Skip to content

Commit

Permalink
[ENG-6949] check permissions when acting on access tokens (#28326)
Browse files Browse the repository at this point in the history 
GitOrigin-RevId: 550cbdf37ea23aa1a918657556b8935243c51909
  • Loading branch information
@pashabitz
pashabitz authored and Convex, Inc. committed Jul 30, 2024
1 parent bcdc4ec commit aa623fb
Show file tree
Hide file tree
Showing 2 changed files with 62 additions and 0 deletions.
61 changes: 61 additions & 0 deletions crates/common/src/types/admin_key.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,37 @@ pub struct AdminKeyParts {
pub encrypted_part: String,
}

pub struct PreviewDeploymentAdminKeyParts {
pub team_slug: String,
pub project_slug: String,
pub key: String,
}

impl TryFrom<AdminKey> for PreviewDeploymentAdminKeyParts {
type Error = anyhow::Error;

fn try_from(value: AdminKey) -> Result<Self, Self::Error> {
match value.0.split_once('|') {
Some((prefix, key)) => {
if prefix.starts_with("preview:") {
let (_, rest) = prefix.split_once(':').unwrap();
match rest.split_once(':') {
Some((team_slug, project_slug)) => Ok(PreviewDeploymentAdminKeyParts {
team_slug: team_slug.to_string(),
project_slug: project_slug.to_string(),
key: key.to_string(),
}),
None => anyhow::bail!("Invalid preview admin key"),
}
} else {
anyhow::bail!("Invalid preview admin key")
}
},
None => anyhow::bail!("Invalid preview admin key"),
}
}
}

// TODO - encompass these floating methods into the `AdminKey` type

pub fn split_admin_key(admin_key: &str) -> Option<(&str, &str)> {
Expand Down Expand Up @@ -191,4 +222,34 @@ mod tests {
"somesecret:somethingelse"
);
}

#[test]
fn test_preview_admin_key_from_admin_key() {
let admin_key = AdminKey::new("preview:sarah-shader:proset|somesecret".to_string());
let preview_parts = PreviewDeploymentAdminKeyParts::try_from(admin_key).unwrap();
assert_eq!(preview_parts.team_slug, "sarah-shader");
assert_eq!(preview_parts.project_slug, "proset");
assert_eq!(preview_parts.key, "somesecret");
}

#[test]
fn test_preview_admin_key_from_prod_admin_key() {
let admin_key = AdminKey::new("prod:deployment-name|somesecret".to_string());
let preview_parts = PreviewDeploymentAdminKeyParts::try_from(admin_key);
assert!(preview_parts.is_err());
}

#[test]
fn test_preview_admin_key_from_admin_key_missing_team() {
let admin_key = AdminKey::new("preview:proset|somesecret".to_string());
let preview_parts = PreviewDeploymentAdminKeyParts::try_from(admin_key);
assert!(preview_parts.is_err());
}

#[test]
fn test_preview_admin_key_from_admin_key_missing_prefix() {
let admin_key = AdminKey::new("secret".to_string());
let preview_parts = PreviewDeploymentAdminKeyParts::try_from(admin_key);
assert!(preview_parts.is_err());
}
}
1 change: 1 addition & 0 deletions crates/common/src/types/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ pub use admin_key::{
split_admin_key,
AdminKey,
AdminKeyParts,
PreviewDeploymentAdminKeyParts,
SystemKey,
};
pub use backend_state::BackendState;
Expand Down

0 comments on commit aa623fb

Please sign in to comment.