Improve token.ts
#1661
Improve token.ts
#1661
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1661 +/- ##
==========================================
+ Coverage 97.93% 98.20% +0.27%
==========================================
Files 18 18
Lines 1546 1562 +16
Branches 326 333 +7
==========================================
+ Hits 1514 1534 +20
+ Misses 32 28 -4 ☔ View full report in Codecov by Sentry. |
|
Oh well, |
|
Hmm, maybe I should do something so |
|
I tried to fix the typing issue for the |
|
This PR would make #1595 more or less obsolete, but there might be more things to consider before we can truly say that. |
|
Hi @flevi29 so the idea of not allowing the customer to use the generateTenantToken in the web version is a business decision, not a technical one. Let me give you the context: In order to generate the token, the user will have to expose a real key (usually a key with more permissions like the masterKey). If they do that using the front-end integration, our users will be exposing that info incorrectly. To prevent the users from making those mistakes, we only allowed them to generate the keys using this integration in the backend (node). |
|
I see, Web Crypto can only be used in secure contexts, not sure if that changes anything, but I see why we need to separate this part of the code. I still think it's the right move to use Web Crypto, because of WinterCG and the Minimum Common API that Node.js and Deno for example subscribe to otherwise. I will try and separate tokens into a separate export, related to #1611. |
but how can we protect the user to make those mistakes? |
|
It's going to be a separate export. They're going to have to import from We will warn people to use it only on backend and any other way only if they really know what they're doing, use it at their own risk, and explain the risks involved. Maybe even console log some big warnings when they use it, although I can see this becoming a little annoying. If they really wanted to they could implement this on their own on the front end via Web Crypto, as you can see it's not a complex change, there's only so much we can do for users to be "protected" from their own mistakes, and even so there are protections in place, for example they can only use Web Crypto in a browser in a secure context (HTTPS), although I know this might not be entirely foolproof. Anyhow not having to worry about two separate JS clients is a worthwhile change in my opinion. |
flevi29
force-pushed
the
token-web-crypto
branch
from
4fc66e8 to
4efb670
Compare
| @@ -1108,15 +1108,58 @@ export const ErrorStatusCode = { | |||
| export type ErrorStatusCode = | |||
| (typeof ErrorStatusCode)[keyof typeof ErrorStatusCode]; | |||
|
|
|||
| export type TokenIndexRules = { | |||
| [field: string]: any; | |||
There was a problem hiding this comment.
This is not valid, looking at the rust source code I couldn't find such a thing.
|
@brunoocasali Hey, this PR is finally ready for another review. Now users will be protected from using this on the frontend. |
|
|
MigrationOld await generateTenantToken("74c9c733-3368-4738-bbe5-1d18a5fecb37", [], {
apiKey: "0a6e572506c52ab0bd6195921575d23092b7f0c284ab4ac86d12346c33057f99",
expiresAt: new Date("December 17, 4000 03:24:00"),
});New await generateTenantToken({
apiKey: "0a6e572506c52ab0bd6195921575d23092b7f0c284ab4ac86d12346c33057f99",
apiKeyUid: "74c9c733-3368-4738-bbe5-1d18a5fecb37",
searchRules: [],
expiresAt: new Date("December 17, 4000 03:24:00"),
});
|
|
bors merge |
|
Build succeeded:
|
Pull Request
What does this PR do?
Important
Because this code can now be run in a browser as well, an additional, enabled-by-default, environment check is added to assert that the code runs server-side.
expiredAtis no longer checked for being in the past, because maybe the system time is wrong or cannot be determined accurately locally, letmeilisearchdetermine it after using the tokenCaution
BREAKING
generateTenantTokenfunction, which now only accepts one object as a parameter,TenantTokenGeneratorOptions, all other parameters are now properties of this objectforce- use to disable safety environment check for when it's necessary to do soalgorithm- use to select encryption algorithmsearchRules- can now be omitted, default value is["*"]expiresAt- can now be anumber, a UNIX timestamp numberTokenOptionsTODO: Add option of MeiliSearch instead of apiKeyUid? Or rather raise issue about it for now.