Skip to content

feat!: refactor swagger API authentication #210

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
0xfurai merged 7 commits into from
Oct 14, 2025
Merged

feat!: refactor swagger API authentication #210

0xfurai merged 7 commits into from
Oct 14, 2025

Conversation

@tafaust
Copy link
Contributor

@tafaust tafaust commented Oct 13, 2025
edited
Loading

  • Updated security definitions in Swagger and Go files to replace BearerAuth with JwtAuth.
  • Simplified API key and JWT authentication across various controllers and middleware.
  • Removed unauthorized response handling from API documentation.
  • Enhanced API key management documentation for clarity.
  • Updated frontend SDK to reflect changes in API key and JWT authentication methods.

Warning

Attention: Breaking change with the API Key !
Change header from Authorization: pk_... to X-API-Key: pk_...

Resolves #208

@tafaust
feat: refactor swagger API authentication
09a043b 
- Updated security definitions in Swagger and Go files to replace BearerAuth with JwtAuth.
- Simplified API key and JWT authentication across various controllers and middleware.
- Removed unauthorized response handling from API documentation.
- Enhanced API key management documentation for clarity.
- Updated frontend SDK to reflect changes in API key and JWT authentication methods.
@codecov
Copy link

codecov bot commented Oct 13, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 46.15385% with 14 lines in your changes missing coverage. Please review.
✅ Project coverage is 19.90%. Comparing base (0ad9871) to head (e5c5bef).
⚠️ Report is 3 commits behind head on main.

Files with missing lines Patch % Lines
apps/server/src/modules/middleware/auth_chain.go 0.00% 13 Missing ⚠️
apps/server/src/modules/api_key/api_key.service.go 80.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #210      +/-   ##
==========================================
+ Coverage   18.61%   19.90%   +1.29%     
==========================================
  Files         181      181              
  Lines       18826    18829       +3     
==========================================
+ Hits         3504     3748     +244     
+ Misses      15161    14897     -264     
- Partials      161      184      +23

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

0xfurai
0xfurai reviewed Oct 13, 2025
View reviewed changes
@tafaust
refactor(auth_chain): update logging level for missing authentication…
74cbd91 
… headers

- Changed log level from Warn to Debug for missing authentication headers in AllAuth method to reduce log noise.
- Minor formatting adjustment in the code for improved readability.
@tafaust
refactor(auth_chain): change logging levels for authentication routing
1a98273 
- Updated log level from Info to Debug for API key and JWT authentication routing to reduce log verbosity.
- Changed log level from Debug to Warn for missing authentication headers to highlight critical issues more effectively.
@tafaust
fix(api_key): standardize error messages for invalid API keys
cb73708 
- Updated error messages in the ValidateKey method to use lowercase "invalid API key" for consistency.
@tafaust
fix(api_key): update context usage in API key validation
bfc9686 
- Changed the context parameter in the ValidateKey method call from the gin context to the request context for improved consistency and reliability in API key validation.
@tafaust
feat(api_key): add comprehensive tests for API key service and middle…
980f4da 
…ware

- Introduced unit tests for the API key service, covering key creation, validation, expiration handling, and usage limits.
- Added middleware tests to ensure proper authentication flow and error handling for missing or invalid API keys.
- Implemented a mock service for testing middleware interactions, enhancing test coverage and reliability.
@tafaust
feat(api_key): add integration tests for API key service functionality
e5c5bef 
- Introduced a new integration test suite for the API key service, covering key creation, validation, expiration handling, and usage limits.
- Implemented tests for middleware interactions with real HTTP requests to ensure proper authentication flow.
- Enhanced test coverage by validating key usage count updates and handling of expired keys.
@tafaust
Copy link
Contributor Author

tafaust commented Oct 13, 2025

I added some fixes, unit tests and gave integration tests a stab. Please let me know if I should revert something.

@0xfurai
Copy link
Owner

0xfurai commented Oct 14, 2025

LGTM!

@0xfurai 0xfurai merged commit 4b3adfa into 0xfurai:main Oct 14, 2025
9 checks passed
tafaust added a commit to tafaust/peekaping that referenced this pull request Oct 14, 2025
@tafaust
feat!: refactor swagger API authentication (0xfurai#210)
aef44dd 
* feat: refactor swagger API authentication

- Updated security definitions in Swagger and Go files to replace BearerAuth with JwtAuth.
- Simplified API key and JWT authentication across various controllers and middleware.
- Removed unauthorized response handling from API documentation.
- Enhanced API key management documentation for clarity.
- Updated frontend SDK to reflect changes in API key and JWT authentication methods.

* refactor(auth_chain): update logging level for missing authentication headers

- Changed log level from Warn to Debug for missing authentication headers in AllAuth method to reduce log noise.
- Minor formatting adjustment in the code for improved readability.

* refactor(auth_chain): change logging levels for authentication routing

- Updated log level from Info to Debug for API key and JWT authentication routing to reduce log verbosity.
- Changed log level from Debug to Warn for missing authentication headers to highlight critical issues more effectively.

* fix(api_key): standardize error messages for invalid API keys

- Updated error messages in the ValidateKey method to use lowercase "invalid API key" for consistency.

* fix(api_key): update context usage in API key validation

- Changed the context parameter in the ValidateKey method call from the gin context to the request context for improved consistency and reliability in API key validation.

* feat(api_key): add comprehensive tests for API key service and middleware

- Introduced unit tests for the API key service, covering key creation, validation, expiration handling, and usage limits.
- Added middleware tests to ensure proper authentication flow and error handling for missing or invalid API keys.
- Implemented a mock service for testing middleware interactions, enhancing test coverage and reliability.

* feat(api_key): add integration tests for API key service functionality

- Introduced a new integration test suite for the API key service, covering key creation, validation, expiration handling, and usage limits.
- Implemented tests for middleware interactions with real HTTP requests to ensure proper authentication flow.
- Enhanced test coverage by validating key usage count updates and handling of expired keys.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@0xfurai 0xfurai 0xfurai left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Chore]: Move Api Key into its own http header

2 participants

@tafaust @0xfurai