search

Hirevo / alexandrie

An alternative crate registry, implemented in Rust.
https://hirevo.github.io/alexandrie/
Apache License 2.0
493 stars 55 forks source link

Running error!!![frontend] missing field `origin` #152

Closed foosaa closed 1 year ago

foosaa commented 1 year ago

alexandrie.toml :

[general] bind_address = "127.0.0.1:3000"

[frontend] enabled = true title = "Alexandrie" description = "An alternative crate registry for Cargo, the Rust package manager." links = [ { name = "Github repository", href = "https://github.com/Hirevo/alexandrie" }, { name = "User documentation", href = "https://hirevo.github.io/alexandrie" }, ]

[frontend.sessions] cookie_name = "alexandrie.sid" secret = "YOU_REALLY_SHOULD_CHANGE_THIS_BEFORE_DEPLOYING"

[frontend.assets] path = "assets"

[frontend.templates] path = "templates"

[frontend.auth.local] enabled = true allow_registration = true

[frontend.auth.github] enabled = false client_id = "GITHUB_OAUTH_CLIENT_ID" client_secret = "GITHUB_OAUTH_CLIENT_SECRET"

allowed_organizations = [

Using this organization does not requires any specific team membership.

{ name = "ORG_NAME_1" },
# But using this one does requires membership in one of specified teams.
{ name = "ORG_NAME_2", allowed_teams = ["TEAM_NAME"] },

] allow_registration = true

[frontend.auth.gitlab] enabled = false origin = "https://gitlab.com" client_id = "GITLAB_OAUTH_CLIENT_ID" client_secret = "GITLAB_OAUTH_CLIENT_SECRET"

allowed_groups = [ "GROUP_1", "GROUP_2", ] allow_registration = true

[database] url = "alexandrie.db"

[index] type = "command-line" path = "crate-index"

[storage] type = "disk" path = "crate-storage"

[syntect.syntaxes] type = "dump" path = "syntect/dumps/syntaxes.dump"

[syntect.themes] type = "dump" path = "syntect/dumps/themes.dump" theme_name = "frontier-contrast"

Execute a command:

./target/debug/alexandrie -c alexandrie.toml

Error occurs:

TOML error: TOML parse error at line 4, column 1 | 4 | [frontend] | ^^^^^^^^^^ missing field origin

How should I change it?

Hirevo commented 1 year ago

Hi,
It seems that I missed to include a needed field in the example configuration.
Please try to insert the following option to your alexandrie.toml file, and try again:

[frontend.auth]
# You need to replace this by the origin of the endpoint with which users will access your Alexandrie instance.
# This is needed for creating the correct `redirect_uri` for OAuth 2 authentication flows (currently: GitHub/GitLab).
# If you are not using GitHub or GitLab to authenticate, then this value will never be used and can be set to anything.
origin = "http://localhost:3000"

This should resolve your issue, feel free to comment here again if the error persists or if you encounter another configuration-related error.

foosaa commented 1 year ago

@Hirevo Hi,Please tell me, how to make it necessary to log in to see the content, otherwise there is only one login page? Thank you!😁

Hirevo commented 1 year ago

While what you're asking for is not possible as of today, this is a feature that would indeed be useful, and interest for exactly this has already been expressed in #93.

I think I should definitely work on the ability to make the frontend inaccessible to logged-out users.

But keep in mind that Cargo itself does not send authorization tokens for all API endpoints (like the crate download and search endpoints that cargo uses in cargo fetch and cargo search, for example), as described in the Cargo's alternative registry documentation.

This means that logged-out users, despite being unable to access the frontend, would still be able to download or search the crates, if they know which endpoints to hit.

This was the reason why I haven't implemented it to be fully private in my initial iteration of Alexandrie.

The Cargo team has accepted an RFC (rust-lang/rfcs#3139) proposing to add a new auth-required configuration option (both in the registry's index and in the users' configuration) to require Cargo to send the authorization tokens for absolutely all API endpoints.

While the RFC has been accepted and the implementation work in Cargo has been done, the feature is still unstable (tracking issue: rust-lang/cargo#10474), and therefore only usable using Nightly Rust.

Still, I think this should not block the work to make atleast the frontend private, and possibly start working on the foundations in preparation of the upcoming stabilization of that Cargo feature.
I just need to get around to design and implement this properly.

I hope that, in the time being, the absence of this feature is not too much of an inconvenience.

(Since the support of this feature is unrelated to this GitHub issue, I'll be closing it through the merge of PR #155)

foosaa commented 1 year ago

@Hirevo Thank you very much for your professional answer. There is not much impact at present, and I look forward to getting better and better. Thank you for your contribution to the community!