From b16f7678607fee8b6fde37b34b756fc4df8080ce Mon Sep 17 00:00:00 2001 From: mleku Date: Mon, 2 Dec 2024 11:08:53 +0000 Subject: [PATCH] update readme with more instructions about config and admin stuff updated now disallows admin functions with the default no password/username --- README.md | 72 ++++++++++++++++++++++++++++++++++++++++--------- realy/server.go | 5 ++++ realy/version | 2 +- 3 files changed, 66 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 4689dfc..263dbca 100644 --- a/README.md +++ b/README.md @@ -77,29 +77,77 @@ To produce a static binary, whether you use the CGO secp256k1 or disable CGO as will place it into your `~/bin/` directory, and it will work on any system of the same architecture with the same glibc major version (has been 2 for a long time). -## Export and Import functions +## Configuration -You can export everything in the event store through the default http://localhost:3337 endpoint +The default will run the relay with default settings, which will not be what you +want. + +To see the curent active configuration: + + realy env + +This output can be directed to the profile location to make the settings +editable without manually setting them on the commandline: + + realy env > $HOME/.config/realy/.env + +You can now edit this file to alter the configuration. + +Note the configuration file is a "dotfile" so that if you are tinkering with the +code you can wipe out a broken database with: + + rm -rf $HOME/.config/realy/* + +and it leaves the config because this doesn't match a standard wildcard, all the +database files wil be removed, however. + +Regarding the configuration system, this is an element of many servers that is +absurdly complex, and for which reason Realy does not use a complicated scheme, +a simple library that allows automatic configuration of a series of options, +added a simple info print: + + realy help + +will show you the instructions, and the one simple extension of being able to +use a standard formated .env file to configure all the options for an instance. + +## Administrative functions + +You can export everything in the event store through the default http://localhost:3334 endpoint like so: - curl http://localhost:3337/export > everything.jsonl + curl -u username:password http://localhost:3334/export > everything.jsonl + +The username and password are configured in the environment variables -or just all of the whitelisted users and all events with p tags with them in it: + ADMIN_USER=username + ADMIN_PASSWORD=password - curl http://localhost:3337/export/users > users.jsonl +Note that HTTP basic authentication this can only be alphanumeric values, but +make it long and strong because these functions are sensitive. -or just one user: (includes also matching p tags) +Or just all of the whitelisted users and all events with p tags with them in it: - curl http://localhost:3337/export/4c800257a588a82849d049817c2bdaad984b25a45ad9f6dad66e47d3b47e3b2f > mleku.jsonl + curl -u username:password http://localhost:3334/export/users > users.jsonl -or several users with hyphens between the hexadecimal public keys: (ditto above) +Or just one user: (includes also matching p tags) - curl http://localhost:3337/export/4c800257a588a82849d049817c2bdaad984b25a45ad9f6dad66e47d3b47e3b2f-454bc2771a69e30843d0fccfde6e105ff3edc5c6739983ef61042633e4a9561a > mleku_gojiberra.jsonl + curl -u username:password http://localhost:3334/export/4c800257a588a82849d049817c2bdaad984b25a45ad9f6dad66e47d3b47e3b2f > mleku.jsonl +Or several users with hyphens between the hexadecimal public keys: (ditto above) -and import also, to put one of these files (also nostrudel and coracle have functions to + curl -u username:password http://localhost:3334/export/4c800257a588a82849d049817c2bdaad984b25a45ad9f6dad66e47d3b47e3b2f-454bc2771a69e30843d0fccfde6e105ff3edc5c6739983ef61042633e4a9561a > mleku_gojiberra.jsonl + +And import also, to put one of these files (also nostrudel and coracle have functions to export the app database of events in jsonl) - curl -XPOST -T nostrudel.jsonl http://localhost:3337/import + curl -u username:password -XPOST -T nostrudel.jsonl http://localhost:3334/import + +You can also shut down the realy as well: + + curl -u username:password http://localhost:3334/shutdown + +Other administrative features will probably be added later, these are just the +essentials. -> todo: more documentation coming +Other \ No newline at end of file diff --git a/realy/server.go b/realy/server.go index 401655b..ec55c8d 100644 --- a/realy/server.go +++ b/realy/server.go @@ -107,6 +107,10 @@ func NewServer(sp ServerParams, opts ...options.O) (*Server, er) { } func (s *Server) HTTPAuth(r *http.Request) (authed bo) { + if s.adminUser == "" || s.adminPass == "" { + // disallow this if it hasn't been configured, the default values are empty. + return + } username, password, ok := r.BasicAuth() if ok { usernameHash := sha256.Sum256(by(username)) @@ -127,6 +131,7 @@ func (s *Server) HTTPAuth(r *http.Request) (authed bo) { func (s *Server) AuthFail(w http.ResponseWriter) { w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`) http.Error(w, "Unauthorized", http.StatusUnauthorized) + fmt.Fprintf(w, "you may have not configured your admin username/password") } func (s *Server) HandleAdmin(w http.ResponseWriter, r *http.Request) { diff --git a/realy/version b/realy/version index cab9477..8969e17 100644 --- a/realy/version +++ b/realy/version @@ -1 +1 @@ -v1.2.27 \ No newline at end of file +v1.2.28 \ No newline at end of file