Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat/apikey auth #2017

Merged
merged 28 commits into from
Nov 3, 2022
Merged

Feat/apikey auth #2017

merged 28 commits into from
Nov 3, 2022

Conversation

thanhdatle
Copy link
Contributor

@thanhdatle thanhdatle commented Oct 8, 2022
edited
Loading

Problem

Implement APIKey authentication

New Endpoint to get ApiKey:
curl --location --request POST 'http://localhost:3000/api/user/apiKey' \ --header 'cookie: _ga=GA1.1.6110350.1655804226;

ApiKey response
{ "message": "test_v1_M/Xa1CG5RBV1xQEs6iLimMAQBuwOy1LijWcnC9nRtNU=" }

New migration file at src/server/db_migrations/20221005_add_apiKeyHash_column_to_user_table.sql

New ENV_VAR: API_KEY_SALT

@gitguardian
Copy link

gitguardian bot commented Oct 10, 2022
edited
Loading

⚠️ GitGuardian has uncovered 1 secret following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secret in your pull request
GitGuardian id Secret Commit Filename
4677481 Generic High Entropy Secret 631490e docker-compose.yml View secret
🛠 Guidelines to remediate hardcoded secrets
  1. Understand the implications of revoking this secret by investigating where it is used in your code.
  2. Replace and store your secret safely. Learn here the best practices.
  3. Revoke and rotate this secret.
  4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

Our GitHub checks need improvements? Share your feedbacks!

@thanhdatle
Copy link
Contributor Author

⚠️ GitGuardian has uncovered 1 secret following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secret in your pull request
🛠 Guidelines to remediate hardcoded secrets
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.Our GitHub checks need improvements? Share your feedbacks!

It's the APIKeyHash used in docker-compose

@halfwhole halfwhole self-requested a review October 10, 2022 07:58
halfwhole
halfwhole approved these changes Oct 13, 2022
View reviewed changes
Copy link
Collaborator

@halfwhole halfwhole left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm! 💯

README.md Show resolved Hide resolved
@halfwhole halfwhole mentioned this pull request Oct 13, 2022
Open
@thanhdatle thanhdatle merged commit 827cd42 into develop Nov 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@halfwhole halfwhole halfwhole approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@thanhdatle @halfwhole