Add and apply BasicAuth for all REST API resources #194
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jihoon-seo
reviewed
Jul 6, 2020
| @@ -80,6 +80,18 @@ func ApiServer() { | |||
| AllowMethods: []string{http.MethodGet, http.MethodPut, http.MethodPost, http.MethodDelete}, | |||
| })) | |||
|
|
|||
| API_USERNAME := os.Getenv("API_USERNAME") | |||
| API_PASSWORD := os.Getenv("API_PASSWORD") | |||
There was a problem hiding this comment.
다른 환경변수 (SPIDER_URL, DB_URL, DB_DATABASE, DB_USER, DB_PASSWORD) 들은
- src/common/common.go 에서 Go var 가 declare 되고
- src/main.go 에서 env var → Go var 로 assign 되고 있습니다.
API_USERNAME 과 API_PASSWORD 는
TB 전반적인 것이 아니라
REST API 에 대한 것이므로
src/api/rest/server/server.go 에서 declare & assign 되는 것도 좋을 것 같습니다.
jihoon-seo
reviewed
Jul 6, 2020
| @@ -4,6 +4,6 @@ source ../setup.env | |||
| num=0 | |||
| for NAME in "${CONNECT_NAMES[@]}" | |||
| do | |||
| curl -sX GET http://$RESTSERVER:1024/vmimage/${IMG_IDS[num]}?connection_name=${NAME} |json_pp & | |||
| curl -H "${AUTH}" -sX GET http://$RESTSERVER:1024/vmimage/${IMG_IDS[num]}?connection_name=${NAME} |json_pp & | |||
There was a problem hiding this comment.
Spider 용 스크립트에는 Auth 가 필요하지 않겠습니다.
그런데 이 스크립트들이 obsolete 상태라서
이 PR의 내용대로 진행해도 괜찮아 보입니다.
There was a problem hiding this comment.
감사합니다. Obsolete 는 향후 삭제를 하는 것이 좋아보입니다.
그리고, 향후 Spider도 기본 Auth를 추가하는 것을 염두에 두고 해더에 추가하였습니다. 해더에 추가되어도 동작에는 문제는 없습니다.. ^^
|
넵. 텀블벅 코드를 예제로 사용하시면 쉽게 변경할 수 있습니다..^^ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds and applies BasicAuth for all REST API resources.
With this PR, rest api client needs to include "username" and "password" to each API header to be authorized.
The header "KEY: VAL" is "Authorization: Basic {base64 encoded $USERNAME:$PASSWORD}".
( "Authorization: Basic $(echo -n $USERNAME:$PASSWORD| base64)" )
The default values for username and password are given in the configuration file (conf/setup.env).
All test scripts also includes "Authorization" header.
The value for Authorization is generated by test/official/conf.env (ApiUsername, ApiPassword).
Values for "API_USERNAME" and "API_PASSWORD" in conf/setup.en would better to identical with
Values for "ApiUsername" and "ApiPassword" in test/official/conf.env.