Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Removed internal Riddler getKey calls #23410

Merged
merged 52 commits into from
Dec 30, 2024
Merged

Removed internal Riddler getKey calls #23410

Show file tree
Hide file tree
Changes from 47 commits
Commits
Show all changes
52 commits
Select commit Hold shift + click to select a range
bd5c693
Added support for hidden private keys in Riddler
dhr-verma Dec 17, 2024
76325b6
Added key ordering logic
dhr-verma Dec 17, 2024
518b48d
Added unit tests
dhr-verma Dec 17, 2024
abca9ee
Combined the getKey methods
dhr-verma Dec 18, 2024
b97ae1b
Fixed bug in sinon
dhr-verma Dec 18, 2024
39810d2
Merge branch 'main' of https://github.com/microsoft/FluidFramework in…
dhr-verma Dec 18, 2024
a4b24eb
Fixed unit test bug
dhr-verma Dec 18, 2024
ab12637
Added more unit tests
dhr-verma Dec 18, 2024
604d986
Added more unit tests for TenantManager
dhr-verma Dec 18, 2024
cf3bcd9
FIxed format
dhr-verma Dec 18, 2024
478b5fb
Fixed formatting
dhr-verma Dec 18, 2024
52cbe69
Added new prop to ITenantConfig
dhr-verma Dec 18, 2024
367c841
Lint fixes
dhr-verma Dec 18, 2024
053741c
Fixed bugs
dhr-verma Dec 19, 2024
d6b4c3c
Changed property name from isKeylessAccessEnabled to enableKeylessAccess
dhr-verma Dec 19, 2024
2332f10
Added documentation
dhr-verma Dec 19, 2024
3ae1ebd
Improved readability
dhr-verma Dec 19, 2024
e615875
Fixed format
dhr-verma Dec 19, 2024
70d1fec
Addressed usePrivateKey comment
dhr-verma Dec 19, 2024
cf51d29
Addressed comments about the keyless token claim
dhr-verma Dec 19, 2024
87e451b
Fixed lint errors
dhr-verma Dec 19, 2024
4d63e65
Merge branch 'main' of https://github.com/microsoft/FluidFramework in…
dhr-verma Dec 20, 2024
4108825
Addressed comments about combining the createTenantKeys methods
dhr-verma Dec 20, 2024
e7498a3
Modified keyless access policy API
dhr-verma Dec 20, 2024
3353fab
Fixed format
dhr-verma Dec 20, 2024
4097f71
Added a new tenant config prop enableKeyAccess and made enableKeyless…
dhr-verma Dec 20, 2024
9f58492
Changed logic of checking if key based access is enabled
dhr-verma Dec 20, 2024
89e839f
Changed variable name for readability
dhr-verma Dec 20, 2024
8b5a2b6
Addressed comments
dhr-verma Dec 26, 2024
5fcbd71
Added changesets
dhr-verma Dec 26, 2024
f736d30
Update server/routerlicious/.changeset/six-candles-sneeze.md
dhr-verma Dec 26, 2024
c329bac
Update server/routerlicious/.changeset/six-candles-sneeze.md
dhr-verma Dec 26, 2024
ded23b4
Update server/routerlicious/.changeset/weak-radios-camp.md
dhr-verma Dec 26, 2024
cd8fe82
Addressed comments
dhr-verma Dec 26, 2024
e1f7b20
Merge branch 'vermadhr/keylessAccessWork' of https://github.com/dhr-v…
dhr-verma Dec 26, 2024
015785b
Merge branch 'main' of https://github.com/microsoft/FluidFramework in…
dhr-verma Dec 26, 2024
c7efe65
Added support for making API keys optional
dhr-verma Dec 26, 2024
5218c20
Added more unit tests
dhr-verma Dec 27, 2024
19c0307
Added unit tests
dhr-verma Dec 27, 2024
2cc30b7
Added more unit tests
dhr-verma Dec 27, 2024
513c5f9
Removed getKey API call from internal services
dhr-verma Dec 27, 2024
a224f3a
Updated docs
dhr-verma Dec 27, 2024
66efcee
Added debug logs
dhr-verma Dec 27, 2024
3320a28
Added more debug logs
dhr-verma Dec 28, 2024
4f91beb
Fixed encryption bug
dhr-verma Dec 28, 2024
fe308d9
Removed debug logs
dhr-verma Dec 30, 2024
8f195d7
Update server/routerlicious/packages/services/src/tenant.ts
dhr-verma Dec 30, 2024
f94d7c2
Addressed comments
dhr-verma Dec 30, 2024
a79d8d6
Merge branch 'vermadhr/keylessAccessWork' of https://github.com/dhr-v…
dhr-verma Dec 30, 2024
2a0a016
Added changesets
dhr-verma Dec 30, 2024
36ae5d4
Update server/routerlicious/packages/routerlicious-base/src/riddler/a…
dhr-verma Dec 30, 2024
b73ae27
Changed API design for the case where shared keys are disabled
dhr-verma Dec 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions server/routerlicious/packages/routerlicious-base/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,9 @@
},
"ClassDeclaration_TenantManager": {
"forwardCompat": false
},
"InterfaceDeclaration_ITenantDocument": {
"backCompat": false
}
}
}
Expand Down
2 changes: 1 addition & 1 deletion server/routerlicious/packages/routerlicious-base/src/alfred/routes/api/documents.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ async function generateCreateDocumentResponseBody(
if (token === undefined) {
throw new NetworkError(400, "Authorization header is missing or malformed");
}
newDocumentAccessToken = await getCreationToken(tenantManager, token, tenantId, documentId);
newDocumentAccessToken = await getCreationToken(tenantManager, token, documentId);
}
let newDocumentSession: ISession | undefined;
if (enableDiscovery) {
Expand Down
51 changes: 36 additions & 15 deletions server/routerlicious/packages/routerlicious-base/src/riddler/api.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,30 @@ export function create(
);
});

/**
* Signs a tenant token using the given tenant's key.
*/
router.post("/tenants/:id/accesstoken", (request, response) => {
const tenantId = request.params.id;
const scopes = request.body.scopes;
const documentId = request.body.documentId ?? "";
const user = request.body.user;
const lifetime = request.body.lifetime;
const ver = request.body.ver;
const jti = request.body.jti;
dhr-verma marked this conversation as resolved.
Show resolved Hide resolved
const accessTokenP = manager.signToken(
tenantId,
documentId,
scopes,
user,
lifetime,
ver,
jti,
getIncludeDisabledFlag(request),
);
handleResponse(accessTokenP, response);
});

/**
* Retrieves details for the given tenant
*/
Expand All @@ -91,13 +115,7 @@ export function create(
router.get("/tenants/:id/keys", (request, response) => {
const tenantId = request.params.id;
const includeDisabledTenant = getIncludeDisabledFlag(request);
const usePrivateKeys = getUsePrivateKeysFlag(request);
const tenantP = manager.getTenantKeys(
tenantId,
includeDisabledTenant,
false /* bypassCache */,
usePrivateKeys,
);
const tenantP = manager.getTenantKeys(tenantId, includeDisabledTenant);
handleResponse(tenantP, response);
});

Expand All @@ -122,10 +140,15 @@ export function create(
/**
* Updates the keyless access setting for the given tenant
*/
router.put("/tenants/:id/privateKeyAccess", (request, response) => {
router.put("/tenants/:id/keyAccess", (request, response) => {
const tenantId = request.params.id;
const enablePrivateKeyAccess = request.body.enablePrivateKeyAccess ?? false;
const storageP = manager.updatePrivateKeyAccessPolicy(tenantId, enablePrivateKeyAccess);
const enableSharedKeyAccess = request.body.enableSharedKeyAccess ?? true;
const storageP = manager.updateKeyAccessPolicy(
tenantId,
enablePrivateKeyAccess,
enableSharedKeyAccess,
);
handleResponse(storageP, response);
});

Expand All @@ -139,7 +162,8 @@ export function create(
});

/**
* Refreshes the key for the given tenant
* Refreshes the key for the given tenant. Private keys are refreshed only if refreshPrivateKey is true.
* Private keys are refreshed only by internal service calls.
*/
router.put("/tenants/:id/key", (request, response) => {
const tenantId = request.params.id;
Expand All @@ -160,11 +184,13 @@ export function create(
? request.body.customData
: {};
const enablePrivateKeyAccess = request.body.enablePrivateKeyAccess ?? false;
const enableSharedKeyAccess = request.body.enableSharedKeyAccess ?? true;
const tenantP = manager.createTenant(
tenantId,
tenantStorage,
tenantOrderer,
tenantCustomData,
enableSharedKeyAccess,
enablePrivateKeyAccess,
);
handleResponse(tenantP, response);
Expand All @@ -188,10 +214,5 @@ export function create(
return includeDisabledRaw?.toLowerCase() === "true";
}

function getUsePrivateKeysFlag(request): boolean {
const usePrivateKeys = request.query.usePrivateKeys as string;
return usePrivateKeys?.toLowerCase() === "true";
}

return router;
}
Loading
Loading