address comments

2026-06-13 21:01:21 +08:00 · 2025-04-10 09:58:17 -07:00 · 2025-04-10 09:58:17 -07:00 · baea377200
commit baea377200
parent 5d3dcda4ff
2 changed files with 20 additions and 6 deletions
--- a/apps/backend/src/app/api/latest/integrations/credential-scanning/revoke/route.tsx
+++ b/apps/backend/src/app/api/latest/integrations/credential-scanning/revoke/route.tsx
@ -12,6 +12,7 @@ export const POST = createSmartRouteHandler({
    summary: "Revoke an API key",
    description: "Revoke an API key that was found through credential scanning",
    tags: ["Credential Scanning"],
+    hidden: true,
  },
  request: yupObject({
    body: yupObject({
@ -42,6 +43,10 @@ export const POST = createSmartRouteHandler({
        throw new KnownErrors.PublicApiKeyCannotBeRevoked();
      }

+      if (apiKey.expiresAt && apiKey.expiresAt < new Date()) {
+        throw new KnownErrors.ApiKeyExpired();
+      }
+
      if (apiKey.manuallyRevokedAt) {
        return null;
      }
@ -145,6 +150,15 @@ export const POST = createSmartRouteHandler({
      }
    }

+    const project = await prismaClient.project.findUnique({
+      where: {
+        id: updatedApiKey.projectId,
+      },
+    });
+
+    if (!project) {
+      throw new StackAssertionError("Project not found");
+    }

    // Create email content
    const subject = `API Key Revoked: ${updatedApiKey.description}`;
@ -152,7 +166,7 @@ export const POST = createSmartRouteHandler({
      <div style="font-family: Arial, sans-serif; max-width: 600px; margin: 0 auto; padding: 20px;">
        <h2 style="color: #333;">API Key Revoked</h2>
        <p style="color: #555; font-size: 16px; line-height: 1.5;">
-          Your API key "${updatedApiKey.description}" has been automatically revoked because it was found in a public repository.
+          Your API key "${updatedApiKey.description}" for ${project.displayName} has been automatically revoked because it was found in a public repository.
        </p>
        <p style="color: #555; font-size: 16px; line-height: 1.5;">
          This is an automated security measure to protect your api keys from being leaked. If you believe this was a mistake, please contact support.
--- a/apps/e2e/tests/backend/endpoints/api/v1/integrations/credential-scanning/revoke.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/integrations/credential-scanning/revoke.test.ts
@ -82,7 +82,7 @@ it("should send email notification to user when revoking an API key through cred
      API Key Revoked
      ---------------
      
-      Your API key "Test API Key to Revoke" has been automatically revoked because it was found in a public repository.
+      Your API key "Test API Key to Revoke" for New Project has been automatically revoked because it was found in a public repository.
      
      This is an automated security measure to protect your api keys from being leaked. If you believe this was a mistake, please contact support.
      
@ -173,13 +173,13 @@ it("should send email notification to team members when revoking a team API key
      MailboxMessage {
        "attachments": [],
        "body": {
-          "html": "\\n      <div style=\\"font-family: Arial, sans-serif; max-width: 600px; margin: 0 auto; padding: 20px;\\">\\n        <h2 style=\\"color: #333;\\">API Key Revoked</h2>\\n        <p style=\\"color: #555; font-size: 16px; line-height: 1.5;\\">\\n          Your API key \\"Test Team API Key to Revoke\\" has been automatically revoked because it was found in a public repository.\\n        </p>\\n        <p style=\\"color: #555; font-size: 16px; line-height: 1.5;\\">\\n          This is an automated security measure to protect your api keys from being leaked. If you believe this was a mistake, please contact support.\\n        </p>\\n        <p style=\\"color: #555; font-size: 16px; line-height: 1.5;\\">\\n          Please create a new API key if needed.\\n        </p>\\n      </div>\\n    \\n",
+          "html": "\\n      <div style=\\"font-family: Arial, sans-serif; max-width: 600px; margin: 0 auto; padding: 20px;\\">\\n        <h2 style=\\"color: #333;\\">API Key Revoked</h2>\\n        <p style=\\"color: #555; font-size: 16px; line-height: 1.5;\\">\\n          Your API key \\"Test Team API Key to Revoke\\" for New Project has been automatically revoked because it was found in a public repository.\\n        </p>\\n        <p style=\\"color: #555; font-size: 16px; line-height: 1.5;\\">\\n          This is an automated security measure to protect your api keys from being leaked. If you believe this was a mistake, please contact support.\\n        </p>\\n        <p style=\\"color: #555; font-size: 16px; line-height: 1.5;\\">\\n          Please create a new API key if needed.\\n        </p>\\n      </div>\\n    \\n",
          "text": deindent\`
            ---------------
            API Key Revoked
            ---------------
            
-            Your API key "Test Team API Key to Revoke" has been automatically revoked because it was found in a public repository.
+            Your API key "Test Team API Key to Revoke" for New Project has been automatically revoked because it was found in a public repository.
            
            This is an automated security measure to protect your api keys from being leaked. If you believe this was a mistake, please contact support.
            
@ -198,13 +198,13 @@ it("should send email notification to team members when revoking a team API key
      MailboxMessage {
        "attachments": [],
        "body": {
-          "html": "\\n      <div style=\\"font-family: Arial, sans-serif; max-width: 600px; margin: 0 auto; padding: 20px;\\">\\n        <h2 style=\\"color: #333;\\">API Key Revoked</h2>\\n        <p style=\\"color: #555; font-size: 16px; line-height: 1.5;\\">\\n          Your API key \\"Test Team API Key to Revoke\\" has been automatically revoked because it was found in a public repository.\\n        </p>\\n        <p style=\\"color: #555; font-size: 16px; line-height: 1.5;\\">\\n          This is an automated security measure to protect your api keys from being leaked. If you believe this was a mistake, please contact support.\\n        </p>\\n        <p style=\\"color: #555; font-size: 16px; line-height: 1.5;\\">\\n          Please create a new API key if needed.\\n        </p>\\n      </div>\\n    \\n",
+          "html": "\\n      <div style=\\"font-family: Arial, sans-serif; max-width: 600px; margin: 0 auto; padding: 20px;\\">\\n        <h2 style=\\"color: #333;\\">API Key Revoked</h2>\\n        <p style=\\"color: #555; font-size: 16px; line-height: 1.5;\\">\\n          Your API key \\"Test Team API Key to Revoke\\" for New Project has been automatically revoked because it was found in a public repository.\\n        </p>\\n        <p style=\\"color: #555; font-size: 16px; line-height: 1.5;\\">\\n          This is an automated security measure to protect your api keys from being leaked. If you believe this was a mistake, please contact support.\\n        </p>\\n        <p style=\\"color: #555; font-size: 16px; line-height: 1.5;\\">\\n          Please create a new API key if needed.\\n        </p>\\n      </div>\\n    \\n",
          "text": deindent\`
            ---------------
            API Key Revoked
            ---------------
            
-            Your API key "Test Team API Key to Revoke" has been automatically revoked because it was found in a public repository.
+            Your API key "Test Team API Key to Revoke" for New Project has been automatically revoked because it was found in a public repository.
            
            This is an automated security measure to protect your api keys from being leaked. If you believe this was a mistake, please contact support.