Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for API token expiration #168

Merged
merged 2 commits into from
Aug 1, 2022
Merged

Add support for API token expiration #168

merged 2 commits into from
Aug 1, 2022

Conversation

ppacher
Copy link
Contributor

@ppacher ppacher commented Jul 12, 2022

No description provided.

@ppacher ppacher requested a review from dhaavi July 12, 2022 22:26
dhaavi
dhaavi requested changes Jul 21, 2022
View reviewed changes
Copy link
Member

@dhaavi dhaavi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the expiry check is broken, possibly twice. ;)

Other related ideas:

  • Should we validate the keys when setting them so we can return an error?
  • Should we return an error if both read and write permissions are just PermitAnyone?
  • Should we raise the default read permission to "PermitUser" to make more sense?

api/authentication.go Outdated
@@ -299,6 +300,14 @@ func checkAuth(w http.ResponseWriter, r *http.Request, authRequired bool) (token
return nil, false
}

// Abort if the token is expired.
if token.ValidUntil != nil && token.ValidUntil.After(time.Now()) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you meant time.Now().After(token.ValidUntil).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This might better belong into checkAPIKey() - I'm not even sure it would be triggered here.

dhaavi
dhaavi approved these changes Jul 28, 2022
View reviewed changes
Copy link
Member

@dhaavi dhaavi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. One comment.

api/authentication.go Show resolved Hide resolved
@dhaavi dhaavi merged commit e5b8dd7 into develop Aug 1, 2022
@dhaavi dhaavi deleted the feature/token-expiration branch August 1, 2022 08:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dhaavi dhaavi dhaavi approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ppacher @dhaavi