Adding SERVICE_TOKEN_SECRET to Rust SDK Serve command #27
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dmoverton
reviewed
Sep 14, 2023
| TraceLayer::new_for_http().make_span_with(DefaultMakeSpan::default().level(Level::INFO)), | ||
| ); | ||
| let expected_auth_header: Option<HeaderValue> = serve_command.service_token_secret.and_then(|service_token_secret| { | ||
| let expected_bearer = format!("Bearer {}", service_token_secret); // TODO |
There was a problem hiding this comment.
I don't think you need the "TODO" comment there any more.
paf31
reviewed
Sep 15, 2023
|
|
||
| // NOTE: The comparison should probably be more permissive to allow for whitespace, etc. | ||
| if auth_header == expected_auth_header { return Ok(()); } | ||
| Err((StatusCode::UNAUTHORIZED, "").into_response()) |
There was a problem hiding this comment.
I didn't notice this before but this should return an ErrorResponse.
There was a problem hiding this comment.
Is there an example of how to do this?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is to be used in conjunction with the changes made to V3 engine that can send a pre-shared secret token via
Authorization: Bearer TOKENheader.If the
SERVICE_TOKEN_SECRETenv variable is set or the engine sends theAuthorization: Bearer SERVICE_TOKEN_SECRETheader, then the values must match.If they do not match then the response will be StatusCode::UNAUTHORIZED.
If neither are set then the request proceeds as before.