Skip to content

fix(app-server): clarify loopback unauthenticated warning #294

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
694410194 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(app-server): clarify loopback unauthenticated warning #294

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 35 additions & 2 deletions src/cortex-app-server/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,18 +57,19 @@ pub async fn run_with_shutdown<F>(config: ServerConfig, shutdown: F) -> anyhow::
where
F: std::future::Future<Output = ()> + Send + 'static,
{
let addr: SocketAddr = config.listen_addr.parse()?;

// Warn if authentication is disabled
if !config.auth.enabled {
warn!("Server running without authentication!");
warn!("Anyone on the network can access this server.");
warn!("{}", unauthenticated_access_warning(addr));
warn!("Use --auth to enable authentication.");
}

let state = Arc::new(AppState::new(config.clone()).await?);
let state_for_cleanup = Arc::clone(&state);
let app = create_router_with_state(state);

let addr: SocketAddr = config.listen_addr.parse()?;
info!("Starting Cortex server on {}", addr);

// Start mDNS publisher if enabled
Expand Down Expand Up @@ -121,6 +122,14 @@ where
Ok(())
}

fn unauthenticated_access_warning(addr: SocketAddr) -> &'static str {
if addr.ip().is_loopback() {
"Only local processes can access this server."
} else {
"Anyone on the network can access this server."
}
}

/// Create the application router.
pub fn create_router(state: AppState) -> Router {
create_router_with_state(Arc::new(state))
Expand All @@ -143,3 +152,27 @@ pub fn create_router_with_state(state: Arc<AppState>) -> Router {
.layer(CorsLayer::permissive())
.with_state(state)
}

#[cfg(test)]
mod tests {
use super::unauthenticated_access_warning;
use std::net::SocketAddr;

#[test]
fn loopback_bind_uses_local_only_warning() {
let addr: SocketAddr = "127.0.0.1:3000".parse().unwrap();
assert_eq!(
unauthenticated_access_warning(addr),
"Only local processes can access this server."
);
}

#[test]
fn non_loopback_bind_uses_network_warning() {
let addr: SocketAddr = "0.0.0.0:3000".parse().unwrap();
assert_eq!(
unauthenticated_access_warning(addr),
"Anyone on the network can access this server."
);
}
}