Change route /api-keys -> /users/{user}/keys

bryphe-coder · bryphe-coder · commit ca1a4583889e · 2022-02-17T23:31:36.000Z
diff --git a/coderd/coderd.go b/coderd/coderd.go
@@ -36,12 +36,6 @@ func New(options *Options) http.Handler {
 		})
 		r.Post("/login", api.postLogin)
 		r.Post("/logout", api.postLogout)
-		r.Route("/api-keys", func(r chi.Router) {
-			r.Use(
-				httpmw.ExtractAPIKey(options.Database, nil),
-			)
-			r.Post("/", api.postAPIKey)
-		})
 
 		// Used for setup.
 		r.Get("/user", api.user)
@@ -51,10 +45,12 @@ func New(options *Options) http.Handler {
 				httpmw.ExtractAPIKey(options.Database, nil),
 			)
 			r.Post("/", api.postUsers)
-			r.Group(func(r chi.Router) {
+
+			r.Route("/{user}", func(r chi.Router) {
 				r.Use(httpmw.ExtractUserParam(options.Database))
-				r.Get("/{user}", api.userByName)
-				r.Get("/{user}/organizations", api.organizationsByUser)
+				r.Get("/", api.userByName)
+				r.Get("/organizations", api.organizationsByUser)
+				r.Post("/keys", api.postKeyForUser)
 			})
 		})
 		r.Route("/projects", func(r chi.Router) {
diff --git a/coderd/users.go b/coderd/users.go
@@ -317,10 +317,17 @@ func (api *api) postLogin(rw http.ResponseWriter, r *http.Request) {
 	})
 }
 
-// Creates a new API key, used for logging in via the CLI
-func (api *api) postAPIKey(rw http.ResponseWriter, r *http.Request) {
+// Creates a new session key, used for logging in via the CLI
+func (api *api) postKeyForUser(rw http.ResponseWriter, r *http.Request) {
+	user := httpmw.UserParam(r)
 	apiKey := httpmw.APIKey(r)
-	userID := apiKey.UserID
+
+	if user.ID != apiKey.UserID {
+		httpapi.Write(rw, http.StatusUnauthorized, httpapi.Response{
+			Message: "Keys can only be generated for the authenticated user",
+		})
+		return
+	}
 
 	keyID, keySecret, err := generateAPIKeyIDSecret()
 	if err != nil {
@@ -333,7 +340,7 @@ func (api *api) postAPIKey(rw http.ResponseWriter, r *http.Request) {
 
 	_, err = api.Database.InsertAPIKey(r.Context(), database.InsertAPIKeyParams{
 		ID:           keyID,
-		UserID:       userID,
+		UserID:       apiKey.UserID,
 		ExpiresAt:    database.Now().AddDate(1, 0, 0), // Expire after 1 year (same as v1)
 		CreatedAt:    database.Now(),
 		UpdatedAt:    database.Now(),
diff --git a/coderd/users_test.go b/coderd/users_test.go
@@ -119,7 +119,7 @@ func TestOrganizationsByUser(t *testing.T) {
 	require.Len(t, orgs, 1)
 }
 
-func TestPostAPIKey(t *testing.T) {
+func TestPostKey(t *testing.T) {
 	t.Parallel()
 	t.Run("InvalidUser", func(t *testing.T) {
 		t.Parallel()
diff --git a/codersdk/users.go b/codersdk/users.go
@@ -58,7 +58,7 @@ func (c *Client) CreateUser(ctx context.Context, req coderd.CreateUserRequest) (
 
 // CreateAPIKey calls the /api-key API
 func (c *Client) CreateAPIKey(ctx context.Context) (*coderd.GenerateAPIKeyResponse, error) {
-	res, err := c.request(ctx, http.MethodPost, "/api/v2/api-keys", nil)
+	res, err := c.request(ctx, http.MethodPost, "/api/v2/users/me/keys", nil)
 	if err != nil {
 		return nil, err
 	}

Original file line number	Diff line number	Diff line change
`@@ -119,7 +119,7 @@ func TestOrganizationsByUser(t *testing.T) {`
`119`	`119`	`require.Len(t, orgs, 1)`
`120`	`120`	`}`
`121`	`121`
`122`		`-func TestPostAPIKey(t *testing.T) {`
	`122`	`+func TestPostKey(t *testing.T) {`
`123`	`123`	`t.Parallel()`
`124`	`124`	`t.Run("InvalidUser", func(t *testing.T) {`
`125`	`125`	`t.Parallel()`
Original file line number	Diff line number	Diff line change
`@@ -58,7 +58,7 @@ func (c *Client) CreateUser(ctx context.Context, req coderd.CreateUserRequest) (`
`58`	`58`
`59`	`59`	`// CreateAPIKey calls the /api-key API`
`60`	`60`	`func (c Client) CreateAPIKey(ctx context.Context) (coderd.GenerateAPIKeyResponse, error) {`
`61`		`- res, err := c.request(ctx, http.MethodPost, "/api/v2/api-keys", nil)`
	`61`	`+ res, err := c.request(ctx, http.MethodPost, "/api/v2/users/me/keys", nil)`
`62`	`62`	`if err != nil {`
`63`	`63`	`return nil, err`
`64`	`64`	`}`