don't do Fastly-Key check when running locally

src/admin.rs

@@ -16,8 +16,8 @@ fn text_response(status: StatusCode, text: &str) -> Response {
     Response::from_status(status).with_body_text_plain(&format!("{text}\n"))
 }
 
-pub fn post_keys(req: Request) -> Response {
-    if !req.fastly_key_is_valid() {
+pub fn post_keys(fastly_authed: bool, _req: Request) -> Response {
+    if !fastly_authed {
         return text_response(
             StatusCode::UNAUTHORIZED,
             "Fastly-Key header invalid or not specified",

src/events.rs

@@ -38,7 +38,7 @@ fn sse_error(condition: &str, text: &str) -> Response {
         .with_body(format!("event: stream-error\ndata: {data}\n\n"))
 }
 
-pub fn get(authorizor: &dyn Authorizor, req: Request) -> Response {
+pub fn get(authorizor: &dyn Authorizor, fastly_authed: bool, req: Request) -> Response {
     let topics = {
         let mut topics = HashSet::new();
 
@@ -59,7 +59,7 @@ pub fn get(authorizor: &dyn Authorizor, req: Request) -> Response {
         return sse_error("bad-request", "Too many topics");
     }
 
-    let caps = if req.fastly_key_is_valid() {
+    let caps = if fastly_authed {
         Capabilities::new_admin()
     } else {
         let token = if let Some(v) = req.get_query_parameter("auth") {
@@ -126,6 +126,7 @@ pub fn post(
     config: &Config,
     authorizor: &dyn Authorizor,
     storage: &dyn Storage,
+    fastly_authed: bool,
     mut req: Request,
 ) -> Response {
     let body = req.take_body();
@@ -149,7 +150,7 @@ pub fn post(
         None => None,
     };
 
-    let caps = if req.fastly_key_is_valid() {
+    let caps = if fastly_authed {
         Capabilities::new_admin()
     } else {
         let token = if let Some(v) = req.get_header_str(header::AUTHORIZATION) {

src/main.rs

@@ -13,11 +13,19 @@ fn main() -> Result<(), Error> {
     if local {
         let config_source = config::TestSource;
 
-        routes::handle_request(&config_source, &authorizor, &storage, false, req)?;
+        routes::handle_request(&config_source, &authorizor, &storage, false, false, req)?;
     } else {
         let config_source = config::ConfigAndSecretStoreSource::new("config", "secrets");
+        let fastly_authed = req.fastly_key_is_valid();
 
-        routes::handle_request(&config_source, &authorizor, &storage, true, req)?;
+        routes::handle_request(
+            &config_source,
+            &authorizor,
+            &storage,
+            true,
+            fastly_authed,
+            req,
+        )?;
     }
 
     Ok(())

src/routes.rs

@@ -28,6 +28,7 @@ pub fn handle_request(
     authorizor: &dyn auth::Authorizor,
     storage: &dyn storage::Storage,
     auth_proxy: bool,
+    fastly_authed: bool,
     req: Request,
 ) -> Result<(), Error> {
     let config = match config_source.config() {
@@ -71,9 +72,9 @@ pub fn handle_request(
                 }
             }
 
-            events::get(authorizor, req)
+            events::get(authorizor, fastly_authed, req)
         } else if req.get_method() == Method::POST && config.http_publish_enabled {
-            events::post(&config, authorizor, storage, req)
+            events::post(&config, authorizor, storage, fastly_authed, req)
         } else {
             let mut allow = "OPTIONS".to_string();
 
@@ -119,7 +120,7 @@ pub fn handle_request(
         }
     } else if path == "/admin/keys" && config.admin_enabled {
         if req.get_method() == "POST" {
-            admin::post_keys(req)
+            admin::post_keys(fastly_authed, req)
         } else {
             Response::from_status(StatusCode::METHOD_NOT_ALLOWED)
                 .with_header(header::ALLOW, "POST")