Add --keys flag for server (#1116)

* Add --keys flag for server So that we can place the keys directory outside the mirror * Address comment Co-authored-by: Ti Chi Robot <[email protected]>
pingcap · Feb 2, 2021 · 5380253 · 5380253
1 parent 3299053
commit 5380253
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 8 deletions.
diff --git a/pkg/repository/mirror.go b/pkg/repository/mirror.go
@@ -23,6 +23,7 @@ import (
 	"net/http"
 	"net/url"
 	"os"
+	"path"
 	"path/filepath"
 	"strconv"
 	"strings"
@@ -65,6 +66,7 @@ type (
 	MirrorOptions struct {
 		Progress DownloadProgress
 		Upstream string
+		KeyDir   string
 	}
 
 	// Mirror represents a repository mirror, which can be remote HTTP
@@ -98,11 +100,12 @@ func NewMirror(mirror string, options MirrorOptions) Mirror {
 			options: options,
 		}
 	}
-	return &localFilesystem{rootPath: mirror, upstream: options.Upstream}
+	return &localFilesystem{rootPath: mirror, keyDir: options.KeyDir, upstream: options.Upstream}
 }
 
 type localFilesystem struct {
 	rootPath string
+	keyDir   string
 	upstream string
 	keys     map[string]*v1manifest.KeyInfo
 }
@@ -122,17 +125,19 @@ func (l *localFilesystem) Open() error {
 		return errors.Errorf("local system mirror `%s` should be a directory", l.rootPath)
 	}
 
-	if utils.IsNotExist(filepath.Join(l.rootPath, "keys")) {
+	if l.keyDir == "" {
+		l.keyDir = path.Join(l.rootPath, "keys")
+	}
+	if utils.IsNotExist(l.keyDir) {
 		return nil
 	}
-
 	return l.loadKeys()
 }
 
 // load mirror keys
 func (l *localFilesystem) loadKeys() error {
 	l.keys = make(map[string]*v1manifest.KeyInfo)
-	return filepath.Walk(filepath.Join(l.rootPath, "keys"), func(path string, info os.FileInfo, err error) error {
+	return filepath.Walk(l.keyDir, func(path string, info os.FileInfo, err error) error {
 		if err != nil {
 			return err
 		}

diff --git a/server/handler/component.go b/server/handler/component.go
@@ -99,6 +99,8 @@ func (h *componentSigner) sign(r *http.Request, m *v1manifest.RawManifest) (sr *
 	switch err := h.mirror.Publish(manifest, info); err {
 	case model.ErrorConflict:
 		return nil, ErrorManifestConflict
+	case model.ErrorWrongSignature:
+		return nil, ErrorForbiden
 	case nil:
 		return nil, nil
 	default:

diff --git a/server/main.go b/server/main.go
@@ -23,6 +23,7 @@ import (
 
 func main() {
 	addr := "0.0.0.0:8989"
+	keyDir := ""
 	upstream := "https://tiup-mirrors.pingcap.com"
 
 	cmd := &cobra.Command{
@@ -33,7 +34,7 @@ func main() {
 				return cmd.Help()
 			}
 
-			s, err := newServer(args[0], upstream)
+			s, err := newServer(args[0], keyDir, upstream)
 			if err != nil {
 				return err
 			}
@@ -42,7 +43,8 @@ func main() {
 		},
 	}
 	cmd.Flags().StringVarP(&addr, "addr", "", addr, "addr to listen")
-	cmd.Flags().StringVarP(&upstream, "upstream", "", upstream, "specific the upstream mirror")
+	cmd.Flags().StringVarP(&keyDir, "key-dir", "", keyDir, "specify the directory where stores the private keys")
+	cmd.Flags().StringVarP(&upstream, "upstream", "", upstream, "specify the upstream mirror")
 
 	if err := cmd.Execute(); err != nil {
 		log.Errorf("Execute command: %s", err.Error())

diff --git a/server/server.go b/server/server.go
@@ -28,8 +28,8 @@ type server struct {
 }
 
 // NewServer returns a pointer to server
-func newServer(rootDir, upstream string) (*server, error) {
-	mirror := repository.NewMirror(rootDir, repository.MirrorOptions{Upstream: upstream})
+func newServer(rootDir, keyDir, upstream string) (*server, error) {
+	mirror := repository.NewMirror(rootDir, repository.MirrorOptions{Upstream: upstream, KeyDir: keyDir})
 	if err := mirror.Open(); err != nil {
 		return nil, err
 	}