From c6c8dcedc5d074f0c136c6ebef36d448ebe6af92 Mon Sep 17 00:00:00 2001 From: Paul Campbell Date: Sun, 19 May 2024 18:20:54 +0100 Subject: [PATCH] feat(server): display expected auth in logs in invalid request --- crates/server/src/actors/repo/webhook.rs | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/crates/server/src/actors/repo/webhook.rs b/crates/server/src/actors/repo/webhook.rs index f778b5a4..3dc1e4c9 100644 --- a/crates/server/src/actors/repo/webhook.rs +++ b/crates/server/src/actors/repo/webhook.rs @@ -20,7 +20,7 @@ use crate::{ )] pub struct WebhookId(String); -#[derive(Clone, Debug, PartialEq, Eq, derive_more::Deref)] +#[derive(Clone, Debug, PartialEq, Eq, derive_more::Deref, derive_more::Display)] pub struct WebhookAuth(ulid::Ulid); impl WebhookAuth { pub fn from_str(authorisation: &str) -> Result { @@ -33,7 +33,7 @@ impl WebhookAuth { } fn header_value(&self) -> String { - format!("Basic {}", self.0.to_string()) + format!("Basic {}", self) } } @@ -182,9 +182,20 @@ impl Handler for RepoActor { #[allow(clippy::cognitive_complexity)] // TODO: (#49) reduce complexity #[tracing::instrument(name = "RepoActor::WebhookMessage", skip_all, fields(token = %self.message_token, repo = %self.details))] fn handle(&mut self, msg: WebhookMessage, ctx: &mut Self::Context) -> Self::Result { - if msg.authorisation() != self.webhook_auth { - warn!("Invalid authorization"); - return; // invalid auth + let Some(expected_authorization) = &self.webhook_auth else { + warn!("Don't know what authorization to expect"); + return; + }; + let Some(received_authorization) = &msg.authorisation() else { + warn!("Missing authorization token"); + return; + }; + if received_authorization != expected_authorization { + warn!( + "Invalid authorization - expected {}", + expected_authorization + ); + return; } let id = msg.id(); let span = tracing::info_span!("handle", %id);