Api Keys by bazumo · Pull Request #590 · hexclave/stack-auth

bazumo · 2025-03-27T18:13:00Z

Important

Introduces API key management for users and teams, integrating with existing project configurations and permissions, and adds comprehensive tests and examples.

API Key Management:
- Introduces ProjectApiKey model in schema.prisma for managing API keys.
- Adds createApiKeyHandlers in handlers.tsx to handle API key CRUD operations.
- Implements API key creation, revocation, and validation logic.
Permissions and Configurations:
- Adds allowUserApiKeys and allowTeamApiKeys to ProjectConfig in schema.prisma.
- Updates TeamSystemPermission enum to include MANAGE_API_KEYS.
- Ensures API key operations respect project configurations and user/team permissions.
Testing and Examples:
- Adds extensive tests in api-keys.test.ts to cover various API key scenarios.
- Updates example projects to demonstrate API key usage.
Miscellaneous:
- Refactors existing code to integrate API key functionalities.
- Updates documentation and type definitions to reflect new API key features.

^{This description was created by}^{for 96f60c5. It will automatically update as commits are pushed.}

---- > [!IMPORTANT] > Refactor and enhance API key management with new types, utility functions, and schema validation across the codebase. > > - **API Key Management**: > - Introduced `ApiKey` type with `user` and `team` variants in `api-keys/index.ts`. > - Added `apiKeyCreationOptionsToCrud` and `apiKeyUpdateOptionsToCrud` functions for CRUD operations. > - Updated `client-app-impl.ts` and `server-app-impl.ts` to use new API key types and functions. > - **Schema and Validation**: > - Added `yupValidate` function in `schema-fields.ts` for enhanced validation. > - Introduced `IfAndOnlyIf` type in `types.ts` for conditional type handling. > - **Utility Functions**: > - Added `toHexString`, `getBase32CharacterFromIndex`, and `getBase32IndexFromCharacter` in `bytes.tsx`. > - Updated `sha512` function in `hashes.tsx` to return `Uint8Array`. > - Introduced `filterUndefinedOrNull` in `objects.tsx` for filtering null and undefined values. > - **Code Refactoring**: > - Refactored API key handling in `client-app-impl.ts` and `server-app-impl.ts` to use new utility functions and types. > - Removed deprecated functions and streamlined API key operations across the codebase. > > <sup>This description was created by </sup>[<img alt="Ellipsis" src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup> for 2d1c66a. It will automatically update as commits are pushed.</sup>

vercel · 2025-03-27T18:13:05Z

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
stack-backend	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Apr 4, 2025 7:03pm
stack-dashboard	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Apr 4, 2025 7:03pm
stack-demo	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Apr 4, 2025 7:03pm

recurseml · 2025-03-27T18:13:33Z

⚠️ Only 50 files will be analyzed due to processing limits.

recurseml · 2025-03-27T18:14:47Z

😱 Found 7 issues. Time to roll up your sleeves! 😱

🗒️ View all ignored comments in this repo

The constraint 'TokenStoreType extends string' is too restrictive. It should likely be 'TokenStoreType extends string | object' to match the condition check in line 113 where TokenStoreType is checked against {}
Return type mismatch - the interface declares useUsers() returning ServerUser[] but the Team interface that this extends declares useUsers() returning TeamUser[]
There is a syntax error in the super constructor call due to the ellipsis operator used incorrectly. Objects aren't being merged correctly. This syntax usage can lead to runtime errors when trying to pass the merged object to 'super()'. Verify that the intended alterations to the object occur before or outside of the super() call if needed.
Throwing an error when no active span is found is too aggressive. The log function should gracefully fallback to console.log or another logging mechanism when there's no active span, since not all execution contexts will have an active span. This makes the code less resilient and could break functionality in non-traced environments.

📚 Relevant Docs

Function sets backendContext with a new configuration but doesn't pass 'defaultProjectKeys'. Since defaultProjectKeys is required in the type definition and cannot be updated (throws error if tried to set), this will cause a type error.
The schema is using array syntax for pick() which is incorrect for Yup schemas. The pick() method in Yup expects individual arguments, not an array. Should be changed to: emailConfigSchema.pick('type', 'host', 'port', 'username', 'sender_name', 'sender_email')

📚 Relevant Docs

Creating a refresh token with current timestamp as expiration means it expires immediately. Should set a future date for token expiration.
The 'tools' object is initialized as an empty object, even though 'tools' is presumably expected to contain tool definitions. This could cause the server capabilities to lack necessary tool configurations, thus potentially impacting functionalities that depend on certain tool setups.

📚 Relevant Docs

'STACK_SECRET_SERVER_KEY' is potentially being included in every request header without checking its existence again here. Although it's checked during initialization, this could lead to security issues as it's exposed in all communications where the header is logged or captured.

📚 Relevant Docs

When adding 'use client' directive at the beginning, it doesn't check if file.text already contains the 'use client' directive. This could lead to duplicate 'use client' directives if the file already has one.

📚 Relevant Docs

fomalhautb

Did finish reviewing everything, but left some comments now

fomalhautb

Can you add e2e tests for client library?

bazumo · 2025-04-03T23:32:55Z

@fomalhautb can you think of any tests that are missing?

N2D4

I like about this PR that 2/3s of its LOC are tests

@fomalhautb waiting for your review too, but after fixing the comments here LGTM

bazumo and others added 18 commits March 18, 2025 15:18

schema

4b15daf

add option to enable user/team/tenancy api keys

7b6004d

fix schema

6379dd4

crud, api, rename existing apikeys

8044c95

frontend and some fixes

4872543

fix bug

b265df9

Merge branch 'dev' into api.keys

45e5e71

rename file

4a2acad

add interal everywhere for internal api keys

e8cd001

consistent naming

8c805c0

implement security checks

ce6b7a2

update snapshots

c45a837

add api keys tests

2e093ed

improvements

befcb63

move delete and add apikey type

1e5e278

refacotring of hell

b5079e6

wip commit

ab62a2f

minor fixes

7727455

recurseml Bot reviewed Mar 27, 2025

View reviewed changes

Comment thread apps/backend/src/route-handlers/smart-route-handler.tsx

recurseml Bot reviewed Mar 27, 2025

View reviewed changes

Comment thread apps/dashboard/src/components/data-table/api-key-table.tsx

recurseml Bot reviewed Mar 27, 2025

View reviewed changes

Comment thread apps/e2e/tests/backend/endpoints/api/v1/internal-metrics.test.ts

recurseml Bot reviewed Mar 27, 2025

View reviewed changes

Comment thread apps/e2e/tests/backend/endpoints/api/v1/teams.test.ts

recurseml Bot reviewed Mar 27, 2025

View reviewed changes

Comment thread apps/e2e/tests/snapshot-serializer.ts Outdated

vercel Bot had a problem deploying to Preview – stack-demo March 27, 2025 18:15 Failure

vercel Bot had a problem deploying to Preview – stack-dashboard March 27, 2025 18:15 Failure

vercel Bot had a problem deploying to Preview – stack-backend March 27, 2025 18:17 Failure

fomalhautb reviewed Apr 2, 2025

View reviewed changes

Comment thread apps/backend/src/app/api/latest/(api-keys)/handlers.tsx

Comment thread apps/backend/src/app/api/latest/(api-keys)/handlers.tsx

Comment thread apps/backend/src/app/api/latest/(api-keys)/handlers.tsx

fomalhautb reviewed Apr 2, 2025

View reviewed changes

Comment thread packages/template/src/lib/stack-app/apps/implementations/server-app-impl.ts

Comment thread packages/template/src/lib/stack-app/apps/implementations/server-app-impl.ts Outdated

don't require user_id and team_id in read and update

6ac500a

ellipsis-dev Bot reviewed Apr 3, 2025

View reviewed changes

Comment thread apps/e2e/tests/backend/endpoints/api/v1/api-keys.test.ts Outdated

bazumo and others added 2 commits April 3, 2025 11:49

Merge branch 'dev' into api.keys

4aba6ba

e2e sdk test

1b6a71d

ellipsis-dev Bot reviewed Apr 3, 2025

View reviewed changes

Comment thread packages/template/src/lib/stack-app/apps/implementations/server-app-impl.ts Outdated

Comment thread apps/e2e/tests/snapshot-serializer.ts

bazumo added 3 commits April 3, 2025 15:49

fix

ef7c57e

More tests

2c92dcf

fix lint

5a5b639

N2D4 reviewed Apr 3, 2025

View reviewed changes

Comment thread apps/backend/prisma/schema.prisma Outdated