Merge pull request #156 from sil-org/develop

Release 3.1.0 - Return key ID from CreateKey request

Author: briskt

.github/workflows/test-deploy-publish.yml

@@ -100,7 +100,7 @@ jobs:
   build-and-publish:
     name: Build and Publish
     needs: [ 'tests', 'lint' ]
-    if: github.ref_name == 'main' || github.ref_name == 'develop'
+    if: github.ref_name == 'main' || github.ref_name == 'develop' || startsWith(github.ref, 'refs/tags/')
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code

apikey.go

@@ -438,7 +438,12 @@ func (a *App) CreateApiKey(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	jsonResponse(w, nil, http.StatusNoContent)
+	response := map[string]string{
+		"email":       key.Email,
+		"apiKeyValue": key.Key,
+		"createdAt":   time.Unix(int64(key.CreatedAt)/1000, 0).UTC().Format(time.RFC3339),
+	}
+	jsonResponse(w, response, http.StatusOK)
 }
 
 // RotateApiKey facilitates the rotation of API Keys. All data in webauthn and totp tables that is encrypted by the old

apikey_test.go

@@ -308,7 +308,7 @@ func (ms *MfaSuite) TestCreateApiKey() {
 			body: map[string]interface{}{
 				"email": exampleEmail,
 			},
-			wantStatus: http.StatusNoContent,
+			wantStatus: http.StatusOK,
 		},
 		{
 			name:       "missing email",
@@ -332,6 +332,16 @@ func (ms *MfaSuite) TestCreateApiKey() {
 			}
 
 			ms.Equal(tt.wantStatus, res.Status, fmt.Sprintf("CreateApiKey response: %s", res.Body))
+
+			var response struct {
+				Email       string    `json:"email"`
+				APIKeyValue string    `json:"apiKeyValue"`
+				CreatedAt   time.Time `json:"createdAt"`
+			}
+			ms.NoError(json.Unmarshal(res.Body, &response))
+			ms.Equal(exampleEmail, response.Email)
+			ms.Regexp("^[0-9a-z]{40}$", response.APIKeyValue)
+			ms.WithinDuration(time.Now().UTC(), response.CreatedAt, time.Minute)
 		})
 	}
 }

auth.go

@@ -53,7 +53,7 @@ func AuthenticateRequest(r *http.Request) (User, error) {
 		return authTOTP(apiKey)
 
 	case "api-key":
-		return nil, nil // no authentication required for api-key
+		return apiKey, nil
 
 	default:
 		return nil, fmt.Errorf("invalid URL: %s", r.URL)

openapi.yaml

@@ -364,8 +364,27 @@ paths:
                   required: true
                   example: [email protected]
       responses:
-        204:
+        200:
           description: New API key created
+          content:
+            application/json:
+              schema:
+                properties:
+                  email:
+                    type: string
+                    description: Email address of the requester
+                    required: true
+                    example: "[email protected]"
+                  apiKeyValue:
+                    type: string
+                    description: Unique ID for the new API Key
+                    required: true
+                    example: "0123456789abcdef0123456789abcdef01234567"
+                  createdAt:
+                    type: string
+                    description: Time the key was created
+                    required: true
+                    example: "2006-01-02T15:04:05Z"
         400:
           description: Bad Request
           content:
@@ -379,6 +398,8 @@ paths:
                 email-required:
                   value:
                     error: "email is required"
+        "401":
+          $ref: "#/components/responses/UnauthorizedError"
   /api-key/activate:
     post:
       operationId: activateApiKey
@@ -430,6 +451,8 @@ paths:
                 email-required:
                   value:
                     error: "email is required"
+        "401":
+          $ref: "#/components/responses/UnauthorizedError"
         404:
           description: Not Found
           content:
@@ -514,6 +537,8 @@ paths:
                 api-key-required:
                   value:
                     error: "apiKeyValue is required"
+        "401":
+          $ref: "#/components/responses/UnauthorizedError"
         404:
           description: Not Found
           content:

router/middleware.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"log"
 	"net/http"
-	"strings"
 
 	mfa "github.com/sil-org/serverless-mfa-api-go"
 )
@@ -14,11 +13,6 @@ import (
 // user from storage and attach to context.
 func authenticationMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if strings.HasPrefix(r.URL.Path, "/api-key") {
-			next.ServeHTTP(w, r)
-			return
-		}
-
 		user, err := mfa.AuthenticateRequest(r)
 		if err != nil {
 			log.Printf("unable to authenticate request: %s", err)