Skip to content

Add authorization#1

Closed
secana wants to merge 4 commits intojonhoo:http-registryfrom
secana:http-registry
Closed

Add authorization#1
secana wants to merge 4 commits intojonhoo:http-registryfrom
secana:http-registry

Conversation

@secana
Copy link

@secana secana commented Apr 25, 2021

Hi @jonhoo,

I've added optional authorization for the HTTP registry. As with a "push", the "HTTP Authorization" header will be send on a index or crate download request.

Why: For private registry, authorization is not only important for the "push", but for the "pull" of any data, too. Different users can have different rights for crates. Sending an optional authorization header satisfies that need.

As this is my first time modifying Cargo, I'm sure I did a lot of stuff wrong or not optimal, so please let me know, where I can improve the code.

If there is generally no interest in support for authorization and private registries, let me know.

@secana secana mentioned this pull request Apr 25, 2021
Closed
@jonhoo
Copy link
Owner

jonhoo commented Apr 25, 2021

Hi! I think it's probably best to try and land just the HTTP protocol registry first, and then add authorization afterwards, rather than trying to add both at the same time. There are a bunch of questions around registry authentication and authorization that I know the cargo team has already thought a bunch about, so I think it shouldn't be folded in here.

Also note that my PR that you've submitted a PR on top of is very much experimental, and is unlikely to land in its current form. Instead, the path forward is first to land rust-lang#8985, and then to modify my experimental implementation on top of that, rather than have it use a pre-fetching phase like it currently utilizes.

@secana
Copy link
Author

secana commented Apr 27, 2021

Hi! Alright, I'll keep an I on #8985. If there is any way I can help in the future with the http registry, I'll be happy do to so!

@Eh2406
Copy link

Eh2406 commented Apr 27, 2021

When the http-api is on its way to stabilization, I will be doing a deep dive on the authorization side. It sounds like you have well earned opinions on how that should work. I would love to incorporate your expertise! Can we have a meeting when I start my education on that part? I will be reading the comments on rust-lang/rfcs#2719 so if you want to put your prospective down for posterity that would be a useful place.

@secana
Copy link
Author

secana commented Apr 28, 2021

@Eh2406 Sure, feel free to contact me any time!

@secana secana mentioned this pull request Apr 28, 2021
Closed
@Eh2406
Copy link

Eh2406 commented May 28, 2021

Someone else has start the conversation. Currently the conversation is at https://internals.rust-lang.org/t/pre-rfc-cargo-alternative-registry-authentication/14794

@jonhoo jonhoo closed this May 28, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@secana @jonhoo @Eh2406