Add ENV VAR to allow disabling Rocket authentication #36
No reviewers
Labels
No Label
bug
documentation
duplicate
enhancement
help wanted
invalid
maintenance
peach-lib
peach-network
peach-oled
peach-stats
peach-web
question
refactor
wontfix
No Milestone
No project
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: PeachCloud/peach-workspace#36
Loading…
Reference in New Issue
No description provided.
Delete Branch "disable_auth"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
DISABLE_ROCKET_AUTH
env var in the request guardfalse
or unset, enable auth as usualtrue
, pass along the request without auth logicdisable_auth()
helper function to set the env var for testing purposes@notplants
Would love to hear you input on this approach. I think you have a lot more experience with web auth than I do. Are we missing anything here, or is there room for improvement?
As mentioned on cabal, having to call
disable_auth()
in each individual test function is quite clunky. At least it gives us a simple way to also test routes with authentication enabled.@glyph nice, the code in RequestGuard looks exactly how I imagined it would with the if/else.
A couple possible changes to consider:
use Rocket configs instead of Env variables directly. And where you are currently reading the Env variable in the RequestGuard, read the Rocket config value of DISABLE_ROCKET_AUTH instead. Rocket config can be set using Env variables, .toml file or programitically, which is the main avantage over using a env variable directly: https://rocket.rs/v0.5-rc/guide/configuration/#configuration
then instead of disable_auth function, write a utility function called init_test_rocket which is a wrapper around init_rocket, which takes an argument disable_auth and sets DISABLE_ROCKET_AUTH based on this argument. Then in all the tests, use init_test_rocket instead of using init_rocket directly, and pass the argument as needed. In the future if there are particular configurations every test needs, we could also put them in here.
Both of these are stylistic and not major changes. (1) might be more flexible. (2) might be more intuitive/streamlined to me (you say whether rocket should use authentication or not at the same time as you are instantiating it, instead of as a separate function call before).
I guess you could also do something organized like (2) without (1) is an option too.
Maybe there are other approaches as well, but this is what came to mind.
hmm I'm now also wondering how this DISABLE_ROCKET_AUTH config, and our general PeachCloud config.yml should interact. Perhaps we should have One Config.yml To Rule Them All.
I think we were discussing this before at one point,
but maybe there is a way to use Figment for all of our configuration,
so any config values can be set programatically, by env var or by the .yml/.toml.
But maybe that should be a separate PR, if we go that direction at all, because it would be a big refactor to how we get the other configuration values.
@notplants
Thanks for the suggested changes! That was perfect feedback.
Auth is now defined in
Rocket.toml
: disabled by default when running indevelopment
mode, enabled by default when running inproduction
mode. Those values are overruled by theROCKET_DISABLE_AUTH
env var (if set). I learned that the desired env var needs to be prefixed withROCKET_
to be seamlessly included in the RocketConfig
object.I have also implemented your suggested
init_test_rocket(disable_auth)
wrapper. It merges the givendisable_auth
value into the RocketConfig
(essentially replacing the default value). I think this gives us great amount of control.I've added documentation of this to the README.
One other small change introduced since your last review: I removed the
websocket
dependency (we had previously removed the code but not the dep).Good question. I think we might be able to have one file and point to it with
ROCKET_CONFIG
. I'd prefer to discuss this in a dedicated issue (I'll open one now).Nice looks good. Cool bonus to have default development and production settings too. And we can continue the conversation about whether to also use figment for other peach configurations in the other issue.