satellite/{console, db}: do not return object browser API keys to cli…

…ent side Updated logic so that accesses created automatically for filebrowser do not appear in the "access" list. Issue: #6854 Change-Id: Id43ce7005100431eb2cd4e051881c3c5d58c850b
storj · Apr 18, 2024 · c0e18d3 · c0e18d3
1 parent 45c075b
commit c0e18d3
Show file tree

Hide file tree

Showing 8 changed files with 98 additions and 34 deletions.
diff --git a/satellite/admin/apikeys.go b/satellite/admin/apikeys.go
@@ -324,7 +324,7 @@ func (server *Server) listAPIKeys(w http.ResponseWriter, r *http.Request) {
 				Page:           i,
 				Order:          console.KeyName,
 				OrderDirection: console.Ascending,
-			},
+			}, "",
 		)
 		if err != nil {
 			sendJSONError(w, "failed retrieving a cursor page of API Keys list",

diff --git a/satellite/admin/apikeys_test.go b/satellite/admin/apikeys_test.go
@@ -40,7 +40,7 @@ func TestApiKeyAdd(t *testing.T) {
 
 		keys, err := planet.Satellites[0].DB.Console().
 			APIKeys().
-			GetPagedByProjectID(ctx, projectID, console.APIKeyCursor{Page: 1, Limit: 10})
+			GetPagedByProjectID(ctx, projectID, console.APIKeyCursor{Page: 1, Limit: 10}, "")
 		require.NoError(t, err)
 		require.Len(t, keys.APIKeys, 1)
 
@@ -75,7 +75,7 @@ func TestApiKeyAdd(t *testing.T) {
 
 		keys, err = planet.Satellites[0].DB.Console().
 			APIKeys().
-			GetPagedByProjectID(ctx, projectID, console.APIKeyCursor{Page: 1, Limit: 10})
+			GetPagedByProjectID(ctx, projectID, console.APIKeyCursor{Page: 1, Limit: 10}, "")
 		require.NoError(t, err)
 		require.Len(t, keys.APIKeys, 2)
 
@@ -101,7 +101,7 @@ func TestApiKeyDelete(t *testing.T) {
 
 		keys, err := planet.Satellites[0].DB.Console().
 			APIKeys().
-			GetPagedByProjectID(ctx, projectID, console.APIKeyCursor{Page: 1, Limit: 10})
+			GetPagedByProjectID(ctx, projectID, console.APIKeyCursor{Page: 1, Limit: 10}, "")
 		require.NoError(t, err)
 		require.Len(t, keys.APIKeys, 1)
 
@@ -113,7 +113,7 @@ func TestApiKeyDelete(t *testing.T) {
 
 		keys, err = planet.Satellites[0].DB.Console().
 			APIKeys().
-			GetPagedByProjectID(ctx, projectID, console.APIKeyCursor{Page: 1, Limit: 10})
+			GetPagedByProjectID(ctx, projectID, console.APIKeyCursor{Page: 1, Limit: 10}, "")
 		require.NoError(t, err)
 		require.Len(t, keys.APIKeys, 0)
 
@@ -148,7 +148,7 @@ func TestApiKeyDelete_ByName(t *testing.T) {
 
 		keys, err := planet.Satellites[0].DB.Console().
 			APIKeys().
-			GetPagedByProjectID(ctx, projectID, console.APIKeyCursor{Page: 1, Limit: 10})
+			GetPagedByProjectID(ctx, projectID, console.APIKeyCursor{Page: 1, Limit: 10}, "")
 		require.NoError(t, err)
 		require.Len(t, keys.APIKeys, 1)
 
@@ -187,7 +187,7 @@ func TestApiKeyDelete_ByName(t *testing.T) {
 
 		keys, err = planet.Satellites[0].DB.Console().
 			APIKeys().
-			GetPagedByProjectID(ctx, projectID, console.APIKeyCursor{Page: 1, Limit: 10})
+			GetPagedByProjectID(ctx, projectID, console.APIKeyCursor{Page: 1, Limit: 10}, "")
 		require.NoError(t, err)
 		require.Len(t, keys.APIKeys, 0)
 
@@ -234,7 +234,7 @@ func TestApiKeysList(t *testing.T) {
 			page, err := sat.DB.Console().APIKeys().GetPagedByProjectID(
 				ctx, project.ID, console.APIKeyCursor{
 					Limit: 50, Page: 1, Order: console.KeyName, OrderDirection: console.Ascending,
-				},
+				}, "",
 			)
 			require.NoError(t, err)
 

diff --git a/satellite/admin/project.go b/satellite/admin/project.go
@@ -528,7 +528,7 @@ func (server *Server) deleteProject(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	keys, err := server.db.Console().APIKeys().GetPagedByProjectID(ctx, project.ID, console.APIKeyCursor{Limit: 1, Page: 1})
+	keys, err := server.db.Console().APIKeys().GetPagedByProjectID(ctx, project.ID, console.APIKeyCursor{Limit: 1, Page: 1}, "")
 	if err != nil {
 		sendJSONError(w, "unable to list api-keys",
 			err.Error(), http.StatusInternalServerError)

diff --git a/satellite/admin/project_test.go b/satellite/admin/project_test.go
@@ -794,7 +794,7 @@ func TestProjectDelete(t *testing.T) {
 			Page:   1,
 			Limit:  2,
 			Search: "",
-		})
+		}, "")
 		require.NoError(t, err)
 		require.Len(t, apikeys.APIKeys, 1)
 
@@ -856,7 +856,7 @@ func TestProjectCheckUsage_withoutUsage(t *testing.T) {
 			Page:   1,
 			Limit:  2,
 			Search: "",
-		})
+		}, "")
 		require.NoError(t, err)
 		require.Len(t, apiKeys.APIKeys, 1)
 
@@ -901,7 +901,7 @@ func TestProjectCheckUsage_withUsage(t *testing.T) {
 			Page:   1,
 			Limit:  2,
 			Search: "",
-		})
+		}, "")
 		require.NoError(t, err)
 		require.Len(t, apiKeys.APIKeys, 1)
 
@@ -1007,7 +1007,7 @@ func TestProjectCheckUsage_lastMonthUnappliedInvoice(t *testing.T) {
 			Page:   1,
 			Limit:  2,
 			Search: "",
-		})
+		}, "")
 		require.NoError(t, err)
 		require.Len(t, apiKeys.APIKeys, 1)
 
@@ -1092,7 +1092,7 @@ func TestProjectDelete_withUsageCurrentMonth(t *testing.T) {
 			Page:   1,
 			Limit:  2,
 			Search: "",
-		})
+		}, "")
 		require.NoError(t, err)
 		require.Len(t, apiKeys.APIKeys, 1)
 
@@ -1206,7 +1206,7 @@ func TestProjectDelete_withUsagePreviousMonthUncharged(t *testing.T) {
 			Page:   1,
 			Limit:  2,
 			Search: "",
-		})
+		}, "")
 		require.NoError(t, err)
 		require.Len(t, apiKeys.APIKeys, 1)
 
@@ -1325,7 +1325,7 @@ func TestProjectDelete_withUsagePreviousMonthCharged(t *testing.T) {
 			Page:   1,
 			Limit:  2,
 			Search: "",
-		})
+		}, "")
 		require.NoError(t, err)
 		require.Len(t, apiKeys.APIKeys, 1)
 

diff --git a/satellite/console/apikeys.go b/satellite/console/apikeys.go
@@ -16,7 +16,7 @@ import (
 // architecture: Database
 type APIKeys interface {
 	// GetPagedByProjectID is a method for querying API keys from the database by projectID and cursor
-	GetPagedByProjectID(ctx context.Context, projectID uuid.UUID, cursor APIKeyCursor) (akp *APIKeyPage, err error)
+	GetPagedByProjectID(ctx context.Context, projectID uuid.UUID, cursor APIKeyCursor, ignoredNamePrefix string) (akp *APIKeyPage, err error)
 	// Get retrieves APIKeyInfo with given ID
 	Get(ctx context.Context, id uuid.UUID) (*APIKeyInfo, error)
 	// GetByHead retrieves APIKeyInfo for given key head

diff --git a/satellite/console/apikeys_test.go b/satellite/console/apikeys_test.go
@@ -54,7 +54,7 @@ func TestApiKeysRepository(t *testing.T) {
 				Limit:  10,
 				Search: "",
 			}
-			page, err := apikeys.GetPagedByProjectID(ctx, project.ID, cursor)
+			page, err := apikeys.GetPagedByProjectID(ctx, project.ID, cursor, "")
 
 			assert.NotNil(t, page)
 			assert.Equal(t, len(page.APIKeys), 10)
@@ -67,7 +67,7 @@ func TestApiKeysRepository(t *testing.T) {
 				Limit:  2,
 				Search: "",
 			}
-			page, err := apikeys.GetPagedByProjectID(ctx, project.ID, cursor)
+			page, err := apikeys.GetPagedByProjectID(ctx, project.ID, cursor, "")
 
 			assert.NotNil(t, page)
 			assert.Equal(t, len(page.APIKeys), 2)
@@ -81,7 +81,7 @@ func TestApiKeysRepository(t *testing.T) {
 				Limit:  10,
 				Search: "",
 			}
-			page, err := apikeys.GetPagedByProjectID(ctx, project.ID, cursor)
+			page, err := apikeys.GetPagedByProjectID(ctx, project.ID, cursor, "")
 
 			assert.NotNil(t, page)
 			assert.Equal(t, len(page.APIKeys), 10)
@@ -100,7 +100,7 @@ func TestApiKeysRepository(t *testing.T) {
 				Limit:  10,
 				Search: "",
 			}
-			page, err := apikeys.GetPagedByProjectID(ctx, project.ID, cursor)
+			page, err := apikeys.GetPagedByProjectID(ctx, project.ID, cursor, "")
 			assert.NotNil(t, page)
 			assert.Equal(t, len(page.APIKeys), 10)
 			assert.NoError(t, err)
@@ -127,7 +127,7 @@ func TestApiKeysRepository(t *testing.T) {
 				Limit:  10,
 				Search: "",
 			}
-			page, err := apikeys.GetPagedByProjectID(ctx, project.ID, cursor)
+			page, err := apikeys.GetPagedByProjectID(ctx, project.ID, cursor, "")
 			assert.NotNil(t, page)
 			assert.Equal(t, len(page.APIKeys), 10)
 			assert.NoError(t, err)
@@ -142,7 +142,7 @@ func TestApiKeysRepository(t *testing.T) {
 			err = apikeys.Delete(ctx, key.ID)
 			assert.NoError(t, err)
 
-			page, err = apikeys.GetPagedByProjectID(ctx, project.ID, cursor)
+			page, err = apikeys.GetPagedByProjectID(ctx, project.ID, cursor, "")
 			assert.NotNil(t, page)
 			assert.Equal(t, len(page.APIKeys), 9)
 			assert.NoError(t, err)
@@ -154,7 +154,7 @@ func TestApiKeysRepository(t *testing.T) {
 				Limit:  10,
 				Search: "",
 			}
-			page, err := apikeys.GetPagedByProjectID(ctx, project.ID, cursor)
+			page, err := apikeys.GetPagedByProjectID(ctx, project.ID, cursor, "")
 
 			assert.Nil(t, page)
 			assert.Error(t, err)
@@ -210,5 +210,66 @@ func TestApiKeysRepository(t *testing.T) {
 			assert.Equal(t, keyInfo.Name, names[0])
 			assert.Equal(t, keyInfo1.Name, names[1])
 		})
+
+		t.Run("GetPagedByProjectID with excluding name prefix", func(t *testing.T) {
+			pr, err := projects.Insert(ctx, &console.Project{
+				Name: "ProjectName2",
+			})
+			assert.NotNil(t, pr)
+			assert.NoError(t, err)
+
+			secret, err := macaroon.NewSecret()
+			assert.NoError(t, err)
+
+			key, err := macaroon.NewAPIKey(secret)
+			assert.NoError(t, err)
+			key1, err := macaroon.NewAPIKey(secret)
+			assert.NoError(t, err)
+			key2, err := macaroon.NewAPIKey(secret)
+			assert.NoError(t, err)
+
+			keyInfo := console.APIKeyInfo{
+				Name:      "visibleKey1",
+				ProjectID: pr.ID,
+				Secret:    secret,
+			}
+			keyInfo1 := console.APIKeyInfo{
+				Name:      "visibleKey2",
+				ProjectID: pr.ID,
+				Secret:    secret,
+			}
+			ignoredPrefix := "notVisibleKey"
+			keyInfo2 := console.APIKeyInfo{
+				Name:      ignoredPrefix + "123",
+				ProjectID: pr.ID,
+				Secret:    secret,
+			}
+
+			createdKey, err := apikeys.Create(ctx, key.Head(), keyInfo)
+			assert.NoError(t, err)
+			assert.NotNil(t, createdKey)
+			createdKey1, err := apikeys.Create(ctx, key1.Head(), keyInfo1)
+			assert.NoError(t, err)
+			assert.NotNil(t, createdKey1)
+			createdKey2, err := apikeys.Create(ctx, key2.Head(), keyInfo2)
+			assert.NoError(t, err)
+			assert.NotNil(t, createdKey2)
+
+			cursor := console.APIKeyCursor{Page: 1, Limit: 10}
+			keys, err := apikeys.GetPagedByProjectID(ctx, pr.ID, cursor, ignoredPrefix)
+			assert.NoError(t, err)
+			assert.NotNil(t, keys)
+			assert.Equal(t, uint64(2), keys.TotalCount)
+			assert.Equal(t, 2, len(keys.APIKeys))
+			assert.Equal(t, keyInfo.Name, keys.APIKeys[0].Name)
+			assert.Equal(t, keyInfo1.Name, keys.APIKeys[1].Name)
+
+			cursor.Search = ignoredPrefix
+			keys, err = apikeys.GetPagedByProjectID(ctx, pr.ID, cursor, ignoredPrefix)
+			assert.NoError(t, err)
+			assert.NotNil(t, keys)
+			assert.Equal(t, uint64(0), keys.TotalCount)
+			assert.Equal(t, 0, len(keys.APIKeys))
+		})
 	})
 }
diff --git a/satellite/console/service.go b/satellite/console/service.go
@@ -2951,7 +2951,7 @@ func (s *Service) GetAPIKeys(ctx context.Context, reqProjectID uuid.UUID, cursor
 		cursor.Limit = maxLimit
 	}
 
-	page, err = s.store.APIKeys().GetPagedByProjectID(ctx, projectID, cursor)
+	page, err = s.store.APIKeys().GetPagedByProjectID(ctx, projectID, cursor, s.config.ObjectBrowserKeyNamePrefix)
 	if err != nil {
 		return nil, Error.Wrap(err)
 	}
@@ -3510,7 +3510,7 @@ func (s *Service) checkProjectCanBeDeleted(ctx context.Context, user *User, proj
 		return ErrUsage.New("some buckets still exist")
 	}
 
-	keys, err := s.store.APIKeys().GetPagedByProjectID(ctx, projectID, APIKeyCursor{Limit: 1, Page: 1})
+	keys, err := s.store.APIKeys().GetPagedByProjectID(ctx, projectID, APIKeyCursor{Limit: 1, Page: 1}, "")
 	if err != nil {
 		return err
 	}

diff --git a/satellite/satellitedb/apikeys.go b/satellite/satellitedb/apikeys.go
@@ -26,15 +26,11 @@ type apikeys struct {
 	db      *satelliteDB
 }
 
-func (keys *apikeys) GetPagedByProjectID(ctx context.Context, projectID uuid.UUID, cursor console.APIKeyCursor) (akp *console.APIKeyPage, err error) {
+func (keys *apikeys) GetPagedByProjectID(ctx context.Context, projectID uuid.UUID, cursor console.APIKeyCursor, ignoredNamePrefix string) (page *console.APIKeyPage, err error) {
 	defer mon.Task()(&ctx)(&err)
 
 	search := "%" + strings.ReplaceAll(cursor.Search, " ", "%") + "%"
 
-	if cursor.Limit > 50 {
-		cursor.Limit = 50
-	}
-
 	if cursor.Limit == 0 {
 		return nil, console.ErrAPIKeyRequest.New("limit cannot be 0")
 	}
@@ -43,7 +39,7 @@ func (keys *apikeys) GetPagedByProjectID(ctx context.Context, projectID uuid.UUI
 		return nil, console.ErrAPIKeyRequest.New("page cannot be 0")
 	}
 
-	page := &console.APIKeyPage{
+	page = &console.APIKeyPage{
 		Search:         cursor.Search,
 		Limit:          cursor.Limit,
 		Offset:         uint64((cursor.Page - 1) * cursor.Limit),
@@ -58,10 +54,17 @@ func (keys *apikeys) GetPagedByProjectID(ctx context.Context, projectID uuid.UUI
 		AND lower(ak.name) LIKE ?
 	`)
 
+	ignorePrefixClause := ""
+	if ignoredNamePrefix != "" {
+		ignorePrefixClause = "AND ak.name NOT LIKE '" + ignoredNamePrefix + "%' "
+		countQuery += ignorePrefixClause
+	}
+
 	countRow := keys.db.QueryRowContext(ctx,
 		countQuery,
 		projectID[:],
-		strings.ToLower(search))
+		strings.ToLower(search),
+	)
 
 	err = countRow.Scan(&page.TotalCount)
 	if err != nil {
@@ -80,7 +83,7 @@ func (keys *apikeys) GetPagedByProjectID(ctx context.Context, projectID uuid.UUI
 		WHERE ak.project_id = ?
 		AND ak.project_id = p.id
 		AND lower(ak.name) LIKE ?
-		` + apikeySortClause(cursor.Order, page.OrderDirection) + `
+		` + ignorePrefixClause + apikeySortClause(cursor.Order, page.OrderDirection) + `
 		LIMIT ? OFFSET ?`)
 
 	rows, err := keys.db.QueryContext(ctx,