1 files changed, 29 insertions, 6 deletions

diff --git a/adenosine/src/xrpc.rs b/adenosine/src/xrpc.rs
index 62f50cd..df7e2ac 100644
--- a/adenosine/src/xrpc.rs
+++ b/adenosine/src/xrpc.rs
@@ -2,6 +2,8 @@ use crate::auth::parse_did_from_jwt;
 use crate::identifiers::{Did, Nsid};
 use anyhow::anyhow;
 pub use anyhow::Result;
+use base64;
+use log::warn;
 use reqwest::header;
 use serde_json::{json, Value};
 use std::collections::HashMap;
@@ -33,10 +35,15 @@ pub struct XrpcClient {
     host: String,
     auth_token: Option<String>,
     refresh_token: Option<String>,
+    admin_password: Option<String>,
 }
 
 impl XrpcClient {
-    pub fn new(host: String, auth_token: Option<String>) -> Result<Self> {
+    pub fn new(
+        host: String,
+        auth_token: Option<String>,
+        admin_password: Option<String>,
+    ) -> Result<Self> {
         let http_client = reqwest::blocking::Client::builder()
             .user_agent(APP_USER_AGENT)
             .timeout(Duration::from_secs(30))
@@ -49,11 +56,27 @@ impl XrpcClient {
             host,
             auth_token: auth_token.clone(),
             refresh_token: auth_token,
+            admin_password,
         })
     }
 
-    fn auth_headers(&self) -> reqwest::header::HeaderMap {
+    fn auth_headers(&self, endpoint: &str) -> reqwest::header::HeaderMap {
         let mut headers = header::HeaderMap::new();
+        if endpoint == "com.atproto.account.createInviteCode"
+            || endpoint.starts_with("com.atproto.admin.")
+        {
+            if let Some(admin_password) = &self.admin_password {
+                let enc =
+                    base64::encode_config(format!("admin:{admin_password}"), base64::STANDARD);
+                let mut auth_value = header::HeaderValue::from_str(&format!("Basic {enc}"))
+                    .expect("header formatting");
+                auth_value.set_sensitive(true);
+                headers.insert(header::AUTHORIZATION, auth_value);
+                return headers;
+            } else {
+                warn!("endpoint requires admin auth, but password not supplied: {endpoint}")
+            };
+        };
         if let Some(token) = &self.auth_token {
             let mut auth_value = header::HeaderValue::from_str(&format!("Bearer {token}"))
                 .expect("header formatting");
@@ -107,7 +130,7 @@ impl XrpcClient {
         let res = self
             .http_client
             .get(format!("{}/xrpc/{nsid}", self.host))
-            .headers(self.auth_headers())
+            .headers(self.auth_headers(nsid))
             .query(&params)
             .send()?;
         // TODO: refactor this error handling stuff into single method
@@ -138,7 +161,7 @@ impl XrpcClient {
         let res = self
             .http_client
             .get(format!("{}/xrpc/{}", self.host, nsid))
-            .headers(self.auth_headers())
+            .headers(self.auth_headers(nsid))
             .query(&params)
             .send()?;
         if res.status() == 400 {
@@ -174,7 +197,7 @@ impl XrpcClient {
         let mut req = self
             .http_client
             .post(format!("{}/xrpc/{}", self.host, nsid))
-            .headers(self.auth_headers())
+            .headers(self.auth_headers(nsid))
             .query(&params);
         req = if let Some(b) = body {
             req.json(&b)
@@ -215,7 +238,7 @@ impl XrpcClient {
         let res = self
             .http_client
             .post(format!("{}/xrpc/{}", self.host, nsid))
-            .headers(self.auth_headers())
+            .headers(self.auth_headers(nsid))
             .query(&params)
             .header(reqwest::header::CONTENT_TYPE, "application/cbor")
             .body(buf)