added apikeys

author: terminaldweller <devi@terminaldweller.com> 2025-08-04 23:51:06 +0000
committer: terminaldweller <devi@terminaldweller.com> 2025-08-04 23:51:06 +0000
commit: 4e04fa499654830b23715f9acc7c780a8fb4610a (patch)
tree: 8470559b6d98148eb1fc37c72a680e0062a58913
parent: updating the dockerfiles (diff)
download: hived-4e04fa499654830b23715f9acc7c780a8fb4610a.tar.gz
hived-4e04fa499654830b23715f9acc7c780a8fb4610a.zip
4 files changed, 97 insertions, 20 deletions
diff --git a/helios/Dockerfile b/helios/Dockerfile
new file mode 100644
index 0000000..2f04413
--- /dev/null
+++ b/helios/Dockerfile
@@ -0,0 +1,15 @@
+FROM debian:bookworm-slim AS builder
+RUN apt-get update && \
+      apt-get install -y curl bash perl6-readline && \
+      curl https://raw.githubusercontent.com/a16z/helios/master/heliosup/install | bash && \
+      root/.helios/bin/heliosup install
+
+FROM debian:bookworm-slim
+RUN apt-get update && \
+      apt-get install -y libc6
+ENV HOME=/home/helios
+RUN set -eux; \
+  adduser -u 1001 --home $HOME helios
+COPY --from=builder /root/.helios/bin/helios /usr/local/bin/helios
+COPY --from=builder /root/.helios/bin/heliosup /usr/local/bin/heliosup
+RUN chown -R helios:helios "$HOME"
diff --git a/hived/hived.go b/hived/hived.go
index b91babe..143eef1 100644
--- a/hived/hived.go
+++ b/hived/hived.go
@@ -24,6 +24,7 @@ import (
 	"github.com/pocketbase/pocketbase"
 	"github.com/pocketbase/pocketbase/apis"
 	"github.com/pocketbase/pocketbase/core"
+	"github.com/pocketbase/pocketbase/models/schema"
 	"github.com/pocketbase/pocketbase/plugins/ghupdate"
 	"github.com/pocketbase/pocketbase/plugins/jsvm"
 	"github.com/pocketbase/pocketbase/plugins/migratecmd"
@@ -1070,8 +1071,8 @@ func defaultPublicDir() string {
 
 func (aw appWrapper) apikeyAuthMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
 	return func(c echo.Context) error {
-		apikey := c.Request().Header["Apikey"][0]
-		user := c.Request().Header["User"][0]
+		apikey := c.Request().Header["X-Apikey"][0]
+		user := c.Request().Header["X-User"][0]
 
 		userRecord, err := aw.app.Dao().FindAuthRecordByUsername("users", user)
 		if err != nil {
@@ -1086,6 +1087,10 @@ func (aw appWrapper) apikeyAuthMiddleware(next echo.HandlerFunc) echo.HandlerFun
 		}
 
 		err = bcrypt.CompareHashAndPassword([]byte(hashedAPIKeyStr), []byte(apikey))
+		if err != nil {
+			log.Print("apikey auth failed for user: " + user)
+			return apis.NewBadRequestError("unauthorized", nil)
+		}
 
 		return next(c)
 	}
@@ -1180,27 +1185,54 @@ func startPocketbaseApp() {
 	aw := appWrapper{app: app}
 
 	app.OnBeforeServe().Add(func(e *core.ServeEvent) error {
-		e.Router.POST("/", aw.postHandler, aw.authMiddleware)
-		e.Router.GET("/health", aw.healthHandler, aw.authMiddleware)
-		e.Router.GET("/api/crypto/v1/price", aw.PriceHandler, aw.authMiddleware)
-		e.Router.GET("/api/crypto/v1/pair", aw.PairHandler, aw.authMiddleware)
-
-		e.Router.GET("/api/crypto/v1/alert", aw.alertHandler, aw.authMiddleware)
-		e.Router.PUT("/api/crypto/v1/alert", aw.alertHandler, aw.authMiddleware)
-		e.Router.POST("/api/crypto/v1/alert", aw.alertHandler, aw.authMiddleware)
-		e.Router.PATCH("/api/crypto/v1/alert", aw.alertHandler, aw.authMiddleware)
-		e.Router.DELETE("/api/crypto/v1/alert", aw.alertHandler, aw.authMiddleware)
-
-		e.Router.GET("/api/crypto/v1/ticker", aw.tickerHandler, aw.authMiddleware)
-		e.Router.PUT("/api/crypto/v1/ticker", aw.tickerHandler, aw.authMiddleware)
-		e.Router.POST("/api/crypto/v1/ticker", aw.tickerHandler, aw.authMiddleware)
-		e.Router.PATCH("/api/crypto/v1/ticker", aw.tickerHandler, aw.authMiddleware)
-		e.Router.DELETE("/api/crypto/v1/ticker", aw.tickerHandler, aw.authMiddleware)
+		e.Router.POST("/", aw.postHandler, aw.apikeyAuthMiddleware)
+		e.Router.GET("/health", aw.healthHandler, aw.apikeyAuthMiddleware)
+		e.Router.GET("/api/crypto/v1/price", aw.PriceHandler, aw.apikeyAuthMiddleware)
+		e.Router.GET("/api/crypto/v1/pair", aw.PairHandler, aw.apikeyAuthMiddleware)
+
+		e.Router.GET("/api/crypto/v1/alert", aw.alertHandler, aw.apikeyAuthMiddleware)
+		e.Router.PUT("/api/crypto/v1/alert", aw.alertHandler, aw.apikeyAuthMiddleware)
+		e.Router.POST("/api/crypto/v1/alert", aw.alertHandler, aw.apikeyAuthMiddleware)
+		e.Router.PATCH("/api/crypto/v1/alert", aw.alertHandler, aw.apikeyAuthMiddleware)
+		e.Router.DELETE("/api/crypto/v1/alert", aw.alertHandler, aw.apikeyAuthMiddleware)
+
+		e.Router.GET("/api/crypto/v1/ticker", aw.tickerHandler, aw.apikeyAuthMiddleware)
+		e.Router.PUT("/api/crypto/v1/ticker", aw.tickerHandler, aw.apikeyAuthMiddleware)
+		e.Router.POST("/api/crypto/v1/ticker", aw.tickerHandler, aw.apikeyAuthMiddleware)
+		e.Router.PATCH("/api/crypto/v1/ticker", aw.tickerHandler, aw.apikeyAuthMiddleware)
+		e.Router.DELETE("/api/crypto/v1/ticker", aw.tickerHandler, aw.apikeyAuthMiddleware)
+
+		return nil
+	})
+
+	app.OnBeforeServe().Add(func(e *core.ServeEvent) error {
+		dao := app.Dao()
+
+		collection, err := dao.FindCollectionByNameOrId("users")
+		if err != nil {
+			log.Fatal().Err(err).Msg("failed to find users collection")
+		}
+
+		if field := collection.Schema.GetFieldByName("apikey"); field == nil {
+			newField := &schema.SchemaField{
+				Name:     "apikey",
+				Type:     schema.FieldTypeText,
+				System:   false,
+				Required: false,
+				Unique:   true,
+			}
+
+			collection.Schema.AddField(newField)
+
+			if err := dao.SaveCollection(collection); err != nil {
+				log.Fatal().Err(err).Msg("failed to save users collection with apikey field")
+			}
+		}
 
 		return nil
 	})
 
-	app.OnRecordAfterCreateRequest("users").Add(func(e *core.RecordCreateEvent) error {
+	app.OnRecordBeforeCreateRequest("users").Add(func(e *core.RecordCreateEvent) error {
 		apikeyHash, err := GenAPIKey()
 		if err != nil {
 			return err
diff --git a/hived/hived.toml b/hived/hived.toml
index f8e87b7..ae0c6ad 100644
--- a/hived/hived.toml
+++ b/hived/hived.toml
@@ -5,4 +5,4 @@ alertsCheckInterval = 600
 tickerCheckInterval = 600
 cacheDuration = 600
 telegramChannelID = 146328407
-telegramBotToken = "556550001:AAFWaKwhezZNBqouGOkulbgghBJ78I1Wzu0"
+telegramBotToken = ""
diff --git a/makefile b/makefile
new file mode 100644
index 0000000..d6b92ab
--- /dev/null
+++ b/makefile
@@ -0,0 +1,30 @@
+.PHONY: d_test d_deploy d_down d_build help
+
+IMAGE_NAME=hived
+
+d_test:
+	nq docker compose -f ./docker-compose-test.yaml up --build
+
+d_deploy:
+	nq docker compose -f ./docker-compose.yaml up --build
+
+d_down:
+	docker compose -f ./docker-compose.yaml down
+	docker compose -f ./docker-compose-test.yaml down
+
+d_build: d_build_distroless_vendored
+
+d_build_regular:
+	docker build -t $(IMAGE_NAME)-f ./hived/Dockerfile ./hived
+
+d_build_distroless:
+	docker build -t $(IMAGE_NAME) -f ./hived/Dockerfile_distroless ./hived
+
+d_build_distroless_vendored:
+	docker build -t $(IMAGE_NAME) -f ./hived/Dockerfile_distroless_vendored ./hived
+
+help:
+	@echo "d_test"
+	@echo "d_deploy"
+	@echo "d_down"
+	@echo "d_build"
author	terminaldweller <devi@terminaldweller.com>	2025-08-04 23:51:06 +0000
committer	terminaldweller <devi@terminaldweller.com>	2025-08-04 23:51:06 +0000
commit	4e04fa499654830b23715f9acc7c780a8fb4610a (patch)
tree	8470559b6d98148eb1fc37c72a680e0062a58913
parent	updating the dockerfiles (diff)
download	hived-4e04fa499654830b23715f9acc7c780a8fb4610a.tar.gz hived-4e04fa499654830b23715f9acc7c780a8fb4610a.zip