Page MenuHomePhabricator

[blob] Hide endpoints behind auth middleware
ClosedPublic

Authored by bartek on Jun 13 2024, 1:07 AM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Nov 27, 11:39 AM
Unknown Object (File)
Wed, Nov 27, 11:04 AM
Unknown Object (File)
Mon, Nov 25, 6:57 AM
Unknown Object (File)
Sat, Nov 23, 8:45 PM
Unknown Object (File)
Sat, Nov 23, 3:39 PM
Unknown Object (File)
Thu, Nov 14, 2:35 AM
Unknown Object (File)
Sun, Nov 3, 12:27 PM
Unknown Object (File)
Fri, Nov 1, 1:38 PM
Subscribers

Details

Summary

Wrapped all /blob/** endpoints with auth middleware.

By the way, added /health which was missing, but it's handy for AWS ECS to do health checks (until now it treated 404 as okay)

Depends on D12414

Test Plan

Test plan for D12414 for all blob endpoints. /health works without auth

Diff Detail

Repository
rCOMM Comm
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

bartek held this revision as a draft.
bartek published this revision for review.Jun 13 2024, 2:11 AM
ashoat retitled this revision from [blob] Hide edpoints behind auth middleware to [blob] Hide endpoints behind auth middleware.Jun 13 2024, 8:23 AM
varun added inline comments.
services/blob/src/http/mod.rs
42 ↗(On Diff #41270)

do we need this clone?

This revision is now accepted and ready to land.Jun 17 2024, 9:00 PM
services/blob/src/http/mod.rs
42 ↗(On Diff #41270)

yes, because HttpServer::new(move || { moves it into the closure, and the closure can be called multiple times, once for each HTTP listener thread.
But probably moving the get_comm_authentication_middleware() call into the closure could avoid the clone() call. Under the hood, they're equivalent, though.