Skip to content

API keys support on the backend#379

Open
titanventura wants to merge 3 commits into
sbondCo:devfrom
titanventura:360-api-keys-support
Open

API keys support on the backend#379
titanventura wants to merge 3 commits into
sbondCo:devfrom
titanventura:360-api-keys-support

Conversation

@titanventura

@titanventura titanventura commented Feb 28, 2024

Copy link
Copy Markdown

Fixes #360 partially

Changes made

  • Added a table for API Keys
  • added routes for users to be able to manage their API keys
  • added a middleware to authenticate routes using API keys
  • use the middleware for GET method of /api/watched endpoint

…ect /api/watched endpoint using the APIKeyMiddleware

@IRHM IRHM left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @titanventura, thanks for making a PR (and sorry for taking so long getting to it)!

I had a quick look and noticed some changes we could make, let me know if you have any thoughts on the feedback.

I noticed the APIKeyMiddlewareWrapper, did adding the header check to the AuthRequired middleware not work out? I think that way would be preferable, just need to move the x-api-key header check into AuthRequired and if we find it, we can process it as an API key instead (in APIKeyMiddlewareWrapper, if you'd like, but probably renamed).

I know this is a draft, so you may have been getting to this, but the route handlers seem to have all the logic in them. We could separate most of it out to 'service' functions.

Thanks again for taking the time!

Comment thread server/apikeys.go Outdated
Comment thread server/apikeys.go Outdated
Comment thread server/apikeys.go Outdated
Comment thread server/apikeys.go Outdated
Comment thread server/apikeys.go
ID uint `gorm:"primarykey" json:"id"`
CreatedAt time.Time `json:"createdAt"`
Value string `gorm:"not null" json:"value"`
UserID uint `gorm:"not null" json:"-"`

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We may want to make this a foreign key that maps to a User to ensure data integrity.

Comment thread server/apikeys.go
"gorm.io/gorm"
)

type ApiKey struct {

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

An UpdatedAt field might be worth adding in here too.

@titanventura

Copy link
Copy Markdown
Author

@IRHM , please go through the updated PR. Thanks !

@titanventura
titanventura requested a review from IRHM March 2, 2024 20:06
@IRHM IRHM added the enhancement New feature or request label Mar 6, 2024
IRHM
IRHM previously approved these changes Mar 6, 2024
@IRHM

IRHM commented Mar 6, 2024

Copy link
Copy Markdown
Member

Hi @titanventura, I'm happy to get this merged. Thanks for the good work!

There are a few minor things, but It's probably best I do them after deciding how the UI will work so it isn't wasted effort incase it needs changing.

Thanks!

@titanventura
titanventura marked this pull request as ready for review June 5, 2024 16:08
@shummo

shummo commented May 20, 2025

Copy link
Copy Markdown

Hi. How about this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

enhancement New feature or request

Projects

None yet

Development

Successfully merging this pull request may close these issues.

API Keys for users - giving other apps access to users data securely

3 participants