ApiKey action rules #2105

fpellet · 2024-12-12T15:20:55Z

Description

Allow to create a rule with an api ley

Steps to reproduce

Create a key:

{
  "description": "Admin key.",
  "actions": [
    "collections:*",
    "documents:*",
    "aliases:*",
    "synonyms:*",
    "overrides:*",
    "stopwords:*",
    "rules:*"
  ],
  "collections": [
    "*"
  ]
}

Expected Behavior

Can create rules

Actual Behavior

Unauthorized

Metadata

Typesense Version: 27.1

OS: Linux (docker)

The text was updated successfully, but these errors were encountered:

jasonbosco · 2024-12-12T18:00:48Z

Could you share a set of curl commands like this that replicates the issue with a minimal dataset?

fpellet · 2024-12-15T10:14:15Z

Sure.

### Run Typesense via Docker ########################################
export TYPESENSE_API_KEY=xyz
    
mkdir "$(pwd)"/typesense-data

docker run -p 8108:8108 \
            -v"$(pwd)"/typesense-data:/data typesense/typesense:27.1 \
            --data-dir /data \
            --api-key=$TYPESENSE_API_KEY \
            --enable-cors

### Reproduction Steps ###############################################
export TYPESENSE_API_KEY=xyz
export HOST='http://localhost:8108'

curl "${HOST}/debug" \
       -H "X-TYPESENSE-API-KEY: ${TYPESENSE_API_KEY}"

### create admin api key with all actions in documentation (+ rules to try)

curl "${HOST}/keys" \
       -X POST \
       -H "Content-Type: application/json" \
       -H "X-TYPESENSE-API-KEY: ${ADMIN_API_KEY}" \
       -d '{"description":"Admin","actions":["collections:*","documents:*","aliases:*","synonyms:*","overrides:*","stopwords:*","rules:*"],"collections":["*"]}'

export ADMIN_API_KEY='new api key created'

curl "${HOST}/debug" \
       -H "X-TYPESENSE-API-KEY: ${ADMIN_API_KEY}"

curl "${HOST}/collections" \
       -X POST \
       -H "Content-Type: application/json" \
       -H "X-TYPESENSE-API-KEY: ${ADMIN_API_KEY}" \
       -d '{
         "name": "companies",
         "fields": [
           {"name": "company_name", "type": "string" },
           {"name": "num_employees", "type": "int32" },
           {"name": "country", "type": "string", "facet": true }
         ],
         "default_sorting_field": "num_employees"
       }'

curl "${HOST}/collections" \
       -X POST \
       -H "Content-Type: application/json" \
       -H "X-TYPESENSE-API-KEY: ${ADMIN_API_KEY}" \
       -d '{
         "name": "companies_stats",
         "fields": [
           {"name": "q", "type": "string" },
           {"name": "count", "type": "int32" }
         ],
         "default_sorting_field": "count"
       }'

curl "${HOST}/analytics/rules" \
       -X POST \
       -H "Content-Type: application/json" \
       -H "X-TYPESENSE-API-KEY: ${ADMIN_API_KEY}" \
       -d '{"name":"test","params":{"destination":{"collection":"collections_stats"},"limit":100,"source":{"collections":["companies"]}},"type":"popular_queries"}'

=> result: {"message": "Forbidden - a valid `x-typesense-api-key` header must be sent."}

Impossible to create rule without full authorization apikey

jasonbosco · 2024-12-16T17:46:54Z

Instead of rules:*, could you try analytics/rules:* in the actions key when creating the API Key?

fpellet · 2024-12-21T19:16:25Z

it's works. Thanks.
I saw that the documentation had been updated too.

fpellet closed this as completed Dec 21, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ApiKey action rules #2105

ApiKey action rules #2105

fpellet commented Dec 12, 2024

jasonbosco commented Dec 12, 2024

fpellet commented Dec 15, 2024 •

edited

Loading

jasonbosco commented Dec 16, 2024

fpellet commented Dec 21, 2024

ApiKey action rules #2105

ApiKey action rules #2105

Comments

fpellet commented Dec 12, 2024

Description

Steps to reproduce

Expected Behavior

Actual Behavior

Metadata

jasonbosco commented Dec 12, 2024

fpellet commented Dec 15, 2024 • edited Loading

jasonbosco commented Dec 16, 2024

fpellet commented Dec 21, 2024

fpellet commented Dec 15, 2024 •

edited

Loading