Page MenuHomePhabricator
Differential D9243

[services-lib] Support auth token in HTTP middleware
ClosedPublic
Actions

Authored by bartek on Sep 20 2023, 2:57 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Jun 30, 1:42 PM
Unknown Object (File)
Sun, Jun 30, 1:42 PM
Unknown Object (File)
Sun, Jun 30, 1:41 PM
Unknown Object (File)
Sun, Jun 30, 1:40 PM
Unknown Object (File)
Sat, Jun 29, 9:27 AM
Unknown Object (File)
Thu, Jun 27, 7:20 AM
Unknown Object (File)
Wed, Jun 26, 7:59 PM
Unknown Object (File)
Wed, Jun 26, 1:08 PM
View All 61 Files
Subscribers
ashoat
tomek

Details

Reviewers
michal
varun
jon
Commits
rCOMMd0a208d19dd8: [services-lib] Support auth token in HTTP middleware
Summary

Modified auth middleware to support both new auth token enum and existing UserIdentity (as a case of that enum). The whole credential enum is now parsed and stored in the extension.

The UserIdentity case is now handled by accessing the token enum first.

Depends on D9242

Test Plan

Created test endpoint in reports service:

  • Argument of type UserIdentity still works as before
  • Argument of type AuthorizationCredential works the same way too - we're able to read UserIdentity from it
  • If we pass services token where we expect UserIdentity, a HTTP 403 is returned
  • Middleware gate (validation function) works for both

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

bartek created this revision.Sep 20 2023, 2:57 AM
bartek held this revision as a draft.
Herald added a reviewer: jon. · View Herald TranscriptSep 20 2023, 2:57 AM
Herald added subscribers: tomek, ashoat. · View Herald Transcript
bartek published this revision for review.Sep 20 2023, 3:02 AM
Harbormaster completed remote builds in B22755: Diff 31307.Sep 20 2023, 3:14 AM
michal accepted this revision.Sep 20 2023, 5:45 AM
michal added inline comments.
services/comm-services-lib/src/http/auth.rs
60–76 ↗(On Diff #31307)

This is fine, but would it be possible to map the AuthorizationCredential future (from futures crate or somewhere else)?

This revision is now accepted and ready to land.Sep 20 2023, 5:45 AM
bartek added inline comments.Sep 24 2023, 1:54 AM
services/comm-services-lib/src/http/auth.rs
60–76 ↗(On Diff #31307)

Yes, this was my initial code (import futures_util::FutureExt)

let fut =
  AuthorizationCredential::from_request(req, payload).map(
    |auth| match auth {
      Ok(AuthorizationCredential::UserToken(user)) => Ok(user.clone()),
      Ok(_) => {
        debug!("Authorization provided, but it's not UserIdentity");
        let mut error = AuthenticationError::new(Bearer::default());
        *error.status_code_mut() = StatusCode::FORBIDDEN;
        Err(error.into())
      }
      Err(err) => Err(err),
    },
  );

The only reason I decided to await instead is less indentation. But I don't know if there are any other implications (performance, async scheduling, etc.). In the end, both give the same result.

bartek added a child revision: D9275: [services-lib] Let blob client use services token.Sep 25 2023, 5:36 AM
Closed by commit rCOMMd0a208d19dd8: [services-lib] Support auth token in HTTP middleware (authored by bartek). · Explain WhyOct 2 2023, 6:27 AM
This revision was automatically updated to reflect the committed changes.
bartek added a commit: rCOMMd0a208d19dd8: [services-lib] Support auth token in HTTP middleware.

Revision Contents
Changeset List

PathSize
services/
comm-services-lib/
src/
http/
54 lines

Diff 31590

View Options

services/comm-services-lib/src/http/auth.rs

Loading...