add ability to disable public api

src/main.rs

@@ -190,31 +190,35 @@ fn search(input: Option<&str>) -> Either<Template, Redirect> {
 // Owner API.
 #[post("/v2/owner", data="<data>")]
 async fn api_owner(data: &str) -> String {
-    let result = serde_json::from_str(data);
+    if CONFIG.public_api == "enabled" {
+        let result = serde_json::from_str(data);
 
-    let v: Value = match result {
-        Ok(value) => value,
-        Err(_err) => return "{\"error\":\"bad syntax\"}".to_string(),
-    };
-
-    let method = match v["method"].as_str() {
-        Some(value) => value,
-        _ => return "{\"error\":\"bad syntax\"}".to_string(),
-    };
-    
-    // Whitelisted methods: get_connected_peer, get_peers, get_status.
-    if method == "get_connected_peers" || method == "get_peers" || method == "get_status" {
-        let resp = requests::call(method, v["params"].to_string().as_str(), v["id"].to_string().as_str(), "owner").await;
-
-        let result = match resp {
+        let v: Value = match result {
             Ok(value) => value,
-            Err(_err) => return "{\"error\":\"rpc call failed\"}".to_string(),
+            Err(_err) => return "{\"error\":\"bad syntax\"}".to_string(),
         };
 
-        return result.to_string();
-    }
+        let method = match v["method"].as_str() {
+            Some(value) => value,
+            _ => return "{\"error\":\"bad syntax\"}".to_string(),
+        };
+    
+        // Whitelisted methods: get_connected_peer, get_peers, get_status.
+        if method == "get_connected_peers" || method == "get_peers" || method == "get_status" {
+            let resp = requests::call(method, v["params"].to_string().as_str(), v["id"].to_string().as_str(), "owner").await;
 
-    "{\"error\":\"not allowed\"}".to_string()
+            let result = match resp {
+                Ok(value) => value,
+                Err(_err) => return "{\"error\":\"rpc call failed\"}".to_string(),
+            };
+
+            return result.to_string();
+        }
+
+        "{\"error\":\"not allowed\"}".to_string()
+    } else {
+        "{\"error\":\"not allowed\"}".to_string()
+    }
 }
 
 
@@ -222,26 +226,30 @@ async fn api_owner(data: &str) -> String {
 // All methods are whitelisted.
 #[post("/v2/foreign", data="<data>")]
 async fn api_foreign(data: &str) -> String {
-    let result = serde_json::from_str(data);
+    if CONFIG.public_api == "enabled" {
+        let result = serde_json::from_str(data);
 
-    let v: Value = match result {
-        Ok(value) => value,
-        Err(_err) => return "{\"error\":\"bad syntax\"}".to_string(),
-    };
+        let v: Value = match result {
+            Ok(value) => value,
+            Err(_err) => return "{\"error\":\"bad syntax\"}".to_string(),
+        };
 
-    let method = match v["method"].as_str() {
-        Some(value) => value,
-        _ => return "{\"error\":\"bad syntax\"}".to_string(),
-    };
+        let method = match v["method"].as_str() {
+            Some(value) => value,
+            _ => return "{\"error\":\"bad syntax\"}".to_string(),
+        };
 
-    let resp = requests::call(method, v["params"].to_string().as_str(), v["id"].to_string().as_str(), "foreign").await;
+        let resp = requests::call(method, v["params"].to_string().as_str(), v["id"].to_string().as_str(), "foreign").await;
 
-    let result = match resp {
-        Ok(value) => value,
-        Err(_err) => return "{\"error\":\"rpc call failed\"}".to_string(),
-    };
+        let result = match resp {
+            Ok(value) => value,
+            Err(_err) => return "{\"error\":\"rpc call failed\"}".to_string(),
+        };
 
-    result.to_string()
+        result.to_string()
+    } else {
+        "{\"error\":\"not allowed\"}".to_string()
+    }
 }