bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2025-12-25 12:43:14 +00:00
Code Issues Releases Wiki Activity
Files
afce4758332d0660dc46db83fa88b63cbcef35f4
server/util/SeederApi
History
Hinton afce475833 Add async suffix to remaining methods
2025-12-18 14:16:41 +01:00
..
Controllers
Add async suffix to remaining methods
2025-12-18 14:16:41 +01:00
Extensions
Add documentation
2025-11-13 13:14:43 +01:00
Models
Add documentation
2025-11-13 13:14:43 +01:00
Properties
Wire up SDK
2025-10-09 17:32:41 -07:00
Services
Add async suffix to remaining methods
2025-12-18 14:16:41 +01:00
appsettings.Development.json
Initial PoC of seeder API
2025-10-07 12:20:32 -07:00
appsettings.json
Initial cleanup
2025-10-16 15:17:44 -07:00
Program.cs
Fix breaking change
2025-11-27 15:36:39 +01:00
README.md
Add README.
2025-12-18 11:38:58 +01:00
SeederApi.csproj
Initial cleanup
2025-10-16 15:17:44 -07:00
Startup.cs
Resolve some comments
2025-12-18 14:04:08 +01:00

README.md

SeederApi

A web API for dynamically seeding and querying test data in the Bitwarden database during development and testing.

Overview

The SeederApi provides HTTP endpoints to execute Seeder scenes and queries, enabling automated test data generation and retrieval through a RESTful interface. This is particularly useful for integration testing, local development workflows, and automated test environments.

Architecture

The SeederApi consists of three main components:

  1. Controllers - HTTP endpoints for seeding, querying, and managing test data
  2. Services - Business logic for scene and query execution
  3. Models - Request/response models for API communication

Key Components

  • SeedController (/seed) - Creates and destroys seeded test data
  • QueryController (/query) - Executes read-only queries against existing data
  • InfoController (/alive, /version) - Health check and version information
  • SceneService - Manages scene execution and cleanup with play ID tracking
  • QueryService - Executes read-only query operations

How To Use

Starting the API

cd util/SeederApi
dotnet run

The API will start on the configured port (typically http://localhost:5000).

Seeding Data

Send a POST request to /seed with a scene template name and optional arguments. Include the X-Play-Id header to track the seeded data for later cleanup:

curl -X POST http://localhost:5000/seed \
  -H "Content-Type: application/json" \
  -H "X-Play-Id: test-run-123" \
  -d '{
    "template": "SingleUserScene",
    "arguments": {
      "email": "test@example.com"
    }
  }'

Response:

{
  "mangleMap": {
    "test@example.com": "1854b016+test@example.com",
    "42bcf05d-7ad0-4e27-8b53-b3b700acc664": "42bcf05d-7ad0-4e27-8b53-b3b700acc664"
  },
  "result": null
}

The result contains the data returned by the scene, and mangleMap contains ID mappings if ID mangling is enabled. Use the X-Play-Id header value to later destroy the seeded data.

Querying Data

Send a POST request to /query to execute read-only queries:

curl -X POST http://localhost:5000/query \
  -H "Content-Type: application/json" \
  -d '{
    "template": "EmergencyAccessInviteQuery",
    "arguments": {
      "email": "test@example.com"
    }
  }'

Response:

[
  "/accept-emergency?..."
]

Destroying Seeded Data

Delete by Play ID

Use the same play ID value you provided in the X-Play-Id header:

curl -X DELETE http://localhost:5000/seed/test-run-123

Delete Multiple by Play IDs

curl -X DELETE http://localhost:5000/seed/batch \
  -H "Content-Type: application/json" \
  -d '["test-run-123", "test-run-456"]'

Delete All Seeded Data

curl -X DELETE http://localhost:5000/seed

Health Checks

# Check if API is alive
curl http://localhost:5000/alive

# Get API version
curl http://localhost:5000/version

Creating Scenes and Queries

Scenes and queries are defined in the Seeder project. The SeederApi automatically discovers and registers all classes implementing the scene and query interfaces.

Configuration

The SeederApi uses the standard Bitwarden configuration system:

  • appsettings.json - Base configuration
  • appsettings.Development.json - Development overrides
  • dev/secrets.json - Local secrets (database connection strings, etc.)
  • User Secrets ID: bitwarden-seeder-api

Required Settings

The SeederApi requires the following configuration:

  • Database Connection - Connection string to the Bitwarden database
  • Global Settings - Standard Bitwarden GlobalSettings configuration

Play ID Tracking

Certain entities such as Users and Organizations are tracked when created by a request including a PlayId. This enables entities to be deleted after using the PlayId.

The X-Play-Id Header

Important: All seed requests should include the X-Play-Id header:

-H "X-Play-Id: your-unique-identifier"

The play ID can be any string that uniquely identifies your test run or session. Common patterns:

How Play ID Tracking Works

When TestPlayIdTrackingEnabled is enabled in GlobalSettings, the PlayIdMiddleware (see src/SharedWeb/Utilities/PlayIdMiddleware.cs:7-23) automatically:

  1. Extracts the X-Play-Id header from incoming requests
  2. Sets the play ID in the PlayIdService for the request scope
  3. Tracks all entities (users, organizations, etc.) created during the request
  4. Associates them with the play ID in the PlayData table
  5. Enables complete cleanup via the delete endpoints

This tracking works for any API request that includes the X-Play-Id header, not just SeederApi endpoints. This means you can track entities created through:

  • Scene executions - Data seeded via /seed endpoint
  • Regular API operations - Users signing up, creating organizations, inviting members, etc.
  • Integration tests - Any HTTP requests to the Bitwarden API during test execution

Without the X-Play-Id header, entities will not be tracked and cannot be cleaned up using the delete endpoints.

Security Considerations

Warning

The SeederApi is intended for development and testing environments only. Never deploy this API to production environments.