Default to unauthenticated client if auth_config.toml not found

[rpschoenburg]

This solves an issue where you couldn't connect to any host, even unauthenticated ones, if auth_config.toml did not exist.

In current main, if auth_config.toml exists but there's no auth token for a host, the client code can still return a client with no authorization. This PR matches that behavior for if auth_config.toml doesn't exist.

To test:

1. Move or rename ~/.config/oxen/auth_config.toml
2. Use oxen create-remote --host localhost:3000 --name ox/no-auth --scheme http to create a new remote. This won't work in current main, but does with this PR

You can also consider connecting to other unauthenticated hosts

Summary by CodeRabbit

• Bug Fixes
  • Improved API client resilience to handle missing authentication configuration gracefully instead of failing.
  • Enhanced error handling and logging when authentication token retrieval encounters issues.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

The builder_for_host function in the client API now gracefully handles missing authentication configuration by returning an unauthenticated builder instead of failing. Token retrieval errors are logged without preventing request building.

Changes

Cohort / File(s)	Summary
Authentication Error Handling oxen-rust/src/lib/src/api/client.rs	Modified builder_for_host to tolerate missing auth config by returning builder without authorization; token retrieval failures are logged but allow builder to proceed; invalid Authorization header handling updated with consistent error variable naming

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Authentication logic changes — Review carefully to verify that allowing unauthenticated requests doesn't bypass intended security requirements
• Error handling paths — Confirm all three paths (missing auth config, token retrieval failure, invalid header) are intentional and don't mask critical authentication issues

Poem

🐰 A builder now bravely stands tall,
With or without auth's call,
When tokens go missing, it shrugs and moves on,
No panic, just logs as it carries along,
Hop toward resilience, through thick and through thin! 🌿

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and concisely describes the main change: defaulting to an unauthenticated client when auth_config.toml is not found, which is the primary objective of this PR.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ENG-326/auth_config_issue

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

oxen-rust/src/lib/src/api/client.rs (1)

100-100: Consider clarifying the log message.

The message "No auth token found for host {}" could be misleading, as it suggests the host is missing from an existing config, when the actual issue is that the config couldn't be loaded at all. The error e provides context, but a clearer message would improve debugging.

Consider updating the message to better reflect the situation:

-            log::debug!("remote::client::new_for_host error getting config: {}. No auth token found for host {}", e, host.as_ref());
+            log::debug!("remote::client::new_for_host unable to load auth config: {}. Proceeding without authentication for host {}", e, host.as_ref());

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f8b2567 and 64d3cce.

📒 Files selected for processing (1)

• oxen-rust/src/lib/src/api/client.rs (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

oxen-rust/src/lib/src/api/client.rs (1)

oxen-rust/src/lib/src/config/auth_config.rs (1)

• get (59-76)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Test Suite / Test Suite (ubuntu-latest)
• GitHub Check: Test Suite / Test Suite (windows-latest)
• GitHub Check: Test Suite / Test Suite (macos-latest)

🔇 Additional comments (1)

oxen-rust/src/lib/src/api/client.rs (1)

96-103: LGTM - implementation correctly handles missing auth config.

The graceful fallback to an unauthenticated builder when AuthConfig::get() fails is appropriate and aligns with the PR objective. AuthConfig::get() returns errors only when the home directory cannot be determined or when the auth config file doesn't exist—not from permission issues, as the function doesn't check file permissions. Both error types warrant proceeding without authentication, making the current error handling correct.

The two different error handling strategies at lines 97 (initial setup) and 160 (403 response) are appropriately contextual.