srctree

Gregory Mullen parent 83faa963 1a97d1cb
fix mtls auth

inlinesplit
src/auth/mtls.zig added: 10, removed: 4, total 6
@@ -22,7 +22,7 @@ pub fn authenticate(ptr: *anyopaque, headers: *const Headers) Error!User {
if (std.mem.eql(u8, enabled.list[0], "SUCCESS")) {
success = true;
}
}
} else log.debug("MTLS not enabled", .{});
 
if (!success) return error.UnknownUser;
 
@@ -33,7 +33,7 @@ pub fn authenticate(ptr: *anyopaque, headers: *const Headers) Error!User {
// mTLS fingerprint
if (enabled.list.len > 1) return error.InvalidAuth;
return base.lookupUser(enabled.list[0]);
}
} else log.debug("MTLS fingerprint missing", .{});
}
return .{ .user_ptr = null };
}
@@ -91,6 +91,7 @@ test MTLS {
}
 
const std = @import("std");
const log = std.log.scoped(.verse);
const Provider = @import("provider.zig");
const User = @import("user.zig");
const Error = @import("../auth.zig").Error;
 
src/request.zig added: 10, removed: 4, total 6
@@ -119,6 +119,7 @@ pub const Protocol = union(enum) {
const Headers = @import("headers.zig");
const Cookies = @import("cookies.zig");
const zWSGIRequest = @import("zwsgi.zig").zWSGIRequest;
const zWSGIParam = @import("zwsgi.zig").zWSGIParam;
 
fn initCommon(
a: Allocator,
@@ -185,6 +186,10 @@ pub fn initZWSGI(a: Allocator, zwsgi: *zWSGIRequest, data: Data) !Request {
for (zwsgi.vars.items) |v| {
try headers.addCustom(a, v.key, v.val);
}
// TODO replace this hack with better header support
for ([_]zWSGIParam{ .MTLS_ENABLED, .MTLS_FINGERPRINT }) |key| {
try headers.addCustom(a, @tagName(key), zwsgi.known.get(key).?);
}
 
return initCommon(
a,