Skip to content

Feature/api keys #139

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 16 commits into from
Aug 8, 2025
Merged

Feature/api keys #139

merged 16 commits into from
Aug 8, 2025

Conversation

@LucienShui
Copy link
Contributor

@LucienShui LucienShui commented Aug 8, 2025

PR Summary: API Key Authentication System

This PR introduces a comprehensive API key authentication system that enables external applications to interact with the Omnibox backend through secure API keys.

🚀 Key Features

API Key Management (CRUD Operations)

  • ✅ Create API keys with user/namespace validation and permission checks
  • ✅ List API keys filtered by user_id and/or namespace_id
  • ✅ Retrieve individual API keys by ID
  • ✅ Update API key attributes (restricted to attrs field only)
  • ✅ Delete API keys with proper cleanup

Security & Authentication

  • ✅ API keys follow sk-xxxxxxxxxx format (40-character hex after prefix)
  • ✅ Unique value generation with collision detection
  • ✅ Permission validation: users must be namespace members and have write access to specified resources
  • ✅ API key authentication decorator for protected endpoints

Open API Endpoints

  • /open/api/v1/resources - Create resources via API key authentication
  • /open/api/v1/resources/upload - Upload files via API key authentication
  • ✅ Content validation (non-empty content required)
  • ✅ Proper error handling for unauthorized access

🏗️ Technical Implementation

Database Schema

  • New api_keys table with fields: id, value, userId, namespaceId, attrs
  • JSONB attrs field for flexible permission storage
  • Unique constraint on value field

Permission System Integration

  • Validates namespace membership via NamespacesService
  • Checks resource write permissions via PermissionsService
  • Supports permission scoping through APIKeyAttrs.root_resource_id

File Upload Improvements

  • Enhanced filename encoding/decoding with UTF-8 support
  • RFC 2047 encoded-word format for non-ASCII filenames
  • Proper handling of corrupted filenames from multer

🧪 Testing Coverage

Unit Tests

  • ✅ API key service with mocked dependencies
  • ✅ Permission validation scenarios
  • ✅ Unique value generation logic
  • ✅ Error handling for unauthorized access

E2E Tests

  • ✅ Complete CRUD operations for API keys
  • ✅ Open API resource creation and file upload
  • ✅ Authentication validation (valid/invalid keys)
  • ✅ Permission boundary testing
  • ✅ Multi-language file upload support (including Uyghur)

📝 Code Quality

  • ✅ Proper DTOs with validation decorators
  • ✅ Consistent error handling with appropriate HTTP status codes
  • ✅ TypeScript interfaces for type safety
  • ✅ Comprehensive test coverage
  • ✅ Clean separation of concerns

🔄 Breaking Changes

  • Updated ResourcesService.create() to accept userId string instead of User object
  • Refactored file upload methods to use userId parameter
  • Modified wizard task services to work with user IDs

This implementation provides a robust foundation for API-based integrations while maintaining security and proper permission boundaries.

@LucienShui LucienShui requested review from hewenguang and ycdzj August 8, 2025 06:09
LucienShui
LucienShui commented Aug 8, 2025
View reviewed changes
@LucienShui LucienShui merged commit 7f7f531 into main Aug 8, 2025
4 checks passed
@LucienShui LucienShui deleted the feature/api_keys branch August 8, 2025 07:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hewenguang hewenguang Awaiting requested review from hewenguang

@ycdzj ycdzj Awaiting requested review from ycdzj

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@LucienShui