28 Commits

Author SHA1 Message Date
Irevoire
e107f1b282
fix the payload too large error 2022-10-27 11:35:06 +02:00
Irevoire
1bef5d119d
fix the api keys for the tasks route 2022-10-27 11:35:06 +02:00
Clément Renault
80b2e70ee7
Introduce a rustfmt file 2022-10-27 11:35:05 +02:00
Loïc Lecrenier
17cd2a4aa0
Implement POST /indexes-swap 2022-10-27 11:34:15 +02:00
Loïc Lecrenier
8bb0fcd144
Finish first draft of the DELETE /tasks route 2022-10-27 11:34:04 +02:00
Many the fish
37dc6537c3
Fix api keys bugs (#2734)
* Add some tests

* Disallow index creation when API key doesn't havec explicitelly the right on the creating index

* Fix lazy index creation with `indexes.*` action
2022-09-06 15:13:09 +02:00
Tamo
6aa3ad6b6c
move prometheus behind a feature flag 2022-08-29 14:36:59 +02:00
Clément Renault
bebd76064a
Add test for the rights of /metrics route 2022-08-24 17:03:43 +02:00
Phillip Davis
be1c6f9dc4
Update tests to include .* permissions for tasks, indexes, dumps, stats, and settings 2022-07-04 21:38:54 -04:00
janithPet
4016161035 Provide all document related permissions for action document.* 2022-06-15 16:11:39 +01:00
ManyTheFish
17f30c2b2d Fix(auth): Authorization test were not testing keys unrestricted on index 2022-06-08 14:52:32 +02:00
Kerollmops
ce37f53a16
Add typo-tolerance to the authorization tests 2022-06-02 12:17:53 +02:00
Kerollmops
bcb51905d7
Fix the authorization tests 2022-06-02 12:16:46 +02:00
ManyTheFish
94b32cce01 Patch errors 2022-06-01 16:17:47 +02:00
ManyTheFish
b2e2dc8558 Re-authorize master_key to access to all routes 2022-06-01 16:17:47 +02:00
ManyTheFish
e2c204cf86 Update tests to fit to the new requirements 2022-06-01 16:07:44 +02:00
Irevoire
627f13df85
feat(http): paginate the index resource
Fix #2373
2022-05-31 18:11:45 +02:00
Kerollmops
3684c822f1
Add indexUid filtering on the /tasks route 2022-05-31 11:33:20 +02:00
Kerollmops
d2f457a076
Rename the uid to taskUid in asynchronous response 2022-05-31 11:33:20 +02:00
ad hoc
0f9c134114
fix tests 2022-05-25 11:13:35 +02:00
Irevoire
05c8d81e65
chore: get rid of chrono in favor of time
Chrono has been unmaintened for a few month now and there is a CVE on it.

make clippy happy

bump milli
2022-02-16 18:14:29 +01:00
ManyTheFish
7ca647f0d0 feat(auth): Implement Tenant token
Make meilisearch support JWT authentication signed with meilisearch API keys
using HS256, HS384 or HS512 algorithms.

Related spec: https://github.com/meilisearch/specifications/pull/89
Fix #1991
2022-01-27 08:25:39 +01:00
ManyTheFish
2b766a2f26 meta(auth): Enhance tests on authorization
Enhance auth tests in order to be able to add new action without changing tests
2022-01-24 15:35:39 +01:00
bors[bot]
5d48f72ade
Merge #2065
2065: MeiliSearch v0.25.0: `stable` -> `main` r=curquiza a=curquiza



Co-authored-by: Clémentine Urquizar <clementine@meilisearch.com>
Co-authored-by: Clément Renault <clement@meilisearch.com>
Co-authored-by: bors[bot] <26634292+bors[bot]@users.noreply.github.com>
Co-authored-by: many <maxime@meilisearch.com>
Co-authored-by: Marin Postma <postma.marin@protonmail.com>
Co-authored-by: Maxime Legendre <maximelegendre@MacBook-Pro-de-Maxime.local>
Co-authored-by: Maxime Legendre <maximelegendre@mbp-de-maxime.home>
Co-authored-by: Tamo <tamo@meilisearch.com>
Co-authored-by: ManyTheFish <many@meilisearch.com>
2022-01-11 16:30:22 +00:00
Tamo
d7df4d6b84
test: Ignore the auths tests on windows
Since the auths tests fail sporadically on the windows CI but we can't
reproduce these failures with a real windows machine we are going to
ignore theses one.
But we still ensure they compile.
2021-12-22 12:39:48 +01:00
Maxime Legendre
a845cd8880 Fix(auth): Forbid index creation on alternates routes
Forbid index creation on alternates routes when the action `index.create` is not given

fix #2024
2021-12-20 14:48:18 +01:00
many
ee7970f603 feat(auth): Extend API keys
- Add API keys in snapshots
- Add API keys in dumps
- Rename action indexes.add to indexes.create
- fix QA #1979

fix #1979
fix #1995
fix #2001
fix #2003
related to #1890
2021-12-14 17:33:39 +01:00
many
ffefd0caf2
feat(auth): API keys
implements:
https://github.com/meilisearch/specifications/blob/develop/text/0085-api-keys.md

- Add tests on API keys management route (meilisearch-http/tests/auth/api_keys.rs)
- Add tests checking authorizations on each meilisearch routes (meilisearch-http/tests/auth/authorization.rs)
- Implement API keys management routes (meilisearch-http/src/routes/api_key.rs)
- Create module to manage API keys and authorizations (meilisearch-auth)
- Reimplement GuardedData to extend authorizations (meilisearch-http/src/extractors/authentication/mod.rs)
- Change X-MEILI-API-KEY by Authorization Bearer (meilisearch-http/src/extractors/authentication/mod.rs)
- Change meilisearch routes to fit to the new authorization feature (meilisearch-http/src/routes/)

- close #1867
2021-12-06 09:52:41 +01:00