Gate NoopAuthorizer behind the noop_authorizer cfg flag

`NoopAuthorizer` is now only accessible via
`RUSTFLAGS="--cfg noop_authorizer" cargo run --no-default-features`.

We want to discourage our users from ever using `NoopAuthorizer`.

Author: tankyleo

.github/workflows/build-and-deploy-rust.yml

@@ -33,17 +33,16 @@ jobs:
       - name: Build and Deploy VSS Server
         run: |
           cd rust
-          cargo build
-          cargo run server/vss-server-config.toml&
+          RUSTFLAGS="--cfg noop_authorizer" cargo run --no-default-features server/vss-server-config.toml&
 
       - name: Hit endpoint to verify service is up
         run: |
-          sleep 5
+          sleep 60
 
           # Put request with store='storeId' and key=k1
           hex=0A0773746F726549641A150A026B3110FFFFFFFFFFFFFFFFFF011A046B317631
-          curl --data-binary "$(echo "$hex" | xxd -r -p)" http://localhost:8080/vss/putObjects
+          curl -f --data-binary "$(echo "$hex" | xxd -r -p)" http://localhost:8080/vss/putObjects
 
           # Get request with store='storeId' and key=k1
           hex=0A0773746F7265496412026B31
-          curl --data-binary "$(echo "$hex" | xxd -r -p)" http://localhost:8080/vss/getObject
+          curl -f --data-binary "$(echo "$hex" | xxd -r -p)" http://localhost:8080/vss/getObject

.github/workflows/ldk-node-integration.yml

@@ -39,8 +39,7 @@ jobs:
       - name: Build and Deploy VSS Server
         run: |
           cd vss-server/rust
-          cargo build
-          cargo run --no-default-features server/vss-server-config.toml&
+          RUSTFLAGS="--cfg noop_authorizer" cargo run --no-default-features server/vss-server-config.toml&
       - name: Run LDK Node Integration tests
         run: |
           cd ldk-node

rust/Cargo.toml

@@ -10,3 +10,7 @@ lto = true
 
 [profile.dev]
 panic = "abort"
+
+[workspace.lints.rust.unexpected_cfgs]
+level = "forbid"
+check-cfg = ['cfg(noop_authorizer)']

rust/api/src/auth.rs

@@ -1,7 +1,6 @@
 use crate::error::VssError;
 use async_trait::async_trait;
 use std::collections::HashMap;
-use std::string::ToString;
 
 /// Response returned for [`Authorizer`] request if user is authenticated and authorized.
 #[derive(Debug, Clone)]
@@ -21,10 +20,13 @@ pub trait Authorizer: Send + Sync {
 }
 
 /// A no-operation authorizer, which lets any user-request go through.
+#[cfg(feature = "_test_utils")]
 pub struct NoopAuthorizer {}
 
+#[cfg(feature = "_test_utils")]
 const UNAUTHENTICATED_USER: &str = "unauth-user";
 
+#[cfg(feature = "_test_utils")]
 #[async_trait]
 impl Authorizer for NoopAuthorizer {
 	async fn verify(

rust/server/Cargo.toml

@@ -24,3 +24,9 @@ toml = { version = "0.8.9", default-features = false, features = ["parse"] }
 log = { version = "0.4.29", default-features = false, features = ["std"] }
 chrono = { version = "0.4", default-features = false, features = ["clock"] }
 rand = { version = "0.9.2", default-features = false }
+
+[target.'cfg(noop_authorizer)'.dependencies]
+api = { path = "../api", features = ["_test_utils"] }
+
+[lints]
+workspace = true

rust/server/src/main.rs

@@ -19,7 +19,9 @@ use hyper_util::rt::TokioIo;
 
 use log::{error, info, warn};
 
-use api::auth::{Authorizer, NoopAuthorizer};
+use api::auth::Authorizer;
+#[cfg(noop_authorizer)]
+use api::auth::NoopAuthorizer;
 use api::kv_store::KvStore;
 #[cfg(feature = "jwt")]
 use auth_impls::jwt::JWTAuthorizer;
@@ -98,13 +100,21 @@ fn main() {
 				authorizer = Some(Arc::new(SignatureValidatingAuthorizer));
 			}
 		}
+
+		#[cfg(noop_authorizer)]
 		let authorizer = if let Some(auth) = authorizer {
 			auth
 		} else {
 			warn!("No authentication method configured, all storage with the same store id will be commingled.");
 			Arc::new(NoopAuthorizer {})
 		};
 
+		#[cfg(not(noop_authorizer))]
+		let authorizer = authorizer.unwrap_or_else(||  {
+			error!("No authentication method configured, please configure either `JWTAuthorizer` or `SignatureValidatingAuthorizer`");
+			std::process::exit(-1);
+		});
+
 		let store: Arc<dyn KvStore> = if let Some(crt_pem) = config.tls_config {
 			let postgres_tls_backend = PostgresTlsBackend::new(
 				&config.postgresql_prefix,