proxy: make auth more type safe (#5689)

## Problem a5292f7e67/proxy/src/auth/backend.rs (L146-L148) a5292f7e67/proxy/src/console/provider/neon.rs (L90) a5292f7e67/proxy/src/console/provider/neon.rs (L154) ## Summary of changes 1. Test backend is only enabled on `cfg(test)`. 2. Postgres mock backend + MD5 auth keys are only enabled on `cfg(feature = testing)` 3. Password hack and cleartext flow will have their passwords validated before proceeding. 4. Distinguish between ClientCredentials with endpoint and without, removing many panics in the process
2026-01-08 22:12:56 +00:00 · 2023-12-08 11:48:37 +00:00
parent 2c544343e0
commit 699049b8f3
20 changed files with 497 additions and 303 deletions
--- a/proxy/src/serverless/sql_over_http.rs
+++ b/proxy/src/serverless/sql_over_http.rs
@@ -1,4 +1,4 @@
-use std::net::SocketAddr;
+use std::net::IpAddr;
 use std::sync::Arc;

 use anyhow::bail;
@@ -202,7 +202,7 @@ pub async fn handle(
    sni_hostname: Option<String>,
    conn_pool: Arc<GlobalConnPool>,
    session_id: uuid::Uuid,
-    peer_addr: SocketAddr,
+    peer_addr: IpAddr,
    config: &'static HttpConfig,
 ) -> Result<Response<Body>, ApiError> {
    let result = tokio::time::timeout(
@@ -301,7 +301,7 @@ async fn handle_inner(
    sni_hostname: Option<String>,
    conn_pool: Arc<GlobalConnPool>,
    session_id: uuid::Uuid,
-    peer_addr: SocketAddr,
+    peer_addr: IpAddr,
 ) -> anyhow::Result<Response<Body>> {
    NUM_CONNECTIONS_ACCEPTED_COUNTER
        .with_label_values(&["http"])