New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue #121: BasicAuth REST API #147
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey, looks very good so far!
api/restapi/restapi.go
Outdated
func NewTLSRESTAPI(apiMAddr ma.Multiaddr, tlsCfg *tls.Config) (*RESTAPI, error) { | ||
// NewRESTAPI creates a new REST API component. It receives | ||
// the multiaddress on which the API listens. | ||
func NewRESTAPIWithConfig(apiMAddr ma.Multiaddr, cfg *Config) (*RESTAPI, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should include the apiMaddr as part of the configuration I guess
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good -- the only difference that I see so far is that the apiMAddr
is required, while everything in the cfg
is optional. Not sure if that difference matters much, but for now I'm combining them into a single config (so we'll have NewRESTAPI(cfg *Config)
).
api/restapi/restapi.go
Outdated
@@ -56,6 +56,11 @@ type RESTAPI struct { | |||
wg sync.WaitGroup | |||
} | |||
|
|||
type Config struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't forget to document public types
@hsanjuan @ZenGround0 Just made a push, the current state should be consistent with the Todo list in the OP. |
2bf672a
to
9d000a1
Compare
sharness/t0042-basic-auth.sh
Outdated
|
||
test_expect_success "BasicAuth fails without credentials" ' | ||
id=`cluster_id` | ||
ipfs-cluster-ctl id | grep -q Unauthorized |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not convinced checking for 'Unauthorized' in the response is the best approach to this -- e.g. we could accidentally be leaking info in some case but the presence of the word 'Unauthorized' would allow this test to pass anyway.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dgrisham check that the command did not return 0 for exit code and then check for Unauthorized (should be ok for the moment).
@hsanjuan Two questions on the remaining Todos I have listed:
|
9d000a1
to
ca6cf9a
Compare
ipfs-cluster-ctl/main.go
Outdated
@@ -105,11 +107,30 @@ func main() { | |||
Name: "debug, d", | |||
Usage: "set debug log level", | |||
}, | |||
cli.StringFlag{ | |||
Name: "credentials, c", | |||
Usage: "specify BasicAuth credentials for server that requires " + |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would need a hint that they are passed as "user:password"
ipfs-cluster-ctl/main.go
Outdated
@@ -105,11 +107,30 @@ func main() { | |||
Name: "debug, d", | |||
Usage: "set debug log level", | |||
}, | |||
cli.StringFlag{ | |||
Name: "credentials, c", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
perhaps rename to --basic-auth (or even -u, --user USER[:PASSWORD] Server user and password
like curl
does) . Not sure if it deserves a short-hand alias. I'd like to keep -c for config (in line with server).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hm, so right now (I think) an empty password would work by passing --basic-auth <username>:
(note the :
at the end) but you'd get an error if you just passed --basic-auth <username>
(no :
). Might be nice to support the latter, I'll make that change.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sounds good
Seems sharness is complaining too. But other than that, should be good to go |
Yes, let's leave it like that for the moment
Sharness is ok |
Implements #121 |
b38b25a
to
b36b3db
Compare
@dgrisham I had the same Travis problem yesterday. Rebasing on top of master should do the trick. |
ipfs-cluster-ctl/main.go
Outdated
client := &http.Client{Transport: defaultTransport} | ||
resp, err := client.Do(r) | ||
if err == nil && resp.StatusCode >= 400 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now that this has been brought to my attention :)
I think the best place to detect error and set exit code in such case is the end of formatResponse
. This ensures the received data/error is shown to the user in the desired format. Only then you can check resp.StatusCode and exit with 2 when it was not a successful request.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Gotcha, yeah I was definitely planning on discussing/correcting this approach. And out of curiosity, why exit code 2 specifically? Is there a good rule of thumb for the first few exit codes that I can keep in mind?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nah, I said 2 because 1 is used for the rest of errors, so just to use a different one for errors which are from responses. It's completely arbitrary...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Gotcha, good to know. We should document that somewhere for any users who might want to distinguish between to the two.
@ZenGround0 Ah, dope, thanks for the tip :) |
6f320de
to
2ac98dd
Compare
2ac98dd
to
25a910f
Compare
@hsanjuan Tests passing! Let me know if there are any other changes you think I should make. |
@hsanjuan Don't merge this quite yet, there are a couple of sharness tests I want to add first. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
awesome thanks!
@hsanjuan Here's a start to the BasicAuth implementation. Todos:
-c <username>:<password>
flagCLUSTER_CREDENTIALS="<username>:<password>"