Feature: add api key auth #204
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
Author
|
@0xfurai please review :) |
tafaust
force-pushed
the
feature/182-api-key
branch
from
bf65290 to
f2dc1c7
Compare
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #204 +/- ##
==========================================
- Coverage 19.31% 18.61% -0.70%
==========================================
Files 170 181 +11
Lines 18144 18826 +682
==========================================
Hits 3504 3504
- Misses 14479 15161 +682
Partials 161 161 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Owner
|
Wow this is huge effort! Could you please remove dependency if possible. |
Contributor
Author
Yes, no problem. :) |
tafaust
force-pushed
the
feature/182-api-key
branch
from
f2dc1c7 to
e56c516
Compare
Contributor
Author
|
Rebased on main of this repository. FYI @0xfurai |
0xfurai
requested changes
Oct 10, 2025
Owner
0xfurai
left a comment
0xfurai
left a comment
There was a problem hiding this comment.
wow! this is huge PR, thanks again. I have left couple of comments, most of them minor but the api keys validation is important to address.
Waiting for updates 😉
Contributor
Author
|
@0xfurai the |
Contributor
Author
|
FYI I didn't test |
Contributor
Author
|
Not sure why the codecov checks are failing. Is it because of the line coverage decreasing? |
0xfurai
reviewed
Oct 11, 2025
0xfurai
reviewed
Oct 11, 2025
Owner
codecov only failing, thats fine |
Contributor
Author
|
@0xfurai FYI I can test and rebase onto main when the asdf PR is merged. |
Owner
done, go ahead |
- Add complete API key CRUD operations with validation - Implement unified AuthChain middleware for consistent authentication - Add API key management endpoints with proper error handling - Enhance database schema for API key storage and relationships - Add comprehensive validation for API key creation and updates - Implement multi-language localization support for API key management - Remove unused authentication methods and streamline middleware - Add proper field validation and required field enforcement This implementation provides a robust foundation for API key-based authentication across the Peekaping monitoring platform.
…ferences - Remove user_id from API key model and related database schema - Update API key service and repository methods to eliminate user_id dependency - Refactor controller methods to handle API key operations without user context
- Eliminate FindByKeyHash method from both MongoDB and SQL repository implementations - Update repository interfaces to reflect the removal of the FindByKeyHash method
- Update error responses in CreateAPIKey, GetAPIKeys, GetAPIKey, UpdateAPIKey, and DeleteAPIKey methods to return specific error messages instead of generic ones. - Log a warning when an API key is not found in the Delete method of the service layer.
- Implement validation in CreateAPIKey and UpdateAPIKey methods to ensure expiration date is not in the past and max usage count is greater than 0. - Remove redundant validation logic from the service layer, centralizing it in the controller for clean boundary separation.
- Eliminate the FindAll method from the SQLRepositoryImpl, streamlining the API key management logic. - This change simplifies the repository interface and focuses on essential operations.
- Update API key generation to include its unique ID for each key, improving traceability. - Refactor validation logic to parse the API key token, extracting the ID and actual key for verification. - Simplify the validation process by reducing the number of database queries needed to validate an API key. - Ensure that the actual key is securely hashed and stored, while the token includes the ID and key in a structured format.
- Update API key display key generation to use ApiKeyPrefix for consistency. - Modify middleware to check for ApiKeyPrefix instead of hardcoded values in authorization logic. - Enhance error handling in authentication methods to utilize http.StatusUnauthorized for clarity.
…ount - Update validation logic in the API key creation schema to ensure expiration date is a valid future date. - Refine max usage count validation to enforce that it is a positive integer. - Add additional validation checks before submission to provide immediate feedback on errors.
- Replace separate state variables for new token and newly created key ID with a single object to streamline state management. - Update related functions to utilize the new state structure for improved clarity and maintainability. - Ensure UI components reflect changes in the consolidated state.
- Introduce a new CreateAPIKeyModal component to streamline the API key creation process. - Replace the previous dialog implementation with a more modular approach, enhancing code readability and maintainability. - Update the APIKeys component to utilize the new modal, improving user experience by managing state and success callbacks more effectively.
- Introduce a DeleteConfirmationModal component to confirm API key deletions, enhancing user experience and preventing accidental deletions. - Update the APIKeys component to manage the delete confirmation state and handle deletion logic more effectively. - Refactor the handleDelete function to trigger the confirmation modal with the appropriate API key details.
- Remove JSON tags and validation constraints from CreateRequest and UpdateRequest types.
- Change the Alert component in the APIKeys to use a success variant for better visual feedback. - Modify the styling of the token display to enhance readability and user experience.
tafaust
force-pushed
the
feature/182-api-key
branch
from
4e1115e to
09ac4cc
Compare
- Introduce translations for the delete confirmation dialog related to API keys in various languages, enhancing internationalization support. - Languages updated include Arabic, Belarusian, Bulgarian, Czech, Danish, German, Greek, English, Spanish, Estonian, Basque, Persian, Finnish, French, Irish, Hebrew, Croatian, Hungarian, Indonesian, Italian, Japanese, Georgian, Korean, Lithuanian, Norwegian, Dutch, Polish, Portuguese, Romanian, Slovenian, Serbian (Cyrillic and Latin), Swedish, Thai, Turkish, Ukrainian, Urdu, Uzbek, Vietnamese, Cantonese, Simplified Chinese, Traditional Chinese, and more.
Contributor
Author
|
New screenshots:
|
- Refactor API key creation process to generate keys in three phases: initial record creation, key generation, and record update with key details. - Introduce new methods for updating key hash and display key in both MongoDB and SQL repositories. - Enhance the service layer to handle key generation and parsing, improving overall API key management. - Remove redundant utility functions related to key generation and hashing, consolidating logic within the service layer for better maintainability.
- Adjust the validation logic in isValidAPIKeyFormat to allow for a longer key length, accommodating base64 encoding requirements. - Ensure the prefix check uses the length of ApiKeyPrefix for improved accuracy.
- Change last_used and expires_at columns to TIMESTAMPTZ for better timezone handling. - Allow key_hash and display_key to be NULL initially to support two-phase creation process. - Update created_at and updated_at columns to TIMESTAMPTZ for consistency.
- Remove redundant JWT and API key authentication methods, consolidating logic into the AllAuth method. - Enhance logging for missing authorization headers and successful authentication attempts. - Introduce clear type and constructor comments for better code organization.
Owner
|
LGTM, thanks for contribution! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Warning: this PR is based on top off #202 (I can remove that dependency though)
Solves #182
Screenshots:
Overview:
Create new API key modal (respects tanstack query):
Overview:
