add support for reading a registration token from a file

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-09-29 01:54:07 -04:00 · 2024-09-29 01:54:07 -04:00 · 7a59add8f1
commit 7a59add8f1
parent ee1580e480
10 changed files with 78 additions and 21 deletions
--- a/src/core/config/check.rs
+++ b/src/core/config/check.rs
@ -94,6 +94,22 @@ pub fn check(config: &Config) -> Result<()> {
 		));
 	}

+	// check if we can read the token file path, and check if the file is empty
+	if config.registration_token_file.as_ref().is_some_and(|path| {
+		let Ok(token) = std::fs::read_to_string(path).inspect_err(|e| {
+			error!("Failed to read the registration token file: {e}");
+		}) else {
+			return true;
+		};
+
+		token == String::new()
+	}) {
+		return Err!(Config(
+			"registration_token_file",
+			"Registration token file was specified but is empty or failed to be read"
+		));
+	}
+
 	if config.max_request_size < 5_120_000 {
 		return Err!(Config(
 			"max_request_size",
@ -111,12 +127,13 @@ pub fn check(config: &Config) -> Result<()> {
 	if config.allow_registration
 		&& !config.yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse
 		&& config.registration_token.is_none()
+		&& config.registration_token_file.is_none()
 	{
 		return Err!(Config(
 			"registration_token",
 			"!! You have `allow_registration` enabled without a token configured in your config which means you are \
 			 allowing ANYONE to register on your conduwuit instance without any 2nd-step (e.g. registration token).\n
-If this is not the intended behaviour, please set a registration token with the `registration_token` config option.\n
+If this is not the intended behaviour, please set a registration token.\n
 For security and safety reasons, conduwuit will shut down. If you are extra sure this is the desired behaviour you \
 			 want, please set the following config option to true:
 `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse`"
@ -126,6 +143,7 @@ For security and safety reasons, conduwuit will shut down. If you are extra sure
 	if config.allow_registration
 		&& config.yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse
 		&& config.registration_token.is_none()
+		&& config.registration_token_file.is_none()
 	{
 		warn!(
 			"Open registration is enabled via setting \
--- a/src/core/config/mod.rs
+++ b/src/core/config/mod.rs
@ -139,6 +139,7 @@ pub struct Config {
 	#[serde(default)]
 	pub yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse: bool,
 	pub registration_token: Option<String>,
+	pub registration_token_file: Option<PathBuf>,
 	#[serde(default = "true_fn")]
 	pub allow_encryption: bool,
 	#[serde(default = "true_fn")]
@ -572,12 +573,20 @@ impl fmt::Display for Config {
 		line("Allow registration", &self.allow_registration.to_string());
 		line(
 			"Registration token",
-			if self.registration_token.is_some() {
-				"set"
+			if self.registration_token.is_none() && self.registration_token_file.is_none() && self.allow_registration {
+				"not set (⚠️ open registration!)"
+			} else if self.registration_token.is_none() && self.registration_token_file.is_none() {
+				"not set"
 			} else {
-				"not set (open registration!)"
+				"set"
 			},
 		);
+		line(
+			"Registration token file path",
+			self.registration_token_file
+				.as_ref()
+				.map_or("", |path| path.to_str().unwrap_or_default()),
+		);
 		line(
 			"Allow guest registration (inherently false if allow registration is false)",
 			&self.allow_guest_registration.to_string(),