feat(auth): API keys

implements: https://github.com/meilisearch/specifications/blob/develop/text/0085-api-keys.md - Add tests on API keys management route (meilisearch-http/tests/auth/api_keys.rs) - Add tests checking authorizations on each meilisearch routes (meilisearch-http/tests/auth/authorization.rs) - Implement API keys management routes (meilisearch-http/src/routes/api_key.rs) - Create module to manage API keys and authorizations (meilisearch-auth) - Reimplement GuardedData to extend authorizations (meilisearch-http/src/extractors/authentication/mod.rs) - Change X-MEILI-API-KEY by Authorization Bearer (meilisearch-http/src/extractors/authentication/mod.rs) - Change meilisearch routes to fit to the new authorization feature (meilisearch-http/src/routes/) - close #1867
2025-07-04 20:37:15 +02:00 · 2021-11-08 18:31:27 +01:00 · 2021-11-08 18:31:27 +01:00 · ffefd0caf2
commit ffefd0caf2
parent fa196986c2
44 changed files with 3155 additions and 361 deletions
--- a/meilisearch-http/src/routes/api_key.rs
+++ b/meilisearch-http/src/routes/api_key.rs
@ -0,0 +1,126 @@
+use std::str;
+
+use actix_web::{web, HttpRequest, HttpResponse};
+use chrono::{DateTime, Utc};
+use log::debug;
+use meilisearch_auth::{generate_key, Action, AuthController, Key};
+use serde::{Deserialize, Serialize};
+use serde_json::Value;
+
+use crate::extractors::authentication::{policies::*, GuardedData};
+use meilisearch_error::ResponseError;
+
+pub fn configure(cfg: &mut web::ServiceConfig) {
+    cfg.service(
+        web::resource("")
+            .route(web::post().to(create_api_key))
+            .route(web::get().to(list_api_keys)),
+    )
+    .service(
+        web::resource("/{api_key}")
+            .route(web::get().to(get_api_key))
+            .route(web::patch().to(patch_api_key))
+            .route(web::delete().to(delete_api_key)),
+    );
+}
+
+pub async fn create_api_key(
+    auth_controller: GuardedData<MasterPolicy, AuthController>,
+    body: web::Json<Value>,
+    _req: HttpRequest,
+) -> Result<HttpResponse, ResponseError> {
+    let key = auth_controller.create_key(body.into_inner()).await?;
+    let res = KeyView::from_key(key, auth_controller.get_master_key());
+
+    debug!("returns: {:?}", res);
+    Ok(HttpResponse::Created().json(res))
+}
+
+pub async fn list_api_keys(
+    auth_controller: GuardedData<MasterPolicy, AuthController>,
+    _req: HttpRequest,
+) -> Result<HttpResponse, ResponseError> {
+    let keys = auth_controller.list_keys().await?;
+    let res: Vec<_> = keys
+        .into_iter()
+        .map(|k| KeyView::from_key(k, auth_controller.get_master_key()))
+        .collect();
+
+    debug!("returns: {:?}", res);
+    Ok(HttpResponse::Ok().json(res))
+}
+
+pub async fn get_api_key(
+    auth_controller: GuardedData<MasterPolicy, AuthController>,
+    path: web::Path<AuthParam>,
+) -> Result<HttpResponse, ResponseError> {
+    // keep 8 first characters that are the ID of the API key.
+    let key = auth_controller.get_key(&path.api_key).await?;
+    let res = KeyView::from_key(key, auth_controller.get_master_key());
+
+    debug!("returns: {:?}", res);
+    Ok(HttpResponse::Ok().json(res))
+}
+
+pub async fn patch_api_key(
+    auth_controller: GuardedData<MasterPolicy, AuthController>,
+    body: web::Json<Value>,
+    path: web::Path<AuthParam>,
+) -> Result<HttpResponse, ResponseError> {
+    let key = auth_controller
+        // keep 8 first characters that are the ID of the API key.
+        .update_key(&path.api_key, body.into_inner())
+        .await?;
+    let res = KeyView::from_key(key, auth_controller.get_master_key());
+
+    debug!("returns: {:?}", res);
+    Ok(HttpResponse::Ok().json(res))
+}
+
+pub async fn delete_api_key(
+    auth_controller: GuardedData<MasterPolicy, AuthController>,
+    path: web::Path<AuthParam>,
+) -> Result<HttpResponse, ResponseError> {
+    // keep 8 first characters that are the ID of the API key.
+    auth_controller.delete_key(&path.api_key).await?;
+
+    Ok(HttpResponse::NoContent().json(()))
+}
+
+#[derive(Deserialize)]
+pub struct AuthParam {
+    api_key: String,
+}
+
+#[derive(Debug, Serialize)]
+#[serde(rename_all = "camelCase")]
+struct KeyView {
+    #[serde(skip_serializing_if = "Option::is_none")]
+    description: Option<String>,
+    key: String,
+    actions: Vec<Action>,
+    indexes: Vec<String>,
+    expires_at: Option<DateTime<Utc>>,
+    created_at: DateTime<Utc>,
+    updated_at: DateTime<Utc>,
+}
+
+impl KeyView {
+    fn from_key(key: Key, master_key: Option<&String>) -> Self {
+        let key_id = str::from_utf8(&key.id).unwrap();
+        let generated_key = match master_key {
+            Some(master_key) => generate_key(master_key.as_bytes(), key_id),
+            None => generate_key(&[], key_id),
+        };
+
+        KeyView {
+            description: key.description,
+            key: generated_key,
+            actions: key.actions,
+            indexes: key.indexes,
+            expires_at: key.expires_at,
+            created_at: key.created_at,
+            updated_at: key.updated_at,
+        }
+    }
+}