-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding SERVICE_TOKEN_SECRET to Rust SDK Serve command #27
Conversation
TraceLayer::new_for_http().make_span_with(DefaultMakeSpan::default().level(Level::INFO)), | ||
); | ||
let expected_auth_header: Option<HeaderValue> = serve_command.service_token_secret.and_then(|service_token_secret| { | ||
let expected_bearer = format!("Bearer {}", service_token_secret); // TODO |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think you need the "TODO" comment there any more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dmoverton done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good
|
||
// NOTE: The comparison should probably be more permissive to allow for whitespace, etc. | ||
if auth_header == expected_auth_header { return Ok(()); } | ||
Err((StatusCode::UNAUTHORIZED, "").into_response()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn't notice this before but this should return an ErrorResponse
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there an example of how to do this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is to be used in conjunction with the changes made to V3 engine that can send a pre-shared secret token via
Authorization: Bearer TOKEN
header.If the
SERVICE_TOKEN_SECRET
env variable is set or the engine sends theAuthorization: Bearer SERVICE_TOKEN_SECRET
header, then the values must match.If they do not match then the response will be StatusCode::UNAUTHORIZED.
If neither are set then the request proceeds as before.