searchengines-web/MeiliSearch
searchengines-web/MeiliSearch
1
0
Fork 0
mirror of https://github.com/meilisearch/MeiliSearch synced 2025-07-15 13:58:36 +02:00
Code Issues Releases Wiki Activity

Make the uuids random again to prevent abuse using rainbow tables

Browse source
This commit is contained in:
Mubelotix 2025-06-19 15:45:09 +02:00
parent 67f2a30d7c
commit 705e9a9e5e
No known key found for this signature in database
GPG key ID: 89F391DBCC8CE7F0
2 changed files with 9 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

8
crates/meilisearch-types/src/keys.rs
View file

@ -131,7 +131,7 @@ pub struct Key {
impl Key { impl Key {
pub fn default_admin() -> Self { pub fn default_admin() -> Self {
let now = OffsetDateTime::now_utc(); let now = OffsetDateTime::now_utc();
let uid = Uuid::from_u128(0); let uid = Uuid::new_v4();
Self { Self {
name: Some("Default Admin API Key".to_string()), name: Some("Default Admin API Key".to_string()),
description: Some("Use it for anything that is not a search operation. Caution! Do not expose it on a public frontend".to_string()), description: Some("Use it for anything that is not a search operation. Caution! Do not expose it on a public frontend".to_string()),
@ -146,7 +146,7 @@ impl Key {
pub fn default_management() -> Self { pub fn default_management() -> Self {
let now = OffsetDateTime::now_utc(); let now = OffsetDateTime::now_utc();
let uid = Uuid::from_u128(1); let uid = Uuid::new_v4();
Self { Self {
name: Some("Default Read-Only Admin API Key".to_string()), name: Some("Default Read-Only Admin API Key".to_string()),
description: Some("Use it to peek into the instance in a read-only mode. Caution! Do not expose it on a public frontend. It would give access to all other keys".to_string()), description: Some("Use it to peek into the instance in a read-only mode. Caution! Do not expose it on a public frontend. It would give access to all other keys".to_string()),
@ -161,7 +161,7 @@ impl Key {
pub fn default_search() -> Self { pub fn default_search() -> Self {
let now = OffsetDateTime::now_utc(); let now = OffsetDateTime::now_utc();
let uid = Uuid::from_u128(2); let uid = Uuid::new_v4();
Self { Self {
name: Some("Default Search API Key".to_string()), name: Some("Default Search API Key".to_string()),
description: Some("Use it to search from the frontend".to_string()), description: Some("Use it to search from the frontend".to_string()),
@ -176,7 +176,7 @@ impl Key {
pub fn default_chat() -> Self { pub fn default_chat() -> Self {
let now = OffsetDateTime::now_utc(); let now = OffsetDateTime::now_utc();
let uid = Uuid::from_u128(3); let uid = Uuid::new_v4();
Self { Self {
name: Some("Default Chat API Key".to_string()), name: Some("Default Chat API Key".to_string()),
description: Some("Use it to chat and search from the frontend".to_string()), description: Some("Use it to chat and search from the frontend".to_string()),

10
crates/meilisearch/tests/auth/api_keys.rs
View file

@ -790,7 +790,7 @@ async fn list_api_keys() {
meili_snap::snapshot!(code, @"201 Created"); meili_snap::snapshot!(code, @"201 Created");
let (response, code) = server.list_api_keys("").await; let (response, code) = server.list_api_keys("").await;
meili_snap::snapshot!(meili_snap::json_string!(response, { ".results[].createdAt" => "[ignored]", ".results[].updatedAt" => "[ignored]", ".results[0].uid" => "[ignored]", ".results[].key" => "[ignored]" }), @r#" meili_snap::snapshot!(meili_snap::json_string!(response, { ".results[].createdAt" => "[ignored]", ".results[].updatedAt" => "[ignored]", ".results[].uid" => "[ignored]", ".results[].key" => "[ignored]" }), @r#"
{ {
"results": [ "results": [
{ {
@ -824,7 +824,7 @@ async fn list_api_keys() {
"name": "Default Search API Key", "name": "Default Search API Key",
"description": "Use it to search from the frontend", "description": "Use it to search from the frontend",
"key": "[ignored]", "key": "[ignored]",
"uid": "00000000-0000-0000-0000-000000000002", "uid": "[ignored]",
"actions": [ "actions": [
"search" "search"
], ],
@ -839,7 +839,7 @@ async fn list_api_keys() {
"name": "Default Admin API Key", "name": "Default Admin API Key",
"description": "Use it for anything that is not a search operation. Caution! Do not expose it on a public frontend", "description": "Use it for anything that is not a search operation. Caution! Do not expose it on a public frontend",
"key": "[ignored]", "key": "[ignored]",
"uid": "00000000-0000-0000-0000-000000000000", "uid": "[ignored]",
"actions": [ "actions": [
"*" "*"
], ],
@ -854,7 +854,7 @@ async fn list_api_keys() {
"name": "Default Read-Only Admin API Key", "name": "Default Read-Only Admin API Key",
"description": "Use it to peek into the instance in a read-only mode. Caution! Do not expose it on a public frontend. It would give access to all other keys", "description": "Use it to peek into the instance in a read-only mode. Caution! Do not expose it on a public frontend. It would give access to all other keys",
"key": "[ignored]", "key": "[ignored]",
"uid": "00000000-0000-0000-0000-000000000001", "uid": "[ignored]",
"actions": [ "actions": [
"*.get" "*.get"
], ],
@ -869,7 +869,7 @@ async fn list_api_keys() {
"name": "Default Chat API Key", "name": "Default Chat API Key",
"description": "Use it to chat and search from the frontend", "description": "Use it to chat and search from the frontend",
"key": "[ignored]", "key": "[ignored]",
"uid": "00000000-0000-0000-0000-000000000003", "uid": "[ignored]",
"actions": [ "actions": [
"chatCompletions", "chatCompletions",
"search" "search"