f249c8b49b
Admin UI Features:
- Complete job lifecycle: create, run, view status, view output, delete
- Job table with sorting, filtering, and real-time status updates
- Status polling with countdown timers for running jobs
- Job output modal with result/error display
- API keys management: create keys, list keys with secrets visible
- Sidebar toggle between runners and keys views
- Toast notifications for errors
- Modern dark theme UI with responsive design
Supervisor Improvements:
- Fixed job status persistence using client methods
- Refactored get_job_result to use client.get_status, get_result, get_error
- Changed runner_rust dependency from git to local path
- Authentication system with API key scopes (admin, user, register)
- Job listing with status fetching from Redis
- Services module for job and auth operations
OpenRPC Client:
- Added auth_list_keys method for fetching API keys
- WASM bindings for browser usage
- Proper error handling and type conversions
Build Status: ✅ All components build successfully
3.4 KiB
3.4 KiB
Hero Supervisor Authentication
The Hero Supervisor now supports API key-based authentication with three permission scopes:
Permission Scopes
- Admin - Full access to all operations including key management
- Registrar - Can register new runners
- User - Can create and manage jobs
Starting the Supervisor with an Admin Key
Bootstrap an initial admin key when starting the supervisor:
cargo run --bin supervisor -- --bootstrap-admin-key "my-admin"
This will output:
╔════════════════════════════════════════════════════════════╗
║ 🔑 Admin API Key Created ║
╚════════════════════════════════════════════════════════════╝
Name: my-admin
Key: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Scope: admin
⚠️ SAVE THIS KEY - IT WILL NOT BE SHOWN AGAIN!
╚════════════════════════════════════════════════════════════╝
IMPORTANT: Save this key securely - it will not be displayed again!
API Endpoints
Verify API Key
Verify a key and get its metadata:
curl -X POST http://127.0.0.1:3030 \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"method": "auth.verify",
"params": {
"key": "your-api-key-here"
},
"id": 1
}'
Response:
{
"jsonrpc": "2.0",
"result": {
"valid": true,
"name": "my-admin",
"scope": "admin"
},
"id": 1
}
Create New API Key (Admin Only)
curl -X POST http://127.0.0.1:3030 \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"method": "auth.create_key",
"params": {
"admin_key": "your-admin-key",
"name": "runner-bot",
"scope": "registrar"
},
"id": 1
}'
Response:
{
"jsonrpc": "2.0",
"result": {
"key": "new-generated-uuid",
"name": "runner-bot",
"scope": "registrar",
"created_at": "2025-10-27T15:00:00Z",
"expires_at": null
},
"id": 1
}
List All API Keys (Admin Only)
curl -X POST http://127.0.0.1:3030 \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"method": "auth.list_keys",
"params": {
"admin_key": "your-admin-key"
},
"id": 1
}'
Remove API Key (Admin Only)
curl -X POST http://127.0.0.1:3030 \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"method": "auth.remove_key",
"params": {
"admin_key": "your-admin-key",
"key": "key-to-remove"
},
"id": 1
}'
Using Keys in the Admin UI
The admin UI will use the auth.verify endpoint during login to:
- Validate the provided API key
- Retrieve the key's name and scope
- Display the user's name and permissions in the header
- Show/hide UI elements based on scope
Migration from Legacy Secrets
The supervisor still supports the legacy secret-based authentication for backward compatibility:
--admin-secret- Legacy admin secrets--user-secret- Legacy user secrets--register-secret- Legacy register secrets
However, the new API key system is recommended for better management and auditability.