2025-01-13 18:51:26 +00:00
|
|
|
using AIStudio.Tools.Rust;
|
|
|
|
|
|
2025-02-15 14:41:12 +00:00
|
|
|
namespace AIStudio.Tools.Services;
|
2025-01-13 18:51:26 +00:00
|
|
|
|
|
|
|
|
public sealed partial class RustService
|
|
|
|
|
{
|
2026-06-20 13:55:09 +00:00
|
|
|
private const string SELF_HOSTED_SECRET_ID = "Self-hosted";
|
|
|
|
|
|
|
|
|
|
// Temporary compatibility shim until 2026-12-19:
|
|
|
|
|
// documentation/compatibility-shims/2026-06-self-hosted-secret-id.md
|
|
|
|
|
private const string LEGACY_SELF_HOSTED_SECRET_ID_DE = "Selbst gehostet";
|
|
|
|
|
|
|
|
|
|
private static string APIKey(SecretStoreType storeType, ISecretId secretId) => $"{storeType.Prefix()}::{secretId.SecretId}::{secretId.SecretName}::api_key";
|
|
|
|
|
|
|
|
|
|
private static IEnumerable<string> LegacySelfHostedAPIKeys(ISecretId secretId, SecretStoreType storeType)
|
|
|
|
|
{
|
|
|
|
|
if (secretId.SecretId == SELF_HOSTED_SECRET_ID)
|
|
|
|
|
yield return $"{storeType.Prefix()}::{LEGACY_SELF_HOSTED_SECRET_ID_DE}::{secretId.SecretName}::api_key";
|
|
|
|
|
|
|
|
|
|
if (secretId.SecretId == $"{ISecretId.ENTERPRISE_KEY_PREFIX}::{SELF_HOSTED_SECRET_ID}")
|
|
|
|
|
yield return $"{storeType.Prefix()}::{ISecretId.ENTERPRISE_KEY_PREFIX}::{LEGACY_SELF_HOSTED_SECRET_ID_DE}::{secretId.SecretName}::api_key";
|
|
|
|
|
}
|
|
|
|
|
|
2025-01-13 18:51:26 +00:00
|
|
|
/// <summary>
|
|
|
|
|
/// Try to get the API key for the given secret ID.
|
|
|
|
|
/// </summary>
|
|
|
|
|
/// <param name="secretId">The secret ID to get the API key for.</param>
|
|
|
|
|
/// <param name="isTrying">Indicates if we are trying to get the API key. In that case, we don't log errors.</param>
|
2026-01-11 15:02:28 +00:00
|
|
|
/// <param name="storeType">The secret store type. Defaults to LLM_PROVIDER for backward compatibility.</param>
|
2025-01-13 18:51:26 +00:00
|
|
|
/// <returns>The requested secret.</returns>
|
2026-01-11 15:02:28 +00:00
|
|
|
public async Task<RequestedSecret> GetAPIKey(ISecretId secretId, SecretStoreType storeType, bool isTrying = false)
|
2025-01-13 18:51:26 +00:00
|
|
|
{
|
2026-06-20 13:55:09 +00:00
|
|
|
var secretKey = APIKey(storeType, secretId);
|
|
|
|
|
var legacySecretKeys = LegacySelfHostedAPIKeys(secretId, storeType).ToList();
|
|
|
|
|
var secret = await this.GetAPIKeyByKey(secretKey, isTrying || legacySecretKeys.Count > 0);
|
|
|
|
|
if (secret.Success)
|
|
|
|
|
{
|
|
|
|
|
foreach (var legacySecretKey in legacySecretKeys)
|
|
|
|
|
await this.DeleteAPIKeyByKey(legacySecretKey, isTrying: true);
|
|
|
|
|
|
|
|
|
|
return secret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
foreach (var legacySecretKey in legacySecretKeys)
|
|
|
|
|
{
|
|
|
|
|
var legacySecret = await this.GetAPIKeyByKey(legacySecretKey, isTrying: true);
|
|
|
|
|
if (!legacySecret.Success)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
this.logger!.LogInformation($"Migrating legacy self-hosted API key namespace '{legacySecretKey}' to '{secretKey}'.");
|
|
|
|
|
var migrationResult = await this.StoreEncryptedAPIKeyByKey(secretKey, legacySecret.Secret);
|
|
|
|
|
if (migrationResult.Success)
|
|
|
|
|
await this.DeleteAPIKeyByKey(legacySecretKey, isTrying: true);
|
|
|
|
|
else
|
|
|
|
|
this.logger!.LogWarning($"Failed to migrate legacy self-hosted API key namespace '{legacySecretKey}' to '{secretKey}': '{migrationResult.Issue}'");
|
|
|
|
|
|
|
|
|
|
return legacySecret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!isTrying)
|
|
|
|
|
this.logger!.LogError($"Failed to get the API key for '{secretKey}': '{secret.Issue}'");
|
|
|
|
|
|
|
|
|
|
return secret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private async Task<RequestedSecret> GetAPIKeyByKey(string secretKey, bool isTrying)
|
|
|
|
|
{
|
|
|
|
|
var secretRequest = new SelectSecretRequest(secretKey, Environment.UserName, isTrying);
|
2025-01-13 18:51:26 +00:00
|
|
|
var result = await this.http.PostAsJsonAsync("/secrets/get", secretRequest, this.jsonRustSerializerOptions);
|
|
|
|
|
if (!result.IsSuccessStatusCode)
|
|
|
|
|
{
|
|
|
|
|
if(!isTrying)
|
2026-06-20 13:55:09 +00:00
|
|
|
this.logger!.LogError($"Failed to get the API key for '{secretKey}' due to an API issue: '{result.StatusCode}'");
|
2025-05-04 12:59:30 +00:00
|
|
|
return new RequestedSecret(false, new EncryptedText(string.Empty), TB("Failed to get the API key due to an API issue."));
|
2025-01-13 18:51:26 +00:00
|
|
|
}
|
2026-01-11 15:02:28 +00:00
|
|
|
|
2025-01-13 18:51:26 +00:00
|
|
|
var secret = await result.Content.ReadFromJsonAsync<RequestedSecret>(this.jsonRustSerializerOptions);
|
2026-02-22 14:09:51 +00:00
|
|
|
if (secret.Success)
|
2026-06-20 13:55:09 +00:00
|
|
|
this.logger!.LogDebug($"Successfully retrieved the API key for '{secretKey}'.");
|
2026-02-22 14:09:51 +00:00
|
|
|
else if (isTrying)
|
2026-06-20 13:55:09 +00:00
|
|
|
this.logger!.LogDebug($"No API key configured for '{secretKey}' (try mode): '{secret.Issue}'");
|
2026-02-22 14:09:51 +00:00
|
|
|
|
2025-01-13 18:51:26 +00:00
|
|
|
return secret;
|
|
|
|
|
}
|
2026-01-11 15:02:28 +00:00
|
|
|
|
2025-01-13 18:51:26 +00:00
|
|
|
/// <summary>
|
|
|
|
|
/// Try to store the API key for the given secret ID.
|
|
|
|
|
/// </summary>
|
|
|
|
|
/// <param name="secretId">The secret ID to store the API key for.</param>
|
|
|
|
|
/// <param name="key">The API key to store.</param>
|
2026-01-11 15:02:28 +00:00
|
|
|
/// <param name="storeType">The secret store type. Defaults to LLM_PROVIDER for backward compatibility.</param>
|
2025-01-13 18:51:26 +00:00
|
|
|
/// <returns>The store secret response.</returns>
|
2026-01-11 15:02:28 +00:00
|
|
|
public async Task<StoreSecretResponse> SetAPIKey(ISecretId secretId, string key, SecretStoreType storeType)
|
2025-01-13 18:51:26 +00:00
|
|
|
{
|
|
|
|
|
var encryptedKey = await this.encryptor!.Encrypt(key);
|
2026-06-20 13:55:09 +00:00
|
|
|
var secretKey = APIKey(storeType, secretId);
|
|
|
|
|
var state = await this.StoreEncryptedAPIKeyByKey(secretKey, encryptedKey);
|
|
|
|
|
if (state.Success)
|
|
|
|
|
{
|
|
|
|
|
foreach (var legacySecretKey in LegacySelfHostedAPIKeys(secretId, storeType))
|
|
|
|
|
await this.DeleteAPIKeyByKey(legacySecretKey, isTrying: true);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return state;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private async Task<StoreSecretResponse> StoreEncryptedAPIKeyByKey(string secretKey, EncryptedText encryptedKey)
|
|
|
|
|
{
|
|
|
|
|
var request = new StoreSecretRequest(secretKey, Environment.UserName, encryptedKey);
|
2025-01-13 18:51:26 +00:00
|
|
|
var result = await this.http.PostAsJsonAsync("/secrets/store", request, this.jsonRustSerializerOptions);
|
|
|
|
|
if (!result.IsSuccessStatusCode)
|
|
|
|
|
{
|
2026-06-20 13:55:09 +00:00
|
|
|
this.logger!.LogError($"Failed to store the API key for '{secretKey}' due to an API issue: '{result.StatusCode}'");
|
|
|
|
|
return new StoreSecretResponse(false, TB("Failed to store the API key due to an API issue."));
|
2025-01-13 18:51:26 +00:00
|
|
|
}
|
2026-01-11 15:02:28 +00:00
|
|
|
|
2025-01-13 18:51:26 +00:00
|
|
|
var state = await result.Content.ReadFromJsonAsync<StoreSecretResponse>(this.jsonRustSerializerOptions);
|
|
|
|
|
if (!state.Success)
|
2026-06-20 13:55:09 +00:00
|
|
|
this.logger!.LogError($"Failed to store the API key for '{secretKey}': '{state.Issue}'");
|
|
|
|
|
else
|
|
|
|
|
this.logger!.LogDebug($"Successfully stored the API key for '{secretKey}'.");
|
2026-01-11 15:02:28 +00:00
|
|
|
|
2025-01-13 18:51:26 +00:00
|
|
|
return state;
|
|
|
|
|
}
|
2026-01-11 15:02:28 +00:00
|
|
|
|
2025-01-13 18:51:26 +00:00
|
|
|
/// <summary>
|
|
|
|
|
/// Tries to delete the API key for the given secret ID.
|
|
|
|
|
/// </summary>
|
|
|
|
|
/// <param name="secretId">The secret ID to delete the API key for.</param>
|
2026-01-11 15:02:28 +00:00
|
|
|
/// <param name="storeType">The secret store type. Defaults to LLM_PROVIDER for backward compatibility.</param>
|
2025-01-13 18:51:26 +00:00
|
|
|
/// <returns>The delete secret response.</returns>
|
2026-01-11 15:02:28 +00:00
|
|
|
public async Task<DeleteSecretResponse> DeleteAPIKey(ISecretId secretId, SecretStoreType storeType)
|
2025-01-13 18:51:26 +00:00
|
|
|
{
|
2026-06-20 13:55:09 +00:00
|
|
|
var deleteResult = await this.DeleteAPIKeyByKey(APIKey(storeType, secretId));
|
|
|
|
|
if (!deleteResult.Success)
|
|
|
|
|
return deleteResult;
|
|
|
|
|
|
|
|
|
|
foreach (var legacySecretKey in LegacySelfHostedAPIKeys(secretId, storeType))
|
|
|
|
|
{
|
|
|
|
|
var legacyDeleteResult = await this.DeleteAPIKeyByKey(legacySecretKey, isTrying: true);
|
|
|
|
|
if (!legacyDeleteResult.Success)
|
|
|
|
|
return legacyDeleteResult;
|
|
|
|
|
|
|
|
|
|
deleteResult = deleteResult with { WasEntryFound = deleteResult.WasEntryFound || legacyDeleteResult.WasEntryFound };
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return deleteResult;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private async Task<DeleteSecretResponse> DeleteAPIKeyByKey(string secretKey, bool isTrying = false)
|
|
|
|
|
{
|
|
|
|
|
var request = new SelectSecretRequest(secretKey, Environment.UserName, false);
|
2025-01-13 18:51:26 +00:00
|
|
|
var result = await this.http.PostAsJsonAsync("/secrets/delete", request, this.jsonRustSerializerOptions);
|
|
|
|
|
if (!result.IsSuccessStatusCode)
|
|
|
|
|
{
|
2026-06-20 13:55:09 +00:00
|
|
|
this.logger!.LogError($"Failed to delete the API key for '{secretKey}' due to an API issue: '{result.StatusCode}'");
|
2025-05-04 12:59:30 +00:00
|
|
|
return new DeleteSecretResponse{Success = false, WasEntryFound = false, Issue = TB("Failed to delete the API key due to an API issue.")};
|
2025-01-13 18:51:26 +00:00
|
|
|
}
|
2026-01-11 15:02:28 +00:00
|
|
|
|
2025-01-13 18:51:26 +00:00
|
|
|
var state = await result.Content.ReadFromJsonAsync<DeleteSecretResponse>(this.jsonRustSerializerOptions);
|
2026-06-20 13:55:09 +00:00
|
|
|
if (!state.Success && !isTrying)
|
|
|
|
|
this.logger!.LogError($"Failed to delete the API key for '{secretKey}': '{state.Issue}'");
|
2026-01-11 15:02:28 +00:00
|
|
|
|
2025-01-13 18:51:26 +00:00
|
|
|
return state;
|
|
|
|
|
}
|
|
|
|
|
}
|
