testnet/brain
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

admin keys from env

Browse Source
This commit is contained in:
Noor 2025-05-06 19:01:29 +05:30
parent 4dfaa3f465
commit e335cc1b51
Signed by: noormohammedb
GPG Key ID: D83EFB8B3B967146
4 changed files with 22 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.env
View File

@ -3,3 +3,5 @@ DB_USER = "root"
DB_PASS = "root" DB_PASS = "root"
DB_NAMESPACE = "brain" DB_NAMESPACE = "brain"
DB_NAME = "migration" DB_NAME = "migration"
# ADMIN_PUB_KEYS = "admin_key01, admin_key02, admin_key03"

17
src/constants.rs
View File

@ -1,15 +1,24 @@
use std::sync::LazyLock;
pub const BRAIN_GRPC_ADDR: &str = "0.0.0.0:31337"; pub const BRAIN_GRPC_ADDR: &str = "0.0.0.0:31337";
pub const CERT_PATH: &str = "./tmp/brain-crt.pem"; pub const CERT_PATH: &str = "./tmp/brain-crt.pem";
pub const CERT_KEY_PATH: &str = "./tmp/brain-key.pem"; pub const CERT_KEY_PATH: &str = "./tmp/brain-key.pem";
pub const DB_SCHEMA_FILE: &str = "interim_tables.surql"; pub const DB_SCHEMA_FILE: &str = "interim_tables.surql";
pub const ADMIN_ACCOUNTS: &[&str] = &[ pub static ADMIN_ACCOUNTS: LazyLock<Vec<String>> = LazyLock::new(|| {
"x52w7jARC5erhWWK65VZmjdGXzBK6ZDgfv1A283d8XK", let default_admin_keys = vec![
"FHuecMbeC1PfjkW2JKyoicJAuiU7khgQT16QUB3Q1XdL", "x52w7jARC5erhWWK65VZmjdGXzBK6ZDgfv1A283d8XK".to_string(),
"H21Shi4iE7vgfjWEQNvzmpmBMJSaiZ17PYUcdNoAoKNc", "FHuecMbeC1PfjkW2JKyoicJAuiU7khgQT16QUB3Q1XdL".to_string(),
"H21Shi4iE7vgfjWEQNvzmpmBMJSaiZ17PYUcdNoAoKNc".to_string(),
]; ];
std::env::var("ADMIN_PUB_KEYS")
.ok()
.map(|keys| keys.split(',').map(|key| key.trim().to_string()).collect::<Vec<String>>())
.unwrap_or(default_admin_keys)
});
pub const OLD_BRAIN_DATA_PATH: &str = "./saved_data.yaml"; pub const OLD_BRAIN_DATA_PATH: &str = "./saved_data.yaml";
pub const ACCOUNT: &str = "account"; pub const ACCOUNT: &str = "account";

3
src/grpc/mod.rs
View File

@ -166,7 +166,8 @@ pub fn check_admin_key<T>(req: &Request<T>) -> Result<(), Status> {
}; };
let pubkey = pubkey let pubkey = pubkey
.to_str() .to_str()
.map_err(|_| Status::unauthenticated("could not parse pubkey metadata to str"))?; .map_err(|_| Status::unauthenticated("could not parse pubkey metadata to str"))?
.to_owned();
if !ADMIN_ACCOUNTS.contains(&pubkey) { if !ADMIN_ACCOUNTS.contains(&pubkey) {
return Err(Status::unauthenticated("This operation is reserved to admin accounts")); return Err(Status::unauthenticated("This operation is reserved to admin accounts"));

4
src/grpc/vm.rs
View File

@ -207,7 +207,9 @@ impl BrainVmCli for VmCliServer {
async fn new_vm(&self, req: Request<NewVmReq>) -> Result<Response<NewVmResp>, Status> { async fn new_vm(&self, req: Request<NewVmReq>) -> Result<Response<NewVmResp>, Status> {
let req = check_sig_from_req(req)?; let req = check_sig_from_req(req)?;
info!("New VM requested via CLI: {req:?}"); info!("New VM requested via CLI: {req:?}");
if db::general::Account::is_banned_by_node(&self.db, &req.admin_pubkey, &req.node_pubkey).await? { if db::general::Account::is_banned_by_node(&self.db, &req.admin_pubkey, &req.node_pubkey)
.await?
{
return Err(Status::permission_denied("This operator banned you. What did you do?")); return Err(Status::permission_denied("This operator banned you. What did you do?"));
} }