mirror of
https://github.com/neondatabase/neon.git
synced 2026-01-12 16:02:56 +00:00
5f4ccae5c5
[proxy] Add the `password hack` authentication flow This lets us authenticate users which can use neither SNI (due to old libpq) nor connection string `options` (due to restrictions in other client libraries). Note: `PasswordHack` will accept passwords which are not encoded in base64 via the "password" field. The assumption is that most user passwords will be valid utf-8 strings, and the rest may still be passed via "password_".
25 lines
967 B
Rust
25 lines
967 B
Rust
use std::io;
|
|
|
|
/// Marks errors that may be safely shown to a client.
|
|
/// This trait can be seen as a specialized version of [`ToString`].
|
|
///
|
|
/// NOTE: This trait should not be implemented for [`anyhow::Error`], since it
|
|
/// is way too convenient and tends to proliferate all across the codebase,
|
|
/// ultimately leading to accidental leaks of sensitive data.
|
|
pub trait UserFacingError: ToString {
|
|
/// Format the error for client, stripping all sensitive info.
|
|
///
|
|
/// Although this might be a no-op for many types, it's highly
|
|
/// recommended to override the default impl in case error type
|
|
/// contains anything sensitive: various IDs, IP addresses etc.
|
|
#[inline(always)]
|
|
fn to_string_client(&self) -> String {
|
|
self.to_string()
|
|
}
|
|
}
|
|
|
|
/// Upcast (almost) any error into an opaque [`io::Error`].
|
|
pub fn io_error(e: impl Into<Box<dyn std::error::Error + Send + Sync>>) -> io::Error {
|
|
io::Error::new(io::ErrorKind::Other, e)
|
|
}
|