Skip to content

Authorize push server, rather than asset store#64

Open
tomcoldrick-ct wants to merge 2 commits intomainfrom
coldtom/authorize-push
Open

Authorize push server, rather than asset store#64
tomcoldrick-ct wants to merge 2 commits intomainfrom
coldtom/authorize-push

Conversation

@tomcoldrick-ct
Copy link
Collaborator

Authorizing the asset store means that anything a fetcher wants to push into the store must pass the push authorizer. This isn't what we want, as fetchers should be able to push into the store with impunity. Instead we move the authorization up a layer to wrap the push server. The fetcher is already wrapped.

Fixes #62

Authorizing the asset store means that anything a fetcher wants to push into the
store must pass the push authorizer.  This isn't what we want, as fetchers
should be able to push into the store with impunity.  Instead we move the
authorization up a layer to wrap the push server.  The fetcher is already
wrapped.
@sdclarke
Copy link
Contributor

sdclarke commented Sep 2, 2025

Is it worth removing the authorizing_asset_store*.go files entirely given that they now won't be used?

@tomcoldrick-ct
Copy link
Collaborator Author

Is it worth removing the authorizing_asset_store*.go files entirely given that they now won't be used?

Good point, I was thinking about leaving it around since it's still a fine wrapper, but actually using it would lead to the footgun reported in #62 and we don't expose any way to configure it, so I've removed it now.

Authorization should be handled by the fetch/push servers, not the asset store.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Setting pushAuthorizer: { deny: {} } unexpectedly disables caching of remote assets

2 participants

Comments