onboarding key expiry view

2025-10-07 01:16:28 -07:00
parent cea8601246
commit 3864bb7115
6 changed files with 75 additions and 30 deletions
--- a/bin/core/src/api/read/onboarding_key.rs
+++ b/bin/core/src/api/read/onboarding_key.rs
@@ -1,3 +1,5 @@
+use std::cmp::Ordering;
+
 use anyhow::{Context, anyhow};
 use database::mungos::find::find_collect;
 use komodo_client::api::read::{
@@ -22,9 +24,28 @@ impl Resolve<ReadArgs> for ListOnboardingKeys {
          .status_code(StatusCode::FORBIDDEN),
      );
    }
-    find_collect(&db_client().onboarding_keys, None, None)
-      .await
-      .context("Failed to query database for Server onboarding keys")
-      .map_err(Into::into)
+
+    let mut keys =
+      find_collect(&db_client().onboarding_keys, None, None)
+        .await
+        .context(
+          "Failed to query database for Server onboarding keys",
+        )?;
+
+    // No expiry keys first, followed 
+    keys.sort_by(|a, b| {
+      if a.expires == b.expires {
+        Ordering::Equal
+      } else if a.expires == 0 {
+        Ordering::Less
+      } else if b.expires == 0 {
+        Ordering::Greater
+      } else {
+        // Descending
+        b.expires.cmp(&a.expires)
+      }
+    });
+
+    Ok(keys)
  }
 }
--- a/bin/core/src/connection/server.rs
+++ b/bin/core/src/connection/server.rs
@@ -11,6 +11,7 @@ use komodo_client::{
  api::write::{CreateBuilder, CreateServer, UpdateResourceMeta},
  entities::{
    builder::{PartialBuilderConfig, PartialServerBuilderConfig},
+    komodo_timestamp,
    onboarding_key::OnboardingKey,
    server::{PartialServerConfig, Server},
    user::system_user,
@@ -344,10 +345,14 @@ impl PublicKeyValidator for CreationKeyValidator {
      .await
      .context("Failed to query database for Server onboarding keys")?
      .context("Matching Server onboarding key not found")?;
-    if onboarding_key.enabled {
+    // Check enabled and not expired.
+    if onboarding_key.enabled
+      && (onboarding_key.expires == 0
+        || onboarding_key.expires > komodo_timestamp())
+    {
      Ok(onboarding_key)
    } else {
-      Err(anyhow!("Onboarding key is disabled"))
+      Err(anyhow!("Onboarding key is invalid"))
    }
  }
 }