Skip to content

add support for cargo auth-required in accordance with RFC #3139 #50

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: develop
Choose a base branch
from
Draft

add support for cargo auth-required in accordance with RFC #3139 #50

wants to merge 1 commit into from

Conversation

@fMeow
Copy link
Collaborator

@fMeow fMeow commented Jun 22, 2022

Add a feature gate auth-required to require authorization for downloading crates, searching crates, getting crate owner.

@fMeow fMeow mentioned this pull request Jun 22, 2022
Open
@fMeow fMeow closed this by deleting the head repository Sep 3, 2022
@fMeow fMeow reopened this Sep 3, 2022
@gagbo gagbo self-assigned this Sep 7, 2022
@gagbo gagbo mentioned this pull request Jan 27, 2023
Draft
gagbo
gagbo reviewed Feb 12, 2023
View reviewed changes
Copy link
Collaborator

@gagbo gagbo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That looks pretty cool, thanks a lot for that! I'd like to have integration tests to be sure that there are no regressions, but I don't really have time for that now, so I might just merge as is really.

I only added a few nitpicky comments, feel free to ignore those

Cargo.toml
db-sled = ["sled"]
db-redis = ["redis"]
db-mongo = ["mongodb", "bson"]
auth-required = []
Copy link
Collaborator

@gagbo gagbo Feb 12, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should name the feature registry-auth instead

src/utils.rs
.read()
.await
.user_id_for_token(&token)
.map_err(|_| Error::InvalidToken(token.clone()))
Copy link
Collaborator

@gagbo gagbo Feb 12, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It could be cool to add the WWW-Authenticate header on rejection here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gagbo gagbo gagbo left review comments

Assignees

@gagbo gagbo

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@fMeow @gagbo