|
## TODO das muss noch gescripted werden
|
||||||
|
|
||||||
|
# should return 201 if env vars are set like this payload states
|
||||||
curl -XPOST \
|
curl -XPOST \
|
||||||
-H "Content-Type: application/json" \
|
-H "Content-Type: application/json" \
|
||||||
--data '{"consumer_key": "","consumer_secret":"","aerie":true }' \
|
--data '{"consumer_key": "test123","consumer_secret":"123test","aerie":true }' \
|
||||||
http://localhost:3000/api/update
|
http://localhost:3000/api/update -vvv
|
||||||
|
|
||||||
|
#should return 500
|
||||||
|
curl -XPOST \
|
||||||
|
-H "Content-Type: application/json" \
|
||||||
|
--data '{"consumer_key": "foo","consumer_secret":"bar","aerie":true }' \
|
||||||
|
http://localhost:3000/api/update -vvv
|
22
src/main.rs
22
src/main.rs
@ -1,5 +1,6 @@
|
|||||||
use std::fs::File;
|
use std::fs::File;
|
||||||
use std::io::prelude::*;
|
use std::io::prelude::*;
|
||||||
|
use std::env;
|
||||||
|
|
||||||
use axum::{
|
use axum::{
|
||||||
http::StatusCode,
|
http::StatusCode,
|
||||||
@ -36,6 +37,18 @@ fn init_status() -> Status {
|
|||||||
status::status(sensors, state)
|
status::status(sensors, state)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// check given secret
|
||||||
|
// https://www.youtube.com/watch?v=aHKWVLH-ibY
|
||||||
|
fn check_secret(given_secret: String, given_key: String) -> bool {
|
||||||
|
let consumer_secret = env::var("consumer_secret").unwrap();
|
||||||
|
let consumer_key = env::var("consumer_key").unwrap();
|
||||||
|
|
||||||
|
if given_secret == consumer_secret && given_key == consumer_key {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
false
|
||||||
|
}
|
||||||
|
|
||||||
// Write status to file and return JSON string.
|
// Write status to file and return JSON string.
|
||||||
fn write_status(s: Status) -> String {
|
fn write_status(s: Status) -> String {
|
||||||
let s = serde_json::to_string(&s).unwrap();
|
let s = serde_json::to_string(&s).unwrap();
|
||||||
@ -59,11 +72,20 @@ async fn root() -> String {
|
|||||||
struct TheDoors {
|
struct TheDoors {
|
||||||
aerie: Option<bool>,
|
aerie: Option<bool>,
|
||||||
cellar: Option<bool>,
|
cellar: Option<bool>,
|
||||||
|
consumer_key: String,
|
||||||
|
consumer_secret: String
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// The door can see through your soul.
|
// The door can see through your soul.
|
||||||
// https://www.youtube.com/watch?v=bDQDp00oTP4
|
// https://www.youtube.com/watch?v=bDQDp00oTP4
|
||||||
async fn the_doors(Json(payload): Json<TheDoors>) -> StatusCode {
|
async fn the_doors(Json(payload): Json<TheDoors>) -> StatusCode {
|
||||||
|
|
||||||
|
let check_secret = check_secret(payload.consumer_secret, payload.consumer_key);
|
||||||
|
|
||||||
|
if !check_secret { return StatusCode::FORBIDDEN; }
|
||||||
|
|
||||||
|
|
||||||
let status: Status = if std::path::Path::new(STATUS_FILE).exists() {
|
let status: Status = if std::path::Path::new(STATUS_FILE).exists() {
|
||||||
let contents = std::fs::read_to_string(STATUS_FILE).expect("FCKAFD");
|
let contents = std::fs::read_to_string(STATUS_FILE).expect("FCKAFD");
|
||||||
serde_json::from_str(&contents).unwrap_or_else(|_| init_status())
|
serde_json::from_str(&contents).unwrap_or_else(|_| init_status())
|
||||||
|
Loading…
Reference in New Issue
Block a user
what we build is the image ;)