APIEndpointAsset model #165
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 10 commits
August 17, 2023 18:21
…isable editing that value too
zimventures
suggested changes
Aug 21, 2023
|
|
||
| def search(self, query: str, max_results: int) -> list[SearchResult]: | ||
| """Search the API Endpoint asset with the specified query.""" | ||
| raise NotImplementedError('The search method is not implemented for this asset.') |
There was a problem hiding this comment.
So then how do we scan this asset? 🤔
There was a problem hiding this comment.
I want to break this out into a separate PR to keep them both a reasonable size.
| authentication_method = models.CharField( | ||
| max_length=10, choices=[('Basic', 'Basic'), ('Bearer', 'Bearer')], default='Bearer' | ||
| ) | ||
| api_key = EncryptedCharField(max_length=256, editable=True) |
There was a problem hiding this comment.
Since this asset will support multiple auth types in the future, it's probably worth making this an opaque "secret" and adding an enum of the supported types (bearer is the only one to start). I'm guessing oauth is probably going to be needed sooner rather than later.
There was a problem hiding this comment.
spoke with @zimventures about this and I'm going to leave it as is. We don't expect that changing it later, with clearer direction, will take more effort than changing it now.
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The purpose of this PR is to add a new asset type:
APIEndpointAsset. This provides the user with a means for connecting Chirps to an API endpoint, allowing Chirps to interact with their chatbot or some other LLM application. In order to connect to said API endpoint, the user can specify the API endpoint's URL, authentication method, API key, request headers, and request body. If the asset is selected for a scan, Chirps will use the above information to send requests to the endpoint as part of the scan.I've opted to handle the adding/removing of key-value pairs via JS in order to keep this project moving. Once this PR is approved, I'll create a ticket that can be used to track refactoring this to use HTMX.
Asset creation:
Asset editing:
