mirror of https://github.com/apibillme/broker
update to 11.1.0
This commit is contained in:
parent
5a167fba5a
commit
8eaac0fe9a
|
@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
|
|||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
||||
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||
|
||||
## [11.1.0] - 2021-04-06
|
||||
|
||||
### Added
|
||||
- Added use your own SSL cert
|
||||
- Added health check endpoints
|
||||
|
||||
## [11.0.0] - 2021-04-05
|
||||
|
||||
### Added
|
||||
|
|
|
@ -465,7 +465,7 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "broker"
|
||||
version = "11.0.0"
|
||||
version = "11.1.0"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"async-std",
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
[package]
|
||||
name = "broker"
|
||||
version = "11.0.0"
|
||||
version = "11.1.0"
|
||||
authors = ["Bevan Hunt <bevan@bevanhunt.com>"]
|
||||
edition = "2018"
|
||||
license = "MIT"
|
||||
|
|
23
README.md
23
README.md
|
@ -26,7 +26,7 @@ Broker follows an insert-only/publish/subscribe paradigm rather than a REST CRUD
|
|||
* Uses Global NTP servers and doesn't rely on your local server time
|
||||
* Insert event via JSON POST request
|
||||
* Sync latest events on SSE client connection
|
||||
* Auto-provision and renews SSL cert via LetsEncrypt
|
||||
* Auto-provision and renews SSL cert via LetsEncrypt or use your own SSL cert
|
||||
* Verify endpoint for external services using Broker user system like [portal](https://crates.io/crates/portal)
|
||||
* User Management API endpoints (revoke, unrevoke, list, get, update)
|
||||
* User Email Address Validation (regex and blacklist check against throwaway emails)
|
||||
|
@ -262,15 +262,18 @@ will return: `200` or `500` or `400` or `401`
|
|||
|
||||
``` cargo install broker ```
|
||||
|
||||
- the origin can be passed in as a flag - default `*`
|
||||
- the port can be passed in as a flag - default `8080` - can only be set for unsecure connections
|
||||
- the jwt_expiry (for jwts) can be passed in as a flag - default `86400`
|
||||
- the jwt_secret (for jwts) should be passed in as a flag - default `secret`
|
||||
- the secure flag (https) and can be true or false - default `false`
|
||||
- the certs flag is the storage path of LetsEncrypt certs - default `certs`
|
||||
- the db flag is the path where the embedded database will be saved - default `db`
|
||||
- the domain flag is the domain name (e.g. api.broker.com) of the domain you want to register with LetsEncrypt - must be fully resolvable
|
||||
- the admin_token flag is the password for the admin to add users - default `letmein`
|
||||
- the `origin` can be passed in as a flag - default `*`
|
||||
- the `port` can be passed in as a flag - default `8080` - can only be set for unsecure connections
|
||||
- the `jwt_expiry` for jwts can be passed in as a flag - default `86400`
|
||||
- the `jwt_secret` for jwts should be passed in as a flag - default `secret`
|
||||
- the `secure` flag for https and can be true or false - default `false`
|
||||
- the `auto_cert` flag for an autorenewing LetsEncrypt SSL cert can be true or false - requires a resolvable domain - default `true`
|
||||
- the `key_path` flag when `auto_cert` is `false` to set the SSL key path for your own cert - default `certs/private_key.pem`
|
||||
- the `cert_path` flag when `auto_cert` is `false` to set the SSL cert path for your own cert - default `certs/chain.pem`
|
||||
- the `certs` flag is the storage path of LetsEncrypt certs - default `certs`
|
||||
- the `db` flag is the path where the embedded database will be saved - default `db`
|
||||
- the `domain` flag is the domain name (e.g. api.broker.com) of the domain you want to register with LetsEncrypt - must be fully resolvable
|
||||
- the `admin_token` flag is the password for the admin to add users - default `letmein`
|
||||
- production example: `./broker --secure="true" --admin_token"23ce4234@123$" --jwt_secret="xTJEX234$##$" --domain="api.broker.com"`
|
||||
|
||||
### Service
|
||||
|
|
27
src/main.rs
27
src/main.rs
|
@ -42,6 +42,9 @@ pub struct EnvVarConfig {
|
|||
pub certs: String,
|
||||
pub domain: String,
|
||||
pub admin_token: String,
|
||||
pub auto_cert: bool,
|
||||
pub key_path: String,
|
||||
pub cert_path: String,
|
||||
}
|
||||
|
||||
#[derive(Debug, Serialize, Deserialize, Clone)]
|
||||
|
@ -317,12 +320,15 @@ fn env_var_config() -> EnvVarConfig {
|
|||
let mut port : u16 = 8080;
|
||||
let mut jwt_expiry : i64 = 86400;
|
||||
let mut secure = false;
|
||||
let mut auto_cert = true;
|
||||
let mut origin = "*".to_string();
|
||||
let mut jwt_secret = "secret".to_string();
|
||||
let mut db: String = "db".to_string();
|
||||
let mut certs = "certs".to_string();
|
||||
let mut domain = "localhost".to_string();
|
||||
let mut admin_token = "letmein".to_string();
|
||||
let mut key_path = "certs/private_key.pem".to_string();
|
||||
let mut cert_path = "certs/chain.pem".to_string();
|
||||
let _ : Vec<String> = go_flag::parse(|flags| {
|
||||
flags.add_flag("port", &mut port);
|
||||
flags.add_flag("origin", &mut origin);
|
||||
|
@ -333,9 +339,12 @@ fn env_var_config() -> EnvVarConfig {
|
|||
flags.add_flag("domain", &mut domain);
|
||||
flags.add_flag("certs", &mut certs);
|
||||
flags.add_flag("admin_token", &mut admin_token);
|
||||
flags.add_flag("auto_cert", &mut auto_cert);
|
||||
flags.add_flag("key_path", &mut key_path);
|
||||
flags.add_flag("cert_path", &mut cert_path);
|
||||
});
|
||||
|
||||
EnvVarConfig{port, origin, jwt_expiry, jwt_secret, secure, domain, certs, db, admin_token}
|
||||
EnvVarConfig{port, origin, jwt_expiry, jwt_secret, secure, domain, certs, db, admin_token, auto_cert, key_path, cert_path}
|
||||
}
|
||||
|
||||
async fn jwt_verify(token: String) -> Result<Option<TokenData<Claims>>> {
|
||||
|
@ -553,6 +562,10 @@ async fn update_user(mut req: Request<()>) -> tide::Result {
|
|||
}
|
||||
}
|
||||
|
||||
async fn health(_: Request<()>) -> tide::Result {
|
||||
Ok(tide::Response::builder(200).header("content-type", "application/json").build())
|
||||
}
|
||||
|
||||
#[async_std::main]
|
||||
async fn main() -> tide::Result<()> {
|
||||
|
||||
|
@ -567,6 +580,8 @@ async fn main() -> tide::Result<()> {
|
|||
let mut app = tide::new();
|
||||
app.with(driftwood::DevLogger);
|
||||
app.with(cors);
|
||||
app.at("/").get(health);
|
||||
app.at("/").head(health);
|
||||
app.at("/insert").post(insert_event);
|
||||
app.at("/create_user").post(create_user);
|
||||
app.at("/login").post(login_user);
|
||||
|
@ -636,7 +651,7 @@ async fn main() -> tide::Result<()> {
|
|||
|
||||
let ip = format!("0.0.0.0:{}", configure.port);
|
||||
|
||||
if configure.secure {
|
||||
if configure.secure && configure.auto_cert {
|
||||
app.listen(
|
||||
tide_rustls::TlsListener::build().addrs("0.0.0.0:443").acme(
|
||||
AcmeConfig::new()
|
||||
|
@ -646,6 +661,14 @@ async fn main() -> tide::Result<()> {
|
|||
),
|
||||
)
|
||||
.await?;
|
||||
} else if configure.secure && !configure.auto_cert {
|
||||
app.listen(
|
||||
tide_rustls::TlsListener::build()
|
||||
.addrs("0.0.0.0:443")
|
||||
.cert(configure.cert_path)
|
||||
.key(configure.key_path)
|
||||
)
|
||||
.await?;
|
||||
} else {
|
||||
app.listen(ip).await?;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue