This PR refactors authorization logic for Sites and Stats APIs, unifying it under a single plug. API keys already have a notion of "scopes" though it's merely utilized in a label-like fashion for Sites API key checks. The refactored version implements basic support for scopes. Due to the way API keys are currently provisioned (with a single explicit scope at a time), a notion of implicit scopes is introduced, which are considered as always matching provided the API key is valid.
The main point of this refactor is exposing read-only portion of Sites API to API keys without site provisioning scope. It also will serve as a basis for introducing further Sites API read-only endpoints needed for integrations we are currently working on.
Changes
This PR refactors authorization logic for Sites and Stats APIs, unifying it under a single plug. API keys already have a notion of "scopes" though it's merely utilized in a label-like fashion for Sites API key checks. The refactored version implements basic support for scopes. Due to the way API keys are currently provisioned (with a single explicit scope at a time), a notion of implicit scopes is introduced, which are considered as always matching provided the API key is valid.
The main point of this refactor is exposing read-only portion of Sites API to API keys without site provisioning scope. It also will serve as a basis for introducing further Sites API read-only endpoints needed for integrations we are currently working on.
Tests
Changelog
Documentation
Dark mode