feat(server): display expected auth in logs in invalid request
All checks were successful
ci/woodpecker/push/cron-docker-builder Pipeline was successful
ci/woodpecker/push/push-next Pipeline was successful
ci/woodpecker/push/tag-created Pipeline was successful

This commit is contained in:
Paul Campbell 2024-05-19 18:20:54 +01:00
parent cdad66531e
commit 2c4dd1bcf8

View file

@ -20,7 +20,7 @@ use crate::{
)]
pub struct WebhookId(String);
#[derive(Clone, Debug, PartialEq, Eq, derive_more::Deref)]
#[derive(Clone, Debug, PartialEq, Eq, derive_more::Deref, derive_more::Display)]
pub struct WebhookAuth(ulid::Ulid);
impl WebhookAuth {
pub fn from_str(authorisation: &str) -> Result<Self, DecodeError> {
@ -33,7 +33,7 @@ impl WebhookAuth {
}
fn header_value(&self) -> String {
format!("Basic {}", self.0.to_string())
format!("Basic {}", self)
}
}
@ -182,9 +182,20 @@ impl Handler<WebhookMessage> for RepoActor {
#[allow(clippy::cognitive_complexity)] // TODO: (#49) reduce complexity
#[tracing::instrument(name = "RepoActor::WebhookMessage", skip_all, fields(token = %self.message_token, repo = %self.details))]
fn handle(&mut self, msg: WebhookMessage, ctx: &mut Self::Context) -> Self::Result {
if msg.authorisation() != self.webhook_auth {
warn!("Invalid authorization");
return; // invalid auth
let Some(expected_authorization) = &self.webhook_auth else {
warn!("Don't know what authorization to expect");
return;
};
let Some(received_authorization) = &msg.authorisation() else {
warn!("Missing authorization token");
return;
};
if received_authorization != expected_authorization {
warn!(
"Invalid authorization - expected {}",
expected_authorization
);
return;
}
let id = msg.id();
let span = tracing::info_span!("handle", %id);