nsqd: Authentication secret leaks if request fails against the nsq auth server

[danrjohnson]

Context:

If the authentication server is unavailable (such as being down, unresolvable, etc.), it bubbles up the error directly from the net/http client. This includes the full path to the error, which includes the authentication secret. Since we run this in production, this is not ideal.

Naive demonstration of this with a local nsqd:

[nsqd] 2024/04/18 18:45:19.198649 ERROR: [192.168.65.1:50474] - E_AUTH_FAILED AUTH failed - failed to auth against localhost:9999 - Get "http://localhost:9999/auth?common_name=&remote_ip=192.168.65.1&secret=test&tls=false": dial tcp 127.0.0.1:9999: connect: connection refused

Proposed Solution:

Add support for POST based authentication requests in addition to GET. A configuration option/flag will specify which method to use -- something like --auth-http-auth-method=POST. When making a POST request that fails, those parameters are not leaked elsewhere by default.

I intend to submit a PR for this.

[danrjohnson]

PR #1487 submitted to address this

[mreiferson]

Yea, this makes sense.

[danrjohnson]

This was merged :-)

[danrjohnson]

Will we roll out a point release here that adds this in?

[mreiferson]

Yea, trying to catch up on all the outstanding PRs, then I'll work toward a new release.