feat: add --service-token auth and /api/workspaces/status endpoint#228
Closed
bzlo wants to merge 1 commit intoBackblaze:mainfrom
Closed
feat: add --service-token auth and /api/workspaces/status endpoint#228bzlo wants to merge 1 commit intoBackblaze:mainfrom
bzlo wants to merge 1 commit intoBackblaze:mainfrom
Conversation
Adds a static service token mechanism for machine-to-machine API access without browser-based login or token expiry. When --service-token (or BOARDWALKD_SERVICE_TOKEN env var) is set, requests bearing that value in the boardwalk-api-token header authenticate as service@boardwalk. Also adds GET /api/workspaces/status, a read-only endpoint that returns all workspace names, details, semaphores, and last-seen timestamps for monitoring integrations. Made-with: Cursor
Contributor
|
Superseded by #229. (Was the simplest method, since I don't know if there's a corresponding push in |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
--service-token/BOARDWALKD_SERVICE_TOKENCLI option for static machine-to-machine API authentication (no expiry, no browser login)service@boardwalkand bypass the user-state lookup inprepare()GET /api/workspaces/statusauthenticated endpoint returning workspace names, details, semaphores, and last-seen timestampsself.request.headers["boardwalk-api-token"]raisedKeyError(500) when the header was absent; changed to.get()which returnsNoneand lets Tornado's auth flow return 403Changes
src/boardwalkd/cli.py--service-tokenclick option (env var:BOARDWALKD_SERVICE_TOKEN)serve()->run()->make_app()src/boardwalkd/server.pyAPIBaseHandler.get_current_user(): checksboardwalk-api-tokenheader against the configured service token first; sets_is_service_authflag; falls back to existing secure-cookie pathAPIBaseHandler.prepare(): skips user-state lookup when_is_service_authis TrueWorkspacesStatusApiHandlerclass forGET /api/workspaces/statusmake_app()andrun()accept and propagateservice_tokenTest plan
pytest-- 33 passed)ruff checkcleanruff format --checkcleansemgrepclean (0 findings)Made with Cursor