diff --git a/crates/plugins/src/manager.rs b/crates/plugins/src/manager.rs index 34a11364cf..27bbab0c1e 100644 --- a/crates/plugins/src/manager.rs +++ b/crates/plugins/src/manager.rs @@ -8,6 +8,7 @@ use crate::{ use anyhow::{anyhow, bail, Context, Result}; use path_absolutize::Absolutize; +use reqwest::{header::HeaderMap, Client}; use serde::Serialize; use spin_common::sha256; use std::{ @@ -189,7 +190,11 @@ impl PluginManager { let plugin_manifest = match manifest_location { ManifestLocation::Remote(url) => { tracing::info!("Pulling manifest for plugin from {url}"); - reqwest::get(url.as_ref()) + let client = Client::new(); + client + .get(url.as_ref()) + .headers(maybe_get_auth_header()?) + .send() .await .map_err(|e| { Error::ConnectionFailed(ConnectionFailedError::new( @@ -336,7 +341,12 @@ pub fn get_package(plugin_manifest: &PluginManifest) -> Result<&PluginPackage> { async fn download_plugin(name: &str, temp_dir: &TempDir, target_url: &str) -> Result { tracing::trace!("Trying to get tar file for plugin '{name}' from {target_url}"); - let plugin_bin = reqwest::get(target_url).await?; + let client = Client::new(); + let plugin_bin = client + .get(target_url) + .headers(maybe_get_auth_header()?) + .send() + .await?; if !plugin_bin.status().is_success() { match plugin_bin.status() { reqwest::StatusCode::NOT_FOUND => bail!("The download URL specified in the plugin manifest was not found ({target_url} returned HTTP error 404). Please contact the plugin author."), @@ -364,6 +374,15 @@ fn verify_checksum(plugin_file: &Path, expected_sha256: &str) -> Result<()> { } } +fn maybe_get_auth_header() -> Result { + let token = std::env::var("SPIN_PLUGIN_AUTH_HEADER").ok(); + let mut headers = HeaderMap::new(); + if token.is_some() { + headers.insert(reqwest::header::AUTHORIZATION, token.unwrap().parse()?); + } + Ok(headers) +} + #[cfg(test)] mod tests { use super::*;