Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix of broken API Auth #8338

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Fix of broken API Auth #8338

wants to merge 8 commits into from
+308 −66

Conversation

guillim
Copy link
Contributor

@guillim guillim commented Nov 5, 2024

Fix done this morning with @FelixMalfait from #8295

@guillim guillim self-assigned this Nov 5, 2024
greptile-apps[bot]
greptile-apps bot reviewed Nov 5, 2024
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Summary

This PR fixes API authentication for self-hosted instances by modifying the JWT payload structure and validation logic to properly handle API key tokens.

  • Added type: 'API_KEY' field in JWT payload in packages/twenty-server/src/engine/core-modules/auth/services/api-key.service.ts to distinguish API tokens
  • Modified user lookup logic in jwt.auth.strategy.ts to skip user validation when payload.type === 'API_KEY'
  • Updated token validation in jwt.auth.strategy.ts to properly handle API keys by checking apiKey.revokedAt status
  • Fixed workspace ID resolution by using payload.workspaceId ?? payload.sub for consistent workspace lookup

2 file(s) reviewed, 1 comment(s)
Edit PR Review Bot Settings | Greptile

packages/twenty-server/src/engine/core-modules/auth/strategies/jwt.auth.strategy.ts Outdated
@@ -104,7 +105,7 @@ export class JwtAuthStrategy extends PassportStrategy(Strategy, 'jwt') {
}
}

if (payload.workspaceId) {
if (payload.type !== 'API_KEY') {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic: Type check could allow null values through. Consider explicit check for type === 'API_KEY' instead.

FelixMalfait
FelixMalfait approved these changes Nov 5, 2024
View reviewed changes
Copy link
Member

@FelixMalfait FelixMalfait left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great first PR! 🙌

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2024
edited
Loading

Warnings
⚠️ Changes were made to the environment variables, but not to the documentation - Please review your changes and check if a change needs to be documented!

TODOs/FIXMEs:

  • // TODO: Check why it's not working: packages/twenty-server/src/engine/core-modules/auth/strategies/jwt.auth.strategy.ts

Generated by 🚫 dangerJS against 6f948b4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

@FelixMalfait FelixMalfait FelixMalfait approved these changes

@charlesBochet charlesBochet charlesBochet approved these changes

Assignees

@guillim guillim

Labels
-PR: awaiting review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@guillim @FelixMalfait @charlesBochet