Algolia生成无效的安全API密钥

时间:2017-01-13 18:25:50

标签: javascript node.js security api-key algolia

所以我正在尝试生成一些安全的API-Keys,但似乎它们没有正确生成,我没有运气就遵循了API文档。

这就是我正在做的事情

var algoliasearch = require('algoliasearch');

var admin_client = algoliasearch('APP', 'ADMIN_KEY');
var search_client = algoliasearch('APP', 'ONLY_SEARCH_KEY');

var admin_index = admin_client.initIndex('INDEX');
var search_index = search_client.initIndex('INDEX');

admin_index.search('dav', (err, content) => { console.log(err, content) });
//------------------CONSOLE-------------------------------
null { hits: 
[ { firstname: 'David',
   lastname: 'De Anda',
   _tags: [Object],
   objectID: '2',
   _highlightResult: [Object] } ],
nbHits: 1,
page: 0,
nbPages: 1,
hitsPerPage: 20,
processingTimeMS: 1,
query: 'dav',
params: 'query=dav' }
//-------------------------------------------------

search_index.search('dav', (err, content) => { console.log(err, content) });

//------------------CONSOLE-------------------------------
null { hits: 
[ { firstname: 'David',
   lastname: 'De Anda',
   _tags: [Object],
   objectID: '2',
   _highlightResult: [Object] } ],
nbHits: 1,
page: 0,
nbPages: 1,
hitsPerPage: 20,
processingTimeMS: 1,
query: 'dav',
params: 'query=dav' }
//-------------------------------------------------

到目前为止,一切似乎都有效 但现在我想生成一些安全的API密钥

var valid_until = Math.floor(Date.now() / 1000) + 3600

var from_admin_api_key = admin_client.generateSecuredApiKey('from_admin', {validUntil: valid_until});
var from_search_api_key = search_client.generateSecuredApiKey('from_search', {validUntil: valid_until});

var sub_admin_client = algoliasearch('APP', from_admin_api_key);
var sub_search_client = algoliasearch('APP', from_search_api_key);

var sub_admin_index = sub_admin_client.initIndex('INDEX');
var sub_search_index = sub_search_client.initIndex('INDEX');

sub_admin_index.search('dav', (err, content) => { console.log(err, content) });
//------------------CONSOLE-------------------------------
{ Error
    at success (/app/node_modules/algoliasearch/src/AlgoliaSearchCore.js:334:32)
    at process._tickDomainCallback (internal/process/next_tick.js:129:7)
  name: 'AlgoliaSearchError',
  message: 'Invalid Application-ID or API key',
  debugData: 
   [ { currentHost: 'https://ge24e6css9-dsn.algolia.net',
       headers: [Object],
       content: '{"params":"query=dav"}',
       contentLength: 22,
       method: 'POST',
       timeouts: [Object],
       url: '/1/indexes/INDEX/query',
       startTime: 2017-01-13T17:46:42.519Z,
       endTime: 2017-01-13T17:46:44.038Z,
       duration: 1519,
       statusCode: 403 } ],
  statusCode: 403 } undefined
//-------------------------------------------------

sub_search_index.search('dav', (err, content) => { console.log(err, content) });

//------------------CONSOLE-------------------------------
{ Error
    at success (/app/node_modules/algoliasearch/src/AlgoliaSearchCore.js:334:32)
    at process._tickDomainCallback (internal/process/next_tick.js:129:7)
  name: 'AlgoliaSearchError',
  message: 'Invalid Application-ID or API key',
  debugData: 
   [ { currentHost: 'https://ge24e6css9-dsn.algolia.net',
       headers: [Object],
       content: '{"params":"query=dav"}',
       contentLength: 22,
       method: 'POST',
       timeouts: [Object],
       url: '/1/indexes/INDEX/query',
       startTime: 2017-01-13T17:46:42.519Z,
       endTime: 2017-01-13T17:46:44.038Z,
       duration: 1519,
       statusCode: 403 } ],
  statusCode: 403 } undefined
//-------------------------------------------------

1 个答案:

答案 0 :(得分:0)

我误解了实际上是原始API密钥的generateSecuredApiKey第一个参数。

所以正确的代码将是

var from_admin_api_key = admin_client.generateSecuredApiKey('ADMIN_KEY', {validUntil: valid_until});
var from_search_api_key = search_client.generateSecuredApiKey('ONLY_SEARCH_KEY', {validUntil: valid_until});

当然,生成的密钥从ADMIN_KEY开始工作。