-
-
Notifications
You must be signed in to change notification settings - Fork 10.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] API Key auth #9869
[WIP] API Key auth #9869
Conversation
ac1057f
to
d94d210
Compare
context: {internal: true} | ||
}, options); | ||
|
||
// TODO: does this rule need adjusting in our eslint config? |
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
core/server/data/schema/schema.js
Outdated
nullable: false, | ||
validations: {isIn: [['content', 'admin']]} | ||
}, | ||
secret: {type: 'string', maxlength: 64, nullable: false, unique: true}, |
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
})); | ||
} | ||
|
||
// TODO: should we do Buffer.from(x, 'hex') or is using the secret as-is ok? |
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
try { | ||
// TODO: grab the decoded payload and check if the payload endpoint | ||
// matches the requested endpoint | ||
jwt.verify(token, apiKey.get('secret'), JWT_OPTIONS); |
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
let [scheme, credentials] = header.split(' '); | ||
|
||
if (/^Bearer$/i.test(scheme)) { | ||
let [apiKeyId, token] = credentials.split('|'); |
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
return next(); | ||
} | ||
|
||
let {apiKeyId, token} = extractCredentialsFromHeader(req.headers.authorization); |
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
* @param {string} header | ||
*/ | ||
const extractCredentialsFromHeader = function extractCredentialsFromHeader(header) { | ||
let [scheme, credentials] = header.split(' '); |
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
3ac1cc8
to
92b8da4
Compare
8a725e2
to
6b95f5f
Compare
@@ -91,11 +101,11 @@ CanThisResult.prototype.buildObjectTypeHandlers = function (objTypes, actType, c | |||
// Offer a chance for the TargetModel to override the results | |||
if (TargetModel && _.isFunction(TargetModel.permissible)) { | |||
return TargetModel.permissible( | |||
modelId, actType, context, unsafeAttrs, loadedPermissions, hasUserPermission, hasAppPermission | |||
modelId, actType, context, unsafeAttrs, loadedPermissions, hasUserPermission, hasApiKeyPermission, hasAppPermission |
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
bd45e80
to
f63963d
Compare
This has been superseded by separate PRs. Closing. |
refs #9865
integrations
andapi_keys
tablesAdmin API Client
roleIntegration
modelApiKey
modeladmin
=Admin API Client
content
= no rolereq.api_key
andcontext.api_key
for API key requestscan-this
and theModel.permissible
functions to work withcontext.api_key
providers.apiKey
added to fetch role permissions associated with the api keyintegrations
andapi_keys
test fixturesTODO:
'Value in [users.name] cannot be blank.'
. Likely either or both:context.user
created/updated_by is dependent oncontext.user
context.user
usage inapi/users.handlePermissions
API
vsApi
api_key
vsapiKey
Separate PRs:
authenticatePrivate
created/updated/published_by
columns to api key valueapi_key.lastSeenAt
value for authenticated api key requests