Merge branch 'main' into add-instance-options

meilisearch-http/Cargo.toml

@@ -47,7 +47,6 @@ log = "0.4.14"
 meilisearch-auth = { path = "../meilisearch-auth" }
 meilisearch-error = { path = "../meilisearch-error" }
 meilisearch-lib = { path = "../meilisearch-lib" }
-milli = { git = "https://github.com/meilisearch/milli.git", tag = "v0.24.0" }
 mime = "0.3.16"
 num_cpus = "1.13.1"
 obkv = "0.2.0"

meilisearch-http/src/extractors/authentication/mod.rs

@@ -148,6 +148,18 @@ pub mod policies {
         validation
     }
 
+    /// Extracts the key prefix used to sign the payload from the payload, without performing any validation.
+    fn extract_key_prefix(token: &str) -> Option<String> {
+        let mut validation = tenant_token_validation();
+        validation.insecure_disable_signature_validation();
+        let dummy_key = DecodingKey::from_secret(b"secret");
+        let token_data = decode::<Claims>(token, &dummy_key, &validation).ok()?;
+
+        // get token fields without validating it.
+        let Claims { api_key_prefix, .. } = token_data.claims;
+        Some(api_key_prefix)
+    }
+
     pub struct MasterPolicy;
 
     impl Policy for MasterPolicy {
@@ -205,32 +217,7 @@ pub mod policies {
                 return None;
             }
 
-            let mut validation = tenant_token_validation();
-            validation.insecure_disable_signature_validation();
-            let dummy_key = DecodingKey::from_secret(b"secret");
-            let token_data = decode::<Claims>(token, &dummy_key, &validation).ok()?;
-
-            // get token fields without validating it.
-            let Claims {
-                search_rules,
-                exp,
-                api_key_prefix,
-            } = token_data.claims;
-
-            // Check index access if an index restriction is provided.
-            if let Some(index) = index {
-                if !search_rules.is_index_authorized(index) {
-                    return None;
-                }
-            }
-
-            // Check if token is expired.
-            if let Some(exp) = exp {
-                if OffsetDateTime::now_utc().unix_timestamp() > exp {
-                    return None;
-                }
-            }
-
+            let api_key_prefix = extract_key_prefix(token)?;
             // check if parent key is authorized to do the action.
             if auth
                 .is_key_authorized(api_key_prefix.as_bytes(), Action::Search, index)
@@ -238,15 +225,29 @@ pub mod policies {
             {
                 // Check if tenant token is valid.
                 let key = auth.generate_key(&api_key_prefix)?;
-                decode::<Claims>(
+                let data = decode::<Claims>(
                     token,
                     &DecodingKey::from_secret(key.as_bytes()),
                     &tenant_token_validation(),
                 )
                 .ok()?;
 
+                // Check index access if an index restriction is provided.
+                if let Some(index) = index {
+                    if !data.claims.search_rules.is_index_authorized(index) {
+                        return None;
+                    }
+                }
+
+                // Check if token is expired.
+                if let Some(exp) = data.claims.exp {
+                    if OffsetDateTime::now_utc().unix_timestamp() > exp {
+                        return None;
+                    }
+                }
+
                 return auth
-                    .get_key_filters(api_key_prefix, Some(search_rules))
+                    .get_key_filters(api_key_prefix, Some(data.claims.search_rules))
                     .ok();
             }
 

meilisearch-http/src/helpers/env.rs

@@ -1,10 +1,11 @@
+use meilisearch_lib::heed::Env;
 use walkdir::WalkDir;
 
 pub trait EnvSizer {
     fn size(&self) -> u64;
 }
 
-impl EnvSizer for milli::heed::Env {
+impl EnvSizer for Env {
     fn size(&self) -> u64 {
         WalkDir::new(self.path())
             .into_iter()

meilisearch-http/tests/common/server.rs

@@ -1,4 +1,6 @@
 #![allow(dead_code)]
+
+use clap::Parser;
 use std::path::Path;
 
 use actix_web::http::StatusCode;
@@ -126,36 +128,19 @@ pub fn default_settings(dir: impl AsRef<Path>) -> Opt {
     Opt {
         db_path: dir.as_ref().join("db"),
         dumps_dir: dir.as_ref().join("dump"),
-        http_addr: "127.0.0.1:7700".to_owned(),
-        master_key: None,
         env: "development".to_owned(),
         #[cfg(all(not(debug_assertions), feature = "analytics"))]
         no_analytics: true,
         max_index_size: Byte::from_unit(4.0, ByteUnit::GiB).unwrap(),
         max_task_db_size: Byte::from_unit(4.0, ByteUnit::GiB).unwrap(),
         http_payload_size_limit: Byte::from_unit(10.0, ByteUnit::MiB).unwrap(),
-        ssl_cert_path: None,
-        ssl_key_path: None,
-        ssl_auth_path: None,
-        ssl_ocsp_path: None,
-        ssl_require_auth: false,
-        ssl_resumption: false,
-        ssl_tickets: false,
-        import_snapshot: None,
-        ignore_missing_snapshot: false,
-        ignore_snapshot_if_db_exists: false,
         snapshot_dir: ".".into(),
-        schedule_snapshot: false,
-        snapshot_interval_sec: 0,
-        import_dump: None,
-        ignore_missing_dump: false,
-        ignore_dump_if_db_exists: false,
         indexer_options: IndexerOpts {
             // memory has to be unlimited because several meilisearch are running in test context.
             max_indexing_memory: MaxMemory::unlimited(),
             ..Default::default()
+            ..Parser::parse_from(None as Option<&str>)
         },
-        log_level: "off".into(),
-        scheduler_options: meilisearch_lib::options::SchedulerConfig::default(),
+        ..Parser::parse_from(None as Option<&str>)
     }
 }