Skip to content

Release 3.1.0 - Return key ID from CreateKey request #156

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Nov 4, 2025
Merged

Release 3.1.0 - Return key ID from CreateKey request #156

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
3770d3b
Allow build and publish on tag refs
briskt Oct 28, 2025
8fb13e8
Merge pull request #155 from sil-org/briskt-patch-1
briskt Oct 28, 2025
e0b4630
return the key in the response to the POST /api-key request
briskt Nov 3, 2025
197de1a
update OpenAPI descriptions
briskt Nov 3, 2025
38730bb
use camel case for consistency
briskt Nov 3, 2025
4bc24e2
require authentication for api-key endpoints
briskt Nov 4, 2025
cab4084
update OpenAPI to indicate possible 401 error on api-key endpoints.
briskt Nov 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/test-deploy-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ jobs:
build-and-publish:
name: Build and Publish
needs: [ 'tests', 'lint' ]
if: github.ref_name == 'main' || github.ref_name == 'develop'
if: github.ref_name == 'main' || github.ref_name == 'develop' || startsWith(github.ref, 'refs/tags/')
runs-on: ubuntu-latest
steps:
- name: Checkout code
Expand Down
7 changes: 6 additions & 1 deletion apikey.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -438,7 +438,12 @@ func (a *App) CreateApiKey(w http.ResponseWriter, r *http.Request) {
return
}

jsonResponse(w, nil, http.StatusNoContent)
response := map[string]string{
"email": key.Email,
"apiKeyValue": key.Key,
"createdAt": time.Unix(int64(key.CreatedAt)/1000, 0).UTC().Format(time.RFC3339),
}
jsonResponse(w, response, http.StatusOK)
}

// RotateApiKey facilitates the rotation of API Keys. All data in webauthn and totp tables that is encrypted by the old
Expand Down
12 changes: 11 additions & 1 deletion apikey_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -308,7 +308,7 @@ func (ms *MfaSuite) TestCreateApiKey() {
body: map[string]interface{}{
"email": exampleEmail,
},
wantStatus: http.StatusNoContent,
wantStatus: http.StatusOK,
},
{
name: "missing email",
Expand All @@ -332,6 +332,16 @@ func (ms *MfaSuite) TestCreateApiKey() {
}

ms.Equal(tt.wantStatus, res.Status, fmt.Sprintf("CreateApiKey response: %s", res.Body))

var response struct {
Email string `json:"email"`
APIKeyValue string `json:"apiKeyValue"`
CreatedAt time.Time `json:"createdAt"`
}
ms.NoError(json.Unmarshal(res.Body, &response))
ms.Equal(exampleEmail, response.Email)
ms.Regexp("^[0-9a-z]{40}$", response.APIKeyValue)
ms.WithinDuration(time.Now().UTC(), response.CreatedAt, time.Minute)
})
}
}
Expand Down
2 changes: 1 addition & 1 deletion auth.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ func AuthenticateRequest(r *http.Request) (User, error) {
return authTOTP(apiKey)

case "api-key":
return nil, nil // no authentication required for api-key
return apiKey, nil

default:
return nil, fmt.Errorf("invalid URL: %s", r.URL)
Expand Down
27 changes: 26 additions & 1 deletion openapi.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -364,8 +364,27 @@ paths:
required: true
example: email@example.com
responses:
204:
200:
description: New API key created
content:
application/json:
schema:
properties:
email:
type: string
description: Email address of the requester
required: true
example: "admin@example.com"
apiKeyValue:
type: string
description: Unique ID for the new API Key
required: true
example: "0123456789abcdef0123456789abcdef01234567"
createdAt:
type: string
description: Time the key was created
required: true
example: "2006-01-02T15:04:05Z"
400:
description: Bad Request
content:
Expand All @@ -379,6 +398,8 @@ paths:
email-required:
value:
error: "email is required"
"401":
$ref: "#/components/responses/UnauthorizedError"
/api-key/activate:
post:
operationId: activateApiKey
Expand Down Expand Up @@ -430,6 +451,8 @@ paths:
email-required:
value:
error: "email is required"
"401":
$ref: "#/components/responses/UnauthorizedError"
404:
description: Not Found
content:
Expand Down Expand Up @@ -514,6 +537,8 @@ paths:
api-key-required:
value:
error: "apiKeyValue is required"
"401":
$ref: "#/components/responses/UnauthorizedError"
404:
description: Not Found
content:
Expand Down
6 changes: 0 additions & 6 deletions router/middleware.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ import (
"context"
"log"
"net/http"
"strings"

mfa "github.com/sil-org/serverless-mfa-api-go"
)
Expand All @@ -14,11 +13,6 @@ import (
// user from storage and attach to context.
func authenticationMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if strings.HasPrefix(r.URL.Path, "/api-key") {
next.ServeHTTP(w, r)
return
}

user, err := mfa.AuthenticateRequest(r)
if err != nil {
log.Printf("unable to authenticate request: %s", err)
Expand Down