searchengines-web/MeiliSearch
searchengines-web/MeiliSearch
1
0
Fork 0
mirror of https://github.com/meilisearch/MeiliSearch synced 2025-07-15 13:58:36 +02:00
Code Issues Releases Wiki Activity

Make the uuids random again to prevent abuse using rainbow tables

Browse source
This commit is contained in:
Mubelotix 2025-06-19 15:45:09 +02:00
parent 67f2a30d7c
commit 705e9a9e5e
No known key found for this signature in database
GPG key ID: 89F391DBCC8CE7F0
2 changed files with 9 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

8
crates/meilisearch-types/src/keys.rs
View file

@ -131,7 +131,7 @@ pub struct Key {
impl Key {
pub fn default_admin() -> Self {
let now = OffsetDateTime::now_utc();
let uid = Uuid::from_u128(0);
let uid = Uuid::new_v4();
Self {
name: Some("Default Admin API Key".to_string()),
description: Some("Use it for anything that is not a search operation. Caution! Do not expose it on a public frontend".to_string()),
@ -146,7 +146,7 @@ impl Key {
pub fn default_management() -> Self {
let now = OffsetDateTime::now_utc();
let uid = Uuid::from_u128(1);
let uid = Uuid::new_v4();
Self {
name: Some("Default Read-Only Admin API Key".to_string()),
description: Some("Use it to peek into the instance in a read-only mode. Caution! Do not expose it on a public frontend. It would give access to all other keys".to_string()),
@ -161,7 +161,7 @@ impl Key {
pub fn default_search() -> Self {
let now = OffsetDateTime::now_utc();
let uid = Uuid::from_u128(2);
let uid = Uuid::new_v4();
Self {
name: Some("Default Search API Key".to_string()),
description: Some("Use it to search from the frontend".to_string()),
@ -176,7 +176,7 @@ impl Key {
pub fn default_chat() -> Self {
let now = OffsetDateTime::now_utc();
let uid = Uuid::from_u128(3);
let uid = Uuid::new_v4();
Self {
name: Some("Default Chat API Key".to_string()),
description: Some("Use it to chat and search from the frontend".to_string()),

10
crates/meilisearch/tests/auth/api_keys.rs
View file

@ -790,7 +790,7 @@ async fn list_api_keys() {
meili_snap::snapshot!(code, @"201 Created");
let (response, code) = server.list_api_keys("").await;
meili_snap::snapshot!(meili_snap::json_string!(response, { ".results[].createdAt" => "[ignored]", ".results[].updatedAt" => "[ignored]", ".results[0].uid" => "[ignored]", ".results[].key" => "[ignored]" }), @r#"
meili_snap::snapshot!(meili_snap::json_string!(response, { ".results[].createdAt" => "[ignored]", ".results[].updatedAt" => "[ignored]", ".results[].uid" => "[ignored]", ".results[].key" => "[ignored]" }), @r#"
{
"results": [
{
@ -824,7 +824,7 @@ async fn list_api_keys() {
"name": "Default Search API Key",
"description": "Use it to search from the frontend",
"key": "[ignored]",
"uid": "00000000-0000-0000-0000-000000000002",
"uid": "[ignored]",
"actions": [
"search"
],
@ -839,7 +839,7 @@ async fn list_api_keys() {
"name": "Default Admin API Key",
"description": "Use it for anything that is not a search operation. Caution! Do not expose it on a public frontend",
"key": "[ignored]",
"uid": "00000000-0000-0000-0000-000000000000",
"uid": "[ignored]",
"actions": [
"*"
],
@ -854,7 +854,7 @@ async fn list_api_keys() {
"name": "Default Read-Only Admin API Key",
"description": "Use it to peek into the instance in a read-only mode. Caution! Do not expose it on a public frontend. It would give access to all other keys",
"key": "[ignored]",
"uid": "00000000-0000-0000-0000-000000000001",
"uid": "[ignored]",
"actions": [
"*.get"
],
@ -869,7 +869,7 @@ async fn list_api_keys() {
"name": "Default Chat API Key",
"description": "Use it to chat and search from the frontend",
"key": "[ignored]",
"uid": "00000000-0000-0000-0000-000000000003",
"uid": "[ignored]",
"actions": [
"chatCompletions",
"search"