From baea3772003eb23677771f790c9afcb11a44753d Mon Sep 17 00:00:00 2001 From: moritz Date: Thu, 10 Apr 2025 09:58:17 -0700 Subject: [PATCH] address comments --- .../credential-scanning/revoke/route.tsx | 16 +++++++++++++++- .../credential-scanning/revoke.test.ts | 10 +++++----- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/apps/backend/src/app/api/latest/integrations/credential-scanning/revoke/route.tsx b/apps/backend/src/app/api/latest/integrations/credential-scanning/revoke/route.tsx index 859c67cb9..086f70d44 100644 --- a/apps/backend/src/app/api/latest/integrations/credential-scanning/revoke/route.tsx +++ b/apps/backend/src/app/api/latest/integrations/credential-scanning/revoke/route.tsx @@ -12,6 +12,7 @@ export const POST = createSmartRouteHandler({ summary: "Revoke an API key", description: "Revoke an API key that was found through credential scanning", tags: ["Credential Scanning"], + hidden: true, }, request: yupObject({ body: yupObject({ @@ -42,6 +43,10 @@ export const POST = createSmartRouteHandler({ throw new KnownErrors.PublicApiKeyCannotBeRevoked(); } + if (apiKey.expiresAt && apiKey.expiresAt < new Date()) { + throw new KnownErrors.ApiKeyExpired(); + } + if (apiKey.manuallyRevokedAt) { return null; } @@ -145,6 +150,15 @@ export const POST = createSmartRouteHandler({ } } + const project = await prismaClient.project.findUnique({ + where: { + id: updatedApiKey.projectId, + }, + }); + + if (!project) { + throw new StackAssertionError("Project not found"); + } // Create email content const subject = `API Key Revoked: ${updatedApiKey.description}`; @@ -152,7 +166,7 @@ export const POST = createSmartRouteHandler({

API Key Revoked

- Your API key "${updatedApiKey.description}" has been automatically revoked because it was found in a public repository. + Your API key "${updatedApiKey.description}" for ${project.displayName} has been automatically revoked because it was found in a public repository.

This is an automated security measure to protect your api keys from being leaked. If you believe this was a mistake, please contact support. diff --git a/apps/e2e/tests/backend/endpoints/api/v1/integrations/credential-scanning/revoke.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/integrations/credential-scanning/revoke.test.ts index 0f10d0bc0..8540f9dbd 100644 --- a/apps/e2e/tests/backend/endpoints/api/v1/integrations/credential-scanning/revoke.test.ts +++ b/apps/e2e/tests/backend/endpoints/api/v1/integrations/credential-scanning/revoke.test.ts @@ -82,7 +82,7 @@ it("should send email notification to user when revoking an API key through cred API Key Revoked --------------- - Your API key "Test API Key to Revoke" has been automatically revoked because it was found in a public repository. + Your API key "Test API Key to Revoke" for New Project has been automatically revoked because it was found in a public repository. This is an automated security measure to protect your api keys from being leaked. If you believe this was a mistake, please contact support. @@ -173,13 +173,13 @@ it("should send email notification to team members when revoking a team API key MailboxMessage { "attachments": [], "body": { - "html": "\\n

\\n

API Key Revoked

\\n

\\n Your API key \\"Test Team API Key to Revoke\\" has been automatically revoked because it was found in a public repository.\\n

\\n

\\n This is an automated security measure to protect your api keys from being leaked. If you believe this was a mistake, please contact support.\\n

\\n

\\n Please create a new API key if needed.\\n

\\n
\\n \\n", + "html": "\\n
\\n

API Key Revoked

\\n

\\n Your API key \\"Test Team API Key to Revoke\\" for New Project has been automatically revoked because it was found in a public repository.\\n

\\n

\\n This is an automated security measure to protect your api keys from being leaked. If you believe this was a mistake, please contact support.\\n

\\n

\\n Please create a new API key if needed.\\n

\\n
\\n \\n", "text": deindent\` --------------- API Key Revoked --------------- - Your API key "Test Team API Key to Revoke" has been automatically revoked because it was found in a public repository. + Your API key "Test Team API Key to Revoke" for New Project has been automatically revoked because it was found in a public repository. This is an automated security measure to protect your api keys from being leaked. If you believe this was a mistake, please contact support. @@ -198,13 +198,13 @@ it("should send email notification to team members when revoking a team API key MailboxMessage { "attachments": [], "body": { - "html": "\\n
\\n

API Key Revoked

\\n

\\n Your API key \\"Test Team API Key to Revoke\\" has been automatically revoked because it was found in a public repository.\\n

\\n

\\n This is an automated security measure to protect your api keys from being leaked. If you believe this was a mistake, please contact support.\\n

\\n

\\n Please create a new API key if needed.\\n

\\n
\\n \\n", + "html": "\\n
\\n

API Key Revoked

\\n

\\n Your API key \\"Test Team API Key to Revoke\\" for New Project has been automatically revoked because it was found in a public repository.\\n

\\n

\\n This is an automated security measure to protect your api keys from being leaked. If you believe this was a mistake, please contact support.\\n

\\n

\\n Please create a new API key if needed.\\n

\\n
\\n \\n", "text": deindent\` --------------- API Key Revoked --------------- - Your API key "Test Team API Key to Revoke" has been automatically revoked because it was found in a public repository. + Your API key "Test Team API Key to Revoke" for New Project has been automatically revoked because it was found in a public repository. This is an automated security measure to protect your api keys from being leaked. If you believe this was a mistake, please contact support.