feat: api management

[makeavish]

Summary

Updates PAT crud APIs.
Endpoint updated to /pats
Add new columns to PAT table
Update delete API to revoke
Introduce role for API
Add telemetry event in heart beat for PAT usage

PRD: https://www.notion.so/signoz/PRD-Ability-to-manage-API-keys-in-the-UI-4b0f64d6f5c4434c8abf082d15c702a5#8bb1f72327d24aa89315ef4017e37577
Design: https://www.figma.com/file/EgkXVTQCosEQBfNB27YNKo/Signoz-Interface?type=design&mode=design

Summary by CodeRabbit

Summary by CodeRabbit

• New Features

  • Enhanced PAT management by introducing new update and revoke functionalities for Personal Access Tokens (PATs).
  • Expanded PAT records with additional fields like role, last used timestamp, updated by user, and revoked status.

• Improvements

  • Strengthened user authentication security by implementing a function to retrieve user details from a request token.
  • Enriched the PAT management interface with more comprehensive information on each PAT, including creator and updater details.

• Refactor

  • Improved endpoint and function naming for PAT operations to enhance clarity and consistency.
  • Restructured authentication-related imports and middleware functions for better organization.

• Database Changes

  • Updated the database schema for the personal_access_tokens table to accommodate new columns for improved PAT management.

[github-actions]

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id>

[coderabbitai]

Walkthrough

The recent update refines the management of Personal Access Tokens (PATs) in the query-service, enhancing capabilities for updating and revoking PATs, improving authentication processes, and refining data handling. Changes include renaming endpoints for consistency, adding new fields and validation functions for PATs, reorganizing authentication-related imports, and extending the database schema to support these new functionalities.

Changes

Files	Change Summaries
ee/query-service/app/api/pat.go, ee/query-service/dao/sqlite/pat.go	Added baseconstants import, updated PAT creation with new fields, introduced validatePATRequest, updatePAT, renamed deletePAT to revokePAT
ee/query-service/dao/interface.go, ee/query-service/model/pat.go	Updated ModelDao interface with new methods for PAT management, enhanced PAT struct with additional fields
ee/query-service/app/api/api.go	Renamed pat endpoints to pats, added routes for updating and revoking PATs
ee/query-service/app/server.go, ee/query-service/auth/auth.go	Reorganized auth imports to baseauth, introduced GetUserFromRequest for token-based authentication
ee/query-service/dao/sqlite/pat.go	Enhanced CreatePAT, added UpdatePAT and UpdatePATLastUsed functions, updated ListPATs, GetPAT, and GetPATByID functions
ee/query-service/dao/sqlite/modelDao.go	Added columnExists function, modified personal_access_tokens table with new columns, adjusted InitDB
pkg/query-service/telemetry/telemetry.go	Updated Telemetry with patTokenUser, adjusted createTelemetry to accommodate this change

"In the realm of code, where the data streams flow,
A rabbit hopped in, with updates in tow.
🐰 'PATs now refined, with care and with might,
Renaming and updating, making everything right.
Through fields and forms, our tokens now dance,
Secure and swift, in every glance.
Celebrate, dear friends, for progress we've sowed,
Onward we hop, on this endless code road.'" 🌟

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

---

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit-tests for this file.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit tests for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository from git and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit tests.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• The JSON schema for the configuration file is available here.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CodeRabbit Discord Community

Join our Discord Community to get help, request features, and share feedback.

[github-actions]

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id>

[github-actions]

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id>

[github-actions]

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id>

[github-actions]

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id>

[coderabbitai]

Review Status

Actionable comments generated: 11

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 4e75479 and 793d27e.

Files selected for processing (9)

• ee/query-service/app/api/api.go (1 hunks)
• ee/query-service/app/api/pat.go (5 hunks)
• ee/query-service/app/server.go (6 hunks)
• ee/query-service/auth/auth.go (1 hunks)
• ee/query-service/dao/interface.go (1 hunks)
• ee/query-service/dao/sqlite/modelDao.go (4 hunks)
• ee/query-service/dao/sqlite/pat.go (4 hunks)
• ee/query-service/model/pat.go (1 hunks)
• pkg/query-service/telemetry/telemetry.go (3 hunks)

Additional comments: 7

ee/query-service/app/api/api.go (1)

• 155-158: The route registration for PAT management uses plural forms (/api/v1/pats) which aligns with the PR objectives. However, ensure that all client-side references to these endpoints are also updated to reflect the new endpoint URLs.

pkg/query-service/telemetry/telemetry.go (3)

• 155-155: The addition of patTokenUser to the Telemetry struct aligns with the PR's objective to enhance telemetry with PAT token user information.
• 247-249: Resetting patTokenUser to false after sending telemetry data ensures that the flag is only true for the current telemetry event where a PAT token user is involved. This is a good practice for state management within the telemetry system.
• 352-354: The SetPatTokenUser method is straightforward and correctly sets the patTokenUser field to true. This method provides a clear way to mark telemetry events as being triggered by a PAT token user.

ee/query-service/app/server.go (3)

• 23-27: Changing the import alias from auth to baseauth for the query-service/auth package clarifies that it's the base authentication functionality being used, distinguishing it from potentially extended authentication logic in the enterprise edition. This change improves code readability and maintainability.
• 429-429: Using baseauth.GetEmailFromJwt to extract the user email from the JWT in the request context is a direct application of the updated import alias. This usage is correct and aligns with the PR's objectives related to enhancing authentication handling.
• 450-456: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [453-472]

The inclusion of baseauth.AttachJwtToContext in the analyticsMiddleware function ensures that the JWT token, if present, is attached to the request context for downstream use. This is a good practice for middleware that requires access to authenticated user information. However, ensure that the AttachJwtToContext method properly handles cases where a JWT token is not present or is invalid.

[github-actions]

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id>

[github-actions]

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id>

[github-actions]

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id>

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 793d27e and 522ec3f.

Files selected for processing (4)

• ee/query-service/app/api/pat.go (5 hunks)
• ee/query-service/dao/interface.go (1 hunks)
• ee/query-service/dao/sqlite/pat.go (5 hunks)
• ee/query-service/model/pat.go (1 hunks)

Files skipped from review as they are similar to previous changes (2)

• ee/query-service/dao/interface.go
• ee/query-service/dao/sqlite/pat.go

Additional comments: 7

ee/query-service/model/pat.go (2)

• 3-10: The User struct introduces fields for user details. Ensure that the NotFound field is appropriately used in the application logic to handle cases where a user is not found, rather than throwing an error or exception.
• 13-25: The PAT struct now includes fields for managing and tracking PATs more effectively. Verify that the UpdatedAt, LastUsed, and Revoked fields are updated correctly in all relevant operations within the application to ensure accurate tracking and management of PATs.

ee/query-service/app/api/pat.go (5)

• 45-48: As previously mentioned, consider moving the validatePATRequest call after authorization checks to avoid unnecessary processing for unauthorized requests.
• 51-60: In the createPAT function, ensure that the ExpiresAt field calculation from days to Unix timestamp is correct and accounts for leap years and time zones if necessary.
• 73-83: The validatePATRequest function checks for valid roles, expiresAt, and name. Ensure that all possible roles (ViewerGroup, EditorGroup, AdminGroup) are correctly defined and used throughout the application to prevent unauthorized access or incorrect role assignments.
• 86-121: In the updatePAT function, verify that the UpdatedByUserID is correctly set and used in all relevant database operations to track who last updated the PAT. Also, ensure that the UpdatedAt field is correctly updated to reflect the current time at the point of update.
• 158-171: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [142-170]

In the revokePAT function, renamed from deletePAT, ensure that the revocation logic correctly updates the Revoked field in the database and that this change is reflected in all queries that should exclude revoked PATs.

[srikanthccv]

Few comments, LGTM otherwise.

[github-actions]

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id>

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 522ec3f and db07714.

Files selected for processing (2)

• ee/query-service/app/api/pat.go (5 hunks)
• ee/query-service/model/pat.go (1 hunks)

Files skipped from review as they are similar to previous changes (1)

• ee/query-service/model/pat.go

Additional comments: 8

ee/query-service/app/api/pat.go (8)

• 15-15: The addition of baseconstants import is appropriate for the use of constants in role validation within the validatePATRequest function. This change aligns with the PR objectives of enhancing validation and introducing role-based access control.
• 32-32: Changing the type from model.PAT to model.CreatePATRequestBody in the createPAT function is a good practice. It likely reflects a more accurate representation of the data being handled at this stage of the PAT creation process, enhancing code readability and maintainability.
• 45-49: The initialization of the pat variable with fields from req is correctly done. However, it's important to ensure that ExpiresInDays from the request is correctly converted to a Unix timestamp later in the code to maintain the correct data type and value for ExpiresAt.
• 50-54: The call to validatePATRequest before proceeding with PAT creation is a good practice for ensuring input validation. This aligns with the PR objectives of enhancing validation and security. It's crucial that this validation logic is comprehensive and correctly implemented.
• 63-66: The logic for converting ExpiresAt from days to a Unix timestamp is correct and necessary for the functionality described in the PR. This ensures that the expiration time is stored in a consistent and usable format in the database.
• 78-88: The validatePATRequest function correctly checks for the presence and validity of required fields (Role, ExpiresAt, Name). However, ensure that the role validation logic (req.Role != baseconstants.ViewerGroup && req.Role != baseconstants.EditorGroup && req.Role != baseconstants.AdminGroup) is comprehensive and aligns with the application's role definitions and requirements.
• 91-125: The updatePAT function correctly decodes the request, validates the input, and updates the PAT information. It's important to ensure that the UpdatePAT method in the data access layer correctly handles the update logic, especially concerning fields that can be updated and how the UpdatedAt timestamp is managed.
• 163-176: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [147-175]

Renaming deletePAT to revokePAT and updating the corresponding logic to revoke a PAT instead of deleting it is in line with the PR objectives. This change allows for a more nuanced management of PATs, where tokens can be disabled without being removed from the database. Ensure that the RevokePAT method in the data access layer correctly implements the revocation logic, particularly in setting the revoked status without actually deleting the record.