apikeys

Documentation

Overview

Package apikeys handles generating, revoking, and listing data on api keys. API keys are used for authenticating automated access to this app.

Only certain endpoints are accessible via an API key, not all of this app's functionality is accessible via an outside integration. The limitations are for security purposes and because not all functionality needs to be accessible via a public API.

Index

• Variables
• func Generate(w http.ResponseWriter, r *http.Request)
• func GetAll(w http.ResponseWriter, r *http.Request)
• func IsPublicEndpoint(urlPath string) error
• func KeyLength() int
• func Revoke(w http.ResponseWriter, r *http.Request)

Variables

var ErrNonPublicEndpoint = errors.New("api: access denied to non-public endpoint")

ErrNonPublicEndpoint is returned when a request is made via an api key to an endpoint that isn't in the list publicEndpoints.

Functions

func Generate

func Generate(w http.ResponseWriter, r *http.Request)

Generate creates a new API key and saves it to the database.

func GetAll

func GetAll(w http.ResponseWriter, r *http.Request)

GetAll looks up a list of all API keys. This is used on the manage API keys page.

func IsPublicEndpoint

func IsPublicEndpoint(urlPath string) error

IsPublicEndpoint checks if a provided URL is in the list of publically accessible endpoints. If not, it returnes an error.

An error is returned, instead of just a bool, so that we can reply with the error to the request. This prevents us from just returning some generic error.

func KeyLength

func KeyLength() int

KeyLength returns the length of API keys generated inclusive of the key's prefix and key separator. This is used during validation of API requests to simply check if the provided api key is the correct length before looking up the key in the database.

func Revoke

func Revoke(w http.ResponseWriter, r *http.Request)

Revoke marks an API key as inactive.