add internal_bearer_token to config
This commit is contained in:
parent
4969c637d4
commit
a993ff60a1
|
@ -150,6 +150,9 @@ pub struct AppConfig {
|
||||||
/// percentage to increase eth_estimateGas results. 100 == 100%
|
/// percentage to increase eth_estimateGas results. 100 == 100%
|
||||||
pub gas_increase_percent: Option<U256>,
|
pub gas_increase_percent: Option<U256>,
|
||||||
|
|
||||||
|
/// bearer token for internal requests. keep this secret
|
||||||
|
pub internal_bearer_token: Option<String>,
|
||||||
|
|
||||||
/// Restrict user registration.
|
/// Restrict user registration.
|
||||||
/// None = no code needed
|
/// None = no code needed
|
||||||
pub invite_code: Option<String>,
|
pub invite_code: Option<String>,
|
||||||
|
|
|
@ -56,7 +56,10 @@ pub async fn admin_increase_balance(
|
||||||
TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
|
TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
|
||||||
Json(payload): Json<AdminIncreaseBalancePost>,
|
Json(payload): Json<AdminIncreaseBalancePost>,
|
||||||
) -> Web3ProxyResponse {
|
) -> Web3ProxyResponse {
|
||||||
let caller = app.bearer_is_authorized(bearer).await?;
|
let caller = app
|
||||||
|
.bearer_is_authorized(bearer)
|
||||||
|
.await?
|
||||||
|
.ok_or(Web3ProxyError::InvalidUserKey)?;
|
||||||
|
|
||||||
// Establish connections
|
// Establish connections
|
||||||
let db_conn = global_db_conn()?;
|
let db_conn = global_db_conn()?;
|
||||||
|
|
|
@ -614,7 +614,16 @@ impl App {
|
||||||
/// Verify that the given bearer token and address are allowed to take the specified action.
|
/// Verify that the given bearer token and address are allowed to take the specified action.
|
||||||
/// This includes concurrent request limiting.
|
/// This includes concurrent request limiting.
|
||||||
/// keep the semaphore alive until the user's request is entirely complete
|
/// keep the semaphore alive until the user's request is entirely complete
|
||||||
pub async fn bearer_is_authorized(&self, bearer: Bearer) -> Web3ProxyResult<user::Model> {
|
pub async fn bearer_is_authorized(
|
||||||
|
&self,
|
||||||
|
bearer: Bearer,
|
||||||
|
) -> Web3ProxyResult<Option<user::Model>> {
|
||||||
|
if let Some(internal_token) = &self.config.internal_bearer_token {
|
||||||
|
if internal_token == bearer.token() {
|
||||||
|
return Ok(None);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// get the user id for this bearer token
|
// get the user id for this bearer token
|
||||||
let user_bearer_token = UserBearerToken::try_from(bearer)?;
|
let user_bearer_token = UserBearerToken::try_from(bearer)?;
|
||||||
|
|
||||||
|
@ -631,7 +640,7 @@ impl App {
|
||||||
.web3_context("fetching user from db by bearer token")?
|
.web3_context("fetching user from db by bearer token")?
|
||||||
.web3_context("unknown bearer token")?;
|
.web3_context("unknown bearer token")?;
|
||||||
|
|
||||||
Ok(user)
|
Ok(Some(user))
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn rate_limit_login(
|
pub async fn rate_limit_login(
|
||||||
|
|
|
@ -56,7 +56,10 @@ pub async fn user_post(
|
||||||
TypedHeader(Authorization(bearer_token)): TypedHeader<Authorization<Bearer>>,
|
TypedHeader(Authorization(bearer_token)): TypedHeader<Authorization<Bearer>>,
|
||||||
Json(payload): Json<UserPost>,
|
Json(payload): Json<UserPost>,
|
||||||
) -> Web3ProxyResponse {
|
) -> Web3ProxyResponse {
|
||||||
let user = app.bearer_is_authorized(bearer_token).await?;
|
let user = app
|
||||||
|
.bearer_is_authorized(bearer_token)
|
||||||
|
.await?
|
||||||
|
.ok_or(Web3ProxyError::InvalidUserKey)?;
|
||||||
|
|
||||||
let user_id = user.id;
|
let user_id = user.id;
|
||||||
|
|
||||||
|
|
|
@ -44,7 +44,10 @@ pub async fn user_balance_get(
|
||||||
State(app): State<Arc<App>>,
|
State(app): State<Arc<App>>,
|
||||||
TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
|
TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
|
||||||
) -> Web3ProxyResponse {
|
) -> Web3ProxyResponse {
|
||||||
let user = app.bearer_is_authorized(bearer).await?;
|
let user = app
|
||||||
|
.bearer_is_authorized(bearer)
|
||||||
|
.await?
|
||||||
|
.ok_or(Web3ProxyError::InvalidUserKey)?;
|
||||||
|
|
||||||
let db_replica = global_db_replica_conn()?;
|
let db_replica = global_db_replica_conn()?;
|
||||||
|
|
||||||
|
@ -64,7 +67,10 @@ pub async fn user_chain_deposits_get(
|
||||||
State(app): State<Arc<App>>,
|
State(app): State<Arc<App>>,
|
||||||
TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
|
TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
|
||||||
) -> Web3ProxyResponse {
|
) -> Web3ProxyResponse {
|
||||||
let user = app.bearer_is_authorized(bearer).await?;
|
let user = app
|
||||||
|
.bearer_is_authorized(bearer)
|
||||||
|
.await?
|
||||||
|
.ok_or(Web3ProxyError::InvalidUserKey)?;
|
||||||
|
|
||||||
let db_replica = global_db_replica_conn()?;
|
let db_replica = global_db_replica_conn()?;
|
||||||
|
|
||||||
|
@ -103,7 +109,10 @@ pub async fn user_stripe_deposits_get(
|
||||||
State(app): State<Arc<App>>,
|
State(app): State<Arc<App>>,
|
||||||
TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
|
TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
|
||||||
) -> Web3ProxyResponse {
|
) -> Web3ProxyResponse {
|
||||||
let user = app.bearer_is_authorized(bearer).await?;
|
let user = app
|
||||||
|
.bearer_is_authorized(bearer)
|
||||||
|
.await?
|
||||||
|
.ok_or(Web3ProxyError::InvalidUserKey)?;
|
||||||
|
|
||||||
let db_replica = global_db_replica_conn()?;
|
let db_replica = global_db_replica_conn()?;
|
||||||
|
|
||||||
|
@ -146,7 +155,10 @@ pub async fn user_admin_deposits_get(
|
||||||
State(app): State<Arc<App>>,
|
State(app): State<Arc<App>>,
|
||||||
TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
|
TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
|
||||||
) -> Web3ProxyResponse {
|
) -> Web3ProxyResponse {
|
||||||
let user = app.bearer_is_authorized(bearer).await?;
|
let user = app
|
||||||
|
.bearer_is_authorized(bearer)
|
||||||
|
.await?
|
||||||
|
.ok_or(Web3ProxyError::InvalidUserKey)?;
|
||||||
|
|
||||||
let db_replica = global_db_replica_conn()?;
|
let db_replica = global_db_replica_conn()?;
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
//! Handle registration, logins, and managing account data.
|
//! Handle registration, logins, and managing account data.
|
||||||
use crate::errors::Web3ProxyResponse;
|
use crate::errors::{Web3ProxyError, Web3ProxyResponse};
|
||||||
use crate::globals::global_db_conn;
|
use crate::globals::global_db_conn;
|
||||||
use crate::referral_code::ReferralCode;
|
use crate::referral_code::ReferralCode;
|
||||||
use crate::{app::App, globals::global_db_replica_conn};
|
use crate::{app::App, globals::global_db_replica_conn};
|
||||||
|
@ -34,7 +34,10 @@ pub async fn user_referral_link_get(
|
||||||
Query(_params): Query<HashMap<String, String>>,
|
Query(_params): Query<HashMap<String, String>>,
|
||||||
) -> Web3ProxyResponse {
|
) -> Web3ProxyResponse {
|
||||||
// First get the bearer token and check if the user is logged in
|
// First get the bearer token and check if the user is logged in
|
||||||
let user = app.bearer_is_authorized(bearer).await?;
|
let user = app
|
||||||
|
.bearer_is_authorized(bearer)
|
||||||
|
.await?
|
||||||
|
.ok_or(Web3ProxyError::InvalidUserKey)?;
|
||||||
|
|
||||||
let db_replica = global_db_replica_conn()?;
|
let db_replica = global_db_replica_conn()?;
|
||||||
|
|
||||||
|
@ -79,7 +82,10 @@ pub async fn user_used_referral_stats(
|
||||||
Query(_params): Query<HashMap<String, String>>,
|
Query(_params): Query<HashMap<String, String>>,
|
||||||
) -> Web3ProxyResponse {
|
) -> Web3ProxyResponse {
|
||||||
// First get the bearer token and check if the user is logged in
|
// First get the bearer token and check if the user is logged in
|
||||||
let user = app.bearer_is_authorized(bearer).await?;
|
let user = app
|
||||||
|
.bearer_is_authorized(bearer)
|
||||||
|
.await?
|
||||||
|
.ok_or(Web3ProxyError::InvalidUserKey)?;
|
||||||
|
|
||||||
let db_replica = global_db_replica_conn()?;
|
let db_replica = global_db_replica_conn()?;
|
||||||
|
|
||||||
|
@ -137,7 +143,10 @@ pub async fn user_shared_referral_stats(
|
||||||
Query(_params): Query<HashMap<String, String>>,
|
Query(_params): Query<HashMap<String, String>>,
|
||||||
) -> Web3ProxyResponse {
|
) -> Web3ProxyResponse {
|
||||||
// First get the bearer token and check if the user is logged in
|
// First get the bearer token and check if the user is logged in
|
||||||
let user = app.bearer_is_authorized(bearer).await?;
|
let user = app
|
||||||
|
.bearer_is_authorized(bearer)
|
||||||
|
.await?
|
||||||
|
.ok_or(Web3ProxyError::InvalidUserKey)?;
|
||||||
|
|
||||||
let db_replica = global_db_replica_conn()?;
|
let db_replica = global_db_replica_conn()?;
|
||||||
|
|
||||||
|
|
|
@ -31,7 +31,10 @@ pub async fn rpc_keys_get(
|
||||||
State(app): State<Arc<App>>,
|
State(app): State<Arc<App>>,
|
||||||
TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
|
TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
|
||||||
) -> Web3ProxyResponse {
|
) -> Web3ProxyResponse {
|
||||||
let user = app.bearer_is_authorized(bearer).await?;
|
let user = app
|
||||||
|
.bearer_is_authorized(bearer)
|
||||||
|
.await?
|
||||||
|
.ok_or(Web3ProxyError::InvalidUserKey)?;
|
||||||
|
|
||||||
let db_replica = global_db_replica_conn()?;
|
let db_replica = global_db_replica_conn()?;
|
||||||
|
|
||||||
|
@ -160,7 +163,10 @@ pub async fn rpc_keys_management(
|
||||||
) -> Web3ProxyResponse {
|
) -> Web3ProxyResponse {
|
||||||
// TODO: is there a way we can know if this is a PUT or POST? right now we can modify or create keys with either. though that probably doesn't matter
|
// TODO: is there a way we can know if this is a PUT or POST? right now we can modify or create keys with either. though that probably doesn't matter
|
||||||
|
|
||||||
let user = app.bearer_is_authorized(bearer).await?;
|
let user = app
|
||||||
|
.bearer_is_authorized(bearer)
|
||||||
|
.await?
|
||||||
|
.ok_or(Web3ProxyError::InvalidUserKey)?;
|
||||||
|
|
||||||
let db_replica = global_db_replica_conn()?;
|
let db_replica = global_db_replica_conn()?;
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
//! Handle registration, logins, and managing account data.
|
//! Handle registration, logins, and managing account data.
|
||||||
use crate::app::App;
|
use crate::app::App;
|
||||||
use crate::errors::{Web3ProxyErrorContext, Web3ProxyResponse};
|
use crate::errors::{Web3ProxyError, Web3ProxyErrorContext, Web3ProxyResponse};
|
||||||
use crate::globals::global_db_replica_conn;
|
use crate::globals::global_db_replica_conn;
|
||||||
use crate::http_params::{
|
use crate::http_params::{
|
||||||
get_chain_id_from_params, get_page_from_params, get_query_start_from_params,
|
get_chain_id_from_params, get_page_from_params, get_query_start_from_params,
|
||||||
|
@ -32,7 +32,10 @@ pub async fn user_revert_logs_get(
|
||||||
TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
|
TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
|
||||||
Query(params): Query<HashMap<String, String>>,
|
Query(params): Query<HashMap<String, String>>,
|
||||||
) -> Web3ProxyResponse {
|
) -> Web3ProxyResponse {
|
||||||
let user = app.bearer_is_authorized(bearer).await?;
|
let user = app
|
||||||
|
.bearer_is_authorized(bearer)
|
||||||
|
.await?
|
||||||
|
.ok_or(Web3ProxyError::InvalidUserKey)?;
|
||||||
|
|
||||||
let chain_id = get_chain_id_from_params(app.as_ref(), ¶ms)?;
|
let chain_id = get_chain_id_from_params(app.as_ref(), ¶ms)?;
|
||||||
let query_start = get_query_start_from_params(¶ms)?;
|
let query_start = get_query_start_from_params(¶ms)?;
|
||||||
|
@ -140,7 +143,10 @@ pub async fn user_mysql_stats_get(
|
||||||
State(app): State<Arc<App>>,
|
State(app): State<Arc<App>>,
|
||||||
TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
|
TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
|
||||||
) -> Web3ProxyResponse {
|
) -> Web3ProxyResponse {
|
||||||
let user = app.bearer_is_authorized(bearer).await?;
|
let user = app
|
||||||
|
.bearer_is_authorized(bearer)
|
||||||
|
.await?
|
||||||
|
.ok_or(Web3ProxyError::InvalidUserKey)?;
|
||||||
let db_replica = global_db_replica_conn()?;
|
let db_replica = global_db_replica_conn()?;
|
||||||
|
|
||||||
// Fetch everything from mysql, joined
|
// Fetch everything from mysql, joined
|
||||||
|
|
|
@ -34,7 +34,10 @@ pub async fn get_keys_as_subuser(
|
||||||
Query(_params): Query<HashMap<String, String>>,
|
Query(_params): Query<HashMap<String, String>>,
|
||||||
) -> Web3ProxyResponse {
|
) -> Web3ProxyResponse {
|
||||||
// First, authenticate
|
// First, authenticate
|
||||||
let subuser = app.bearer_is_authorized(bearer).await?;
|
let subuser = app
|
||||||
|
.bearer_is_authorized(bearer)
|
||||||
|
.await?
|
||||||
|
.ok_or(Web3ProxyError::InvalidUserKey)?;
|
||||||
|
|
||||||
let db_replica = global_db_replica_conn()?;
|
let db_replica = global_db_replica_conn()?;
|
||||||
|
|
||||||
|
@ -99,7 +102,8 @@ pub async fn get_subusers(
|
||||||
Query(mut params): Query<HashMap<String, String>>,
|
Query(mut params): Query<HashMap<String, String>>,
|
||||||
) -> Web3ProxyResponse {
|
) -> Web3ProxyResponse {
|
||||||
// First, authenticate
|
// First, authenticate
|
||||||
let user = app.bearer_is_authorized(bearer).await?;
|
let user = app.bearer_is_authorized(bearer).await?
|
||||||
|
.ok_or(Web3ProxyError::InvalidUserKey)?;
|
||||||
|
|
||||||
let db_replica = global_db_replica_conn()?;
|
let db_replica = global_db_replica_conn()?;
|
||||||
|
|
||||||
|
@ -171,7 +175,10 @@ pub async fn modify_subuser(
|
||||||
Query(mut params): Query<HashMap<String, String>>,
|
Query(mut params): Query<HashMap<String, String>>,
|
||||||
) -> Web3ProxyResponse {
|
) -> Web3ProxyResponse {
|
||||||
// First, authenticate
|
// First, authenticate
|
||||||
let user = app.bearer_is_authorized(bearer).await?;
|
let user = app
|
||||||
|
.bearer_is_authorized(bearer)
|
||||||
|
.await?
|
||||||
|
.ok_or(Web3ProxyError::InvalidUserKey)?;
|
||||||
|
|
||||||
let db_replica = global_db_replica_conn()?;
|
let db_replica = global_db_replica_conn()?;
|
||||||
|
|
||||||
|
|
|
@ -34,7 +34,10 @@ pub async fn query_user_influx_stats<'a>(
|
||||||
) -> Web3ProxyResponse {
|
) -> Web3ProxyResponse {
|
||||||
let caller_user = match bearer {
|
let caller_user = match bearer {
|
||||||
Some(TypedHeader(Authorization(bearer))) => {
|
Some(TypedHeader(Authorization(bearer))) => {
|
||||||
let user = app.bearer_is_authorized(bearer).await?;
|
let user = app
|
||||||
|
.bearer_is_authorized(bearer)
|
||||||
|
.await?
|
||||||
|
.ok_or(Web3ProxyError::InvalidUserKey)?;
|
||||||
|
|
||||||
Some(user)
|
Some(user)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue