Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Running error!!![frontend] missing field origin #152

Closed
foosaa opened this issue May 19, 2023 · 4 comments · Fixed by #155
Closed

Running error!!![frontend] missing field origin #152

foosaa opened this issue May 19, 2023 · 4 comments · Fixed by #155
Assignees
Labels
C-question Category: Question M-deployment Module: Deployment

Comments

@foosaa
Copy link

foosaa commented May 19, 2023

alexandrie.toml :

[general]
bind_address = "127.0.0.1:3000"

[frontend]
enabled = true
title = "Alexandrie"
description = "An alternative crate registry for Cargo, the Rust package manager."
links = [
{ name = "Github repository", href = "https://github.com/Hirevo/alexandrie" },
{ name = "User documentation", href = "https://hirevo.github.io/alexandrie" },
]

[frontend.sessions]
cookie_name = "alexandrie.sid"
secret = "YOU_REALLY_SHOULD_CHANGE_THIS_BEFORE_DEPLOYING"

[frontend.assets]
path = "assets"

[frontend.templates]
path = "templates"

[frontend.auth.local]
enabled = true
allow_registration = true

[frontend.auth.github]
enabled = false
client_id = "GITHUB_OAUTH_CLIENT_ID"
client_secret = "GITHUB_OAUTH_CLIENT_SECRET"

allowed_organizations = [
# Using this organization does not requires any specific team membership.
{ name = "ORG_NAME_1" },
# But using this one does requires membership in one of specified teams.
{ name = "ORG_NAME_2", allowed_teams = ["TEAM_NAME"] },
]
allow_registration = true

[frontend.auth.gitlab]
enabled = false
origin = "https://gitlab.com"
client_id = "GITLAB_OAUTH_CLIENT_ID"
client_secret = "GITLAB_OAUTH_CLIENT_SECRET"

allowed_groups = [
"GROUP_1",
"GROUP_2",
]
allow_registration = true

[database]
url = "alexandrie.db"

[index]
type = "command-line"
path = "crate-index"

[storage]
type = "disk"
path = "crate-storage"

[syntect.syntaxes]
type = "dump"
path = "syntect/dumps/syntaxes.dump"

[syntect.themes]
type = "dump"
path = "syntect/dumps/themes.dump"
theme_name = "frontier-contrast"

Execute a command:

./target/debug/alexandrie -c alexandrie.toml

Error occurs:

TOML error: TOML parse error at line 4, column 1
|
4 | [frontend]
| ^^^^^^^^^^
missing field origin

How should I change it?

@Hirevo
Copy link
Owner

Hirevo commented May 19, 2023

Hi,
It seems that I missed to include a needed field in the example configuration.
Please try to insert the following option to your alexandrie.toml file, and try again:

[frontend.auth]
# You need to replace this by the origin of the endpoint with which users will access your Alexandrie instance.
# This is needed for creating the correct `redirect_uri` for OAuth 2 authentication flows (currently: GitHub/GitLab).
# If you are not using GitHub or GitLab to authenticate, then this value will never be used and can be set to anything.
origin = "http://localhost:3000"

This should resolve your issue, feel free to comment here again if the error persists or if you encounter another configuration-related error.

@Hirevo Hirevo added C-question Category: Question M-deployment Module: Deployment labels May 19, 2023
@Hirevo Hirevo self-assigned this May 19, 2023
@foosaa
Copy link
Author

foosaa commented May 21, 2023

@Hirevo Hi,Please tell me, how to make it necessary to log in to see the content, otherwise there is only one login page? Thank you!😁

@Hirevo
Copy link
Owner

Hirevo commented May 22, 2023

While what you're asking for is not possible as of today, this is a feature that would indeed be useful, and interest for exactly this has already been expressed in #93.

I think I should definitely work on the ability to make the frontend inaccessible to logged-out users.

But keep in mind that Cargo itself does not send authorization tokens for all API endpoints (like the crate download and search endpoints that cargo uses in cargo fetch and cargo search, for example), as described in the Cargo's alternative registry documentation.

This means that logged-out users, despite being unable to access the frontend, would still be able to download or search the crates, if they know which endpoints to hit.

This was the reason why I haven't implemented it to be fully private in my initial iteration of Alexandrie.

The Cargo team has accepted an RFC (rust-lang/rfcs#3139) proposing to add a new auth-required configuration option (both in the registry's index and in the users' configuration) to require Cargo to send the authorization tokens for absolutely all API endpoints.

While the RFC has been accepted and the implementation work in Cargo has been done, the feature is still unstable (tracking issue: rust-lang/cargo#10474), and therefore only usable using Nightly Rust.

Still, I think this should not block the work to make atleast the frontend private, and possibly start working on the foundations in preparation of the upcoming stabilization of that Cargo feature.
I just need to get around to design and implement this properly.

I hope that, in the time being, the absence of this feature is not too much of an inconvenience.

(Since the support of this feature is unrelated to this GitHub issue, I'll be closing it through the merge of PR #155)

@foosaa
Copy link
Author

foosaa commented May 23, 2023

@Hirevo
Thank you very much for your professional answer. There is not much impact at present, and I look forward to getting better and better. Thank you for your contribution to the community!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
C-question Category: Question M-deployment Module: Deployment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants