Skip to content

Releases: rameerez/api_keys

v0.3.0

09 Feb 05:08
@rameerez rameerez
v0.3.0
5836738

Choose a tag to compare

View all tags
v0.3.0 Latest
Latest

Highlights

Major release adding Stripe-style key types with permission ceilings, environment isolation (test/live), and a security fix for scope enforcement.

New Features

  • Stripe-style key types โ€” publishable (pk_*) and secret (sk_*) keys with per-type permission ceilings
  • Environment isolation โ€” test/live key prefixes (pk_test_, sk_live_) with strict environment enforcement
  • Public key token storage โ€” non-revocable publishable keys can be viewed again in the dashboard
  • Headless helpers โ€” for apps with custom dashboard integrations
  • Usage analytics scopes โ€” admin dashboard query helpers

Fixes

  • Fix PostgreSQL FOR UPDATE with COUNT aggregate error
  • Security: Fix blank scopes bypass in key_types mode โ€” empty scopes no longer grant unrestricted access when permission ceilings are configured

What's Changed

  • Ensure comprehensive testing and production readiness by @rameerez in #5
  • Add Stripe-style key types and environments (publishable/secret keys with test/live isolation) by @rameerez in #6
  • Fix PostgreSQL FOR UPDATE with COUNT aggregate error by @rameerez in #7
  • Add public key token storage for non-revocable publishable keys by @rameerez in #8
  • Add headless helpers for custom dashboard integrations by @rameerez in #9
  • Add usage analytics scopes for admin dashboards by @rameerez in #10
  • Fix blank scopes bypass in key_types mode by @rameerez in #11

Full Changelog: v0.2.1...v0.3.0

Contributors

rameerez
Assets 2
Loading

v0.2.1

04 Aug 22:33
@rameerez rameerez
v0.2.1
d9a4f83
This commit was created on GitHub.com and signed with GitHubโ€™s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.2.1

#4 Fixes a production error that was caused by SecurityController referencing a non-existent callback :authenticate_api_keys_user! instead of the correct :authenticate_api_keys_owner! defined in ApplicationController

For searchability, the verbatim error was:

Before `process_action` callback `:authenticate_api_keys_user!` has not been defined
Loading

User-agnostic API key owner

03 Jun 18:31
@rameerez rameerez
v0.2.0
7afbc20

Choose a tag to compare

View all tags
User-agnostic API key owner
  • Make gem owner-agnostic: API keys can now belong to any model (User, Organization, Team, etc.)
  • Add flexible dashboard configuration for custom owner models
  • Add support for multi-tenant and team-based API key ownership
  • Improve documentation with common ownership scenarios
  • Add configuration options for current_owner_method and authenticate_owner_method
Loading

๐ŸŽ‰ Initial release!

30 Apr 16:52
@rameerez rameerez
v0.1.0
b4e4c5f

Choose a tag to compare

View all tags
๐ŸŽ‰ Initial release!

Initial release:

  • Issue new keys
  • Secure store of hashed digest
  • Sensible, secure defaults
  • Self-serve dashboard mountable via Rails engine
  • Revoke keys, expire tokens, etc.
Loading