seperate secrets config file

4 files changed, 13 insertions, 11 deletions

diff --git a/server/src/main.rs b/server/src/main.rs
index 6862a98..fbfbba6 100644
--- a/server/src/main.rs
+++ b/server/src/main.rs
@@ -10,9 +10,7 @@
 use crate::routes::ui::{account::hash_password, admin::log::enable_logging};
 use database::DataAcid;
 use jellybase::{
-    database::{ReadableTable, Ser, T_USER},
-    federation::Federation,
-    CONF,
+    database::{ReadableTable, Ser, T_USER}, federation::Federation, CONF, SECRETS
 };
 use jellycommon::user::{PermissionSet, Theme, User};
 use log::{error, info, warn};
@@ -33,7 +31,7 @@ async fn main() {
     let federation = Federation::initialize();
 
     if let Some(username) = &CONF.admin_username
-        && let Some(password) = &CONF.admin_password
+        && let Some(password) = &SECRETS.admin_password
     {
         let txn = database.begin_write().unwrap();
         let mut users = txn.open_table(T_USER).unwrap();
diff --git a/server/src/routes/mod.rs b/server/src/routes/mod.rs
index 6bc5127..d6c1e9f 100644
--- a/server/src/routes/mod.rs
+++ b/server/src/routes/mod.rs
@@ -6,7 +6,7 @@
 use crate::{database::DataAcid, routes::ui::error::MyResult};
 use api::{r_api_account_login, r_api_node_raw, r_api_root, r_api_version};
 use base64::Engine;
-use jellybase::{federation::Federation, CONF};
+use jellybase::{federation::Federation, CONF, SECRETS};
 use log::warn;
 use rand::random;
 use rocket::{
@@ -59,7 +59,8 @@ pub fn build_rocket(database: DataAcid, federation: Federation) -> Rocket<Build>
                 .map(|e| e.parse().unwrap())
                 .unwrap_or(8000),
             secret_key: SecretKey::derive_from(
-                CONF.cookie_key
+                SECRETS
+                    .cookie_key
                     .clone()
                     .unwrap_or_else(|| {
                         warn!("cookie_key not configured, generating a random one.");
diff --git a/server/src/routes/stream.rs b/server/src/routes/stream.rs
index c033bda..5c21a5a 100644
--- a/server/src/routes/stream.rs
+++ b/server/src/routes/stream.rs
@@ -10,9 +10,10 @@ use jellybase::{
     database::{TableExt, T_NODE},
     federation::Federation,
     permission::{NodePermissionExt, PermissionSetExt},
-    CONF,
+    SECRETS,
 };
 use jellycommon::{
+    config::FederationAccount,
     stream::StreamSpec,
     user::{CreateSessionParams, UserPermission},
     TrackSource,
@@ -77,8 +78,10 @@ pub async fn r_stream(
                 .last()
                 .ok_or(anyhow!("federation inconsistent"))?;
 
-            let (username, password, _) = CONF
-                .remote_credentials
+            let FederationAccount {
+                password, username, ..
+            } = SECRETS
+                .federation
                 .get(host)
                 .ok_or(anyhow!("no credentials on the server-side"))?;
 
diff --git a/server/src/routes/ui/account/session/token.rs b/server/src/routes/ui/account/session/token.rs
index 969207d..9cc0c4f 100644
--- a/server/src/routes/ui/account/session/token.rs
+++ b/server/src/routes/ui/account/session/token.rs
@@ -11,13 +11,13 @@ use aes_gcm_siv::{
 use anyhow::anyhow;
 use base64::Engine;
 use chrono::{Duration, Utc};
-use jellybase::CONF;
+use jellybase::SECRETS;
 use jellycommon::user::PermissionSet;
 use log::warn;
 use std::sync::LazyLock;
 
 static SESSION_KEY: LazyLock<[u8; 32]> = LazyLock::new(|| {
-    if let Some(sk) = &CONF.session_key {
+    if let Some(sk) = &SECRETS.session_key {
         let r = base64::engine::general_purpose::STANDARD
             .decode(sk)
             .expect("key invalid; should be valid base64");