From ff3bc95952adf6aa5b4f714b35019e2f85a1c0c4 Mon Sep 17 00:00:00 2001
From: Julian Rother <julian@cccv.de>
Date: Sat, 4 Dec 2021 01:23:10 +0100
Subject: [PATCH] Changed API authentication to Basic auth (uffd v1.2)

---
 README.md                                   |  2 ++
 debian/contrib/uffd-socketmapd-postfix.conf |  3 ++-
 uffd-socketmapd                             | 12 ++++++------
 3 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 40d478b..f56da5e 100644
--- a/README.md
+++ b/README.md
@@ -27,3 +27,5 @@ virtual_alias_maps = socketmap:unix:/uffd-socketmapd.sock:virtual
 # Defaults to $virtual_alias_maps, which does not work here, so unset it
 virtual_alias_domains =
 ```
+
+Note that uffd-socketmapd requires at least uffd v1.2.0!
diff --git a/debian/contrib/uffd-socketmapd-postfix.conf b/debian/contrib/uffd-socketmapd-postfix.conf
index b0ce28b..ea1efad 100644
--- a/debian/contrib/uffd-socketmapd-postfix.conf
+++ b/debian/contrib/uffd-socketmapd-postfix.conf
@@ -1,6 +1,7 @@
 # Both options must be set
 #SERVER_API_URL="https://localhost"
-#SERVER_API_KEY="my_secret_api_token"
+#SERVER_API_USER="client_id"
+#SERVER_API_SECRET="my_secret_api_client_secret"
 
 # The socket path is hard-coded to "/var/spool/postfix/uffd-socketmapd.sock"
 # ("/uffd-socketmapd.sock" in the postfix sandbox). Use systemd overwrites
diff --git a/uffd-socketmapd b/uffd-socketmapd
index c13bf10..76d151a 100755
--- a/uffd-socketmapd
+++ b/uffd-socketmapd
@@ -11,11 +11,10 @@ import requests
 logger = logging.getLogger(__name__)
 
 class UffdAPI:
-	def __init__(self, baseurl, key):
+	def __init__(self, baseurl, client_id, client_secret):
 		self.baseurl = baseurl
-		self.key = key
 		self.session = requests.Session()
-		self.session.headers['Authorization'] = 'Bearer '+self.key
+		self.session.auth = (client_id, client_secret)
 
 	def get(self, endpoint, **kwargs):
 		resp = self.session.get(self.baseurl + endpoint, params=kwargs)
@@ -228,8 +227,9 @@ class StdoutFilter(logging.Filter):
 @click.option('--socket-path', type=click.Path(), help='Path for UNIX domain socket')
 @click.option('--socket-fd', type=int, help='Use fd number as server socket (alternative to --socket-path)')
 @click.option('--api-url', required=True, help='Uffd base URL without API prefix or trailing slash (e.g. https://example.com)')
-@click.option('--api-key', required=True, help='API secret, do not set this on the command-line, use environment variable SERVER_API_KEY instead')
-def main(socket_path, socket_fd, api_url, api_key):
+@click.option('--api-user', required=True, help='API user/client id')
+@click.option('--api-secret', required=True, help='API secret, do not set this on the command-line, use environment variable SERVER_API_SECRET instead')
+def main(socket_path, socket_fd, api_url, api_user, api_secret):
 	if (socket_path is None and socket_fd is None) or \
 	   (socket_path is not None and socket_fd is not None):
 		raise click.ClickException('Either --socket-path or --socket-fd must be specified')
@@ -243,7 +243,7 @@ def main(socket_path, socket_fd, api_url, api_key):
 	logger.addHandler(stdout_handler)
 	logger.addHandler(stderr_handler)
 
-	api = UffdAPI(api_url, api_key)
+	api = UffdAPI(api_url, api_user, api_secret)
 	RequestHandler = make_requesthandler(api)
 	if socket_path is not None:
 		cleanup_unix_socket(socket_path)
-- 
GitLab