pkg/atlas: Add ATLAS_API0_SERVERLIST_EXPERIMENTAL_DETERMINISTIC_SERVER_ID_SECRET option

2 files changed, 8 insertions, 1 deletions

diff --git a/pkg/atlas/config.go b/pkg/atlas/config.go
index f22327d..74b667c 100644
--- a/pkg/atlas/config.go
+++ b/pkg/atlas/config.go
@@ -111,6 +111,11 @@ type Config struct {
 	// it can't be added again without re-verifying).
 	API0_ServerList_GhostTime time.Duration `env:"ATLAS_API0_SERVERLIST_GHOST_TIME=2m"`
 
+	// Experimental option to use deterministic server ID generation based on
+	// the provided secret and the server info. The secret is used to prevent
+	// brute-forcing server IDs from the ID and known server info.
+	API0_ServerList_ExperimentalDeterministicServerIDSecret string `env:"ATLAS_API0_SERVERLIST_EXPERIMENTAL_DETERMINISTIC_SERVER_ID_SECRET"`
+
 	// The storage to use for accounts:
 	//  - memory
 	//  - sqlite3:/path/to/atlas.db
diff --git a/pkg/atlas/server.go b/pkg/atlas/server.go
index 821d093..c7b3e2e 100644
--- a/pkg/atlas/server.go
+++ b/pkg/atlas/server.go
@@ -205,7 +205,9 @@ func NewServer(c *Config) (*Server, error) {
 	m.Add(hlog.RequestIDHandler("rid", ""))
 
 	s.API0 = &api0.Handler{
-		ServerList:                   api0.NewServerList(c.API0_ServerList_DeadTime, c.API0_ServerList_GhostTime, c.API0_ServerList_VerifyTime),
+		ServerList: api0.NewServerList(c.API0_ServerList_DeadTime, c.API0_ServerList_GhostTime, c.API0_ServerList_VerifyTime, api0.ServerListConfig{
+			ExperimentalDeterministicServerIDSecret: c.API0_ServerList_ExperimentalDeterministicServerIDSecret,
+		}),
 		OriginAuthMgr:                configureOrigin(c, s.Logger.With().Str("component", "origin").Logger()),
 		MaxServers:                   c.API0_MaxServers,
 		MaxServersPerIP:              c.API0_MaxServersPerIP,