github-mirror/project-nomad
1
0
Fork 0
mirror of https://github.com/Crosstalk-Solutions/project-nomad.git synced 2026-03-28 03:29:25 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge bc06965ec3 into 44ecf41ca6

Browse Source
This commit is contained in:
Sebastion 2026-03-27 09:23:54 -05:00 committed by GitHub
commit daaa88ab56
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
admin/.env.example
View File

@ -15,4 +15,7 @@ REDIS_PORT=6379
# Storage path for NOMAD content (ZIM files, maps, etc.)
# On Windows dev, use an absolute path like: C:/nomad-storage
# On Linux production, use: /opt/project-nomad/storage
NOMAD_STORAGE_PATH=/opt/project-nomad/storage
NOMAD_STORAGE_PATH=/opt/project-nomad/storage
# HMAC secret used to sign benchmark submissions to benchmark.projectnomad.us
# Generate with: openssl rand -hex 24
# BENCHMARK_HMAC_SECRET=

16
admin/app/services/benchmark_service.ts
View File

@ -23,16 +23,17 @@ import type {
RepositoryStats,
} from '../../types/benchmark.js'
import { randomUUID, createHmac } from 'node:crypto'
import env from '#start/env'
import { DockerService } from './docker_service.js'
import { SERVICE_NAMES } from '../../constants/service_names.js'
import { BROADCAST_CHANNELS } from '../../constants/broadcast.js'
import Dockerode from 'dockerode'
// HMAC secret for signing submissions to the benchmark repository
// This provides basic protection against casual API abuse.
// Note: Since NOMAD is open source, a determined attacker could extract this.
// For stronger protection, see challenge-response authentication.
const BENCHMARK_HMAC_SECRET = '778ba65d0bc0e23119e5ffce4b3716648a7d071f0a47ec3f'
// HMAC secret for signing submissions to the benchmark repository.
// Must be provided via the BENCHMARK_HMAC_SECRET environment variable.
// The benchmark server uses this to verify that submissions originate from
// a genuine NOMAD instance. Never commit the real secret to source control.
const BENCHMARK_HMAC_SECRET = env.get('BENCHMARK_HMAC_SECRET')
// Re-export default weights for use in service
const SCORE_WEIGHTS = {
@ -157,6 +158,11 @@ export class BenchmarkService {
}
try {
// Refuse to submit if the signing secret is not configured
if (!BENCHMARK_HMAC_SECRET) {
throw new Error('Benchmark submission signing secret is not configured. Set the BENCHMARK_HMAC_SECRET environment variable.')
}
// Generate HMAC signature for submission verification
const timestamp = Date.now().toString()
const payload = timestamp + JSON.stringify(submission)

7
admin/start/env.ts
View File

@ -60,4 +60,11 @@ export default await Env.create(new URL('../', import.meta.url), {
|----------------------------------------------------------
*/
NOMAD_API_URL: Env.schema.string.optional(),
/*
|----------------------------------------------------------
| Variables for configuring the benchmark submission secret
|----------------------------------------------------------
*/
BENCHMARK_HMAC_SECRET: Env.schema.string.optional(),
})