Draft incorporating firewall - audit only mode #1
7 changed files with 2028 additions and 1 deletions
5
.vscode/settings.json
vendored
5
.vscode/settings.json
vendored
|
@ -11,5 +11,8 @@
|
||||||
"editor.codeActionsOnSave": {
|
"editor.codeActionsOnSave": {
|
||||||
"source.fixAll": "explicit"
|
"source.fixAll": "explicit"
|
||||||
},
|
},
|
||||||
"editor.formatOnSave": false
|
"editor.formatOnSave": false,
|
||||||
|
"rust-analyzer.linkedProjects": [
|
||||||
|
"yume-mods/nyuukyou/Cargo.toml",
|
||||||
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,20 @@
|
||||||
services:
|
services:
|
||||||
|
nyuukyou:
|
||||||
|
build: yume-mods/nyuukyou
|
||||||
|
restart: always
|
||||||
|
links:
|
||||||
|
- web
|
||||||
|
depends_on:
|
||||||
|
web:
|
||||||
|
condition: service_healthy
|
||||||
|
networks:
|
||||||
|
- internal_network
|
||||||
|
- external_network
|
||||||
|
ports:
|
||||||
|
- "3001:3001"
|
||||||
|
volumes:
|
||||||
|
- ./nyuukyou:/store
|
||||||
|
|
||||||
web:
|
web:
|
||||||
build: .
|
build: .
|
||||||
restart: always
|
restart: always
|
||||||
|
|
1
yume-mods/nyuukyou/.gitignore
vendored
Normal file
1
yume-mods/nyuukyou/.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
target/
|
1900
yume-mods/nyuukyou/Cargo.lock
generated
Normal file
1900
yume-mods/nyuukyou/Cargo.lock
generated
Normal file
File diff suppressed because it is too large
Load diff
12
yume-mods/nyuukyou/Cargo.toml
Normal file
12
yume-mods/nyuukyou/Cargo.toml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
[package]
|
||||||
|
name = "nyuukyou"
|
||||||
|
version = "0.1.0"
|
||||||
|
edition = "2021"
|
||||||
|
|
||||||
|
[dependencies]
|
||||||
|
axum = "0.7"
|
||||||
|
clap = { version = "4.5.20", features = ["derive"] }
|
||||||
|
env_logger = "0.11.5"
|
||||||
|
fedivet = { git = "https://forge.yumechi.jp/yume/fedivet", tag = "testing-audit" }
|
||||||
|
serde = { version = "1.0.210", features = ["derive"] }
|
||||||
|
tokio = { version = "1" }
|
30
yume-mods/nyuukyou/Dockerfile
Normal file
30
yume-mods/nyuukyou/Dockerfile
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
FROM debian:stable-slim AS builder
|
||||||
|
|
||||||
|
RUN apt-get update && apt-get install -yqq --no-install-recommends \
|
||||||
|
build-essential \
|
||||||
|
curl \
|
||||||
|
ca-certificates \
|
||||||
|
pkg-config \
|
||||||
|
libssl-dev \
|
||||||
|
git
|
||||||
|
|
||||||
|
RUN curl -sSL https://sh.rustup.rs | bash -s -- -y --default-toolchain nightly
|
||||||
|
|
||||||
|
COPY . /src
|
||||||
|
|
||||||
|
RUN cd /src && bash -c '. $HOME/.cargo/env; cargo build --release' && \
|
||||||
|
mkdir -p /target/usr/local/bin && cp /src/target/release/nyuukyou /target/usr/local/bin/nyuukyou
|
||||||
|
|
||||||
|
FROM debian:stable-slim
|
||||||
|
|
||||||
|
COPY --from=builder /target/ /
|
||||||
|
|
||||||
|
RUN apt-get update && \
|
||||||
|
apt-get install -yqq --no-install-recommends openssl curl ca-certificates && \
|
||||||
|
useradd -m -u 1000 -r nyuukyou && \
|
||||||
|
rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
|
USER nyuukyou
|
||||||
|
|
||||||
|
ENTRYPOINT [ "/usr/local/bin/nyuukyou" ]
|
||||||
|
|
65
yume-mods/nyuukyou/src/main.rs
Normal file
65
yume-mods/nyuukyou/src/main.rs
Normal file
|
@ -0,0 +1,65 @@
|
||||||
|
|
||||||
|
use std::path::PathBuf;
|
||||||
|
use std::sync::Arc;
|
||||||
|
|
||||||
|
use axum::response::IntoResponse;
|
||||||
|
use clap::Parser;
|
||||||
|
use fedivet::evaluate::chain::audit::AuditOptions;
|
||||||
|
use fedivet::evaluate::Evaluator;
|
||||||
|
use fedivet::model::error::MisskeyError;
|
||||||
|
use fedivet::serve;
|
||||||
|
use fedivet::BaseAppState;
|
||||||
|
use fedivet::HasAppState;
|
||||||
|
use serde::Serialize;
|
||||||
|
|
||||||
|
#[derive(Parser)]
|
||||||
|
pub struct Args {
|
||||||
|
#[clap(short, long, default_value = "127.0.0.1:3001")]
|
||||||
|
pub listen: String,
|
||||||
|
#[clap(short, long, default_value = "http://web:3000")]
|
||||||
|
pub backend: String,
|
||||||
|
#[clap(long)]
|
||||||
|
pub tls_cert: Option<String>,
|
||||||
|
#[clap(long)]
|
||||||
|
pub tls_key: Option<String>,
|
||||||
|
}
|
||||||
|
|
||||||
|
#[allow(clippy::unused_async)]
|
||||||
|
async fn build_state<E: IntoResponse + Clone + Serialize + Send + Sync + 'static>(
|
||||||
|
base: Arc<BaseAppState<E>>,
|
||||||
|
_args: &Args,
|
||||||
|
) -> impl HasAppState<E> + Evaluator<E> {
|
||||||
|
base
|
||||||
|
.extract_meta()
|
||||||
|
.audited(AuditOptions::new(PathBuf::from("/store/log/audit/incoming")))
|
||||||
|
}
|
||||||
|
|
||||||
|
#[tokio::main]
|
||||||
|
async fn main() {
|
||||||
|
if std::env::var("RUST_LOG").is_err() {
|
||||||
|
std::env::set_var("RUST_LOG", "info");
|
||||||
|
}
|
||||||
|
env_logger::init();
|
||||||
|
|
||||||
|
let args = Args::parse();
|
||||||
|
|
||||||
|
let state = build_state::<MisskeyError>(
|
||||||
|
Arc::new(
|
||||||
|
BaseAppState::new(args.backend.parse().expect("Invalid backend URL")).with_empty_ctx(),
|
||||||
|
),
|
||||||
|
&args,
|
||||||
|
)
|
||||||
|
.await;
|
||||||
|
|
||||||
|
serve::run(
|
||||||
|
state.clone(),
|
||||||
|
serve::start(
|
||||||
|
state,
|
||||||
|
&args.listen,
|
||||||
|
args.tls_cert.as_deref(),
|
||||||
|
args.tls_key.as_deref(),
|
||||||
|
)
|
||||||
|
.await,
|
||||||
|
)
|
||||||
|
.await;
|
||||||
|
}
|
Loading…
Reference in a new issue