Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

936 require api key #1560

Merged
merged 20 commits into from
Dec 21, 2022
Merged

936 require api key #1560

merged 20 commits into from
Dec 21, 2022

Conversation

ijabbott
Copy link
Contributor

@ijabbott ijabbott commented Dec 15, 2022
edited
Loading

Ticket Link #936

Description

When REQUIRE_API_KEY is true, require api_key to be passed in as a header for discovery-api requests if the request does not already contain valid user login information. This should result in api_key being required on requests not coming from discovery-ui.

Reminders:

  • Be mindful of impacts of changing Major/Minor/Patch versions of each elixir app
    • If updating patch version, are you sure there are no chart changes required to maintain functionality? If so, you should bump minor version instead.
    • If updating Major or Minor versions , did you update the sauron chart configuration?
  • If changing elixir code in an "app", did you update the relevant version
    in mix.exs?
  • If altering an API endpoint, was the relevant postman collection updated?
    • If a new version of smart_city is being used (new fields on a struct), were the relevant postman collections updated?

ijabbott
ijabbott commented Dec 16, 2022
View reviewed changes
apps/discovery_api/lib/discovery_api_web/plugs/set_current_user.ex Outdated

defp assign_current_user(conn, current_user, api_key) when is_nil(current_user) and is_nil(api_key) do
render_401_missing_api_key(conn)
# assign(conn, :current_user, current_user)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

testing a few things around this 401 missing case, will remove comment after that's done

bmitchinson
bmitchinson approved these changes Dec 16, 2022
View reviewed changes
Copy link
Member

@bmitchinson bmitchinson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! Thanks for utilizing the raptor service + raptor to keep api as thin as possible.

@ian-j-abbott-accenture ian-j-abbott-accenture merged commit d63e79d into master Dec 21, 2022
@ian-j-abbott-accenture ian-j-abbott-accenture deleted the 936-require-api-key branch December 21, 2022 17:08
ian-j-abbott-accenture
ian-j-abbott-accenture reviewed Dec 21, 2022
View reviewed changes
apps/discovery_api/lib/discovery_api_web/plugs/set_current_user.ex
end

defp assign_current_user(conn, current_user, api_key) when is_nil(current_user) and not is_nil(api_key) do
case RaptorService.get_user_id_from_api_key(raptor_url(), api_key) do
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nicholas-goodwin This line here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ian-j-abbott-accenture ian-j-abbott-accenture ian-j-abbott-accenture left review comments

@bmitchinson bmitchinson bmitchinson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ijabbott @bmitchinson @ian-j-abbott-accenture