Merge pull request #20 from HrachMD/token-in-logs

Token Logging
2026-05-30 03:44:06 +08:00 · 2026-05-08 13:53:08 +02:00
parent c549750e9d 3f6ee1799c
commit 783ffb27e1
4 changed files with 265 additions and 281 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/26
+++ b/26
@@ -0,0 +1,26 @@
+update:
+	cargo update --verbose
+
+features:
+	cargo features
+
+checkup:
+	cargo clippy --workspace --all-targets --all-features -- -D warnings
+	cargo check --workspace --all-targets --all-features
+	# cargo shear
+	# cargo machete
+	cargo audit
+
+fix:
+	cargo fix
+
+fix-all:
+	cargo fix --all
+	cargo clippy --workspace --all-targets --all-features --fix
+
+test:
+	cargo test --workspace --all-targets --all-features
+
+.PHONY: update features checkup fix fix-all test
+
+# -- ⚝ by Dave -- in NeoVim ⚝ --
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@

 ---

-# Aralez (Արալեզ),
+# Aralez (Արալեզ)

 ### **Reverse proxy built on top of Cloudflare's Pingora**

@@ -92,7 +92,7 @@ File names:
 | `aralez-x86_64-compat-glibc.gz` | Dynamic Linux x86_64 binary, compatible with old pre Haswell CPUs        |
 | `aralez-aarch64-musl.gz`        | Static Linux ARM64 binary, without any system dependency                 |
 | `aralez-aarch64-glibc.gz`       | Dynamic Linux ARM64 binary, with minimal system dependencies             |
-| `sadoyan/aralez`                | Docker image on Debian 13 slim (https://hub.docker.com/r/sadoyan/aralez) |
+| `sadoyan/aralez`                | Docker image on Debian 13 slim (<https://hub.docker.com/r/sadoyan/aralez>) |

 **Via docker**

@@ -225,6 +225,9 @@ myhost.mydomain.com:
 - Global headers (CORS for this case) will be injected to all upstreams.
 - Additional headers will be injected into the request for `myhost.mydomain.com`.
 - You can choose any path, deep nested paths are supported, the best match chosen.
+- All requests to servers will require JWT token authentication (You can comment out the authorization to disable it),
+  - Firs parameter specifies the mechanism of authorisation `jwt`
+  - Second is the secret key for validating `jwt` tokens

 ---

--- a/src/web/webserver.rs
+++ b/src/web/webserver.rs
@@ -15,7 +15,7 @@ use axum::{Json, Router};
 use futures::channel::mpsc::Sender;
 use futures::SinkExt;
 use jsonwebtoken::{encode, EncodingKey, Header};
-use log::{error, info, warn};
+use log::{debug, error, info, warn};
 use prometheus::{gather, Encoder, TextEncoder};
 use serde::Serialize;
 use std::collections::HashMap;
@@ -49,7 +49,7 @@ pub async fn run_server(config: &APIUpstreamProvider, mut to_return: Sender<Conf
        cert_creds: credsfile,
        certs_dir: config.certs_dir.clone(),
        config_sender: to_return.clone(),
-        config_api_enabled: config.config_api_enabled.clone(),
+        config_api_enabled: config.config_api_enabled,
        current_upstreams: upstreams_curr,
        full_upstreams: upstreams_full,
    };
@@ -136,7 +136,7 @@ async fn jwt_gen(State(state): State<AppState>, Json(payload): Json<Claims>) ->
        match encode(&Header::default(), &claim, &EncodingKey::from_secret(payload.master_key.as_ref())) {
            Ok(t) => {
                let tok = OutToken { token: t };
-                info!("Generating token: {:?}", tok.token);
+                debug!("Generating token: {:?}", tok.token);
                (StatusCode::CREATED, Json(tok))
            }
            Err(e) => {
@@ -283,3 +283,5 @@ fn key_authorization(headers: &HeaderMap, params: &HashMap<String, String>, mast
    }
    false
 }
+
+// -- ⚝ by Dave -- in NeoVim ⚝ --