Patch errors

2025-07-03 03:47:02 +02:00 · 2022-06-01 14:11:56 +02:00 · 2022-06-01 14:11:56 +02:00 · 94b32cce01
commit 94b32cce01
parent b2e2dc8558
5 changed files with 59 additions and 100 deletions
--- a/meilisearch-auth/src/error.rs
+++ b/meilisearch-auth/src/error.rs
@ -22,12 +22,14 @@ pub enum AuthControllerError {
        "`name` field value `{0}` is invalid. It should be a string or specified as a null value."
    )]
    InvalidApiKeyName(Value),
-    #[error("`uid` field value `{0}` is invalid. It should be a valid uuidv4 string or ommited.")]
+    #[error("`uid` field value `{0}` is invalid. It should be a valid UUID v4 string or omitted.")]
    InvalidApiKeyUid(Value),
    #[error("API key `{0}` not found.")]
    ApiKeyNotFound(String),
-    #[error("`uid` field value `{0}` already exists for an API key.")]
+    #[error("`uid` field value `{0}` is already an existing API key.")]
    ApiKeyAlreadyExists(String),
+    #[error("`{0}` field cannot be modified for the given resource.")]
+    ImmutableField(String),
    #[error("Internal error: {0}")]
    Internal(Box<dyn Error + Send + Sync + 'static>),
 }
@ -51,6 +53,7 @@ impl ErrorCode for AuthControllerError {
            Self::ApiKeyNotFound(_) => Code::ApiKeyNotFound,
            Self::InvalidApiKeyUid(_) => Code::InvalidApiKeyUid,
            Self::ApiKeyAlreadyExists(_) => Code::ApiKeyAlreadyExists,
+            Self::ImmutableField(_) => Code::ImmutableField,
            Self::Internal(_) => Code::Internal,
        }
    }
--- a/meilisearch-auth/src/key.rs
+++ b/meilisearch-auth/src/key.rs
@ -99,6 +99,30 @@ impl Key {
            self.name = des?;
        }

+        if value.get("uid").is_some() {
+            return Err(AuthControllerError::ImmutableField("uid".to_string()));
+        }
+
+        if value.get("actions").is_some() {
+            return Err(AuthControllerError::ImmutableField("actions".to_string()));
+        }
+
+        if value.get("indexes").is_some() {
+            return Err(AuthControllerError::ImmutableField("indexes".to_string()));
+        }
+
+        if value.get("expiresAt").is_some() {
+            return Err(AuthControllerError::ImmutableField("expiresAt".to_string()));
+        }
+
+        if value.get("createdAt").is_some() {
+            return Err(AuthControllerError::ImmutableField("createdAt".to_string()));
+        }
+
+        if value.get("updatedAt").is_some() {
+            return Err(AuthControllerError::ImmutableField("updatedAt".to_string()));
+        }
+
        self.updated_at = OffsetDateTime::now_utc();

        Ok(())