add api key handler to profile api

pkg/authn/api_add_user_api_key.go

@@ -0,0 +1,119 @@
+// Copyright 2024 Paul Greenberg [email protected]
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package authn
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"regexp"
+	"strings"
+
+	"github.com/greenpau/go-authcrunch/pkg/authn/enums/operator"
+	"github.com/greenpau/go-authcrunch/pkg/ids"
+	"github.com/greenpau/go-authcrunch/pkg/requests"
+	"github.com/greenpau/go-authcrunch/pkg/tagging"
+	"github.com/greenpau/go-authcrunch/pkg/user"
+)
+
+var apiKeyTitleRegexPattern = regexp.MustCompile(`^[\w\@\.\s\(\)]+$`)
+var apiKeyRegexPattern1 = regexp.MustCompile(`^[A-Za-z0-9]{64,72}$`)
+
+// AddUserAPIKey adds API key to user identity.
+func (p *Portal) AddUserAPIKey(
+	ctx context.Context,
+	w http.ResponseWriter,
+	r *http.Request,
+	rr *requests.Request,
+	parsedUser *user.User,
+	resp map[string]interface{},
+	usr *user.User,
+	backend ids.IdentityStore,
+	bodyData map[string]interface{}) error {
+
+	var keyTitle, keyDescription, keyPayload string
+	var keyLabels []string = []string{}
+	var keyTags []tagging.Tag = []tagging.Tag{}
+
+	// Extract data.
+	if v, exists := bodyData["content"]; exists {
+		switch exp := v.(type) {
+		case string:
+			keyPayload = strings.TrimSpace(exp)
+		default:
+			resp["message"] = "Profile API did find key content in the request payload, but it is malformed"
+			return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
+		}
+	} else {
+		resp["message"] = "Profile API did not find key content in the request payload"
+		return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
+	}
+	if v, exists := bodyData["title"]; exists {
+		keyTitle = v.(string)
+	} else {
+		resp["message"] = "Profile API did not find title in the request payload"
+		return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
+	}
+	if v, exists := bodyData["description"]; exists {
+		keyDescription = v.(string)
+	} else {
+		resp["message"] = "Profile API did not find description in the request payload"
+		return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
+	}
+	if extractedTokenTags, err := tagging.ExtractTags(bodyData); err == nil {
+		for _, extractedTokenTag := range extractedTokenTags {
+			keyTags = append(keyTags, *extractedTokenTag)
+		}
+	} else {
+		resp["message"] = "Profile API find malformed tags in the request payload"
+		return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
+	}
+	if extractedTokenLabels, err := tagging.ExtractLabels(bodyData); err == nil {
+		keyLabels = extractedTokenLabels
+	} else {
+		resp["message"] = "Profile API find malformed tags in the request payload"
+		return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
+	}
+
+	// Validate data.
+	if !apiKeyTitleRegexPattern.MatchString(keyTitle) {
+		resp["message"] = "Profile API found non-compliant API key title value"
+		return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
+	}
+	if !tokenDescriptionRegexPattern.MatchString(keyDescription) && (keyDescription != "") {
+		resp["message"] = "Profile API found non-compliant API key description value"
+		return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
+	}
+	if !apiKeyRegexPattern1.MatchString(keyPayload) {
+		resp["message"] = "Profile API found non-compliant API key value"
+		return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
+	}
+
+	rr.Key.Usage = "api"
+	rr.Key.Comment = keyTitle
+	rr.Key.Description = keyDescription
+	rr.Key.Payload = keyPayload
+	rr.Key.Labels = keyLabels
+	rr.Key.Tags = keyTags
+
+	if err := backend.Request(operator.AddAPIKey, rr); err != nil {
+		var errMsg string = fmt.Sprintf("the Profile API failed to add API key to identity store: %v", err)
+		resp["message"] = errMsg
+		return handleAPIProfileResponse(w, rr, http.StatusBadRequest, resp)
+	}
+
+	resp["entry"] = "Created"
+	return handleAPIProfileResponse(w, rr, http.StatusOK, resp)
+}

pkg/authn/handle_api_profile.go

@@ -105,6 +105,7 @@ func (p *Portal) handleAPIProfile(ctx context.Context, w http.ResponseWriter, r
 	case "fetch_user_api_keys":
 	case "fetch_user_api_key":
 	case "delete_user_api_key":
+	case "add_user_api_key":
 	case "fetch_user_ssh_keys":
 	case "fetch_user_ssh_key":
 	case "delete_user_ssh_key":
@@ -198,6 +199,8 @@ func (p *Portal) handleAPIProfile(ctx context.Context, w http.ResponseWriter, r
 		return p.FetchUserAPIKey(ctx, w, r, rr, parsedUser, resp, usr, backend, bodyData)
 	case "delete_user_api_key":
 		return p.DeleteUserAPIKey(ctx, w, r, rr, parsedUser, resp, usr, backend, bodyData)
+	case "add_user_api_key":
+		return p.AddUserAPIKey(ctx, w, r, rr, parsedUser, resp, usr, backend, bodyData)
 	case "fetch_user_ssh_keys":
 		return p.FetchUserSSHKeys(ctx, w, r, rr, parsedUser, resp, usr, backend)
 	case "fetch_user_ssh_key":

pkg/identity/database.go

@@ -19,6 +19,7 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
+	"regexp"
 	"strings"
 	"sync"
 	"time"
@@ -58,6 +59,8 @@ var (
 	}
 )
 
+var apiKeyRegexPattern = regexp.MustCompile(`^[A-Za-z0-9]{64,72}$`)
+
 func init() {
 	app = versioned.NewPackageManager("authdb")
 	app.Description = "authdb"
@@ -596,7 +599,24 @@ func (db *Database) AddAPIKey(r *requests.Request) error {
 	if err != nil {
 		return errors.ErrAddAPIKey.WithArgs(r.Key.Usage, err)
 	}
-	s := util.GetRandomString(72)
+
+	s := r.Key.Payload
+	if s == "" {
+		s = util.GetRandomString(72)
+	}
+
+	if len(s) < 64 {
+		return errors.ErrAddAPIKey.WithArgs(r.Key.Usage, "the key is too short")
+	}
+
+	if len(s) > 72 {
+		return errors.ErrAddAPIKey.WithArgs(r.Key.Usage, "the key is too long")
+	}
+
+	if !apiKeyRegexPattern.MatchString(s) {
+		return errors.ErrAddAPIKey.WithArgs(r.Key.Usage, "the key is non compliant")
+	}
+
 	failCount := 0
 	for {
 		hk, err := NewPassword(s)