Merge #269

269: Changes related to the next Meilisearch release (v0.26.0) r=alallema a=meili-bot

Related to this issue: meilisearch/integration-guides#181

This PR:
- gathers the changes related to the next Meilisearch release (v0.26.0) so that this package is ready when the official release is out.
- should pass the tests against the [latest pre-release of Meilisearch](https://github.com/meilisearch/meilisearch/releases).
- might eventually contain test failures until the Meilisearch v0.26.0 is out.

⚠️ This PR should NOT be merged until the next release of Meilisearch (v0.26.0) is out.

_This PR is auto-generated for the [pre-release week](https://github.com/meilisearch/integration-guides/blob/master/guides/pre-release-week.md) purpose._

Done:
- #271 
- #275 
- #276

Co-authored-by: meili-bot <[email protected]>
Co-authored-by: bors[bot] <26634292+bors[bot]@users.noreply.github.com>
Co-authored-by: alallema <[email protected]>
Co-authored-by: Amélie <[email protected]>

Author: 3 people

.code-samples.meilisearch.yaml

@@ -583,3 +583,21 @@ authorization_header_1: |-
     ApiKey: "masterKey",
   })
   client.GetKeys();
+tenant_token_guide_generate_sdk_1: |-
+  searchRules := map[string]interface{}{
+    "patient_medical_records": map[string]string{
+      "filter": "user_id = 1",
+    },
+  }
+  options := &meilisearch.TenantTokenOptions{
+    APIKey: "B5KdX2MY2jV6EXfUs6scSfmC...",
+    ExpiresAt: time.Date(2025, time.December, 20, 0, 0, 0, 0, time.UTC),
+  }
+
+  token, err := client.GenerateTenantToken(searchRules, options);
+tenant_token_guide_search_sdk_1: |-
+  frontEndClient := meilisearch.NewClient(meilisearch.ClientConfig{
+    Host: "http://127.0.0.1:7700",
+    APIKey: token,
+  })
+  frontEndClient.Index("patient_medical_records").Search("blood test", &meilisearch.SearchRequest{});

.github/workflows/pre-release-tests.yml

@@ -40,6 +40,6 @@ jobs:
     - name: Get the latest Meilisearch RC
       run: echo "MEILISEARCH_VERSION=$(curl https://raw.githubusercontent.com/meilisearch/integration-guides/main/scripts/get-latest-meilisearch-rc.sh | bash)" >> $GITHUB_ENV
     - name: Meilisearch (${{ env.MEILISEARCH_VERSION }}) setup with Docker
-      run: docker run -d -p 7700:7700 getmeili/meilisearch:${{ env.MEILISEARCH_VERSION }} ./meilisearch --master-key=masterKey --no-analytics=true
+      run: docker run -d -p 7700:7700 getmeili/meilisearch:${{ env.MEILISEARCH_VERSION }} ./meilisearch --master-key=masterKey --no-analytics
     - name: Run integration tests
       run: go test -v ./...

.github/workflows/tests.yml

@@ -59,6 +59,6 @@ jobs:
           dep ensure
         fi
     - name: Meilisearch setup (latest version) with Docker
-      run: docker run -d -p 7700:7700 getmeili/meilisearch:latest ./meilisearch --master-key=masterKey --no-analytics=true
+      run: docker run -d -p 7700:7700 getmeili/meilisearch:latest ./meilisearch --master-key=masterKey --no-analytics
     - name: Run integration tests
       run: go test -v ./...

CONTRIBUTING.md

@@ -39,7 +39,7 @@ Each PR should pass the tests and the linter to be accepted.
 ```bash
 # Tests
 curl -L https://install.meilisearch.com | sh # download Meilisearch
-./meilisearch --master-key=masterKey --no-analytics=true # run Meilisearch
+./meilisearch --master-key=masterKey --no-analytics # run Meilisearch
 go clean -cache ; go test -v ./...
 # Use golangci-lint
 docker run --rm -v $(pwd):/app -w /app golangci/golangci-lint:v1.42.0 golangci-lint run -v

README.md

@@ -227,7 +227,7 @@ searchRes, err := index.Search("wonder",
 
 ## 🤖 Compatibility with Meilisearch
 
-This package only guarantees the compatibility with the [version v0.25.0 of Meilisearch](https://github.com/meilisearch/meilisearch/releases/tag/v0.25.0).
+This package only guarantees the compatibility with the [version v0.26.0 of Meilisearch](https://github.com/meilisearch/meilisearch/releases/tag/v0.26.0).
 
 ## 💡 Learn More
 

client.go

@@ -2,10 +2,12 @@ package meilisearch
 
 import (
 	"context"
+	"fmt"
 	"net/http"
 	"strconv"
 	"time"
 
+	"github.com/golang-jwt/jwt"
 	"github.com/valyala/fasthttp"
 )
 
@@ -52,6 +54,7 @@ type ClientInterface interface {
 	GetTask(taskID int64) (resp *Task, err error)
 	GetTasks() (resp *ResultTask, err error)
 	WaitForTask(task *Task, options ...WaitParams) (*Task, error)
+	GenerateTenantToken(searchRules map[string]interface{}, options *TenantTokenOptions) (resp string, err error)
 }
 
 var _ ClientInterface = &Client{}
@@ -284,7 +287,8 @@ func (c *Client) GetTasks() (resp *ResultTask, err error) {
 	return resp, nil
 }
 
-// WaitForTask waits for a task to be processed.
+// WaitForTask waits for a task to be processed
+//
 // The function will check by regular interval provided in parameter interval
 // the TaskStatus.
 // If no ctx and interval are provided WaitForTask will check each 50ms the
@@ -315,7 +319,54 @@ func (c *Client) WaitForTask(task *Task, options ...WaitParams) (*Task, error) {
 	}
 }
 
-// This function allows the user to create a Key with an ExpiredAt in time.Time
+// Generate a JWT token for the use of multitenancy
+//
+// SearchRules parameters is mandatory and should contains the rules to be enforced at search time for all or specific
+// accessible indexes for the signing API Key.
+// ExpiresAt options is a time.Time when the key will expire. Note that if an ExpiresAt value is included it should be in UTC time.
+// ApiKey options is the API key parent of the token. If you leave it empty the client API Key will be used.
+func (c *Client) GenerateTenantToken(SearchRules map[string]interface{}, Options *TenantTokenOptions) (resp string, err error) {
+	// Validate the arguments
+	if SearchRules == nil {
+		return "", fmt.Errorf("GenerateTenantToken: The search rules added in the token generation must be of type array or object")
+	}
+	if (Options == nil || Options.APIKey == "") && c.config.APIKey == "" {
+		return "", fmt.Errorf("GenerateTenantToken: The API key used for the token generation must exist and be a valid Meilisearch key")
+	}
+	if Options != nil && !Options.ExpiresAt.IsZero() && Options.ExpiresAt.Before(time.Now()) {
+		return "", fmt.Errorf("GenerateTenantToken: When the expiresAt field in the token generation has a value, it must be a date set in the future")
+	}
+
+	var secret string
+	if Options == nil || Options.APIKey == "" {
+		secret = c.config.APIKey
+	} else {
+		secret = Options.APIKey
+	}
+
+	// For HMAC signing method, the key should be any []byte
+	hmacSampleSecret := []byte(secret)
+
+	// Create the claims
+	claims := TenantTokenClaims{}
+	if Options != nil && !Options.ExpiresAt.IsZero() {
+		claims.StandardClaims = jwt.StandardClaims{
+			ExpiresAt: Options.ExpiresAt.Unix(),
+		}
+	}
+	claims.APIKeyPrefix = secret[:8]
+	claims.SearchRules = SearchRules
+
+	// Create a new token object, specifying signing method and the claims
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+
+	// Sign and get the complete encoded token as a string using the secret
+	tokenString, err := token.SignedString(hmacSampleSecret)
+
+	return tokenString, err
+}
+
+// This function allows the user to create a Key with an ExpiresAt in time.Time
 // and transform the Key structure into a KeyParsed structure to send the time format
 // managed by Meilisearch
 func convertKeyToParsedKey(key Key) (resp KeyParsed) {

client_test.go

@@ -441,11 +441,10 @@ func TestClient_DeleteKey(t *testing.T) {
 
 func TestClient_Health(t *testing.T) {
 	tests := []struct {
-		name          string
-		client        *Client
-		wantResp      *Health
-		wantErr       bool
-		expectedError Error
+		name     string
+		client   *Client
+		wantResp *Health
+		wantErr  bool
 	}{
 		{
 			name:   "TestHealth",
@@ -891,3 +890,196 @@ func TestClient_WaitForTaskWithContext(t *testing.T) {
 		})
 	}
 }
+
+func TestClient_GenerateTenantToken(t *testing.T) {
+	type args struct {
+		UID         string
+		client      *Client
+		searchRules map[string]interface{}
+		options     *TenantTokenOptions
+		filter      []string
+	}
+	tests := []struct {
+		name       string
+		args       args
+		wantErr    bool
+		wantFilter bool
+	}{
+		{
+			name: "TestDefaultGenerateTenantToken",
+			args: args{
+				UID:    "TestDefaultGenerateTenantToken",
+				client: privateClient,
+				searchRules: map[string]interface{}{
+					"*": map[string]string{},
+				},
+				options: nil,
+				filter:  nil,
+			},
+			wantErr:    false,
+			wantFilter: false,
+		},
+		{
+			name: "TestGenerateTenantTokenWithApiKey",
+			args: args{
+				UID:    "TestGenerateTenantTokenWithApiKey",
+				client: defaultClient,
+				searchRules: map[string]interface{}{
+					"*": map[string]string{},
+				},
+				options: &TenantTokenOptions{
+					APIKey: GetPrivateKey(),
+				},
+				filter: nil,
+			},
+			wantErr:    false,
+			wantFilter: false,
+		},
+		{
+			name: "TestGenerateTenantTokenWithOnlyExpiresAt",
+			args: args{
+				UID:    "TestGenerateTenantTokenWithOnlyExpiresAt",
+				client: privateClient,
+				searchRules: map[string]interface{}{
+					"*": map[string]string{},
+				},
+				options: &TenantTokenOptions{
+					ExpiresAt: time.Now().Add(time.Hour * 10),
+				},
+				filter: nil,
+			},
+			wantErr:    false,
+			wantFilter: false,
+		},
+		{
+			name: "TestGenerateTenantTokenWithApiKeyAndExpiresAt",
+			args: args{
+				UID:    "TestGenerateTenantTokenWithApiKeyAndExpiresAt",
+				client: defaultClient,
+				searchRules: map[string]interface{}{
+					"*": map[string]string{},
+				},
+				options: &TenantTokenOptions{
+					APIKey:    GetPrivateKey(),
+					ExpiresAt: time.Now().Add(time.Hour * 10),
+				},
+				filter: nil,
+			},
+			wantErr:    false,
+			wantFilter: false,
+		},
+		{
+			name: "TestGenerateTenantTokenWithFilters",
+			args: args{
+				UID:    "indexUID",
+				client: privateClient,
+				searchRules: map[string]interface{}{
+					"*": map[string]string{
+						"filter": "book_id > 1000",
+					},
+				},
+				options: nil,
+				filter: []string{
+					"book_id",
+				},
+			},
+			wantErr:    false,
+			wantFilter: true,
+		},
+		{
+			name: "TestGenerateTenantTokenWithFilterOnOneINdex",
+			args: args{
+				UID:    "indexUID",
+				client: privateClient,
+				searchRules: map[string]interface{}{
+					"indexUID": map[string]string{
+						"filter": "year > 2000",
+					},
+				},
+				options: nil,
+				filter: []string{
+					"year",
+				},
+			},
+			wantErr:    false,
+			wantFilter: true,
+		},
+		{
+			name: "TestGenerateTenantTokenWithoutSearchRules",
+			args: args{
+				UID:         "TestGenerateTenantTokenWithoutSearchRules",
+				client:      privateClient,
+				searchRules: nil,
+				options:     nil,
+				filter:      nil,
+			},
+			wantErr:    true,
+			wantFilter: false,
+		},
+		{
+			name: "TestGenerateTenantTokenWithoutApiKey",
+			args: args{
+				UID: "TestGenerateTenantTokenWithoutApiKey",
+				client: NewClient(ClientConfig{
+					Host:   "http://localhost:7700",
+					APIKey: "",
+				}),
+				searchRules: map[string]interface{}{
+					"*": map[string]string{},
+				},
+				options: nil,
+				filter:  nil,
+			},
+			wantErr:    true,
+			wantFilter: false,
+		},
+		{
+			name: "TestGenerateTenantTokenWithBadExpiresAt",
+			args: args{
+				UID:    "TestGenerateTenantTokenWithBadExpiresAt",
+				client: defaultClient,
+				searchRules: map[string]interface{}{
+					"*": map[string]string{},
+				},
+				options: &TenantTokenOptions{
+					ExpiresAt: time.Now().Add(-time.Hour * 10),
+				},
+				filter: nil,
+			},
+			wantErr:    true,
+			wantFilter: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			c := tt.args.client
+			t.Cleanup(cleanup(c))
+
+			token, err := c.GenerateTenantToken(tt.args.searchRules, tt.args.options)
+
+			if tt.wantErr {
+				require.Error(t, err)
+			} else {
+				require.NoError(t, err)
+
+				if tt.wantFilter {
+					gotTask, err := c.Index(tt.args.UID).UpdateFilterableAttributes(&tt.args.filter)
+					require.NoError(t, err, "UpdateFilterableAttributes() in TestGenerateTenantToken error should be nil")
+					testWaitForTask(t, c.Index(tt.args.UID), gotTask)
+				} else {
+					_, err := SetUpEmptyIndex(&IndexConfig{Uid: tt.args.UID})
+					require.NoError(t, err, "CreateIndex() in TestGenerateTenantToken error should be nil")
+				}
+
+				client := NewClient(ClientConfig{
+					Host:   "http://localhost:7700",
+					APIKey: token,
+				})
+
+				_, err = client.Index(tt.args.UID).Search("", &SearchRequest{})
+
+				require.NoError(t, err)
+			}
+		})
+	}
+}

go.mod

@@ -3,6 +3,7 @@ module github.com/meilisearch/meilisearch-go
 go 1.16
 
 require (
+	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
 	github.com/mailru/easyjson v0.7.7
 	github.com/pkg/errors v0.9.1
 	github.com/stretchr/testify v1.7.0

go.sum

@@ -2,6 +2,8 @@ github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY
 github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
 github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
+github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/klauspost/compress v1.15.0 h1:xqfchp4whNFxn5A4XFyyYtitiWI8Hy5EW59jEwcyL6U=