Page MenuHomeSoftware Heritage
Create Task
Maniphest T655

tweak HTTP auth for first API public release
Closed, MigratedEdits Locked
Actions

Description

This is the last step needed to deploy T614.

Two different kinds of tweaks will be necessary:

  1. for the available endpoints: drop HTTP auth completely
  2. for the upcoming endpoints: replace HTTP auth in favor of returning HTTP status code "501 Not Implemented"

Point (2) above is not only appropriate in general for our use case. But it is also very convenient, as some of the opened endpoints already return URLs pointing to upcoming endpoints. Returning 501 allows us to leave the URLs around, and at the same time inform users that they will be opened up in the future.

Related Objects
Search...

Event Timeline

zack created this task.Jan 30 2017, 2:46 PM
zack moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
zack renamed this task from disable HTTP auth for the API endpoints that allow browsing our graph to tweak HTTP auth for first API public release.Feb 1 2017, 9:16 AM
zack raised the priority of this task from Low to Normal.
zack updated the task description. (Show Details)
olasd mentioned this in rSPPROF0c0be96e5863: swh::deploy::webapp: switch over to locked endpoints instead of open endpoints.Feb 1 2017, 2:58 PM
olasd mentioned this in rSPSITEa917c2d7b948: data/defaults: locked endpoints for webui.Feb 1 2017, 3:04 PM
olasd changed the task status from Open to Work in Progress.Feb 1 2017, 4:25 PM
olasd added a subscriber: olasd.

I have now swapped HTTP authentication to be a blacklist of closed endpoints instead of a whitelist of open endpoints.

I would like to revisit making upcoming endpoints completely unavailable, as this makes testing them (on the prod website) annoying. Ideally, we would allow "manual" authentication: if the authentication header is present, pass through, else, return an error code (such as 405 Method Not Allowed, which looks like the RESTy thing to do). Unfortunately, I don't think apache lets us do that.

zack added a comment.Feb 1 2017, 5:47 PM

Upon discussion, we agreed to just leave open the relevant upcoming endpoints. As they're upcoming people should not assume their interface is stable; they just happen to be there and their presence allow to follow links from the result of other endpoints (e.g., /content/).

zack closed this task as Resolved.Feb 1 2017, 5:47 PM
zack claimed this task.
olasd mentioned this in rSPSITE0c0be96e5863: swh::deploy::webapp: switch over to locked endpoints instead of open endpoints.Jun 15 2018, 2:29 PM
gitlab-migration changed the task status from Resolved to Migrated.Oct 19 2022, 5:52 PM
gitlab-migration claimed this task.
gitlab-migration added a subscriber: gitlab-migration.

This task has been migrated to GitLab.

About · Developer information · Legal