diff --git a/README.md b/README.md index 2073d09..84b25e5 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,8 @@ setup. The FROM field of the mails can be configured with the `-F` switch. Usage ----- +### HKP + Hagrid implements basic HKP (`op=get` and `op=index`) so tools like GnuPG and OpenKeychain can use it directly. The differences to SKS are @@ -39,15 +41,17 @@ OpenKeychain can use it directly. The differences to SKS are Uploading a key via the HKP interface will trigger verification emails to be send. +### VKS + Hagrid has it's own URL scheme to fetch keys, verify user IDs and delete keys. It's meant to be machine readable, but it's not a REST API. The following URLs are handled. -- `GET /by-fingerprint/` retrieves the key with the given +- `GET /vks/by-fingerprint/` retrieves the key with the given fingerprint. Hexadecimal digits must be uppercase. -- `GET /by-keyid/` retrieves the key with the given long key +- `GET /vks/by-keyid/` retrieves the key with the given long key ID. Hexadecimal digits must be uppercase. -- `GET /by-email/` retrieves the key with the given user +- `GET /vks/by-email/` retrieves the key with the given user ID. Only exact matches are accepted. - `GET /vks/verify/` verifies a user ID using a token string send by email. @@ -102,12 +106,13 @@ in the above example). Reverse Proxy ------------- -Hagrid is designed to defer lookups to reverse proxy server like Nginx and -Apache. The key database is a set of 3 directories with static files in them. -The directory structure reflects Hagrids URL scheme. This way, lookups via -`by-fpr`, `by-email` and `by-kid` can be handled by (multiple) simple HTTP -server(s). A sample configuration for Nginx is part of the repository -(`nginx.conf`). +Hagrid is designed to defer lookups to reverse proxy server like Nginx +and Apache. The key database is a set of 3 directories with static +files in them. The directory structure reflects Hagrids URL +scheme. This way, lookups via `/vks/by-finingerprint`, +`/vks/by-keyid`, and `/vks/by-email` can be handled by (multiple) +simple HTTP server(s). A sample configuration for Nginx is part of the +repository (`nginx.conf`). Community --------- diff --git a/dist/templates/found.html.hbs b/dist/templates/found.html.hbs index 608bd88..af5b2d6 100644 --- a/dist/templates/found.html.hbs +++ b/dist/templates/found.html.hbs @@ -5,6 +5,6 @@

You can get it with GnuPG using the following snippet:

- 
gpg --fetch-keys https://{{ domain }}/by-fingerprint/{{ fpr }}
+ 
gpg --fetch-keys https://{{ domain }}/vks/by-fingerprint/{{ fpr }}
{{/layout}} diff --git a/hagrid-routes.conf b/hagrid-routes.conf index 63c5b0f..00195f1 100644 --- a/hagrid-routes.conf +++ b/hagrid-routes.conf @@ -1,22 +1,22 @@ # this routing file is included in the hagrid http block # it is assumed that hagrid runs on localhost:8080 -location /by-email/ { - rewrite "^/by-email/([^/]{2})([^/]*)$" /by-email/$1/$2 break; +location /vks/by-email/ { + rewrite "^/vks/by-email/([^/]{2})([^/]*)$" /by-email/$1/$2 break; default_type application/pgp-keys; add_header Content-Disposition 'attachment; filename="$1$2.asc"'; try_files /$uri =404; } -location /by-fingerprint/ { - rewrite ^/by-fingerprint/(0x)?([^/][^/])(..*)$ /by-fingerprint/$2$3 break; +location /vks/by-fingerprint/ { + rewrite ^/vks/by-fingerprint/(0x)?([^/][^/])(..*)$ /vks/by-fingerprint/$2$3 break; default_type application/pgp-keys; add_header Content-Disposition 'attachment; filename="$2$3.asc"'; try_files /by-fpr/$2/$3 @fallback; } -location /by-keyid/ { - rewrite ^/by-keyid/(0x)?([^/][^/])(.*)$ /by-keyid/$2$3 break; +location /vks/by-keyid/ { + rewrite ^/vks/by-keyid/(0x)?([^/][^/])(.*)$ /vks/by-keyid/$2$3 break; default_type application/pgp-keys; add_header Content-Disposition 'attachment; filename="$2$3.asc"'; try_files /by-keyid/$2/$3 @fallback; @@ -33,14 +33,14 @@ location /pks/lookup { if ($args ~ "^op=get&options=mr&?search=(0x)?([A-F0-9]{2})([A-F0-9]{14})$") { set $dir $2; set $file $3; - rewrite . /by-keyid/$dir/$file; + rewrite . /vks/by-keyid/$dir/$file; } # gpg --receive-keys if ($args ~ "^op=get&options=mr&?search=(0x)?([A-F0-9]{2})([A-F0-9]{38})$") { set $dir $2; set $file $3; - rewrite . /by-fingerprint/$dir/$file; + rewrite . /vks/by-fingerprint/$dir/$file; } # gpg --locate-key @@ -48,7 +48,7 @@ location /pks/lookup { set $dir $1; set $local $2; set $horst $4; - rewrite . /by-email/$dir/$local%40$horst; + rewrite . /vks/by-email/$dir/$local%40$horst; } proxy_pass http://127.0.0.1:8080; diff --git a/src/web/mod.rs b/src/web/mod.rs index ba07762..4e228e7 100644 --- a/src/web/mod.rs +++ b/src/web/mod.rs @@ -351,7 +351,7 @@ fn key_to_hkp_index<'a>(armored: String) -> MyResponse { } -#[get("/by-fingerprint/")] +#[get("/vks/by-fingerprint/")] fn by_fingerprint(db: rocket::State, domain: rocket::State, fpr: String) -> MyResponse { let maybe_key = match Fingerprint::from_str(&fpr) { Ok(ref fpr) => db.by_fpr(fpr), @@ -365,7 +365,7 @@ fn by_fingerprint(db: rocket::State, domain: rocket::State, } } -#[get("/by-email/")] +#[get("/vks/by-email/")] fn by_email(db: rocket::State, domain: rocket::State, email: String) -> MyResponse { let maybe_key = match Email::from_str(&email) { Ok(ref email) => db.by_email(email), @@ -380,7 +380,7 @@ fn by_email(db: rocket::State, domain: rocket::State, email } } -#[get("/by-keyid/")] +#[get("/vks/by-keyid/")] fn by_keyid(db: rocket::State, domain: rocket::State, kid: String) -> MyResponse { let maybe_key = match KeyID::from_str(&kid) { Ok(ref key) => db.by_kid(key), @@ -811,8 +811,8 @@ mod tests { assert_eq!(tpk_.userids().count(), 0); } - check_mr_response(&client, &format!("/by-keyid/{}", keyid), &tpk); - check_mr_response(&client, &format!("/by-fingerprint/{}", fp), &tpk); + check_mr_response(&client, &format!("/vks/by-keyid/{}", keyid), &tpk); + check_mr_response(&client, &format!("/vks/by-fingerprint/{}", fp), &tpk); check_mr_response( &client, &format!("/pks/lookup?op=get&options=mr&search={}", fp),