Add support for authenticated HTTP access for interchange project download and index access#157
Draft
tilowiklundSensmetry wants to merge 2 commits intomainfrom
Draft
Add support for authenticated HTTP access for interchange project download and index access#157tilowiklundSensmetry wants to merge 2 commits intomainfrom
tilowiklundSensmetry wants to merge 2 commits intomainfrom
Conversation
Signed-off-by: Tilo Wiklund <tilo.wiklund@sensmetry.com>
tilowiklundSensmetry
added a commit
that referenced
this pull request
Feb 2, 2026
This MR implements the basic infrastructure for adding authentication to HTTP requests (to indices, project source, ...). It is an intermediate MR to #157, which intends to bring more complete support, both in terms of supported authentication schemes and configurability. This MR only implements: - Basic authentication scheme (username:password) - Configurable in the CLI, via environment variables The CLI looks for triplets of environment variables following the pattern `SYSAND_CRED_<X>`, `SYSAND_CRED_<X>_BASIC_USER`, `SYSAND_CRED_<X>_BASIC_PASS`. The `<X>` part is arbitrary, but every `<X>` has to appear either not at all, or for all three patterns. The first variable is a glob pattern to match URLs to allow authentication for, while the other two provide the actual credentials. Example ``` SYSAND_CRED_FOO='https://*.foo.com/**' SYSAND_CRED_FOO_BASIC_USER="bar" SYSAND_CRED_BASIC_PASS="baz" sysand <OP> ``` Would allow the use of `bar:baz` as credentials for urls such as `https://www.foo.com/a/b/c`, `https://index.foo.com/hey.kpar`, ... Credentials are only actually sent if an initial request generates a 4xx status. The strictly correct behaviour here would be to try sending credentials only in response to an explicit `401` with `WWW-Authenticate` header, but this would, I believe, be incompatible with using, for example, private GitLab/GitHub pages. --------- Signed-off-by: Tilo Wiklund <tilo.wiklund@sensmetry.com> Signed-off-by: Tilo Wiklund <75035892+tilowiklundSensmetry@users.noreply.github.com> Co-authored-by: Victor Linroth <victor.linroth@sensmetry.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Will satisfy #10