cmd/anubis: allow setting key bytes in flag/envvar (#97)

* cmd/anubis: allow setting key bytes in flag/envvar Docs are updated to generate a random key on load and when people press the recycle button. Signed-off-by: Xe Iaso <me@xeiaso.net> * review feedback fixups Signed-off-by: Xe Iaso <me@xeiaso.net> * Update cmd/anubis/main.go Signed-off-by: Xe Iaso <me@xeiaso.net> * Apply suggestions from code review Co-authored-by: Ryan Cao <70191398+ryanccn@users.noreply.github.com> Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net> Co-authored-by: Ryan Cao <70191398+ryanccn@users.noreply.github.com>
2025-03-25 17:02:48 -04:00 · 2025-03-25 17:02:48 -04:00 · 4155719422
commit 4155719422
parent f29a200f09
6 changed files with 143 additions and 29 deletions
--- a/lib/anubis.go
+++ b/lib/anubis.go
@ -66,6 +66,7 @@ type Options struct {
 	Next           http.Handler
 	Policy         *policy.ParsedConfig
 	ServeRobotsTXT bool
+	PrivateKey     ed25519.PrivateKey
 }

 func LoadPoliciesOrDefault(fname string, defaultDifficulty int) (*policy.ParsedConfig, error) {
@ -93,15 +94,19 @@ func LoadPoliciesOrDefault(fname string, defaultDifficulty int) (*policy.ParsedC
 }

 func New(opts Options) (*Server, error) {
-	pub, priv, err := ed25519.GenerateKey(rand.Reader)
-	if err != nil {
-		return nil, fmt.Errorf("failed to generate ed25519 key: %w", err)
+	if opts.PrivateKey == nil {
+		slog.Debug("opts.PrivateKey not set, generating a new one")
+		_, priv, err := ed25519.GenerateKey(rand.Reader)
+		if err != nil {
+			return nil, fmt.Errorf("lib: can't generate private key: %v", err)
+		}
+		opts.PrivateKey = priv
 	}

 	result := &Server{
 		next:       opts.Next,
-		priv:       priv,
-		pub:        pub,
+		priv:       opts.PrivateKey,
+		pub:        opts.PrivateKey.Public().(ed25519.PublicKey),
 		policy:     opts.Policy,
 		DNSBLCache: decaymap.New[string, dnsbl.DroneBLResponse](),
 	}