From b00bcaa4146aa3b5a78212c698ee4110a92f0b4e Mon Sep 17 00:00:00 2001
From: Anton Belodedenko <2033996+ab77@users.noreply.github.com>
Date: Mon, 10 Jun 2024 12:03:36 -0700
Subject: [PATCH] Add auth. header to /os/v1/config requests

* this allows the API to identify devices requesting configuration and
  apply routing logic (e.g. switch from TCP to UDP OpenVPN configuration)

* https://github.com/balena-os/meta-balena/pull/3443/commits/c401ebbf551420a0c2a91eff3cb0ecd83f12a056

change-type: minor
Signed-off-by: Anton Belodedenko <2033996+ab77@users.noreply.github.com>
---
 src/args.rs        |  2 +-
 src/config_json.rs |  2 +-
 src/remote.rs      | 18 +++++++++++++++---
 3 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/src/args.rs b/src/args.rs
index ff40825..0c3aedf 100644
--- a/src/args.rs
+++ b/src/args.rs
@@ -85,7 +85,7 @@ pub fn get_os_config_path() -> PathBuf {
     path_buf(&try_redefined(OS_CONFIG_PATH, OS_CONFIG_PATH_REDEFINE))
 }
 
-fn get_config_json_path() -> PathBuf {
+pub fn get_config_json_path() -> PathBuf {
     if get_flasher_flag_path().exists() {
         get_config_json_flasher_path()
     } else {
diff --git a/src/config_json.rs b/src/config_json.rs
index 3fa0bae..0c58df7 100644
--- a/src/config_json.rs
+++ b/src/config_json.rs
@@ -179,7 +179,7 @@ fn strip_api_endpoint(api_endpoint: &str) -> String {
     }
 }
 
-fn get_api_key(config_json: &ConfigMap) -> Result<Option<String>> {
+pub fn get_api_key(config_json: &ConfigMap) -> Result<Option<String>> {
     if let Some(value) = config_json.get("deviceApiKey") {
         if let Some(api_key) = value.as_str() {
             Ok(Some(api_key.to_string()))
diff --git a/src/remote.rs b/src/remote.rs
index cadc9f4..03ef964 100644
--- a/src/remote.rs
+++ b/src/remote.rs
@@ -4,6 +4,9 @@ use std::time::Duration;
 
 use anyhow::{anyhow, Context, Result};
 
+use crate::config_json::{read_config_json, get_api_key};
+use crate::args::get_config_json_path;
+
 pub type OverridesMap = HashMap<String, serde_json::Value>;
 
 #[derive(Debug, Serialize, Deserialize, PartialEq)]
@@ -58,6 +61,13 @@ fn fetch_configuration_impl(
     root_certificate: Option<reqwest::Certificate>,
     retry: bool,
 ) -> Result<RemoteConfiguration> {
+    let config_json = read_config_json(&get_config_json_path())?;
+    let api_key = get_api_key(&config_json)?.unwrap_or("".to_string());
+
+    if api_key.is_empty() == false {
+        debug!("using auth token {:.7}...", api_key);
+    }
+
     let client = build_reqwest_client(root_certificate)?;
 
     let request_fn = if retry {
@@ -68,7 +78,7 @@ fn fetch_configuration_impl(
 
     info!("Fetching service configuration from {}...", config_url);
 
-    let json_data = request_fn(config_url, &client)?.text()?;
+    let json_data = request_fn(config_url, &api_key, &client)?.text()?;
 
     info!("Service configuration retrieved");
 
@@ -77,13 +87,15 @@ fn fetch_configuration_impl(
 
 fn request_config(
     url: &str,
+    token: &str,
     client: &reqwest::blocking::Client,
 ) -> Result<reqwest::blocking::Response> {
-    Ok(client.get(url).send()?)
+    Ok(client.get(url).bearer_auth(token).send()?)
 }
 
 fn retry_request_config(
     url: &str,
+    token: &str,
     client: &reqwest::blocking::Client,
 ) -> Result<reqwest::blocking::Response> {
     let mut sleeped = 0;
@@ -91,7 +103,7 @@ fn retry_request_config(
     let mut last_err = String::new();
 
     loop {
-        match client.get(url).send() {
+        match client.get(url).bearer_auth(token).send() {
             Ok(response) => {
                 return Ok(response);
             }