Merge branch 'rename-brave-key' into staging

Author: DJAndries

README.md

@@ -35,7 +35,7 @@ View API documentation at http://localhost:8080/swagger/index.html.
 | LOG_LEVEL | No | Logging level (default: info) |
 | OPAQUE_FAKE_RECORD | No | Use OPAQUE fake record to prevent client enumeration attacks |
 | VERIFY_FRONTEND_URL | No | Frontend URL to use in verification emails |
-| BRAVE_SERVICES_KEY | No | Comma-separated list of services keys to check against (via the `Brave-Key` header) for all requests |
+| BRAVE_SERVICES_KEY | No | Comma-separated list of services keys to check against (via the `BraveServiceKey` header) for all requests |
 | WEBHOOK_KEYS | No | A list of URLs and corresponding API keys for sending account event webhooks, delimited by a comma. Each entry should use the following format: `webhook url=webhook api key` |
 | DEV_ENDPOINTS_ENABLED | No | Enable the development-only endpoints |
 | ALLOWED_ORIGINS | No | List of allowed origins for CORS, separated by comma |

controllers/accounts.go

@@ -255,7 +255,7 @@ func checkVerificationStatusAndIntent(w http.ResponseWriter, r *http.Request, ve
 // @Accept json
 // @Produce json
 // @Param Authorization header string false "Bearer + verification token (optional if newAccountEmail is provided)"
-// @Param Brave-Key header string false "Brave services key (if one is configured)"
+// @Param BraveServiceKey header string false "Brave services key (if one is configured)"
 // @Param request body RegistrationRequest true "Registration request"
 // @Success 200 {object} RegistrationResponse
 // @Failure 400 {object} util.ErrorResponse
@@ -405,7 +405,7 @@ func (ac *AccountsController) postPasswordSetup(ctx context.Context, accountID u
 // @Accept json
 // @Produce json
 // @Param Authorization header string true "Bearer + verification token"
-// @Param Brave-Key header string false "Brave services key (if one is configured)"
+// @Param BraveServiceKey header string false "Brave services key (if one is configured)"
 // @Param request body RegistrationRecord true "Registration record"
 // @Success 200 {object} PasswordFinalizeResponse
 // @Failure 400 {object} util.ErrorResponse
@@ -485,7 +485,7 @@ func (ac *AccountsController) SetupPasswordFinalize(w http.ResponseWriter, r *ht
 // @Accept json
 // @Produce json
 // @Param Authorization header string true "Bearer + verification token"
-// @Param Brave-Key header string false "Brave services key (if one is configured)"
+// @Param BraveServiceKey header string false "Brave services key (if one is configured)"
 // @Param request body services.TwoFAAuthRequest true "2FA verification request"
 // @Success 200 {object} RegistrationFinalize2FAResponse
 // @Failure 400 {object} util.ErrorResponse
@@ -562,7 +562,7 @@ func (ac *AccountsController) SetupPasswordFinalize2FA(w http.ResponseWriter, r
 // @Accept json
 // @Produce json
 // @Param Authorization header string true "Bearer + auth token"
-// @Param Brave-Key header string false "Brave services key (if one is configured)"
+// @Param BraveServiceKey header string false "Brave services key (if one is configured)"
 // @Param request body TwoFAInitRequest true "2FA initialization request"
 // @Success 200 {object} TwoFAInitResponse
 // @Failure 400 {object} util.ErrorResponse
@@ -618,7 +618,7 @@ func (ac *AccountsController) SetupTOTPInit(w http.ResponseWriter, r *http.Reque
 // @Accept json
 // @Produce json
 // @Param Authorization header string true "Bearer + auth token"
-// @Param Brave-Key header string false "Brave services key (if one is configured)"
+// @Param BraveServiceKey header string false "Brave services key (if one is configured)"
 // @Param request body TwoFAFinalizeRequest true "2FA finalization request"
 // @Success 200 {object} TwoFAFinalizeResponse
 // @Failure 400 {object} util.ErrorResponse
@@ -681,7 +681,7 @@ func (ac *AccountsController) SetupTOTPFinalize(w http.ResponseWriter, r *http.R
 // @Tags Accounts
 // @Produce json
 // @Param Authorization header string true "Bearer + auth token"
-// @Param Brave-Key header string false "Brave services key (if one is configured)"
+// @Param BraveServiceKey header string false "Brave services key (if one is configured)"
 // @Success 204 "No Content"
 // @Failure 401 {object} util.ErrorResponse
 // @Failure 403 {object} util.ErrorResponse
@@ -715,7 +715,7 @@ func (ac *AccountsController) DeleteAccount(w http.ResponseWriter, r *http.Reque
 // @Tags Accounts
 // @Produce json
 // @Param Authorization header string true "Bearer + auth token"
-// @Param Brave-Key header string false "Brave services key (if one is configured)"
+// @Param BraveServiceKey header string false "Brave services key (if one is configured)"
 // @Success 200 {object} datastore.TwoFADetails
 // @Failure 401 {object} util.ErrorResponse
 // @Failure 500 {object} util.ErrorResponse
@@ -738,7 +738,7 @@ func (ac *AccountsController) GetTwoFASettings(w http.ResponseWriter, r *http.Re
 // @Tags Accounts
 // @Produce json
 // @Param Authorization header string true "Bearer + auth token"
-// @Param Brave-Key header string false "Brave services key (if one is configured)"
+// @Param BraveServiceKey header string false "Brave services key (if one is configured)"
 // @Success 204 "No Content"
 // @Failure 401 {object} util.ErrorResponse
 // @Failure 500 {object} util.ErrorResponse
@@ -760,7 +760,7 @@ func (ac *AccountsController) DisableTOTP(w http.ResponseWriter, r *http.Request
 // @Tags Accounts
 // @Produce json
 // @Param Authorization header string true "Bearer + auth token"
-// @Param Brave-Key header string false "Brave services key (if one is configured)"
+// @Param BraveServiceKey header string false "Brave services key (if one is configured)"
 // @Success 200 {object} RecoveryKeyResponse
 // @Failure 401 {object} util.ErrorResponse
 // @Failure 500 {object} util.ErrorResponse
@@ -786,7 +786,7 @@ func (ac *AccountsController) RegenerateRecoveryKey(w http.ResponseWriter, r *ht
 // @Tags Accounts
 // @Produce json
 // @Param Authorization header string true "Bearer + auth token"
-// @Param Brave-Key header string false "Brave services key (if one is configured)"
+// @Param BraveServiceKey header string false "Brave services key (if one is configured)"
 // @Success 204 "No Content"
 // @Failure 401 {object} util.ErrorResponse
 // @Failure 500 {object} util.ErrorResponse

controllers/auth.go

@@ -232,7 +232,7 @@ func (ac *AuthController) Router(authMiddleware func(http.Handler) http.Handler,
 // @Tags Auth
 // @Produce json
 // @Param Authorization header string true "Bearer + auth token"
-// @Param Brave-Key header string false "Brave services key (if one is configured)"
+// @Param BraveServiceKey header string false "Brave services key (if one is configured)"
 // @Success 200 {object} ValidateTokenResponse
 // @Failure 401 {object} util.ErrorResponse
 // @Failure 403 {object} util.ErrorResponse
@@ -272,7 +272,7 @@ func (ac *AuthController) Validate(w http.ResponseWriter, r *http.Request) {
 // @Accept json
 // @Produce json
 // @Param request body LoginInitRequest true "login init request"
-// @Param Brave-Key header string false "Brave services key (if one is configured)"
+// @Param BraveServiceKey header string false "Brave services key (if one is configured)"
 // @Success 200 {object} LoginInitResponse
 // @Failure 400 {object} util.ErrorResponse
 // @Failure 401 {object} util.ErrorResponse
@@ -366,7 +366,7 @@ func (ac *AuthController) createSessionAndToken(accountID uuid.UUID, userAgent s
 // @Accept json
 // @Produce json
 // @Param Authorization header string true "Bearer + login state token"
-// @Param Brave-Key header string false "Brave services key (if one is configured)"
+// @Param BraveServiceKey header string false "Brave services key (if one is configured)"
 // @Param request body LoginFinalizeRequest true "login finalize request"
 // @Success 200 {object} LoginFinalizeResponse
 // @Failure 400 {object} util.ErrorResponse
@@ -443,7 +443,7 @@ func (ac *AuthController) LoginFinalize(w http.ResponseWriter, r *http.Request)
 // @Accept json
 // @Produce json
 // @Param Authorization header string true "Bearer + login state token"
-// @Param Brave-Key header string false "Brave services key (if one is configured)"
+// @Param BraveServiceKey header string false "Brave services key (if one is configured)"
 // @Param request body services.TwoFAAuthRequest true "2FA verification request"
 // @Success 200 {object} LoginFinalize2FAResponse
 // @Failure 400 {object} util.ErrorResponse
@@ -555,7 +555,7 @@ func (ac *AuthController) CreateServiceToken(w http.ResponseWriter, r *http.Requ
 // @Description Logs out the current session by deleting it
 // @Tags Auth
 // @Param Authorization header string true "Bearer + auth token"
-// @Param Brave-Key header string false "Brave services key (if one is configured)"
+// @Param BraveServiceKey header string false "Brave services key (if one is configured)"
 // @Success 204 "No Content"
 // @Failure 401 {object} util.ErrorResponse
 // @Failure 500 {object} util.ErrorResponse

controllers/sessions.go

@@ -27,7 +27,7 @@ func NewSessionsController(datastore *datastore.Datastore) *SessionsController {
 // @Tags Sessions
 // @Produce json
 // @Param Authorization header string true "Bearer + auth token"
-// @Param Brave-Key header string false "Brave services key (if one is configured)"
+// @Param BraveServiceKey header string false "Brave services key (if one is configured)"
 // @Success 200 {array} datastore.Session
 // @Failure 401 {object} util.ErrorResponse
 // @Failure 500 {object} util.ErrorResponse
@@ -49,7 +49,7 @@ func (sc *SessionsController) ListSessions(w http.ResponseWriter, r *http.Reques
 // @Description Deletes a specific session by ID
 // @Tags Sessions
 // @Param Authorization header string true "Bearer + auth token"
-// @Param Brave-Key header string false "Brave services key (if one is configured)"
+// @Param BraveServiceKey header string false "Brave services key (if one is configured)"
 // @Param id path string true "Session ID (UUID)"
 // @Success 204 "No Content"
 // @Failure 400 {object} util.ErrorResponse

controllers/user_keys.go

@@ -96,7 +96,7 @@ func (uc *UserKeysController) Router(authMiddleware func(http.Handler) http.Hand
 // @Accept json
 // @Produce json
 // @Param Authorization header string true "Bearer + auth token"
-// @Param Brave-Key header string false "Brave services key (if one is configured)"
+// @Param BraveServiceKey header string false "Brave services key (if one is configured)"
 // @Success 200 {array} UserKey
 // @Failure 401 {object} util.ErrorResponse
 // @Failure 403 {object} util.ErrorResponse
@@ -125,7 +125,7 @@ func (uc *UserKeysController) ListKeys(w http.ResponseWriter, r *http.Request) {
 // @Accept json
 // @Produce json
 // @Param Authorization header string true "Bearer + auth token"
-// @Param Brave-Key header string false "Brave services key (if one is configured)"
+// @Param BraveServiceKey header string false "Brave services key (if one is configured)"
 // @Param service path string true "Service name"
 // @Param keyName path string true "Key name"
 // @Success 200 {object} UserKey
@@ -158,7 +158,7 @@ func (uc *UserKeysController) GetKey(w http.ResponseWriter, r *http.Request) {
 // @Accept json
 // @Produce json
 // @Param Authorization header string true "Bearer + auth token"
-// @Param Brave-Key header string false "Brave services key (if one is configured)"
+// @Param BraveServiceKey header string false "Brave services key (if one is configured)"
 // @Param key body UserKeyStoreRequest true "Key to save"
 // @Success 204 "Key saved"
 // @Failure 400 {object} util.ErrorResponse

controllers/verification.go

@@ -128,7 +128,7 @@ func (vc *VerificationController) Router(verificationAuthMiddleware func(http.Ha
 // @Accept json
 // @Produce json
 // @Param Authorization header string false "Bearer + auth token (required for change_password intent)"
-// @Param Brave-Key header string false "Brave services key (if one is configured)"
+// @Param BraveServiceKey header string false "Brave services key (if one is configured)"
 // @Param request body VerifyInitRequest true "Verification request params"
 // @Success 200 {object} VerifyInitResponse
 // @Failure 400 {object} util.ErrorResponse
@@ -301,7 +301,7 @@ func (vc *VerificationController) VerifyComplete(w http.ResponseWriter, r *http.
 // @Accept json
 // @Produce json
 // @Param Authorization header string true "Bearer + verification token"
-// @Param Brave-Key header string false "Brave services key (if one is configured)"
+// @Param BraveServiceKey header string false "Brave services key (if one is configured)"
 // @Param request body VerifyResultRequest true "Auth token request params"
 // @Success 200 {object} VerifyResultResponse
 // @Failure 400 {object} util.ErrorResponse

middleware/auth.go

@@ -22,7 +22,7 @@ const (
 	ContextVerification       = contextKey("verification")
 
 	braveServicesKeyEnv    = "BRAVE_SERVICES_KEY"
-	braveServicesKeyHeader = "brave-key"
+	braveServicesKeyHeader = "braveservicekey"
 )
 
 func AuthMiddleware(jwtService *services.JWTService, ds *datastore.Datastore, minSessionVersion int, enforceAccountsServiceName bool, required bool) func(http.Handler) http.Handler {

middleware/auth_test.go

@@ -152,13 +152,13 @@ func (suite *MiddlewareTestSuite) TestServicesKeyMiddleware() {
 
 	// Test valid key
 	req := httptest.NewRequest("GET", "/", nil)
-	req.Header.Set("brave-key", testKey)
+	req.Header.Set("braveservicekey", testKey)
 	resp := util.ExecuteTestRequest(req, mw(handler))
 	suite.Equal(http.StatusOK, resp.Code)
 
 	// Test invalid key
 	req = httptest.NewRequest("GET", "/", nil)
-	req.Header.Set("brave-key", "wrong-key")
+	req.Header.Set("braveservicekey", "wrong-key")
 	resp = util.ExecuteTestRequest(req, mw(handler))
 	suite.Equal(http.StatusUnauthorized, resp.Code)
 
@@ -173,13 +173,13 @@ func (suite *MiddlewareTestSuite) TestServicesKeyMiddleware() {
 
 	// Test first valid key
 	req = httptest.NewRequest("GET", "/", nil)
-	req.Header.Set("brave-key", "test-key1")
+	req.Header.Set("braveservicekey", "test-key1")
 	resp = util.ExecuteTestRequest(req, mw(handler))
 	suite.Equal(http.StatusOK, resp.Code)
 
 	// Test second valid key
 	req = httptest.NewRequest("GET", "/", nil)
-	req.Header.Set("brave-key", "test-key2")
+	req.Header.Set("braveservicekey", "test-key2")
 	resp = util.ExecuteTestRequest(req, mw(handler))
 	suite.Equal(http.StatusOK, resp.Code)
 

misc/test-client-rust/src/util.rs

@@ -34,7 +34,7 @@ pub fn make_request(
         request_builder = request_builder.header("Authorization", format!("Bearer {token}"));
     }
     if let Some(key) = args.services_key.as_ref() {
-        request_builder = request_builder.header("brave-key", key)
+        request_builder = request_builder.header("braveservicekey", key)
     }
 
     let response = request_builder.send().expect("Failed to send request");