From 5a97731c6996847e335daf1fe9a5d265540de3d1 Mon Sep 17 00:00:00 2001 From: alyx Date: Wed, 3 Apr 2024 11:57:23 -0400 Subject: whitelist -> allowlist --- README.md | 20 ++++++++++---------- src/cache/user.rs | 36 ++++++++++++++++++------------------ src/config.rs | 15 ++++++++------- 3 files changed, 36 insertions(+), 35 deletions(-) diff --git a/README.md b/README.md index 4d5ae8f..084fce7 100644 --- a/README.md +++ b/README.md @@ -65,21 +65,21 @@ If set, logs will be written to the specified file. Otherwise, logs are written ## User Perms -### `LFME_WHITELIST_MODE` (Default: `"open"`) +### `LFME_ALLOWLIST_MODE` (Default: `"open"`) The following(case-insensitive) values are supported: - `open`: Allow requests for all users. -- `exclusive`: Only allow requests for users in `LFME_WHITELIST`, returning HTTP 403 for all others. `LFME_WHITELIST` _must_ be set if this mode is enabled. +- `exclusive`: Only allow requests for users in `LFME_ALLOWLIST`, returning HTTP 403 for all others. `LFME_ALLOWLIST` _must_ be set if this mode is enabled. If the user requested has their listen history private, a 403 will be returned. -### `LFME_WHITELIST` (Default: `""`) +### `LFME_ALLOWLIST` (Default: `""`) This is expected to be a sequence of comma-separated usernames. Leading/trailing whitespace will be stripped, and unicode is fully supported. -### `LFME_WHITELIST_REFRESH` (Default: `"1m"`) -The amount of time to cache whitelisted user info for. +### `LFME_ALLOWLIST_REFRESH` (Default: `"1m"`) +The amount of time to cache allowlisted user info for. It is interpreted as a sequence of `` values, where `num` is a positive integer, and `suffix` is one of `y`,`mon`,`w`,`d`,`h`,`m`,`s`, `ms`, `µs`, or `ns`, each of which corresponds to a self-explanatory unit of time. @@ -87,8 +87,8 @@ For most practical applications, one should only use `m` and `s`, as caching you Parsing is delegated to the [`duration_str`](https://docs.rs/duration-str/latest/duration_str/) crate, and further info may be found there. ### `LFME_DEFAULT_REFRESH` (Default: `"5m"`) -The amount of time to cache non-whitelisted user info for. -See `LFME_WHITELIST_REFRESH` for more info. +The amount of time to cache non-allowlisted user info for. +See `LFME_ALLOWLIST_REFRESH` for more info. ## Themes @@ -139,9 +139,9 @@ LFME_API_KEY=0123456789abcdef0123456789abcdef LFME_LOG_LEVEL=error LFME_PORT=3000 -LFME_WHITELIST_REFRESH=30s -LFME_WHITELIST_MODE=exclusive -LFME_WHITELIST=a_precious_basket_case, realRiversCuomo, Pixiesfan12345 +LFME_ALLOWLIST_REFRESH=30s +LFME_ALLOWLIST_MODE=exclusive +LFME_ALLOWLIST=a_precious_basket_case, realRiversCuomo, Pixiesfan12345 ``` # Theming {#theming} diff --git a/src/cache/user.rs b/src/cache/user.rs index f12d852..253773c 100644 --- a/src/cache/user.rs +++ b/src/cache/user.rs @@ -15,9 +15,9 @@ type UserGetter = CacheGetter>; type UserCache = Cache>; #[derive(Debug)] -enum Whitelist { +enum Allowlist { Exclusive{cache: UserCache}, - Open{default_cache: UserCache, whitelist_cache: UserCache} + Open{default_cache: UserCache, allowlist_cache: UserCache} } fn user_getter(username: &String) -> UserFuture { @@ -63,40 +63,40 @@ fn user_getter(username: &String) -> UserFuture { static HTTP: LazyLock = crate::http::lazy(); -static WHITELIST: LazyLock = LazyLock::new(|| { +static ALLOWLIST: LazyLock = LazyLock::new(|| { let default_cache = Arc::new(RwLock::new(AsyncCache::new(CONFIG.default_refresh, user_getter as UserGetter))); - let whitelist_cache = Arc::new(RwLock::new(AsyncCache::new(CONFIG.whitelist_refresh, user_getter as UserGetter))); - match CONFIG.whitelist_mode.as_str() { + let allowlist_cache = Arc::new(RwLock::new(AsyncCache::new(CONFIG.allowlist_refresh, user_getter as UserGetter))); + match CONFIG.allowlist_mode.as_str() { "open" => { - Whitelist::Open{default_cache, whitelist_cache} + Allowlist::Open{default_cache, allowlist_cache} }, "exclusive" => { - if CONFIG.whitelist.is_empty() { - panic!("Exclusive mode set with empty whitelist, cannot serve any requests!"); + if CONFIG.allowlist.is_empty() { + panic!("Exclusive mode set with empty allowlist, cannot serve any requests!"); } - Whitelist::Exclusive{cache: whitelist_cache} + Allowlist::Exclusive{cache: allowlist_cache} }, m => { - panic!("Bad whitelist mode: `{m}`"); + panic!("Bad allowlist mode: `{m}`"); } } }); pub async fn get_userinfo(user: &String) -> (Result, (StatusCode, &'static str)>, Duration) { - match LazyLock::force(&WHITELIST) { - Whitelist::Open{default_cache, whitelist_cache} => { - if CONFIG.whitelist.contains(user) { - (whitelist_cache.write().await.get_owned(user).await, CONFIG.whitelist_refresh) + match LazyLock::force(&ALLOWLIST) { + Allowlist::Open{default_cache, allowlist_cache} => { + if CONFIG.allowlist.contains(user) { + (allowlist_cache.write().await.get_owned(user).await, CONFIG.allowlist_refresh) } else { (default_cache.write().await.get_owned(user).await, CONFIG.default_refresh) } }, - Whitelist::Exclusive{cache} => { - if CONFIG.whitelist.contains(user) { - (cache.write().await.get_owned(user).await, CONFIG.whitelist_refresh) + Allowlist::Exclusive{cache} => { + if CONFIG.allowlist.contains(user) { + (cache.write().await.get_owned(user).await, CONFIG.allowlist_refresh) } - else { (Err((StatusCode::FORBIDDEN, "User not in whitelist!")), CONFIG.default_refresh) } + else { (Err((StatusCode::FORBIDDEN, "User not in allowlist!")), CONFIG.default_refresh) } } } } diff --git a/src/config.rs b/src/config.rs index bc24b83..1a192b2 100644 --- a/src/config.rs +++ b/src/config.rs @@ -24,10 +24,10 @@ pub struct Config { pub(crate) theme_ext: Arc, pub(crate) theme_debug: bool, - pub(crate) whitelist: BTreeSet, - pub(crate) whitelist_mode: String, + pub(crate) allowlist: BTreeSet, + pub(crate) allowlist_mode: String, pub(crate) default_refresh: Duration, - pub(crate) whitelist_refresh: Duration, + pub(crate) allowlist_refresh: Duration, } impl Config { @@ -35,6 +35,7 @@ impl Config { let duration_from_var = |v: &str, d: u64| -> Duration {var(v).map(|r| ds::parse(&r).expect("bad duration string")).unwrap_or_else(|_| Duration::from_secs(d))}; let default_refresh = duration_from_var("LFME_DEFAULT_REFRESH", 300); let whitelist_refresh = duration_from_var("LFME_WHITELIST_REFRESH", 60); + let allowlist_refresh = if whitelist_refresh == Duration::from_secs(60) { duration_from_var("LFME_ALLOWLIST_REFRESH", 60) } else { whitelist_refresh }; Arc::new(Config { lastfm_api_key: var("LFME_LASTFM_API_KEY").expect("last.fm API key must be set").into(), google_api_key: var("LFME_GOOGLE_API_KEY").map(Into::into).ok(), @@ -47,10 +48,10 @@ impl Config { theme_ext: var("LFME_THEME_EXT").unwrap_or_else(|_| ".hbs".into()).into(), theme_debug: var("LFME_THEME_DEV").map(|h| &h == "1").unwrap_or(false), - whitelist: var("LFME_WHITELIST").ok().map(|w| w.split(',').map(|s| s.trim().to_string()).collect()).unwrap_or_default(), - whitelist_mode: var("LFME_WHITELIST_MODE").map(|m| m.to_ascii_lowercase()).unwrap_or_else(|_| "open".into()), - default_refresh: default_refresh + Duration::from_secs(1), - whitelist_refresh: whitelist_refresh + Duration::from_secs(1) + allowlist: var("LFME_WHITELIST").or_else(|_| var("LFME_ALLOWLIST")).ok().map(|w| w.split(',').map(|s| s.trim().to_string()).collect()).unwrap_or_default(), + allowlist_mode: var("LFME_WHITELIST_MODE").or_else(|_| var("LFME_ALLOWLIST_MODE")).map(|m| m.to_ascii_lowercase()).unwrap_or_else(|_| "open".into()), + default_refresh: default_refresh, + allowlist_refresh: allowlist_refresh }) } -- cgit v1.2.3-70-g09d2