From a9d42f7b8778a7d3a36dde087b45c48b6043dc69 Mon Sep 17 00:00:00 2001
From: shuiyisong <113876041+shuiyisong@users.noreply.github.com>
Date: Wed, 6 Mar 2024 11:56:25 +0800
Subject: [PATCH] fix: add support for influxdb basic auth (#3437)

---
 src/servers/src/http/authorize.rs       | 23 +++++++++++++----------
 src/servers/tests/http/influxdb_test.rs | 16 +++++++++++++++-
 2 files changed, 28 insertions(+), 11 deletions(-)

diff --git a/src/servers/src/http/authorize.rs b/src/servers/src/http/authorize.rs
index 1eabd32458..843cdae183 100644
--- a/src/servers/src/http/authorize.rs
+++ b/src/servers/src/http/authorize.rs
@@ -167,24 +167,27 @@ fn extract_timezone<B>(request: &Request<B>) -> Timezone {
 fn get_influxdb_credentials<B>(request: &Request<B>) -> Result<Option<(Username, Password)>> {
     // compat with influxdb v2 and v1
     if let Some(header) = request.headers().get(http::header::AUTHORIZATION) {
-        // try v2 first
+        // try header
         let (auth_scheme, credential) = header
             .to_str()
             .context(InvisibleASCIISnafu)?
             .split_once(' ')
             .context(InvalidAuthorizationHeaderSnafu)?;
-        ensure!(
-            auth_scheme.to_lowercase() == "token",
-            UnsupportedAuthSchemeSnafu { name: auth_scheme }
-        );
 
-        let (username, password) = credential
-            .split_once(':')
-            .context(InvalidAuthorizationHeaderSnafu)?;
+        let (username, password) = match auth_scheme.to_lowercase().as_str() {
+            "token" => {
+                let (u, p) = credential
+                    .split_once(':')
+                    .context(InvalidAuthorizationHeaderSnafu)?;
+                (u.to_string(), p.to_string().into())
+            }
+            "basic" => decode_basic(credential)?,
+            _ => UnsupportedAuthSchemeSnafu { name: auth_scheme }.fail()?,
+        };
 
-        Ok(Some((username.to_string(), password.to_string().into())))
+        Ok(Some((username, password)))
     } else {
-        // try v1
+        // try u and p in query
         let Some(query_str) = request.uri().query() else {
             return Ok(None);
         };
diff --git a/src/servers/tests/http/influxdb_test.rs b/src/servers/tests/http/influxdb_test.rs
index 9b68802bb4..5779e377e5 100644
--- a/src/servers/tests/http/influxdb_test.rs
+++ b/src/servers/tests/http/influxdb_test.rs
@@ -141,7 +141,7 @@ async fn test_influxdb_write() {
     let result = client.get("/v1/influxdb/ping").send().await;
     assert_eq!(result.status(), 204);
 
-    // right request
+    // right request using v2 token auth
     let result = client
         .post("/v1/influxdb/write?db=public")
         .body("monitor,host=host1 cpu=1.2 1664370459457010101")
@@ -160,6 +160,19 @@ async fn test_influxdb_write() {
     assert_eq!(result.status(), 204);
     assert!(result.text().await.is_empty());
 
+    // right request using basic auth
+    let result = client
+        .post("/v1/influxdb/write?db=public")
+        .body("monitor,host=host1 cpu=1.2 1664370459457010101")
+        .header(
+            http::header::AUTHORIZATION,
+            "basic Z3JlcHRpbWU6Z3JlcHRpbWU=",
+        )
+        .send()
+        .await;
+    assert_eq!(result.status(), 204);
+    assert!(result.text().await.is_empty());
+
     // wrong pwd
     let result = client
         .post("/v1/influxdb/write?db=public")
@@ -224,6 +237,7 @@ async fn test_influxdb_write() {
     assert_eq!(
         metrics,
         vec![
+            ("public".to_string(), "monitor".to_string()),
             ("public".to_string(), "monitor".to_string()),
             ("public".to_string(), "monitor".to_string()),
             ("influxdb".to_string(), "monitor".to_string())