Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow requiring basic HTTP authentication #3131

Merged
merged 13 commits into from
Feb 20, 2024
+152 −12
Merged

Allow requiring basic HTTP authentication #3131

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
e2120a7
Allow requiring basic HTTP authentication
casey Feb 15, 2024
7222370
Tweak
casey Feb 15, 2024
040e5ae
Use credentials when connecting to server
casey Feb 19, 2024
6ff3825
Sync with server more frequently
casey Feb 19, 2024
326ddaa
Fix test
casey Feb 20, 2024
a763fad
Fix auth test
casey Feb 20, 2024
a3fb6b1
Merge remote-tracking branch 'upstream/master' into auth
casey Feb 20, 2024
c22f53a
Merge remote-tracking branch 'upstream/master' into auth
casey Feb 20, 2024
6e50e4f
Add --polling-interval
casey Feb 20, 2024
532e578
Add auth test for wallet
casey Feb 20, 2024
cb39748
Tweak
casey Feb 20, 2024
564a9fc
Merge remote-tracking branch 'upstream/master' into auth
casey Feb 20, 2024
2b0b943
Merge branch 'master' into auth
casey Feb 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
Allow requiring basic HTTP authentication
  • Loading branch information
@casey
casey committed Feb 15, 2024
commit e2120a721de50198fc0c6237a4d03c7a0f95da74
2 changes: 2 additions & 0 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ tempfile = "3.2.0"
tokio = { version = "1.17.0", features = ["rt-multi-thread"] }
tokio-stream = "0.1.9"
tokio-util = {version = "0.7.3", features = ["compat"] }
tower-http = { version = "0.4.0", features = ["compression-br", "compression-gzip", "cors", "set-header"] }
tower-http = { version = "0.4.0", features = ["auth", "compression-br", "compression-gzip", "cors", "set-header"] }

[dev-dependencies]
criterion = "0.5.1"
Expand Down
30 changes: 30 additions & 0 deletions src/subcommand/server.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ use {
compression::CompressionLayer,
cors::{Any, CorsLayer},
set_header::SetResponseHeaderLayer,
validate_request::ValidateRequestHeaderLayer,
},
};

Expand Down Expand Up @@ -180,6 +181,18 @@ pub struct Server {
pub(crate) decompress: bool,
#[arg(long, alias = "nosync", help = "Do not update the index.")]
pub(crate) no_sync: bool,
#[arg(
long,
requires = "username",
help = "Require basic HTTP authentication with <PASSWORD>. Credentials are sent in cleartext. Consider using authentication in conjunction with HTTPS."
)]
pub(crate) password: Option<String>,
#[arg(
long,
requires = "password",
help = "Require basic HTTP authentication with <USERNAME>. Credentials are sent in cleartext. Consider using authentication in conjunction with HTTPS."
)]
pub(crate) username: Option<String>,
}

impl Server {
Expand Down Expand Up @@ -310,6 +323,13 @@ impl Server {
.layer(CompressionLayer::new())
.with_state(server_config);

let router =
if let Some((username, password)) = self.username.as_ref().zip(self.password.as_ref()) {
router.layer(ValidateRequestHeaderLayer::basic(&username, &password))
} else {
router
};

match (self.http_port(), self.https_port()) {
(Some(http_port), None) => {
self
Expand Down Expand Up @@ -5299,4 +5319,14 @@ next
},
)
}

#[test]
fn authentication_requires_username_and_password_are() {
assert!(Arguments::try_parse_from(["ord", "server", "--username", "foo"]).is_err());
assert!(Arguments::try_parse_from(["ord", "server", "--password", "bar"]).is_err());
assert!(
Arguments::try_parse_from(["ord", "server", "--username", "foo", "--password", "bar"])
.is_ok()
);
}
}
36 changes: 36 additions & 0 deletions tests/server.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -584,3 +584,39 @@ fn run_no_sync() {

child.kill().unwrap();
}

#[test]
fn authentication() {
let rpc_server = test_bitcoincore_rpc::spawn();

let port = TcpListener::bind("127.0.0.1:0")
.unwrap()
.local_addr()
.unwrap()
.port();

let builder = CommandBuilder::new(format!(
"server --address 127.0.0.1 --http-port {port} --username foo --password bar"
))
.bitcoin_rpc_server(&rpc_server);

let mut command = builder.command();

let mut child = command.spawn().unwrap();

for attempt in 0.. {
if let Ok(response) = reqwest::blocking::get(format!("http://localhost:{port}")) {
if response.status() == 401 {
break;
}
}

if attempt == 100 {
panic!("Server did not respond");
}

thread::sleep(Duration::from_millis(50));
}

child.kill().unwrap();
}
Loading