Increase security for HTTP tracker

[josecelano]

Hi @WarmBeer @da2ce7 , what do you think about not adding anonymous routes for the private tracker?

If the tracker is private, routes without the auth key are unavailable. They would return a 404 error.

Routes for HTTP tracker:

pub fn router(tracker: &Arc<Tracker>) -> Router {
    Router::new()
        // Announce request
        .route("/announce", get(announce::handle_without_key).with_state(tracker.clone()))
        .route("/announce/:key", get(announce::handle_with_key).with_state(tracker.clone()))
        // Scrape request
        .route("/scrape", get(scrape::handle_without_key).with_state(tracker.clone()))
        .route("/scrape/:key", get(scrape::handle_with_key).with_state(tracker.clone()))
        // Add an extension to get the client IP from the connection info
        .layer(SecureClientIpSource::ConnectInfo.into_extension())
}

New proposal:

pub fn router(tracker: &Arc<Tracker>) -> Router {
    if tracker.is_private() {
        Router::new()
            .route("/announce/:key", get(announce::handle_with_key).with_state(tracker.clone()))
            .route("/scrape/:key", get(scrape::handle_with_key).with_state(tracker.clone()))
            // Add an extension to get the client IP from the connection info
            .layer(SecureClientIpSource::ConnectInfo.into_extension())
    } else {
        Router::new()
            .route("/announce", get(announce::handle_without_key).with_state(tracker.clone()))
            .route("/scrape", get(scrape::handle_without_key).with_state(tracker.clone()))
            // Add an extension to get the client IP from the connection info
            .layer(SecureClientIpSource::ConnectInfo.into_extension())
    }
}