mirror of
				https://github.com/juanfont/headscale.git
				synced 2025-10-25 06:01:06 +02:00 
			
		
		
		
	This commits introduces a new data model for holding api keys for the API. The keys are stored in the database with a prefix and a hash and bcrypt with 10 passes is used to store the hash and it is "one way safe". Api keys have an expiry logic similar to pre auth keys. A key cannot be retrieved after it has created, only verified.
		
			
				
	
	
		
			90 lines
		
	
	
		
			2.3 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			90 lines
		
	
	
		
			2.3 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
| package headscale
 | |
| 
 | |
| import (
 | |
| 	"time"
 | |
| 
 | |
| 	"gopkg.in/check.v1"
 | |
| )
 | |
| 
 | |
| func (*Suite) TestCreateAPIKey(c *check.C) {
 | |
| 	apiKeyStr, apiKey, err := app.CreateAPIKey(nil)
 | |
| 	c.Assert(err, check.IsNil)
 | |
| 	c.Assert(apiKey, check.NotNil)
 | |
| 
 | |
| 	// Did we get a valid key?
 | |
| 	c.Assert(apiKey.Prefix, check.NotNil)
 | |
| 	c.Assert(apiKey.Hash, check.NotNil)
 | |
| 	c.Assert(apiKeyStr, check.Not(check.Equals), "")
 | |
| 
 | |
| 	_, err = app.ListAPIKeys()
 | |
| 	c.Assert(err, check.IsNil)
 | |
| 
 | |
| 	keys, err := app.ListAPIKeys()
 | |
| 	c.Assert(err, check.IsNil)
 | |
| 	c.Assert(len(keys), check.Equals, 1)
 | |
| }
 | |
| 
 | |
| func (*Suite) TestAPIKeyDoesNotExist(c *check.C) {
 | |
| 	key, err := app.GetAPIKey("does-not-exist")
 | |
| 	c.Assert(err, check.NotNil)
 | |
| 	c.Assert(key, check.IsNil)
 | |
| }
 | |
| 
 | |
| func (*Suite) TestValidateAPIKeyOk(c *check.C) {
 | |
| 	nowPlus2 := time.Now().Add(2 * time.Hour)
 | |
| 	apiKeyStr, apiKey, err := app.CreateAPIKey(&nowPlus2)
 | |
| 	c.Assert(err, check.IsNil)
 | |
| 	c.Assert(apiKey, check.NotNil)
 | |
| 
 | |
| 	valid, err := app.ValidateAPIKey(apiKeyStr)
 | |
| 	c.Assert(err, check.IsNil)
 | |
| 	c.Assert(valid, check.Equals, true)
 | |
| }
 | |
| 
 | |
| func (*Suite) TestValidateAPIKeyNotOk(c *check.C) {
 | |
| 	nowMinus2 := time.Now().Add(time.Duration(-2) * time.Hour)
 | |
| 	apiKeyStr, apiKey, err := app.CreateAPIKey(&nowMinus2)
 | |
| 	c.Assert(err, check.IsNil)
 | |
| 	c.Assert(apiKey, check.NotNil)
 | |
| 
 | |
| 	valid, err := app.ValidateAPIKey(apiKeyStr)
 | |
| 	c.Assert(err, check.IsNil)
 | |
| 	c.Assert(valid, check.Equals, false)
 | |
| 
 | |
| 	now := time.Now()
 | |
| 	apiKeyStrNow, apiKey, err := app.CreateAPIKey(&now)
 | |
| 	c.Assert(err, check.IsNil)
 | |
| 	c.Assert(apiKey, check.NotNil)
 | |
| 
 | |
| 	validNow, err := app.ValidateAPIKey(apiKeyStrNow)
 | |
| 	c.Assert(err, check.IsNil)
 | |
| 	c.Assert(validNow, check.Equals, false)
 | |
| 
 | |
| 	validSilly, err := app.ValidateAPIKey("nota.validkey")
 | |
| 	c.Assert(err, check.NotNil)
 | |
| 	c.Assert(validSilly, check.Equals, false)
 | |
| 
 | |
| 	validWithErr, err := app.ValidateAPIKey("produceerrorkey")
 | |
| 	c.Assert(err, check.NotNil)
 | |
| 	c.Assert(validWithErr, check.Equals, false)
 | |
| }
 | |
| 
 | |
| func (*Suite) TestExpireAPIKey(c *check.C) {
 | |
| 	nowPlus2 := time.Now().Add(2 * time.Hour)
 | |
| 	apiKeyStr, apiKey, err := app.CreateAPIKey(&nowPlus2)
 | |
| 	c.Assert(err, check.IsNil)
 | |
| 	c.Assert(apiKey, check.NotNil)
 | |
| 
 | |
| 	valid, err := app.ValidateAPIKey(apiKeyStr)
 | |
| 	c.Assert(err, check.IsNil)
 | |
| 	c.Assert(valid, check.Equals, true)
 | |
| 
 | |
| 	err = app.ExpireAPIKey(apiKey)
 | |
| 	c.Assert(err, check.IsNil)
 | |
| 	c.Assert(apiKey.Expiration, check.NotNil)
 | |
| 
 | |
| 	notValid, err := app.ValidateAPIKey(apiKeyStr)
 | |
| 	c.Assert(err, check.IsNil)
 | |
| 	c.Assert(notValid, check.Equals, false)
 | |
| }
 |