diff --git a/satellite/admin.go b/satellite/admin.go index 944ea907e..e2bd20f51 100644 --- a/satellite/admin.go +++ b/satellite/admin.go @@ -21,7 +21,7 @@ import ( "storj.io/storj/private/version/checker" "storj.io/storj/satellite/admin" "storj.io/storj/satellite/buckets" - "storj.io/storj/satellite/console/accountmanagementapikeys" + "storj.io/storj/satellite/console/restkeys" "storj.io/storj/satellite/metabase" "storj.io/storj/satellite/payments" "storj.io/storj/satellite/payments/stripecoinpayments" @@ -65,8 +65,8 @@ type Admin struct { Service *buckets.Service } - AccountManagementAPIKeys struct { - Service *accountmanagementapikeys.Service + REST struct { + Keys *restkeys.Service } } @@ -87,8 +87,8 @@ func NewAdmin(log *zap.Logger, full *identity.FullIdentity, db DB, metabaseDB *m peer.Buckets.Service = buckets.NewService(db.Buckets(), metabaseDB) } - { // setup account management api keys - peer.AccountManagementAPIKeys.Service = accountmanagementapikeys.NewService(db.OIDC().OAuthTokens(), config.AccountManagementAPIKeys) + { // setup rest keys + peer.REST.Keys = restkeys.NewService(db.OIDC().OAuthTokens(), config.RESTKeys) } { // setup debug @@ -173,7 +173,7 @@ func NewAdmin(log *zap.Logger, full *identity.FullIdentity, db DB, metabaseDB *m adminConfig := config.Admin adminConfig.AuthorizationToken = config.Console.AuthToken - peer.Admin.Server = admin.NewServer(log.Named("admin"), peer.Admin.Listener, peer.DB, peer.Buckets.Service, peer.AccountManagementAPIKeys.Service, peer.Payments.Accounts, adminConfig) + peer.Admin.Server = admin.NewServer(log.Named("admin"), peer.Admin.Listener, peer.DB, peer.Buckets.Service, peer.REST.Keys, peer.Payments.Accounts, adminConfig) peer.Servers.Add(lifecycle.Item{ Name: "admin", Run: peer.Admin.Server.Run, diff --git a/satellite/admin/accountmanagementapikeys.go b/satellite/admin/restkeys.go similarity index 86% rename from satellite/admin/accountmanagementapikeys.go rename to satellite/admin/restkeys.go index c7458965a..312458325 100644 --- a/satellite/admin/accountmanagementapikeys.go +++ b/satellite/admin/restkeys.go @@ -15,7 +15,7 @@ import ( "github.com/gorilla/mux" ) -func (server *Server) addAccountManagementAPIKey(w http.ResponseWriter, r *http.Request) { +func (server *Server) addRESTKey(w http.ResponseWriter, r *http.Request) { ctx := r.Context() vars := mux.Vars(r) @@ -66,7 +66,7 @@ func (server *Server) addAccountManagementAPIKey(w http.ResponseWriter, r *http. } } - apiKey, expiresAt, err := server.accountManagementAPIKeys.Create(ctx, user.ID, expiration) + apiKey, expiresAt, err := server.restKeys.Create(ctx, user.ID, expiration) if err != nil { sendJSONError(w, "api key creation failed", err.Error(), http.StatusInternalServerError) @@ -91,7 +91,7 @@ func (server *Server) addAccountManagementAPIKey(w http.ResponseWriter, r *http. sendJSONData(w, http.StatusOK, data) } -func (server *Server) revokeAccountManagementAPIKey(w http.ResponseWriter, r *http.Request) { +func (server *Server) revokeRESTKey(w http.ResponseWriter, r *http.Request) { ctx := r.Context() vars := mux.Vars(r) @@ -102,7 +102,7 @@ func (server *Server) revokeAccountManagementAPIKey(w http.ResponseWriter, r *ht return } - err := server.accountManagementAPIKeys.Revoke(ctx, apiKey) + err := server.restKeys.Revoke(ctx, apiKey) if err != nil { sendJSONError(w, "failed to revoke api key", err.Error(), http.StatusNotFound) diff --git a/satellite/admin/accountmanagementapikeys_test.go b/satellite/admin/restkeys_test.go similarity index 89% rename from satellite/admin/accountmanagementapikeys_test.go rename to satellite/admin/restkeys_test.go index 6bec4c3aa..9e00a9b7e 100644 --- a/satellite/admin/accountmanagementapikeys_test.go +++ b/satellite/admin/restkeys_test.go @@ -22,7 +22,7 @@ import ( "storj.io/storj/satellite/oidc" ) -func TestAccountManagementAPIKeys(t *testing.T) { +func TestRESTKeys(t *testing.T) { testplanet.Run(t, testplanet.Config{ SatelliteCount: 1, StorageNodeCount: 0, @@ -35,14 +35,14 @@ func TestAccountManagementAPIKeys(t *testing.T) { }, func(t *testing.T, ctx *testcontext.Context, planet *testplanet.Planet) { address := planet.Satellites[0].Admin.Admin.Listener.Addr() satellite := planet.Satellites[0] - keyService := satellite.API.AccountManagementAPIKeys.Service + keyService := satellite.API.REST.Keys user, err := planet.Satellites[0].DB.Console().Users().GetByEmail(ctx, planet.Uplinks[0].Projects[0].Owner.Email) require.NoError(t, err) t.Run("create with default expiration", func(t *testing.T) { body := strings.NewReader(`{"expiration":""}`) - req, err := http.NewRequestWithContext(ctx, http.MethodPost, fmt.Sprintf("http://"+address.String()+"/api/accountmanagementapikeys/%s", user.Email), body) + req, err := http.NewRequestWithContext(ctx, http.MethodPost, fmt.Sprintf("http://"+address.String()+"/api/restkeys/%s", user.Email), body) require.NoError(t, err) req.Header.Set("Authorization", satellite.Config.Console.AuthToken) @@ -73,7 +73,7 @@ func TestAccountManagementAPIKeys(t *testing.T) { require.False(t, exp.Before(now)) // check the expiration is around the time we expect - defaultExpiration := satellite.Config.AccountManagementAPIKeys.DefaultExpiration + defaultExpiration := satellite.Config.RESTKeys.DefaultExpiration require.True(t, output.ExpiresAt.After(now.Add(defaultExpiration))) require.True(t, output.ExpiresAt.Before(now.Add(defaultExpiration+time.Hour))) }) @@ -81,7 +81,7 @@ func TestAccountManagementAPIKeys(t *testing.T) { t.Run("create with custom expiration", func(t *testing.T) { durationString := "3h" body := strings.NewReader(fmt.Sprintf(`{"expiration":"%s"}`, durationString)) - req, err := http.NewRequestWithContext(ctx, http.MethodPost, fmt.Sprintf("http://"+address.String()+"/api/accountmanagementapikeys/%s", user.Email), body) + req, err := http.NewRequestWithContext(ctx, http.MethodPost, fmt.Sprintf("http://"+address.String()+"/api/restkeys/%s", user.Email), body) require.NoError(t, err) req.Header.Set("Authorization", satellite.Config.Console.AuthToken) @@ -125,13 +125,13 @@ func TestAccountManagementAPIKeys(t *testing.T) { expiresAt, err := keyService.InsertIntoDB(ctx, oidc.OAuthToken{ UserID: user.ID, - Kind: oidc.KindAccountManagementTokenV0, + Kind: oidc.KindRESTTokenV0, Token: hash, }, time.Now(), time.Hour) require.NoError(t, err) require.False(t, expiresAt.IsZero()) - req, err := http.NewRequestWithContext(ctx, http.MethodPut, fmt.Sprintf("http://"+address.String()+"/api/accountmanagementapikeys/%s/revoke", apiKey), nil) + req, err := http.NewRequestWithContext(ctx, http.MethodPut, fmt.Sprintf("http://"+address.String()+"/api/restkeys/%s/revoke", apiKey), nil) require.NoError(t, err) req.Header.Set("Authorization", satellite.Config.Console.AuthToken) diff --git a/satellite/admin/server.go b/satellite/admin/server.go index eb8715df1..444b9f75c 100644 --- a/satellite/admin/server.go +++ b/satellite/admin/server.go @@ -21,7 +21,7 @@ import ( adminui "storj.io/storj/satellite/admin/ui" "storj.io/storj/satellite/buckets" "storj.io/storj/satellite/console" - "storj.io/storj/satellite/console/accountmanagementapikeys" + "storj.io/storj/satellite/console/restkeys" "storj.io/storj/satellite/oidc" "storj.io/storj/satellite/payments" "storj.io/storj/satellite/payments/stripecoinpayments" @@ -56,10 +56,10 @@ type Server struct { listener net.Listener server http.Server - db DB - payments payments.Accounts - buckets *buckets.Service - accountManagementAPIKeys *accountmanagementapikeys.Service + db DB + payments payments.Accounts + buckets *buckets.Service + restKeys *restkeys.Service nowFn func() time.Time @@ -67,16 +67,16 @@ type Server struct { } // NewServer returns a new administration Server. -func NewServer(log *zap.Logger, listener net.Listener, db DB, buckets *buckets.Service, accountManagementAPIKeys *accountmanagementapikeys.Service, accounts payments.Accounts, config Config) *Server { +func NewServer(log *zap.Logger, listener net.Listener, db DB, buckets *buckets.Service, restKeys *restkeys.Service, accounts payments.Accounts, config Config) *Server { server := &Server{ log: log, listener: listener, - db: db, - payments: accounts, - buckets: buckets, - accountManagementAPIKeys: accountManagementAPIKeys, + db: db, + payments: accounts, + buckets: buckets, + restKeys: restKeys, nowFn: time.Now, @@ -110,8 +110,8 @@ func NewServer(log *zap.Logger, listener net.Listener, db DB, buckets *buckets.S api.HandleFunc("/projects/{project}/buckets/{bucket}/geofence", server.createGeofenceForBucket).Methods("POST") api.HandleFunc("/projects/{project}/buckets/{bucket}/geofence", server.deleteGeofenceForBucket).Methods("DELETE") api.HandleFunc("/apikeys/{apikey}", server.deleteAPIKey).Methods("DELETE") - api.HandleFunc("/accountmanagementapikeys/{useremail}", server.addAccountManagementAPIKey).Methods("POST") - api.HandleFunc("/accountmanagementapikeys/{apikey}/revoke", server.revokeAccountManagementAPIKey).Methods("PUT") + api.HandleFunc("/restkeys/{useremail}", server.addRESTKey).Methods("POST") + api.HandleFunc("/restkeys/{apikey}/revoke", server.revokeRESTKey).Methods("PUT") // This handler must be the last one because it uses the root as prefix, // otherwise will try to serve all the handlers set after this one. diff --git a/satellite/admin/ui/src/lib/api.ts b/satellite/admin/ui/src/lib/api.ts index 2276ef5f2..139150b55 100644 --- a/satellite/admin/ui/src/lib/api.ts +++ b/satellite/admin/ui/src/lib/api.ts @@ -372,28 +372,28 @@ Blank fields will not be updated.`, } } ], - account_management_api_keys: [ + rest_api_keys: [ { name: 'create', - desc: 'Create an account management API key', + desc: 'Create a REST key', //params: [['API key', new InputText('text', true)]], params: [ ["user's email", new InputText('text', true)], ['expiration', new InputText('text', false)] ], func: async (useremail: string, expiration?: string): Promise> => { - return this.fetch('POST', `accountmanagementapikeys/${useremail}`, null, { + return this.fetch('POST', `restkeys/${useremail}`, null, { expiration }); } }, { name: 'revoke', - desc: 'Revoke an account management API key', + desc: 'Revoke a REST key', //params: [['API key', new InputText('text', true)]], params: [['api key', new InputText('text', true)]], func: async (apikey: string): Promise> => { - return this.fetch('PUT', `accountmanagementapikeys/${apikey}/revoke`); + return this.fetch('PUT', `restkeys/${apikey}/revoke`); } } ] diff --git a/satellite/api.go b/satellite/api.go index 17b95bc03..01f873dd7 100644 --- a/satellite/api.go +++ b/satellite/api.go @@ -34,9 +34,9 @@ import ( "storj.io/storj/satellite/analytics" "storj.io/storj/satellite/buckets" "storj.io/storj/satellite/console" - "storj.io/storj/satellite/console/accountmanagementapikeys" "storj.io/storj/satellite/console/consoleauth" "storj.io/storj/satellite/console/consoleweb" + "storj.io/storj/satellite/console/restkeys" "storj.io/storj/satellite/contact" "storj.io/storj/satellite/gracefulexit" "storj.io/storj/satellite/inspector" @@ -137,8 +137,8 @@ type API struct { Stripe stripecoinpayments.StripeClient } - AccountManagementAPIKeys struct { - Service *accountmanagementapikeys.Service + REST struct { + Keys *restkeys.Service } Console struct { @@ -578,7 +578,7 @@ func NewAPI(log *zap.Logger, full *identity.FullIdentity, db DB, } { // setup account management api keys - peer.AccountManagementAPIKeys.Service = accountmanagementapikeys.NewService(peer.DB.OIDC().OAuthTokens(), config.AccountManagementAPIKeys) + peer.REST.Keys = restkeys.NewService(peer.DB.OIDC().OAuthTokens(), config.RESTKeys) } { // setup console @@ -595,7 +595,7 @@ func NewAPI(log *zap.Logger, full *identity.FullIdentity, db DB, peer.Log.Named("console:service"), &consoleauth.Hmac{Secret: []byte(consoleConfig.AuthTokenSecret)}, peer.DB.Console(), - peer.AccountManagementAPIKeys.Service, + peer.REST.Keys, peer.DB.ProjectAccounting(), peer.Accounting.ProjectUsage, peer.Buckets.Service, diff --git a/satellite/console/apikeys.go b/satellite/console/apikeys.go index b6ddcf9fa..236979b9b 100644 --- a/satellite/console/apikeys.go +++ b/satellite/console/apikeys.go @@ -30,8 +30,8 @@ type APIKeys interface { Delete(ctx context.Context, id uuid.UUID) error } -// AccountManagementAPIKeys is an interface for account management api key operations. -type AccountManagementAPIKeys interface { +// RESTKeys is an interface for rest key operations. +type RESTKeys interface { Create(ctx context.Context, userID uuid.UUID, expiration time.Duration) (apiKey string, expiresAt time.Time, err error) GetUserAndExpirationFromKey(ctx context.Context, apiKey string) (userID uuid.UUID, exp time.Time, err error) Revoke(ctx context.Context, apiKey string) (err error) diff --git a/satellite/console/consoleweb/consoleapi/gen/main.go b/satellite/console/consoleweb/consoleapi/gen/main.go index 20a2cb277..f57e0ac13 100644 --- a/satellite/console/consoleweb/consoleapi/gen/main.go +++ b/satellite/console/consoleweb/consoleapi/gen/main.go @@ -15,6 +15,7 @@ import ( ) func main() { + // definition for REST API a := &apigen.API{ Version: "v0", Description: "", diff --git a/satellite/console/consoleweb/consoleql/mutation_test.go b/satellite/console/consoleweb/consoleql/mutation_test.go index acea7f912..0ccfbc275 100644 --- a/satellite/console/consoleweb/consoleql/mutation_test.go +++ b/satellite/console/consoleweb/consoleql/mutation_test.go @@ -24,9 +24,9 @@ import ( "storj.io/storj/satellite/accounting/live" "storj.io/storj/satellite/analytics" "storj.io/storj/satellite/console" - "storj.io/storj/satellite/console/accountmanagementapikeys" "storj.io/storj/satellite/console/consoleauth" "storj.io/storj/satellite/console/consoleweb/consoleql" + "storj.io/storj/satellite/console/restkeys" "storj.io/storj/satellite/mailservice" "storj.io/storj/satellite/payments" "storj.io/storj/satellite/payments/paymentsconfig" @@ -99,7 +99,7 @@ func TestGraphqlMutation(t *testing.T) { log.Named("console"), &consoleauth.Hmac{Secret: []byte("my-suppa-secret-key")}, db.Console(), - accountmanagementapikeys.NewService(db.OIDC().OAuthTokens(), planet.Satellites[0].Config.AccountManagementAPIKeys), + restkeys.NewService(db.OIDC().OAuthTokens(), planet.Satellites[0].Config.RESTKeys), db.ProjectAccounting(), projectUsage, sat.API.Buckets.Service, diff --git a/satellite/console/consoleweb/consoleql/query_test.go b/satellite/console/consoleweb/consoleql/query_test.go index f694aca18..986420404 100644 --- a/satellite/console/consoleweb/consoleql/query_test.go +++ b/satellite/console/consoleweb/consoleql/query_test.go @@ -21,9 +21,9 @@ import ( "storj.io/storj/satellite/accounting/live" "storj.io/storj/satellite/analytics" "storj.io/storj/satellite/console" - "storj.io/storj/satellite/console/accountmanagementapikeys" "storj.io/storj/satellite/console/consoleauth" "storj.io/storj/satellite/console/consoleweb/consoleql" + "storj.io/storj/satellite/console/restkeys" "storj.io/storj/satellite/mailservice" "storj.io/storj/satellite/payments" "storj.io/storj/satellite/payments/paymentsconfig" @@ -83,7 +83,7 @@ func TestGraphqlQuery(t *testing.T) { log.Named("console"), &consoleauth.Hmac{Secret: []byte("my-suppa-secret-key")}, db.Console(), - accountmanagementapikeys.NewService(db.OIDC().OAuthTokens(), planet.Satellites[0].Config.AccountManagementAPIKeys), + restkeys.NewService(db.OIDC().OAuthTokens(), planet.Satellites[0].Config.RESTKeys), db.ProjectAccounting(), projectUsage, sat.API.Buckets.Service, diff --git a/satellite/console/accountmanagementapikeys/service.go b/satellite/console/restkeys/service.go similarity index 84% rename from satellite/console/accountmanagementapikeys/service.go rename to satellite/console/restkeys/service.go index 06b8ae0c9..b124d0224 100644 --- a/satellite/console/accountmanagementapikeys/service.go +++ b/satellite/console/restkeys/service.go @@ -1,7 +1,7 @@ // Copyright (C) 2022 Storj Labs, Inc. // See LICENSE for copying information. -package accountmanagementapikeys +package restkeys import ( "context" @@ -20,8 +20,8 @@ import ( var mon = monkit.Package() var ( - // Error describes internal account management api keys error. - Error = errs.Class("account management api keys service") + // Error describes internal rest keys error. + Error = errs.Class("rest keys service") // ErrDuplicateKey is error type that occurs when a generated account // management api key already exists. @@ -32,18 +32,18 @@ var ( ErrInvalidKey = errs.Class("invalid key") ) -// Config contains configuration parameters for account management api keys. +// Config contains configuration parameters for rest keys. type Config struct { - DefaultExpiration time.Duration `help:"expiration to use if user does not specify an account management api key expiration" default:"720h"` + DefaultExpiration time.Duration `help:"expiration to use if user does not specify an rest key expiration" default:"720h"` } -// Service handles operations regarding account management api keys. +// Service handles operations regarding rest keys. type Service struct { db oidc.OAuthTokens config Config } -// NewService creates a new account management api keys service. +// NewService creates a new rest keys service. func NewService(db oidc.OAuthTokens, config Config) *Service { return &Service{ db: db, @@ -51,7 +51,7 @@ func NewService(db oidc.OAuthTokens, config Config) *Service { } } -// Create creates and inserts an account management api key into the db. +// Create creates and inserts an rest key into the db. func (s *Service) Create(ctx context.Context, userID uuid.UUID, expiration time.Duration) (apiKey string, expiresAt time.Time, err error) { defer mon.Task()(&ctx)(&err) @@ -61,7 +61,7 @@ func (s *Service) Create(ctx context.Context, userID uuid.UUID, expiration time. } expiresAt, err = s.InsertIntoDB(ctx, oidc.OAuthToken{ UserID: userID, - Kind: oidc.KindAccountManagementTokenV0, + Kind: oidc.KindRESTTokenV0, Token: hash, }, time.Now(), expiration) if err != nil { @@ -111,7 +111,7 @@ func (s *Service) InsertIntoDB(ctx context.Context, oAuthToken oidc.OAuthToken, // The token column is the key to the OAuthTokens table, but the Create method does not return an error if a duplicate token insert is attempted. // We need to make sure a unique api key is created, so check that the value doesn't already exist. - _, err = s.db.Get(ctx, oidc.KindAccountManagementTokenV0, oAuthToken.Token) + _, err = s.db.Get(ctx, oidc.KindRESTTokenV0, oAuthToken.Token) if err != nil { if !errors.Is(err, sql.ErrNoRows) { return time.Time{}, Error.Wrap(err) @@ -144,7 +144,7 @@ func (s *Service) GetUserAndExpirationFromKey(ctx context.Context, apiKey string if err != nil { return uuid.UUID{}, time.Now(), err } - keyInfo, err := s.db.Get(ctx, oidc.KindAccountManagementTokenV0, hash) + keyInfo, err := s.db.Get(ctx, oidc.KindRESTTokenV0, hash) if err != nil { if errors.Is(err, sql.ErrNoRows) { return uuid.UUID{}, time.Now(), Error.Wrap(ErrInvalidKey.New("invalid account management api key")) @@ -163,11 +163,11 @@ func (s *Service) Revoke(ctx context.Context, apiKey string) (err error) { return Error.Wrap(err) } - _, err = s.db.Get(ctx, oidc.KindAccountManagementTokenV0, hash) + _, err = s.db.Get(ctx, oidc.KindRESTTokenV0, hash) if err != nil { return Error.Wrap(err) } - err = s.db.RevokeAccountManagementTokenV0(ctx, hash) + err = s.db.RevokeRESTTokenV0(ctx, hash) if err != nil { return Error.Wrap(err) } diff --git a/satellite/console/accountmanagementapikeys/service_test.go b/satellite/console/restkeys/service_test.go similarity index 72% rename from satellite/console/accountmanagementapikeys/service_test.go rename to satellite/console/restkeys/service_test.go index 7c7b30758..db990f888 100644 --- a/satellite/console/accountmanagementapikeys/service_test.go +++ b/satellite/console/restkeys/service_test.go @@ -1,7 +1,7 @@ // Copyright (C) 2020 Storj Labs, Inc. // See LICENSE for copying information. -package accountmanagementapikeys_test +package restkeys_test import ( "database/sql" @@ -13,16 +13,16 @@ import ( "storj.io/common/testcontext" "storj.io/common/testrand" "storj.io/storj/private/testplanet" - "storj.io/storj/satellite/console/accountmanagementapikeys" + "storj.io/storj/satellite/console/restkeys" "storj.io/storj/satellite/oidc" ) -func TestAccountManagementAPIKeys(t *testing.T) { +func TestRESTKeys(t *testing.T) { testplanet.Run(t, testplanet.Config{ SatelliteCount: 1, StorageNodeCount: 0, UplinkCount: 1, }, func(t *testing.T, ctx *testcontext.Context, planet *testplanet.Planet) { sat := planet.Satellites[0] - service := sat.API.AccountManagementAPIKeys.Service + service := sat.API.REST.Keys id := testrand.UUID() now := time.Now() @@ -42,14 +42,14 @@ func TestAccountManagementAPIKeys(t *testing.T) { require.NoError(t, err) _, err = service.InsertIntoDB(ctx, oidc.OAuthToken{ UserID: id, - Kind: oidc.KindAccountManagementTokenV0, + Kind: oidc.KindRESTTokenV0, Token: hash, }, now, expires) - require.True(t, accountmanagementapikeys.ErrDuplicateKey.Has(err)) + require.True(t, restkeys.ErrDuplicateKey.Has(err)) // test revocation require.NoError(t, service.Revoke(ctx, apiKey)) - token, err := sat.DB.OIDC().OAuthTokens().Get(ctx, oidc.KindAccountManagementTokenV0, hash) + token, err := sat.DB.OIDC().OAuthTokens().Get(ctx, oidc.KindRESTTokenV0, hash) require.Equal(t, sql.ErrNoRows, err) require.True(t, token.ExpiresAt.IsZero()) @@ -60,41 +60,41 @@ func TestAccountManagementAPIKeys(t *testing.T) { // test GetUserFromKey non existent key _, _, err = service.GetUserAndExpirationFromKey(ctx, nonexistent) - require.True(t, accountmanagementapikeys.ErrInvalidKey.Has(err)) + require.True(t, restkeys.ErrInvalidKey.Has(err)) }) } -func TestAccountManagementAPIKeysExpiration(t *testing.T) { +func TestRESTKeysExpiration(t *testing.T) { testplanet.Run(t, testplanet.Config{ SatelliteCount: 1, StorageNodeCount: 0, UplinkCount: 1, }, func(t *testing.T, ctx *testcontext.Context, planet *testplanet.Planet) { sat := planet.Satellites[0] - service := sat.API.AccountManagementAPIKeys.Service + service := sat.API.REST.Keys now := time.Now() // test no expiration uses default expiresAt, err := service.InsertIntoDB(ctx, oidc.OAuthToken{ UserID: testrand.UUID(), - Kind: oidc.KindAccountManagementTokenV0, + Kind: oidc.KindRESTTokenV0, Token: "testhash0", }, now, 0) require.NoError(t, err) - require.Equal(t, now.Add(sat.Config.AccountManagementAPIKeys.DefaultExpiration), expiresAt) + require.Equal(t, now.Add(sat.Config.RESTKeys.DefaultExpiration), expiresAt) // test negative expiration uses default expiresAt, err = service.InsertIntoDB(ctx, oidc.OAuthToken{ UserID: testrand.UUID(), - Kind: oidc.KindAccountManagementTokenV0, + Kind: oidc.KindRESTTokenV0, Token: "testhash1", }, now, -10000) require.NoError(t, err) - require.Equal(t, now.Add(sat.Config.AccountManagementAPIKeys.DefaultExpiration), expiresAt) + require.Equal(t, now.Add(sat.Config.RESTKeys.DefaultExpiration), expiresAt) // test regular expiration expiration := 14 * time.Hour expiresAt, err = service.InsertIntoDB(ctx, oidc.OAuthToken{ UserID: testrand.UUID(), - Kind: oidc.KindAccountManagementTokenV0, + Kind: oidc.KindRESTTokenV0, Token: "testhash2", }, now, expiration) require.NoError(t, err) diff --git a/satellite/console/service.go b/satellite/console/service.go index 81e55e82e..b6c0f1337 100644 --- a/satellite/console/service.go +++ b/satellite/console/service.go @@ -104,16 +104,16 @@ var ( type Service struct { Signer - log, auditLogger *zap.Logger - store DB - accountManagementAPIKeys AccountManagementAPIKeys - projectAccounting accounting.ProjectAccounting - projectUsage *accounting.Service - buckets Buckets - partners *rewards.PartnersService - accounts payments.Accounts - recaptchaHandler RecaptchaHandler - analytics *analytics.Service + log, auditLogger *zap.Logger + store DB + restKeys RESTKeys + projectAccounting accounting.ProjectAccounting + projectUsage *accounting.Service + buckets Buckets + partners *rewards.PartnersService + accounts payments.Accounts + recaptchaHandler RecaptchaHandler + analytics *analytics.Service config Config } @@ -154,7 +154,7 @@ type PaymentsService struct { } // NewService returns new instance of Service. -func NewService(log *zap.Logger, signer Signer, store DB, accountManagementAPIKeys AccountManagementAPIKeys, projectAccounting accounting.ProjectAccounting, projectUsage *accounting.Service, buckets Buckets, partners *rewards.PartnersService, accounts payments.Accounts, analytics *analytics.Service, config Config) (*Service, error) { +func NewService(log *zap.Logger, signer Signer, store DB, restKeys RESTKeys, projectAccounting accounting.ProjectAccounting, projectUsage *accounting.Service, buckets Buckets, partners *rewards.PartnersService, accounts payments.Accounts, analytics *analytics.Service, config Config) (*Service, error) { if signer == nil { return nil, errs.New("signer can't be nil") } @@ -169,19 +169,19 @@ func NewService(log *zap.Logger, signer Signer, store DB, accountManagementAPIKe } return &Service{ - log: log, - auditLogger: log.Named("auditlog"), - Signer: signer, - store: store, - accountManagementAPIKeys: accountManagementAPIKeys, - projectAccounting: projectAccounting, - projectUsage: projectUsage, - buckets: buckets, - partners: partners, - accounts: accounts, - recaptchaHandler: NewDefaultRecaptcha(config.Recaptcha.SecretKey), - analytics: analytics, - config: config, + log: log, + auditLogger: log.Named("auditlog"), + Signer: signer, + store: store, + restKeys: restKeys, + projectAccounting: projectAccounting, + projectUsage: projectUsage, + buckets: buckets, + partners: partners, + accounts: accounts, + recaptchaHandler: NewDefaultRecaptcha(config.Recaptcha.SecretKey), + analytics: analytics, + config: config, }, nil } @@ -1815,32 +1815,32 @@ func (s *Service) GetAPIKeys(ctx context.Context, projectID uuid.UUID, cursor AP return } -// CreateAccountManagementAPIKey creates an account management api key. -func (s *Service) CreateAccountManagementAPIKey(ctx context.Context, expiration time.Duration) (apiKey string, expiresAt time.Time, err error) { +// CreateRESTKey creates a satellite rest key. +func (s *Service) CreateRESTKey(ctx context.Context, expiration time.Duration) (apiKey string, expiresAt time.Time, err error) { defer mon.Task()(&ctx)(&err) - auth, err := s.getAuthAndAuditLog(ctx, "create account management api key") + auth, err := s.getAuthAndAuditLog(ctx, "create rest key") if err != nil { return "", time.Time{}, Error.Wrap(err) } - apiKey, expiresAt, err = s.accountManagementAPIKeys.Create(ctx, auth.User.ID, expiration) + apiKey, expiresAt, err = s.restKeys.Create(ctx, auth.User.ID, expiration) if err != nil { return "", time.Time{}, Error.Wrap(err) } return apiKey, expiresAt, nil } -// RevokeAccountManagementAPIKey revokes an account management api key. -func (s *Service) RevokeAccountManagementAPIKey(ctx context.Context, apiKey string) (err error) { +// RevokeRESTKey revokes a satellite REST key. +func (s *Service) RevokeRESTKey(ctx context.Context, apiKey string) (err error) { defer mon.Task()(&ctx)(&err) - _, err = s.getAuthAndAuditLog(ctx, "revoke account management api key") + _, err = s.getAuthAndAuditLog(ctx, "revoke rest key") if err != nil { return Error.Wrap(err) } - err = s.accountManagementAPIKeys.Revoke(ctx, apiKey) + err = s.restKeys.Revoke(ctx, apiKey) if err != nil { return Error.Wrap(err) } @@ -2219,7 +2219,7 @@ func (s *Service) keyAuth(ctx context.Context, r *http.Request) (context.Context ctx = consoleauth.WithAPIKey(ctx, []byte(apikey)) - userID, exp, err := s.accountManagementAPIKeys.GetUserAndExpirationFromKey(ctx, apikey) + userID, exp, err := s.restKeys.GetUserAndExpirationFromKey(ctx, apikey) if err != nil { return nil, err } diff --git a/satellite/console/service_test.go b/satellite/console/service_test.go index 531ad459f..f11ae9952 100644 --- a/satellite/console/service_test.go +++ b/satellite/console/service_test.go @@ -692,7 +692,7 @@ func TestActivateAccountToken(t *testing.T) { }) } -func TestAccountManagementAPIKeys(t *testing.T) { +func TestRESTKeys(t *testing.T) { testplanet.Run(t, testplanet.Config{ SatelliteCount: 1, StorageNodeCount: 0, UplinkCount: 1, }, func(t *testing.T, ctx *testcontext.Context, planet *testplanet.Planet) { @@ -710,18 +710,18 @@ func TestAccountManagementAPIKeys(t *testing.T) { now := time.Now() expires := 5 * time.Hour - apiKey, expiresAt, err := service.CreateAccountManagementAPIKey(authCtx, expires) + apiKey, expiresAt, err := service.CreateRESTKey(authCtx, expires) require.NoError(t, err) require.NotEmpty(t, apiKey) require.True(t, expiresAt.After(now)) require.True(t, expiresAt.Before(now.Add(expires+time.Hour))) // test revocation - require.NoError(t, service.RevokeAccountManagementAPIKey(authCtx, apiKey)) + require.NoError(t, service.RevokeRESTKey(authCtx, apiKey)) // test revoke non existent key nonexistent := testrand.UUID() - err = service.RevokeAccountManagementAPIKey(authCtx, nonexistent.String()) + err = service.RevokeRESTKey(authCtx, nonexistent.String()) require.Error(t, err) }) } diff --git a/satellite/oidc/database.go b/satellite/oidc/database.go index 5c8191703..c2cd8179c 100644 --- a/satellite/oidc/database.go +++ b/satellite/oidc/database.go @@ -92,8 +92,8 @@ type OAuthTokens interface { // Create creates a new OAuthToken. If the token already exists, no value is modified and nil is returned. Create(ctx context.Context, token OAuthToken) error - // RevokeAccountManagementTokenV0 revokes a v0 account management token by setting its expires_at time to zero. - RevokeAccountManagementTokenV0(ctx context.Context, token string) error + // RevokeRESTTokenV0 revokes a v0 rest token by setting its expires_at time to zero. + RevokeRESTTokenV0(ctx context.Context, token string) error } // OAuthTokenKind defines an enumeration of different types of supported tokens. @@ -106,8 +106,8 @@ const ( KindAccessToken = 1 // KindRefreshToken represents a refresh token within the database. KindRefreshToken = 2 - // KindAccountManagementTokenV0 represents an account management token within the database. - KindAccountManagementTokenV0 = 3 + // KindRESTTokenV0 represents a REST token within the database. + KindRESTTokenV0 = 3 ) // OAuthCode represents a code stored within our database. diff --git a/satellite/oidc/dbx.go b/satellite/oidc/dbx.go index ba7a7194a..e28b01c1e 100644 --- a/satellite/oidc/dbx.go +++ b/satellite/oidc/dbx.go @@ -181,10 +181,10 @@ func (o *tokensDBX) Create(ctx context.Context, token OAuthToken) error { return err } -// RevokeAccountManagementTokenV0 revokes a v0 account management token by setting its expires_at time to zero. -func (o *tokensDBX) RevokeAccountManagementTokenV0(ctx context.Context, token string) error { +// RevokeRESTTokenV0 revokes a v0 REST token by setting its expires_at time to zero. +func (o *tokensDBX) RevokeRESTTokenV0(ctx context.Context, token string) error { return o.db.UpdateNoReturn_OauthToken_By_Token_And_Kind(ctx, dbx.OauthToken_Token([]byte(token)), - dbx.OauthToken_Kind(int(KindAccountManagementTokenV0)), + dbx.OauthToken_Kind(int(KindRESTTokenV0)), dbx.OauthToken_Update_Fields{ ExpiresAt: dbx.OauthToken_ExpiresAt(time.Time{}), }) diff --git a/satellite/oidc/dbx_test.go b/satellite/oidc/dbx_test.go index 9e5eb1142..97311d207 100644 --- a/satellite/oidc/dbx_test.go +++ b/satellite/oidc/dbx_test.go @@ -112,7 +112,7 @@ func TestOAuthTokens(t *testing.T) { { ClientID: clientID, UserID: userID, - Kind: oidc.KindAccountManagementTokenV0, + Kind: oidc.KindRESTTokenV0, Token: "testToken", CreatedAt: start, ExpiresAt: start.Add(time.Hour), @@ -135,14 +135,14 @@ func TestOAuthTokens(t *testing.T) { }{ {oidc.KindAccessToken, "expired", sql.ErrNoRows}, {oidc.KindRefreshToken, "valid", nil}, - {oidc.KindAccountManagementTokenV0, "testToken", nil}, + {oidc.KindRESTTokenV0, "testToken", nil}, } for _, testCase := range testCases { _, err := tokens.Get(ctx, testCase.kind, testCase.token) require.Equal(t, testCase.err, err) - if testCase.kind == oidc.KindAccountManagementTokenV0 { - err = tokens.RevokeAccountManagementTokenV0(ctx, testCase.token) + if testCase.kind == oidc.KindRESTTokenV0 { + err = tokens.RevokeRESTTokenV0(ctx, testCase.token) require.NoError(t, err) token, err := tokens.Get(ctx, testCase.kind, testCase.token) require.Equal(t, sql.ErrNoRows, err) diff --git a/satellite/payments/stripecoinpayments/accounts_test.go b/satellite/payments/stripecoinpayments/accounts_test.go index 0ef0653c8..41c214a21 100644 --- a/satellite/payments/stripecoinpayments/accounts_test.go +++ b/satellite/payments/stripecoinpayments/accounts_test.go @@ -18,8 +18,8 @@ import ( "storj.io/storj/satellite/accounting/live" "storj.io/storj/satellite/analytics" "storj.io/storj/satellite/console" - "storj.io/storj/satellite/console/accountmanagementapikeys" "storj.io/storj/satellite/console/consoleauth" + "storj.io/storj/satellite/console/restkeys" "storj.io/storj/satellite/payments" "storj.io/storj/satellite/payments/paymentsconfig" "storj.io/storj/satellite/payments/stripecoinpayments" @@ -78,7 +78,7 @@ func TestSignupCouponCodes(t *testing.T) { log.Named("console"), &consoleauth.Hmac{Secret: []byte("my-suppa-secret-key")}, db.Console(), - accountmanagementapikeys.NewService(db.OIDC().OAuthTokens(), planet.Satellites[0].Config.AccountManagementAPIKeys), + restkeys.NewService(db.OIDC().OAuthTokens(), planet.Satellites[0].Config.RESTKeys), db.ProjectAccounting(), projectUsage, sat.API.Buckets.Service, diff --git a/satellite/peer.go b/satellite/peer.go index 43f8f05ef..75c3bd170 100644 --- a/satellite/peer.go +++ b/satellite/peer.go @@ -26,8 +26,8 @@ import ( "storj.io/storj/satellite/buckets" "storj.io/storj/satellite/compensation" "storj.io/storj/satellite/console" - "storj.io/storj/satellite/console/accountmanagementapikeys" "storj.io/storj/satellite/console/consoleweb" + "storj.io/storj/satellite/console/restkeys" "storj.io/storj/satellite/contact" "storj.io/storj/satellite/gc" "storj.io/storj/satellite/gracefulexit" @@ -145,8 +145,8 @@ type Config struct { Payments paymentsconfig.Config - AccountManagementAPIKeys accountmanagementapikeys.Config - Console consoleweb.Config + RESTKeys restkeys.Config + Console consoleweb.Config Version version_checker.Config diff --git a/scripts/testdata/satellite-config.yaml.lock b/scripts/testdata/satellite-config.yaml.lock index 0eb54d0c8..abc39571e 100755 --- a/scripts/testdata/satellite-config.yaml.lock +++ b/scripts/testdata/satellite-config.yaml.lock @@ -1,6 +1,3 @@ -# expiration to use if user does not specify an account management api key expiration -# account-management-api-keys.default-expiration: 720h0m0s - # admin peer http listening address # admin.address: "" @@ -781,6 +778,9 @@ identity.key-path: /root/.local/share/storj/identity/satellite/identity.key # the time period that must pass before suspended nodes will be disqualified # reputation.suspension-grace-period: 168h0m0s +# expiration to use if user does not specify an rest key expiration +# rest-keys.default-expiration: 720h0m0s + # age at which a rollup is archived # rollup-archive.archive-age: 2160h0m0s