commit · quire · 2ef10324

Return secret API response as JSON object

Change the GET /api/runs/:run_id/secrets/:name endpoint from returning
a plain text string to a JSON object {"value": "..."}. Update the
quire-ci fetcher to parse the JSON response. This gives us a structured
response that can be extended with additional fields later without
breaking the API contract.

Assisted-by: Owl Alpha via pi

change onuwvvnnytylurvylrtszpwrpwptuzvo

commit 2ef10324b0e1d2a891eb43e6d92a854aa5892330

author Alpha Chen <alpha@kejadlen.dev>

date 1mo ago

parent 12ecb0f4

diff --git a/quire-ci/src/main.rs b/quire-ci/src/main.rs
index eed9858..a2b358c 100644
--- a/quire-ci/src/main.rs
+++ b/quire-ci/src/main.rs
@@ -383,9 +383,14 @@ fn fetch_secret_from_api(session: &ApiSession, name: &str) -> quire_core::secret
 
         let status = resp.status();
         if status.is_success() {
-            resp.text()
+            let body: serde_json::Value = resp
+                .json()
                 .await
-                .map_err(|e| SecretError::Resolve(e.to_string()))
+                .map_err(|e| SecretError::Resolve(e.to_string()))?;
+            body["value"]
+                .as_str()
+                .ok_or_else(|| SecretError::Resolve("secret response missing 'value' field".into()))
+                .map(String::from)
         } else if status == reqwest::StatusCode::NOT_FOUND {
             Err(SecretError::UnknownSecret(name_owned))
         } else {
diff --git a/quire-server/src/quire/web/api.rs b/quire-server/src/quire/web/api.rs
index eacf6e3..babdb9a 100644
--- a/quire-server/src/quire/web/api.rs
+++ b/quire-server/src/quire/web/api.rs
@@ -88,7 +88,7 @@ async fn get_secret(
     State(quire): State<Quire>,
     AxumPath((run_id, name)): AxumPath<(String, String)>,
     bearer: Option<TypedHeader<Authorization<Bearer>>>,
-) -> Result<(StatusCode, String), ApiError> {
+) -> Result<axum::Json<serde_json::Value>, ApiError> {
     let Some(TypedHeader(Authorization(bearer))) = bearer else {
         return Err(ApiError::Unauthorized);
     };
@@ -109,7 +109,7 @@ async fn get_secret(
     .await
     .expect("blocking task panicked")?;
 
-    Ok((StatusCode::OK, value))
+    Ok(axum::Json(serde_json::json!({ "value": value })))
 }
 
 #[cfg(test)]
@@ -235,6 +235,7 @@ mod tests {
 
         use http_body_util::BodyExt;
         let body = resp.into_body().collect().await.unwrap().to_bytes();
-        assert_eq!(body.as_ref(), b"hunter2");
+        let parsed: serde_json::Value = serde_json::from_slice(&body).expect("json body");
+        assert_eq!(parsed["value"], "hunter2");
     }
 }