mirror of
https://github.com/meilisearch/MeiliSearch
synced 2024-11-22 21:04:27 +01:00
d7ca68d8e9
228: Authentication rework r=curquiza a=MarinPostma In an attempt to fix #201, I ended up rewriting completely the authentication system we use. This is because actix doesn't allow to wrap a single route into a middleware, so we initially put each route into it's own service to use the authentication middleware. Routes are now grouped in resources, fixing #201. As for the authentication, I decided to take a very different approach, and ditch middleware altogether. Instead, I decided to use actix's [extractor](https://actix.rs/docs/extractors/). `Data` is now wrapped in a `GuardedData<P: Policy, T>` (where `T` is `Data`) in each route. The `Policy` trait, thanks to the `authenticate` method tell if a request is authorized to access the resources in the route. Concretely, before the server starts, it is configured with a `AuthConfig` instance that can either be `AuthConfig::NoAuth` when no auth is required at runtime, or `AuthConfig::Auth(Policies)`, where `Policies` maps the `Policy` type to it singleton instance. In the current implementation, and this to match the legacy meilisearch behaviour, each policy implementation contains a `HashSet` of token (`Vec<u8>` for now), that represents the user it can authenticate. When starting the program, each key (identified as a user) is given a set of `Policy`, representing its roles. The later is facilitated by the `create_users` macro, like so: ```rust create_users!( policies, master_key.as_bytes() => { Admin, Private, Public }, private_key.as_bytes() => { Private, Public }, public_key.as_bytes() => { Public } ); ``` This is some groundwork for later development on a full fledged authentication system for meilisearch. fix #201 Co-authored-by: marin postma <postma.marin@protonmail.com> |
||
---|---|---|
.github | ||
meilisearch-error | ||
meilisearch-http | ||
.dockerignore | ||
.gitignore | ||
bors.toml | ||
Cargo.lock | ||
Cargo.toml | ||
Dockerfile | ||
LICENSE | ||
README.md |
Transplant
Transplant makes communication between the users and Milli using HTTP. The final purpose of Transplant is to be merged into the current MeiliSearch repository so that users will enjoy the new search engine performance provided by Milli.
Run the alpha releases
Currently only alpha versions are available.
You can:
- Run it with Docker, for instance:
docker run -p 7700:7700 getmeili/meilisearch:v0.21.0-alpha.4 ./meilisearch
-
With the available release assets.
-
Compile from the source code:
cargo run --release
Run the tests
cargo test
If you encounter any Too many open files
error when running the tests, please upgrade the maximum number of open file descriptors with this command:
ulimit -Sn 3000