diff --git a/services/backup/src/config.rs b/services/backup/src/config.rs index f9b388313..3f2ba5068 100644 --- a/services/backup/src/config.rs +++ b/services/backup/src/config.rs @@ -1,44 +1,48 @@ use clap::Parser; use once_cell::sync::Lazy; use tracing::info; use crate::constants::{DEFAULT_BLOB_SERVICE_URL, DEFAULT_HTTP_PORT}; #[derive(Parser)] #[command(version, about, long_about = None)] pub struct AppConfig { /// HTTP server listening port #[arg(long, default_value_t = DEFAULT_HTTP_PORT)] pub http_port: u16, /// AWS Localstack service URL #[arg(env = "LOCALSTACK_ENDPOINT")] #[arg(long)] pub localstack_endpoint: Option, /// Blob service URL #[arg(env = "BLOB_SERVICE_URL")] #[arg(long, default_value = DEFAULT_BLOB_SERVICE_URL)] pub blob_service_url: reqwest::Url, + /// Identity service endpoint + #[arg(env = "IDENTITY_SERVICE_ENDPOINT")] + #[arg(long, default_value = "http://localhost:50054")] + pub identity_endpoint: String, } /// Stores configuration parsed from command-line arguments /// and environment variables pub static CONFIG: Lazy = Lazy::new(AppConfig::parse); /// Processes the command-line arguments and environment variables. /// Should be called at the beginning of the `main()` function. pub(super) fn parse_cmdline_args() { // force evaluation of the lazy initialized config Lazy::force(&CONFIG); } /// Provides region/credentials configuration for AWS SDKs pub async fn load_aws_config() -> aws_config::SdkConfig { let mut config_builder = aws_config::from_env(); if let Some(endpoint) = &CONFIG.localstack_endpoint { info!("Using Localstack. AWS endpoint URL: {}", endpoint); config_builder = config_builder.endpoint_url(endpoint); } config_builder.load().await } diff --git a/services/backup/src/http/mod.rs b/services/backup/src/http/mod.rs index 61d7a9e8d..435548af7 100644 --- a/services/backup/src/http/mod.rs +++ b/services/backup/src/http/mod.rs @@ -1,74 +1,76 @@ use actix_web::{web, App, HttpResponse, HttpServer}; use anyhow::Result; use comm_lib::{ - blob::client::BlobServiceClient, + auth::AuthService, blob::client::BlobServiceClient, http::auth::get_comm_authentication_middleware, }; use tracing::info; use crate::{database::DatabaseClient, http::handlers::log::handle_ws, CONFIG}; mod handlers { pub(super) mod backup; pub(super) mod log; } pub async fn run_http_server( db_client: DatabaseClient, blob_client: BlobServiceClient, + auth_service: AuthService, ) -> Result<()> { info!( "Starting HTTP server listening at port {}", CONFIG.http_port ); let db = web::Data::new(db_client); let blob = web::Data::new(blob_client); HttpServer::new(move || { App::new() .wrap(tracing_actix_web::TracingLogger::default()) .wrap(comm_lib::http::cors_config( CONFIG.localstack_endpoint.is_some(), )) .app_data(db.clone()) .app_data(blob.clone()) + .app_data(auth_service.to_owned()) .route("/health", web::get().to(HttpResponse::Ok)) .service( // Backup services that don't require authetication web::scope("/backups/latest") .service( web::resource("{username}/backup_id") .route(web::get().to(handlers::backup::get_latest_backup_id)), ) .service(web::resource("{username}/user_keys").route( web::get().to(handlers::backup::download_latest_backup_keys), )), ) .service( // Backup services requiring authetication web::scope("/backups") .wrap(get_comm_authentication_middleware()) .service( web::resource("").route(web::post().to(handlers::backup::upload)), ) .service( web::resource("{backup_id}/user_keys") .route(web::get().to(handlers::backup::download_user_keys)), ) .service( web::resource("{backup_id}/user_data") .route(web::get().to(handlers::backup::download_user_data)), ), ) .service( web::scope("/logs") .service(web::resource("").route(web::get().to(handle_ws))), ) }) .bind(("0.0.0.0", CONFIG.http_port))? .run() .await?; Ok(()) } diff --git a/services/backup/src/main.rs b/services/backup/src/main.rs index 598f55a38..53559af12 100644 --- a/services/backup/src/main.rs +++ b/services/backup/src/main.rs @@ -1,38 +1,39 @@ use anyhow::Result; -use comm_lib::blob::client::BlobServiceClient; +use comm_lib::{auth::AuthService, blob::client::BlobServiceClient}; use tracing::Level; use tracing_subscriber::EnvFilter; pub mod config; pub mod constants; pub mod database; pub mod error; pub mod http; // re-export this to be available as crate::CONFIG pub use config::CONFIG; fn configure_logging() -> Result<()> { let filter = EnvFilter::builder() .with_default_directive(Level::INFO.into()) .with_env_var(constants::LOG_LEVEL_ENV_VAR) .from_env_lossy(); let subscriber = tracing_subscriber::fmt().with_env_filter(filter).finish(); tracing::subscriber::set_global_default(subscriber)?; Ok(()) } #[tokio::main] async fn main() -> Result<()> { config::parse_cmdline_args(); configure_logging()?; let aws_config = config::load_aws_config().await; let db_client = database::DatabaseClient::new(&aws_config); let blob_client = BlobServiceClient::new(CONFIG.blob_service_url.clone()); + let auth_service = AuthService::new(&aws_config, &CONFIG.identity_endpoint); - http::run_http_server(db_client, blob_client).await?; + http::run_http_server(db_client, blob_client, auth_service).await?; Ok(()) }