cleanup and refactor
This commit is contained in:
Timur Gordon
@@ -65,66 +65,6 @@ impl ApiKey {
|
||||
}
|
||||
}
|
||||
|
||||
/// API key store
|
||||
#[derive(Debug, Clone, Default)]
|
||||
pub struct ApiKeyStore {
|
||||
/// Map of key -> ApiKey
|
||||
keys: HashMap<String, ApiKey>,
|
||||
}
|
||||
|
||||
impl ApiKeyStore {
|
||||
pub fn new() -> Self {
|
||||
Self {
|
||||
keys: HashMap::new(),
|
||||
}
|
||||
}
|
||||
|
||||
/// Add a new API key
|
||||
pub fn add_key(&mut self, key: ApiKey) {
|
||||
self.keys.insert(key.key.clone(), key);
|
||||
}
|
||||
|
||||
/// Remove an API key by its key value
|
||||
pub fn remove_key(&mut self, key: &str) -> Option<ApiKey> {
|
||||
self.keys.remove(key)
|
||||
}
|
||||
|
||||
/// Get an API key by its key value
|
||||
pub fn get_key(&self, key: &str) -> Option<&ApiKey> {
|
||||
self.keys.get(key)
|
||||
}
|
||||
|
||||
/// Verify a key and return its metadata if valid
|
||||
pub fn verify_key(&self, key: &str) -> Option<&ApiKey> {
|
||||
self.get_key(key)
|
||||
}
|
||||
|
||||
/// List all keys with a specific scope
|
||||
pub fn list_keys_by_scope(&self, scope: ApiKeyScope) -> Vec<&ApiKey> {
|
||||
self.keys
|
||||
.values()
|
||||
.filter(|k| k.scope == scope)
|
||||
.collect()
|
||||
}
|
||||
|
||||
/// List all keys
|
||||
pub fn list_all_keys(&self) -> Vec<&ApiKey> {
|
||||
self.keys.values().collect()
|
||||
}
|
||||
|
||||
/// Count keys by scope
|
||||
pub fn count_by_scope(&self, scope: ApiKeyScope) -> usize {
|
||||
self.keys.values().filter(|k| k.scope == scope).count()
|
||||
}
|
||||
|
||||
/// Bootstrap with an initial admin key
|
||||
pub fn bootstrap_admin_key(&mut self, name: String) -> ApiKey {
|
||||
let key = ApiKey::new(name, ApiKeyScope::Admin);
|
||||
self.add_key(key.clone());
|
||||
key
|
||||
}
|
||||
}
|
||||
|
||||
/// Response for auth verification
|
||||
#[derive(Debug, Clone, Serialize, Deserialize)]
|
||||
pub struct AuthVerifyResponse {
|
||||
@@ -132,3 +72,35 @@ pub struct AuthVerifyResponse {
|
||||
pub name: String,
|
||||
pub scope: String,
|
||||
}
|
||||
|
||||
/// Method authorization requirements
|
||||
/// Maps RPC method names to required scopes
|
||||
pub fn get_method_required_scopes(method: &str) -> Option<Vec<ApiKeyScope>> {
|
||||
use ApiKeyScope::*;
|
||||
|
||||
match method {
|
||||
// Admin-only methods
|
||||
"key.add" | "key.remove" | "key.list" |
|
||||
"auth.create_key" | "auth.remove_key" | "auth.list_keys" |
|
||||
"supervisor.info" |
|
||||
"secrets.list_admin" | "secrets.list_user" | "secrets.list_register" => {
|
||||
Some(vec![Admin])
|
||||
}
|
||||
|
||||
// Admin or Registrar methods
|
||||
"runner.register" | "runner.add" | "runner.remove" => {
|
||||
Some(vec![Admin, Registrar])
|
||||
}
|
||||
|
||||
// Admin or User methods
|
||||
"jobs.create" | "job.run" | "job.start" | "job.stop" | "job.delete" => {
|
||||
Some(vec![Admin, User])
|
||||
}
|
||||
|
||||
// Public methods (no auth required)
|
||||
"rpc.discover" => None,
|
||||
|
||||
// Any authenticated user
|
||||
_ => Some(vec![Admin, Registrar, User]),
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user