···

       
31
       
 
       
    /// - TODO: a rate-limiter will be installed

     

       
32
       
 
       
    #[arg(long)]

     

       
33
       
 
       
    host: Option<String>,

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
34
       
 
       
}

     

       
35
       
 
       


     

       
36
       
 
       
#[tokio::main]

     
···

       
91
       
 
       
            identity,

     

       
92
       
 
       
            repo,

     

       
93
       
 
       
            args.host,

     

       
0
       
 
       

     

       
94
       
 
       
            server_shutdown,

     

       
95
       
 
       
        )

     

       
96
       
 
       
        .await?;

     

···

       
31
       
 
       
    /// - TODO: a rate-limiter will be installed

     

       
32
       
 
       
    #[arg(long)]

     

       
33
       
 
       
    host: Option<String>,

     

       
34
       
+
       
    /// a location to cache acme https certs

     

       
35
       
+
       
    ///

     

       
36
       
+
       
    /// only used if --host is specified. omitting requires re-requesting certs

     

       
37
       
+
       
    /// on every restart, and letsencrypt has rate limits that are easy to hit.

     

       
38
       
+
       
    ///

     

       
39
       
+
       
    /// recommended in production, but mind the file permissions.

     

       
40
       
+
       
    #[arg(long)]

     

       
41
       
+
       
    certs: Option<PathBuf>,

     

       
42
       
 
       
}

     

       
43
       
 
       


     

       
44
       
 
       
#[tokio::main]

     
···

       
99
       
 
       
            identity,

     

       
100
       
 
       
            repo,

     

       
101
       
 
       
            args.host,

     

       
102
       
+
       
            args.certs,

     

       
103
       
 
       
            server_shutdown,

     

       
104
       
 
       
        )

     

       
105
       
 
       
        .await?;

     

···

       
2
       
 
       
use atrium_api::types::string::{Cid, Did, Handle, Nsid, RecordKey};

     

       
3
       
 
       
use foyer::HybridCache;

     

       
4
       
 
       
use serde::Serialize;

     

       
0
       
 
       

     

       
5
       
 
       
use std::str::FromStr;

     

       
6
       
 
       
use std::sync::Arc;

     

       
7
       
 
       
use tokio_util::sync::CancellationToken;

     
···

       
293
       
 
       
    identity: Identity,

     

       
294
       
 
       
    repo: Repo,

     

       
295
       
 
       
    host: Option<String>,

     

       
0
       
 
       

     

       
296
       
 
       
    _shutdown: CancellationToken,

     

       
297
       
 
       
) -> Result<(), ServerError> {

     

       
298
       
 
       
    let repo = Arc::new(repo);

     
···

       
320
       
 
       


     

       
321
       
 
       
        app = app.at("/.well-known/did.json", get_did_doc(&host));

     

       
322
       
 
       


     

       
323
       
-
       
        let auto_cert = AutoCert::builder()

     

       
324
       
 
       
            .directory_url(LETS_ENCRYPT_PRODUCTION)

     

       
325
       
-
       
            .domain(&host)

     

       
326
       
-
       
            .build()

     

       
327
       
-
       
            .map_err(ServerError::AcmeBuildError)?;

     

       
0
       
 
       

     

       
0
       
 
       

     

       
328
       
 
       


     

       
329
       
 
       
        run(TcpListener::bind("0.0.0.0:443").acme(auto_cert), app).await

     

       
330
       
 
       
    } else {

     

···

       
2
       
 
       
use atrium_api::types::string::{Cid, Did, Handle, Nsid, RecordKey};

     

       
3
       
 
       
use foyer::HybridCache;

     

       
4
       
 
       
use serde::Serialize;

     

       
5
       
+
       
use std::path::PathBuf;

     

       
6
       
 
       
use std::str::FromStr;

     

       
7
       
 
       
use std::sync::Arc;

     

       
8
       
 
       
use tokio_util::sync::CancellationToken;

     
···

       
294
       
 
       
    identity: Identity,

     

       
295
       
 
       
    repo: Repo,

     

       
296
       
 
       
    host: Option<String>,

     

       
297
       
+
       
    certs: Option<PathBuf>,

     

       
298
       
 
       
    _shutdown: CancellationToken,

     

       
299
       
 
       
) -> Result<(), ServerError> {

     

       
300
       
 
       
    let repo = Arc::new(repo);

     
···

       
322
       
 
       


     

       
323
       
 
       
        app = app.at("/.well-known/did.json", get_did_doc(&host));

     

       
324
       
 
       


     

       
325
       
+
       
        let mut auto_cert = AutoCert::builder()

     

       
326
       
 
       
            .directory_url(LETS_ENCRYPT_PRODUCTION)

     

       
327
       
+
       
            .domain(&host);

     

       
328
       
+
       
        if let Some(certs) = certs {

     

       
329
       
+
       
            auto_cert = auto_cert.cache_path(certs)

     

       
330
       
+
       
        }

     

       
331
       
+
       
        let auto_cert = auto_cert.build().map_err(ServerError::AcmeBuildError)?;

     

       
332
       
 
       


     

       
333
       
 
       
        run(TcpListener::bind("0.0.0.0:443").acme(auto_cert), app).await

     

       
334
       
 
       
    } else {