Enable auth for admin routes

Cargo.toml

@@ -46,7 +46,7 @@ tracing-subscriber = { version = "0.3", default-features = false, features = [
     "json",
     "ansi",
 ] }
-tower-http = { version = "0.4.4", features = ["trace"] }
+tower-http = { version = "0.4.4", features = [ "trace", "auth" ] }
 uuid = { version = "0.8", features = ["v4"] }
 futures = "0.3"
 chrono = "0.4"

src/app.rs

@@ -80,10 +80,6 @@ impl App {
         &self,
         api_token: &ApiKey,
     ) -> eyre::Result<bool> {
-        if self.config.server.disable_auth {
-            return Ok(true);
-        }
-
         self.db
             .is_api_key_valid(&api_token.relayer_id, api_token.api_key_hash())
             .await

src/config.rs

@@ -24,8 +24,17 @@ pub struct TxSitterConfig {
 pub struct ServerConfig {
     pub host: SocketAddr,
 
-    #[serde(default)]
-    pub disable_auth: bool,
+    pub username: Option<String>,
+    pub password: Option<String>,
+}
+
+impl ServerConfig {
+    pub fn credentials(&self) -> Option<(&str, &str)> {
+        let username = self.username.as_deref()?;
+        let password = self.password.as_deref()?;
+
+        Some((username, password))
+    }
 }
 
 #[derive(Debug, Clone, Serialize, Deserialize)]
@@ -102,7 +111,6 @@ mod tests {
 
         [server]
         host = "127.0.0.1:3000"
-        disable_auth = false
 
         [database]
         kind = "connection_string"
@@ -118,7 +126,6 @@ mod tests {
 
         [server]
         host = "127.0.0.1:3000"
-        disable_auth = false
 
         [database]
         kind = "parts"
@@ -140,7 +147,8 @@ mod tests {
             },
             server: ServerConfig {
                 host: SocketAddr::from(([127, 0, 0, 1], 3000)),
-                disable_auth: false,
+                username: None,
+                password: None,
             },
             database: DatabaseConfig::connection_string(
                 "postgres://postgres:postgres@127.0.0.1:52804/database"
@@ -162,7 +170,8 @@ mod tests {
             },
             server: ServerConfig {
                 host: SocketAddr::from(([127, 0, 0, 1], 3000)),
-                disable_auth: false,
+                username: None,
+                password: None,
             },
             database: DatabaseConfig::Parts(DbParts {
                 host: "host".to_string(),

src/server.rs

@@ -6,6 +6,7 @@ use axum::routing::{get, post, IntoMakeService};
 use axum::Router;
 use hyper::server::conn::AddrIncoming;
 use thiserror::Error;
+use tower_http::validate_request::ValidateRequestHeaderLayer;
 
 use self::routes::relayer::{
     create_relayer, create_relayer_api_key, get_relayer, relayer_rpc,
@@ -73,7 +74,7 @@ pub async fn spawn_server(
         .route("/:api_token/rpc", post(relayer_rpc))
         .with_state(app.clone());
 
-    let admin_routes = Router::new()
+    let mut admin_routes = Router::new()
         .route("/relayer", post(create_relayer))
         .route(
             "/relayer/:relayer_id",
@@ -83,6 +84,11 @@ pub async fn spawn_server(
         .route("/network/:chain_id", post(routes::network::create_network))
         .with_state(app.clone());
 
+    if let Some((username, password)) = app.config.server.credentials() {
+        admin_routes = admin_routes
+            .layer(ValidateRequestHeaderLayer::basic(username, password));
+    }
+
     let v1_routes = Router::new()
         .nest("/api", api_routes)
         .nest("/admin", admin_routes);

tests/common/mod.rs

@@ -147,7 +147,8 @@ pub async fn setup_service(
                 Ipv4Addr::new(127, 0, 0, 1),
                 0,
             )),
-            disable_auth: true,
+            username: None,
+            password: None,
         },
         database: DatabaseConfig::connection_string(db_connection_url),
         keys: KeysConfig::Local(LocalKeysConfig {}),