Hello. I'm experimenting on running a CGI program with tipidee. For the most part, it works nicely.
At some point, one of the use cases is accessing through an API where you perform authentication, receive a token and then use that token to authorize actions.
I found that it doesn't pass the token to the script, and the `AUTH_TYPE` variable is truncated:
2024-12-31 00:09:34.944639763 AUTH_TYPE=Beare
From inspecting the code, my impression is that:
1. There is an off-by-one src/tipideed/cgi.c#L95-L101, as that would explain the truncation just one character _before_ the space, rather than _at_ the space.
2. There is a missing env var for passing the actual token, probably intended to avoid passing the username:password in the basic auth case.
If 2 is indeed intended, maybe adding a config option for certain CGI scripts to receive it might be a good idea.
My impressions may very well be wrong, as I'm not really familiar with the codebase or with skalibs and it's late and I'm sleepy.
For reference, it's tipidee-0.0.5.1-r0 running on Alpine 3.21 on x86.
Cheers!
Received on Tue Dec 31 2024 - 05:31:28 CET