feat: add an option to allow http directory serving in aggregator

mithril-aggregator/src/configuration.rs

@@ -186,6 +186,9 @@ pub struct Configuration {
 
     /// Time interval at which usage metrics are persisted in event database (in seconds).
     pub persist_usage_report_interval_in_seconds: u64,
+
+    /// If set to true, the HTTP server can serve static directories.
+    pub allow_http_serve_directory: bool,
 }
 
 /// Uploader needed to copy the snapshot once computed.
@@ -270,6 +273,7 @@ impl Configuration {
             metrics_server_ip: "0.0.0.0".to_string(),
             metrics_server_port: 9090,
             persist_usage_report_interval_in_seconds: 10,
+            allow_http_serve_directory: false,
         }
     }
 
@@ -411,6 +415,9 @@ pub struct DefaultConfiguration {
 
     /// Time interval at which metrics are persisted in event database (in seconds).
     pub persist_usage_report_interval_in_seconds: u64,
+
+    /// If set to true, the HTTP server can serve static directories.
+    pub allow_http_serve_directory: bool,
 }
 
 impl Default for DefaultConfiguration {
@@ -443,6 +450,7 @@ impl Default for DefaultConfiguration {
             metrics_server_ip: "0.0.0.0".to_string(),
             metrics_server_port: 9090,
             persist_usage_report_interval_in_seconds: 10,
+            allow_http_serve_directory: false,
         }
     }
 }
@@ -530,6 +538,7 @@ impl Source for DefaultConfiguration {
                 ),
             ])),
         );
+        insert_default_configuration!(result, myself.allow_http_serve_directory);
         Ok(result)
     }
 }

mithril-aggregator/src/dependency_injection/builder.rs

@@ -1556,6 +1556,7 @@ impl DependenciesBuilder {
                     .clone(),
                 snapshot_directory: self.configuration.get_snapshot_dir()?,
                 cardano_node_version: self.configuration.cardano_node_version.clone(),
+                allow_http_serve_directory: self.configuration.allow_http_serve_directory,
             },
         );
 

mithril-aggregator/src/http_server/routes/artifact_routes/cardano_database.rs

@@ -41,6 +41,9 @@ fn serve_cardano_database_dir(
             router_state.configuration.snapshot_directory.clone(),
         ))
         .and(middlewares::with_logger(router_state))
+        .and(middlewares::extract_config(router_state, |config| {
+            config.allow_http_serve_directory
+        }))
         .and_then(handlers::ensure_downloaded_file_is_a_cardano_database)
 }
 
@@ -103,6 +106,7 @@ mod handlers {
     pub async fn ensure_downloaded_file_is_a_cardano_database(
         reply: warp::fs::File,
         logger: Logger,
+        allow_http_serve_directory: bool,
     ) -> Result<impl warp::Reply, Infallible> {
         let filepath = reply.path().to_path_buf();
         debug!(
@@ -111,6 +115,11 @@ mod handlers {
             filepath.display()
         );
 
+        if !allow_http_serve_directory {
+            warn!(logger, "ensure_downloaded_file_is_a_cardano_database::error"; "error" => "http serve directory is disabled");
+            return Ok(reply::empty(StatusCode::FORBIDDEN));
+        }
+
         // TODO: enhance this check with a regular expression once the file naming convention is defined
         let file_is_a_cardano_database_archive = filepath.to_string_lossy().contains("ancillary")
             || filepath.to_string_lossy().contains("immutable");

mithril-aggregator/src/http_server/routes/artifact_routes/snapshot.rs

@@ -61,6 +61,9 @@ fn serve_snapshots_dir(
         ))
         .and(middlewares::with_logger(router_state))
         .and(middlewares::with_signed_entity_service(router_state))
+        .and(middlewares::extract_config(router_state, |config| {
+            config.allow_http_serve_directory
+        }))
         .and_then(handlers::ensure_downloaded_file_is_a_snapshot)
 }
 
@@ -155,6 +158,7 @@ mod handlers {
         reply: warp::fs::File,
         logger: Logger,
         signed_entity_service: Arc<dyn SignedEntityService>,
+        allow_http_serve_directory: bool,
     ) -> Result<impl warp::Reply, Infallible> {
         let filepath = reply.path().to_path_buf();
         debug!(
@@ -163,6 +167,11 @@ mod handlers {
             filepath.display()
         );
 
+        if !allow_http_serve_directory {
+            warn!(logger, "ensure_downloaded_file_is_a_cardano_database::error"; "error" => "http serve directory is disabled");
+            return Ok(reply::empty(StatusCode::FORBIDDEN));
+        }
+
         match crate::tools::extract_digest_from_path(&filepath) {
             Ok(digest) => match signed_entity_service
                 .get_signed_snapshot_by_id(&digest)

mithril-aggregator/src/http_server/routes/router.rs

@@ -39,6 +39,7 @@ pub struct RouterConfig {
     pub cardano_transactions_signing_config: CardanoTransactionsSigningConfig,
     pub snapshot_directory: PathBuf,
     pub cardano_node_version: String,
+    pub allow_http_serve_directory: bool,
 }
 
 #[cfg(test)]
@@ -55,6 +56,7 @@ impl RouterConfig {
             cardano_transactions_signing_config: CardanoTransactionsSigningConfig::dummy(),
             snapshot_directory: PathBuf::from("/dummy/snapshot/directory"),
             cardano_node_version: "1.2.3".to_string(),
+            allow_http_serve_directory: false,
         }
     }
 }

mithril-test-lab/mithril-end-to-end/src/mithril/aggregator.rs

@@ -99,6 +99,7 @@ impl Aggregator {
             ),
             ("CARDANO_TRANSACTIONS_SIGNING_CONFIG__STEP", "15"),
             ("PERSIST_USAGE_REPORT_INTERVAL_IN_SECONDS", "3"),
+            ("ALLOW_HTTP_SERVE_DIRECTORY", "true"),
         ]);
         let args = vec![
             "--db-directory",