Skip to content

Add comprehensive Basic Authentication example #657

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jeremyandrews wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Add comprehensive Basic Authentication example #657

jeremyandrews wants to merge 4 commits into from

Conversation

@jeremyandrews
Copy link
Member

@jeremyandrews jeremyandrews commented Sep 9, 2025

Add comprehensive Basic Authentication example

Summary

Adds examples/basic_auth.rs demonstrating three approaches to HTTP Basic Authentication in Goose load tests, addressing the static asset authentication problem described in issue #608.

Changes

New Files

  • examples/basic_auth.rs - Complete working example with three authentication approaches
  • src/docs/goose-book/src/example/basic-auth.md - Comprehensive documentation
  • Updated src/docs/goose-book/src/SUMMARY.md and src/docs/goose-book/src/example/overview.md

Approaches Demonstrated

  1. Custom Client with Default Headers (Recommended)

  2. Helper Function Approach

    • Adds Basic Auth to each request via helper function
    • More flexible but requires calling for every request
    • Does not handle static assets automatically

  3. Manual Per-Request Authentication

    • Demonstrates the original problem where auth doesn't propagate
    • Shows why this approach fails for static assets

Configuration Support

  • BASIC_AUTH_USERNAME / BASIC_AUTH_PASSWORD (separate variables)
  • BASIC_AUTH="username:password" (combined format)
  • Default credentials for httpbin.org testing

Testing

  • Successfully tested with httpbin.org
  • All three approaches work correctly
  • Proper HTTP 200 responses for authenticated endpoints

Closes #608

@jeremyandrews
Add comprehensive Basic Authentication example
ac3324b 
- Add examples/basic_auth.rs demonstrating three approaches to Basic Auth
- Add complete documentation in src/docs/goose-book/src/example/basic-auth.md
- Update documentation structure and changelog
- Addresses static asset authentication problem from issue tag1consulting#608

Closes tag1consulting#608
github-actions[bot]
github-actions bot reviewed Sep 9, 2025
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📋 Review Summary

This pull request introduces a comprehensive example for handling Basic Authentication in Goose load tests. The changes are well-structured, with clear code and thorough documentation. The addition of three different approaches to Basic Auth is particularly valuable for users.

🔍 General Feedback

  • The new basic_auth.rs example is excellent. It's well-commented and clearly demonstrates the different methods for handling Basic Authentication.
  • The accompanying documentation is also very well-written and provides a great explanation of the problem and the solutions.
  • The use of environment variables for credentials is a good security practice.

I have one minor suggestion to make the code in the example slightly more efficient, but overall this is a great addition to the project.

@github-actions
Copy link

github-actions bot commented Sep 9, 2025

There is a problem with the Gemini CLI PR review. Please check the action logs for details.

@jeremyandrews
Add comment explaining base64 crate alternative
23a3a1f 
Explain that production code could use the base64 crate instead of the
custom implementation, but we avoided it to keep the example self-contained
without adding extra dependencies just for demonstration purposes.
@jeremyandrews
Fix basic_auth example compilation error with cookies feature
785ca0a 
- Wrap entire example in cookies feature flag to avoid cookie_store() compilation errors
- Provide clear error message when cookies feature is disabled
- Use clean module-based approach with minimal #[cfg] statements
- Fixes compilation error from PR tag1consulting#657

The basic_auth example demonstrates session management with Basic Authentication,
which requires cookie support to maintain authentication state across requests.
When cookies are disabled, users get helpful guidance on how to enable them.
LionsAd
LionsAd reviewed Sep 19, 2025
View reviewed changes
src/docs/goose-book/src/example/overview.md
- [Closure](closure.md) *([examples/closure.rs](https://github.com/tag1consulting/goose/blob/main/examples/closure.rs))*
- [Session](session.md) *([examples/session.rs](https://github.com/tag1consulting/goose/blob/main/examples/session.rs))*
- [Basic Authentication](basic-auth.md) *([examples/basic_auth.rs](https://github.com/tag1consulting/goose/blob/main/examples/basic_auth.rs))*
- [GraphQL](graphql.md) *([examples/graphql_loadtest.rs](https://github.com/tag1consulting/goose/blob/main/examples/graphql_loadtest.rs))*
Copy link
Collaborator

@LionsAd LionsAd Sep 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit - unrelated change

Copy link
Member Author

@jeremyandrews jeremyandrews Sep 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed, but we missed it in the earlier PR that was already merged, and it feels like overkill to create a new PR for this change.

LionsAd
LionsAd reviewed Sep 19, 2025
View reviewed changes
examples/basic_auth.rs

/// Simple base64 encoding function to avoid external dependencies
///
/// Note: In production code, you could use the `base64` crate for this functionality:
Copy link
Collaborator

@LionsAd LionsAd Sep 19, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"you should use - this example implementation has limitations and is not meant for production usage."

-> needs to be emphasized stronger as this implementation has issues. (particularly: "this implementation lacks padding handling and input validation, which could lead to issues with edge cases".)

LionsAd
LionsAd reviewed Sep 19, 2025
View reviewed changes
Copy link
Collaborator

@LionsAd LionsAd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Review: Basic Authentication Example (#657)

🎯 Core Assessment

This is a valuable and well-executed contribution that addresses a real user need (GitHub issue #608). The PR provides comprehensive guidance on Basic Authentication with three practical approaches, excellent documentation, and working code that has been tested successfully.

📋 Recommendations by Category

🔧 Technical Improvements (Quick Fixes)

Environment Variable Parsing

  • Problem: split(':') will break if password contains colons
  • Solution: Use splitn(2, ':') for proper username:password parsing
  • Effort: One-line change in credential parsing function

Code Consistency

  • Problem: Uses println! instead of Goose logging patterns
  • Solution: Replace with info!, warn! macros where appropriate
  • Effort: Low - simple replacements for consistency

Documentation Check

  • Problem: Potential GraphQL entry duplication in overview.md
  • Solution: Verify no duplicate entries exist
  • Effort: Quick documentation review

🎨 Design Discussions (Working Fine As-Is)

Base64 Implementation

  • Current Approach: Custom base64_encode function for self-contained example
  • Alternative: Use base64 crate as dev dependency
  • Business Reality: Self-contained examples have educational value; current implementation works correctly and includes clear production guidance

Feature Flag Approach

  • Current Approach: Wraps entire example in cookies feature gate
  • Alternative: Only conditionally gate cookie_store(true) call
  • Business Reality: Current approach provides clear user guidance and works well; over-optimization not needed

🚀 Enhancement Opportunities (Nice to Have)

Static Asset Demonstration

  • Enhancement: Add validate_and_load_static_assets call to concretely show the static asset propagation benefit
  • Current: Well-documented in comments and explanations
  • Value: Would strengthen the practical demonstration

Educational Clarity

  • Enhancement: Brief comment explaining why custom client approach specifically solves static asset authentication
  • Current: Explained in documentation
  • Value: Would reinforce the key insight

(Powered by Claude Code)

LionsAd
LionsAd previously approved these changes Sep 19, 2025
View reviewed changes
Copy link
Collaborator

@LionsAd LionsAd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

RTBM - but the base64 recommendation should be fixed. Other improvements COULD me made.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@LionsAd LionsAd LionsAd left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

How can I test a site behind Basic Auth

2 participants

@jeremyandrews @LionsAd