scott/crabfit
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add ability to read secrets from files

Browse source
This commit is contained in:
D. Scott Boggs 2025-05-05 07:18:21 -04:00
parent 628f9eefc3
commit b496c86f18
5 changed files with 1292 additions and 840 deletions
Download patch file Download diff file Expand all files Collapse all files

14
api/src/routes/tasks.rs
View file

@ -1,4 +1,4 @@
use std::env;
use std::{env, fs};
use axum::{extract, http::HeaderMap};
use chrono::{Duration, Utc};
@ -28,7 +28,17 @@ pub async fn cleanup<A: Adaptor>(
.get("X-Cron-Key")
.map(|k| k.to_str().unwrap_or_default().into())
.unwrap_or_default();
let env_key = env::var("CRON_KEY").unwrap_or_default();
let env_key = if let Ok(key) = env::var("CRON_KEY") {
key
} else if let Some(path) = env::var_os("CRON_KEY_FILE") {
let Ok(key) = fs::read(&path) else {
println!("Error reading CRON_KEY_FILE at {path:?}");
return Err(ApiError::NotAuthorized);
};
String::from_utf8_lossy(key.as_slice()).into()
} else {
Default::default()
};
if !env_key.is_empty() && cron_key_header != env_key {
return Err(ApiError::NotAuthorized);
}