diff --git a/cmd/root.go b/cmd/root.go index cabd919..eebe9b2 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -79,6 +79,7 @@ func init() { rootCmd.PersistentFlags().String("storage-orchestrator-clickhouse-password", "", "Clickhouse password for orchestrator storage") rootCmd.PersistentFlags().Bool("storage-orchestrator-clickhouse-asyncInsert", false, "Clickhouse async insert for orchestrator storage") rootCmd.PersistentFlags().Int("storage-orchestrator-clickhouse-maxRowsPerInsert", 100000, "Clickhouse max rows per insert for orchestrator storage") + rootCmd.PersistentFlags().Bool("storage-orchestrator-clickhouse-disableTLS", false, "Clickhouse disableTLS for orchestrator storage") rootCmd.PersistentFlags().Int("storage-orchestrator-memory-maxItems", 0, "Max items for orchestrator memory storage") rootCmd.PersistentFlags().Int("storage-orchestrator-redis-poolSize", 0, "Redis pool size for orchestrator storage") rootCmd.PersistentFlags().String("storage-orchestrator-redis-addr", "", "Redis address for orchestrator storage") @@ -90,11 +91,15 @@ func init() { rootCmd.PersistentFlags().String("storage-main-clickhouse-password", "", "Clickhouse password for main storage") rootCmd.PersistentFlags().Bool("storage-main-clickhouse-asyncInsert", false, "Clickhouse async insert for main storage") rootCmd.PersistentFlags().Int("storage-main-clickhouse-maxRowsPerInsert", 100000, "Clickhouse max rows per insert for main storage") + rootCmd.PersistentFlags().Bool("storage-main-clickhouse-disableTLS", false, "Clickhouse disableTLS for main storage") rootCmd.PersistentFlags().String("storage-staging-clickhouse-username", "", "Clickhouse username for staging storage") rootCmd.PersistentFlags().String("storage-staging-clickhouse-password", "", "Clickhouse password for staging storage") rootCmd.PersistentFlags().Bool("storage-staging-clickhouse-asyncInsert", false, "Clickhouse async insert for staging storage") rootCmd.PersistentFlags().Int("storage-staging-clickhouse-maxRowsPerInsert", 100000, "Clickhouse max rows per insert for staging storage") + rootCmd.PersistentFlags().Bool("storage-staging-clickhouse-disableTLS", false, "Clickhouse disableTLS for staging storage") rootCmd.PersistentFlags().String("api-host", "localhost:3000", "API host") + rootCmd.PersistentFlags().String("api-basicAuth-username", "", "API basic auth username") + rootCmd.PersistentFlags().String("api-basicAuth-password", "", "API basic auth password") viper.BindPFlag("rpc.url", rootCmd.PersistentFlags().Lookup("rpc-url")) viper.BindPFlag("rpc.blocks.blocksPerRequest", rootCmd.PersistentFlags().Lookup("rpc-blocks-blocksPerRequest")) viper.BindPFlag("rpc.blocks.batchDelay", rootCmd.PersistentFlags().Lookup("rpc-blocks-batchDelay")) @@ -134,6 +139,7 @@ func init() { viper.BindPFlag("storage.staging.clickhouse.password", rootCmd.PersistentFlags().Lookup("storage-staging-clickhouse-password")) viper.BindPFlag("storage.staging.clickhouse.asyncInsert", rootCmd.PersistentFlags().Lookup("storage-staging-clickhouse-asyncInsert")) viper.BindPFlag("storage.staging.clickhouse.maxRowsPerInsert", rootCmd.PersistentFlags().Lookup("storage-staging-clickhouse-maxRowsPerInsert")) + viper.BindPFlag("storage.staging.clickhouse.disableTLS", rootCmd.PersistentFlags().Lookup("storage-staging-clickhouse-disableTLS")) viper.BindPFlag("storage.main.clickhouse.database", rootCmd.PersistentFlags().Lookup("storage-main-clickhouse-database")) viper.BindPFlag("storage.main.clickhouse.host", rootCmd.PersistentFlags().Lookup("storage-main-clickhouse-host")) viper.BindPFlag("storage.main.clickhouse.port", rootCmd.PersistentFlags().Lookup("storage-main-clickhouse-port")) @@ -141,6 +147,7 @@ func init() { viper.BindPFlag("storage.main.clickhouse.password", rootCmd.PersistentFlags().Lookup("storage-main-clickhouse-password")) viper.BindPFlag("storage.main.clickhouse.asyncInsert", rootCmd.PersistentFlags().Lookup("storage-main-clickhouse-asyncInsert")) viper.BindPFlag("storage.main.clickhouse.maxRowsPerInsert", rootCmd.PersistentFlags().Lookup("storage-main-clickhouse-maxRowsPerInsert")) + viper.BindPFlag("storage.main.clickhouse.disableTLS", rootCmd.PersistentFlags().Lookup("storage-main-clickhouse-disableTLS")) viper.BindPFlag("storage.orchestrator.clickhouse.database", rootCmd.PersistentFlags().Lookup("storage-orchestrator-clickhouse-database")) viper.BindPFlag("storage.orchestrator.clickhouse.host", rootCmd.PersistentFlags().Lookup("storage-orchestrator-clickhouse-host")) viper.BindPFlag("storage.orchestrator.clickhouse.port", rootCmd.PersistentFlags().Lookup("storage-orchestrator-clickhouse-port")) @@ -148,12 +155,15 @@ func init() { viper.BindPFlag("storage.orchestrator.clickhouse.password", rootCmd.PersistentFlags().Lookup("storage-orchestrator-clickhouse-password")) viper.BindPFlag("storage.orchestrator.clickhouse.asyncInsert", rootCmd.PersistentFlags().Lookup("storage-orchestrator-clickhouse-asyncInsert")) viper.BindPFlag("storage.orchestrator.clickhouse.maxRowsPerInsert", rootCmd.PersistentFlags().Lookup("storage-orchestrator-clickhouse-maxRowsPerInsert")) + viper.BindPFlag("storage.orchestrator.clickhouse.disableTLS", rootCmd.PersistentFlags().Lookup("storage-orchestrator-clickhouse-disableTLS")) viper.BindPFlag("storage.orchestrator.memory.maxItems", rootCmd.PersistentFlags().Lookup("storage-orchestrator-memory-maxItems")) viper.BindPFlag("storage.orchestrator.redis.poolSize", rootCmd.PersistentFlags().Lookup("storage-orchestrator-redis-poolSize")) viper.BindPFlag("storage.orchestrator.redis.addr", rootCmd.PersistentFlags().Lookup("storage-orchestrator-redis-addr")) viper.BindPFlag("storage.orchestrator.redis.password", rootCmd.PersistentFlags().Lookup("storage-orchestrator-redis-password")) viper.BindPFlag("storage.orchestrator.redis.db", rootCmd.PersistentFlags().Lookup("storage-orchestrator-redis-db")) viper.BindPFlag("api.host", rootCmd.PersistentFlags().Lookup("api-host")) + viper.BindPFlag("api.basicAuth.username", rootCmd.PersistentFlags().Lookup("api-basicAuth-username")) + viper.BindPFlag("api.basicAuth.password", rootCmd.PersistentFlags().Lookup("api-basicAuth-password")) rootCmd.AddCommand(orchestratorCmd) rootCmd.AddCommand(apiCmd) } diff --git a/configs/config.go b/configs/config.go index 669fcbb..97eeaf3 100644 --- a/configs/config.go +++ b/configs/config.go @@ -103,8 +103,14 @@ type RPCConfig struct { Traces ToggleableRPCBatchRequestConfig `mapstructure:"traces"` } +type BasicAuthConfig struct { + Username string `mapstructure:"username"` + Password string `mapstructure:"password"` +} + type APIConfig struct { - Host string `mapstructure:"host"` + Host string `mapstructure:"host"` + BasicAuth BasicAuthConfig `mapstructure:"basicAuth"` } type Config struct { diff --git a/configs/secrets.example.yml b/configs/secrets.example.yml index f0e168d..efa3d23 100644 --- a/configs/secrets.example.yml +++ b/configs/secrets.example.yml @@ -1,6 +1,11 @@ rpc: url: https://1.rpc.thirdweb.com +api: + basicAuth: + username: admin + password: admin + storage: main: clickhouse: diff --git a/internal/middleware/authorization.go b/internal/middleware/authorization.go index 980abef..224d001 100644 --- a/internal/middleware/authorization.go +++ b/internal/middleware/authorization.go @@ -6,11 +6,17 @@ import ( "github.com/ethereum/go-ethereum/log" "github.com/gin-gonic/gin" "github.com/thirdweb-dev/indexer/api" + config "github.com/thirdweb-dev/indexer/configs" ) var ErrUnauthorized = fmt.Errorf("invalid username or password") func Authorization(c *gin.Context) { + if !isBasicAuthEnabled() { + c.Next() + return + } + username, password, ok := c.Request.BasicAuth() if !ok || !validateCredentials(username, password) { log.Error(ErrUnauthorized.Error()) @@ -21,6 +27,10 @@ func Authorization(c *gin.Context) { c.Next() } +func isBasicAuthEnabled() bool { + return config.Cfg.API.BasicAuth.Username != "" && config.Cfg.API.BasicAuth.Password != "" +} + func validateCredentials(username, password string) bool { - return username == "admin" && password == "admin" + return username == config.Cfg.API.BasicAuth.Username && password == config.Cfg.API.BasicAuth.Password }