Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[COR-581] Add simple auth check for trunk registry #256

Merged
merged 3 commits into from
Apr 18, 2023
Merged

[COR-581] Add simple auth check for trunk registry #256

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
5bc083b
Add simple auth check
ianstanton Apr 18, 2023
1a167a1
fmt
ianstanton Apr 18, 2023
88c87d7
Read AUTH_TOKEN from env var in CLI and registry
ianstanton Apr 18, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion trunk/cli/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "pg-trunk"
version = "0.2.2"
version = "0.3.0"
edition = "2021"
authors = ["Steven Miller", "Ian Stanton"]
description = "A package manager for PostgreSQL extensions"
Expand Down
13 changes: 8 additions & 5 deletions trunk/cli/src/commands/publish.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@ use super::SubCommand;
use crate::commands::publish::PublishError::InvalidExtensionName;
use async_trait::async_trait;
use clap::Args;
use hyper::header::CONTENT_TYPE;
use reqwest::header::HeaderMap;
use reqwest::header::CONTENT_TYPE;
use reqwest::header::{HeaderMap, AUTHORIZATION};
use serde_json::json;
use std::fs;
use std::path::PathBuf;
use std::{env, fs};
use tokio_task_manager::Task;

#[derive(Args)]
Expand Down Expand Up @@ -66,9 +66,12 @@ impl SubCommand for PublishCommand {
};
let mut headers = HeaderMap::new();
headers.insert(CONTENT_TYPE, "application/octet-stream".parse().unwrap());
// Add token header from env var
let auth = env::var("AUTH_TOKEN").unwrap_or_else(|_| "".to_owned());
headers.insert(AUTHORIZATION, auth.parse()?);
let file_part = reqwest::multipart::Part::bytes(file)
.file_name(name)
.headers(headers);
.headers(headers.clone());
let m = json!({
"name": self.name,
"vers": self.version,
Expand All @@ -78,7 +81,7 @@ impl SubCommand for PublishCommand {
"license": self.license,
"repository": self.repository
});
let metadata = reqwest::multipart::Part::text(m.to_string());
let metadata = reqwest::multipart::Part::text(m.to_string()).headers(headers);
let form = reqwest::multipart::Form::new()
.part("metadata", metadata)
.part("file", file_part);
Expand Down
3 changes: 3 additions & 0 deletions trunk/trunk-registry/src/config.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
use actix_web::http::header::HeaderValue;
use std::env;

#[derive(Debug, Clone)]
Expand All @@ -7,6 +8,7 @@ pub struct Config {
pub region: Option<String>,
pub aws_access_key: String,
pub aws_secret_key: String,
pub auth_token: HeaderValue,
}

// TODO(ianstanton) Fix load from .env
Expand All @@ -21,6 +23,7 @@ impl Default for Config {
region: Some(from_env_default("S3_REGION", "")),
aws_access_key: from_env_default("AWS_ACCESS_KEY", ""),
aws_secret_key: from_env_default("AWS_SECRET_KEY", ""),
auth_token: from_env_default("AUTH_TOKEN", "").parse().unwrap(),
}
}
}
Expand Down
4 changes: 4 additions & 0 deletions trunk/trunk-registry/src/errors.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,10 @@ pub enum ExtensionRegistryError {
#[error("response error")]
ResponseError(),

/// an authorization error
#[error("authorization error")]
AuthorizationError(),

/// a payload error
#[error("payload error")]
PayloadError(#[from] error::PayloadError),
Expand Down
7 changes: 7 additions & 0 deletions trunk/trunk-registry/src/publish.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,11 @@

use crate::config::Config;
use crate::errors::ExtensionRegistryError;
use crate::errors::ExtensionRegistryError::AuthorizationError;
use crate::uploader::upload_extension;
use crate::views::extension_publish::ExtensionUpload;
use actix_multipart::Multipart;
use actix_web::http::header::AUTHORIZATION;
use actix_web::{error, post, web, HttpResponse};
use aws_config::SdkConfig;
use aws_sdk_s3;
Expand All @@ -29,6 +31,11 @@ pub async fn publish(
let mut metadata = web::BytesMut::new();
let mut file = web::BytesMut::new();
while let Some(mut field) = payload.try_next().await? {
let headers = field.headers();
let auth = headers.get(AUTHORIZATION).unwrap();
if auth != cfg.auth_token {
return Err(AuthorizationError());
}
// Field is stream of Bytes
while let Some(chunk) = field.try_next().await? {
// limit max size of in-memory payload
Expand Down