searchengines-web/MeiliSearch
searchengines-web/MeiliSearch
1
0
Fork 0
mirror of https://github.com/meilisearch/MeiliSearch synced 2025-02-22 02:08:28 +01:00
Code Issues Releases Wiki Activity
628 Commits 193 Branches 418 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
bors[bot] d7ca68d8e9
Merge #228 
228: Authentication rework r=curquiza a=MarinPostma

In an attempt to fix #201, I ended up rewriting completely the authentication system we use. This is because actix doesn't allow to wrap a single route into a middleware, so we initially put each route into it's own service to use the authentication middleware. Routes are now grouped in resources, fixing #201.

As for the authentication, I decided to take a very different approach, and ditch middleware altogether. Instead, I decided to use actix's [extractor](https://actix.rs/docs/extractors/). `Data` is now wrapped in a `GuardedData<P: Policy, T>` (where `T` is `Data`) in each route. The `Policy` trait, thanks to the `authenticate` method tell if a request is authorized to access the resources in the route. Concretely, before the server starts, it is configured with a `AuthConfig` instance that can either be `AuthConfig::NoAuth` when no auth is required at runtime, or `AuthConfig::Auth(Policies)`, where `Policies` maps the `Policy` type to it singleton instance.

In the current implementation, and this to match the legacy meilisearch behaviour, each policy implementation contains a `HashSet` of token (`Vec<u8>` for now), that represents the user it can authenticate. When starting the program, each key (identified as a user) is given a set of `Policy`, representing its roles. The later is facilitated by the `create_users` macro, like so:

```rust
create_users!(
    policies,
    master_key.as_bytes() => { Admin, Private, Public },
    private_key.as_bytes() => { Private, Public },
    public_key.as_bytes() => { Public }
);
```

This is some groundwork for later development on a full fledged authentication system for meilisearch.


fix #201

Co-authored-by: marin postma <postma.marin@protonmail.com>
2021-06-28 08:38:59 +00:00
.github
run cargo flaky only 100 times
2021-06-21 17:36:54 +02:00
meilisearch-error
serve static site
2021-04-22 10:26:54 +02:00
meilisearch-http
change route to service<resource>
2021-06-24 19:02:28 +02:00
.dockerignore
add docker recipe
2021-03-01 14:41:57 +01:00
.gitignore
put mini-dashboard in out-dir
2021-04-27 09:32:17 +02:00
bors.toml
Update CI
2021-04-27 12:43:00 +02:00
Cargo.lock
bump milli to 0.6.0
2021-06-23 18:40:19 +02:00
Cargo.toml
create workspace with meilisearch-error
2021-03-01 14:41:55 +01:00
Dockerfile
Fix docker build
2021-06-24 16:45:51 +02:00
LICENSE
add license
2021-02-28 10:08:36 +01:00
README.md
Update README.md
2021-04-27 16:33:22 +02:00

README.md

Transplant

Transplant makes communication between the users and Milli using HTTP. The final purpose of Transplant is to be merged into the current MeiliSearch repository so that users will enjoy the new search engine performance provided by Milli.

Run the alpha releases

Currently only alpha versions are available.

You can:

  • Run it with Docker, for instance:
docker run -p 7700:7700 getmeili/meilisearch:v0.21.0-alpha.4 ./meilisearch

cargo run --release

Run the tests

cargo test

If you encounter any Too many open files error when running the tests, please upgrade the maximum number of open file descriptors with this command:

ulimit -Sn 3000
Description
No description provided
Readme 194 MiB
Languages
Rust 97.4%
HTML 1.3%
Shell 1.2%