support an env var for allowlisting uploaders by cert fingerprint

1 files changed, 11 insertions, 9 deletions

diff --git a/config.go b/config.go
index 39d59bd..4be0790 100644
--- a/config.go
+++ b/config.go
@@ -6,6 +6,7 @@ import (
 	"os/signal"
 	"os/user"
 	"strconv"
+	"strings"
 	"syscall"
 
 	"tildegit.org/tjp/sliderule/logging"
@@ -18,14 +19,20 @@ type config struct {
 
 	tlsKeyFile  string
 	tlsCertFile string
+
+	uploaderFingerprints []string
 }
 
 func configure() config {
+	fingerprints := strings.Split(os.Getenv("UPLOADER_FINGERPRINTS"), ",")
+
 	return config{
 		hostname:    os.Getenv("HOST_NAME"),
 		geminiRoot:  os.Getenv("GEMINI_ROOT"),
 		tlsKeyFile:  os.Getenv("TLS_KEY_FILE"),
 		tlsCertFile: os.Getenv("TLS_CERT_FILE"),
+
+		uploaderFingerprints: fingerprints,
 	}
 }
 
@@ -56,16 +63,11 @@ func dropPrivileges() (bool, error) {
 
 func serverContext() (context.Context, logging.Logger, logging.Logger, logging.Logger, logging.Logger) {
 	debug, info, warn, err := logging.DefaultLoggers()
-	ctx := signals(context.Background())
+	ctx, _ := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGHUP)
 	ctx = context.WithValue(ctx, "debuglog", debug) //nolint:staticcheck
-	ctx = context.WithValue(ctx, "infolog", info) //nolint:staticcheck
-	ctx = context.WithValue(ctx, "warnlog", warn) //nolint:staticcheck
-	ctx = context.WithValue(ctx, "errorlog", err) //nolint:staticcheck
+	ctx = context.WithValue(ctx, "infolog", info)   //nolint:staticcheck
+	ctx = context.WithValue(ctx, "warnlog", warn)   //nolint:staticcheck
+	ctx = context.WithValue(ctx, "errorlog", err)   //nolint:staticcheck
 
 	return ctx, debug, info, warn, err
 }
-
-func signals(ctx context.Context) context.Context {
-	ctx, _ = signal.NotifyContext(ctx, syscall.SIGINT, syscall.SIGHUP)
-	return ctx
-}