/// <inheritdoc />
public string GenerateSecuredApiKeys(string parentApiKey, SecuredApiKeyRestriction restriction)
{
string queryParams = QueryStringHelper.BuildRestrictionQueryString(restriction);
string hash = HmacShaHelper.GetHash(parentApiKey, queryParams);
return(HmacShaHelper.Base64Encode($"{hash}{queryParams}"));
}
public static string BuildRestrictionQueryString(SecuredApiKeyRestriction restriction)
{
string restrictionQuery = null;
if (restriction.Query != null)
{
restrictionQuery = ToQueryString(restriction.Query);
}
string restrictIndices = null;
if (restriction.RestrictIndices != null)
{
restrictIndices = $"restrictIndices={string.Join(",", restriction.RestrictIndices)}";
}
string restrictSources = null;
if (restriction.RestrictSources != null)
{
restrictSources = $"restrictSources={string.Join(",", restriction.RestrictSources)}";
}
string restrictionQueryParams = ToQueryString(restriction, nameof(restriction.Query),
nameof(restriction.RestrictIndices), nameof(restriction.RestrictSources));
var array = new[] { restrictionQuery, restrictIndices, restrictSources, restrictionQueryParams };
return(string.Join("&", array.Where(s => !string.IsNullOrEmpty(s))));
}
public async Task TestApiKey()
{
var addOne = await _index1.SaveObjectAsync(new SecuredApiKeyStub { ObjectID = "one" });
var addTwo = await _index2.SaveObjectAsync(new SecuredApiKeyStub { ObjectID = "one" });
addOne.Wait();
addTwo.Wait();
SecuredApiKeyRestriction restriction = new SecuredApiKeyRestriction
{
ValidUntil = DateTime.UtcNow.AddMinutes(10).ToUnixTimeSeconds(),
RestrictIndices = new List <string> {
_index1Name
}
};
string key = BaseTest.SearchClient.GenerateSecuredApiKeys(TestHelper.SearchKey1, restriction);
SearchClient clientWithRestriciton = new SearchClient(TestHelper.ApplicationId1, key);
SearchIndex index1WithoutRestriction = clientWithRestriciton.InitIndex(_index1Name);
SearchIndex index2WithRestriction = clientWithRestriciton.InitIndex(_index2Name);
await index1WithoutRestriction.SearchAsync <SecuredApiKeyStub>(new Query());
AlgoliaApiException ex = Assert.ThrowsAsync <AlgoliaApiException>(() =>
index2WithRestriction.SearchAsync <SecuredApiKeyStub>(new Query()));
Assert.That(ex.Message.Contains("Index not allowed with this API key"));
Assert.That(ex.HttpErrorCode == 403);
}
public void TestRemainingValidityParameters()
{
// Test a valid key
SecuredApiKeyRestriction restriction = new SecuredApiKeyRestriction
{
RestrictIndices = new List <string> {
"indexName"
}
};
string keyWithMissingValidUntil = BaseTest.SearchClient.GenerateSecuredApiKeys(TestHelper.SearchKey1, restriction);
Assert.Throws <AlgoliaException>(() => BaseTest.SearchClient.GetSecuredApiKeyRemainingValidity(keyWithMissingValidUntil));
}
public void TestExpiredKey()
{
// Test an expired key
SecuredApiKeyRestriction restriction = new SecuredApiKeyRestriction
{
ValidUntil = DateTime.UtcNow.AddMinutes(-10).ToUnixTimeSeconds(),
RestrictIndices = new List <string> {
"indexName"
}
};
string expiredKey = BaseTest.SearchClient.GenerateSecuredApiKeys(TestHelper.SearchKey1, restriction);
TimeSpan remainingValidity = BaseTest.SearchClient.GetSecuredApiKeyRemainingValidity(expiredKey);
Assert.That(remainingValidity.TotalSeconds, Is.LessThan(0));
}
