Add secrecy.

This commit is contained in:
Luca Palmieri 2021-12-27 13:07:19 +01:00
parent 7129a0d4b4
commit fc2f484971
5 changed files with 51 additions and 20 deletions

17
Cargo.lock generated
View file

@ -1480,6 +1480,16 @@ dependencies = [
"untrusted", "untrusted",
] ]
[[package]]
name = "secrecy"
version = "0.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9bd1c54ea06cfd2f6b63219704de0b9b4f72dcc2b8fdef820be6cd799780e91e"
dependencies = [
"serde",
"zeroize",
]
[[package]] [[package]]
name = "security-framework" name = "security-framework"
version = "2.4.2" version = "2.4.2"
@ -2396,6 +2406,7 @@ dependencies = [
"config", "config",
"once_cell", "once_cell",
"reqwest", "reqwest",
"secrecy",
"serde", "serde",
"sqlx", "sqlx",
"tokio", "tokio",
@ -2407,6 +2418,12 @@ dependencies = [
"uuid", "uuid",
] ]
[[package]]
name = "zeroize"
version = "1.4.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d68d9dcec5f9b43a30d38c49f91dfedfaac384cb8f085faca366c26207dd1619"
[[package]] [[package]]
name = "zstd" name = "zstd"
version = "0.9.1+zstd.1.5.1" version = "0.9.1+zstd.1.5.1"

View file

@ -25,6 +25,7 @@ tracing-subscriber = { version = "0.3", features = ["registry", "env-filter"] }
tracing-bunyan-formatter = "0.3.1" tracing-bunyan-formatter = "0.3.1"
tracing-log = "0.1.1" tracing-log = "0.1.1"
tracing-actix-web = "0.5.0-beta.6" tracing-actix-web = "0.5.0-beta.6"
secrecy = { version = "0.8", features = ["serde"] }
[dev-dependencies] [dev-dependencies]
reqwest = { version = "0.11", features = ["json"] } reqwest = { version = "0.11", features = ["json"] }

View file

@ -1,3 +1,5 @@
use secrecy::{ExposeSecret, Secret};
#[derive(serde::Deserialize)] #[derive(serde::Deserialize)]
pub struct Settings { pub struct Settings {
pub database: DatabaseSettings, pub database: DatabaseSettings,
@ -7,25 +9,32 @@ pub struct Settings {
#[derive(serde::Deserialize)] #[derive(serde::Deserialize)]
pub struct DatabaseSettings { pub struct DatabaseSettings {
pub username: String, pub username: String,
pub password: String, pub password: Secret<String>,
pub port: u16, pub port: u16,
pub host: String, pub host: String,
pub database_name: String, pub database_name: String,
} }
impl DatabaseSettings { impl DatabaseSettings {
pub fn connection_string(&self) -> String { pub fn connection_string(&self) -> Secret<String> {
format!( Secret::new(format!(
"postgres://{}:{}@{}:{}/{}", "postgres://{}:{}@{}:{}/{}",
self.username, self.password, self.host, self.port, self.database_name self.username,
) self.password.expose_secret(),
self.host,
self.port,
self.database_name
))
} }
pub fn connection_string_without_db(&self) -> String { pub fn connection_string_without_db(&self) -> Secret<String> {
format!( Secret::new(format!(
"postgres://{}:{}@{}:{}", "postgres://{}:{}@{}:{}",
self.username, self.password, self.host, self.port self.username,
) self.password.expose_secret(),
self.host,
self.port
))
} }
} }

View file

@ -1,18 +1,20 @@
use secrecy::ExposeSecret;
use sqlx::postgres::PgPool; use sqlx::postgres::PgPool;
use std::net::TcpListener; use std::net::TcpListener;
use zero2prod::configuration::get_configuration; use zero2prod::configuration::get_configuration;
use zero2prod::startup::run; use zero2prod::startup::run;
use zero2prod::telemetry::{get_subscriber, init_subscriber}; use zero2prod::telemetry::{get_subscriber, init_subscriber};
#[actix_web::main] #[tokio::main]
async fn main() -> std::io::Result<()> { async fn main() -> std::io::Result<()> {
let subscriber = get_subscriber("zero2prod".into(), "info".into(), std::io::stdout); let subscriber = get_subscriber("zero2prod".into(), "info".into(), std::io::stdout);
init_subscriber(subscriber); init_subscriber(subscriber);
let configuration = get_configuration().expect("Failed to read configuration."); let configuration = get_configuration().expect("Failed to read configuration.");
let connection_pool = PgPool::connect(&configuration.database.connection_string()) let connection_pool =
.await PgPool::connect(&configuration.database.connection_string().expose_secret())
.expect("Failed to connect to Postgres."); .await
.expect("Failed to connect to Postgres.");
// Here we choose to bind explicitly to localhost, 127.0.0.1, for security // Here we choose to bind explicitly to localhost, 127.0.0.1, for security
// reasons. This binding may cause issues in some environments. For example, // reasons. This binding may cause issues in some environments. For example,

View file

@ -1,4 +1,5 @@
use once_cell::sync::Lazy; use once_cell::sync::Lazy;
use secrecy::ExposeSecret;
use sqlx::{Connection, Executor, PgConnection, PgPool}; use sqlx::{Connection, Executor, PgConnection, PgPool};
use std::net::TcpListener; use std::net::TcpListener;
use uuid::Uuid; use uuid::Uuid;
@ -48,16 +49,17 @@ async fn spawn_app() -> TestApp {
pub async fn configure_database(config: &DatabaseSettings) -> PgPool { pub async fn configure_database(config: &DatabaseSettings) -> PgPool {
// Create database // Create database
let mut connection = PgConnection::connect(&config.connection_string_without_db()) let mut connection =
.await PgConnection::connect(&config.connection_string_without_db().expose_secret())
.expect("Failed to connect to Postgres"); .await
.expect("Failed to connect to Postgres");
connection connection
.execute(&*format!(r#"CREATE DATABASE "{}";"#, config.database_name)) .execute(&*format!(r#"CREATE DATABASE "{}";"#, config.database_name))
.await .await
.expect("Failed to create database."); .expect("Failed to create database.");
// Migrate database // Migrate database
let connection_pool = PgPool::connect(&config.connection_string()) let connection_pool = PgPool::connect(&config.connection_string().expose_secret())
.await .await
.expect("Failed to connect to Postgres."); .expect("Failed to connect to Postgres.");
sqlx::migrate!("./migrations") sqlx::migrate!("./migrations")
@ -68,7 +70,7 @@ pub async fn configure_database(config: &DatabaseSettings) -> PgPool {
connection_pool connection_pool
} }
#[actix_rt::test] #[tokio::test]
async fn health_check_works() { async fn health_check_works() {
// Arrange // Arrange
let app = spawn_app().await; let app = spawn_app().await;
@ -87,7 +89,7 @@ async fn health_check_works() {
assert_eq!(Some(0), response.content_length()); assert_eq!(Some(0), response.content_length());
} }
#[actix_rt::test] #[tokio::test]
async fn subscribe_returns_a_200_for_valid_form_data() { async fn subscribe_returns_a_200_for_valid_form_data() {
// Arrange // Arrange
let app = spawn_app().await; let app = spawn_app().await;
@ -115,7 +117,7 @@ async fn subscribe_returns_a_200_for_valid_form_data() {
assert_eq!(saved.name, "le guin"); assert_eq!(saved.name, "le guin");
} }
#[actix_rt::test] #[tokio::test]
async fn subscribe_returns_a_400_when_data_is_missing() { async fn subscribe_returns_a_400_when_data_is_missing() {
// Arrange // Arrange
let app = spawn_app().await; let app = spawn_app().await;