Skip to content

Commit

Permalink
add ability for plugins to be fetched from authenticated URLs
Browse files Browse the repository at this point in the history
Signed-off-by: karthik2804 <[email protected]>
  • Loading branch information
karthik2804 committed Oct 25, 2024
1 parent 3eaba5f commit 59d9052
Showing 1 changed file with 21 additions and 2 deletions.
23 changes: 21 additions & 2 deletions crates/plugins/src/manager.rs
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ use crate::{

use anyhow::{anyhow, bail, Context, Result};
use path_absolutize::Absolutize;
use reqwest::{header::HeaderMap, Client};
use serde::Serialize;
use spin_common::sha256;
use std::{
Expand Down Expand Up @@ -189,7 +190,11 @@ impl PluginManager {
let plugin_manifest = match manifest_location {
ManifestLocation::Remote(url) => {
tracing::info!("Pulling manifest for plugin from {url}");
reqwest::get(url.as_ref())
let client = Client::new();
client
.get(url.as_ref())
.headers(maybe_get_auth_header()?)
.send()
.await
.map_err(|e| {
Error::ConnectionFailed(ConnectionFailedError::new(
Expand Down Expand Up @@ -336,7 +341,12 @@ pub fn get_package(plugin_manifest: &PluginManifest) -> Result<&PluginPackage> {

async fn download_plugin(name: &str, temp_dir: &TempDir, target_url: &str) -> Result<PathBuf> {
tracing::trace!("Trying to get tar file for plugin '{name}' from {target_url}");
let plugin_bin = reqwest::get(target_url).await?;
let client = Client::new();
let plugin_bin = client
.get(target_url)
.headers(maybe_get_auth_header()?)
.send()
.await?;
if !plugin_bin.status().is_success() {
match plugin_bin.status() {
reqwest::StatusCode::NOT_FOUND => bail!("The download URL specified in the plugin manifest was not found ({target_url} returned HTTP error 404). Please contact the plugin author."),
Expand Down Expand Up @@ -364,6 +374,15 @@ fn verify_checksum(plugin_file: &Path, expected_sha256: &str) -> Result<()> {
}
}

fn maybe_get_auth_header() -> Result<HeaderMap> {
let token = std::env::var("SPIN_PLUGIN_AUTH_HEADER").ok();
let mut headers = HeaderMap::new();
if token.is_some() {
headers.insert(reqwest::header::AUTHORIZATION, token.unwrap().parse()?);
}
Ok(headers)
}

#[cfg(test)]
mod tests {
use super::*;
Expand Down

0 comments on commit 59d9052

Please sign in to comment.