Backlog/api key #1394
Open
Backlog/api key #1394
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… utf8 characters even url structure ones
…ependency in service methods
Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>
Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>
…factor validation logic
…hips and update queries to use source field
…or handling Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>
…ser feedback Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>
…n confirmation Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>
…es, and expiration indicators Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>
There was a problem hiding this comment.
Pull Request Overview
This PR implements comprehensive API Key management functionality in UTMStack, enabling external applications to authenticate securely without sharing user credentials. The implementation includes full CRUD operations for API keys, IP-based access control, expiration management, usage logging to Elasticsearch, and integration with existing authentication systems.
Key Changes:
- Backend API endpoints for API key lifecycle management (create, update, delete, generate, list)
- Security filter for API key authentication with IP validation and expiration checks
- Frontend UI for managing API keys with IP/CIDR validation
- Usage logging system storing access attempts in Elasticsearch
Reviewed Changes
Copilot reviewed 47 out of 49 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
| backend/src/main/java/com/park/utmstack/web/rest/api_key/ApiKeyResource.java | REST endpoints for API key CRUD operations |
| backend/src/main/java/com/park/utmstack/security/api_key/ApiKeyFilter.java | Security filter implementing API key authentication |
| backend/src/main/java/com/park/utmstack/service/api_key/ApiKeyService.java | Core business logic for API key management |
| backend/src/main/resources/config/liquibase/changelog/20251017001_create_api_keys_table.xml | Database schema for API keys table |
| frontend/src/app/app-management/api-keys/api-keys.component.ts | Main component for API key management UI |
| frontend/src/app/app-management/api-keys/shared/service/api-keys.service.ts | Frontend service for API key HTTP operations |
| frontend/src/app/core/auth/account.service.ts | Password encoding fix for credentials check |
| backend/src/main/java/com/park/utmstack/config/Constants.java | New constants for API key configuration |
Comments suppressed due to low confidence (1)
frontend/src/app/app-management/api-keys/shared/components/api-key-modal/api-key-modal.component.html:1
- Corrected duplicated text 'Keep this key safeKeep this key safe' to 'Keep this key safe'
<app-utm-modal-header [name]="apiKey?.id ? 'Edit Api Key' : 'Create Api Key'"></app-utm-modal-header>
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
frontend/src/app/app-management/api-keys/shared/service/api-keys.service.ts
Show resolved
Hide resolved
...d/src/app/app-management/api-keys/shared/components/api-key-modal/api-key-modal.component.ts
Outdated
Show resolved
Hide resolved
backend/src/main/java/com/park/utmstack/validation/api_key/ValidIPOrCIDRValidator.java
Show resolved
Hide resolved
backend/src/main/java/com/park/utmstack/validation/api_key/ValidIPOrCIDRValidator.java
Show resolved
Hide resolved
backend/src/main/java/com/park/utmstack/service/api_key/ApiKeyService.java
Show resolved
Hide resolved
backend/src/main/java/com/park/utmstack/security/api_key/ApiKeyFilter.java
Outdated
Show resolved
Hide resolved
backend/src/main/java/com/park/utmstack/web/rest/api_key/ApiKeyResource.java
Outdated
Show resolved
Hide resolved
Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>
Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>
…or handling Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>
…ser feedback Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>
…n confirmation Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>
…es, and expiration indicators Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>
…-key-modal/api-key-modal.component.ts Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…yFilter.java Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
… and feedback Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>
…i_key # Conflicts: # backend/src/main/java/com/park/utmstack/security/api_key/ApiKeyFilter.java
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PR: API Key Management Feature
Adds full API Key management to UTMStack, including creation, update, deletion, generation, and listing of API Keys. Users can securely generate keys (plain text returned only once) and query their usage via Elasticsearch.
Objective: Enable external applications and services to authenticate securely with UTMStack without sharing user credentials, providing controlled access, auditing, and revocation capabilities.
Endpoints are secured for users with USER authority, support pagination, and are documented with OpenAPI/Swagger annotations. Fully compatible with existing authentication and prepared for future auditing and external integrations.