From de2992ff6345b1fa2d5c90eab2228e36d4878136 Mon Sep 17 00:00:00 2001 From: Joscha Date: Sat, 21 Oct 2023 18:46:59 +0200 Subject: [PATCH] Document worker secret verification --- src/server/web/api/worker.rs | 2 +- src/server/workers.rs | 12 +++++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/src/server/web/api/worker.rs b/src/server/web/api/worker.rs index 6840f87..d2eb5c8 100644 --- a/src/server/web/api/worker.rs +++ b/src/server/web/api/worker.rs @@ -167,7 +167,7 @@ pub async fn post_api_worker_status( let (work, abort_work) = { let mut guard = workers.lock().unwrap(); guard.clean(); - if !guard.verify(&name, &request.secret) { + if !guard.verify_secret(&name, &request.secret) { return Ok((StatusCode::UNAUTHORIZED, "invalid secret").into_response()); } guard.update( diff --git a/src/server/workers.rs b/src/server/workers.rs index b5a22f4..39a1db9 100644 --- a/src/server/workers.rs +++ b/src/server/workers.rs @@ -47,9 +47,15 @@ impl Workers { self } - pub fn verify(&self, name: &str, secret: &str) -> bool { - let Some(worker) = self.workers.get(name) else { return true; }; - worker.secret == secret + pub fn verify_secret(&self, name: &str, secret: &str) -> bool { + if let Some(worker) = self.workers.get(name) { + worker.secret == secret + } else { + // The per-worker secret exists to prevent two workers from using + // the same name at the same time (likely a misconfiguration). Since + // we don't know a worker under this name yet, any secret is valid. + true + } } pub fn update(&mut self, name: String, info: WorkerInfo) {