~aleteoryx/lfm_embed

5a97731c6996847e335daf1fe9a5d265540de3d1 — alyx 8 months ago d69f7fc
whitelist -> allowlist
3 files changed, 36 insertions(+), 35 deletions(-)

M README.md
M src/cache/user.rs
M src/config.rs
M README.md => README.md +10 -10
@@ 65,21 65,21 @@ If set, logs will be written to the specified file. Otherwise, logs are written 

## User Perms

### `LFME_WHITELIST_MODE` (Default: `"open"`)
### `LFME_ALLOWLIST_MODE` (Default: `"open"`)
The following(case-insensitive) values are supported:

- `open`: Allow requests for all users.

- `exclusive`: Only allow requests for users in `LFME_WHITELIST`, returning HTTP 403 for all others. `LFME_WHITELIST` _must_ be set if this mode is enabled.
- `exclusive`: Only allow requests for users in `LFME_ALLOWLIST`, returning HTTP 403 for all others. `LFME_ALLOWLIST` _must_ be set if this mode is enabled.

If the user requested has their listen history private, a 403 will be returned.

### `LFME_WHITELIST` (Default: `""`)
### `LFME_ALLOWLIST` (Default: `""`)
This is expected to be a sequence of comma-separated usernames.
Leading/trailing whitespace will be stripped, and unicode is fully supported.

### `LFME_WHITELIST_REFRESH` (Default: `"1m"`)
The amount of time to cache whitelisted user info for.
### `LFME_ALLOWLIST_REFRESH` (Default: `"1m"`)
The amount of time to cache allowlisted user info for.
It is interpreted as a sequence of `<num><suffix>` values, where `num` is a positive integer,
and `suffix` is one of `y`,`mon`,`w`,`d`,`h`,`m`,`s`, `ms`, `µs`, or `ns`, each of which
corresponds to a self-explanatory unit of time.


@@ 87,8 87,8 @@ For most practical applications, one should only use `m` and `s`, as caching you
Parsing is delegated to the [`duration_str`](https://docs.rs/duration-str/latest/duration_str/) crate, and further info may be found there.

### `LFME_DEFAULT_REFRESH` (Default: `"5m"`)
The amount of time to cache non-whitelisted user info for.
See `LFME_WHITELIST_REFRESH` for more info.
The amount of time to cache non-allowlisted user info for.
See `LFME_ALLOWLIST_REFRESH` for more info.

## Themes



@@ 139,9 139,9 @@ LFME_API_KEY=0123456789abcdef0123456789abcdef
LFME_LOG_LEVEL=error
LFME_PORT=3000

LFME_WHITELIST_REFRESH=30s
LFME_WHITELIST_MODE=exclusive
LFME_WHITELIST=a_precious_basket_case, realRiversCuomo, Pixiesfan12345
LFME_ALLOWLIST_REFRESH=30s
LFME_ALLOWLIST_MODE=exclusive
LFME_ALLOWLIST=a_precious_basket_case, realRiversCuomo, Pixiesfan12345
```

# Theming {#theming}

M src/cache/user.rs => src/cache/user.rs +18 -18
@@ 15,9 15,9 @@ type UserGetter = CacheGetter<Arc<(User, Track, TrackStub)>>;
type UserCache  = Cache<Arc<(User, Track, TrackStub)>>;

#[derive(Debug)]
enum Whitelist {
enum Allowlist {
  Exclusive{cache: UserCache},
  Open{default_cache: UserCache, whitelist_cache: UserCache}
  Open{default_cache: UserCache, allowlist_cache: UserCache}
}

fn user_getter(username: &String) -> UserFuture {


@@ 63,40 63,40 @@ fn user_getter(username: &String) -> UserFuture {

static HTTP: LazyLock<Client> = crate::http::lazy();

static WHITELIST: LazyLock<Whitelist> = LazyLock::new(|| {
static ALLOWLIST: LazyLock<Allowlist> = LazyLock::new(|| {
  let default_cache = Arc::new(RwLock::new(AsyncCache::new(CONFIG.default_refresh, user_getter as UserGetter)));
  let whitelist_cache = Arc::new(RwLock::new(AsyncCache::new(CONFIG.whitelist_refresh, user_getter as UserGetter)));
  match CONFIG.whitelist_mode.as_str() {
  let allowlist_cache = Arc::new(RwLock::new(AsyncCache::new(CONFIG.allowlist_refresh, user_getter as UserGetter)));
  match CONFIG.allowlist_mode.as_str() {
    "open" => {
      Whitelist::Open{default_cache, whitelist_cache}
      Allowlist::Open{default_cache, allowlist_cache}
    },
    "exclusive" => {
      if CONFIG.whitelist.is_empty() {
        panic!("Exclusive mode set with empty whitelist, cannot serve any requests!");
      if CONFIG.allowlist.is_empty() {
        panic!("Exclusive mode set with empty allowlist, cannot serve any requests!");
      }
      Whitelist::Exclusive{cache: whitelist_cache}
      Allowlist::Exclusive{cache: allowlist_cache}
    },
    m => {
      panic!("Bad whitelist mode: `{m}`");
      panic!("Bad allowlist mode: `{m}`");
    }
  }
});

pub async fn get_userinfo(user: &String) -> (Result<Arc<(User, Track, TrackStub)>, (StatusCode, &'static str)>, Duration) {
  match LazyLock::force(&WHITELIST) {
    Whitelist::Open{default_cache, whitelist_cache} => {
      if CONFIG.whitelist.contains(user) {
        (whitelist_cache.write().await.get_owned(user).await, CONFIG.whitelist_refresh)
  match LazyLock::force(&ALLOWLIST) {
    Allowlist::Open{default_cache, allowlist_cache} => {
      if CONFIG.allowlist.contains(user) {
        (allowlist_cache.write().await.get_owned(user).await, CONFIG.allowlist_refresh)
      }
      else {
        (default_cache.write().await.get_owned(user).await, CONFIG.default_refresh)
      }
    },
    Whitelist::Exclusive{cache} => {
      if CONFIG.whitelist.contains(user) {
        (cache.write().await.get_owned(user).await, CONFIG.whitelist_refresh)
    Allowlist::Exclusive{cache} => {
      if CONFIG.allowlist.contains(user) {
        (cache.write().await.get_owned(user).await, CONFIG.allowlist_refresh)
      }
      else { (Err((StatusCode::FORBIDDEN, "User not in whitelist!")), CONFIG.default_refresh) }
      else { (Err((StatusCode::FORBIDDEN, "User not in allowlist!")), CONFIG.default_refresh) }
    }
  }
}

M src/config.rs => src/config.rs +8 -7
@@ 24,10 24,10 @@ pub struct Config {
  pub(crate) theme_ext: Arc<str>,
  pub(crate) theme_debug: bool,

  pub(crate) whitelist: BTreeSet<String>,
  pub(crate) whitelist_mode: String,
  pub(crate) allowlist: BTreeSet<String>,
  pub(crate) allowlist_mode: String,
  pub(crate) default_refresh: Duration,
  pub(crate) whitelist_refresh: Duration,
  pub(crate) allowlist_refresh: Duration,
}

impl Config {


@@ 35,6 35,7 @@ impl Config {
    let duration_from_var = |v: &str, d: u64| -> Duration {var(v).map(|r| ds::parse(&r).expect("bad duration string")).unwrap_or_else(|_| Duration::from_secs(d))};
    let default_refresh = duration_from_var("LFME_DEFAULT_REFRESH", 300);
    let whitelist_refresh = duration_from_var("LFME_WHITELIST_REFRESH", 60);
    let allowlist_refresh = if whitelist_refresh == Duration::from_secs(60) { duration_from_var("LFME_ALLOWLIST_REFRESH", 60) } else { whitelist_refresh };
    Arc::new(Config {
      lastfm_api_key: var("LFME_LASTFM_API_KEY").expect("last.fm API key must be set").into(),
      google_api_key: var("LFME_GOOGLE_API_KEY").map(Into::into).ok(),


@@ 47,10 48,10 @@ impl Config {
      theme_ext: var("LFME_THEME_EXT").unwrap_or_else(|_| ".hbs".into()).into(),
      theme_debug: var("LFME_THEME_DEV").map(|h| &h == "1").unwrap_or(false),

      whitelist: var("LFME_WHITELIST").ok().map(|w| w.split(',').map(|s| s.trim().to_string()).collect()).unwrap_or_default(),
      whitelist_mode: var("LFME_WHITELIST_MODE").map(|m| m.to_ascii_lowercase()).unwrap_or_else(|_| "open".into()),
      default_refresh: default_refresh + Duration::from_secs(1),
      whitelist_refresh: whitelist_refresh + Duration::from_secs(1)
      allowlist: var("LFME_WHITELIST").or_else(|_| var("LFME_ALLOWLIST")).ok().map(|w| w.split(',').map(|s| s.trim().to_string()).collect()).unwrap_or_default(),
      allowlist_mode: var("LFME_WHITELIST_MODE").or_else(|_| var("LFME_ALLOWLIST_MODE")).map(|m| m.to_ascii_lowercase()).unwrap_or_else(|_| "open".into()),
      default_refresh: default_refresh,
      allowlist_refresh: allowlist_refresh
    })
  }