PeachCloud
/
peach-workspace
3
2
Fork 1
Code Issues 17 Pull Requests Projects Releases Wiki Activity

Add ENV VAR to allow disabling Rocket authentication #36

Merged
glyph merged 9 commits from disable_auth into main 2021-11-25 10:10:55 +00:00
Conversation 4 Commits 9 Files Changed 6 +121 -269
glyph commented 2021-11-24 09:24:40 +00:00
Owner
Copy Link
  • Checks for the DISABLE_ROCKET_AUTH env var in the request guard
    • If false or unset, enable auth as usual
    • If true, pass along the request without auth logic
  • Adds a disable_auth() helper function to set the env var for testing purposes
  • Documents the new env var
  • Bumps the crate version

@notplants

Would love to hear you input on this approach. I think you have a lot more experience with web auth than I do. Are we missing anything here, or is there room for improvement?

As mentioned on cabal, having to call disable_auth() in each individual test function is quite clunky. At least it gives us a simple way to also test routes with authentication enabled.

- Checks for the `DISABLE_ROCKET_AUTH` env var in the request guard - If `false` or unset, enable auth as usual - If `true`, pass along the request without auth logic - Adds a `disable_auth()` helper function to set the env var for testing purposes - Documents the new env var - Bumps the crate version @notplants Would love to hear you input on this approach. I think you have a lot more experience with web auth than I do. Are we missing anything here, or is there room for improvement? As mentioned on cabal, having to call `disable_auth()` in each individual test function is quite clunky. At least it gives us a simple way to also test routes with authentication enabled.
glyph added 4 commits 2021-11-24 09:24:41 +00:00
glyph requested review from notplants 2021-11-24 09:24:48 +00:00
glyph added the
enhancement
 label 2021-11-24 09:24:59 +00:00
notplants commented 2021-11-24 10:59:25 +00:00
Owner
Copy Link

@glyph nice, the code in RequestGuard looks exactly how I imagined it would with the if/else.

A couple possible changes to consider:

  1. use Rocket configs instead of Env variables directly. And where you are currently reading the Env variable in the RequestGuard, read the Rocket config value of DISABLE_ROCKET_AUTH instead. Rocket config can be set using Env variables, .toml file or programitically, which is the main avantage over using a env variable directly: https://rocket.rs/v0.5-rc/guide/configuration/#configuration

  2. then instead of disable_auth function, write a utility function called init_test_rocket which is a wrapper around init_rocket, which takes an argument disable_auth and sets DISABLE_ROCKET_AUTH based on this argument. Then in all the tests, use init_test_rocket instead of using init_rocket directly, and pass the argument as needed. In the future if there are particular configurations every test needs, we could also put them in here.

Both of these are stylistic and not major changes. (1) might be more flexible. (2) might be more intuitive/streamlined to me (you say whether rocket should use authentication or not at the same time as you are instantiating it, instead of as a separate function call before).

I guess you could also do something organized like (2) without (1) is an option too.

Maybe there are other approaches as well, but this is what came to mind.

@glyph nice, the code in RequestGuard looks exactly how I imagined it would with the if/else. A couple possible changes to consider: 1. use Rocket configs instead of Env variables directly. And where you are currently reading the Env variable in the RequestGuard, read the Rocket config value of DISABLE_ROCKET_AUTH instead. Rocket config can be set using Env variables, .toml file or programitically, which is the main avantage over using a env variable directly: https://rocket.rs/v0.5-rc/guide/configuration/#configuration 2. then instead of disable_auth function, write a utility function called init_test_rocket which is a wrapper around init_rocket, which takes an argument disable_auth and sets DISABLE_ROCKET_AUTH based on this argument. Then in all the tests, use init_test_rocket instead of using init_rocket directly, and pass the argument as needed. In the future if there are particular configurations every test needs, we could also put them in here. Both of these are stylistic and not major changes. (1) might be more flexible. (2) might be more intuitive/streamlined to me (you say whether rocket should use authentication or not at the same time as you are instantiating it, instead of as a separate function call before). I guess you could also do something organized like (2) without (1) is an option too. Maybe there are other approaches as well, but this is what came to mind.
👍 1
notplants commented 2021-11-24 11:09:41 +00:00
Owner
Copy Link

hmm I'm now also wondering how this DISABLE_ROCKET_AUTH config, and our general PeachCloud config.yml should interact. Perhaps we should have One Config.yml To Rule Them All.

I think we were discussing this before at one point,
but maybe there is a way to use Figment for all of our configuration,
so any config values can be set programatically, by env var or by the .yml/.toml.

But maybe that should be a separate PR, if we go that direction at all, because it would be a big refactor to how we get the other configuration values.

hmm I'm now also wondering how this DISABLE_ROCKET_AUTH config, and our general PeachCloud config.yml should interact. Perhaps we should have One Config.yml To Rule Them All. I think we were discussing this before at one point, but maybe there is a way to use Figment for all of our configuration, so any config values can be set programatically, by env var or by the .yml/.toml. But maybe that should be a separate PR, if we go that direction at all, because it would be a big refactor to how we get the other configuration values.
glyph added 5 commits 2021-11-25 09:33:35 +00:00
glyph commented 2021-11-25 09:44:26 +00:00
Author
Owner
Copy Link

@notplants

Thanks for the suggested changes! That was perfect feedback.

Auth is now defined in Rocket.toml: disabled by default when running in development mode, enabled by default when running in production mode. Those values are overruled by the ROCKET_DISABLE_AUTH env var (if set). I learned that the desired env var needs to be prefixed with ROCKET_ to be seamlessly included in the Rocket Config object.

I have also implemented your suggested init_test_rocket(disable_auth) wrapper. It merges the given disable_auth value into the Rocket Config (essentially replacing the default value). I think this gives us great amount of control.

I've added documentation of this to the README.

One other small change introduced since your last review: I removed the websocket dependency (we had previously removed the code but not the dep).

hmm I'm now also wondering how this DISABLE_ROCKET_AUTH config, and our general PeachCloud config.yml should interact. Perhaps we should have One Config.yml To Rule Them All.

Good question. I think we might be able to have one file and point to it with ROCKET_CONFIG. I'd prefer to discuss this in a dedicated issue (I'll open one now).

@notplants Thanks for the suggested changes! That was perfect feedback. Auth is now defined in `Rocket.toml`: disabled by default when running in `development` mode, enabled by default when running in `production` mode. Those values are overruled by the `ROCKET_DISABLE_AUTH` env var (if set). I learned that the desired env var needs to be prefixed with `ROCKET_` to be seamlessly included in the Rocket `Config` object. I have also implemented your suggested `init_test_rocket(disable_auth)` wrapper. It merges the given `disable_auth` value into the Rocket `Config` (essentially replacing the default value). I think this gives us great amount of control. I've added documentation of this to the README. One other small change introduced since your last review: I removed the `websocket` dependency (we had previously removed the code but not the dep). ----- > hmm I'm now also wondering how this DISABLE_ROCKET_AUTH config, and our general PeachCloud config.yml should interact. Perhaps we should have One Config.yml To Rule Them All. Good question. I think we might be able to have one file and point to it with `ROCKET_CONFIG`. I'd prefer to discuss this in a dedicated issue (I'll open one now).
notplants commented 2021-11-25 10:07:39 +00:00
Owner
Copy Link

Nice looks good. Cool bonus to have default development and production settings too. And we can continue the conversation about whether to also use figment for other peach configurations in the other issue.

Nice looks good. Cool bonus to have default development and production settings too. And we can continue the conversation about whether to also use figment for other peach configurations in the other issue.
👍 1
glyph merged commit c8d0a2ddf6 into main 2021-11-25 10:10:55 +00:00
glyph deleted branch disable_auth 2021-11-25 10:10:55 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
notplants
Labels
Clear labels
  
bug

Something is not working

  
documentation

   
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
maintenance

Pruning and weeding

  
peach-lib

   
peach-network

   
peach-oled

   
peach-stats

   
peach-web

   
question

More information is needed

  
refactor

Code rewrite

  
wontfix

This won't be fixed

No Label
bug
documentation
duplicate
enhancement
help wanted
invalid
maintenance
peach-lib
peach-network
peach-oled
peach-stats
peach-web
question
refactor
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: PeachCloud/peach-workspace#36
No description provided.
Delete Branch "disable_auth"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?