From 023838345ddb751e3b7143e87f0c123fc2703eac Mon Sep 17 00:00:00 2001 From: tjpcc Date: Fri, 8 Sep 2023 14:54:56 -0600 Subject: support an env var for allowlisting uploaders by cert fingerprint --- config.go | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) (limited to 'config.go') diff --git a/config.go b/config.go index 39d59bd..4be0790 100644 --- a/config.go +++ b/config.go @@ -6,6 +6,7 @@ import ( "os/signal" "os/user" "strconv" + "strings" "syscall" "tildegit.org/tjp/sliderule/logging" @@ -18,14 +19,20 @@ type config struct { tlsKeyFile string tlsCertFile string + + uploaderFingerprints []string } func configure() config { + fingerprints := strings.Split(os.Getenv("UPLOADER_FINGERPRINTS"), ",") + return config{ hostname: os.Getenv("HOST_NAME"), geminiRoot: os.Getenv("GEMINI_ROOT"), tlsKeyFile: os.Getenv("TLS_KEY_FILE"), tlsCertFile: os.Getenv("TLS_CERT_FILE"), + + uploaderFingerprints: fingerprints, } } @@ -56,16 +63,11 @@ func dropPrivileges() (bool, error) { func serverContext() (context.Context, logging.Logger, logging.Logger, logging.Logger, logging.Logger) { debug, info, warn, err := logging.DefaultLoggers() - ctx := signals(context.Background()) + ctx, _ := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGHUP) ctx = context.WithValue(ctx, "debuglog", debug) //nolint:staticcheck - ctx = context.WithValue(ctx, "infolog", info) //nolint:staticcheck - ctx = context.WithValue(ctx, "warnlog", warn) //nolint:staticcheck - ctx = context.WithValue(ctx, "errorlog", err) //nolint:staticcheck + ctx = context.WithValue(ctx, "infolog", info) //nolint:staticcheck + ctx = context.WithValue(ctx, "warnlog", warn) //nolint:staticcheck + ctx = context.WithValue(ctx, "errorlog", err) //nolint:staticcheck return ctx, debug, info, warn, err } - -func signals(ctx context.Context) context.Context { - ctx, _ = signal.NotifyContext(ctx, syscall.SIGINT, syscall.SIGHUP) - return ctx -} -- cgit v1.2.3