feat: secure Lassie server using authorization #273
Conversation
Configure Lassie HTTP server to require authorization with the
configured access token.
This change does not affect Zinnia modules with one exception:
`fetch('ipfs://`) requests are not allowed to send an `Authorization`
header now.
Signed-off-by: Miroslav Bajtoš <oss@bajtos.net>
cli/main.rs
Outdated
| @@ -57,6 +58,7 @@ async fn main_impl() -> Result<()> { | |||
| temp_dir: None, | |||
| // Listen on an ephemeral port selected by the operating system | |||
| port: 0, | |||
| access_token: Some(generate_lassie_access_token()), | |||
There was a problem hiding this comment.
I tested this change manually by adding console.log to runtime/js/fetch.js, running zinnia-dev run runtime/tests/js/ipfs_retrieval_tests.js and observing output.
This is the difficult part! Let me think about it some more 🤔 |
|
Idea: Only run the test on linux, and use https://stackoverflow.com/questions/942824/how-to-find-ports-opened-by-process-id-in-linux to get the port |
Signed-off-by: Miroslav Bajtoš <oss@bajtos.net>
See 515893a |
Signed-off-by: Miroslav Bajtoš <oss@bajtos.net>
That would work too 👍🏻 |
Signed-off-by: Miroslav Bajtoš <oss@bajtos.net>
| .expect("cannot read the first line of the HTTP response") | ||
| .expect("server returned at least one line"); | ||
|
|
||
| assert_eq!(status, "HTTP/1.1 401 Unauthorized") |
Configure Lassie HTTP server to require authorization with the configured access token.
This change does not affect Zinnia modules with one exception:
fetch('ipfs://) requests are not allowed to send anAuthorizationheader now.Also upgrade Lassie from v0.4.0 to v0.5.1. Release notes: