docat icon indicating copy to clipboard operation
docat copied to clipboard
verified publisher icon docat-org

CI Token management

Open jbroillet opened this issue 2 years ago • 4 comments

It could be useful if the api-key could be set when doing a push of a new project.

Example with docatl: docatl push docs.zip newproject 1.0.0 --api-key 1a558b3687abc41fb9dd2f1ec9459271

Then, no token claim is possible for "newproject" project and the token is the token set.

jbroillet avatar Sep 14 '23 11:09 jbroillet

Love that idea :+1: will you create a MR for this?

fliiiix avatar Sep 15 '23 16:09 fliiiix

This won't work with the current implementation, because the token and hash is generated on the server side:

# def claim():
token = secrets.token_hex(16)
salt = os.urandom(32)
token_hash = calculate_token(token, salt)
table.insert({"name": project, "token": token_hash, "salt": salt.hex()})

What I'd do instead is add a flag claim or something similar. The API would then create the token, hash it and return it, which would be very similar to calling claim manually.

reglim avatar Oct 03 '23 06:10 reglim

I don't get why abf8499 was not merged. I'm just rying to do exactly the same thing. Using a Docat deployment that is automtatically fed from a CI job, while readers of the documentation shall have no permissions to delete/upload anything. Any progress on alternatives yet?

johannesloibl avatar Apr 26 '24 11:04 johannesloibl

you can always mount in a custom nginx config which protects the /api routes with basic auth

but i will consider this use-case if we do a docat v2

fliiiix avatar Apr 26 '24 18:04 fliiiix