MeiliSearch/meilisearch/src/routes/api_key.rs

180 lines
6.2 KiB
Rust
Raw Normal View History

2023-01-11 12:33:56 +01:00
use std::str;
use actix_web::{web, HttpRequest, HttpResponse};
2023-02-14 13:12:42 +01:00
use deserr::actix_web::{AwebJson, AwebQueryParameter};
2023-02-13 18:45:13 +01:00
use deserr::Deserr;
2022-10-20 18:00:07 +02:00
use meilisearch_auth::error::AuthControllerError;
use meilisearch_auth::AuthController;
use meilisearch_types::deserr::query_params::Param;
use meilisearch_types::deserr::{DeserrJsonError, DeserrQueryParamError};
2023-01-11 17:10:32 +01:00
use meilisearch_types::error::deserr_codes::*;
use meilisearch_types::error::{Code, ResponseError};
2023-01-11 12:33:56 +01:00
use meilisearch_types::keys::{Action, CreateApiKey, Key, PatchApiKey};
use serde::{Deserialize, Serialize};
use time::OffsetDateTime;
use uuid::Uuid;
2023-01-11 17:10:32 +01:00
use super::PAGINATION_DEFAULT_LIMIT;
2022-10-20 18:00:07 +02:00
use crate::extractors::authentication::policies::*;
use crate::extractors::authentication::GuardedData;
use crate::extractors::sequential_extractor::SeqHandler;
use crate::routes::Pagination;
pub fn configure(cfg: &mut web::ServiceConfig) {
cfg.service(
web::resource("")
2022-03-04 20:12:44 +01:00
.route(web::post().to(SeqHandler(create_api_key)))
.route(web::get().to(SeqHandler(list_api_keys))),
)
.service(
2022-05-25 10:32:47 +02:00
web::resource("/{key}")
2022-03-04 20:12:44 +01:00
.route(web::get().to(SeqHandler(get_api_key)))
.route(web::patch().to(SeqHandler(patch_api_key)))
.route(web::delete().to(SeqHandler(delete_api_key))),
);
}
pub async fn create_api_key(
2022-05-25 15:25:57 +02:00
auth_controller: GuardedData<ActionPolicy<{ actions::KEYS_CREATE }>, AuthController>,
2023-02-14 13:12:42 +01:00
body: AwebJson<CreateApiKey, DeserrJsonError>,
_req: HttpRequest,
) -> Result<HttpResponse, ResponseError> {
let v = body.into_inner();
let res = tokio::task::spawn_blocking(move || -> Result<_, AuthControllerError> {
let key = auth_controller.create_key(v)?;
Ok(KeyView::from_key(key, &auth_controller))
})
.await
.map_err(|e| ResponseError::from_msg(e.to_string(), Code::Internal))??;
Ok(HttpResponse::Created().json(res))
}
2023-02-13 18:45:13 +01:00
#[derive(Deserr, Debug, Clone, Copy)]
#[deserr(error = DeserrQueryParamError, rename_all = camelCase, deny_unknown_fields)]
2023-01-11 12:33:56 +01:00
pub struct ListApiKeys {
#[deserr(default, error = DeserrQueryParamError<InvalidApiKeyOffset>)]
pub offset: Param<usize>,
#[deserr(default = Param(PAGINATION_DEFAULT_LIMIT), error = DeserrQueryParamError<InvalidApiKeyLimit>)]
pub limit: Param<usize>,
}
2023-01-11 12:33:56 +01:00
impl ListApiKeys {
fn as_pagination(self) -> Pagination {
Pagination { offset: self.offset.0, limit: self.limit.0 }
}
}
pub async fn list_api_keys(
2022-05-25 15:25:57 +02:00
auth_controller: GuardedData<ActionPolicy<{ actions::KEYS_GET }>, AuthController>,
2023-02-14 13:12:42 +01:00
list_api_keys: AwebQueryParameter<ListApiKeys, DeserrQueryParamError>,
) -> Result<HttpResponse, ResponseError> {
2023-01-11 12:33:56 +01:00
let paginate = list_api_keys.into_inner().as_pagination();
let page_view = tokio::task::spawn_blocking(move || -> Result<_, AuthControllerError> {
let keys = auth_controller.list_keys()?;
2022-10-20 18:00:07 +02:00
let page_view = paginate
.auto_paginate_sized(keys.into_iter().map(|k| KeyView::from_key(k, &auth_controller)));
Ok(page_view)
})
.await
.map_err(|e| ResponseError::from_msg(e.to_string(), Code::Internal))??;
Ok(HttpResponse::Ok().json(page_view))
}
pub async fn get_api_key(
2022-05-25 15:25:57 +02:00
auth_controller: GuardedData<ActionPolicy<{ actions::KEYS_GET }>, AuthController>,
path: web::Path<AuthParam>,
) -> Result<HttpResponse, ResponseError> {
2022-05-25 10:32:47 +02:00
let key = path.into_inner().key;
let res = tokio::task::spawn_blocking(move || -> Result<_, AuthControllerError> {
2022-06-01 18:06:20 +02:00
let uid =
Uuid::parse_str(&key).or_else(|_| auth_controller.get_uid_from_encoded_key(&key))?;
2022-05-25 10:32:47 +02:00
let key = auth_controller.get_key(uid)?;
Ok(KeyView::from_key(key, &auth_controller))
})
.await
.map_err(|e| ResponseError::from_msg(e.to_string(), Code::Internal))??;
Ok(HttpResponse::Ok().json(res))
}
pub async fn patch_api_key(
2022-05-25 15:25:57 +02:00
auth_controller: GuardedData<ActionPolicy<{ actions::KEYS_UPDATE }>, AuthController>,
2023-02-14 13:12:42 +01:00
body: AwebJson<PatchApiKey, DeserrJsonError>,
path: web::Path<AuthParam>,
) -> Result<HttpResponse, ResponseError> {
2022-05-25 10:32:47 +02:00
let key = path.into_inner().key;
2023-01-11 12:33:56 +01:00
let patch_api_key = body.into_inner();
let res = tokio::task::spawn_blocking(move || -> Result<_, AuthControllerError> {
2022-06-01 18:06:20 +02:00
let uid =
Uuid::parse_str(&key).or_else(|_| auth_controller.get_uid_from_encoded_key(&key))?;
2023-01-11 12:33:56 +01:00
let key = auth_controller.update_key(uid, patch_api_key)?;
2022-05-25 10:32:47 +02:00
Ok(KeyView::from_key(key, &auth_controller))
})
.await
.map_err(|e| ResponseError::from_msg(e.to_string(), Code::Internal))??;
Ok(HttpResponse::Ok().json(res))
}
pub async fn delete_api_key(
2022-05-25 15:25:57 +02:00
auth_controller: GuardedData<ActionPolicy<{ actions::KEYS_DELETE }>, AuthController>,
path: web::Path<AuthParam>,
) -> Result<HttpResponse, ResponseError> {
2022-05-25 10:32:47 +02:00
let key = path.into_inner().key;
tokio::task::spawn_blocking(move || {
2022-06-01 18:06:20 +02:00
let uid =
Uuid::parse_str(&key).or_else(|_| auth_controller.get_uid_from_encoded_key(&key))?;
2022-05-25 10:32:47 +02:00
auth_controller.delete_key(uid)
})
.await
.map_err(|e| ResponseError::from_msg(e.to_string(), Code::Internal))??;
Ok(HttpResponse::NoContent().finish())
}
#[derive(Deserialize)]
pub struct AuthParam {
2022-05-25 10:32:47 +02:00
key: String,
}
#[derive(Debug, Serialize)]
#[serde(rename_all = "camelCase")]
struct KeyView {
2022-05-25 10:32:47 +02:00
name: Option<String>,
description: Option<String>,
key: String,
2022-05-25 10:32:47 +02:00
uid: Uuid,
actions: Vec<Action>,
indexes: Vec<String>,
#[serde(serialize_with = "time::serde::rfc3339::option::serialize")]
expires_at: Option<OffsetDateTime>,
#[serde(serialize_with = "time::serde::rfc3339::serialize")]
created_at: OffsetDateTime,
#[serde(serialize_with = "time::serde::rfc3339::serialize")]
updated_at: OffsetDateTime,
}
impl KeyView {
fn from_key(key: Key, auth: &AuthController) -> Self {
2022-05-25 10:32:47 +02:00
let generated_key = auth.generate_key(key.uid).unwrap_or_default();
KeyView {
2022-05-25 10:32:47 +02:00
name: key.name,
description: key.description,
key: generated_key,
2022-05-25 10:32:47 +02:00
uid: key.uid,
actions: key.actions,
indexes: key.indexes.into_iter().map(|x| x.to_string()).collect(),
expires_at: key.expires_at,
created_at: key.created_at,
updated_at: key.updated_at,
}
}
}