From b75d977cf49439bcb342411afeebd45d36556bff Mon Sep 17 00:00:00 2001 From: Kenjiro Nakayama Date: Thu, 9 Mar 2023 17:18:10 +0900 Subject: [PATCH] fix(serviceinfo): no authentication is needed when omitting `service_info_auth_token` This patch supports no authentication for service info by using Option for `service_info_auth_token`. Currentl docs mentions `None` if no authentication is needed but `serde_yaml` library does not support it and so `service_info_auth_token` needs to support the `Option()`. Alternatively it is possible to support `None` or `""` (empty string) as a special case to disable authorization. Any suggestion is welcome. --- HOWTO.md | 4 ++-- admin-tool/src/aio/configure.rs | 2 +- serviceinfo-api-server/src/main.rs | 20 ++++++++++++++----- .../configuration/serviceinfo_api_server.rs | 2 +- 4 files changed, 19 insertions(+), 9 deletions(-) diff --git a/HOWTO.md b/HOWTO.md index 0ec5c744f..d29512aba 100644 --- a/HOWTO.md +++ b/HOWTO.md @@ -469,8 +469,8 @@ service_info: Where: - `bind`: IP address and port that the Service Info API Server will take. -- `service_info_auth_token`: Authorization token, `None` if no authentication - is needed. +- `service_info_auth_token`: [OPTIONAL] Authorization token (default no authentication + is needed). - `admin_auth_token`: [OPTIONAL] Admin's authorization token. - `device_specific_store_driver`: path to a directory that will hold device-specific info. diff --git a/admin-tool/src/aio/configure.rs b/admin-tool/src/aio/configure.rs index 957276054..365a68199 100644 --- a/admin-tool/src/aio/configure.rs +++ b/admin-tool/src/aio/configure.rs @@ -224,7 +224,7 @@ fn generate_configs(aio_dir: &Path, config_args: &Configuration) -> Result<(), E bind: get_bind(config_args.listen_port_serviceinfo_api_server)?, - service_info_auth_token: config_args.serviceinfo_api_auth_token.clone(), + service_info_auth_token: Some(config_args.serviceinfo_api_auth_token.clone()), admin_auth_token: Some(config_args.serviceinfo_api_admin_token.clone()), device_specific_store_driver: StoreConfig::Directory { diff --git a/serviceinfo-api-server/src/main.rs b/serviceinfo-api-server/src/main.rs index 35b26fa4a..46fd3521c 100644 --- a/serviceinfo-api-server/src/main.rs +++ b/serviceinfo-api-server/src/main.rs @@ -82,7 +82,7 @@ struct ServiceInfoApiServerUD { >, // Auth Info - service_info_auth_token: String, + service_info_auth_token: Option, admin_auth_token: Option, // Basic Service Info configuration @@ -184,9 +184,17 @@ async fn serviceinfo_auth_handler( user_data: ServiceInfoApiServerUDT, auth_header: String, ) -> Result { - if auth_header != user_data.service_info_auth_token { - log::warn!("Request with invalid auth token"); - return Err(warp::reject::reject()); + match &user_data.service_info_auth_token { + None => { + log::trace!("service_info_auth_token is disabled"); + return Ok(user_data); + } + Some(token) => { + if token != &auth_header { + log::warn!("Request with invalid auth token"); + return Err(warp::reject::reject()); + } + } } Ok(user_data) @@ -434,7 +442,9 @@ async fn main() -> Result<()> { device_specific_store, - service_info_auth_token: format!("Bearer {}", settings.service_info_auth_token), + service_info_auth_token: settings + .service_info_auth_token + .map(|s| format!("Bearer {s}")), admin_auth_token: settings.admin_auth_token.map(|s| format!("Bearer {s}")), }); let ud_si = user_data.clone(); diff --git a/util/src/servers/configuration/serviceinfo_api_server.rs b/util/src/servers/configuration/serviceinfo_api_server.rs index 746815c52..adb38cc16 100644 --- a/util/src/servers/configuration/serviceinfo_api_server.rs +++ b/util/src/servers/configuration/serviceinfo_api_server.rs @@ -11,7 +11,7 @@ pub struct ServiceInfoApiServerSettings { pub service_info: ServiceInfoSettings, pub bind: Bind, - pub service_info_auth_token: String, + pub service_info_auth_token: Option, pub admin_auth_token: Option, #[serde(with = "serde_yaml::with::singleton_map")]