herocode/supervisor
Archived
14
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: herocode:43ad9b60aa586c92e78833bd7385b1ba7ae400d7
Branches Tags
herocode:main
..
compare: herocode:2ca593510c6a8dc86968a234d9bacfae282ce522
Branches Tags
herocode:main

3 Commits
43ad9b60aa ... 2ca593510c

Author SHA1 Message Date
Timur Gordon
2ca593510c Add debug logging to WASM client Authorization header 2025-11-11 11:54:09 +01:00
Timur Gordon
77e32b360c Unify authentication: store secrets as API keys 
- Secrets are now added to ApiKeyStore on supervisor initialization
- Removed duplicate authentication logic in verify_api_key
- Single source of truth: all authentication goes through ApiKeyStore
- Admin/user/register secrets are treated as API keys with appropriate scopes
- Simplified auth_verify - no special case handling needed
 2025-11-07 00:42:05 +01:00
Timur Gordon
d6184e7507 Treat secrets as API keys - unify authentication 
- Updated verify_api_key() to check secrets first (admin, user, register)
- Secrets are now treated as API keys with appropriate scopes
- All OpenRPC methods now work with secrets (register_runner, list_runners, etc.)
- Simplified auth_verify since verify_api_key handles everything
- Admin UI now fully functional with admin secret from .env
 2025-11-07 00:38:33 +01:00
3 changed files with 38 additions and 30 deletions
Expand all files Collapse all files

7
client/src/wasm.rs
View File

@@ -711,8 +711,13 @@ impl WasmSupervisorClient {
// Add Authorization header if secret is present // Add Authorization header if secret is present
if let Some(secret) = &self.secret { if let Some(secret) = &self.secret {
headers.set("Authorization", &format!("Bearer {}", secret)) let auth_value = format!("Bearer {}", secret);
web_sys::console::log_1(&format!("🔐 WASM Client: Setting Authorization header: Bearer {}...", &secret[..secret.len().min(8)]).into());
headers.set("Authorization", &auth_value)
.map_err(|e| WasmClientError::JavaScript(format!("{:?}", e)))?; .map_err(|e| WasmClientError::JavaScript(format!("{:?}", e)))?;
web_sys::console::log_1(&"✅ WASM Client: Authorization header set successfully".into());
} else {
web_sys::console::log_1(&"⚠️ WASM Client: NO SECRET - Authorization header NOT set".into());
} }
// Create request init // Create request init

29
core/src/openrpc.rs
View File

@@ -964,34 +964,7 @@ impl SupervisorRpcServer for Arc<Mutex<Supervisor>> {
let key = get_current_api_key() let key = get_current_api_key()
.ok_or_else(|| ErrorObject::owned(-32602, "Missing Authorization header", None::<()>))?; .ok_or_else(|| ErrorObject::owned(-32602, "Missing Authorization header", None::<()>))?;
// Check if it's an admin secret // verify_api_key now checks secrets first, then API keys
if supervisor.has_admin_secret(&key) {
return Ok(crate::auth::AuthVerifyResponse {
valid: true,
name: "Admin Secret".to_string(),
scope: "admin".to_string(),
});
}
// Check if it's a user secret
if supervisor.has_user_secret(&key) {
return Ok(crate::auth::AuthVerifyResponse {
valid: true,
name: "User Secret".to_string(),
scope: "user".to_string(),
});
}
// Check if it's a register secret
if supervisor.has_register_secret(&key) {
return Ok(crate::auth::AuthVerifyResponse {
valid: true,
name: "Register Secret".to_string(),
scope: "register".to_string(),
});
}
// Check if it's an API key
match supervisor.verify_api_key(&key).await { match supervisor.verify_api_key(&key).await {
Some(api_key) => { Some(api_key) => {
Ok(crate::auth::AuthVerifyResponse { Ok(crate::auth::AuthVerifyResponse {

32
core/src/supervisor.rs
View File

@@ -238,6 +238,36 @@ impl SupervisorBuilder {
reason: format!("Invalid Redis URL: {}", e), reason: format!("Invalid Redis URL: {}", e),
})?; })?;
// Create API key store and add secrets as API keys
let mut api_key_store = crate::auth::ApiKeyStore::new();
// Add admin secrets as API keys
for secret in &self.admin_secrets {
api_key_store.add_key(crate::auth::ApiKey::with_key(
secret.clone(),
"Admin Secret".to_string(),
crate::auth::ApiKeyScope::Admin,
));
}
// Add user secrets as API keys
for secret in &self.user_secrets {
api_key_store.add_key(crate::auth::ApiKey::with_key(
secret.clone(),
"User Secret".to_string(),
crate::auth::ApiKeyScope::User,
));
}
// Add register secrets as API keys
for secret in &self.register_secrets {
api_key_store.add_key(crate::auth::ApiKey::with_key(
secret.clone(),
"Register Secret".to_string(),
crate::auth::ApiKeyScope::Registrar,
));
}
Ok(Supervisor { Ok(Supervisor {
client: self.client_builder.build().await.unwrap(), client: self.client_builder.build().await.unwrap(),
runners: self.runners, runners: self.runners,
@@ -247,7 +277,7 @@ impl SupervisorBuilder {
admin_secrets: self.admin_secrets, admin_secrets: self.admin_secrets,
user_secrets: self.user_secrets, user_secrets: self.user_secrets,
register_secrets: self.register_secrets, register_secrets: self.register_secrets,
api_keys: Arc::new(Mutex::new(crate::auth::ApiKeyStore::new())), api_keys: Arc::new(Mutex::new(api_key_store)),
services: crate::services::Services::new(), services: crate::services::Services::new(),
}) })
} }