chenBright commented on code in PR #2744:
URL: https://github.com/apache/brpc/pull/2744#discussion_r1729976173
##########
src/brpc/policy/http_rpc_protocol.cpp:
##########
@@ -1253,6 +1254,30 @@ ParseResult ParseHttpMessage(butil::IOBuf *source,
Socket *socket,
}
}
+static void SendUnauthorizedResponseIfNeed(const Authenticator* auth, Socket*
socket) {
+ std::string www_authenticate;
+ if (!auth->GetUnauthorizedResponseInfo(www_authenticate)) {
+ return;
+ }
+
+ // Send 401(unauthorized) and `ERPCAUTH' to client.
+ butil::IOBuf res_buf;
+ HttpHeader header;
+ header.set_status_code(HTTP_STATUS_UNAUTHORIZED);
+ // RFC7235 https://datatracker.ietf.org/doc/html/rfc7235#section-4.1
+ // The server generating a 401 response MUST send a WWW-Authenticate
+ // header field (Section 4.1) containing at least one challenge
+ // applicable to the target resource.
+ header.SetHeader(common->ERROR_CODE, butil::string_printf("%d", ERPCAUTH));
+ header.SetHeader(common->WWW_AUTHENTICATE, www_authenticate);
Review Comment:
> 这里 resp info 的内容由谁保证有效呢?
resp info由用户来保证,毕竟用户实现的认证逻辑,框架也不知道格式要求。
> 另外采用标准方式还会有后续的认证过程,这里是否要支持呢?
不支持,没考虑这么复杂的过程。”后续的认证“这种有状态的的过程,在rpc中不好处理吧。
> 这样采用标准方式可能引入更多不通用性。
有什么建议吗?只回401吗?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@brpc.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@brpc.apache.org
For additional commands, e-mail: dev-h...@brpc.apache.org
