aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--helios/Dockerfile15
-rw-r--r--hived/hived.go70
-rw-r--r--hived/hived.toml2
-rw-r--r--makefile30
4 files changed, 97 insertions, 20 deletions
diff --git a/helios/Dockerfile b/helios/Dockerfile
new file mode 100644
index 0000000..2f04413
--- /dev/null
+++ b/helios/Dockerfile
@@ -0,0 +1,15 @@
+FROM debian:bookworm-slim AS builder
+RUN apt-get update && \
+ apt-get install -y curl bash perl6-readline && \
+ curl https://raw.githubusercontent.com/a16z/helios/master/heliosup/install | bash && \
+ root/.helios/bin/heliosup install
+
+FROM debian:bookworm-slim
+RUN apt-get update && \
+ apt-get install -y libc6
+ENV HOME=/home/helios
+RUN set -eux; \
+ adduser -u 1001 --home $HOME helios
+COPY --from=builder /root/.helios/bin/helios /usr/local/bin/helios
+COPY --from=builder /root/.helios/bin/heliosup /usr/local/bin/heliosup
+RUN chown -R helios:helios "$HOME"
diff --git a/hived/hived.go b/hived/hived.go
index b91babe..143eef1 100644
--- a/hived/hived.go
+++ b/hived/hived.go
@@ -24,6 +24,7 @@ import (
"github.com/pocketbase/pocketbase"
"github.com/pocketbase/pocketbase/apis"
"github.com/pocketbase/pocketbase/core"
+ "github.com/pocketbase/pocketbase/models/schema"
"github.com/pocketbase/pocketbase/plugins/ghupdate"
"github.com/pocketbase/pocketbase/plugins/jsvm"
"github.com/pocketbase/pocketbase/plugins/migratecmd"
@@ -1070,8 +1071,8 @@ func defaultPublicDir() string {
func (aw appWrapper) apikeyAuthMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
return func(c echo.Context) error {
- apikey := c.Request().Header["Apikey"][0]
- user := c.Request().Header["User"][0]
+ apikey := c.Request().Header["X-Apikey"][0]
+ user := c.Request().Header["X-User"][0]
userRecord, err := aw.app.Dao().FindAuthRecordByUsername("users", user)
if err != nil {
@@ -1086,6 +1087,10 @@ func (aw appWrapper) apikeyAuthMiddleware(next echo.HandlerFunc) echo.HandlerFun
}
err = bcrypt.CompareHashAndPassword([]byte(hashedAPIKeyStr), []byte(apikey))
+ if err != nil {
+ log.Print("apikey auth failed for user: " + user)
+ return apis.NewBadRequestError("unauthorized", nil)
+ }
return next(c)
}
@@ -1180,27 +1185,54 @@ func startPocketbaseApp() {
aw := appWrapper{app: app}
app.OnBeforeServe().Add(func(e *core.ServeEvent) error {
- e.Router.POST("/", aw.postHandler, aw.authMiddleware)
- e.Router.GET("/health", aw.healthHandler, aw.authMiddleware)
- e.Router.GET("/api/crypto/v1/price", aw.PriceHandler, aw.authMiddleware)
- e.Router.GET("/api/crypto/v1/pair", aw.PairHandler, aw.authMiddleware)
-
- e.Router.GET("/api/crypto/v1/alert", aw.alertHandler, aw.authMiddleware)
- e.Router.PUT("/api/crypto/v1/alert", aw.alertHandler, aw.authMiddleware)
- e.Router.POST("/api/crypto/v1/alert", aw.alertHandler, aw.authMiddleware)
- e.Router.PATCH("/api/crypto/v1/alert", aw.alertHandler, aw.authMiddleware)
- e.Router.DELETE("/api/crypto/v1/alert", aw.alertHandler, aw.authMiddleware)
-
- e.Router.GET("/api/crypto/v1/ticker", aw.tickerHandler, aw.authMiddleware)
- e.Router.PUT("/api/crypto/v1/ticker", aw.tickerHandler, aw.authMiddleware)
- e.Router.POST("/api/crypto/v1/ticker", aw.tickerHandler, aw.authMiddleware)
- e.Router.PATCH("/api/crypto/v1/ticker", aw.tickerHandler, aw.authMiddleware)
- e.Router.DELETE("/api/crypto/v1/ticker", aw.tickerHandler, aw.authMiddleware)
+ e.Router.POST("/", aw.postHandler, aw.apikeyAuthMiddleware)
+ e.Router.GET("/health", aw.healthHandler, aw.apikeyAuthMiddleware)
+ e.Router.GET("/api/crypto/v1/price", aw.PriceHandler, aw.apikeyAuthMiddleware)
+ e.Router.GET("/api/crypto/v1/pair", aw.PairHandler, aw.apikeyAuthMiddleware)
+
+ e.Router.GET("/api/crypto/v1/alert", aw.alertHandler, aw.apikeyAuthMiddleware)
+ e.Router.PUT("/api/crypto/v1/alert", aw.alertHandler, aw.apikeyAuthMiddleware)
+ e.Router.POST("/api/crypto/v1/alert", aw.alertHandler, aw.apikeyAuthMiddleware)
+ e.Router.PATCH("/api/crypto/v1/alert", aw.alertHandler, aw.apikeyAuthMiddleware)
+ e.Router.DELETE("/api/crypto/v1/alert", aw.alertHandler, aw.apikeyAuthMiddleware)
+
+ e.Router.GET("/api/crypto/v1/ticker", aw.tickerHandler, aw.apikeyAuthMiddleware)
+ e.Router.PUT("/api/crypto/v1/ticker", aw.tickerHandler, aw.apikeyAuthMiddleware)
+ e.Router.POST("/api/crypto/v1/ticker", aw.tickerHandler, aw.apikeyAuthMiddleware)
+ e.Router.PATCH("/api/crypto/v1/ticker", aw.tickerHandler, aw.apikeyAuthMiddleware)
+ e.Router.DELETE("/api/crypto/v1/ticker", aw.tickerHandler, aw.apikeyAuthMiddleware)
+
+ return nil
+ })
+
+ app.OnBeforeServe().Add(func(e *core.ServeEvent) error {
+ dao := app.Dao()
+
+ collection, err := dao.FindCollectionByNameOrId("users")
+ if err != nil {
+ log.Fatal().Err(err).Msg("failed to find users collection")
+ }
+
+ if field := collection.Schema.GetFieldByName("apikey"); field == nil {
+ newField := &schema.SchemaField{
+ Name: "apikey",
+ Type: schema.FieldTypeText,
+ System: false,
+ Required: false,
+ Unique: true,
+ }
+
+ collection.Schema.AddField(newField)
+
+ if err := dao.SaveCollection(collection); err != nil {
+ log.Fatal().Err(err).Msg("failed to save users collection with apikey field")
+ }
+ }
return nil
})
- app.OnRecordAfterCreateRequest("users").Add(func(e *core.RecordCreateEvent) error {
+ app.OnRecordBeforeCreateRequest("users").Add(func(e *core.RecordCreateEvent) error {
apikeyHash, err := GenAPIKey()
if err != nil {
return err
diff --git a/hived/hived.toml b/hived/hived.toml
index f8e87b7..ae0c6ad 100644
--- a/hived/hived.toml
+++ b/hived/hived.toml
@@ -5,4 +5,4 @@ alertsCheckInterval = 600
tickerCheckInterval = 600
cacheDuration = 600
telegramChannelID = 146328407
-telegramBotToken = "556550001:AAFWaKwhezZNBqouGOkulbgghBJ78I1Wzu0"
+telegramBotToken = ""
diff --git a/makefile b/makefile
new file mode 100644
index 0000000..d6b92ab
--- /dev/null
+++ b/makefile
@@ -0,0 +1,30 @@
+.PHONY: d_test d_deploy d_down d_build help
+
+IMAGE_NAME=hived
+
+d_test:
+ nq docker compose -f ./docker-compose-test.yaml up --build
+
+d_deploy:
+ nq docker compose -f ./docker-compose.yaml up --build
+
+d_down:
+ docker compose -f ./docker-compose.yaml down
+ docker compose -f ./docker-compose-test.yaml down
+
+d_build: d_build_distroless_vendored
+
+d_build_regular:
+ docker build -t $(IMAGE_NAME)-f ./hived/Dockerfile ./hived
+
+d_build_distroless:
+ docker build -t $(IMAGE_NAME) -f ./hived/Dockerfile_distroless ./hived
+
+d_build_distroless_vendored:
+ docker build -t $(IMAGE_NAME) -f ./hived/Dockerfile_distroless_vendored ./hived
+
+help:
+ @echo "d_test"
+ @echo "d_deploy"
+ @echo "d_down"
+ @echo "d_build"
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-06 22:21:20 +0000