Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add authn #1

Merged
merged 10 commits into from
Nov 21, 2023
Merged

Add authn #1

merged 10 commits into from
Nov 21, 2023

Conversation

emcfarlane
Copy link
Collaborator

@emcfarlane emcfarlane commented Oct 31, 2023
edited
Loading

Add authn package. Based off of https://github.com/akshayjshah/connectauth.

Changes:

  • Struct exposes methods not fields to allow methods like r.BasicAuth() without the overhead on every request. Should be extensible down the line to add more helpers like BearerAuth() etc.
  • Added TLS() method to enable authFunc to check TLS settings
  • Added mutual TLS example using self signed certs (currently generated in the example).
  • Removed the interceptor, as it open up an abuse vector avoiding unmarshalling before authenticating.

@emcfarlane emcfarlane self-assigned this Oct 31, 2023
emcfarlane
emcfarlane commented Nov 1, 2023
View reviewed changes
authn.go Show resolved Hide resolved
@emcfarlane emcfarlane marked this pull request as ready for review November 1, 2023 14:43
emcfarlane
emcfarlane commented Nov 3, 2023
View reviewed changes
authn.go

// BasicAuth returns the username and password provided in the request's
// Authorization header, if any.
func (r Request) BasicAuth() (username string, password string, ok bool) {
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is new, helper for basic auth that just delegates to the request.

akshayjshah
akshayjshah approved these changes Nov 21, 2023
View reviewed changes
authn.go

// Request describes a single RPC invocation.
type Request struct {
request *http.Request
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a nice change! Also opens the door for us to expose cookies, which are annoyingly tied to http.Request.

@akshayjshah akshayjshah merged commit 4613eda into main Nov 21, 2023
4 checks passed
@akshayjshah akshayjshah deleted the ed/auth branch November 21, 2023 18:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@akshayjshah akshayjshah akshayjshah approved these changes

Assignees

@emcfarlane emcfarlane

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@emcfarlane @akshayjshah