Skip to content

Commit

Permalink
Add auth. header to /os/v1/config requests
Browse files Browse the repository at this point in the history
* this allows the API to identify devices requesting configuration and
  apply routing logic (e.g. switch from TCP to UDP OpenVPN configuration)

* balena-os/meta-balena@c401ebb

change-type: minor
Signed-off-by: Anton Belodedenko <2033996+ab77@users.noreply.github.com>
  • Loading branch information
ab77 committed Jun 11, 2024
1 parent e3d3c11 commit b00bcaa
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 5 deletions.
2 changes: 1 addition & 1 deletion src/args.rs
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ pub fn get_os_config_path() -> PathBuf {
path_buf(&try_redefined(OS_CONFIG_PATH, OS_CONFIG_PATH_REDEFINE))
}

fn get_config_json_path() -> PathBuf {
pub fn get_config_json_path() -> PathBuf {
if get_flasher_flag_path().exists() {
get_config_json_flasher_path()
} else {
Expand Down
2 changes: 1 addition & 1 deletion src/config_json.rs
Original file line number Diff line number Diff line change
Expand Up @@ -179,7 +179,7 @@ fn strip_api_endpoint(api_endpoint: &str) -> String {
}
}

fn get_api_key(config_json: &ConfigMap) -> Result<Option<String>> {
pub fn get_api_key(config_json: &ConfigMap) -> Result<Option<String>> {
if let Some(value) = config_json.get("deviceApiKey") {
if let Some(api_key) = value.as_str() {
Ok(Some(api_key.to_string()))
Expand Down
18 changes: 15 additions & 3 deletions src/remote.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,9 @@ use std::time::Duration;

use anyhow::{anyhow, Context, Result};

use crate::config_json::{read_config_json, get_api_key};
use crate::args::get_config_json_path;

pub type OverridesMap = HashMap<String, serde_json::Value>;

#[derive(Debug, Serialize, Deserialize, PartialEq)]
Expand Down Expand Up @@ -58,6 +61,13 @@ fn fetch_configuration_impl(
root_certificate: Option<reqwest::Certificate>,
retry: bool,
) -> Result<RemoteConfiguration> {
let config_json = read_config_json(&get_config_json_path())?;
let api_key = get_api_key(&config_json)?.unwrap_or("".to_string());

if api_key.is_empty() == false {
debug!("using auth token {:.7}...", api_key);
}

let client = build_reqwest_client(root_certificate)?;

let request_fn = if retry {
Expand All @@ -68,7 +78,7 @@ fn fetch_configuration_impl(

info!("Fetching service configuration from {}...", config_url);

let json_data = request_fn(config_url, &client)?.text()?;
let json_data = request_fn(config_url, &api_key, &client)?.text()?;

info!("Service configuration retrieved");

Expand All @@ -77,21 +87,23 @@ fn fetch_configuration_impl(

fn request_config(
url: &str,
token: &str,
client: &reqwest::blocking::Client,
) -> Result<reqwest::blocking::Response> {
Ok(client.get(url).send()?)
Ok(client.get(url).bearer_auth(token).send()?)
}

fn retry_request_config(
url: &str,
token: &str,
client: &reqwest::blocking::Client,
) -> Result<reqwest::blocking::Response> {
let mut sleeped = 0;

let mut last_err = String::new();

loop {
match client.get(url).send() {
match client.get(url).bearer_auth(token).send() {
Ok(response) => {
return Ok(response);
}
Expand Down

0 comments on commit b00bcaa

Please sign in to comment.