Skip to content

Commit 88a3ad2

Browse files
Turbo87Turbo87
committed
auth: Add allow_any_crate_scope() option
1 parent dd5d749 commit 88a3ad2

File tree

1 file changed

+20
-1
lines changed

1 file changed

+20
-1
lines changed

src/auth.rs

Lines changed: 20 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,7 @@ pub struct AuthCheck {
6868
allow_token: bool,
6969
endpoint_scope: Option<EndpointScope>,
7070
crate_name: Option<String>,
71+
allow_any_crate_scope: bool,
7172
}
7273

7374
impl AuthCheck {
@@ -79,6 +80,7 @@ impl AuthCheck {
7980
allow_token: true,
8081
endpoint_scope: None,
8182
crate_name: None,
83+
allow_any_crate_scope: false,
8284
}
8385
}
8486

@@ -88,6 +90,7 @@ impl AuthCheck {
8890
allow_token: false,
8991
endpoint_scope: None,
9092
crate_name: None,
93+
allow_any_crate_scope: false,
9194
}
9295
}
9396

@@ -96,6 +99,7 @@ impl AuthCheck {
9699
allow_token: self.allow_token,
97100
endpoint_scope: Some(endpoint_scope),
98101
crate_name: self.crate_name.clone(),
102+
allow_any_crate_scope: self.allow_any_crate_scope,
99103
}
100104
}
101105

@@ -104,6 +108,20 @@ impl AuthCheck {
104108
allow_token: self.allow_token,
105109
endpoint_scope: self.endpoint_scope,
106110
crate_name: Some(crate_name.to_string()),
111+
allow_any_crate_scope: self.allow_any_crate_scope,
112+
}
113+
}
114+
115+
/// Allow tokens with any crate scope without specifying a particular crate.
116+
///
117+
/// Use this for endpoints that deal with multiple crates at once, where the
118+
/// caller will handle crate scope filtering manually.
119+
pub fn allow_any_crate_scope(&self) -> Self {
120+
Self {
121+
allow_token: self.allow_token,
122+
endpoint_scope: self.endpoint_scope,
123+
crate_name: self.crate_name.clone(),
124+
allow_any_crate_scope: true,
107125
}
108126
}
109127

@@ -170,7 +188,8 @@ impl AuthCheck {
170188
(Some(token_scopes), _) if token_scopes.is_empty() => true,
171189

172190
// The token has crate scopes, but the endpoint does not deal with crates.
173-
(Some(_), None) => false,
191+
// However, if allow_any_crate_scope is set, we allow it (caller handles filtering).
192+
(Some(_), None) => self.allow_any_crate_scope,
174193

175194
// The token is NOT a legacy token, and the endpoint allows a certain endpoint scope or a legacy token.
176195
(Some(token_scopes), Some(crate_name)) => token_scopes

0 commit comments

Comments
 (0)