ironflow-api 2.17.5

REST API for ironflow run management and observability
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52

//! `GET /api/v1/internal/secrets/:key` -- Get a secret by key (worker only).

use axum::extract::{Path, State};
use axum::response::IntoResponse;
use chrono::{DateTime, Utc};
use serde::Serialize;
use uuid::Uuid;

use ironflow_store::entities::Secret;

use crate::error::ApiError;
use crate::response::ok;
use crate::state::AppState;

/// Internal secret response that INCLUDES the decrypted value.
///
/// Unlike the public `SecretResponse`, this is only sent to the worker
/// over the internal API (protected by WORKER_TOKEN).
#[derive(Serialize)]
struct InternalSecretResponse {
    id: Uuid,
    key: String,
    value: String,
    created_at: DateTime<Utc>,
    updated_at: DateTime<Utc>,
}

impl From<Secret> for InternalSecretResponse {
    fn from(s: Secret) -> Self {
        Self {
            id: s.id,
            key: s.key,
            value: s.value,
            created_at: s.created_at,
            updated_at: s.updated_at,
        }
    }
}

/// Get a decrypted secret by key. Worker-only (WORKER_TOKEN auth).
pub async fn get_secret(
    State(state): State<AppState>,
    Path(key): Path<String>,
) -> Result<impl IntoResponse, ApiError> {
    let secret = state
        .store
        .get_secret(&key)
        .await?
        .ok_or(ApiError::SecretNotFound(key))?;

    Ok(ok(InternalSecretResponse::from(secret)))
}