add ability for plugins to be fetched from authenticated URLs

Signed-off-by: karthik2804 <[email protected]>
fermyon · Oct 25, 2024 · 59d9052 · 59d9052
1 parent 3eaba5f
commit 59d9052
Showing 1 changed file with 21 additions and 2 deletions.
diff --git a/crates/plugins/src/manager.rs b/crates/plugins/src/manager.rs
@@ -8,6 +8,7 @@ use crate::{
 
 use anyhow::{anyhow, bail, Context, Result};
 use path_absolutize::Absolutize;
+use reqwest::{header::HeaderMap, Client};
 use serde::Serialize;
 use spin_common::sha256;
 use std::{
@@ -189,7 +190,11 @@ impl PluginManager {
         let plugin_manifest = match manifest_location {
             ManifestLocation::Remote(url) => {
                 tracing::info!("Pulling manifest for plugin from {url}");
-                reqwest::get(url.as_ref())
+                let client = Client::new();
+                client
+                    .get(url.as_ref())
+                    .headers(maybe_get_auth_header()?)
+                    .send()
                     .await
                     .map_err(|e| {
                         Error::ConnectionFailed(ConnectionFailedError::new(
@@ -336,7 +341,12 @@ pub fn get_package(plugin_manifest: &PluginManifest) -> Result<&PluginPackage> {
 
 async fn download_plugin(name: &str, temp_dir: &TempDir, target_url: &str) -> Result<PathBuf> {
     tracing::trace!("Trying to get tar file for plugin '{name}' from {target_url}");
-    let plugin_bin = reqwest::get(target_url).await?;
+    let client = Client::new();
+    let plugin_bin = client
+        .get(target_url)
+        .headers(maybe_get_auth_header()?)
+        .send()
+        .await?;
     if !plugin_bin.status().is_success() {
         match plugin_bin.status() {
             reqwest::StatusCode::NOT_FOUND => bail!("The download URL specified in the plugin manifest was not found ({target_url} returned HTTP error 404). Please contact the plugin author."),
@@ -364,6 +374,15 @@ fn verify_checksum(plugin_file: &Path, expected_sha256: &str) -> Result<()> {
     }
 }
 
+fn maybe_get_auth_header() -> Result<HeaderMap> {
+    let token = std::env::var("SPIN_PLUGIN_AUTH_HEADER").ok();
+    let mut headers = HeaderMap::new();
+    if token.is_some() {
+        headers.insert(reqwest::header::AUTHORIZATION, token.unwrap().parse()?);
+    }
+    Ok(headers)
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;