feat: client support for authorized retrievals #249
Conversation
Codecov Report❌ Patch coverage is
🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
LGTM.
Just to confirm my understanding, the idea is the client will give the indexing service the delegations it needs to then retrieve (with auth) indexes from nodes. So these delegations will always be authorizations to space/content/retrieve on the space(s) the query is targeting.
Is that correct? If affirmative, should we enforce attached delegations are for space/content/retrieve? I understand the mechanism is generic and can be used for other stuff, but might be interesting to fail fast until it is used for something else. Just a quick thought.
pkg/client/client.go
Outdated
| "errors" | ||
| "fmt" | ||
| "io" | ||
| gohttp "net/http" |
There was a problem hiding this comment.
totally dismissible nitpitck (and I know this was already here before your changes): I'd rather this to be let as http and alias go-ucanto's http package instead.
pkg/client/client.go
Outdated
| c := Client{ | ||
| servicePrincipal: servicePrincipal, | ||
| serviceURL: serviceURL, | ||
| httpClient: gohttp.DefaultClient, |
There was a problem hiding this comment.
(I know this was already this way before your PR) it'd be great if this wasn't the DefaultClient but a client with a timeout
| httpClient: gohttp.DefaultClient, | |
| httpClient: client := http.Client{ | |
| Timeout: 30 * time.Second, | |
| }, |
| if len(query.Delegations) > 0 { | ||
| invs := make([]invocation.Invocation, 0, len(query.Delegations)) | ||
| for _, d := range query.Delegations { | ||
| invs = append(invs, d) | ||
| } | ||
| msg, err := message.Build(invs, nil) | ||
| if err != nil { | ||
| return nil, fmt.Errorf("building agent message: %w", err) | ||
| } | ||
| headerValue, err := hcmsg.EncodeHeader(msg) | ||
| if err != nil { | ||
| return nil, fmt.Errorf("encoding %s header: %w", hcmsg.HeaderName, err) | ||
| } | ||
| req.Header.Set(hcmsg.HeaderName, headerValue) | ||
| } |
There was a problem hiding this comment.
Think it's worth asserting the headerValue is not > 4Kib, iirc there is an option for this: WithMaxSize - Or is the intention for this case to be handled by the checks on status code below?
There was a problem hiding this comment.
hcmsg.EncodeHeader(...) does this and returns an error.
alanshaw
force-pushed
the
ash/feat/authorized-retrievals-client
branch
from
f4f0e09 to
793f289
Compare
3 participants
This PR adds support to the client library for authorized retrievals.
Essentially it allows one or more delegations to be attached to the query, that are sent in a HTTP header
X-Agent-Message.The server currently does nothing with the delegation - that is the next PR!