wasphin commented on code in PR #2744:
URL: https://github.com/apache/brpc/pull/2744#discussion_r1729957259
##########
src/brpc/policy/http_rpc_protocol.cpp:
##########
@@ -1253,6 +1254,30 @@ ParseResult ParseHttpMessage(butil::IOBuf *source,
Socket *socket,
}
}
+static void SendUnauthorizedResponseIfNeed(const Authenticator* auth, Socket*
socket) {
+ std::string www_authenticate;
+ if (!auth->GetUnauthorizedResponseInfo(www_authenticate)) {
+ return;
+ }
+
+ // Send 401(unauthorized) and `ERPCAUTH' to client.
+ butil::IOBuf res_buf;
+ HttpHeader header;
+ header.set_status_code(HTTP_STATUS_UNAUTHORIZED);
+ // RFC7235 https://datatracker.ietf.org/doc/html/rfc7235#section-4.1
+ // The server generating a 401 response MUST send a WWW-Authenticate
+ // header field (Section 4.1) containing at least one challenge
+ // applicable to the target resource.
+ header.SetHeader(common->ERROR_CODE, butil::string_printf("%d", ERPCAUTH));
+ header.SetHeader(common->WWW_AUTHENTICATE, www_authenticate);
Review Comment:
如果按 HTTP 标准方式回复未认证状态,`WWW-Authenticate` 的内容可能还有格式要求,这里 resp info
的内容由谁保证有效呢?另外采用标准方式还会有后续的认证过程,这里是否要支持呢?这样采用标准方式可能引入更多不通用性。
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@brpc.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@brpc.apache.org
For additional commands, e-mail: dev-h...@brpc.apache.org
