fix: api key creation cli

[elibosley]

Summary by CodeRabbit

• New Features
  • Added --overwrite CLI flag; prompts for roles/permissions only when missing.
• Bug Fixes
  • Existing API keys detected by name before create; invalid role inputs are filtered with clear warnings.
• Refactor
  • Centralized role parsing/validation and explicit non-interactive create checks; uses a sensible default description.
• Tests
  • Added comprehensive unit tests for role parsing, CLI create/retrieve/overwrite flows.
• Chores
  • Updated API configuration version to 4.17.0.

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

Bumps api/dev config version. Refactors ApiKeyService role parsing to validate and warn on invalid roles. Adds gating methods and adjusts overwrite lookup in AddApiKeyQuestionSet. Adds --overwrite flag and non-interactive overwrite handling in ApiKeyCommand. Adds comprehensive unit tests for service, CLI command, and question set.

Changes

Cohort / File(s)	Summary of Changes
Config version bump api/dev/configs/api.json	Updated version from 4.15.1 to 4.17.0; other fields unchanged.
Auth service role parsing api/src/unraid-api/auth/api-key.service.ts	Rewrote convertRolesStringArrayToRoles to explicitly normalize, validate against allowed roles, collect invalid inputs, warn via logger, and return only valid roles.
Auth service tests api/src/unraid-api/auth/api-key.service.spec.ts	Added tests covering trimming/case normalization, invalid-role filtering with warning, empty input, mapping all enum values, and deduplication behavior.
CLI question set prompts api/src/unraid-api/cli/apikey/add-api-key.questions.ts	Added shouldAskRoles and shouldAskPermissions gating methods; changed overwrite existence check to use findByField('name', ...).
CLI command implementation api/src/unraid-api/cli/apikey/api-key.command.ts	Added --overwrite flag and parseOverwrite(); parseRoles delegates to service conversion and errors on empty result; run flow enforces minimum-info prompting, pre-checks existing key by name, blocks accidental non-interactive overwrite unless --overwrite is passed, and propagates overwrite in create payload.
CLI command tests api/src/unraid-api/cli/__test__/api-key.command.test.ts, api/src/unraid-api/cli/apikey/api-key.command.spec.ts	Added tests for question-set overwrite logic, prompting conditions, parseRoles behavior (valid/invalid/mixed), and run/create flows for existing and newly created keys; mocks validate logging and create/find interactions.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant User
  participant CLI as ApiKeyCommand
  participant Inq as InquirerService
  participant Svc as ApiKeyService
  participant Log as LogService

  User->>CLI: run(options)
  alt create === false
    CLI->>Svc: findByField('name', options.name)
    alt Found
      Svc-->>CLI: existingKey
      CLI->>Log: info(existingKey.value)
      CLI-->>User: existingKey
    else Not Found
      CLI-->>User: null
    end
  else create === true
    alt has name AND (roles OR permissions)
      note over CLI: Skip prompts
    else missing minimum info
      CLI->>Inq: prompt('add-api-key', options)
      Inq-->>CLI: answers
    end
    alt existingKey found AND not overwrite
      CLI->>Log: error("API key with name 'X' already exists. Use --overwrite to replace it.")
      CLI-->>User: exit
    else
      CLI->>Svc: create({ name, description, roles, permissions, overwrite })
      Svc-->>CLI: newKey
      CLI->>Log: info(newKey.value)
      CLI-->>User: newKey
    end
  end

Loading

sequenceDiagram
  autonumber
  participant CMD as ApiKeyCommand.parseRoles
  participant Svc as ApiKeyService.convertRolesStringArrayToRoles
  participant Log as ApiKeyService.logger

  CMD->>Svc: convert([" admin ", "Foo", "USER"])
  Svc->>Svc: normalize each (trim + uppercase)
  Svc->>Svc: validate against validRoles
  alt any invalid
    Svc->>Log: warn("Invalid roles: Foo")
  end
  Svc-->>CMD: [Role.ADMIN, Role.USER]
  alt result empty
    CMD-->>CMD: throw Error("Invalid roles. Valid options are: ...")
  else
    CMD-->>CMD: return roles
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• fix: api key creation cli #1637 — Overlaps CLI and API key handling changes (role conversion, ApiKeyCommand flows, questions, and overwrite semantics).

Suggested reviewers

• pujitm

Poem

I thump my paws at version’s climb,
Roles now sifted, neat in line.
Prompts hop in only when they should,
Warnings nibble where inputs aren’t good.
Keys appear—found or freshly spun—🥕

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between a5f5a2c and 0e3fd9a.

📒 Files selected for processing (3)

• api/src/unraid-api/cli/__test__/api-key.command.test.ts (1 hunks)
• api/src/unraid-api/cli/apikey/api-key.command.spec.ts (1 hunks)
• api/src/unraid-api/cli/apikey/api-key.command.ts (5 hunks)

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/api-key-creation-cli

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[claude]

Claude finished @elibosley's task —— View job

---

Code Review Analysis - DIFF Changes Only

Todo List:

• Review changed lines in all 7 modified files for critical issues
• Check for bugs, security issues, breaking changes, data loss risks
• Provide focused feedback on diff changes only

---

✅ No critical issues found in changes

Analysis Summary:
Reviewed the specific diff changes across all 7 files focusing only on added/modified lines:

1. api-key.service.ts: Enhanced role validation with proper error collection and logging - SAFE
2. api-key.command.ts: Fixed overwrite flag handling and added proper conditional prompting - SAFE
3. add-api-key.questions.ts: Added conditional prompting logic and fixed overwrite check to use findByField - SAFE
4. Test files: Added comprehensive test coverage - SAFE
5. Config version bump: Minor version update - SAFE

Key improvements in changes:

• Better role validation with proper error handling
• Fixed overwrite flag behavior (was hardcoded to true, now properly uses user input)
• Enhanced CLI conditional prompting logic
• Comprehensive test coverage added

No security vulnerabilities, breaking changes, data loss risks, or logic errors detected in the modified lines.

[pujitm]

would invalidRoles be useful to return from here as well?

[coderabbitai]

Actionable comments posted: 5

🧹 Nitpick comments (14)

api/src/unraid-api/auth/api-key.service.ts (1)

112-132: Consider deduping roles to avoid redundant entries.
Repeated roles offer no additional privilege and just bloat payloads.

Apply minimal dedupe while preserving order:

     public convertRolesStringArrayToRoles(roles: string[]): Role[] {
         const validRoles: Role[] = [];
         const invalidRoles: string[] = [];

         for (const roleStr of roles) {
             const upperRole = roleStr.trim().toUpperCase();
             const role = Role[upperRole as keyof typeof Role];

             if (role && ApiKeyService.validRoles.has(role)) {
                 validRoles.push(role);
             } else {
                 invalidRoles.push(roleStr);
             }
         }

         if (invalidRoles.length > 0) {
             this.logger.warn(`Ignoring invalid roles: ${invalidRoles.join(', ')}`);
         }

-        return validRoles;
+        return Array.from(new Set(validRoles));
     }

Note: Update tests if you adopt this.

api/src/unraid-api/auth/api-key.service.spec.ts (1)

768-774: Test name contradicts behavior.
The implementation preserves duplicates; rename to reflect that, or dedupe in code.

- it('should deduplicate roles', () => {
+ it('should preserve duplicate roles', () => {

api/src/unraid-api/cli/apikey/add-api-key.questions.ts (1)

76-83: Type nit: confirm returns boolean, not string.
Prevents type drift in options.

- parseOverwrite(val: string) {
+ parseOverwrite(val: boolean) {
   return val;
 }

api/src/unraid-api/cli/apikey/api-key.command.spec.ts (7)

5-5: Reset mocks between tests

Add afterEach to clear mocks to avoid inter-test leakage.

Apply this diff:

-import { beforeEach, describe, expect, it, vi } from 'vitest';
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest';

And insert after the providers are retrieved:

@@
-        logService = module.get<LogService>(LogService);
+        logService = module.get<LogService>(LogService);
+        inquirerService = module.get<InquirerService>(InquirerService);
     });
 
+    afterEach(() => {
+        vi.clearAllMocks();
+    });

---

11-15: Expose InquirerService for assertions

Capture InquirerService so tests can assert no prompting when not needed.

Apply this diff:

 describe('ApiKeyCommand', () => {
     let command: ApiKeyCommand;
     let apiKeyService: ApiKeyService;
     let logService: LogService;
+    let inquirerService: InquirerService;

---

71-80: Avoid coupling to whitespace in parseRoles -> service handoff

Asserting exact args with a leading space is brittle. Just assert delegation occurred and the result.

Apply this diff:

-            expect(mockConvert).toHaveBeenCalledWith(['ADMIN', ' VIEWER']);
+            expect(mockConvert).toHaveBeenCalledTimes(1);
             expect(result).toEqual([Role.ADMIN, Role.VIEWER]);

---

144-152: Assert no prompt when creating with sufficient args

Ensure CLI skips interactive prompt on fully-specified create.

Apply this diff:

             expect(apiKeyService.create).toHaveBeenCalledWith({
                 name: 'TEST',
                 description: 'Test description',
                 roles: [Role.ADMIN],
                 permissions: undefined,
                 overwrite: true,
             });
             expect(logService.log).toHaveBeenCalledWith('test-key-123');
+            expect(inquirerService.prompt).not.toHaveBeenCalled();

---

181-189: Also assert no prompt when creating with only permissions

Keeps behavior-focused and prevents regressions.

Apply this diff:

             expect(apiKeyService.create).toHaveBeenCalledWith({
                 name: 'TEST_PERMS',
                 description: 'Test with permissions',
                 roles: undefined,
                 permissions: mockPermissions,
                 overwrite: true,
             });
             expect(logService.log).toHaveBeenCalledWith('test-key-456');
+            expect(inquirerService.prompt).not.toHaveBeenCalled();

---

210-217: Assert no prompt on default-description path

Same rationale as above.

Apply this diff:

             expect(apiKeyService.create).toHaveBeenCalledWith({
                 name: 'NO_DESC',
                 description: 'CLI generated key: NO_DESC',
                 roles: [Role.VIEWER],
                 permissions: undefined,
                 overwrite: true,
             });
+            expect(inquirerService.prompt).not.toHaveBeenCalled();

---

240-284: Remove duplicate parseRoles tests misplaced under “run”

These three tests re-cover parseRoles and belong above (already covered). Keeping them here increases noise and maintenance.

Apply this diff to delete the duplicates:

-        it('should handle uppercase role conversion', () => {
-            const mockConvert = vi
-                .spyOn(apiKeyService, 'convertRolesStringArrayToRoles')
-                .mockImplementation((roles) => {
-                    return roles
-                        .map((roleStr) => Role[roleStr.trim().toUpperCase() as keyof typeof Role])
-                        .filter(Boolean);
-                });
-
-            const result = command.parseRoles('admin,connect');
-
-            expect(mockConvert).toHaveBeenCalledWith(['admin', 'connect']);
-            expect(result).toEqual([Role.ADMIN, Role.CONNECT]);
-        });
-
-        it('should handle lowercase role conversion', () => {
-            const mockConvert = vi
-                .spyOn(apiKeyService, 'convertRolesStringArrayToRoles')
-                .mockImplementation((roles) => {
-                    return roles
-                        .map((roleStr) => Role[roleStr.trim().toUpperCase() as keyof typeof Role])
-                        .filter(Boolean);
-                });
-
-            const result = command.parseRoles('viewer');
-
-            expect(mockConvert).toHaveBeenCalledWith(['viewer']);
-            expect(result).toEqual([Role.VIEWER]);
-        });
-
-        it('should handle mixed case role conversion', () => {
-            const mockConvert = vi
-                .spyOn(apiKeyService, 'convertRolesStringArrayToRoles')
-                .mockImplementation((roles) => {
-                    return roles
-                        .map((roleStr) => Role[roleStr.trim().toUpperCase() as keyof typeof Role])
-                        .filter(Boolean);
-                });
-
-            const result = command.parseRoles('Admin,CoNnEcT');
-
-            expect(mockConvert).toHaveBeenCalledWith(['Admin', 'CoNnEcT']);
-            expect(result).toEqual([Role.ADMIN, Role.CONNECT]);
-        });

api/src/unraid-api/cli/__test__/api-key.command.test.ts (4)

4-4: Reset mocks between tests

Add afterEach to clear mocks across the suite.

Apply this diff:

-import { beforeEach, describe, expect, it, vi } from 'vitest';
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest';

And insert after providers are retrieved:

@@
-        questionSet = module.get<AddApiKeyQuestionSet>(AddApiKeyQuestionSet);
+        questionSet = module.get<AddApiKeyQuestionSet>(AddApiKeyQuestionSet);
     });
 
+    afterEach(() => {
+        vi.clearAllMocks();
+    });

---

86-95: Also assert no creation/prompt when fetching existing key

Strengthens behavior guarantees.

Apply this diff:

             expect(apiKeyService.findByField).toHaveBeenCalledWith('name', 'test-key');
             expect(logService.log).toHaveBeenCalledWith('test-api-key-123');
+            expect(apiKeyService.create).not.toHaveBeenCalled();
+            expect(inquirerService.prompt).not.toHaveBeenCalled();

---

101-116: Assert no prompt when creating with sufficient args

Avoids regressions into unnecessary interactivity.

Apply this diff:

             expect(apiKeyService.create).toHaveBeenCalledWith({
                 name: 'new-key',
                 description: 'Test description',
                 roles: ['ADMIN'],
                 permissions: undefined,
                 overwrite: true,
             });
             expect(logService.log).toHaveBeenCalledWith('new-api-key-456');
+            expect(inquirerService.prompt).not.toHaveBeenCalled();

---

118-136: Strengthen assertion on created payload after prompt

Verify overwrite flag and key fields without being brittle.

Apply this diff:

             expect(inquirerService.prompt).toHaveBeenCalledWith('add-api-key', {
                 name: '',
                 create: true,
             });
-            expect(apiKeyService.create).toHaveBeenCalled();
+            expect(apiKeyService.create).toHaveBeenCalledWith(
+                expect.objectContaining({
+                    name: 'prompted-key',
+                    roles: ['USER'],
+                    permissions: [],
+                    description: 'Prompted description',
+                    overwrite: true,
+                }),
+            );

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 9d42b36 and a5f5a2c.

📒 Files selected for processing (7)

• api/dev/configs/api.json (1 hunks)
• api/src/unraid-api/auth/api-key.service.spec.ts (1 hunks)
• api/src/unraid-api/auth/api-key.service.ts (1 hunks)
• api/src/unraid-api/cli/__test__/api-key.command.test.ts (1 hunks)
• api/src/unraid-api/cli/apikey/add-api-key.questions.ts (3 hunks)
• api/src/unraid-api/cli/apikey/api-key.command.spec.ts (1 hunks)
• api/src/unraid-api/cli/apikey/api-key.command.ts (2 hunks)

🧰 Additional context used

📓 Path-based instructions (7)

api/src/unraid-api/**

📄 CodeRabbit inference engine (.cursor/rules/api-rules.mdc)

Prefer adding new files to the Nest repo at api/src/unraid-api/ instead of legacy code

Files:

• api/src/unraid-api/cli/__test__/api-key.command.test.ts
• api/src/unraid-api/cli/apikey/api-key.command.spec.ts
• api/src/unraid-api/auth/api-key.service.ts
• api/src/unraid-api/cli/apikey/add-api-key.questions.ts
• api/src/unraid-api/cli/apikey/api-key.command.ts
• api/src/unraid-api/auth/api-key.service.spec.ts

api/**/*.{test,spec}.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/api-rules.mdc)

api/**/*.{test,spec}.{js,jsx,ts,tsx}: Use Vitest for tests in the api; do not use Jest
Prefer not to mock simple dependencies in tests
For error testing, use .rejects.toThrow() without arguments; avoid asserting exact error messages unless the message format is the subject under test

Files:

• api/src/unraid-api/cli/__test__/api-key.command.test.ts
• api/src/unraid-api/cli/apikey/api-key.command.spec.ts
• api/src/unraid-api/auth/api-key.service.spec.ts

{**/*.test.ts,**/__test__/{components,store}/**/*.ts}

📄 CodeRabbit inference engine (.cursor/rules/web-testing-rules.mdc)

{**/*.test.ts,**/__test__/{components,store}/**/*.ts}: Use .rejects.toThrow() without arguments when asserting that async functions throw; avoid checking exact error message strings unless the message format is explicitly under test
Focus tests on observable behavior and outcomes, not implementation details such as exact error messages
Use await nextTick() for DOM update assertions and flushPromises() for complex async chains; always await async operations before asserting
Place module mock declarations (vi.mock) at the top level of the test file to avoid hoisting issues
Use factory functions in vi.mock calls to define mocks and avoid hoisting pitfalls
Use vi.spyOn() to specify return values or behavior of methods under test
Reset/clear mocks between tests using vi.clearAllMocks() (and vi.resetAllMocks() when appropriate) to ensure isolation
Do not rely on Nuxt auto-imports in tests; import required Vue utilities explicitly in test files
Remember that vi.mock calls are hoisted; avoid mixing mock declarations and module mocks incorrectly

Files:

• api/src/unraid-api/cli/__test__/api-key.command.test.ts

api/src/**

📄 CodeRabbit inference engine (CLAUDE.md)

Prefer adding new files to the NestJS code at api/src/unraid-api/ instead of legacy code

Files:

• api/src/unraid-api/cli/__test__/api-key.command.test.ts
• api/src/unraid-api/cli/apikey/api-key.command.spec.ts
• api/src/unraid-api/auth/api-key.service.ts
• api/src/unraid-api/cli/apikey/add-api-key.questions.ts
• api/src/unraid-api/cli/apikey/api-key.command.ts
• api/src/unraid-api/auth/api-key.service.spec.ts

api/**/*.{test,spec}.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (CLAUDE.md)

api/**/*.{test,spec}.{ts,tsx,js,jsx}: API test suite is Vitest; do not use Jest
In API tests, prefer to not mock simple dependencies

Files:

• api/src/unraid-api/cli/__test__/api-key.command.test.ts
• api/src/unraid-api/cli/apikey/api-key.command.spec.ts
• api/src/unraid-api/auth/api-key.service.spec.ts

{api/**/*.{test,spec}.{ts,tsx,js,jsx},web/__test__/**/*.{test,spec}.{ts,tsx,js,jsx}}

📄 CodeRabbit inference engine (CLAUDE.md)

{api/**/*.{test,spec}.{ts,tsx,js,jsx},web/__test__/**/*.{test,spec}.{ts,tsx,js,jsx}}: Use .rejects.toThrow() without arguments when asserting thrown errors in tests; don’t assert exact error strings unless that is what’s being tested
Focus on behavior in tests rather than implementation details (e.g., exact error message wording)
Avoid brittle tests that break on minor changes to messages, logs, or non-essential details
Use mocks as nouns, not verbs

Files:

• api/src/unraid-api/cli/__test__/api-key.command.test.ts
• api/src/unraid-api/cli/apikey/api-key.command.spec.ts
• api/src/unraid-api/auth/api-key.service.spec.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

In TypeScript files, use .js extensions in import specifiers for ESM compatibility

Files:

• api/src/unraid-api/cli/__test__/api-key.command.test.ts
• api/src/unraid-api/cli/apikey/api-key.command.spec.ts
• api/src/unraid-api/auth/api-key.service.ts
• api/src/unraid-api/cli/apikey/add-api-key.questions.ts
• api/src/unraid-api/cli/apikey/api-key.command.ts
• api/src/unraid-api/auth/api-key.service.spec.ts

🧠 Learnings (6)

📚 Learning: 2025-08-28T20:27:35.954Z

Learnt from: CR
PR: unraid/api#0
File: CLAUDE.md:0-0
Timestamp: 2025-08-28T20:27:35.954Z
Learning: Applies to {api/**/*.{test,spec}.{ts,tsx,js,jsx},web/__test__/**/*.{test,spec}.{ts,tsx,js,jsx}} : Avoid brittle tests that break on minor changes to messages, logs, or non-essential details

Applied to files:

• api/src/unraid-api/cli/__test__/api-key.command.test.ts
• api/src/unraid-api/cli/apikey/api-key.command.spec.ts
• api/src/unraid-api/auth/api-key.service.spec.ts

📚 Learning: 2025-08-28T20:27:35.954Z

Learnt from: CR
PR: unraid/api#0
File: CLAUDE.md:0-0
Timestamp: 2025-08-28T20:27:35.954Z
Learning: Applies to api/**/*.{test,spec}.{ts,tsx,js,jsx} : API test suite is Vitest; do not use Jest

Applied to files:

• api/src/unraid-api/cli/__test__/api-key.command.test.ts

📚 Learning: 2025-08-11T15:07:39.222Z

Learnt from: CR
PR: unraid/api#0
File: .cursor/rules/api-rules.mdc:0-0
Timestamp: 2025-08-11T15:07:39.222Z
Learning: Applies to api/**/*.{test,spec}.{js,jsx,ts,tsx} : Use Vitest for tests in the api; do not use Jest

Applied to files:

• api/src/unraid-api/cli/__test__/api-key.command.test.ts

📚 Learning: 2024-11-04T20:44:46.432Z

Learnt from: mdatelle
PR: unraid/api#942
File: api/src/unraid-api/auth/auth.service.ts:0-0
Timestamp: 2024-11-04T20:44:46.432Z
Learning: When modifying `apiKey.roles` in `removeRoleFromApiKey` and `addRoleToApiKey` within `api/src/unraid-api/auth/auth.service.ts`, concurrency issues are not a concern because the keys are stored in the file system.

Applied to files:

• api/src/unraid-api/cli/apikey/api-key.command.spec.ts
• api/src/unraid-api/auth/api-key.service.ts
• api/src/unraid-api/cli/apikey/add-api-key.questions.ts
• api/src/unraid-api/cli/apikey/api-key.command.ts
• api/src/unraid-api/auth/api-key.service.spec.ts

📚 Learning: 2024-11-04T20:41:22.303Z

Learnt from: mdatelle
PR: unraid/api#942
File: api/src/unraid-api/auth/auth.service.ts:0-0
Timestamp: 2024-11-04T20:41:22.303Z
Learning: In `api/src/unraid-api/auth/auth.service.ts`, the `addRoleToApiKey` function operates on API keys stored as JSON files in a directory, not a database, so concurrency is not a concern for modifying `apiKey.roles`.

Applied to files:

• api/src/unraid-api/cli/apikey/api-key.command.spec.ts
• api/src/unraid-api/auth/api-key.service.ts
• api/src/unraid-api/cli/apikey/api-key.command.ts
• api/src/unraid-api/auth/api-key.service.spec.ts

📚 Learning: 2024-11-06T20:59:25.809Z

Learnt from: mdatelle
PR: unraid/api#942
File: api/src/unraid-api/graph/resolvers/auth/auth.resolver.ts:111-113
Timestamp: 2024-11-06T20:59:25.809Z
Learning: In the Unraid API project, error handling for mutations is handled at the service level rather than in the GraphQL resolvers. Specifically, in `api/src/unraid-api/graph/resolvers/auth/auth.resolver.ts`, methods like `removeRoleFromApiKey` rely on service-level error handling.

Applied to files:

• api/src/unraid-api/auth/api-key.service.ts

🧬 Code graph analysis (2)

api/src/unraid-api/auth/api-key.service.ts (1)

packages/unraid-shared/src/services/api-key.ts (1)

• ApiKeyService (9-77)

api/src/unraid-api/auth/api-key.service.spec.ts (2)

api/src/store/index.ts (1)

• getters (18-23)

packages/unraid-shared/src/services/api-key.ts (1)

• ApiKeyService (9-77)

🔇 Additional comments (10)

api/dev/configs/api.json (1)

2-2: LGTM: version bump only.

api/src/unraid-api/auth/api-key.service.ts (1)

112-132: Clearer, safer role parsing with validation and warnings.
Good move away from map/filter; trims, normalizes, and warns as expected.

api/src/unraid-api/cli/apikey/api-key.command.ts (2)

56-64: Good: delegate role parsing to service.
Centralizes validation and keeps CLI lean.

---

145-146: Nice: avoid logging sensitive payloads.
Printing a neutral progress message reduces accidental secret leakage.

api/src/unraid-api/cli/apikey/add-api-key.questions.ts (4)

42-47: Good gating: roles asked only when missing.
Aligns with the create CLI’s minimum-info logic.

---

62-67: Good gating: permissions asked only when missing.
Keeps wizard concise.

---

87-87: Overwrite check now correctly uses name lookup.
Matches how the CLI searches keys.

---

42-47: Ensure CLI honors overwrite collected here.
This question is useful only if ApiKeyCommand passes options.overwrite to create(); see suggested fix there.

api/src/unraid-api/cli/apikey/api-key.command.spec.ts (1)

3-10: Good: ESM-friendly import specifiers and Vitest usage

Imports use .js extensions and the suite uses Vitest as required.

api/src/unraid-api/cli/__test__/api-key.command.test.ts (1)

1-9: Good: Vitest and ESM-compatible imports

Conforms to our testing and ESM import guidelines.

[github-actions]

This plugin has been deployed to Cloudflare R2 and is available for testing.
Download it at this URL:

https://preview.dl.unraid.net/unraid-api/tag/PR1637/dynamix.unraid.net.plg