grafana/pkg/api/apikey.go

package api

import (
	"time"

	"github.com/grafana/grafana/pkg/api/dtos"
	"github.com/grafana/grafana/pkg/bus"
	"github.com/grafana/grafana/pkg/components/apikeygen"
	"github.com/grafana/grafana/pkg/models"
)

func GetAPIKeys(c *models.ReqContext) Response {
	query := models.GetApiKeysQuery{OrgId: c.OrgId, IncludeExpired: c.QueryBool("includeExpired")}

	if err := bus.Dispatch(&query); err != nil {
		return Error(500, "Failed to list api keys", err)
	}

	result := make([]*models.ApiKeyDTO, len(query.Result))
	for i, t := range query.Result {
		var expiration *time.Time = nil
		if t.Expires != nil {
			v := time.Unix(*t.Expires, 0)
			expiration = &v
		}
		result[i] = &models.ApiKeyDTO{
			Id:         t.Id,
			Name:       t.Name,
			Role:       t.Role,
			Expiration: expiration,
		}
	}

	return JSON(200, result)
}

func DeleteAPIKey(c *models.ReqContext) Response {
	id := c.ParamsInt64(":id")

	cmd := &models.DeleteApiKeyCommand{Id: id, OrgId: c.OrgId}

	err := bus.Dispatch(cmd)
	if err != nil {
		return Error(500, "Failed to delete API key", err)
	}

	return Success("API key deleted")
}

func (hs *HTTPServer) AddAPIKey(c *models.ReqContext, cmd models.AddApiKeyCommand) Response {
	if !cmd.Role.IsValid() {
		return Error(400, "Invalid role specified", nil)
	}

	if hs.Cfg.ApiKeyMaxSecondsToLive != -1 {
		if cmd.SecondsToLive == 0 {
			return Error(400, "Number of seconds before expiration should be set", nil)
		}
		if cmd.SecondsToLive > hs.Cfg.ApiKeyMaxSecondsToLive {
			return Error(400, "Number of seconds before expiration is greater than the global limit", nil)
		}
	}
	cmd.OrgId = c.OrgId

	newKeyInfo, err := apikeygen.New(cmd.OrgId, cmd.Name)
	if err != nil {
		return Error(500, "Generating API key failed", err)
	}

	cmd.Key = newKeyInfo.HashedKey

	if err := bus.Dispatch(&cmd); err != nil {
		if err == models.ErrInvalidApiKeyExpiration {
			return Error(400, err.Error(), nil)
		}
		if err == models.ErrDuplicateApiKey {
			return Error(409, err.Error(), nil)
		}
		return Error(500, "Failed to add API Key", err)
	}

	result := &dtos.NewApiKeyResult{
		Name: cmd.Result.Name,
		Key:  newKeyInfo.ClientSecret}

	return JSON(200, result)
}
API token -> API key rename 2015-01-27 08:26:11 +01:00			`package api`

			`import (`
pkg/util: Check errors (#19832) * pkg/util: Check errors * pkg/services: DRY up code 2019-10-23 10:40:12 +02:00			`"time"`

New implementation for API Keys that only stores hashed api keys, and the client key is base64 decoded json web token with the unhashed key, Closes #1440 2015-02-26 17:23:28 +01:00			`"github.com/grafana/grafana/pkg/api/dtos"`
Changed go package path 2015-02-05 10:37:13 +01:00			`"github.com/grafana/grafana/pkg/bus"`
New implementation for API Keys that only stores hashed api keys, and the client key is base64 decoded json web token with the unhashed key, Closes #1440 2015-02-26 17:23:28 +01:00			`"github.com/grafana/grafana/pkg/components/apikeygen"`
Auth: Allow expiration of API keys (#17678) * Modify backend to allow expiration of API Keys * Add middleware test for expired api keys * Modify frontend to enable expiration of API Keys * Fix frontend tests * Fix migration and add index for `expires` field * Add api key tests for database access * Substitude time.Now() by a mock for test usage * Front-end modifications * Change input label to `Time to live` * Change input behavior to comply with the other similar * Add tooltip * Modify AddApiKey api call response Expiration should be time.Time instead of string Present expiration date in the selected timezone * Use kbn for transforming intervals to seconds * Use `assert` library for tests * Frontend fixes Add checks for empty/undefined/null values * Change expires column from datetime to integer * Restrict api key duration input It should be interval not number * AddApiKey must complain if SecondsToLive is negative * Declare ErrInvalidApiKeyExpiration * Move configuration to auth section * Update docs * Eliminate alias for models in modified files * Omit expiration from api response if empty * Eliminate Goconvey from test file * Fix test Do not sleep, use mocked timeNow() instead * Remove index for expires from api_key table The index should be anyway on both org_id and expires fields. However this commit eliminates completely the index for now since not many rows are expected to be in this table. * Use getTimeZone function * Minor change in api key listing The frontend should display a message instead of empty string if the key does not expire. 2019-06-26 09:47:03 +03:00			`"github.com/grafana/grafana/pkg/models"`
API token -> API key rename 2015-01-27 08:26:11 +01:00			`)`

Auth: Allow expiration of API keys (#17678) * Modify backend to allow expiration of API Keys * Add middleware test for expired api keys * Modify frontend to enable expiration of API Keys * Fix frontend tests * Fix migration and add index for `expires` field * Add api key tests for database access * Substitude time.Now() by a mock for test usage * Front-end modifications * Change input label to `Time to live` * Change input behavior to comply with the other similar * Add tooltip * Modify AddApiKey api call response Expiration should be time.Time instead of string Present expiration date in the selected timezone * Use kbn for transforming intervals to seconds * Use `assert` library for tests * Frontend fixes Add checks for empty/undefined/null values * Change expires column from datetime to integer * Restrict api key duration input It should be interval not number * AddApiKey must complain if SecondsToLive is negative * Declare ErrInvalidApiKeyExpiration * Move configuration to auth section * Update docs * Eliminate alias for models in modified files * Omit expiration from api response if empty * Eliminate Goconvey from test file * Fix test Do not sleep, use mocked timeNow() instead * Remove index for expires from api_key table The index should be anyway on both org_id and expires fields. However this commit eliminates completely the index for now since not many rows are expected to be in this table. * Use getTimeZone function * Minor change in api key listing The frontend should display a message instead of empty string if the key does not expire. 2019-06-26 09:47:03 +03:00			`func GetAPIKeys(c *models.ReqContext) Response {`
API: Optionally list expired keys (#20468) * API: Optionally list expired keys * Update docs 2019-11-20 13:14:57 +02:00			`query := models.GetApiKeysQuery{OrgId: c.OrgId, IncludeExpired: c.QueryBool("includeExpired")}`
API token -> API key rename 2015-01-27 08:26:11 +01:00
			`if err := bus.Dispatch(&query); err != nil {`
Make golint happier 2018-03-22 22:13:46 +01:00			`return Error(500, "Failed to list api keys", err)`
API token -> API key rename 2015-01-27 08:26:11 +01:00			`}`

Auth: Allow expiration of API keys (#17678) * Modify backend to allow expiration of API Keys * Add middleware test for expired api keys * Modify frontend to enable expiration of API Keys * Fix frontend tests * Fix migration and add index for `expires` field * Add api key tests for database access * Substitude time.Now() by a mock for test usage * Front-end modifications * Change input label to `Time to live` * Change input behavior to comply with the other similar * Add tooltip * Modify AddApiKey api call response Expiration should be time.Time instead of string Present expiration date in the selected timezone * Use kbn for transforming intervals to seconds * Use `assert` library for tests * Frontend fixes Add checks for empty/undefined/null values * Change expires column from datetime to integer * Restrict api key duration input It should be interval not number * AddApiKey must complain if SecondsToLive is negative * Declare ErrInvalidApiKeyExpiration * Move configuration to auth section * Update docs * Eliminate alias for models in modified files * Omit expiration from api response if empty * Eliminate Goconvey from test file * Fix test Do not sleep, use mocked timeNow() instead * Remove index for expires from api_key table The index should be anyway on both org_id and expires fields. However this commit eliminates completely the index for now since not many rows are expected to be in this table. * Use getTimeZone function * Minor change in api key listing The frontend should display a message instead of empty string if the key does not expire. 2019-06-26 09:47:03 +03:00			`result := make([]*models.ApiKeyDTO, len(query.Result))`
API token -> API key rename 2015-01-27 08:26:11 +01:00			`for i, t := range query.Result {`
Auth: Allow expiration of API keys (#17678) * Modify backend to allow expiration of API Keys * Add middleware test for expired api keys * Modify frontend to enable expiration of API Keys * Fix frontend tests * Fix migration and add index for `expires` field * Add api key tests for database access * Substitude time.Now() by a mock for test usage * Front-end modifications * Change input label to `Time to live` * Change input behavior to comply with the other similar * Add tooltip * Modify AddApiKey api call response Expiration should be time.Time instead of string Present expiration date in the selected timezone * Use kbn for transforming intervals to seconds * Use `assert` library for tests * Frontend fixes Add checks for empty/undefined/null values * Change expires column from datetime to integer * Restrict api key duration input It should be interval not number * AddApiKey must complain if SecondsToLive is negative * Declare ErrInvalidApiKeyExpiration * Move configuration to auth section * Update docs * Eliminate alias for models in modified files * Omit expiration from api response if empty * Eliminate Goconvey from test file * Fix test Do not sleep, use mocked timeNow() instead * Remove index for expires from api_key table The index should be anyway on both org_id and expires fields. However this commit eliminates completely the index for now since not many rows are expected to be in this table. * Use getTimeZone function * Minor change in api key listing The frontend should display a message instead of empty string if the key does not expire. 2019-06-26 09:47:03 +03:00			`var expiration *time.Time = nil`
			`if t.Expires != nil {`
			`v := time.Unix(*t.Expires, 0)`
			`expiration = &v`
			`}`
			`result[i] = &models.ApiKeyDTO{`
			`Id: t.Id,`
			`Name: t.Name,`
			`Role: t.Role,`
			`Expiration: expiration,`
API token -> API key rename 2015-01-27 08:26:11 +01:00			`}`
			`}`
Refactoring some api handlers to use the new Response return object 2015-05-18 21:23:40 +02:00
Make golint happier 2018-03-22 22:13:46 +01:00			`return JSON(200, result)`
API token -> API key rename 2015-01-27 08:26:11 +01:00			`}`

Auth: Allow expiration of API keys (#17678) * Modify backend to allow expiration of API Keys * Add middleware test for expired api keys * Modify frontend to enable expiration of API Keys * Fix frontend tests * Fix migration and add index for `expires` field * Add api key tests for database access * Substitude time.Now() by a mock for test usage * Front-end modifications * Change input label to `Time to live` * Change input behavior to comply with the other similar * Add tooltip * Modify AddApiKey api call response Expiration should be time.Time instead of string Present expiration date in the selected timezone * Use kbn for transforming intervals to seconds * Use `assert` library for tests * Frontend fixes Add checks for empty/undefined/null values * Change expires column from datetime to integer * Restrict api key duration input It should be interval not number * AddApiKey must complain if SecondsToLive is negative * Declare ErrInvalidApiKeyExpiration * Move configuration to auth section * Update docs * Eliminate alias for models in modified files * Omit expiration from api response if empty * Eliminate Goconvey from test file * Fix test Do not sleep, use mocked timeNow() instead * Remove index for expires from api_key table The index should be anyway on both org_id and expires fields. However this commit eliminates completely the index for now since not many rows are expected to be in this table. * Use getTimeZone function * Minor change in api key listing The frontend should display a message instead of empty string if the key does not expire. 2019-06-26 09:47:03 +03:00			`func DeleteAPIKey(c *models.ReqContext) Response {`
API token -> API key rename 2015-01-27 08:26:11 +01:00			`id := c.ParamsInt64(":id")`

Auth: Allow expiration of API keys (#17678) * Modify backend to allow expiration of API Keys * Add middleware test for expired api keys * Modify frontend to enable expiration of API Keys * Fix frontend tests * Fix migration and add index for `expires` field * Add api key tests for database access * Substitude time.Now() by a mock for test usage * Front-end modifications * Change input label to `Time to live` * Change input behavior to comply with the other similar * Add tooltip * Modify AddApiKey api call response Expiration should be time.Time instead of string Present expiration date in the selected timezone * Use kbn for transforming intervals to seconds * Use `assert` library for tests * Frontend fixes Add checks for empty/undefined/null values * Change expires column from datetime to integer * Restrict api key duration input It should be interval not number * AddApiKey must complain if SecondsToLive is negative * Declare ErrInvalidApiKeyExpiration * Move configuration to auth section * Update docs * Eliminate alias for models in modified files * Omit expiration from api response if empty * Eliminate Goconvey from test file * Fix test Do not sleep, use mocked timeNow() instead * Remove index for expires from api_key table The index should be anyway on both org_id and expires fields. However this commit eliminates completely the index for now since not many rows are expected to be in this table. * Use getTimeZone function * Minor change in api key listing The frontend should display a message instead of empty string if the key does not expire. 2019-06-26 09:47:03 +03:00			`cmd := &models.DeleteApiKeyCommand{Id: id, OrgId: c.OrgId}`
API token -> API key rename 2015-01-27 08:26:11 +01:00
			`err := bus.Dispatch(cmd)`
			`if err != nil {`
Make golint happier 2018-03-22 22:13:46 +01:00			`return Error(500, "Failed to delete API key", err)`
API token -> API key rename 2015-01-27 08:26:11 +01:00			`}`

Make golint happier 2018-03-22 22:13:46 +01:00			`return Success("API key deleted")`
API token -> API key rename 2015-01-27 08:26:11 +01:00			`}`

Auth: Allow expiration of API keys (#17678) * Modify backend to allow expiration of API Keys * Add middleware test for expired api keys * Modify frontend to enable expiration of API Keys * Fix frontend tests * Fix migration and add index for `expires` field * Add api key tests for database access * Substitude time.Now() by a mock for test usage * Front-end modifications * Change input label to `Time to live` * Change input behavior to comply with the other similar * Add tooltip * Modify AddApiKey api call response Expiration should be time.Time instead of string Present expiration date in the selected timezone * Use kbn for transforming intervals to seconds * Use `assert` library for tests * Frontend fixes Add checks for empty/undefined/null values * Change expires column from datetime to integer * Restrict api key duration input It should be interval not number * AddApiKey must complain if SecondsToLive is negative * Declare ErrInvalidApiKeyExpiration * Move configuration to auth section * Update docs * Eliminate alias for models in modified files * Omit expiration from api response if empty * Eliminate Goconvey from test file * Fix test Do not sleep, use mocked timeNow() instead * Remove index for expires from api_key table The index should be anyway on both org_id and expires fields. However this commit eliminates completely the index for now since not many rows are expected to be in this table. * Use getTimeZone function * Minor change in api key listing The frontend should display a message instead of empty string if the key does not expire. 2019-06-26 09:47:03 +03:00			`func (hs HTTPServer) AddAPIKey(c models.ReqContext, cmd models.AddApiKeyCommand) Response {`
API token -> API key rename 2015-01-27 08:26:11 +01:00			`if !cmd.Role.IsValid() {`
Make golint happier 2018-03-22 22:13:46 +01:00			`return Error(400, "Invalid role specified", nil)`
API token -> API key rename 2015-01-27 08:26:11 +01:00			`}`

Auth: Allow expiration of API keys (#17678) * Modify backend to allow expiration of API Keys * Add middleware test for expired api keys * Modify frontend to enable expiration of API Keys * Fix frontend tests * Fix migration and add index for `expires` field * Add api key tests for database access * Substitude time.Now() by a mock for test usage * Front-end modifications * Change input label to `Time to live` * Change input behavior to comply with the other similar * Add tooltip * Modify AddApiKey api call response Expiration should be time.Time instead of string Present expiration date in the selected timezone * Use kbn for transforming intervals to seconds * Use `assert` library for tests * Frontend fixes Add checks for empty/undefined/null values * Change expires column from datetime to integer * Restrict api key duration input It should be interval not number * AddApiKey must complain if SecondsToLive is negative * Declare ErrInvalidApiKeyExpiration * Move configuration to auth section * Update docs * Eliminate alias for models in modified files * Omit expiration from api response if empty * Eliminate Goconvey from test file * Fix test Do not sleep, use mocked timeNow() instead * Remove index for expires from api_key table The index should be anyway on both org_id and expires fields. However this commit eliminates completely the index for now since not many rows are expected to be in this table. * Use getTimeZone function * Minor change in api key listing The frontend should display a message instead of empty string if the key does not expire. 2019-06-26 09:47:03 +03:00			`if hs.Cfg.ApiKeyMaxSecondsToLive != -1 {`
			`if cmd.SecondsToLive == 0 {`
			`return Error(400, "Number of seconds before expiration should be set", nil)`
			`}`
			`if cmd.SecondsToLive > hs.Cfg.ApiKeyMaxSecondsToLive {`
			`return Error(400, "Number of seconds before expiration is greater than the global limit", nil)`
			`}`
			`}`
Big Backend Refatoring: Renamed Account -> Org 2015-02-23 20:07:49 +01:00			`cmd.OrgId = c.OrgId`
New implementation for API Keys that only stores hashed api keys, and the client key is base64 decoded json web token with the unhashed key, Closes #1440 2015-02-26 17:23:28 +01:00
pkg/util: Check errors (#19832) * pkg/util: Check errors * pkg/services: DRY up code 2019-10-23 10:40:12 +02:00			`newKeyInfo, err := apikeygen.New(cmd.OrgId, cmd.Name)`
			`if err != nil {`
			`return Error(500, "Generating API key failed", err)`
			`}`

New implementation for API Keys that only stores hashed api keys, and the client key is base64 decoded json web token with the unhashed key, Closes #1440 2015-02-26 17:23:28 +01:00			`cmd.Key = newKeyInfo.HashedKey`
API token -> API key rename 2015-01-27 08:26:11 +01:00
			`if err := bus.Dispatch(&cmd); err != nil {`
Auth: Allow expiration of API keys (#17678) * Modify backend to allow expiration of API Keys * Add middleware test for expired api keys * Modify frontend to enable expiration of API Keys * Fix frontend tests * Fix migration and add index for `expires` field * Add api key tests for database access * Substitude time.Now() by a mock for test usage * Front-end modifications * Change input label to `Time to live` * Change input behavior to comply with the other similar * Add tooltip * Modify AddApiKey api call response Expiration should be time.Time instead of string Present expiration date in the selected timezone * Use kbn for transforming intervals to seconds * Use `assert` library for tests * Frontend fixes Add checks for empty/undefined/null values * Change expires column from datetime to integer * Restrict api key duration input It should be interval not number * AddApiKey must complain if SecondsToLive is negative * Declare ErrInvalidApiKeyExpiration * Move configuration to auth section * Update docs * Eliminate alias for models in modified files * Omit expiration from api response if empty * Eliminate Goconvey from test file * Fix test Do not sleep, use mocked timeNow() instead * Remove index for expires from api_key table The index should be anyway on both org_id and expires fields. However this commit eliminates completely the index for now since not many rows are expected to be in this table. * Use getTimeZone function * Minor change in api key listing The frontend should display a message instead of empty string if the key does not expire. 2019-06-26 09:47:03 +03:00			`if err == models.ErrInvalidApiKeyExpiration {`
			`return Error(400, err.Error(), nil)`
			`}`
Auth: Duplicate API Key Name Handle With Useful HTTP Code (#17905) * API: Duplicate API Key Name Handle With Useful HTTP Code * 17447: make changes requested during review - use dialect.IsUniqueContraintViolation - change if statement to match others - return error properly * Revert "17447: make changes requested during review" This reverts commit a4a674ea83a9288701611f203f2a75531fb8a131. * API: useful http code on duplicate api key error w/ tests * API: API Key Duplicate Handling fixed small typo associated with error 2019-07-11 04:20:34 -04:00			`if err == models.ErrDuplicateApiKey {`
			`return Error(409, err.Error(), nil)`
			`}`
			`return Error(500, "Failed to add API Key", err)`
API token -> API key rename 2015-01-27 08:26:11 +01:00			`}`

New implementation for API Keys that only stores hashed api keys, and the client key is base64 decoded json web token with the unhashed key, Closes #1440 2015-02-26 17:23:28 +01:00			`result := &dtos.NewApiKeyResult{`
API token -> API key rename 2015-01-27 08:26:11 +01:00			`Name: cmd.Result.Name,`
Refactoring some api handlers to use the new Response return object 2015-05-18 21:23:40 +02:00			`Key: newKeyInfo.ClientSecret}`
API token -> API key rename 2015-01-27 08:26:11 +01:00
Make golint happier 2018-03-22 22:13:46 +01:00			`return JSON(200, result)`
API token -> API key rename 2015-01-27 08:26:11 +01:00			`}`