Skip to content

Adds func for creating V2 beholder auth headers#1640

Merged
vyzaldysanchez merged 3 commits intomainfrom
add-beholder-v2-auth-header-func
Oct 23, 2025
Merged

Adds func for creating V2 beholder auth headers#1640
vyzaldysanchez merged 3 commits intomainfrom
add-beholder-v2-auth-header-func

Conversation

@hendoxc
Copy link
Copy Markdown
Contributor

@hendoxc hendoxc commented Oct 22, 2025
edited
Loading

What

  • Adds func for creating the V2 version of auth headers
  • refactors rotatingAuth to us func

Why

  • allows initial set of headers created to be in the new format

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Oct 22, 2025
edited
Loading

✅ API Diff Results - No breaking changes

📄 View full apidiff report

@hendoxc hendoxc marked this pull request as ready for review October 22, 2025 21:18
@hendoxc hendoxc requested a review from a team as a code owner October 22, 2025 21:18
@hendoxc hendoxc requested a review from jmank88 October 22, 2025 21:27
pkcll
pkcll reviewed Oct 22, 2025
View reviewed changes
Comment thread pkg/beholder/auth_test.go
require.NoError(t, err)

// Verify the signature
valid := ed25519.Verify(pubKey, msgBytes, signatureBytes)
Copy link
Copy Markdown
Contributor

@pkcll pkcll Oct 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should it verify signature against the header (parts[1], part[2]) not the msgBytes ?

Copy link
Copy Markdown
Contributor Author

@hendoxc hendoxc Oct 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

msgBytes is parts 1 & 2

pkcll
pkcll reviewed Oct 22, 2025
View reviewed changes
Comment thread pkg/beholder/auth.go
}

headers := make(map[string]string)
headers[authHeaderKey] = fmt.Sprintf("%s:%x:%d:%x", authHeaderV2, pubKey, ts.UnixNano(), signature)
Copy link
Copy Markdown
Contributor

@pkcll pkcll Oct 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For timestamps before the Unix epoch (pre-1970), ts.UnixNano() is negative.
In practice we should not get those but for consistency its better to use same uint64 value for both signature and header

Suggested change
headers[authHeaderKey] = fmt.Sprintf("%s:%x:%d:%x", authHeaderV2, pubKey, ts.UnixNano(), signature)
headers[authHeaderKey] = fmt.Sprintf("%s:%x:%d:%x", authHeaderV2, pubKey, uint64(ts.UnixNano()), signature)

@vyzaldysanchez vyzaldysanchez merged commit 55948ff into main Oct 23, 2025
20 of 23 checks passed
@vyzaldysanchez vyzaldysanchez deleted the add-beholder-v2-auth-header-func branch October 23, 2025 17:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jmank88 jmank88 jmank88 approved these changes

@kirqz23 kirqz23 kirqz23 approved these changes

@pkcll pkcll pkcll approved these changes

@engnke engnke Awaiting requested review from engnke

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@hendoxc @jmank88 @kirqz23 @pkcll @vyzaldysanchez