admin keys from env

.env

@@ -5,3 +5,4 @@ DB_NAMESPACE = "brain"
 DB_NAME = "migration"
 CERT_PATH = "./tmp/brain-crt.pem"
 CERT_KEY_PATH = "./tmp/brain-key.pem"
+# ADMIN_PUB_KEYS = "admin_key01, admin_key02, admin_key03"

src/constants.rs

@@ -1,3 +1,5 @@
+use std::sync::LazyLock;
+
 pub const BRAIN_GRPC_ADDR: &str = "0.0.0.0:31337";
 pub const CERT_PATH: &str = "/etc/detee/brain/brain-crt.pem";
 pub const CERT_KEY_PATH: &str = "/etc/detee/brain/brain-key.pem";
@@ -5,11 +7,18 @@ pub const CONFIG_PATH: &str = "/etc/detee/brain/config.ini";
 
 pub const DB_SCHEMA_FILE: &str = "interim_tables.surql";
 
-pub const ADMIN_ACCOUNTS: &[&str] = &[
+pub static ADMIN_ACCOUNTS: LazyLock<Vec<String>> = LazyLock::new(|| {
-    "x52w7jARC5erhWWK65VZmjdGXzBK6ZDgfv1A283d8XK",
+    let default_admin_keys = vec![
-    "FHuecMbeC1PfjkW2JKyoicJAuiU7khgQT16QUB3Q1XdL",
+        "x52w7jARC5erhWWK65VZmjdGXzBK6ZDgfv1A283d8XK".to_string(),
-    "H21Shi4iE7vgfjWEQNvzmpmBMJSaiZ17PYUcdNoAoKNc",
+        "FHuecMbeC1PfjkW2JKyoicJAuiU7khgQT16QUB3Q1XdL".to_string(),
-];
+        "H21Shi4iE7vgfjWEQNvzmpmBMJSaiZ17PYUcdNoAoKNc".to_string(),
+    ];
+
+    std::env::var("ADMIN_PUB_KEYS")
+        .ok()
+        .map(|keys| keys.split(',').map(|key| key.trim().to_string()).collect::<Vec<String>>())
+        .unwrap_or(default_admin_keys)
+});
 
 pub const OLD_BRAIN_DATA_PATH: &str = "./saved_data.yaml";
 

src/grpc/mod.rs

@@ -166,7 +166,8 @@ pub fn check_admin_key<T>(req: &Request<T>) -> Result<(), Status> {
     };
     let pubkey = pubkey
         .to_str()
-        .map_err(|_| Status::unauthenticated("could not parse pubkey metadata to str"))?;
+        .map_err(|_| Status::unauthenticated("could not parse pubkey metadata to str"))?
+        .to_owned();
 
     if !ADMIN_ACCOUNTS.contains(&pubkey) {
         return Err(Status::unauthenticated("This operation is reserved to admin accounts"));