fix: add support for influxdb basic auth (#3437)

2026-05-23 08:20:36 +00:00 · 2024-03-06 11:56:25 +08:00
parent 86ce2d8713
commit a9d42f7b87
2 changed files with 28 additions and 11 deletions
--- a/src/servers/src/http/authorize.rs
+++ b/src/servers/src/http/authorize.rs
@@ -167,24 +167,27 @@ fn extract_timezone<B>(request: &Request<B>) -> Timezone {
 fn get_influxdb_credentials<B>(request: &Request<B>) -> Result<Option<(Username, Password)>> {
    // compat with influxdb v2 and v1
    if let Some(header) = request.headers().get(http::header::AUTHORIZATION) {
-        // try v2 first
+        // try header
        let (auth_scheme, credential) = header
            .to_str()
            .context(InvisibleASCIISnafu)?
            .split_once(' ')
            .context(InvalidAuthorizationHeaderSnafu)?;
-        ensure!(
-            auth_scheme.to_lowercase() == "token",
-            UnsupportedAuthSchemeSnafu { name: auth_scheme }
-        );

-        let (username, password) = credential
-            .split_once(':')
-            .context(InvalidAuthorizationHeaderSnafu)?;
+        let (username, password) = match auth_scheme.to_lowercase().as_str() {
+            "token" => {
+                let (u, p) = credential
+                    .split_once(':')
+                    .context(InvalidAuthorizationHeaderSnafu)?;
+                (u.to_string(), p.to_string().into())
+            }
+            "basic" => decode_basic(credential)?,
+            _ => UnsupportedAuthSchemeSnafu { name: auth_scheme }.fail()?,
+        };

-        Ok(Some((username.to_string(), password.to_string().into())))
+        Ok(Some((username, password)))
    } else {
-        // try v1
+        // try u and p in query
        let Some(query_str) = request.uri().query() else {
            return Ok(None);
        };
--- a/src/servers/tests/http/influxdb_test.rs
+++ b/src/servers/tests/http/influxdb_test.rs
@@ -141,7 +141,7 @@ async fn test_influxdb_write() {
    let result = client.get("/v1/influxdb/ping").send().await;
    assert_eq!(result.status(), 204);

-    // right request
+    // right request using v2 token auth
    let result = client
        .post("/v1/influxdb/write?db=public")
        .body("monitor,host=host1 cpu=1.2 1664370459457010101")
@@ -160,6 +160,19 @@ async fn test_influxdb_write() {
    assert_eq!(result.status(), 204);
    assert!(result.text().await.is_empty());

+    // right request using basic auth
+    let result = client
+        .post("/v1/influxdb/write?db=public")
+        .body("monitor,host=host1 cpu=1.2 1664370459457010101")
+        .header(
+            http::header::AUTHORIZATION,
+            "basic Z3JlcHRpbWU6Z3JlcHRpbWU=",
+        )
+        .send()
+        .await;
+    assert_eq!(result.status(), 204);
+    assert!(result.text().await.is_empty());
+
    // wrong pwd
    let result = client
        .post("/v1/influxdb/write?db=public")
@@ -224,6 +237,7 @@ async fn test_influxdb_write() {
    assert_eq!(
        metrics,
        vec![
+            ("public".to_string(), "monitor".to_string()),
            ("public".to_string(), "monitor".to_string()),
            ("public".to_string(), "monitor".to_string()),
            ("influxdb".to_string(), "monitor".to_string())