Skip to content

Commit 0a0adfd

Browse files
Kira-PilotKira-Pilot
committed
added migration for api key resource
1 parent fa5b612 commit 0a0adfd

File tree

17 files changed

+108
-19
lines changed

17 files changed

+108
-19
lines changed

coderd/apidoc/docs.go

Lines changed: 6 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/apidoc/swagger.json

Lines changed: 4 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/apikey.go

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -70,7 +70,7 @@ func (api *API) postToken(rw http.ResponseWriter, r *http.Request) {
7070
return
7171
}
7272

73-
cookie, err := api.createAPIKey(ctx, createAPIKeyParams{
73+
cookie, _, err := api.createAPIKey(ctx, createAPIKeyParams{
7474
UserID: user.ID,
7575
LoginType: database.LoginTypeToken,
7676
ExpiresAt: database.Now().Add(lifeTime),
@@ -108,7 +108,7 @@ func (api *API) postAPIKey(rw http.ResponseWriter, r *http.Request) {
108108
}
109109

110110
lifeTime := time.Hour * 24 * 7
111-
cookie, err := api.createAPIKey(ctx, createAPIKeyParams{
111+
cookie, _, err := api.createAPIKey(ctx, createAPIKeyParams{
112112
UserID: user.ID,
113113
LoginType: database.LoginTypePassword,
114114
RemoteAddr: r.RemoteAddr,
@@ -281,10 +281,10 @@ func (api *API) validateAPIKeyLifetime(lifetime time.Duration) error {
281281
return nil
282282
}
283283

284-
func (api *API) createAPIKey(ctx context.Context, params createAPIKeyParams) (*http.Cookie, error) {
284+
func (api *API) createAPIKey(ctx context.Context, params createAPIKeyParams) (*http.Cookie, *database.APIKey, error) {
285285
keyID, keySecret, err := GenerateAPIKeyIDSecret()
286286
if err != nil {
287-
return nil, xerrors.Errorf("generate API key: %w", err)
287+
return nil, nil, xerrors.Errorf("generate API key: %w", err)
288288
}
289289
hashed := sha256.Sum256([]byte(keySecret))
290290

@@ -310,7 +310,7 @@ func (api *API) createAPIKey(ctx context.Context, params createAPIKeyParams) (*h
310310
switch scope {
311311
case database.APIKeyScopeAll, database.APIKeyScopeApplicationConnect:
312312
default:
313-
return nil, xerrors.Errorf("invalid API key scope: %q", scope)
313+
return nil, nil, xerrors.Errorf("invalid API key scope: %q", scope)
314314
}
315315

316316
key, err := api.Database.InsertAPIKey(ctx, database.InsertAPIKeyParams{
@@ -333,7 +333,7 @@ func (api *API) createAPIKey(ctx context.Context, params createAPIKeyParams) (*h
333333
Scope: scope,
334334
})
335335
if err != nil {
336-
return nil, xerrors.Errorf("insert API key: %w", err)
336+
return nil, nil, xerrors.Errorf("insert API key: %w", err)
337337
}
338338

339339
api.Telemetry.Report(&telemetry.Snapshot{
@@ -349,5 +349,5 @@ func (api *API) createAPIKey(ctx context.Context, params createAPIKeyParams) (*h
349349
HttpOnly: true,
350350
SameSite: http.SameSiteLaxMode,
351351
Secure: api.SecureAuthCookie,
352-
}, nil
352+
}, &key, nil
353353
}

coderd/audit.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -264,6 +264,12 @@ func auditLogDescription(alog database.GetAuditLogsOffsetRow, additionalFields A
264264
codersdk.AuditAction(alog.Action).Friendly(),
265265
)
266266

267+
// API Key resources do not have targets and follow the below format:
268+
// "User {logged in | logged out}"
269+
if alog.ResourceType == database.ResourceTypeApiKey {
270+
return str
271+
}
272+
267273
// Strings for starting/stopping workspace builds follow the below format:
268274
// "{user | 'Coder automatically'} started build #{build_number} for workspace {target}"
269275
// where target is a workspace (name) instead of a workspace build
@@ -484,6 +490,10 @@ func actionFromString(actionString string) string {
484490
return actionString
485491
case codersdk.AuditActionStop:
486492
return actionString
493+
case codersdk.AuditActionLogin:
494+
return actionString
495+
case codersdk.AuditActionLogout:
496+
return actionString
487497
default:
488498
}
489499
return ""

coderd/audit/request.go

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,9 @@ func ResourceTarget[T Auditable](tgt T) string {
6464
return typed.PublicKey
6565
case database.AuditableGroup:
6666
return typed.Group.Name
67+
case database.APIKey:
68+
// this isn't used
69+
return ""
6770
default:
6871
panic(fmt.Sprintf("unknown resource %T", tgt))
6972
}
@@ -85,6 +88,9 @@ func ResourceID[T Auditable](tgt T) uuid.UUID {
8588
return typed.UserID
8689
case database.AuditableGroup:
8790
return typed.Group.ID
91+
case database.APIKey:
92+
// this doesn't seem right
93+
return typed.UserID
8894
default:
8995
panic(fmt.Sprintf("unknown resource %T", tgt))
9096
}
@@ -106,6 +112,8 @@ func ResourceType[T Auditable](tgt T) database.ResourceType {
106112
return database.ResourceTypeGitSshKey
107113
case database.AuditableGroup:
108114
return database.ResourceTypeGroup
115+
case database.APIKey:
116+
return database.ResourceTypeApiKey
109117
default:
110118
panic(fmt.Sprintf("unknown resource %T", tgt))
111119
}

coderd/database/dump.sql

Lines changed: 3 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/migrations/000094_add_resource_type_api_key.down.sql

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
-- It's not possible to drop enum values from enum types, so the UP has "IF NOT
2+
-- EXISTS".

coderd/database/migrations/000094_add_resource_type_api_key.up.sql

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
ALTER TYPE audit_action
2+
ADD VALUE IF NOT EXISTS 'login';
3+
4+
ALTER TYPE audit_action
5+
ADD VALUE IF NOT EXISTS 'logout';
6+
7+
ALTER TYPE resource_type
8+
ADD VALUE IF NOT EXISTS 'api_key';
9+

coderd/database/models.go

Lines changed: 7 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/userauth.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -602,7 +602,7 @@ func (api *API) oauthLogin(r *http.Request, params oauthLoginParams) (*http.Cook
602602
return nil, xerrors.Errorf("in tx: %w", err)
603603
}
604604

605-
cookie, err := api.createAPIKey(ctx, createAPIKeyParams{
605+
cookie, _, err := api.createAPIKey(ctx, createAPIKeyParams{
606606
UserID: user.ID,
607607
LoginType: params.LoginType,
608608
RemoteAddr: r.RemoteAddr,

0 commit comments

Comments
 (0)