herocode/herodb
12
0
Fork 0
Code Issues 6 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fixed key-based access control for Tantivy backends

Browse Source
This commit is contained in:
Maxime Van Hees
2025-09-25 16:06:08 +02:00
parent e7248b84e8
commit 7f92001b89
6 changed files with 156 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/admin_meta.rs
View File

@@ -432,20 +432,26 @@ pub fn verify_access(
return Ok(None);
}
// Public?
if load_public(&admin, id)? {
return Ok(Some(Permissions::ReadWrite));
}
let is_public = load_public(&admin, id)?;
// Private: require key and verify
// If a key is explicitly provided, enforce its validity strictly.
// Do NOT fall back to public when an invalid key is supplied.
if let Some(k) = key_opt {
let hash = crate::rpc::hash_key(k);
if let Some(v) = admin.hget(&k_meta_db_keys(id), &hash)? {
let (perm, _ts) = parse_perm_value(&v);
return Ok(Some(perm));
}
// Invalid key
return Ok(None);
}
// No key provided: allow access if DB is public, otherwise deny
if is_public {
Ok(Some(Permissions::ReadWrite))
} else {
Ok(None)
}
Ok(None)
}
// Enumerate all db ids