refactor: GITHUB_AUTH -> GITHUB_CLIENT_SECRET for GitHub auth in registry

2024-12-12 11:00:36 +00:00 · 2024-10-22 17:58:31 +02:00 · 2024-10-22 17:58:31 +02:00 · 901b450a6c
commit 901b450a6c
parent d346fe1d34
4 changed files with 6 additions and 9 deletions
--- a/fly.toml
+++ b/fly.toml
@ -11,7 +11,6 @@ PORT = '8080'
 COMMITTER_GIT_NAME = 'pesde index updater'
 COMMITTER_GIT_EMAIL = 'pesde@daimond113.com'
 INDEX_REPO_URL = 'https://github.com/daimond113/pesde-index'
-GITHUB_AUTH = '1'

 [http_service]
 internal_port = 8080
--- a/registry/.env.example
+++ b/registry/.env.example
@ -21,7 +21,6 @@ READ_ACCESS_TOKEN=    # a token that is used to authenticate read requests
 WRITE_ACCESS_TOKEN=   # a token that is used to authenticate write requests

 # GitHub 
-GITHUB_AUTH=          # set to any value to enable GitHub authentication 
 GITHUB_CLIENT_SECRET= # client secret of the GitHub OAuth app configured in the index's `config.toml`

 # If none of the above is set, no authentication is required, even for write requests
--- a/registry/src/auth/mod.rs
+++ b/registry/src/auth/mod.rs
@ -13,7 +13,7 @@ use actix_web::{
    middleware::Next,
    web, HttpMessage, HttpResponse,
 };
-use pesde::{source::pesde::PesdePackageSource, Project};
+use pesde::source::pesde::IndexConfig;
 use sha2::{Digest, Sha256};
 use std::fmt::Display;

@ -142,20 +142,18 @@ pub async fn read_mw(
    next.call(req).await.map(|res| res.map_into_left_body())
 }

-pub fn get_auth_from_env(index: &PesdePackageSource, project: &Project) -> Auth {
+pub fn get_auth_from_env(config: IndexConfig) -> Auth {
    if let Ok(token) = benv!("ACCESS_TOKEN") {
        Auth::Token(token::TokenAuth {
            token: *Sha256::digest(token.as_bytes()).as_ref(),
        })
-    } else if benv!("GITHUB_AUTH").is_ok() {
-        let config = index.config(project).expect("failed to get index config");
-
+    } else if let Ok(client_secret) = benv!("GITHUB_CLIENT_SECRET") {
        Auth::GitHub(github::GitHubAuth {
            reqwest_client: make_reqwest(),
            client_id: config
                .github_oauth_client_id
                .expect("index isn't configured for GitHub"),
-            client_secret: benv!(required "GITHUB_CLIENT_SECRET"),
+            client_secret,
        })
    } else if let Ok((r, w)) =
        benv!("READ_ACCESS_TOKEN").and_then(|r| benv!("WRITE_ACCESS_TOKEN").map(|w| (r, w)))
--- a/registry/src/main.rs
+++ b/registry/src/main.rs
@ -110,7 +110,8 @@ async fn run(with_sentry: bool) -> std::io::Result<()> {
            storage
        },
        auth: {
-            let auth = get_auth_from_env(&source, &project);
+            let auth =
+                get_auth_from_env(source.config(&project).expect("failed to get index config"));
            info!("auth: {auth}");
            auth
        },