Skip to content
Snippets Groups Projects

remove X-Priv-Token

Merged Leo requested to merge remove-auth into master
+ 2
12
@@ -13,16 +13,7 @@ Small daemon to filter and proxy GitLab API calls from [aports-qa-bot](https://g
**aports-proxy-bot** listens on the port defined by the **listen_on** key in its configuration and will wait on certain paths that are hardcoded, and change to meet the demands of the services from **aports-qa-bot**.
whenever a request is made in the port that **aports-proxy-bot** is listening on it will answer it, by first checking the value of the header **X-Priv-Token** against the value of **tokens.auth** in its configuration.
If the values don't match then it returns **http.StatusForbidden** (403) as the return code and in the body of the response sends the following payload:
```json
{"message":"403 Forbidden"}
```
If the values match then it checks the path of the request, depending on the path it will use either of
the following 2 tokens in its configuration:
whenever a request is made in the port that **aports-proxy-bot** is listening on it will answer it, first by checking the path of the request, and depending on it it will use either of the 2 following tokens from its configuration:
- **tokens.admin**: used to perform API calls with the permissions of a GitLab instance administrator.
- **tokens.user**: used to perform API calls with the permissions of an average user.
@@ -37,8 +28,7 @@ Some things it would be nice to have:
- Deal with OAuth authentication methods by replacing the **Authorization** header with a value defined in our configuration
- Serve HTTPS (it is currently expected for users to `http://localhost:PORT` on **aports-qa-bot**)
- Allow for more robust methods of authenticating a caller than just a made-up header (**X-Priv-Token**) like ssh does
- Expand this README to include **## Usage** and fancy badges for passing CI and Build
- Expand this README to include **## Usage**
## Author
Loading