frank/opentsdb-auth-proxy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

cfg: add read/write opts

Browse source 
Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu>
This commit is contained in:
Frank Villaro-Dixon 2024-05-28 12:26:40 +02:00
parent 104de8e87e
commit bab21a9bae
2 changed files with 58 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
example-cfg.yml
View file

@ -1,11 +1,14 @@
clients: clients:
# Exclusive writers
- name: pyranometer - name: pyranometer
metrics: write_metrics:
- irradiance - irradiance
- temperature - temperature
auth: auth:
type: sha256 type: sha256
hash: ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb # a hash: ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb # a
# Reader and writer on the same metric
- name: tgbt - name: tgbt
metrics: metrics:
- testproxy.* - testproxy.*
@ -13,6 +16,29 @@ clients:
type: sha256 type: sha256
hash: ac790471b321143716e7773d589af923236ebdd435ba17c671df3558becc5154 # 7a5becc5b5bb581522fd0bb8891bb99a70275620 hash: ac790471b321143716e7773d589af923236ebdd435ba17c671df3558becc5154 # 7a5becc5b5bb581522fd0bb8891bb99a70275620
# Reader and writer on different metrics
- name: tgbt
write_metrics:
- barfoo
read_metrics:
- foobar.*
auth:
# ...
# Reader only
- name: consumer
read_metrics:
- irradiance
auth:
# ...
# Anonymous login
- name: public_consumer
read_metrics:
- weather.*
auth:
type: anonymous
config: config:
opentsdb: opentsdb:

36
src/config.rs
View file

@ -15,8 +15,13 @@ pub struct Config {
#[derive(Debug, Deserialize, Clone)] #[derive(Debug, Deserialize, Clone)]
pub struct Client { pub struct Client {
pub name: String, pub name: String,
#[serde(default)]
pub metrics: Vec<String>, pub metrics: Vec<String>,
pub auth: Auth, #[serde(default)]
pub read_metrics: Vec<String>,
#[serde(default)]
pub write_metrics: Vec<String>,
pub auth: Option<Auth>,
} }
impl Client { impl Client {
@ -26,6 +31,24 @@ impl Client {
return true; return true;
} }
} }
for m in &self.write_metrics {
if glob_match(m, metric) {
return true;
}
}
false
}
pub fn can_read(&self, metric: &str) -> bool {
for m in &self.metrics {
if glob_match(m, metric) {
return true;
}
}
for m in &self.read_metrics {
if glob_match(m, metric) {
return true;
}
}
false false
} }
} }
@ -34,7 +57,7 @@ impl Client {
pub struct Auth { pub struct Auth {
#[serde(rename = "type")] #[serde(rename = "type")]
pub auth_type: String, pub auth_type: String,
pub hash: String, pub hash: Option<String>,
} }
impl Auth { impl Auth {
@ -44,7 +67,10 @@ impl Auth {
let mut hasher = Sha256::new(); let mut hasher = Sha256::new();
hasher.update(token); hasher.update(token);
let result = hasher.finalize(); let result = hasher.finalize();
format!("{:x}", result) == self.hash if let Some(hash) = &self.hash {
return format!("{:x}", result) == *hash;
}
false
} }
_ => false, _ => false,
} }
@ -81,7 +107,7 @@ fn default_opentsdb_url() -> String {
pub fn load_config_file(filename: &str) -> Config { pub fn load_config_file(filename: &str) -> Config {
let yaml_content = fs::read_to_string(filename) let yaml_content = fs::read_to_string(filename)
.unwrap_or_else(|_| panic!("Unable to read config file {}", filename)); .unwrap_or_else(|_| panic!("Unable to read config file `{}`", filename));
let config: Config = serde_yaml::from_str(&yaml_content).expect("Unable to parse YAML"); let config: Config = serde_yaml::from_str(&yaml_content).expect("Unable to parse YAML");
config config
} }
@ -89,5 +115,5 @@ pub fn load_config_file(filename: &str) -> Config {
pub fn try_authenticate_client<'a>(clients: &'a [Client], token: &str) -> Option<&'a Client> { pub fn try_authenticate_client<'a>(clients: &'a [Client], token: &str) -> Option<&'a Client> {
clients clients
.iter() .iter()
.find(|client| client.auth.is_valid_token(token)) .find(|client| client.auth.is_some() && client.auth.as_ref().unwrap().is_valid_token(token))
} }