Merge pull request #441 from nak3/fix-403

fix(serviceinfo): no authentication is needed when omitting `service_info_auth_token`
fdo-rs · Mar 9, 2023 · b1181d9 · b1181d9
2 parents 91f6191 + b75d977
commit b1181d9
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 9 deletions.
diff --git a/HOWTO.md b/HOWTO.md
@@ -469,8 +469,8 @@ service_info:
 
 Where:
 - `bind`: IP address and port that the Service Info API Server will take.
-- `service_info_auth_token`: Authorization token, `None` if no authentication
-  is needed.
+- `service_info_auth_token`: [OPTIONAL] Authorization token (default no authentication
+   is needed).
 - `admin_auth_token`: [OPTIONAL] Admin's authorization token.
 - `device_specific_store_driver`: path to a directory that will hold
   device-specific info.

diff --git a/admin-tool/src/aio/configure.rs b/admin-tool/src/aio/configure.rs
@@ -224,7 +224,7 @@ fn generate_configs(aio_dir: &Path, config_args: &Configuration) -> Result<(), E
 
             bind: get_bind(config_args.listen_port_serviceinfo_api_server)?,
 
-            service_info_auth_token: config_args.serviceinfo_api_auth_token.clone(),
+            service_info_auth_token: Some(config_args.serviceinfo_api_auth_token.clone()),
             admin_auth_token: Some(config_args.serviceinfo_api_admin_token.clone()),
 
             device_specific_store_driver: StoreConfig::Directory {

diff --git a/serviceinfo-api-server/src/main.rs b/serviceinfo-api-server/src/main.rs
@@ -82,7 +82,7 @@ struct ServiceInfoApiServerUD {
     >,
 
     // Auth Info
-    service_info_auth_token: String,
+    service_info_auth_token: Option<String>,
     admin_auth_token: Option<String>,
 
     // Basic Service Info configuration
@@ -184,9 +184,17 @@ async fn serviceinfo_auth_handler(
     user_data: ServiceInfoApiServerUDT,
     auth_header: String,
 ) -> Result<ServiceInfoApiServerUDT, warp::Rejection> {
-    if auth_header != user_data.service_info_auth_token {
-        log::warn!("Request with invalid auth token");
-        return Err(warp::reject::reject());
+    match &user_data.service_info_auth_token {
+        None => {
+            log::trace!("service_info_auth_token is disabled");
+            return Ok(user_data);
+        }
+        Some(token) => {
+            if token != &auth_header {
+                log::warn!("Request with invalid auth token");
+                return Err(warp::reject::reject());
+            }
+        }
     }
 
     Ok(user_data)
@@ -434,7 +442,9 @@ async fn main() -> Result<()> {
 
         device_specific_store,
 
-        service_info_auth_token: format!("Bearer {}", settings.service_info_auth_token),
+        service_info_auth_token: settings
+            .service_info_auth_token
+            .map(|s| format!("Bearer {s}")),
         admin_auth_token: settings.admin_auth_token.map(|s| format!("Bearer {s}")),
     });
     let ud_si = user_data.clone();

diff --git a/util/src/servers/configuration/serviceinfo_api_server.rs b/util/src/servers/configuration/serviceinfo_api_server.rs
@@ -11,7 +11,7 @@ pub struct ServiceInfoApiServerSettings {
     pub service_info: ServiceInfoSettings,
     pub bind: Bind,
 
-    pub service_info_auth_token: String,
+    pub service_info_auth_token: Option<String>,
     pub admin_auth_token: Option<String>,
 
     #[serde(with = "serde_yaml::with::singleton_map")]