diff --git a/core/src/supervisor.rs b/core/src/supervisor.rs index caf584c..a7bebb6 100644 --- a/core/src/supervisor.rs +++ b/core/src/supervisor.rs @@ -238,6 +238,36 @@ impl SupervisorBuilder { reason: format!("Invalid Redis URL: {}", e), })?; + // Create API key store and add secrets as API keys + let mut api_key_store = crate::auth::ApiKeyStore::new(); + + // Add admin secrets as API keys + for secret in &self.admin_secrets { + api_key_store.add_key(crate::auth::ApiKey::with_key( + secret.clone(), + "Admin Secret".to_string(), + crate::auth::ApiKeyScope::Admin, + )); + } + + // Add user secrets as API keys + for secret in &self.user_secrets { + api_key_store.add_key(crate::auth::ApiKey::with_key( + secret.clone(), + "User Secret".to_string(), + crate::auth::ApiKeyScope::User, + )); + } + + // Add register secrets as API keys + for secret in &self.register_secrets { + api_key_store.add_key(crate::auth::ApiKey::with_key( + secret.clone(), + "Register Secret".to_string(), + crate::auth::ApiKeyScope::Registrar, + )); + } + Ok(Supervisor { client: self.client_builder.build().await.unwrap(), runners: self.runners, @@ -247,7 +277,7 @@ impl SupervisorBuilder { admin_secrets: self.admin_secrets, user_secrets: self.user_secrets, register_secrets: self.register_secrets, - api_keys: Arc::new(Mutex::new(crate::auth::ApiKeyStore::new())), + api_keys: Arc::new(Mutex::new(api_key_store)), services: crate::services::Services::new(), }) } @@ -980,44 +1010,7 @@ impl Supervisor { } /// Verify an API key and return its metadata - /// Checks secrets first (admin, user, register), then stored API keys pub async fn verify_api_key(&self, key: &str) -> Option { - use chrono::Utc; - - // Check if it's an admin secret - if self.has_admin_secret(key) { - return Some(crate::auth::ApiKey { - key: key.to_string(), - name: "Admin Secret".to_string(), - scope: crate::auth::ApiKeyScope::Admin, - created_at: Utc::now().to_rfc3339(), - expires_at: None, - }); - } - - // Check if it's a user secret - if self.has_user_secret(key) { - return Some(crate::auth::ApiKey { - key: key.to_string(), - name: "User Secret".to_string(), - scope: crate::auth::ApiKeyScope::User, - created_at: Utc::now().to_rfc3339(), - expires_at: None, - }); - } - - // Check if it's a register secret - if self.has_register_secret(key) { - return Some(crate::auth::ApiKey { - key: key.to_string(), - name: "Register Secret".to_string(), - scope: crate::auth::ApiKeyScope::Registrar, - created_at: Utc::now().to_rfc3339(), - expires_at: None, - }); - } - - // Fall back to stored API keys let store = self.api_keys.lock().await; store.verify_key(key).cloned() }