feat(backend): add API key authentication #193

sabineschaller · 2021-12-01T16:46:46Z

Changes proposed in this pull request

adds admin API key to environment
adds table to store bcrypted API keys to postgres db
adds method to create API keys for user accounts
adds functionality to exchange API key for session token
stores session keys in reddis db
implements graphql directives that check that valid admin API key or valid session key is provided

! not yet included: adding directives to graphql schema

Context

closes Implement API key authentication #149

Checklist

Related issues linked using fixes #number
Tests added/updated
Documentation added
Make sure that all checks pass

Co-authored-by: Brandon Wilson <brandon@coil.com>

packages/backend/src/session/service.test.ts

packages/backend/src/session/service.ts

Co-authored-by: Brandon Wilson <brandon@coil.com>

packages/backend/src/graphql/directives/isAdmin.test.ts

wilsonianb

👍

* feat(backend,wip): api key * feat(backend,wip): session key * feat(backend): session key functionality * feat(backend): session getter * feat(backend): session key handle edge cases * test(backend): session key testing * test(backend): session key management * feat(backend): api key migrations file * fix(backend): add missing bcrypt types * refactor(backend): session key interface * fix(backend): type issues * test(backend, wip): api key tests * fix(backend): handle edge cases * test(backend): redeem session key * feat(backend): delete api keys * refactor(backend): error handling * fix(backend): typo apikeys -> apiKeys * refactor(backend): sessionKey -> key * refactor(backend): input * feat(backend): api key resolvers * refactor(backend): renew -> refresh * refactor(backend): error handling * refactor(backend): session input * feat(backend): session resolvers * refactor(backend): sessionKey -> session * fix(backend): add apiKey and session service to app * feat(backend, wip): auth directive * feat(backend): auth directive * refactor(backend): auth directive * feat(backend): isAdmin directive * fix(backend): add isAdmin directive to schema * refactor(backend): directives * refactor(backend): isAdmin functionality * test(backend,wip): isAdmin directive * test(backend): fix isAdmin directive tests * test(backend): add auth directive tests * refactor(backend): fix meaning of redeem * test(backend): improve meaningfulness Co-authored-by: Brandon Wilson <brandon@coil.com> * fix(backend): iterate over all keys, improve readability Co-authored-by: Brandon Wilson <brandon@coil.com> * refactor(backend): remove trx from deleteApiKeys Co-authored-by: Brandon Wilson <brandon@coil.com> * refactor(backend): rename migrations file * refactor(backend): remove trx from createApiKey * fix(backend): remove trx * feat(backend): keep session key on refresh * refactor(backend): fix meaning of redeem * test(backend): improve meaningfulness Co-authored-by: Brandon Wilson <brandon@coil.com> * fix(backend): iterate over all keys, improve readability Co-authored-by: Brandon Wilson <brandon@coil.com> * refactor(backend): remove trx from deleteApiKeys Co-authored-by: Brandon Wilson <brandon@coil.com> * refactor(backend): rename migrations file * refactor(backend): remove trx from createApiKey * fix(backend): remove trx * feat(backend): keep session key on refresh * refactor(backend): sessionError -> undefined * feat(backend): use redis expire / ttl for session keys * fix(backend): session changes * refactor(backend): fix casing * test(backend): sessions expire * test(backend): confirm revoke session * refactor(backend): redeem session -> api key * fix(backend): typing and correct promise handling Co-authored-by: Brandon Wilson <brandon@coil.com> * feat(backend): store expiry unix time on session * fix(backend): remove console log Co-authored-by: Brandon Wilson <brandon@coil.com> * refactor(backend): use redis PXAT * test(backend): use jest.setSystemTime * feat(backend): make session length configurable * test(backend): use real timers afterEach * refactor(backend): remove sessionOptions * test(backend): change isAdmin test port Co-authored-by: Brandon Wilson <brandon@coil.com>

This reverts commit b7570da.

* Revert "feat(backend): add API key authentication (#193)" This reverts commit b7570da. * chore: update lockfile * chore(backend): remove unused dependencies * chore(deps): update remix monorepo to ^1.9.0 (#878) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @adonisjs/fold to ^8.2.0 (#883) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @faker-js/faker to ^7.6.0 (#892) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency axios to v0.27.2 (#894) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency jose to ^4.11.1 (#895) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency luxon to ^3.1.1 (#896) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency pino to ^8.8.0 (#897) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency uuid to v9 (#900) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @koa/cors to ^3.4.3 (#891) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency pino-pretty to ^9.1.1 (#898) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency axios to v1.2.1 (#901) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency ts-node-dev to v2 (#903) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency graphql-scalars to ^1.20.1 (#907) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency @types/koa__router to v12 (#899) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * feat(auth): check that token value matches during rotation & revocation (#860) * feat(open-payments): add revoketoken function (#914) * feat(open-payments): add revoketoken function * Update packages/open-payments/src/client/token.ts Co-authored-by: Max Kurapov <max@interledger.org> * feat(open-payments): tested validator * feat(open-payments): adding correct return type for revoke function * feat(open-payments): allow any for mock implementation * Update packages/open-payments/src/client/token.test.ts Co-authored-by: Max Kurapov <max@interledger.org> * Update packages/open-payments/src/client/token.test.ts Co-authored-by: Max Kurapov <max@interledger.org> * Update packages/open-payments/src/client/token.test.ts Co-authored-by: Max Kurapov <max@interledger.org> * feat(open-payments): improving test cases for revoke token * feat(open-payments): rename struct Co-authored-by: Max Kurapov <max@interledger.org> * Bump `@types/koa-bodyparser` (#893) * chore(hsu): enable strict type checking & fix types * chore(hsu): use koa-body and add typing to routes * chore(auth): use koa-body instead of koa-bodyparser * chore(hsu): revert to koa-bodyparser * chore(auth): add type assertions where necessary for koa-bodyparser * chore(auth): revert some small changes * chore(hsu): revert style changes * chore(auth): don't pin @types/koa-bodyparser * chore(hsu): add http-signature-utils to labeler.yml * chore(hsu): fix build * chore(hsu): add response type * chore(auth): fix context types for routes & middleware * chore(backend): bump @types/koa-bodyparser in backend * chore(hsu): clean up createHeaders function * feat(backend): adds a name field for the peer model (#915) * feat(backend): add a name field for the peer model * fix: update tests * fix(deps): update dependency openapi-response-validator to ^12.1.0 (#919) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @apollo/client to ^3.7.3 (#909) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency openapi-request-coercer to ^12.1.0 (#912) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * refactor(auth): factor out nonce generation (#910) * refactor(auth): factor out nonce generation * feat: generate longer string for tokens * chore: remove sig validation bypass (#879) * chore: remove sig validation bypass * chore(auth): update docker-compose file * chore(backend): remove envBoolean * fix(auth): require interact params in query (#924) * chore(deps): update remix monorepo to ^1.9.0 (#878) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * feat(auth): delete grant (request) (#877) * feat(auth): delete grant (request) * chore(http-signature-utils): match JWK to Open Payments definition (#861) * chore(http-signature-utils): match JWK to Open Payments definition * chore(backend): fold * chore(http-signature-utils): return JWK from generateTestKeys Audit usage. * chore(backend): move payment pointer key files * chore(backend): enforce JWK type in admin api Use generateJwk in tests. * chore(auth): remove unused client key nock * feat(remove lodash): issue 820 (#874) * feat(remove lodash): issue 820 * Update packages/backend/src/connector/ilp-routing/lib/prefix-map.ts Co-authored-by: Brandon Wilson <brandon@coil.com> * Update packages/backend/src/connector/ilp-routing/lib/prefix-map.ts Co-authored-by: Brandon Wilson <brandon@coil.com> * Update packages/backend/src/connector/ilp-routing/lib/prefix-map.ts Co-authored-by: Brandon Wilson <brandon@coil.com> * Update packages/backend/src/connector/ilp-routing/lib/prefix-map.ts Co-authored-by: Brandon Wilson <brandon@coil.com> * feat(open-payments): fix on package.json * feat(open-payments): pnpm-loc.yaml resolution Co-authored-by: Brandon Wilson <brandon@coil.com> * chore(backend): clean up auth service + middleware (#836) * chore(backend): move httpsig verification to own middleware * chore(backend): add auth service tests * chore(backend): rename token introspection middleware * chore(backend): distinguish expected caught httpsig errors * fix(auth): test that client info is passed along when interaction is started (#884) * fix(deps): update apollo graphql packages (#881) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency typescript to ^4.9.4 (#872) * chore(deps): update dependency typescript to ^4.9.4 * fix: format * chore(openapi): update Paths generic types * chore(http-signature-utils): match JWK to Open Payments definition (#861) * chore(http-signature-utils): match JWK to Open Payments definition * chore(backend): fold * chore(http-signature-utils): return JWK from generateTestKeys Audit usage. * chore(backend): move payment pointer key files * chore(backend): enforce JWK type in admin api Use generateJwk in tests. * chore(auth): remove unused client key nock * feat(remove lodash): issue 820 (#874) * feat(remove lodash): issue 820 * Update packages/backend/src/connector/ilp-routing/lib/prefix-map.ts Co-authored-by: Brandon Wilson <brandon@coil.com> * Update packages/backend/src/connector/ilp-routing/lib/prefix-map.ts Co-authored-by: Brandon Wilson <brandon@coil.com> * Update packages/backend/src/connector/ilp-routing/lib/prefix-map.ts Co-authored-by: Brandon Wilson <brandon@coil.com> * Update packages/backend/src/connector/ilp-routing/lib/prefix-map.ts Co-authored-by: Brandon Wilson <brandon@coil.com> * feat(open-payments): fix on package.json * feat(open-payments): pnpm-loc.yaml resolution Co-authored-by: Brandon Wilson <brandon@coil.com> * chore(backend): clean up auth service + middleware (#836) * chore(backend): move httpsig verification to own middleware * chore(backend): add auth service tests * chore(backend): rename token introspection middleware * chore(backend): distinguish expected caught httpsig errors * fix(auth): test that client info is passed along when interaction is started (#884) * fix(deps): update apollo graphql packages (#881) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Sabine Schaller <sabine@coil.com> Co-authored-by: Brandon Wilson <brandon@coil.com> Co-authored-by: Domin <101926344+domin191013@users.noreply.github.com> Co-authored-by: Nathan Lie <lie4nathan@gmail.com> * fix(deps): update dependency @apidevtools/json-schema-ref-parser to ^9.1.0 (#889) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update typescript-eslint monorepo to ^5.47.0 (#880) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update remix monorepo to ^1.9.0 (#878) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @adonisjs/fold to ^8.2.0 (#883) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @faker-js/faker to ^7.6.0 (#892) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency axios to v0.27.2 (#894) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency jose to ^4.11.1 (#895) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency luxon to ^3.1.1 (#896) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency pino to ^8.8.0 (#897) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency uuid to v9 (#900) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @koa/cors to ^3.4.3 (#891) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency pino-pretty to ^9.1.1 (#898) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency axios to v1.2.1 (#901) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency ts-node-dev to v2 (#903) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @graphql-tools/utils to v9 (#905) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency graphql-scalars to ^1.20.1 (#907) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency @types/koa__router to v12 (#899) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * feat(auth): check that token value matches during rotation & revocation (#860) * feat(open-payments): add revoketoken function (#914) * feat(open-payments): add revoketoken function * Update packages/open-payments/src/client/token.ts Co-authored-by: Max Kurapov <max@interledger.org> * feat(open-payments): tested validator * feat(open-payments): adding correct return type for revoke function * feat(open-payments): allow any for mock implementation * Update packages/open-payments/src/client/token.test.ts Co-authored-by: Max Kurapov <max@interledger.org> * Update packages/open-payments/src/client/token.test.ts Co-authored-by: Max Kurapov <max@interledger.org> * Update packages/open-payments/src/client/token.test.ts Co-authored-by: Max Kurapov <max@interledger.org> * feat(open-payments): improving test cases for revoke token * feat(open-payments): rename struct Co-authored-by: Max Kurapov <max@interledger.org> * Bump `@types/koa-bodyparser` (#893) * chore(hsu): enable strict type checking & fix types * chore(hsu): use koa-body and add typing to routes * chore(auth): use koa-body instead of koa-bodyparser * chore(hsu): revert to koa-bodyparser * chore(auth): add type assertions where necessary for koa-bodyparser * chore(auth): revert some small changes * chore(hsu): revert style changes * chore(auth): don't pin @types/koa-bodyparser * chore(hsu): add http-signature-utils to labeler.yml * chore(hsu): fix build * chore(hsu): add response type * chore(auth): fix context types for routes & middleware * chore(backend): bump @types/koa-bodyparser in backend * chore(hsu): clean up createHeaders function * feat(backend): adds a name field for the peer model (#915) * feat(backend): add a name field for the peer model * fix: update tests * fix(deps): update dependency openapi-response-validator to ^12.1.0 (#919) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @apollo/client to ^3.7.3 (#909) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency openapi-request-coercer to ^12.1.0 (#912) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * refactor(auth): factor out nonce generation (#910) * refactor(auth): factor out nonce generation * feat: generate longer string for tokens * chore: remove sig validation bypass (#879) * chore: remove sig validation bypass * chore(auth): update docker-compose file * chore(backend): remove envBoolean * chore(open-payments): update schemas * fix(auth): incorporate review comments * fix(open-payments): formatting * fix(auth): check that continue token matches grant in /delete Co-authored-by: Brandon Wilson <brandon@coil.com> Co-authored-by: Domin <101926344+domin191013@users.noreply.github.com> Co-authored-by: Nathan Lie <lie4nathan@gmail.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Max Kurapov <max@interledger.org> Co-authored-by: dragosp1011 <109967337+dragosp1011@users.noreply.github.com> * fix: update lockfile Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Nathan Lie <lie4nathan@gmail.com> Co-authored-by: Domin <101926344+domin191013@users.noreply.github.com> Co-authored-by: Max Kurapov <max@interledger.org> Co-authored-by: dragosp1011 <109967337+dragosp1011@users.noreply.github.com> Co-authored-by: Brandon Wilson <brandon@coil.com>

* chore: set strictNullChecks to true * fix(HSU): strict null checks * fix(open-payments): strict null checks * fix(auth): strict null checks * fix(backend): partially strict null checks * chore(deps): update remix monorepo to ^1.9.0 (#878) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @adonisjs/fold to ^8.2.0 (#883) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @faker-js/faker to ^7.6.0 (#892) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency axios to v0.27.2 (#894) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency jose to ^4.11.1 (#895) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency luxon to ^3.1.1 (#896) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency pino to ^8.8.0 (#897) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency uuid to v9 (#900) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @koa/cors to ^3.4.3 (#891) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency pino-pretty to ^9.1.1 (#898) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency axios to v1.2.1 (#901) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency ts-node-dev to v2 (#903) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @graphql-tools/utils to v9 (#905) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency graphql-scalars to ^1.20.1 (#907) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency @types/koa__router to v12 (#899) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * feat(auth): check that token value matches during rotation & revocation (#860) * feat(open-payments): add revoketoken function (#914) * feat(open-payments): add revoketoken function * Update packages/open-payments/src/client/token.ts Co-authored-by: Max Kurapov <max@interledger.org> * feat(open-payments): tested validator * feat(open-payments): adding correct return type for revoke function * feat(open-payments): allow any for mock implementation * Update packages/open-payments/src/client/token.test.ts Co-authored-by: Max Kurapov <max@interledger.org> * Update packages/open-payments/src/client/token.test.ts Co-authored-by: Max Kurapov <max@interledger.org> * Update packages/open-payments/src/client/token.test.ts Co-authored-by: Max Kurapov <max@interledger.org> * feat(open-payments): improving test cases for revoke token * feat(open-payments): rename struct Co-authored-by: Max Kurapov <max@interledger.org> * Bump `@types/koa-bodyparser` (#893) * chore(hsu): enable strict type checking & fix types * chore(hsu): use koa-body and add typing to routes * chore(auth): use koa-body instead of koa-bodyparser * chore(hsu): revert to koa-bodyparser * chore(auth): add type assertions where necessary for koa-bodyparser * chore(auth): revert some small changes * chore(hsu): revert style changes * chore(auth): don't pin @types/koa-bodyparser * chore(hsu): add http-signature-utils to labeler.yml * chore(hsu): fix build * chore(hsu): add response type * chore(auth): fix context types for routes & middleware * chore(backend): bump @types/koa-bodyparser in backend * chore(hsu): clean up createHeaders function * feat(backend): adds a name field for the peer model (#915) * feat(backend): add a name field for the peer model * fix: update tests * fix(deps): update dependency openapi-response-validator to ^12.1.0 (#919) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @apollo/client to ^3.7.3 (#909) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency openapi-request-coercer to ^12.1.0 (#912) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * refactor(auth): factor out nonce generation (#910) * refactor(auth): factor out nonce generation * feat: generate longer string for tokens * chore: remove sig validation bypass (#879) * chore: remove sig validation bypass * chore(auth): update docker-compose file * chore(backend): remove envBoolean * fix(auth): require interact params in query (#924) * feat(auth): delete grant (request) (#877) * feat(auth): delete grant (request) * chore(http-signature-utils): match JWK to Open Payments definition (#861) * chore(http-signature-utils): match JWK to Open Payments definition * chore(backend): fold * chore(http-signature-utils): return JWK from generateTestKeys Audit usage. * chore(backend): move payment pointer key files * chore(backend): enforce JWK type in admin api Use generateJwk in tests. * chore(auth): remove unused client key nock * feat(remove lodash): issue 820 (#874) * feat(remove lodash): issue 820 * Update packages/backend/src/connector/ilp-routing/lib/prefix-map.ts Co-authored-by: Brandon Wilson <brandon@coil.com> * Update packages/backend/src/connector/ilp-routing/lib/prefix-map.ts Co-authored-by: Brandon Wilson <brandon@coil.com> * Update packages/backend/src/connector/ilp-routing/lib/prefix-map.ts Co-authored-by: Brandon Wilson <brandon@coil.com> * Update packages/backend/src/connector/ilp-routing/lib/prefix-map.ts Co-authored-by: Brandon Wilson <brandon@coil.com> * feat(open-payments): fix on package.json * feat(open-payments): pnpm-loc.yaml resolution Co-authored-by: Brandon Wilson <brandon@coil.com> * chore(backend): clean up auth service + middleware (#836) * chore(backend): move httpsig verification to own middleware * chore(backend): add auth service tests * chore(backend): rename token introspection middleware * chore(backend): distinguish expected caught httpsig errors * fix(auth): test that client info is passed along when interaction is started (#884) * fix(deps): update apollo graphql packages (#881) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency typescript to ^4.9.4 (#872) * chore(deps): update dependency typescript to ^4.9.4 * fix: format * chore(openapi): update Paths generic types * chore(http-signature-utils): match JWK to Open Payments definition (#861) * chore(http-signature-utils): match JWK to Open Payments definition * chore(backend): fold * chore(http-signature-utils): return JWK from generateTestKeys Audit usage. * chore(backend): move payment pointer key files * chore(backend): enforce JWK type in admin api Use generateJwk in tests. * chore(auth): remove unused client key nock * feat(remove lodash): issue 820 (#874) * feat(remove lodash): issue 820 * Update packages/backend/src/connector/ilp-routing/lib/prefix-map.ts Co-authored-by: Brandon Wilson <brandon@coil.com> * Update packages/backend/src/connector/ilp-routing/lib/prefix-map.ts Co-authored-by: Brandon Wilson <brandon@coil.com> * Update packages/backend/src/connector/ilp-routing/lib/prefix-map.ts Co-authored-by: Brandon Wilson <brandon@coil.com> * Update packages/backend/src/connector/ilp-routing/lib/prefix-map.ts Co-authored-by: Brandon Wilson <brandon@coil.com> * feat(open-payments): fix on package.json * feat(open-payments): pnpm-loc.yaml resolution Co-authored-by: Brandon Wilson <brandon@coil.com> * chore(backend): clean up auth service + middleware (#836) * chore(backend): move httpsig verification to own middleware * chore(backend): add auth service tests * chore(backend): rename token introspection middleware * chore(backend): distinguish expected caught httpsig errors * fix(auth): test that client info is passed along when interaction is started (#884) * fix(deps): update apollo graphql packages (#881) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Sabine Schaller <sabine@coil.com> Co-authored-by: Brandon Wilson <brandon@coil.com> Co-authored-by: Domin <101926344+domin191013@users.noreply.github.com> Co-authored-by: Nathan Lie <lie4nathan@gmail.com> * fix(deps): update dependency @apidevtools/json-schema-ref-parser to ^9.1.0 (#889) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update typescript-eslint monorepo to ^5.47.0 (#880) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update remix monorepo to ^1.9.0 (#878) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @adonisjs/fold to ^8.2.0 (#883) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @faker-js/faker to ^7.6.0 (#892) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency axios to v0.27.2 (#894) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency jose to ^4.11.1 (#895) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency luxon to ^3.1.1 (#896) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency pino to ^8.8.0 (#897) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency uuid to v9 (#900) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @koa/cors to ^3.4.3 (#891) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency pino-pretty to ^9.1.1 (#898) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency axios to v1.2.1 (#901) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency ts-node-dev to v2 (#903) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @graphql-tools/utils to v9 (#905) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency graphql-scalars to ^1.20.1 (#907) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency @types/koa__router to v12 (#899) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * feat(auth): check that token value matches during rotation & revocation (#860) * feat(open-payments): add revoketoken function (#914) * feat(open-payments): add revoketoken function * Update packages/open-payments/src/client/token.ts Co-authored-by: Max Kurapov <max@interledger.org> * feat(open-payments): tested validator * feat(open-payments): adding correct return type for revoke function * feat(open-payments): allow any for mock implementation * Update packages/open-payments/src/client/token.test.ts Co-authored-by: Max Kurapov <max@interledger.org> * Update packages/open-payments/src/client/token.test.ts Co-authored-by: Max Kurapov <max@interledger.org> * Update packages/open-payments/src/client/token.test.ts Co-authored-by: Max Kurapov <max@interledger.org> * feat(open-payments): improving test cases for revoke token * feat(open-payments): rename struct Co-authored-by: Max Kurapov <max@interledger.org> * Bump `@types/koa-bodyparser` (#893) * chore(hsu): enable strict type checking & fix types * chore(hsu): use koa-body and add typing to routes * chore(auth): use koa-body instead of koa-bodyparser * chore(hsu): revert to koa-bodyparser * chore(auth): add type assertions where necessary for koa-bodyparser * chore(auth): revert some small changes * chore(hsu): revert style changes * chore(auth): don't pin @types/koa-bodyparser * chore(hsu): add http-signature-utils to labeler.yml * chore(hsu): fix build * chore(hsu): add response type * chore(auth): fix context types for routes & middleware * chore(backend): bump @types/koa-bodyparser in backend * chore(hsu): clean up createHeaders function * feat(backend): adds a name field for the peer model (#915) * feat(backend): add a name field for the peer model * fix: update tests * fix(deps): update dependency openapi-response-validator to ^12.1.0 (#919) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @apollo/client to ^3.7.3 (#909) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency openapi-request-coercer to ^12.1.0 (#912) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * refactor(auth): factor out nonce generation (#910) * refactor(auth): factor out nonce generation * feat: generate longer string for tokens * chore: remove sig validation bypass (#879) * chore: remove sig validation bypass * chore(auth): update docker-compose file * chore(backend): remove envBoolean * chore(open-payments): update schemas * fix(auth): incorporate review comments * fix(open-payments): formatting * fix(auth): check that continue token matches grant in /delete Co-authored-by: Brandon Wilson <brandon@coil.com> Co-authored-by: Domin <101926344+domin191013@users.noreply.github.com> Co-authored-by: Nathan Lie <lie4nathan@gmail.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Max Kurapov <max@interledger.org> Co-authored-by: dragosp1011 <109967337+dragosp1011@users.noreply.github.com> * Revert "feat(backend): add API key authentication (#193)" (#890) * Revert "feat(backend): add API key authentication (#193)" This reverts commit b7570da. * chore: update lockfile * chore(backend): remove unused dependencies * chore(deps): update remix monorepo to ^1.9.0 (#878) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @adonisjs/fold to ^8.2.0 (#883) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @faker-js/faker to ^7.6.0 (#892) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency axios to v0.27.2 (#894) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency jose to ^4.11.1 (#895) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency luxon to ^3.1.1 (#896) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency pino to ^8.8.0 (#897) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency uuid to v9 (#900) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @koa/cors to ^3.4.3 (#891) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency pino-pretty to ^9.1.1 (#898) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency axios to v1.2.1 (#901) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency ts-node-dev to v2 (#903) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency graphql-scalars to ^1.20.1 (#907) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency @types/koa__router to v12 (#899) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * feat(auth): check that token value matches during rotation & revocation (#860) * feat(open-payments): add revoketoken function (#914) * feat(open-payments): add revoketoken function * Update packages/open-payments/src/client/token.ts Co-authored-by: Max Kurapov <max@interledger.org> * feat(open-payments): tested validator * feat(open-payments): adding correct return type for revoke function * feat(open-payments): allow any for mock implementation * Update packages/open-payments/src/client/token.test.ts Co-authored-by: Max Kurapov <max@interledger.org> * Update packages/open-payments/src/client/token.test.ts Co-authored-by: Max Kurapov <max@interledger.org> * Update packages/open-payments/src/client/token.test.ts Co-authored-by: Max Kurapov <max@interledger.org> * feat(open-payments): improving test cases for revoke token * feat(open-payments): rename struct Co-authored-by: Max Kurapov <max@interledger.org> * Bump `@types/koa-bodyparser` (#893) * chore(hsu): enable strict type checking & fix types * chore(hsu): use koa-body and add typing to routes * chore(auth): use koa-body instead of koa-bodyparser * chore(hsu): revert to koa-bodyparser * chore(auth): add type assertions where necessary for koa-bodyparser * chore(auth): revert some small changes * chore(hsu): revert style changes * chore(auth): don't pin @types/koa-bodyparser * chore(hsu): add http-signature-utils to labeler.yml * chore(hsu): fix build * chore(hsu): add response type * chore(auth): fix context types for routes & middleware * chore(backend): bump @types/koa-bodyparser in backend * chore(hsu): clean up createHeaders function * feat(backend): adds a name field for the peer model (#915) * feat(backend): add a name field for the peer model * fix: update tests * fix(deps): update dependency openapi-response-validator to ^12.1.0 (#919) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @apollo/client to ^3.7.3 (#909) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency openapi-request-coercer to ^12.1.0 (#912) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * refactor(auth): factor out nonce generation (#910) * refactor(auth): factor out nonce generation * feat: generate longer string for tokens * chore: remove sig validation bypass (#879) * chore: remove sig validation bypass * chore(auth): update docker-compose file * chore(backend): remove envBoolean * fix(auth): require interact params in query (#924) * chore(deps): update remix monorepo to ^1.9.0 (#878) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * feat(auth): delete grant (request) (#877) * feat(auth): delete grant (request) * chore(http-signature-utils): match JWK to Open Payments definition (#861) * chore(http-signature-utils): match JWK to Open Payments definition * chore(backend): fold * chore(http-signature-utils): return JWK from generateTestKeys Audit usage. * chore(backend): move payment pointer key files * chore(backend): enforce JWK type in admin api Use generateJwk in tests. * chore(auth): remove unused client key nock * feat(remove lodash): issue 820 (#874) * feat(remove lodash): issue 820 * Update packages/backend/src/connector/ilp-routing/lib/prefix-map.ts Co-authored-by: Brandon Wilson <brandon@coil.com> * Update packages/backend/src/connector/ilp-routing/lib/prefix-map.ts Co-authored-by: Brandon Wilson <brandon@coil.com> * Update packages/backend/src/connector/ilp-routing/lib/prefix-map.ts Co-authored-by: Brandon Wilson <brandon@coil.com> * Update packages/backend/src/connector/ilp-routing/lib/prefix-map.ts Co-authored-by: Brandon Wilson <brandon@coil.com> * feat(open-payments): fix on package.json * feat(open-payments): pnpm-loc.yaml resolution Co-authored-by: Brandon Wilson <brandon@coil.com> * chore(backend): clean up auth service + middleware (#836) * chore(backend): move httpsig verification to own middleware * chore(backend): add auth service tests * chore(backend): rename token introspection middleware * chore(backend): distinguish expected caught httpsig errors * fix(auth): test that client info is passed along when interaction is started (#884) * fix(deps): update apollo graphql packages (#881) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency typescript to ^4.9.4 (#872) * chore(deps): update dependency typescript to ^4.9.4 * fix: format * chore(openapi): update Paths generic types * chore(http-signature-utils): match JWK to Open Payments definition (#861) * chore(http-signature-utils): match JWK to Open Payments definition * chore(backend): fold * chore(http-signature-utils): return JWK from generateTestKeys Audit usage. * chore(backend): move payment pointer key files * chore(backend): enforce JWK type in admin api Use generateJwk in tests. * chore(auth): remove unused client key nock * feat(remove lodash): issue 820 (#874) * feat(remove lodash): issue 820 * Update packages/backend/src/connector/ilp-routing/lib/prefix-map.ts Co-authored-by: Brandon Wilson <brandon@coil.com> * Update packages/backend/src/connector/ilp-routing/lib/prefix-map.ts Co-authored-by: Brandon Wilson <brandon@coil.com> * Update packages/backend/src/connector/ilp-routing/lib/prefix-map.ts Co-authored-by: Brandon Wilson <brandon@coil.com> * Update packages/backend/src/connector/ilp-routing/lib/prefix-map.ts Co-authored-by: Brandon Wilson <brandon@coil.com> * feat(open-payments): fix on package.json * feat(open-payments): pnpm-loc.yaml resolution Co-authored-by: Brandon Wilson <brandon@coil.com> * chore(backend): clean up auth service + middleware (#836) * chore(backend): move httpsig verification to own middleware * chore(backend): add auth service tests * chore(backend): rename token introspection middleware * chore(backend): distinguish expected caught httpsig errors * fix(auth): test that client info is passed along when interaction is started (#884) * fix(deps): update apollo graphql packages (#881) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Sabine Schaller <sabine@coil.com> Co-authored-by: Brandon Wilson <brandon@coil.com> Co-authored-by: Domin <101926344+domin191013@users.noreply.github.com> Co-authored-by: Nathan Lie <lie4nathan@gmail.com> * fix(deps): update dependency @apidevtools/json-schema-ref-parser to ^9.1.0 (#889) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update typescript-eslint monorepo to ^5.47.0 (#880) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update remix monorepo to ^1.9.0 (#878) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @adonisjs/fold to ^8.2.0 (#883) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @faker-js/faker to ^7.6.0 (#892) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency axios to v0.27.2 (#894) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency jose to ^4.11.1 (#895) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency luxon to ^3.1.1 (#896) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency pino to ^8.8.0 (#897) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency uuid to v9 (#900) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @koa/cors to ^3.4.3 (#891) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency pino-pretty to ^9.1.1 (#898) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency axios to v1.2.1 (#901) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency ts-node-dev to v2 (#903) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @graphql-tools/utils to v9 (#905) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency graphql-scalars to ^1.20.1 (#907) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency @types/koa__router to v12 (#899) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * feat(auth): check that token value matches during rotation & revocation (#860) * feat(open-payments): add revoketoken function (#914) * feat(open-payments): add revoketoken function * Update packages/open-payments/src/client/token.ts Co-authored-by: Max Kurapov <max@interledger.org> * feat(open-payments): tested validator * feat(open-payments): adding correct return type for revoke function * feat(open-payments): allow any for mock implementation * Update packages/open-payments/src/client/token.test.ts Co-authored-by: Max Kurapov <max@interledger.org> * Update packages/open-payments/src/client/token.test.ts Co-authored-by: Max Kurapov <max@interledger.org> * Update packages/open-payments/src/client/token.test.ts Co-authored-by: Max Kurapov <max@interledger.org> * feat(open-payments): improving test cases for revoke token * feat(open-payments): rename struct Co-authored-by: Max Kurapov <max@interledger.org> * Bump `@types/koa-bodyparser` (#893) * chore(hsu): enable strict type checking & fix types * chore(hsu): use koa-body and add typing to routes * chore(auth): use koa-body instead of koa-bodyparser * chore(hsu): revert to koa-bodyparser * chore(auth): add type assertions where necessary for koa-bodyparser * chore(auth): revert some small changes * chore(hsu): revert style changes * chore(auth): don't pin @types/koa-bodyparser * chore(hsu): add http-signature-utils to labeler.yml * chore(hsu): fix build * chore(hsu): add response type * chore(auth): fix context types for routes & middleware * chore(backend): bump @types/koa-bodyparser in backend * chore(hsu): clean up createHeaders function * feat(backend): adds a name field for the peer model (#915) * feat(backend): add a name field for the peer model * fix: update tests * fix(deps): update dependency openapi-response-validator to ^12.1.0 (#919) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @apollo/client to ^3.7.3 (#909) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency openapi-request-coercer to ^12.1.0 (#912) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * refactor(auth): factor out nonce generation (#910) * refactor(auth): factor out nonce generation * feat: generate longer string for tokens * chore: remove sig validation bypass (#879) * chore: remove sig validation bypass * chore(auth): update docker-compose file * chore(backend): remove envBoolean * chore(open-payments): update schemas * fix(auth): incorporate review comments * fix(open-payments): formatting * fix(auth): check that continue token matches grant in /delete Co-authored-by: Brandon Wilson <brandon@coil.com> Co-authored-by: Domin <101926344+domin191013@users.noreply.github.com> Co-authored-by: Nathan Lie <lie4nathan@gmail.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Max Kurapov <max@interledger.org> Co-authored-by: dragosp1011 <109967337+dragosp1011@users.noreply.github.com> * fix: update lockfile Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Nathan Lie <lie4nathan@gmail.com> Co-authored-by: Domin <101926344+domin191013@users.noreply.github.com> Co-authored-by: Max Kurapov <max@interledger.org> Co-authored-by: dragosp1011 <109967337+dragosp1011@users.noreply.github.com> Co-authored-by: Brandon Wilson <brandon@coil.com> * fix(deps): update dependency openapi-request-validator to ^12.1.0 (#913) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency @types/react-dom to ^18.0.10 (#926) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency husky to ^8.0.3 (#927) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency @swc/core to ^1.3.25 (#925) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(backend): wip - strict null checks * fix(backend): "Type must have a '[Symbol.iterator]()' method that returns an iterator." * fix(backend): null unsupported as parseLiteral return value * chore: turn on strict type-checking * fix(open-payments): strict type checking * fix(auth): strict type checking * fix(backend): strict type checking * fix(open-payments): requests * fix(backend): receiver model * fix(backend): balance middleware * chore(auth): add Brandon's suggestions * test(auth): add undefined tests * fix(auth): getByInteractiveSession return value * fix(auth+backend): strict type checking after merging main * fix(backend): test after merging main * refactor(auth): interactive grant * refactor(auth): remove `never` in `<T = never>` * refactor(auth): update continue middleware error message * feat(auth): add grant to accessToken * feat(auht): make client name required * fix(auth): unused import * fix(auth): withGraphFetched variable * refactor(auth): clientKeyId assignment * fix(backend): incorporate Max's comments * fix(backend): deconstruction error * style(backend): remove unnecessary code * feat(auth): throw if grant cannot be found for token * feat(auth): correct error handling of unknown public name * chore(auth): remove old comment * fix(backend): add Brandon's suggestions * fix(backend): remove all typecasts * test(backend): remove test b/c getting ILPStreamConnection never returns undefined but throws * fix(auth): typos * test(backend): assert connection * feat(backend): update connector error handler middleware after ilp-packet update * fix(backend): error handler middleware * fix(backend): error handler middleware * test(backend): introduce TestGetOptions * feat(backend): update connector error handler middleware * test(backend): isIlpError * test(backend): re-add paymentPointer = undefined test * fix(backend): paymentPointer key routes * fix(backend): use PaymentPointerKeysContext in key routes * test(backend): test for ilpError format in reject * feat(backend): auth middleware throws 403 is token inactive * chore(backend): remove unnecessary typecast * fix(backend): add InputMaybeValue Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Nathan Lie <lie4nathan@gmail.com> Co-authored-by: Domin <101926344+domin191013@users.noreply.github.com> Co-authored-by: Max Kurapov <max@interledger.org> Co-authored-by: dragosp1011 <109967337+dragosp1011@users.noreply.github.com> Co-authored-by: Brandon Wilson <brandon@coil.com>

sabineschaller added 30 commits October 18, 2021 10:49

feat(backend,wip): api key

1b09857

feat(backend,wip): session key

42bd365

feat(backend): session key functionality

1334abf

feat(backend): session getter

2d3dd7a

feat(backend): session key handle edge cases

b4310e1

test(backend): session key testing

5f68f97

test(backend): session key management

2a70ff2

feat(backend): api key migrations file

f0a30db

fix(backend): add missing bcrypt types

b132069

refactor(backend): session key interface

55c75e9

fix(backend): type issues

433760d

test(backend, wip): api key tests

2fc704e

fix(backend): handle edge cases

aa557cb

test(backend): redeem session key

e14f85e

feat(backend): delete api keys

134ed5f

refactor(backend): error handling

af71ee9

fix(backend): typo apikeys -> apiKeys

e81785e

refactor(backend): sessionKey -> key

dd3b400

refactor(backend): input

6ae1686

feat(backend): api key resolvers

bb2c298

refactor(backend): renew -> refresh

6f9ed16

refactor(backend): error handling

6a30520

refactor(backend): session input

a6bdd17

feat(backend): session resolvers

339dde3

refactor(backend): sessionKey -> session

8fd06b3

fix(backend): add apiKey and session service to app

a6c740d

feat(backend, wip): auth directive

d2403fa

feat(backend): auth directive

7420132

refactor(backend): auth directive

d02caa2

feat(backend): isAdmin directive

caf076f

sabineschaller and others added 5 commits December 6, 2021 16:13

test(backend): sessions expire

55582fb

test(backend): confirm revoke session

ab3414d

refactor(backend): redeem session -> api key

514716c

fix(backend): typing and correct promise handling

b5a5713

Co-authored-by: Brandon Wilson <brandon@coil.com>

feat(backend): store expiry unix time on session

ef7dfd0

wilsonianb reviewed Dec 6, 2021

View reviewed changes

packages/backend/src/session/service.test.ts Outdated Show resolved Hide resolved

packages/backend/src/session/service.ts Outdated Show resolved Hide resolved

packages/backend/src/session/service.ts Outdated Show resolved Hide resolved

sabineschaller and others added 5 commits December 7, 2021 16:18

fix(backend): remove console log

80aca63

Co-authored-by: Brandon Wilson <brandon@coil.com>

refactor(backend): use redis PXAT

8d0a064

test(backend): use jest.setSystemTime

6d2addc

feat(backend): make session length configurable

e7bacb2

test(backend): use real timers afterEach

51b3247

wilsonianb previously approved these changes Dec 9, 2021

View reviewed changes

refactor(backend): remove sessionOptions

6f79c87

sabineschaller dismissed wilsonianb’s stale review via 6f79c87 December 10, 2021 09:05

sabineschaller requested a review from wilsonianb December 10, 2021 09:35

wilsonianb requested changes Dec 10, 2021

View reviewed changes

packages/backend/src/graphql/directives/isAdmin.test.ts Outdated Show resolved Hide resolved

test(backend): change isAdmin test port

b0165f1

sabineschaller requested a review from wilsonianb December 13, 2021 15:42

wilsonianb approved these changes Dec 13, 2021

View reviewed changes

sabineschaller removed the request for review from sharafian December 13, 2021 16:46

sharafian approved these changes Dec 13, 2021

View reviewed changes

sabineschaller merged commit b7570da into main Dec 13, 2021

sabineschaller deleted the sb-api-auth branch December 13, 2021 18:22

sabineschaller added a commit that referenced this pull request Dec 20, 2022

Revert "feat(backend): add API key authentication (#193)"

4e8593e

This reverts commit b7570da.

sabineschaller mentioned this pull request Jan 9, 2024

Design auth mechanism for admin graphql API #2218

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(backend): add API key authentication #193

feat(backend): add API key authentication #193

sabineschaller commented Dec 1, 2021 •

edited

Loading

wilsonianb left a comment

feat(backend): add API key authentication #193

feat(backend): add API key authentication #193

Conversation

sabineschaller commented Dec 1, 2021 • edited Loading

Changes proposed in this pull request

Context

Checklist

wilsonianb left a comment

Choose a reason for hiding this comment

sabineschaller commented Dec 1, 2021 •

edited

Loading