feat(cli): rudimentary support for http authentication by tilowiklundSensmetry · Pull Request #165 · sensmetry/sysand

tilowiklundSensmetry · 2026-01-26T10:29:25Z

This MR implements the basic infrastructure for adding authentication to HTTP requests (to indices, project source, ...). It is an intermediate MR to #157, which intends to bring more complete support, both in terms of supported authentication schemes and configurability.

This MR only implements:

Basic authentication scheme (username:password)
Configurable in the CLI, via environment variables

The CLI looks for triplets of environment variables following the pattern SYSAND_CRED_<X>, SYSAND_CRED_<X>_BASIC_USER, SYSAND_CRED_<X>_BASIC_PASS. The <X> part is arbitrary, but every <X> has to appear either not at all, or for all three patterns. The first variable is a glob pattern to match URLs to allow authentication for, while the other two provide the actual credentials.

Example

SYSAND_CRED_FOO='https://*.foo.com/**' SYSAND_CRED_FOO_BASIC_USER="bar" SYSAND_CRED_BASIC_PASS="baz" sysand <OP>

Would allow the use of bar:baz as credentials for urls such as https://www.foo.com/a/b/c, https://index.foo.com/hey.kpar, ...

Credentials are only actually sent if an initial request generates a 4xx status. The strictly correct behaviour here would be to try sending credentials only in response to an explicit 401 with WWW-Authenticate header, but this would, I believe, be incompatible with using, for example, private GitLab/GitHub pages.

Signed-off-by: Tilo Wiklund <tilo.wiklund@sensmetry.com>

core/src/config/mod.rs

core/src/project/reqwest_kpar_download.rs

core/src/project/reqwest_src.rs

core/src/auth.rs

docs/src/SUMMARY.md

docs/src/authentication.md

sysand/tests/common/mod.rs

docs/src/authentication.md

core/src/env/reqwest_http.rs

core/src/auth.rs

core/src/config/mod.rs

Signed-off-by: Tilo Wiklund <tilo.wiklund@sensmetry.com>

victor-linroth-sensmetry

Minor editorial things. Otherwise things seem fine.

core/src/auth.rs

core/src/env/reqwest_http.rs

core/src/project/reqwest_kpar_download.rs

core/src/project/reqwest_src.rs

docs/src/authentication.md

Co-authored-by: Victor Linroth <victor.linroth@sensmetry.com> Signed-off-by: Tilo Wiklund <75035892+tilowiklundSensmetry@users.noreply.github.com>

Signed-off-by: Tilo Wiklund <tilo.wiklund@sensmetry.com>

andrius-puksta-sensmetry

Looks good.

Extends #165 with bearer token authentication. Configured by environment variables ``` SYSAND_CRED_<X> = <PATTERN> SYSAND_CRED_<X>_BEARER_TOKEN = <TOKEN> ``` --------- Signed-off-by: Tilo Wiklund <tilo.wiklund@sensmetry.com>

Initial design for auth lib

2da44d9

Signed-off-by: Tilo Wiklund <tilo.wiklund@sensmetry.com>

tilowiklundSensmetry force-pushed the tw/auth_basic branch from 4f117af to 69dd27b Compare January 26, 2026 10:31

tilowiklundSensmetry added 2 commits January 26, 2026 11:31

feat(cli): rudimentary support for http authentication

69dd27b

Signed-off-by: Tilo Wiklund <tilo.wiklund@sensmetry.com>

chores

8b882f7

Signed-off-by: Tilo Wiklund <tilo.wiklund@sensmetry.com>

tilowiklundSensmetry requested review from andrius-puksta-sensmetry, victor-linroth-sensmetry and vytautas-astrauskas-sensmetry and removed request for andrius-puksta-sensmetry and victor-linroth-sensmetry January 26, 2026 10:32

add docs

a47cd07

Signed-off-by: Tilo Wiklund <tilo.wiklund@sensmetry.com>

tilowiklundSensmetry force-pushed the tw/auth_basic branch 2 times, most recently from 436fc24 to ec45ddd Compare January 28, 2026 09:16

tilowiklundSensmetry added 2 commits January 28, 2026 10:16

Merge branch 'main' into tw/auth_basic

ec45ddd

Signed-off-by: Tilo Wiklund <tilo.wiklund@sensmetry.com>

clarify docs

4cb25f1

Signed-off-by: Tilo Wiklund <tilo.wiklund@sensmetry.com>