-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/19575/#review39651
-----------------------------------------------------------
Awesome Isabel! Sorry I haven't been able to get to this sooner. I'd like to
break this out into three phases (each individual reviews):
(1) Let's add base64::encode/decode to stout (including your tests). This will
mean you'll be putting both the declaration and definition in a header file
since stout is header only, but that's okay for now. Also, let's use
std::string instead of const char* for the parameters to encode (no need for
the 'len', argument, you can assume you'll use std::string::data and
std::string::size). We can evaluate other base64 libraries/implementations
later, yours is fine for now. Once this is up I'll give it a review, but to
jump the gun on style don't forget that we put '{' on the newline after a
function signature! ;)
(2) Let's add the Unauthorized HTTP Response with some basic tests showing how
one could set up a 'route' and manually check for the auth header and send back
NotAuthorized if missing and/or check if the passed username::password was
okay. Exposing this is great because it can let people do their own
authentication if they want (or need to).
(3) Let's overload the 'route' function to add a map of username => password
strings and update the implementation inside process.cpp to do the stuff
someone could manually do in (2) automagically. This will allow per endpoint
authentication.
As we evolve how we're going to be using this in Mesos we'll consider making
other changes, such as adding a global map for routes that didn't explicitly
set up authentication, providing a callbacks instead of just maps, etc, but
let's get to those after we get a bit more experience!
- Benjamin Hindman
On March 24, 2014, 6:40 a.m., Isabel Jimenez wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/19575/
> -----------------------------------------------------------
>
> (Updated March 24, 2014, 6:40 a.m.)
>
>
> Review request for mesos, Adam B and Benjamin Hindman.
>
>
> Bugs: MESOS-1131
> https://issues.apache.org/jira/browse/MESOS-1131
>
>
> Repository: mesos-git
>
>
> Description
> -------
>
> Draft of Http authentication tested for webui supported through libprocess.
> I used a Base64 code that I used in several projects but comes from
> cplusplus.com, I don't know if that raise a copyright question, in that case
> do you have any library suggestions?
> This review request is just a draft to know if I am heading in the right
> direction.
> Thank you in advance for your comments.
>
>
> Diffs
> -----
>
> 3rdparty/libprocess/Makefile.am 3c6219e
> 3rdparty/libprocess/include/process/base64.hpp PRE-CREATION
> 3rdparty/libprocess/include/process/http.hpp 7f549ba
> 3rdparty/libprocess/src/base64.cpp PRE-CREATION
> 3rdparty/libprocess/src/process.cpp 6c6acc0
> 3rdparty/libprocess/src/tests/base64_tests.cpp PRE-CREATION
> src/master/main.cpp f12f20a
>
> Diff: https://reviews.apache.org/r/19575/diff/
>
>
> Testing
> -------
>
> Added a test for base64 and make check
>
>
> Thanks,
>
> Isabel Jimenez
>
>
