feat: api keys

2026-02-16 04:40:32 +00:00 · 2025-07-01 23:45:38 +02:00
parent 84cb7693c8
commit 9457b3cda1
7 changed files with 87 additions and 20 deletions
--- a/packages/server/src/modules/Auth/commands/AuthApiKeyAuthorization.service.ts
+++ b/packages/server/src/modules/Auth/commands/AuthApiKeyAuthorization.service.ts
@@ -1,11 +1,18 @@
 import { Inject, Injectable } from '@nestjs/common';
 import { ApiKeyModel } from '../models/ApiKey.model';
+import { ClsService } from 'nestjs-cls';
+import { TenantModel } from '@/modules/System/models/TenantModel';

@Injectable()
 export class AuthApiKeyAuthorizeService {
  constructor(
+    private readonly clsService: ClsService,
+
    @Inject(ApiKeyModel.name)
    private readonly apikeyModel: typeof ApiKeyModel,
+
+    @Inject(TenantModel.name)
+    private readonly tenantModel: typeof TenantModel,
  ) {}

  /**
@@ -28,6 +35,16 @@ export class AuthApiKeyAuthorizeService {
    ) {
      return false;
    }
+    const tenant = await this.tenantModel
+      .query()
+      .findById(apiKeyRecord.tenantId);
+
+    if (!tenant) return false;
+
+    this.clsService.set('tenantId', tenant.id);
+    this.clsService.set('organizationId', tenant.organizationId);
+    this.clsService.set('userId', apiKeyRecord.userId);
+
    return true;
  }
 }
--- a/packages/server/src/modules/Auth/commands/GenerateApiKey.service.ts
+++ b/packages/server/src/modules/Auth/commands/GenerateApiKey.service.ts
@@ -12,8 +12,9 @@ export class GenerateApiKey {
  ) {}

  /**
-   *
-   * @returns
+   * Generates a new secure API key for the current tenant and system user.
+   * The key is saved in the database and returned (only the key and id for security).
+   * @returns {Promise<{ key: string; id: number }>} The generated API key and its database id.
   */
  async generate() {
    const tenant = await this.tenancyContext.getTenant();
@@ -27,15 +28,23 @@ export class GenerateApiKey {
      tenantId: tenant.id,
      userId: user.id,
      createdAt: new Date(),
-      revoked: false,
+      revokedAt: null,
    });
    // Return the created API key (not the full record for security)
    return { key: apiKeyRecord.key, id: apiKeyRecord.id };
  }

+  /**
+   * Revokes an API key by setting its revokedAt timestamp.
+   * @param {number} apiKeyId - The id of the API key to revoke.
+   * @returns {Promise<{ id: number; revoked: boolean }>} The id of the revoked API key and a revoked flag.
+   */
  async revoke(apiKeyId: number) {
    // Set the revoked flag to true for the given API key
-    await ApiKeyModel.query().findById(apiKeyId).patch({ revoked: true });
+    await ApiKeyModel.query()
+      .findById(apiKeyId)
+      .patch({ revokedAt: new Date() });
+
    return { id: apiKeyId, revoked: true };
  }
 }