Merge pull request #20 from HrachMD/token-in-logs

Token Logging

Makefile

@@ -0,0 +1,26 @@
+update:
+	cargo update --verbose
+
+features:
+	cargo features
+
+checkup:
+	cargo clippy --workspace --all-targets --all-features -- -D warnings
+	cargo check --workspace --all-targets --all-features
+	# cargo shear
+	# cargo machete
+	cargo audit
+
+fix:
+	cargo fix
+
+fix-all:
+	cargo fix --all
+	cargo clippy --workspace --all-targets --all-features --fix
+
+test:
+	cargo test --workspace --all-targets --all-features
+
+.PHONY: update features checkup fix fix-all test
+
+# -- ⚝ by Dave -- in NeoVim ⚝ --

README.md

@@ -2,7 +2,7 @@
 
 ---
 
-# Aralez (Արալեզ),
+# Aralez (Արալեզ)
 
 ### **Reverse proxy built on top of Cloudflare's Pingora**
 
@@ -92,7 +92,7 @@ File names:
 | `aralez-x86_64-compat-glibc.gz` | Dynamic Linux x86_64 binary, compatible with old pre Haswell CPUs        |
 | `aralez-aarch64-musl.gz`        | Static Linux ARM64 binary, without any system dependency                 |
 | `aralez-aarch64-glibc.gz`       | Dynamic Linux ARM64 binary, with minimal system dependencies             |
-| `sadoyan/aralez`                | Docker image on Debian 13 slim (https://hub.docker.com/r/sadoyan/aralez) |
+| `sadoyan/aralez`                | Docker image on Debian 13 slim (<https://hub.docker.com/r/sadoyan/aralez>) |
 
 **Via docker**
 
@@ -225,6 +225,9 @@ myhost.mydomain.com:
 - Global headers (CORS for this case) will be injected to all upstreams.
 - Additional headers will be injected into the request for `myhost.mydomain.com`.
 - You can choose any path, deep nested paths are supported, the best match chosen.
+- All requests to servers will require JWT token authentication (You can comment out the authorization to disable it),
+  - Firs parameter specifies the mechanism of authorisation `jwt`
+  - Second is the secret key for validating `jwt` tokens
 
 ---
 

src/web/webserver.rs

@@ -15,7 +15,7 @@ use axum::{Json, Router};
 use futures::channel::mpsc::Sender;
 use futures::SinkExt;
 use jsonwebtoken::{encode, EncodingKey, Header};
-use log::{error, info, warn};
+use log::{debug, error, info, warn};
 use prometheus::{gather, Encoder, TextEncoder};
 use serde::Serialize;
 use std::collections::HashMap;
@@ -49,7 +49,7 @@ pub async fn run_server(config: &APIUpstreamProvider, mut to_return: Sender<Conf
         cert_creds: credsfile,
         certs_dir: config.certs_dir.clone(),
         config_sender: to_return.clone(),
-        config_api_enabled: config.config_api_enabled.clone(),
+        config_api_enabled: config.config_api_enabled,
         current_upstreams: upstreams_curr,
         full_upstreams: upstreams_full,
     };
@@ -136,7 +136,7 @@ async fn jwt_gen(State(state): State<AppState>, Json(payload): Json<Claims>) ->
         match encode(&Header::default(), &claim, &EncodingKey::from_secret(payload.master_key.as_ref())) {
             Ok(t) => {
                 let tok = OutToken { token: t };
-                info!("Generating token: {:?}", tok.token);
+                debug!("Generating token: {:?}", tok.token);
                 (StatusCode::CREATED, Json(tok))
             }
             Err(e) => {
@@ -283,3 +283,5 @@ fn key_authorization(headers: &HeaderMap, params: &HashMap<String, String>, mast
     }
     false
 }
+
+// -- ⚝ by Dave -- in NeoVim ⚝ --