Skip to content

Implement .netrc support#25

Open
truelecter wants to merge 6 commits into
manic-systems:mainfrom
truelecter:feat/netrc
Open

Implement .netrc support#25
truelecter wants to merge 6 commits into
manic-systems:mainfrom
truelecter:feat/netrc

Conversation

@truelecter

@truelecter truelecter commented Jun 8, 2026
edited
Loading

Copy link
Copy Markdown

Please note, despite all my tries, I suck at rust and rust code was written with Claude 4.8 assistance. I cleaned excessive comments, simplified some functions it overengineered a bit and to my eye code looks reasonable.

I tested it myself and currently using this fork on my configuration.

Implements #23

NotAShelf
NotAShelf reviewed Jun 12, 2026
View reviewed changes

@NotAShelf NotAShelf left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the PR and the AI disclosure. I've left one quick comment. Other than this please:

  1. Reword your commits to patch the repository conventions (scoped commits)
  2. Add a quick section under documentation about the usage.

Comment thread crates/config/src/lib.rs Outdated
@truelecter
config: support upstream credentials from a netrc file
16b3513 
Load credentials from ~/.netrc, or from the path in NETRC when set.
For upstreams without username in config, match credentialsby hostname
and fall back to an optional default entry.
@truelecter
nix: add netrcFile option to NixOS module
755c8f8
@truelecter
nix/tests: add netrc authentication test
bca6da0
@truelecter
gitignore: add .direnv and result
8fdb431
@truelecter
docs: document netrc upstream authentication
d0c4f29
@truelecter

truelecter commented Jun 14, 2026

Copy link
Copy Markdown
Author

Restructured commit messages, added .netrc note under Upstream Authentication README section. I did not include an example of the netrc file, but I'll add it if needed

NotAShelf
NotAShelf requested changes Jun 18, 2026
View reviewed changes
Comment thread nix/module.nix Outdated
Comment thread nix/module.nix Outdated
Comment thread crates/config/src/lib.rs
) {
for upstream in upstreams {
// Skip s3 and explicitly configured credentials
if !upstream.username.is_empty() || upstream.s3.is_some() {

@NotAShelf NotAShelf Jun 18, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The guard (specifically !upstream.username.is_empty()) skips netrc lookup only when username is set. If only password is explicitly configured (no username), netrc will silently overwrite it anyway. We should also check upstream.password.is_some().

@truelecter truelecter Jun 18, 2026
edited
Loading

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding an upstream.password.is_some() guard here would result in effectively empty credentials, since password-only (or username-less) credentials are being filtered out at:

  • ncro/crates/server/src/lib.rs

    Lines 387 to 392 in eb67df3

    state
    .upstreams
    .iter()
    .chain(state.fallback_cache.iter())
    .find(|u| u.url == url && !u.username.is_empty())
    .map(|u| (u.username.clone(), u.password.clone()))

  • ncro/crates/router/src/lib.rs

    Lines 302 to 307 in eb67df3

    let mut map = self.inner.upstream_auth.write().await;
    if username.is_empty() {
    map.remove(&url);
    } else {
    map.insert(url, (username, password));
    }

The docs and the upstream struct also imply that password is optional while username is required (for auth, at least).

I didn't add a password check initially because password-only configs were silently ignored before. I think it'd be better to issue a warning here and fall back to the username/password from .netrc to at least try to authenticate.

Or did you mean that an existing password shouldn't be overwritten by .netrc, and should instead give precedence to the one set in the config?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@NotAShelf NotAShelf NotAShelf requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@truelecter @NotAShelf