Go to file
bors[bot] d7ca68d8e9
Merge #228
228: Authentication rework r=curquiza a=MarinPostma

In an attempt to fix #201, I ended up rewriting completely the authentication system we use. This is because actix doesn't allow to wrap a single route into a middleware, so we initially put each route into it's own service to use the authentication middleware. Routes are now grouped in resources, fixing #201.

As for the authentication, I decided to take a very different approach, and ditch middleware altogether. Instead, I decided to use actix's [extractor](https://actix.rs/docs/extractors/). `Data` is now wrapped in a `GuardedData<P: Policy, T>` (where `T` is `Data`) in each route. The `Policy` trait, thanks to the `authenticate` method tell if a request is authorized to access the resources in the route. Concretely, before the server starts, it is configured with a `AuthConfig` instance that can either be `AuthConfig::NoAuth` when no auth is required at runtime, or `AuthConfig::Auth(Policies)`, where `Policies` maps the `Policy` type to it singleton instance.

In the current implementation, and this to match the legacy meilisearch behaviour, each policy implementation contains a `HashSet` of token (`Vec<u8>` for now), that represents the user it can authenticate. When starting the program, each key (identified as a user) is given a set of `Policy`, representing its roles. The later is facilitated by the `create_users` macro, like so:

```rust
create_users!(
    policies,
    master_key.as_bytes() => { Admin, Private, Public },
    private_key.as_bytes() => { Private, Public },
    public_key.as_bytes() => { Public }
);
```

This is some groundwork for later development on a full fledged authentication system for meilisearch.


fix #201

Co-authored-by: marin postma <postma.marin@protonmail.com>
2021-06-28 08:38:59 +00:00
.github run cargo flaky only 100 times 2021-06-21 17:36:54 +02:00
meilisearch-error serve static site 2021-04-22 10:26:54 +02:00
meilisearch-http change route to service<resource> 2021-06-24 19:02:28 +02:00
.dockerignore add docker recipe 2021-03-01 14:41:57 +01:00
.gitignore put mini-dashboard in out-dir 2021-04-27 09:32:17 +02:00
bors.toml Update CI 2021-04-27 12:43:00 +02:00
Cargo.lock bump milli to 0.6.0 2021-06-23 18:40:19 +02:00
Cargo.toml create workspace with meilisearch-error 2021-03-01 14:41:55 +01:00
Dockerfile Fix docker build 2021-06-24 16:45:51 +02:00
LICENSE add license 2021-02-28 10:08:36 +01:00
README.md Update README.md 2021-04-27 16:33:22 +02:00

Transplant

Transplant makes communication between the users and Milli using HTTP. The final purpose of Transplant is to be merged into the current MeiliSearch repository so that users will enjoy the new search engine performance provided by Milli.

Run the alpha releases

Currently only alpha versions are available.

You can:

  • Run it with Docker, for instance:
docker run -p 7700:7700 getmeili/meilisearch:v0.21.0-alpha.4 ./meilisearch
cargo run --release

Run the tests

cargo test

If you encounter any Too many open files error when running the tests, please upgrade the maximum number of open file descriptors with this command:

ulimit -Sn 3000