Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add authorization #1

Closed
wants to merge 4 commits into from
Closed

Add authorization #1

wants to merge 4 commits into from

Conversation

secana
Copy link

@secana secana commented Apr 25, 2021

Hi @jonhoo,

I've added optional authorization for the HTTP registry. As with a "push", the "HTTP Authorization" header will be send on a index or crate download request.

Why: For private registry, authorization is not only important for the "push", but for the "pull" of any data, too. Different users can have different rights for crates. Sending an optional authorization header satisfies that need.

As this is my first time modifying Cargo, I'm sure I did a lot of stuff wrong or not optimal, so please let me know, where I can improve the code.

If there is generally no interest in support for authorization and private registries, let me know.

@secana secana mentioned this pull request Apr 25, 2021
Closed
@jonhoo
Copy link
Owner

jonhoo commented Apr 25, 2021

Hi! I think it's probably best to try and land just the HTTP protocol registry first, and then add authorization afterwards, rather than trying to add both at the same time. There are a bunch of questions around registry authentication and authorization that I know the cargo team has already thought a bunch about, so I think it shouldn't be folded in here.

Also note that my PR that you've submitted a PR on top of is very much experimental, and is unlikely to land in its current form. Instead, the path forward is first to land rust-lang#8985, and then to modify my experimental implementation on top of that, rather than have it use a pre-fetching phase like it currently utilizes.

@secana
Copy link
Author

secana commented Apr 27, 2021

Hi! Alright, I'll keep an I on #8985. If there is any way I can help in the future with the http registry, I'll be happy do to so!

@Eh2406
Copy link

Eh2406 commented Apr 27, 2021

When the http-api is on its way to stabilization, I will be doing a deep dive on the authorization side. It sounds like you have well earned opinions on how that should work. I would love to incorporate your expertise! Can we have a meeting when I start my education on that part? I will be reading the comments on rust-lang/rfcs#2719 so if you want to put your prospective down for posterity that would be a useful place.

@secana
Copy link
Author

secana commented Apr 28, 2021

@Eh2406 Sure, feel free to contact me any time!

@secana secana mentioned this pull request Apr 28, 2021
Closed
@Eh2406
Copy link

Eh2406 commented May 28, 2021

Someone else has start the conversation. Currently the conversation is at https://internals.rust-lang.org/t/pre-rfc-cargo-alternative-registry-authentication/14794

@jonhoo jonhoo closed this May 28, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@secana @jonhoo @Eh2406