feat: generate key one time

elibosley · elibosley · commit 511692874c19 · 2024-12-19T11:50:43.000-05:00
diff --git a/api/dev/Unraid.net/myservers.cfg b/api/dev/Unraid.net/myservers.cfg
@@ -9,6 +9,7 @@ wanaccess="yes"
 wanport="8443"
 upnpEnabled="no"
 apikey="_______________________BIG_API_KEY_HERE_________________________"
+localApiKey="426b62b4d51e441fa97a93dfa1259920390a6eb61bd8675db0caa18dd0e414e9"
 email="test@example.com"
 username="zspearmint"
 avatar="https://via.placeholder.com/200"
diff --git a/api/dev/keys/10f356da-1e9e-43b8-9028-a26a645539a6.json b/api/dev/keys/10f356da-1e9e-43b8-9028-a26a645539a6.json
@@ -3,6 +3,6 @@
     "key": "73717ca0-8c15-40b9-bcca-8d85656d1438",
     "name": "Test API Key",
     "description": "Testing API key creation",
-    "roles": ["guest", "upc"],
+    "roles": ["guest", "connect"],
     "createdAt": "2024-10-29T19:59:12.569Z"
 }
diff --git a/api/dev/keys/d166bf8b-3615-444a-8932-c460b2132ba3.json b/api/dev/keys/d166bf8b-3615-444a-8932-c460b2132ba3.json
@@ -0,0 +1,10 @@
+{
+  "createdAt": "2024-12-19T16:49:56.848Z",
+  "description": "API key for Connect user",
+  "id": "d166bf8b-3615-444a-8932-c460b2132ba3",
+  "key": "3a4e2332891e879d2ac8c3f25ef03a7b54f70b62cd6c5a08a86189cdd19ba203",
+  "name": "Connect",
+  "roles": [
+    "admin"
+  ]
+}
diff --git a/api/dev/states/myservers.cfg b/api/dev/states/myservers.cfg
@@ -9,6 +9,7 @@ wanaccess="yes"
 wanport="8443"
 upnpEnabled="no"
 apikey="_______________________BIG_API_KEY_HERE_________________________"
+localApiKey="3a4e2332891e879d2ac8c3f25ef03a7b54f70b62cd6c5a08a86189cdd19ba203"
 email="test@example.com"
 username="zspearmint"
 avatar="https://via.placeholder.com/200"
diff --git a/api/src/graphql/generated/api/types.ts b/api/src/graphql/generated/api/types.ts
@@ -1187,12 +1187,12 @@ export type RemoveRoleFromApiKeyInput = {
 
 /** Available resources for permissions */
 export enum Resource {
-  API_KEY = 'api_key',
+  APIKEY = 'apikey',
   ARRAY = 'array',
   CLOUD = 'cloud',
   CONFIG = 'config',
   CONNECT = 'connect',
-  CRASH_REPORTING_ENABLED = 'crash_reporting_enabled',
+  CONNECT__REMOTE_ACCESS = 'connect__remote_access',
   CUSTOMIZATIONS = 'customizations',
   DASHBOARD = 'dashboard',
   DISK = 'disk',
@@ -1220,10 +1220,8 @@ export enum Resource {
 /** Available roles for API keys and users */
 export enum Role {
   ADMIN = 'admin',
-  GUEST = 'guest',
-  MY_SERVERS = 'my_servers',
-  NOTIFIER = 'notifier',
-  UPC = 'upc'
+  CONNECT = 'connect',
+  GUEST = 'guest'
 }
 
 export type Server = {
diff --git a/api/src/graphql/resolvers/mutation/connect/connect-sign-in.ts b/api/src/graphql/resolvers/mutation/connect/connect-sign-in.ts
@@ -2,7 +2,6 @@ import { decodeJwt } from 'jose';
 
 import type { ConnectSignInInput } from '@app/graphql/generated/api/types';
 import { NODE_ENV } from '@app/environment';
-import { Role } from '@app/graphql/generated/api/types';
 import { API_KEY_STATUS } from '@app/mothership/api-key/api-key-types';
 import { validateApiKeyWithKeyServer } from '@app/mothership/api-key/validate-api-key-with-keyserver';
 import { getters, store } from '@app/store/index';
@@ -44,11 +43,7 @@ export const connectSignIn = async (input: ConnectSignInInput): Promise<boolean>
             if (localApiKeyFromConfig == '') {
                 const apiKeyService = new ApiKeyService();
                 // Create local API key
-                const localApiKey = await apiKeyService.create(
-                    `LOCAL_KEY_${userInfo.preferred_username.toUpperCase()}`,
-                    `Local API key for Connect user ${userInfo.email}`,
-                    [Role.ADMIN]
-                );
+                const localApiKey = await apiKeyService.createLocalConnectApiKey();
 
                 if (!localApiKey?.key) {
                     throw new Error('Failed to create local API key');
@@ -74,4 +69,4 @@ export const connectSignIn = async (input: ConnectSignInInput): Promise<boolean>
     } else {
         return false;
     }
-};
+};
diff --git a/api/src/graphql/schema/types/auth/auth.graphql b/api/src/graphql/schema/types/auth/auth.graphql
@@ -1,48 +1,3 @@
-"""
-Available resources for permissions
-"""
-enum Resource {
-    api_key
-    cloud
-    config
-    crash_reporting_enabled
-    customizations
-    disk
-    display
-    flash
-    info
-    logs
-    online
-    os
-    owner
-    permission
-    registration
-    servers
-    share
-    vars
-    connect
-    notifications
-    array
-    dashboard
-    docker
-    network
-    services
-    vms
-    me
-    welcome
-}
-
-"""
-Available roles for API keys and users
-"""
-enum Role {
-    admin
-    upc
-    my_servers
-    notifier
-    guest
-}
-
 type ApiKey {
     id: ID!
     name: String!
diff --git a/api/src/graphql/schema/types/auth/roles.graphql b/api/src/graphql/schema/types/auth/roles.graphql
@@ -0,0 +1,42 @@
+"""
+Available resources for permissions
+"""
+enum Resource {
+    apikey
+    array
+    cloud
+    config
+    connect
+    connect__remote_access
+    customizations
+    dashboard
+    disk
+    display
+    docker
+    flash
+    info
+    logs
+    me
+    network
+    notifications
+    online
+    os
+    owner
+    permission
+    registration
+    servers
+    services
+    share
+    vars
+    vms
+    welcome
+}
+
+"""
+Available roles for API keys and users
+"""
+enum Role {
+    admin
+    connect
+    guest
+}
diff --git a/api/src/index.ts b/api/src/index.ts
@@ -32,6 +32,7 @@ import { setupRegistrationKeyWatch } from '@app/store/watch/registration-watch';
 import { StateManager } from '@app/store/watch/state-watch';
 import { setupVarRunWatch } from '@app/store/watch/var-run-watch';
 import { bootstrapNestServer } from '@app/unraid-api/main';
+import { createLocalApiKeyForConnectIfNecessary } from '@app/mothership/utils/create-local-connect-api-key';
 
 let server: NestFastifyApplication<RawServerDefault> | null = null;
 
@@ -84,6 +85,8 @@ try {
     // Start listening to dynamix config file changes
     setupDynamixConfigWatch();
 
+    await createLocalApiKeyForConnectIfNecessary();
+
     // Disabled until we need the access token to work
     // TokenRefresh.init();
 
diff --git a/api/src/mothership/utils/create-local-connect-api-key.ts b/api/src/mothership/utils/create-local-connect-api-key.ts
@@ -0,0 +1,34 @@
+import { minigraphLogger } from '@app/core/log';
+import { getters, store } from '@app/store/index';
+import { updateUserConfig } from '@app/store/modules/config';
+import { FileLoadStatus } from '@app/store/types';
+import { ApiKeyService } from '@app/unraid-api/auth/api-key.service';
+
+export const createLocalApiKeyForConnectIfNecessary = async () => {
+    if (getters.config().status !== FileLoadStatus.LOADED) {
+        minigraphLogger.error('Config file not loaded, cannot create local API key');
+        return;
+    }
+
+    const { remote } = getters.config();
+    const service = new ApiKeyService();
+    // If the remote API Key is set and the local key is either not set or not found on disk, create a key
+    if (remote.apikey && (!remote.localApiKey || !(await service.findById(remote.localApiKey)))) {
+        minigraphLogger.debug('Creating local API key for Connect');
+        // Create local API key
+        const apiKeyService = new ApiKeyService();
+        const localApiKey = await apiKeyService.createLocalConnectApiKey();
+
+        if (localApiKey?.key) {
+            store.dispatch(
+                updateUserConfig({
+                    remote: {
+                        localApiKey: localApiKey.key,
+                    },
+                })
+            );
+        } else {
+            throw new Error('Failed to create local API key - no key returned');
+        }
+    }
+};
diff --git a/api/src/store/listeners/listener-middleware.ts b/api/src/store/listeners/listener-middleware.ts
@@ -1,3 +1,5 @@
+import 'reflect-metadata';
+
 import type { TypedAddListener, TypedStartListening } from '@reduxjs/toolkit';
 import { addListener, createListenerMiddleware } from '@reduxjs/toolkit';
 
@@ -6,17 +8,12 @@ import { enableArrayEventListener } from '@app/store/listeners/array-event-liste
 import { enableConfigFileListener } from '@app/store/listeners/config-listener';
 import { enableDynamicRemoteAccessListener } from '@app/store/listeners/dynamic-remote-access-listener';
 import { enableMothershipJobsListener } from '@app/store/listeners/mothership-subscription-listener';
+import { enableNotificationPathListener } from '@app/store/listeners/notification-path-listener';
 import { enableServerStateListener } from '@app/store/listeners/server-state-listener';
 import { enableUpnpListener } from '@app/store/listeners/upnp-listener';
 import { enableVersionListener } from '@app/store/listeners/version-listener';
 import { enableWanAccessChangeListener } from '@app/store/listeners/wan-access-change-listener';
 
-import 'reflect-metadata';
-
-import { enableNotificationPathListener } from '@app/store/listeners/notification-path-listener';
-
-import { enableLocalApiKeyListener } from './local-api-key-listener';
-
 export const listenerMiddleware = createListenerMiddleware();
 
 export type AppStartListening = TypedStartListening<RootState, AppDispatch>;
@@ -29,7 +26,6 @@ export const addAppListener = addListener as TypedAddListener<RootState, AppDisp
 
 export const startMiddlewareListeners = () => {
     // Begin listening for events
-    enableLocalApiKeyListener();
     enableConfigFileListener('flash')();
     enableConfigFileListener('memory')();
     enableUpnpListener();
diff --git a/api/src/store/listeners/local-api-key-listener.ts b/api/src/store/listeners/local-api-key-listener.ts
diff --git a/api/src/unraid-api/auth/api-key.service.ts b/api/src/unraid-api/auth/api-key.service.ts
diff --git a/api/src/unraid-api/auth/casbin/policy.ts b/api/src/unraid-api/auth/casbin/policy.ts
diff --git a/api/src/unraid-api/graph/connect/connect.resolver.ts b/api/src/unraid-api/graph/connect/connect.resolver.ts

Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,6 @@`
`3`	`3`	`"key": "73717ca0-8c15-40b9-bcca-8d85656d1438",`
`4`	`4`	`"name": "Test API Key",`
`5`	`5`	`"description": "Testing API key creation",`
`6`		`- "roles": ["guest", "upc"],`
	`6`	`+ "roles": ["guest", "connect"],`
`7`	`7`	`"createdAt": "2024-10-29T19:59:12.569Z"`
`8`	`8`	`}`