Make key/secret auth work in /api/v1/auth route via auth_request

When the `/api/v1/auth` route is used via the NGINX configuration `auth_request` the request URL is not the URL relevant for authentication because the request URL/path will always be `/api/v1/auth`. Instead the `X-Original-URI` is used to specify the actual path as done in the NGINX config template. Related ticket: https://progress.opensuse.org/issues/170380
os-autoinst · Jan 16, 2025 · ed0fc96 · ed0fc96
1 parent 5dcb81d
commit ed0fc96
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/lib/OpenQA/Shared/Controller/Auth.pm b/lib/OpenQA/Shared/Controller/Auth.pm
@@ -155,8 +155,9 @@ sub _key_auth ($self, $reason, $key) {
     if (my $api_key = $self->schema->resultset('ApiKeys')->find({key => $key})) {
         $log->trace(sprintf 'Key is for user "%s"', $api_key->user->username);
 
-        my $msg = $self->req->url->to_string;
         my $headers = $self->req->headers;
+        my $url = $self->req->url;
+        my $msg = $url->path eq '/api/v1/auth' ? ($headers->header('X-Original-URI') // $url) : $url;
         my $hash = $headers->header('X-API-Hash');
         my $remote_timestamp = $headers->header('X-API-Microtime');
         my $our_timestamp = time;