Skip to content

Adding logic for client-side authentication#204

Merged
avalerio-tkd merged 8 commits into
mainfrom
av_auth_031
Dec 22, 2025
Merged

Adding logic for client-side authentication#204
avalerio-tkd merged 8 commits into
mainfrom
av_auth_031

Conversation

@avalerio-tkd

Copy link
Copy Markdown
Collaborator
  • Updated HttpClientInterface to support common authentication logic.
  • Updated Http implemenations for authentication flow.
  • Adding extracting credentials from connection config file. -

- Updated Http implemenations for authentication flow.
- Adding extracting credentials from connection config file.
-
- Added validation for Json parsing of connection config file.
- Cleaned up error messages and exceptions.
- Added validation for Json parsing of connection config file.
- Cleaned up error messages and exceptions.

@argmarco-tkd argmarco-tkd left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this change, and the thorough addition of tests. Overall LGTM, left a few comments. The main comment/request that I have - let's double check the multithreading logic around HTTPClientBase and token acquisition - left a few comments in there.

Comment thread src/common/json_request.cpp Outdated
client_id_.clear();
api_key_.clear();
// Allow strings or nested structures in the JSON payload for authentication credentials.
// TODO: Unify usage of nlohmann or crow json for parsing and dumping.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's make sure we have a ticket for this.

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. Filed for this #205

Comment thread src/server/dbps_api_server.cpp Outdated

// Token authentication endpoint - POST /token
CROW_ROUTE(app, "/token").methods("POST"_method)([&credential_store](const crow::request& req) {
// +++++ Remove this after testing +++++

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's create a ticket for this cleanup

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed printouts and temp printout functions.

Comment on lines +20 to +24
#include <condition_variable>
#include <cstdint>
#include <map>
#include <mutex>
#include <optional>

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: mutex, condition_variable - are we forcing implementation choices from the interface? (I know that below we say that impls must be thread-safe, etc - but do we need to add members of these types here, in the interface?)

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a great comment and thanks for the pickiness! We centralized the token/auth handling logic on the parent class and making it no longer an interface, so having these sync-required as class members should be fine. It's not forcing subclasses to use these, it’s just how the base implementation protects its own internal state.
Happy to discuss further if you see need.

Comment thread src/client/http_client_base.cpp
Comment thread src/client/http_client_base.cpp
Comment thread src/client/http_client_base.cpp Outdated
token_fetch_in_progress_ = true;
}

// Fetch token without holding token_mutex_.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why? (let's document)

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated the comment, with a little help from our Cursor assistant friends :)

Comment thread src/client/httplib_pooled_client.h Outdated
#include "http_client_base.h"

// Implemenetation of the HttpClientInterface which uses a pool of connections for a given base_url.
// Implemenetation of the HttpClientBase which uses a pool of connections for a given base_url.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typo: "Implementation"

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah! Thanks!

std::shared_ptr<HttpClientInterface> http_client = HttplibPooledClient::Acquire(server_url_, num_worker_threads);

// TODO: Split credentials config file key and credentials file from connection config.
HttpClientBase::ClientCredentials credentials = ExtractClientCredentials(*config_json_opt);

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice!

Comment thread src/common/json_request.h

std::string client_id_;
std::string api_key_;
// Stores top-level key/value pairs from the token request JSON payload containing the authentication credentials.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice. let's clarify that this is not the actual token.

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comment added.

Comment thread src/server/dbps_api_server.cpp Outdated
#include "encryption_sequencer.h"
#include "auth_utils.h"

// +++++ Remove this after testing +++++

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's make sure we have a ticket for this cleanup.

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed already.

- Cleaned up temporary printouts.
- Added cmdline option to API server to allow/disallow credential checking explicitly.
@avalerio-tkd

Copy link
Copy Markdown
Collaborator Author

Thanks @argmarco-tkd for the review! Addressed the comments.

Could you PTAL?

- Added testing_credentials.json to .gitignore.

@argmarco-tkd argmarco-tkd left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - ship it!

if (is_token_valid_at(now)) {
return cached_token_;
}
while (token_fetch_in_progress_) {

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

got it. gave it another pass at the function, it makes sense. thanks.

@avalerio-tkd avalerio-tkd merged commit 706dd5b into main Dec 22, 2025
2 checks passed
@avalerio-tkd avalerio-tkd deleted the av_auth_031 branch December 22, 2025 13:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants