Feature: Add API Key support (🚧)#350
Conversation
# Conflicts: # backend/app/DomainObjects/ProductDomainObject.php # backend/app/Services/Handlers/Order/CompleteOrderHandler.php # frontend/src/components/routes/product-widget/SelectProducts/Prices/Tiered/index.tsx # frontend/src/components/routes/product-widget/SelectProducts/index.tsx # frontend/src/locales/de.js # frontend/src/locales/de.po # frontend/src/locales/en.js # frontend/src/locales/en.po # frontend/src/locales/es.js # frontend/src/locales/es.po # frontend/src/locales/fr.js # frontend/src/locales/fr.po # frontend/src/locales/pt-br.js # frontend/src/locales/pt-br.po # frontend/src/locales/pt.js # frontend/src/locales/pt.po # frontend/src/locales/ru.js # frontend/src/locales/ru.po # frontend/src/locales/zh-cn.js # frontend/src/locales/zh-cn.po
# Conflicts: # backend/app/DomainObjects/Generated/ProductDomainObjectAbstract.php # backend/app/Services/Domain/Ticket/CreateTicketService.php # backend/app/Services/Handlers/Ticket/CreateTicketHandler.php # backend/app/Services/Handlers/Ticket/DTO/UpsertTicketDTO.php # backend/app/Services/Handlers/Ticket/EditTicketHandler.php # frontend/src/components/forms/ProductForm/index.tsx # frontend/src/components/modals/CreateTicketModal/index.tsx # frontend/src/components/modals/EditProductModal/index.tsx # frontend/src/components/routes/product-widget/AttendeeProductAndInformation/index.tsx # frontend/src/components/routes/product-widget/PrintProduct/index.tsx # frontend/src/components/routes/product-widget/SelectProducts/index.tsx # frontend/src/locales/de.js # frontend/src/locales/de.po # frontend/src/locales/en.js # frontend/src/locales/en.po # frontend/src/locales/es.js # frontend/src/locales/es.po # frontend/src/locales/fr.js # frontend/src/locales/fr.po # frontend/src/locales/pt-br.js # frontend/src/locales/pt-br.po # frontend/src/locales/pt.js # frontend/src/locales/pt.po # frontend/src/locales/ru.js # frontend/src/locales/ru.po # frontend/src/locales/zh-cn.js # frontend/src/locales/zh-cn.po # frontend/src/styles/widget/default.scss
# Conflicts: # frontend/src/components/common/AttendeeCheckInTable/QrScanner.tsx # frontend/src/components/common/AttendeeCheckInTable/index.tsx
# Conflicts: # frontend/src/components/routes/product-widget/SelectProducts/index.tsx # frontend/src/styles/widget/default.scss
# Conflicts: # backend/app/Services/Domain/Event/DuplicateEventService.php # frontend/src/components/routes/product-widget/SelectProducts/index.tsx
…notes Add ability to add notes to an attendee + Refactor Attendee modal
# Conflicts: # frontend/src/components/common/AttendeeList/index.tsx
# Conflicts: # backend/app/Exports/AttendeesExport.php # backend/app/Http/Actions/Attendees/GetAttendeeAction.php # backend/app/Http/Request/Attendee/CreateAttendeeRequest.php # backend/app/Resources/Attendee/AttendeeResource.php # backend/app/Services/Application/Handlers/Attendee/CreateAttendeeHandler.php # backend/app/Services/Domain/Order/OrderCancelService.php # backend/app/Services/Handlers/Attendee/EditAttendeeHandler.php # frontend/src/components/forms/CapaciyAssigmentForm/index.tsx # frontend/src/components/modals/CreateCapacityAssignmentModal/index.tsx # frontend/src/components/modals/EditAttendeeModal/index.tsx # frontend/src/components/modals/EditCapacityAssignmentModal/index.tsx # frontend/src/locales/de.js # frontend/src/locales/de.po # frontend/src/locales/en.js # frontend/src/locales/en.po # frontend/src/locales/es.js # frontend/src/locales/es.po # frontend/src/locales/fr.js # frontend/src/locales/fr.po # frontend/src/locales/pt-br.js # frontend/src/locales/pt-br.po # frontend/src/locales/pt.js # frontend/src/locales/pt.po # frontend/src/locales/ru.js # frontend/src/locales/ru.po # frontend/src/locales/zh-cn.js # frontend/src/locales/zh-cn.po
|
Nice! Thanks for contributing this. I'll set aside some time tomorrow to review it. |
|
Is there somewhere a swagger documentation or the likes for the API? |
daveearley
left a comment
daveearley
left a comment
There was a problem hiding this comment.
Great work here! Thank you very much for the contribution. If it's OK with you, I can use this branch as the base for auth changes and I can push up some changes/fixes.
| Relation::enforceMorphMap([ | ||
| EventDomainObject::class => Event::class, | ||
| OrganizerDomainObject::class => Organizer::class, | ||
| 'user' => User::class, |
There was a problem hiding this comment.
Curious what the reason for this?
There was a problem hiding this comment.
As soon as I added the traits required for Sanctum to the User class, I received an error about being unable to morph a User object (I unfortunately don't recall the specific error). Upon doing some google research, I discovered some other people suggesting this as a fix to the error, and it worked.
I'm sure if you remove this you'll get the same error, just in case there is a better solution I am unaware of. Or maybe you won't and I was just being gaslit. 😂
| 'widget', | ||
| '/product/', | ||
| 'check-in', | ||
| 'csrf-cookie', |
There was a problem hiding this comment.
This array relates to frontend path. From what I can see csrf-cookie is a backend path.
|
|
||
| login: async (user: LoginData) => { | ||
| const response = await api.post<LoginResponse>('auth/login', user); | ||
| const response = await api.get('/csrf-cookie').then(async response => { |
There was a problem hiding this comment.
async response can be removed as it's unused.
| export const CreateApiKeyModal = ({onClose, onCompleted}: CreateApiKeyModalProps) => { | ||
| const createMutation = useCreateApiKey(); | ||
| const queryClient = useQueryClient(); | ||
| const formErrorHandler = useFormErrorResponseHandler(); |
There was a problem hiding this comment.
Looks like this is unused
| const handleCreate = useMutation({ | ||
| mutationFn: (apiKeyRequest: CreateApiKeyRequest) => apiKeysClient.create(apiKeyRequest), | ||
|
|
||
| onSuccess: (response: NewApiKey) => { |
There was a problem hiding this comment.
NewApiKey doesn't exist
There was a problem hiding this comment.
The interface does exist, but you're right, I didn't import it in this file and I didn't specify it as the result of a Create call in the api-keys.client.ts file.
Thanks!
Co-authored-by: Dave Earley <dave.m.earley@gmail.com>
You're welcome! Thanks for the review. Definitely feel free to use this as a jumping off point for the auth refactor. |
|
@grablair Don't worry about the conflicts here, I'll take care of them |
|
I haven't forgotten about this! There are a few bugs and performance issues that gave taken priority, but I'll get back to it as soon as I can. |
|
any progress on this? can I propose some support to make it merge to upsteam asap? |
|
Any progress on this? :) |
|
Good i like it |
|
Another vote… |
7 participants
Resolves #339
This is a WIP change to add API keys. The feature is implemented and admins can create API keys and they can be used to access the APIs in a granular fashion. I still need to complete all translations, and want to give @daveearley an opportunity to review this sooner rather than later.
This also adds a migration to add
account_idto the token table, so tokens can be set up on a per-account basis, and the auth flow knows which account a token is attached to, as we don't have the JWT payload to tell us. (TODO: May need to implement key filtering from view for multiple-account situations)Tested with expired tokens, tokens with missing abilities, and valid tokens.
Checklist
Thank you for your contribution! 🎉