Skip to content

feat: validate API keys against Asobi SaaS control plane#62

Closed
Taure wants to merge 1 commit intomainfrom
feat/saas-key-validation
Closed

feat: validate API keys against Asobi SaaS control plane#62
Taure wants to merge 1 commit intomainfrom
feat/saas-key-validation

Conversation

@Taure
Copy link
Copy Markdown
Contributor

@Taure Taure commented Apr 11, 2026

Summary

  • New `asobi_saas_key_plugin` (Nova pre_request) that reads the `x-asobi-key` header, validates against saas `/internal/validate`, and stashes the resolved tenant/game/environment context on the request.
  • 5-minute ETS cache keyed on the raw key; short-circuits the HTTP roundtrip on hot paths.
  • Deployment-level environment enforcement: when `asobi.environment_name` is set (e.g. "dev" or "live"), responses whose `env_name` doesn't match are rejected with 403. So two engine deployments pointing at the same saas (api-dev.asobi.dev / api.asobi.dev) each only accept keys scoped to their own env.
  • Passthrough when `saas_internal_url` is unset — local dev and existing CT suites keep working without a running saas.
  • Prod config threads `ASOBI_SAAS_URL`, `ASOBI_SAAS_INTERNAL_TOKEN`, `ASOBI_ENVIRONMENT_NAME` through `prod_sys.config.src`.

Test plan

  • `asobi_saas_key_plugin_SUITE` — 8 cases covering passthrough, path skip, missing/invalid/mismatched/valid/cached/unreachable. Driven through a mini cowboy mock saas so real httpc + URL encoding paths are exercised.
  • rebar3 ct (164/164)
  • rebar3 xref
  • rebar3 fmt --check
  • rebar3 dialyzer
  • elp eqwalize-all — no new errors introduced (116 pre-existing to tackle separately)

@Taure
feat: validate API keys against Asobi SaaS control plane
aed8397 
New Nova pre_request plugin that calls the saas /internal/validate
endpoint to verify API keys carried in the x-asobi-key header. Stores
the resolved tenant/game/environment context on the request so
downstream handlers can scope queries.

A short-lived ETS cache (5 min TTL) keeps hot keys off the wire. When
environment_name is configured for the deployment (e.g. "dev" or
"live"), responses whose env_name doesn't match are rejected with 403 —
so a dev key against the live engine, or vice versa, is blocked at the
edge even though both deployments talk to the same saas.

The plugin is a passthrough when saas_internal_url is unset, so local
dev and the existing test suites keep working without a saas running.
Prod config takes the URL, internal token, and env name from env vars.

Adds asobi_saas_key_plugin_SUITE with 8 cases covering the full matrix
(passthrough, skip, missing/invalid/mismatched/valid key, cache hit,
saas unreachable), driven through a mini cowboy mock saas so the real
httpc + URL encoding paths are exercised.
@Taure Taure closed this Apr 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Taure