Add alternative auth mechanism for API usage #833

petterhj · 2023-08-15T07:12:15Z

No description provided.

simenheg

LVGTM! Noen spørsmål:

Burde vi som nevnt kanskje plassert den et annet sted enn under "Admin" som forsvinner snart først som sist, slik at ikke brukerne trenger å lære seg dette to ganger?
Litt lett å misse at man kan gi integrasjonen et navn; burde man kanskje startet med den modalen der man skriver inn navn og beskrivelse når man trykker på "Legg til klient"?
Tror vi burde hashe secretene som vi lagrer i databasen for sikkerhets skyld.
Lenke til API-dokumentasjonen fra et sted på siden?
Burde kanskje få på rate limiting som vi snakket om.
Er c67350a rebaset eller noe inn her med en feil?

src/components/ApiClientCard.vue

src/locale/locales/nb-NO.json

src/components/ApiClientCard.vue

src/locale/locales/en-US.json

tests/firebase/firestore.test.js

simenheg

LGTM!

Noen spørsmål om småtweaks.

CHANGELOG.md

firestore.rules

functions/api/helpers.js

simenheg · 2023-10-31T07:46:41Z

functions/api/index.js

+const apiLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 100, // max 100 requests per window
+  message: 'Too many requests, please try again later.',
+});


src/db/ApiClient/ApiClient.js

petterhj requested a review from a team August 15, 2023 07:12

simenheg reviewed Aug 17, 2023

View reviewed changes

petterhj force-pushed the protect-api-secrets branch from 7bf6a6f to fc5b0af Compare October 27, 2023 08:21

petterhj added the wip Work in progress label Oct 27, 2023

petterhj force-pushed the protect-api-secrets branch from f8a4999 to bd8feaa Compare October 30, 2023 08:10

petterhj removed the wip Work in progress label Oct 30, 2023

simenheg approved these changes Oct 31, 2023

View reviewed changes

petterhj force-pushed the protect-api-secrets branch from bd8feaa to e9bfa45 Compare November 2, 2023 12:22

petterhj added 16 commits November 7, 2023 12:47

Allow disabling confirm delete button

d1abdcd

Add functionality for creating API clients

07e3487

Support new auth method when updating KPIs and key results using the API

3da115f

Update API specification with new auth mechanism

bf7b4fe

Add initial unit tests for Firestore rules

e60f508

Update changelog

c0970df

Add integrations tab to main item navbar

52ca315

Add API documentation link

fa56174

Show details modal before creating new client

079c0fd

Hash client secrets before storing

528dc8b

Fix popover positioning

7f7de27

Fix typos

90525e4

Configure rate limits for api endpoints

e97ff5d

Use semantic header tag

9b12e53

Update wording for changelog and error messages

8986fbc

Simplify rules for reading api clients

e180685

petterhj force-pushed the protect-api-secrets branch from e9bfa45 to e180685 Compare November 7, 2023 11:58

petterhj merged commit 6e14020 into main Nov 7, 2023
4 checks passed

petterhj deleted the protect-api-secrets branch November 7, 2023 12:01

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add alternative auth mechanism for API usage #833

Add alternative auth mechanism for API usage #833

petterhj commented Aug 15, 2023

simenheg left a comment •

edited

Loading

simenheg left a comment

simenheg Oct 31, 2023

Add alternative auth mechanism for API usage #833

Add alternative auth mechanism for API usage #833

Conversation

petterhj commented Aug 15, 2023

simenheg left a comment • edited Loading

Choose a reason for hiding this comment

simenheg left a comment

Choose a reason for hiding this comment

simenheg Oct 31, 2023

Choose a reason for hiding this comment

simenheg left a comment •

edited

Loading