Enhance API Key Validation and Admin Access Control #224
Conversation
- Added ApiKeyValidationFailed exception for better error handling during API key validation. - Updated api_key_check middleware to exclude certain paths from API key checks. - Modified status endpoint to require admin access. - Introduced is_admin field in ApiKeyEntity to manage admin user permissions. - Introduced admin_required property for user defined endpoints.
There was a problem hiding this comment.
Looks good.
As you added a attr like always_defer, maybe it is a good idea to generalize it to be an enum of always, 'neverandoptional`. because for some endpoints the user should not be able to defer the requests. like list of collections which we would like to add it as a task!
also there is a get method for delete task. I am not sure if it will break backward compatibility if anyone is using our sdk, but it is good to change the method to @app.delete(...)
Good idea! I replaced it with a generalized option defer_option. Regarding the task management endpoints, I think we should do it as a separate PR. We need to add proper CRUD operations for the tasks. There is even an issue for that #177. I don't know if we want to use REST for it though. |
admin_required: Flag indicating if the endpoint requires admin access.always_defer: Flag indicating if the endpoint should always defer execution to the task queue.