管理 API 密钥

API 密钥用于机器到机器认证。每个请求使用 Api-KeyApi-Secret 标头;secret 只在创建或轮换时显示,并以哈希形式存储。

真实 API

API 密钥由 serviceprojects API 的 /v0/apikeys 管理,不在 /projects/{id}/apikeys 下管理。项目创建和项目管理 API 当前不在本页范围内。

curl -X POST "https://api.hola.cloud/v0/apikeys" \
  -H "X-Glue-Authentication: {\"user\":{\"id\":\"user-1234\"}}" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "CI/CD Key",
    "scopes": [
      {
        "projects": ["project-123"],
        "host_rules": {"my-project.hola.cloud": "{}"}
      }
    ]
  }'
POST /v0/apikeys HTTP/1.1
Host: api.hola.cloud
X-Glue-Authentication: {"user":{"id":"user-1234"}}
Content-Type: application/json

{
    "name": "CI/CD Key",
    "scopes": [
      {
        "projects": ["project-123"],
        "host_rules": {"my-project.hola.cloud": "{}"}
      }
    ]
  }
package main

import (
	"fmt"
	"io"
	"net/http"
	"encoding/json"
	"strings"
)

func main() {
	payload := map[string]any{"name": "CI/CD Key", "scopes": []any{map[string]any{"host_rules": map[string]any{"my-project.hola.cloud": "{}"}, "projects": []any{"project-123"}}}}
	bodyBytes, err := json.Marshal(payload)
	if err != nil {
		panic(err)
	}
	body := string(bodyBytes)

	req, err := http.NewRequest("POST", "https://api.hola.cloud/v0/apikeys", strings.NewReader(body))
	if err != nil {
		panic(err)
	}
	req.Header.Set("X-Glue-Authentication", "{\"user\":{\"id\":\"user-1234\"}}")
	req.Header.Set("Content-Type", "application/json")

	resp, err := http.DefaultClient.Do(req)
	if err != nil {
		panic(err)
	}
	defer resp.Body.Close()

	responseBody, err := io.ReadAll(resp.Body)
	if err != nil {
		panic(err)
	}
	fmt.Println(string(responseBody))
}
<?php
$payload = ['name' => 'CI/CD Key', 'scopes' => [['host_rules' => ['my-project.hola.cloud' => '{}'], 'projects' => ['project-123']]]];
$body = json_encode($payload);

$ch = curl_init();

curl_setopt_array($ch, [
    CURLOPT_URL => 'https://api.hola.cloud/v0/apikeys',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_CUSTOMREQUEST => 'POST',
    CURLOPT_POSTFIELDS => $body,
    CURLOPT_HTTPHEADER => [
        'X-Glue-Authentication: {"user":{"id":"user-1234"}}',
        'Content-Type: application/json',
    ],
]);

$response = curl_exec($ch);
if ($response === false) {
    throw new Exception(curl_error($ch));
}
curl_close($ch);

echo $response;
import requests

import json

headers = {
    "X-Glue-Authentication": "{\"user\":{\"id\":\"user-1234\"}}",
    "Content-Type": "application/json",
}

payload = {"name": "CI/CD Key", "scopes": [{"host_rules": {"my-project.hola.cloud": "{}"}, "projects": ["project-123"]}]}
body = json.dumps(payload)

response = requests.request(
    "POST",
    "https://api.hola.cloud/v0/apikeys",
    headers=headers,
    data=body
)

print(response.text)
const payload = {"name": "CI/CD Key", "scopes": [{"host_rules": {"my-project.hola.cloud": "{}"}, "projects": ["project-123"]}]};

const response = await fetch("https://api.hola.cloud/v0/apikeys", {
  method: "POST",
  headers: {
    "X-Glue-Authentication": "{\"user\":{\"id\":\"user-1234\"}}",
    "Content-Type": "application/json"
  },
  body: JSON.stringify(payload)
});

console.log(await response.text());
const payload = {"name": "CI/CD Key", "scopes": [{"host_rules": {"my-project.hola.cloud": "{}"}, "projects": ["project-123"]}]};

const response = await fetch("https://api.hola.cloud/v0/apikeys", {
  method: "POST",
  headers: {
    "X-Glue-Authentication": "{\"user\":{\"id\":\"user-1234\"}}",
    "Content-Type": "application/json"
  },
  body: JSON.stringify(payload)
});

const text = await response.text();
console.log(text);
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.util.Map;
import java.util.List;

public class Main {
    public static void main(String[] args) throws Exception {
        var payload = Map.of("name", "CI/CD Key", "scopes", List.of(Map.of("host_rules", Map.of("my-project.hola.cloud", "{}"), "projects", List.of("project-123"))));
        var body = new ObjectMapper().writeValueAsString(payload);

        var request = HttpRequest.newBuilder()
            .uri(URI.create("https://api.hola.cloud/v0/apikeys"))
            .method("POST", HttpRequest.BodyPublishers.ofString(body))
            .header("X-Glue-Authentication", "{\"user\":{\"id\":\"user-1234\"}}")
            .header("Content-Type", "application/json")
            .build();

        var response = HttpClient.newHttpClient().send(request, HttpResponse.BodyHandlers.ofString());
        System.out.println(response.body());
    }
}

作用域

当前模型使用 projectshost_rules

作用域 字段 示例
项目 projects ["project-123"]
Host 规则 host_rules {"my-project.hola.cloud": "{}"}

路径和 HTTP 方法作用域不属于当前模型。

列出密钥

curl "https://api.hola.cloud/v0/apikeys" \
  -H "X-Glue-Authentication: {\"user\":{\"id\":\"user-1234\"}}"
GET /v0/apikeys HTTP/1.1
Host: api.hola.cloud
X-Glue-Authentication: {"user":{"id":"user-1234"}}
package main

import (
	"fmt"
	"io"
	"net/http"
)

func main() {
	req, err := http.NewRequest("GET", "https://api.hola.cloud/v0/apikeys", nil)
	if err != nil {
		panic(err)
	}
	req.Header.Set("X-Glue-Authentication", "{\"user\":{\"id\":\"user-1234\"}}")

	resp, err := http.DefaultClient.Do(req)
	if err != nil {
		panic(err)
	}
	defer resp.Body.Close()

	responseBody, err := io.ReadAll(resp.Body)
	if err != nil {
		panic(err)
	}
	fmt.Println(string(responseBody))
}
<?php
$ch = curl_init();

curl_setopt_array($ch, [
    CURLOPT_URL => 'https://api.hola.cloud/v0/apikeys',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_CUSTOMREQUEST => 'GET',
    CURLOPT_HTTPHEADER => [
        'X-Glue-Authentication: {"user":{"id":"user-1234"}}',
    ],
]);

$response = curl_exec($ch);
if ($response === false) {
    throw new Exception(curl_error($ch));
}
curl_close($ch);

echo $response;
import requests

headers = {
    "X-Glue-Authentication": "{\"user\":{\"id\":\"user-1234\"}}",
}

response = requests.request(
    "GET",
    "https://api.hola.cloud/v0/apikeys",
    headers=headers
)

print(response.text)
const response = await fetch("https://api.hola.cloud/v0/apikeys", {
  method: "GET",
  headers: {
    "X-Glue-Authentication": "{\"user\":{\"id\":\"user-1234\"}}"
  }
});

console.log(await response.text());
const response = await fetch("https://api.hola.cloud/v0/apikeys", {
  method: "GET",
  headers: {
    "X-Glue-Authentication": "{\"user\":{\"id\":\"user-1234\"}}"
  }
});

const text = await response.text();
console.log(text);
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;

public class Main {
    public static void main(String[] args) throws Exception {
        var request = HttpRequest.newBuilder()
            .uri(URI.create("https://api.hola.cloud/v0/apikeys"))
            .method("GET", HttpRequest.BodyPublishers.noBody())
            .header("X-Glue-Authentication", "{\"user\":{\"id\":\"user-1234\"}}")
            .build();

        var response = HttpClient.newHttpClient().send(request, HttpResponse.BodyHandlers.ofString());
        System.out.println(response.body());
    }
}

撤销密钥

curl -X DELETE "https://api.hola.cloud/v0/apikeys/a1b2c3d4-e5f6-7890-abcd-ef1234567890" \
  -H "X-Glue-Authentication: {\"user\":{\"id\":\"user-1234\"}}"
DELETE /v0/apikeys/a1b2c3d4-e5f6-7890-abcd-ef1234567890 HTTP/1.1
Host: api.hola.cloud
X-Glue-Authentication: {"user":{"id":"user-1234"}}
package main

import (
	"fmt"
	"io"
	"net/http"
)

func main() {
	req, err := http.NewRequest("DELETE", "https://api.hola.cloud/v0/apikeys/a1b2c3d4-e5f6-7890-abcd-ef1234567890", nil)
	if err != nil {
		panic(err)
	}
	req.Header.Set("X-Glue-Authentication", "{\"user\":{\"id\":\"user-1234\"}}")

	resp, err := http.DefaultClient.Do(req)
	if err != nil {
		panic(err)
	}
	defer resp.Body.Close()

	responseBody, err := io.ReadAll(resp.Body)
	if err != nil {
		panic(err)
	}
	fmt.Println(string(responseBody))
}
<?php
$ch = curl_init();

curl_setopt_array($ch, [
    CURLOPT_URL => 'https://api.hola.cloud/v0/apikeys/a1b2c3d4-e5f6-7890-abcd-ef1234567890',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_CUSTOMREQUEST => 'DELETE',
    CURLOPT_HTTPHEADER => [
        'X-Glue-Authentication: {"user":{"id":"user-1234"}}',
    ],
]);

$response = curl_exec($ch);
if ($response === false) {
    throw new Exception(curl_error($ch));
}
curl_close($ch);

echo $response;
import requests

headers = {
    "X-Glue-Authentication": "{\"user\":{\"id\":\"user-1234\"}}",
}

response = requests.request(
    "DELETE",
    "https://api.hola.cloud/v0/apikeys/a1b2c3d4-e5f6-7890-abcd-ef1234567890",
    headers=headers
)

print(response.text)
const response = await fetch("https://api.hola.cloud/v0/apikeys/a1b2c3d4-e5f6-7890-abcd-ef1234567890", {
  method: "DELETE",
  headers: {
    "X-Glue-Authentication": "{\"user\":{\"id\":\"user-1234\"}}"
  }
});

console.log(await response.text());
const response = await fetch("https://api.hola.cloud/v0/apikeys/a1b2c3d4-e5f6-7890-abcd-ef1234567890", {
  method: "DELETE",
  headers: {
    "X-Glue-Authentication": "{\"user\":{\"id\":\"user-1234\"}}"
  }
});

const text = await response.text();
console.log(text);
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;

public class Main {
    public static void main(String[] args) throws Exception {
        var request = HttpRequest.newBuilder()
            .uri(URI.create("https://api.hola.cloud/v0/apikeys/a1b2c3d4-e5f6-7890-abcd-ef1234567890"))
            .method("DELETE", HttpRequest.BodyPublishers.noBody())
            .header("X-Glue-Authentication", "{\"user\":{\"id\":\"user-1234\"}}")
            .build();

        var response = HttpClient.newHttpClient().send(request, HttpResponse.BodyHandlers.ofString());
        System.out.println(response.body());
    }
}

Glue2 如何验证

  1. Glue2 提取 Api-KeyApi-Secret
  2. 查找密钥并将 secret 与存储的哈希比较。
  3. 验证 projectshost_rules
  4. 如果有效,将 X-Glue-Authentication 作为 JSON 注入并转发请求。

评论

发表评论