update to 11.1.0

CHANGELOG.md

@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [11.1.0] - 2021-04-06
+
+### Added
+- Added use your own SSL cert
+- Added health check endpoints
+
 ## [11.0.0] - 2021-04-05
 
 ### Added

Cargo.lock

@@ -465,7 +465,7 @@ dependencies = [
 
 [[package]]
 name = "broker"
-version = "11.0.0"
+version = "11.1.0"
 dependencies = [
  "anyhow",
  "async-std",

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "broker"
-version = "11.0.0"
+version = "11.1.0"
 authors = ["Bevan Hunt <bevan@bevanhunt.com>"]
 edition = "2018"
 license = "MIT"

README.md

@@ -26,7 +26,7 @@ Broker follows an insert-only/publish/subscribe paradigm rather than a REST CRUD
 * Uses Global NTP servers and doesn't rely on your local server time
 * Insert event via JSON POST request 
 * Sync latest events on SSE client connection
-* Auto-provision and renews SSL cert via LetsEncrypt
+* Auto-provision and renews SSL cert via LetsEncrypt or use your own SSL cert
 * Verify endpoint for external services using Broker user system like [portal](https://crates.io/crates/portal)
 * User Management API endpoints (revoke, unrevoke, list, get, update)
 * User Email Address Validation (regex and blacklist check against throwaway emails)
@@ -262,15 +262,18 @@ will return: `200` or `500` or `400` or `401`
 
 ``` cargo install broker ```
 
-- the origin can be passed in as a flag - default `*`
-- the port can be passed in as a flag - default `8080` - can only be set for unsecure connections
-- the jwt_expiry (for jwts) can be passed in as a flag - default `86400`
-- the jwt_secret (for jwts) should be passed in as a flag - default `secret`
-- the secure flag (https) and can be true or false - default `false`
-- the certs flag is the storage path of LetsEncrypt certs - default `certs`
-- the db flag is the path where the embedded database will be saved - default `db`
-- the domain flag is the domain name (e.g. api.broker.com) of the domain you want to register with LetsEncrypt - must be fully resolvable 
-- the admin_token flag is the password for the admin to add users - default `letmein`
+- the `origin` can be passed in as a flag - default `*`
+- the `port` can be passed in as a flag - default `8080` - can only be set for unsecure connections
+- the `jwt_expiry` for jwts can be passed in as a flag - default `86400`
+- the `jwt_secret` for jwts should be passed in as a flag - default `secret`
+- the `secure` flag for https and can be true or false - default `false`
+- the `auto_cert` flag for an autorenewing LetsEncrypt SSL cert can be true or false - requires a resolvable domain - default `true` 
+- the `key_path` flag when `auto_cert` is `false` to set the SSL key path for your own cert - default `certs/private_key.pem`
+- the `cert_path` flag when `auto_cert` is `false` to set the SSL cert path for your own cert - default `certs/chain.pem`
+- the `certs` flag is the storage path of LetsEncrypt certs - default `certs`
+- the `db` flag is the path where the embedded database will be saved - default `db`
+- the `domain` flag is the domain name (e.g. api.broker.com) of the domain you want to register with LetsEncrypt - must be fully resolvable 
+- the `admin_token` flag is the password for the admin to add users - default `letmein`
 - production example: `./broker --secure="true" --admin_token"23ce4234@123$" --jwt_secret="xTJEX234$##$" --domain="api.broker.com"`
 
 ### Service

src/main.rs

@@ -42,6 +42,9 @@ pub struct EnvVarConfig {
   pub certs: String,
   pub domain: String,
   pub admin_token: String,
+  pub auto_cert: bool,
+  pub key_path: String,
+  pub cert_path: String,
 }
 
 #[derive(Debug, Serialize, Deserialize, Clone)]
@@ -317,12 +320,15 @@ fn env_var_config() -> EnvVarConfig {
     let mut port : u16 = 8080;
     let mut jwt_expiry : i64 = 86400;
     let mut secure = false;
+    let mut auto_cert = true;
     let mut origin = "*".to_string();
     let mut jwt_secret = "secret".to_string();
     let mut db: String = "db".to_string();
     let mut certs = "certs".to_string();
     let mut domain = "localhost".to_string();
     let mut admin_token = "letmein".to_string();
+    let mut key_path = "certs/private_key.pem".to_string();
+    let mut cert_path = "certs/chain.pem".to_string();
     let _ : Vec<String> = go_flag::parse(|flags| {
         flags.add_flag("port", &mut port);
         flags.add_flag("origin", &mut origin);
@@ -333,9 +339,12 @@ fn env_var_config() -> EnvVarConfig {
         flags.add_flag("domain", &mut domain);
         flags.add_flag("certs", &mut certs);
         flags.add_flag("admin_token", &mut admin_token);
+        flags.add_flag("auto_cert", &mut auto_cert);
+        flags.add_flag("key_path", &mut key_path);
+        flags.add_flag("cert_path", &mut cert_path);
     });
 
-    EnvVarConfig{port, origin, jwt_expiry, jwt_secret, secure, domain, certs, db, admin_token}
+    EnvVarConfig{port, origin, jwt_expiry, jwt_secret, secure, domain, certs, db, admin_token, auto_cert, key_path, cert_path}
 }
 
 async fn jwt_verify(token: String) -> Result<Option<TokenData<Claims>>> {
@@ -553,6 +562,10 @@ async fn update_user(mut req: Request<()>) -> tide::Result {
     }
 }
 
+async fn health(_: Request<()>) -> tide::Result {
+    Ok(tide::Response::builder(200).header("content-type", "application/json").build())
+}
+
 #[async_std::main]
 async fn main() -> tide::Result<()> {
 
@@ -567,6 +580,8 @@ async fn main() -> tide::Result<()> {
     let mut app = tide::new();
     app.with(driftwood::DevLogger);
     app.with(cors);
+    app.at("/").get(health);
+    app.at("/").head(health);
     app.at("/insert").post(insert_event);
     app.at("/create_user").post(create_user);
     app.at("/login").post(login_user);
@@ -636,7 +651,7 @@ async fn main() -> tide::Result<()> {
 
     let ip = format!("0.0.0.0:{}", configure.port);
 
-    if configure.secure {
+    if configure.secure && configure.auto_cert {
         app.listen(
             tide_rustls::TlsListener::build().addrs("0.0.0.0:443").acme(
                 AcmeConfig::new()
@@ -646,6 +661,14 @@ async fn main() -> tide::Result<()> {
             ),
         )
         .await?;
+    } else if configure.secure && !configure.auto_cert {
+        app.listen(
+            tide_rustls::TlsListener::build()
+            .addrs("0.0.0.0:443")
+            .cert(configure.cert_path)
+            .key(configure.key_path)
+        )
+        .await?;
     } else {
         app.listen(ip).await?;
     }