-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Option to enable authentication for all cargo API routes #176
Comments
Hi, thank you for notifying me about this. The But the They seem to have done this about two weeks ago and I completely missed it, thanks again for the notification. As a first approach, I think you are right to propose a new configuration option, similar to the Implementation-wise, this would mean to make the previously-unauthenticated endpoints take in an alexandrie/crates/alexandrie/src/frontend/krate.rs Lines 38 to 40 in 4813442
|
Actually, now that there is a new We could even make the |
With the stabilization of credential-process in
cargo
, more routes can be protected with a token thatcargo
can provide. (this is kinda related to #93)Are there any plans to add authentication to these other routes (I'm mostly interested in
download
)?From a quick glance, I believe this could be achieved by adding an
Auth
parameter like it's done inpublish
:alexandrie/crates/alexandrie/src/api/crates/publish.rs
Lines 195 to 197 in 4813442
We also probably need an additional configuration value to let users enable or disable this feature. Would you welcome a PR with such modifications?
The text was updated successfully, but these errors were encountered: