New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
APIEndpointAsset model #165
Conversation
…isable editing that value too
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for updating those assets to SVG's - nice touch! A couple of items for you to consider but great PR overall. 🥳
|
||
def search(self, query: str, max_results: int) -> list[SearchResult]: | ||
"""Search the API Endpoint asset with the specified query.""" | ||
raise NotImplementedError('The search method is not implemented for this asset.') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So then how do we scan this asset? 🤔
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I want to break this out into a separate PR to keep them both a reasonable size.
authentication_method = models.CharField( | ||
max_length=10, choices=[('Basic', 'Basic'), ('Bearer', 'Bearer')], default='Bearer' | ||
) | ||
api_key = EncryptedCharField(max_length=256, editable=True) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since this asset will support multiple auth types in the future, it's probably worth making this an opaque "secret" and adding an enum of the supported types (bearer is the only one to start). I'm guessing oauth is probably going to be needed sooner rather than later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
spoke with @zimventures about this and I'm going to leave it as is. We don't expect that changing it later, with clearer direction, will take more effort than changing it now.
The purpose of this PR is to add a new asset type:
APIEndpointAsset
. This provides the user with a means for connecting Chirps to an API endpoint, allowing Chirps to interact with their chatbot or some other LLM application. In order to connect to said API endpoint, the user can specify the API endpoint's URL, authentication method, API key, request headers, and request body. If the asset is selected for a scan, Chirps will use the above information to send requests to the endpoint as part of the scan.I've opted to handle the adding/removing of key-value pairs via JS in order to keep this project moving. Once this PR is approved, I'll create a ticket that can be used to track refactoring this to use HTMX.
Asset creation:
Asset editing: