feat(cli): rudimentary support for http authentication (#165)

This MR implements the basic infrastructure for adding authentication to
HTTP requests (to indices, project source, ...). It is an intermediate
MR to #157, which intends to
bring more complete support, both in terms of supported authentication
schemes and configurability.

This MR only implements:
- Basic authentication scheme (username:password)
- Configurable in the CLI, via environment variables

The CLI looks for triplets of environment variables following the
pattern `SYSAND_CRED_<X>`, `SYSAND_CRED_<X>_BASIC_USER`,
`SYSAND_CRED_<X>_BASIC_PASS`. The `<X>` part is arbitrary, but every
`<X>` has to appear either not at all, or for all three patterns. The
first variable is a glob pattern to match URLs to allow authentication
for, while the other two provide the actual credentials.

Example
```
SYSAND_CRED_FOO='https://*.foo.com/**' SYSAND_CRED_FOO_BASIC_USER="bar" SYSAND_CRED_BASIC_PASS="baz" sysand <OP>
```
Would allow the use of `bar:baz` as credentials for urls such as
`https://www.foo.com/a/b/c`, `https://index.foo.com/hey.kpar`, ...

Credentials are only actually sent if an initial request generates a 4xx
status. The strictly correct behaviour here would be to try sending
credentials only in response to an explicit `401` with
`WWW-Authenticate` header, but this would, I believe, be incompatible
with using, for example, private GitLab/GitHub pages.

---------

Signed-off-by: Tilo Wiklund <tilo.wiklund@sensmetry.com>
Signed-off-by: Tilo Wiklund <75035892+tilowiklundSensmetry@users.noreply.github.com>
Co-authored-by: Victor Linroth <victor.linroth@sensmetry.com>

Author: tilowiklundSensmetry

CONTRIBUTING.md

@@ -16,7 +16,7 @@ the code as free software.
 The text accepted by signing the commit, is the widely adopted DCO, maintained
 by the Linux Foundation, the full text of which is reproduced below.
 
-```plain
+```text
 Developer Certificate of Origin
 Version 1.1
 

Cargo.lock

@@ -155,10 +155,10 @@ Rules to follow:
 Rules for markdown (Rust doc comments, `.md` files):
 
 - always include a language specifier in fenced code blocks,
-  use `plain` if no language is appropriate:
+  use `text` if no language is appropriate:
 
   ````md
-  ```plain
+  ```text
   ```
   ````
 

DEVELOPMENT.md

@@ -33,7 +33,7 @@ allow native modules as described in [JEP
 472](https://openjdk.org/jeps/472#Description). Currently, the warning looks as
 follows:
 
-   ```plain
+   ```text
    WARNING: A restricted method in java.lang.System has been called
    WARNING: java.lang.System::load has been called by com.sensmetry.sysand.NativeLoader in an unnamed module (file:.../sysand-0.0.4-SNAPSHOT.jar)
    WARNING: Use --enable-native-access=ALL-UNNAMED to avoid a warning for callers in this module

bindings/java/README.md

@@ -10,6 +10,7 @@ use jni::{
     objects::{JClass, JObject, JObjectArray, JString},
 };
 use sysand_core::{
+    auth::Unauthenticated,
     build::KParBuildError,
     commands,
     env::local_directory::{self, LocalWriteError},
@@ -226,6 +227,8 @@ pub extern "system" fn Java_com_sensmetry_sysand_Sysand_info<'local>(
         Some(client),
         index_base_url.map(|x| vec![x]),
         runtime,
+        // FIXME: Add Java support for authentication
+        Arc::new(Unauthenticated {}),
     );
 
     let results = match commands::info::do_info(&uri, &combined_resolver) {

bindings/java/src/lib.rs

@@ -11,6 +11,7 @@ use pyo3::{
 use semver::{Version, VersionReq};
 use sysand_core::{
     add::do_add,
+    auth::Unauthenticated,
     build::{KParBuildError, do_build_kpar},
     commands::{
         env::{EnvError, do_env_local_dir},
@@ -156,6 +157,8 @@ fn do_info_py(
             Some(client),
             index_url,
             runtime,
+            // FIXME: Add Python support for authentication
+            Arc::new(Unauthenticated {}),
         );
 
         match do_info(&uri, &combined_resolver) {

bindings/js/package-lock.json

@@ -60,6 +60,7 @@ futures = { version = "0.3.31", default-features = false, features = ["alloc", "
 tokio = { version = "1.48.0", default-features = false, features = ["rt", "io-util"] }
 bytes = { version = "1.11.0", default-features = false }
 toml_edit = { version = "0.23.9", features = ["serde"] }
+globset = { version = "0.4.18", default-features = false }
 
 # Use native TLS only on Windows and Apple OSs
 [target.'cfg(any(target_os = "windows", target_vendor = "apple"))'.dependencies]

bindings/py/src/lib.rs

@@ -8,6 +8,6 @@ PACKAGE_DIR=$(dirname "$SCRIPT_DIR")
 
 cd "$PACKAGE_DIR"
 
-cargo test --features filesystem,networking,alltests
-cargo test --features js
-cargo test --features python
+cargo test --features filesystem,networking,alltests $@
+cargo test --features js $@
+cargo test --features python $@