I completely reworked how API tokens are stored and shared between backend applications (heimdall and beacon).
I decided that it is more consistent to store them in Postgres (together with the other data) and not in Redis.
For sharing the tokens and related data as well as updates to them, I implemented an internal REST API with server sent events (/api/internal).
This is not relevant for Luna, only for backend services!
Since tokens are now stored in Postgres, I added some fields that seemed useful (created_at, updated_at) and also moved the permanent field from user into the token.
I removed the roles field as they can be queried from a different endpoint.
Also, when querying a single user, the roles, registration-key (if exists) and api-token (if exists) are returned.
This is also the case on login (even if the token was just generated during login).
So you don't have to query the token separately after login.
API tokens and users have a 1-to-1 relation, so we don't need a separate token_id. Instead, the token uses the user_id.
The API token type as JSON looks like this:
{
"api_token": string,
"permanent": bool,
"created_at": timestamp ISO8601,
"updated_at": timestamp ISO8601,
"expires_at": timestamp ISO8601,
}
The user type as JSON looks like this:
{
"id": 1,
"created_at": timestamp ISO8601,
"updated_at": timestamp ISO8601,
"username": string,
"email": string,
"last_login": timestamp ISO8601,
"registration_key": RegistrationKey, //omitted if null
"roles": Role[],
"api_token": ApiToken // omitted if null
}
The token related endpoints are:
- GET /users//api-token
- PUT /users//api-token (only for admins, updates permanent status)
- with payload: { "permanent": bool }
- DELETE /users//api-token (deletes the current token and generates a new one)
The updated swagger REST API documentation can be found here:
https://github.com/ProjectLighthouseCAU/heimdall/tree/api-token-changes/docs
And when the update is deployed under the usual hosted documentation path "/api/swagger/index.html":
https://lighthouse01.uni-kiel.de/api/swagger/index.html
I think I'm going to update Heimdall in staging, breaking Luna temporarily until these changes are implemented.
I completely reworked how API tokens are stored and shared between backend applications (heimdall and beacon).
I decided that it is more consistent to store them in Postgres (together with the other data) and not in Redis.
For sharing the tokens and related data as well as updates to them, I implemented an internal REST API with server sent events (
/api/internal).This is not relevant for Luna, only for backend services!
Since tokens are now stored in Postgres, I added some fields that seemed useful (
created_at, updated_at) and also moved thepermanentfield from user into the token.I removed the
rolesfield as they can be queried from a different endpoint.Also, when querying a single user, the roles, registration-key (if exists) and api-token (if exists) are returned.
This is also the case on login (even if the token was just generated during login).
So you don't have to query the token separately after login.
API tokens and users have a 1-to-1 relation, so we don't need a separate token_id. Instead, the token uses the user_id.
The API token type as JSON looks like this:
The user type as JSON looks like this:
The token related endpoints are:
The updated swagger REST API documentation can be found here:
https://github.com/ProjectLighthouseCAU/heimdall/tree/api-token-changes/docs
And when the update is deployed under the usual hosted documentation path "/api/swagger/index.html":
https://lighthouse01.uni-kiel.de/api/swagger/index.html
I think I'm going to update Heimdall in staging, breaking Luna temporarily until these changes are implemented.