-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
wip, implements simple api-key header extraction for middleware verif… #1
base: main
Are you sure you want to change the base?
Conversation
@@ -0,0 +1,113 @@ | |||
//! Extractor for the "Basic" HTTP Authentication Scheme. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/Basic/API-Key/ in all the docs
XAPIKey::<APIKey>::parse(req) | ||
.map(|auth| APIKeyAuth(auth.into_scheme())) | ||
.map_err(|err| { | ||
log::debug!("`APIKeAuth` extract error: {}", err); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
APIKeAuth->APIKeyAuth
/// | ||
/// The "realm" attribute indicates the scope of protection in the manner described in HTTP/1.1 | ||
/// [RFC 2617 §1.2](https://tools.ietf.org/html/rfc2617#section-1.2). | ||
pub fn realm<T>(mut self, value: T) -> Config |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suspect this is not valid for API-Key auth. However I see the Bearer
extractor has realm
, so maybe I am wrong.
The config that would be useful is what is the name of the header containing the api-key. i.e. it shouldnt be hard-coded to x-api-key
.
If not configurable, the docs for the module should indicate the limitations compared with https://swagger.io/docs/specification/authentication/api-keys/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Re Bearer realm - it is allowed in the spec https://datatracker.ietf.org/doc/html/rfc6750#section-3
wrt X-API-Key, we should see if there is anyone using realm with this header
for discussion purposes