feat(auth): Extend API keys

- Add API keys in snapshots
- Add API keys in dumps
- Rename action indexes.add to indexes.create
- fix QA #1979

fix #1979
fix #1995
fix #2001
fix #2003
related to #1890

meilisearch-http/tests/auth/authorization.rs

@@ -1,4 +1,5 @@
 use crate::common::Server;
+use chrono::{Duration, Utc};
 use maplit::hashmap;
 use once_cell::sync::Lazy;
 use serde_json::{json, Value};
@@ -19,7 +20,7 @@ static AUTHORIZATIONS: Lazy<HashMap<(&'static str, &'static str), &'static str>>
             ("PUT",     "/indexes/products/") =>                               "indexes.update",
             ("GET",     "/indexes/products/") =>                               "indexes.get",
             ("DELETE",  "/indexes/products/") =>                               "indexes.delete",
-            ("POST",    "/indexes") =>                                         "indexes.add",
+            ("POST",    "/indexes") =>                                         "indexes.create",
             ("GET",     "/indexes") =>                                         "indexes.get",
             ("GET",     "/indexes/products/settings") =>                       "settings.get",
             ("GET",     "/indexes/products/settings/displayed-attributes") =>  "settings.get",
@@ -61,13 +62,15 @@ static INVALID_RESPONSE: Lazy<Value> = Lazy::new(|| {
 
 #[actix_rt::test]
 async fn error_access_expired_key() {
+    use std::{thread, time};
+
     let mut server = Server::new_auth().await;
     server.use_api_key("MASTER_KEY");
 
     let content = json!({
         "indexes": ["products"],
         "actions": ALL_ACTIONS.clone(),
-        "expiresAt": "2020-11-13T00:00:00Z"
+        "expiresAt": (Utc::now() + Duration::seconds(1)),
     });
 
     let (response, code) = server.add_api_key(content).await;
@@ -77,6 +80,9 @@ async fn error_access_expired_key() {
     let key = response["key"].as_str().unwrap();
     server.use_api_key(&key);
 
+    // wait until the key is expired.
+    thread::sleep(time::Duration::new(1, 0));
+
     for (method, route) in AUTHORIZATIONS.keys() {
         let (response, code) = server.dummy_request(method, route).await;
 
@@ -93,7 +99,7 @@ async fn error_access_unauthorized_index() {
     let content = json!({
         "indexes": ["sales"],
         "actions": ALL_ACTIONS.clone(),
-        "expiresAt": "2050-11-13T00:00:00Z"
+        "expiresAt": Utc::now() + Duration::hours(1),
     });
 
     let (response, code) = server.add_api_key(content).await;
@@ -123,7 +129,7 @@ async fn error_access_unauthorized_action() {
     let content = json!({
         "indexes": ["products"],
         "actions": [],
-        "expiresAt": "2050-11-13T00:00:00Z"
+        "expiresAt": Utc::now() + Duration::hours(1),
     });
 
     let (response, code) = server.add_api_key(content).await;
@@ -159,7 +165,7 @@ async fn access_authorized_restricted_index() {
     let content = json!({
         "indexes": ["products"],
         "actions": [],
-        "expiresAt": "2050-11-13T00:00:00Z"
+        "expiresAt": Utc::now() + Duration::hours(1),
     });
 
     let (response, code) = server.add_api_key(content).await;
@@ -210,7 +216,7 @@ async fn access_authorized_no_index_restriction() {
     let content = json!({
         "indexes": ["*"],
         "actions": [],
-        "expiresAt": "2050-11-13T00:00:00Z"
+        "expiresAt": Utc::now() + Duration::hours(1),
     });
 
     let (response, code) = server.add_api_key(content).await;
@@ -272,7 +278,7 @@ async fn access_authorized_stats_restricted_index() {
     let content = json!({
         "indexes": ["products"],
         "actions": ["stats.get"],
-        "expiresAt": "2050-11-13T00:00:00Z"
+        "expiresAt": Utc::now() + Duration::hours(1),
     });
     let (response, code) = server.add_api_key(content).await;
     assert_eq!(code, 201);
@@ -311,7 +317,7 @@ async fn access_authorized_stats_no_index_restriction() {
     let content = json!({
         "indexes": ["*"],
         "actions": ["stats.get"],
-        "expiresAt": "2050-11-13T00:00:00Z"
+        "expiresAt": Utc::now() + Duration::hours(1),
     });
     let (response, code) = server.add_api_key(content).await;
     assert_eq!(code, 201);
@@ -350,7 +356,7 @@ async fn list_authorized_indexes_restricted_index() {
     let content = json!({
         "indexes": ["products"],
         "actions": ["indexes.get"],
-        "expiresAt": "2050-11-13T00:00:00Z"
+        "expiresAt": Utc::now() + Duration::hours(1),
     });
     let (response, code) = server.add_api_key(content).await;
     assert_eq!(code, 201);
@@ -390,7 +396,7 @@ async fn list_authorized_indexes_no_index_restriction() {
     let content = json!({
         "indexes": ["*"],
         "actions": ["indexes.get"],
-        "expiresAt": "2050-11-13T00:00:00Z"
+        "expiresAt": Utc::now() + Duration::hours(1),
     });
     let (response, code) = server.add_api_key(content).await;
     assert_eq!(code, 201);
@@ -410,3 +416,83 @@ async fn list_authorized_indexes_no_index_restriction() {
     // key should have access on `test` index.
     assert!(response.iter().any(|index| index["uid"] == "test"));
 }
+
+#[actix_rt::test]
+async fn list_authorized_tasks_restricted_index() {
+    let mut server = Server::new_auth().await;
+    server.use_api_key("MASTER_KEY");
+
+    // create index `test`
+    let index = server.index("test");
+    let (_, code) = index.create(Some("id")).await;
+    assert_eq!(code, 202);
+    // create index `products`
+    let index = server.index("products");
+    let (_, code) = index.create(Some("product_id")).await;
+    assert_eq!(code, 202);
+    index.wait_task(0).await;
+
+    // create key with access on `products` index only.
+    let content = json!({
+        "indexes": ["products"],
+        "actions": ["tasks.get"],
+        "expiresAt": Utc::now() + Duration::hours(1),
+    });
+    let (response, code) = server.add_api_key(content).await;
+    assert_eq!(code, 201);
+    assert!(response["key"].is_string());
+
+    // use created key.
+    let key = response["key"].as_str().unwrap();
+    server.use_api_key(&key);
+
+    let (response, code) = server.service.get("/tasks").await;
+    assert_eq!(code, 200);
+    println!("{}", response);
+    let response = response["results"].as_array().unwrap();
+    // key should have access on `products` index.
+    assert!(response.iter().any(|task| task["indexUid"] == "products"));
+
+    // key should not have access on `test` index.
+    assert!(!response.iter().any(|task| task["indexUid"] == "test"));
+}
+
+#[actix_rt::test]
+async fn list_authorized_tasks_no_index_restriction() {
+    let mut server = Server::new_auth().await;
+    server.use_api_key("MASTER_KEY");
+
+    // create index `test`
+    let index = server.index("test");
+    let (_, code) = index.create(Some("id")).await;
+    assert_eq!(code, 202);
+    // create index `products`
+    let index = server.index("products");
+    let (_, code) = index.create(Some("product_id")).await;
+    assert_eq!(code, 202);
+    index.wait_task(0).await;
+
+    // create key with access on all indexes.
+    let content = json!({
+        "indexes": ["*"],
+        "actions": ["tasks.get"],
+        "expiresAt": Utc::now() + Duration::hours(1),
+    });
+    let (response, code) = server.add_api_key(content).await;
+    assert_eq!(code, 201);
+    assert!(response["key"].is_string());
+
+    // use created key.
+    let key = response["key"].as_str().unwrap();
+    server.use_api_key(&key);
+
+    let (response, code) = server.service.get("/tasks").await;
+    assert_eq!(code, 200);
+
+    let response = response["results"].as_array().unwrap();
+    // key should have access on `products` index.
+    assert!(response.iter().any(|task| task["indexUid"] == "products"));
+
+    // key should have access on `test` index.
+    assert!(response.iter().any(|task| task["indexUid"] == "test"));
+}