start adding passkey auth to core periphery communication

2026-04-28 19:59:46 -05:00 · 2023-02-17 12:53:09 -05:00
parent 6e444b9032
commit 69ce1e4f36
4 changed files with 17 additions and 1 deletions
--- a/cli/src/helpers.rs
+++ b/cli/src/helpers.rs
@@ -81,6 +81,7 @@ pub fn gen_core_config(sub_matches: &ArgMatches) {
        },
        jwt_secret: generate_secret(40),
        github_webhook_secret: generate_secret(30),
+        passkey: generate_secret(30),
    };

    write_to_toml(&path, &config);
@@ -318,9 +319,10 @@ pub fn gen_periphery_config(sub_matches: &ArgMatches) {

    let config = PeripheryConfig {
        port,
+        repo_dir,
        stats_polling_rate,
        allowed_ips,
-        repo_dir,
+        passkeys: vec![],
        secrets: Default::default(),
        github_accounts: Default::default(),
        docker_accounts: Default::default(),
--- a/cli/src/types.rs
+++ b/cli/src/types.rs
@@ -32,6 +32,9 @@ pub struct CoreConfig {
    // used to verify validity from github webhooks
    pub github_webhook_secret: String,

+    // sent in auth header with req to periphery
+    pub passkey: String,
+
    // integration with slack app
    pub slack_url: Option<String>,

@@ -104,6 +107,8 @@ pub struct PeripheryConfig {
    #[serde(default)]
    pub allowed_ips: Vec<IpAddr>,
    #[serde(default)]
+    pub passkeys: Vec<String>,
+    #[serde(default)]
    pub secrets: SecretsMap,
    #[serde(default)]
    pub github_accounts: GithubAccounts,
--- a/lib/types/src/config.rs
+++ b/lib/types/src/config.rs
@@ -42,6 +42,9 @@ pub struct CoreConfig {
    // used to verify validity from github webhooks
    pub github_webhook_secret: String,

+    // sent in auth header with req to periphery
+    pub passkey: String,
+
    // integration with slack app
    pub slack_url: Option<String>,

@@ -104,6 +107,8 @@ pub struct PeripheryConfig {
    #[serde(default)]
    pub allowed_ips: Vec<IpAddr>,
    #[serde(default)]
+    pub passkeys: Vec<String>,
+    #[serde(default)]
    pub secrets: SecretsMap,
    #[serde(default)]
    pub github_accounts: GithubAccounts,
--- a/periphery/src/api/mod.rs
+++ b/periphery/src/api/mod.rs
@@ -59,6 +59,10 @@ async fn guard_request(
        StatusCode::INTERNAL_SERVER_ERROR,
        "could not get periphery config".to_string(),
    ))?;
+    let passkey = req.headers().get("authorization");
+    if passkey.is_none() {
+        return Err((StatusCode::UNAUTHORIZED, format!("")))
+    }
    if config.allowed_ips.is_empty() {
        return Ok(next.run(req).await);
    }