Add user-agent to requests

[kfdm]

This avoids the default go Go-http-client/1.1 User-Agent in requests.

Ideally I would have this as mosquitto/<version> though I'm unsure how to read the Mosquitto version yet. Any pointers?

[iegomez]

Hi, @kfdm!

Thanks for your contribution, but could you tell me why is this needed?

[kfdm]

This would affect how it shows up in server logs

time:2021-05-27T12:33:07+00:00  method:POST     uri:/mosquitto/getuser  status:200      size:16    ua:Go-http-client/1.1    reqtime:0.330
time:2021-05-27T12:43:12+00:00  method:POST     uri:/mosquitto/getuser  status:200      size:16    ua:mosquitto    reqtime:0.191

Better to explicitly set the user agent to help with debugging, instead of leaving the generic default.

I still want to see if I can get the proper version in there to make this as mosquitto/<mosquitto version> or perhaps as mosquitto-go-auth/<version>
Do you have any recommendation on that ?

[iegomez]

@kfdm We could probably pass the version on plugin initialization and then set it in http/jwt backend.

On the idea itself, I don't feel comfortable hardcoding the user agent. Instead, I'd add options that allow it to be set however the user wants, e.g.:

auth_opt_http_user_agent http-custom-user-agent
auth_opt_http_user_agent_mosquitto_version true 

auth_opt_jwt_user_agent jwt-custom-user-agent
auth_opt_jwt_user_agent_mosquitto_version true 

[iegomez]

By the way, these are defined at mosquito.h header and provide the full version:

#define LIBMOSQUITTO_MAJOR 2
#define LIBMOSQUITTO_MINOR 0
#define LIBMOSQUITTO_REVISION 8

[kfdm]

Thank you for the feedback! 🙇

Though I have not implemented yet, instead of two fields how about a single value?

# No value to default to mosquitto
# custom value to set the agent
auth_opt_http_user_agent http-custom-user-agent
# Or a sentinel value to disable sending the agent all together
auth_opt_http_user_agent false

I am still trying to think of a clean way to get the version number. I feel like there is probably a cleaner way to handle the version than this, so I'm still thinking through it

GoInt data[3] = {LIBMOSQUITTO_MAJOR, LIBMOSQUITTO_MINOR, LIBMOSQUITTO_REVISION};
GoSlice version = {data, 3, 3};

AuthPluginInit(keysSlice, valuesSlice, opts_count, version);

[iegomez]

@kfdm I don't agree with defaulting to mosquitto as the User-Agent, we shouldn't set one at all unless the user explicitly tells us so. When the option is not given, we simply shouldn't set the agent and let go-http do whatever it does, e.g. Go-http-client/1.1 in the current version.

Likewise, since we're already adding options, I don't see a reason to impose the appended version: let the user decide if they want to attach it or not.

I am still trying to think of a clean way to get the version number. I feel like there is probably a cleaner way to handle the version than this, so I'm still thinking through it

Mm... maybe a simple sprintf to concatenate and format the version as "x.y.z" and then pass it along as a GoString? Sorry, haven't given it much thought really. 🤷

[iegomez]

@kfdm any updates on this? I like the general idea, but would like my last comment to be addressed. Let me know if you're available to do so, or if I should take care of it.

Cheers!

[kfdm]

Thank you for checking back. I allowed myself to get distracted by some other things.

I feel like I have to respectfully disagree with you a bit on the default bit. I will yield to you on the specific version number, if you are worried about that from a security perspective.

As an operator, I feel like the least surprising behavior is for an application to provide a user agent. It can be rather frustrating on the infrastructure side, to try to track down a random script that uses that languages' default user-agent. The current behavior is defaulting to sending an incorrect agent (from the perspective of an operator)

[iegomez]

@kfdm Yeah, you might be right. I don't really feel very strongly about it, maybe the fact that it'd be a change that would probably go unnoticed but could in fact surprise users (hey, why is there this user agent all of a sudden?) had me leaning towards not changing it by default. But let's just default to mosquitto and be explicit about it in the docs.

[kfdm]

I've rebased to make sure there are no issues. There's not a specific changelog file in the repository itself, so I'm not sure if there's a specific place to call out the update to the default user-agent

[iegomez]

Thanks for rebasing! Will you add Mosquitto's version? If so, please also add tests for both backends with and without having versions passed along.

[iegomez]

Can we make the default a constant? Also, feel free not to export it, i.e. userAgent instead of UserAgent. I just haven't gotten to refactor http like I did with jwt backend.

[iegomez]

Same here.

[iegomez]

I've rebased to make sure there are no issues. There's not a specific changelog file in the repository itself, so I'm not sure if there's a specific place to call out the update to the default user-agent

I think adding to the README and documenting Mosquitto's version once you add it is enough, then I can mention the change ion the next release as I usually do.

[kfdm]

I think I'll leave off the version number for now. Can always try to attempt it again, but my earlier attempts to try to get the version number from the mosquitto side were not as clean as I had hoped.

Both http.go and jwt_remote.go are in the same backend package, so I put defaultUserAgent with the rest of the constants.

Would you prefer me to rebase everything into a single commit, or will you do that as part of the final merge?

[iegomez]

Cool, defaultUserAgent looks good. And don't worry about rebasing, I'll give the version a try and add a test before squashing and merging.

Thanks again!

[iegomez]

@kfdm I added the version to the default user agent in #182.
Let me know what you think.

By the way, feel free to rebase/merge the version changes in your branch so that one gets merged instead of mine.

[kfdm]

That looks great! I'm not picky about getting credit for it. My work was quite simple. I'm also fine with you closing this PR and merging yours if that makes it easiest for you :)

[iegomez]

It was your idea, @kfdm, I just added the version, so credit where credit is due.
I didn't know how to commit on your branch (is that even possible with PRs from forks?) so I opened a separate PR, but again, feel free to rebase and I'll merge yours. 😉

[kfdm]

Ok, I think I succeeded in rebasing correctly. It's now in two commits.
The first was my original few commits squashed into one
The second is your changes to bring in the version and all the test cases.

Git kept trying to assign the edit to me XD so I think I fixed that with git commit --amend --author=".." --date="$(date -R)"

Let me know if it still looks ok.

[iegomez]

Cool then, let's merge it. Thanks, Paul!