fix: use only one API key per conductor deployment

2022-12-11 19:30:36 +05:30 · 2022-12-11 19:30:36 +05:30 · 1fa28ef9b7
parent a4f4903120
commit 1fa28ef9b7
3 changed files with 9 additions and 11 deletions
--- a/config/config.toml
+++ b/config/config.toml
@ -1,10 +1,10 @@
 debug = true
 source_code = "https://git.batsense.net/librepages/conductor"
 conductor = "dummy"
-api_keys = [
-	# CHANGE THIS!!
-    { username = "librepages_api", password="longrandomlygeneratedpassword"}
-]
+
+[creds]
+username = "librepages_api"
+password="longrandomlygeneratedpassword"

 [server]
 # Please set a unique value, your mCaptcha instance's security depends on this being 
--- a/src/api/v1/webhook.rs
+++ b/src/api/v1/webhook.rs
@ -72,7 +72,7 @@ pub mod tests {
        )
        .await;

-        let creds = settings.api_keys.get(0).unwrap().clone();
+        let creds = settings.creds.clone();
        let auth = format!(
            "Basic {}",
            base64::encode(format!("{}:{}", creds.username.clone(), creds.password))
--- a/src/settings.rs
+++ b/src/settings.rs
@ -61,7 +61,7 @@ pub struct Creds {
 #[derive(Debug, Clone, Deserialize)]
 pub struct Settings {
    pub debug: bool,
-    pub api_keys: Vec<Creds>,
+    pub creds: Creds,
    pub server: Server,
    pub source_code: Url,
    pub conductor: ConductorType,
@ -70,9 +70,7 @@ pub struct Settings {
 #[cfg(not(tarpaulin_include))]
 impl Settings {
    pub fn authenticate(&self, username: &str, password: &str) -> bool {
-        self.api_keys
-            .iter()
-            .any(|c| c.username == username && c.password == password)
+        self.creds.username == username && self.creds.password == password
    }

    pub fn new() -> Result<Self, ConfigError> {
@ -150,14 +148,14 @@ mod tests {
    #[test]
    fn creds_works() {
        let settings = Settings::new().unwrap();
-        let mut creds = settings.api_keys.get(0).unwrap().clone();
+        let mut creds = settings.creds.clone();

        assert!(settings.authenticate(&creds.username, &creds.password));

        creds.username = "noexist".into();
        assert!(!settings.authenticate(&creds.username, &creds.password));

-        let mut creds = settings.api_keys.get(0).unwrap().clone();
+        let mut creds = settings.creds.clone();

        creds.password = "noexist".into();
        assert!(!settings.authenticate(&creds.username, &creds.password));