feat(server): display expected auth in logs in invalid request

2024-05-19 18:20:54 +01:00 · 2024-05-19 18:20:54 +01:00 · c6c8dcedc5
commit c6c8dcedc5
parent 4977619c70
1 changed files with 16 additions and 5 deletions
--- a/crates/server/src/actors/repo/webhook.rs
+++ b/crates/server/src/actors/repo/webhook.rs
@ -20,7 +20,7 @@ use crate::{
 )]
 pub struct WebhookId(String);

-#[derive(Clone, Debug, PartialEq, Eq, derive_more::Deref)]
+#[derive(Clone, Debug, PartialEq, Eq, derive_more::Deref, derive_more::Display)]
 pub struct WebhookAuth(ulid::Ulid);
 impl WebhookAuth {
    pub fn from_str(authorisation: &str) -> Result<Self, DecodeError> {
@ -33,7 +33,7 @@ impl WebhookAuth {
    }

    fn header_value(&self) -> String {
-        format!("Basic {}", self.0.to_string())
+        format!("Basic {}", self)
    }
 }

@ -182,9 +182,20 @@ impl Handler<WebhookMessage> for RepoActor {
    #[allow(clippy::cognitive_complexity)] // TODO: (#49) reduce complexity
    #[tracing::instrument(name = "RepoActor::WebhookMessage", skip_all, fields(token = %self.message_token, repo = %self.details))]
    fn handle(&mut self, msg: WebhookMessage, ctx: &mut Self::Context) -> Self::Result {
-        if msg.authorisation() != self.webhook_auth {
-            warn!("Invalid authorization");
-            return; // invalid auth
+        let Some(expected_authorization) = &self.webhook_auth else {
+            warn!("Don't know what authorization to expect");
+            return;
+        };
+        let Some(received_authorization) = &msg.authorisation() else {
+            warn!("Missing authorization token");
+            return;
+        };
+        if received_authorization != expected_authorization {
+            warn!(
+                "Invalid authorization - expected {}",
+                expected_authorization
+            );
+            return;
        }
        let id = msg.id();
        let span = tracing::info_span!("handle", %id);