mirror of
https://github.com/stack-auth/stack.git
synced 2026-06-13 21:01:21 +08:00
592d259dde
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<img width="1510" alt="image"
src="https://github.com/user-attachments/assets/99619123-6be5-4788-aebe-5fc2a9a36245"
/>
<img width="1510" alt="image"
src="https://github.com/user-attachments/assets/660677bf-f19a-4673-94c8-59ac50eb6ae5"
/>
<img width="1510" alt="image"
src="https://github.com/user-attachments/assets/11ae63c4-5813-4fd8-aa01-fa580d2103be"
/>
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Introduces API key management for users and teams, integrating with
existing project configurations and permissions, and adds comprehensive
tests and examples.
>
> - **API Key Management**:
> - Introduces `ProjectApiKey` model in `schema.prisma` for managing API
keys.
> - Adds `createApiKeyHandlers` in `handlers.tsx` to handle API key CRUD
operations.
> - Implements API key creation, revocation, and validation logic.
> - **Permissions and Configurations**:
> - Adds `allowUserApiKeys` and `allowTeamApiKeys` to `ProjectConfig` in
`schema.prisma`.
> - Updates `TeamSystemPermission` enum to include `MANAGE_API_KEYS`.
> - Ensures API key operations respect project configurations and
user/team permissions.
> - **Testing and Examples**:
> - Adds extensive tests in `api-keys.test.ts` to cover various API key
scenarios.
> - Updates example projects to demonstrate API key usage.
> - **Miscellaneous**:
> - Refactors existing code to integrate API key functionalities.
> - Updates documentation and type definitions to reflect new API key
features.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 96f60c57f0. It will automatically
update as commits are pushed.</sup>
<!-- ELLIPSIS_HIDDEN -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
190 lines
8.7 KiB
TypeScript
190 lines
8.7 KiB
TypeScript
import { CrudTypeOf, createCrud } from "../../crud";
|
|
import * as schemaFields from "../../schema-fields";
|
|
import { yupArray, yupObject, yupString } from "../../schema-fields";
|
|
|
|
const teamPermissionSchema = yupObject({
|
|
id: yupString().defined(),
|
|
}).defined();
|
|
|
|
const oauthProviderSchema = yupObject({
|
|
id: schemaFields.oauthIdSchema.defined(),
|
|
enabled: schemaFields.oauthEnabledSchema.defined(),
|
|
type: schemaFields.oauthTypeSchema.defined(),
|
|
client_id: schemaFields.yupDefinedAndNonEmptyWhen(
|
|
schemaFields.oauthClientIdSchema,
|
|
{
|
|
type: 'standard',
|
|
enabled: true,
|
|
},
|
|
),
|
|
client_secret: schemaFields.yupDefinedAndNonEmptyWhen(
|
|
schemaFields.oauthClientSecretSchema,
|
|
{
|
|
type: 'standard',
|
|
enabled: true,
|
|
},
|
|
),
|
|
|
|
// extra params
|
|
facebook_config_id: schemaFields.oauthFacebookConfigIdSchema.optional(),
|
|
microsoft_tenant_id: schemaFields.oauthMicrosoftTenantIdSchema.optional(),
|
|
});
|
|
|
|
const enabledOAuthProviderSchema = yupObject({
|
|
id: schemaFields.oauthIdSchema.defined(),
|
|
});
|
|
|
|
export const emailConfigSchema = yupObject({
|
|
type: schemaFields.emailTypeSchema.defined(),
|
|
host: schemaFields.yupDefinedAndNonEmptyWhen(schemaFields.emailHostSchema, {
|
|
type: 'standard',
|
|
}),
|
|
port: schemaFields.yupDefinedWhen(schemaFields.emailPortSchema, {
|
|
type: 'standard',
|
|
}),
|
|
username: schemaFields.yupDefinedAndNonEmptyWhen(schemaFields.emailUsernameSchema, {
|
|
type: 'standard',
|
|
}),
|
|
password: schemaFields.yupDefinedAndNonEmptyWhen(schemaFields.emailPasswordSchema, {
|
|
type: 'standard',
|
|
}),
|
|
sender_name: schemaFields.yupDefinedAndNonEmptyWhen(schemaFields.emailSenderNameSchema, {
|
|
type: 'standard',
|
|
}),
|
|
sender_email: schemaFields.yupDefinedAndNonEmptyWhen(schemaFields.emailSenderEmailSchema, {
|
|
type: 'standard',
|
|
}),
|
|
});
|
|
|
|
export const emailConfigWithoutPasswordSchema = emailConfigSchema.pick(['type', 'host', 'port', 'username', 'sender_name', 'sender_email']);
|
|
|
|
const domainSchema = yupObject({
|
|
domain: schemaFields.urlSchema.defined()
|
|
.matches(/^https?:\/\//, 'URL must start with http:// or https://')
|
|
.meta({ openapiField: { description: 'URL. Must start with http:// or https://', exampleValue: 'https://example.com' } }),
|
|
handler_path: schemaFields.handlerPathSchema.defined(),
|
|
});
|
|
|
|
export const projectsCrudAdminReadSchema = yupObject({
|
|
id: schemaFields.projectIdSchema.defined(),
|
|
display_name: schemaFields.projectDisplayNameSchema.defined(),
|
|
description: schemaFields.projectDescriptionSchema.nonNullable().defined(),
|
|
created_at_millis: schemaFields.projectCreatedAtMillisSchema.defined(),
|
|
user_count: schemaFields.projectUserCountSchema.defined(),
|
|
is_production_mode: schemaFields.projectIsProductionModeSchema.defined(),
|
|
config: yupObject({
|
|
id: schemaFields.projectConfigIdSchema.defined(),
|
|
allow_localhost: schemaFields.projectAllowLocalhostSchema.defined(),
|
|
sign_up_enabled: schemaFields.projectSignUpEnabledSchema.defined(),
|
|
credential_enabled: schemaFields.projectCredentialEnabledSchema.defined(),
|
|
magic_link_enabled: schemaFields.projectMagicLinkEnabledSchema.defined(),
|
|
passkey_enabled: schemaFields.projectPasskeyEnabledSchema.defined(),
|
|
// TODO: remove this
|
|
client_team_creation_enabled: schemaFields.projectClientTeamCreationEnabledSchema.defined(),
|
|
client_user_deletion_enabled: schemaFields.projectClientUserDeletionEnabledSchema.defined(),
|
|
allow_user_api_keys: schemaFields.yupBoolean().defined(),
|
|
allow_team_api_keys: schemaFields.yupBoolean().defined(),
|
|
oauth_providers: yupArray(oauthProviderSchema.defined()).defined(),
|
|
enabled_oauth_providers: yupArray(enabledOAuthProviderSchema.defined()).defined().meta({ openapiField: { hidden: true } }),
|
|
domains: yupArray(domainSchema.defined()).defined(),
|
|
email_config: emailConfigSchema.defined(),
|
|
create_team_on_sign_up: schemaFields.projectCreateTeamOnSignUpSchema.defined(),
|
|
team_creator_default_permissions: yupArray(teamPermissionSchema.defined()).defined(),
|
|
team_member_default_permissions: yupArray(teamPermissionSchema.defined()).defined(),
|
|
user_default_permissions: yupArray(teamPermissionSchema.defined()).defined(),
|
|
oauth_account_merge_strategy: schemaFields.oauthAccountMergeStrategySchema.defined(),
|
|
}).defined(),
|
|
}).defined();
|
|
|
|
export const projectsCrudClientReadSchema = yupObject({
|
|
id: schemaFields.projectIdSchema.defined(),
|
|
display_name: schemaFields.projectDisplayNameSchema.defined(),
|
|
config: yupObject({
|
|
sign_up_enabled: schemaFields.projectSignUpEnabledSchema.defined(),
|
|
credential_enabled: schemaFields.projectCredentialEnabledSchema.defined(),
|
|
magic_link_enabled: schemaFields.projectMagicLinkEnabledSchema.defined(),
|
|
passkey_enabled: schemaFields.projectPasskeyEnabledSchema.defined(),
|
|
client_team_creation_enabled: schemaFields.projectClientTeamCreationEnabledSchema.defined(),
|
|
client_user_deletion_enabled: schemaFields.projectClientUserDeletionEnabledSchema.defined(),
|
|
allow_user_api_keys: schemaFields.yupBoolean().defined(),
|
|
allow_team_api_keys: schemaFields.yupBoolean().defined(),
|
|
enabled_oauth_providers: yupArray(enabledOAuthProviderSchema.defined()).defined().meta({ openapiField: { hidden: true } }),
|
|
}).defined(),
|
|
}).defined();
|
|
|
|
|
|
export const projectsCrudAdminUpdateSchema = yupObject({
|
|
display_name: schemaFields.projectDisplayNameSchema.optional(),
|
|
description: schemaFields.projectDescriptionSchema.optional(),
|
|
is_production_mode: schemaFields.projectIsProductionModeSchema.optional(),
|
|
config: yupObject({
|
|
sign_up_enabled: schemaFields.projectSignUpEnabledSchema.optional(),
|
|
credential_enabled: schemaFields.projectCredentialEnabledSchema.optional(),
|
|
magic_link_enabled: schemaFields.projectMagicLinkEnabledSchema.optional(),
|
|
passkey_enabled: schemaFields.projectPasskeyEnabledSchema.optional(),
|
|
client_team_creation_enabled: schemaFields.projectClientTeamCreationEnabledSchema.optional(),
|
|
client_user_deletion_enabled: schemaFields.projectClientUserDeletionEnabledSchema.optional(),
|
|
allow_localhost: schemaFields.projectAllowLocalhostSchema.optional(),
|
|
allow_user_api_keys: schemaFields.yupBoolean().optional(),
|
|
allow_team_api_keys: schemaFields.yupBoolean().optional(),
|
|
email_config: emailConfigSchema.optional().default(undefined),
|
|
domains: yupArray(domainSchema.defined()).optional().default(undefined),
|
|
oauth_providers: yupArray(oauthProviderSchema.defined()).optional().default(undefined),
|
|
create_team_on_sign_up: schemaFields.projectCreateTeamOnSignUpSchema.optional(),
|
|
team_creator_default_permissions: yupArray(teamPermissionSchema.defined()).optional(),
|
|
team_member_default_permissions: yupArray(teamPermissionSchema.defined()).optional(),
|
|
user_default_permissions: yupArray(teamPermissionSchema.defined()).optional(),
|
|
oauth_account_merge_strategy: schemaFields.oauthAccountMergeStrategySchema.optional(),
|
|
}).optional().default(undefined),
|
|
}).defined();
|
|
|
|
export const projectsCrudAdminCreateSchema = projectsCrudAdminUpdateSchema.concat(yupObject({
|
|
display_name: schemaFields.projectDisplayNameSchema.defined(),
|
|
}).defined());
|
|
|
|
export const projectsCrudAdminDeleteSchema = schemaFields.yupMixed();
|
|
|
|
export const projectsCrud = createCrud({
|
|
clientReadSchema: projectsCrudClientReadSchema,
|
|
adminReadSchema: projectsCrudAdminReadSchema,
|
|
adminUpdateSchema: projectsCrudAdminUpdateSchema,
|
|
adminDeleteSchema: projectsCrudAdminDeleteSchema,
|
|
docs: {
|
|
clientRead: {
|
|
summary: 'Get the current project',
|
|
description: 'Get the current project information including display name, OAuth providers and authentication methods. Useful for display the available login options to the user.',
|
|
tags: ['Projects'],
|
|
},
|
|
adminRead: {
|
|
summary: 'Get the current project',
|
|
description: 'Get the current project information and configuration including display name, OAuth providers, email configuration, etc.',
|
|
tags: ['Projects'],
|
|
},
|
|
adminUpdate: {
|
|
summary: 'Update the current project',
|
|
description: 'Update the current project information and configuration including display name, OAuth providers, email configuration, etc.',
|
|
tags: ['Projects'],
|
|
},
|
|
adminDelete: {
|
|
summary: 'Delete the current project',
|
|
description: 'Delete the current project and all associated data (including users, teams, API keys, project configs, etc.). Be careful, this action is irreversible.',
|
|
tags: ['Projects'],
|
|
},
|
|
},
|
|
});
|
|
export type ProjectsCrud = CrudTypeOf<typeof projectsCrud>;
|
|
|
|
export const internalProjectsCrud = createCrud({
|
|
clientReadSchema: projectsCrudAdminReadSchema,
|
|
clientCreateSchema: projectsCrudAdminCreateSchema,
|
|
docs: {
|
|
clientList: {
|
|
hidden: true,
|
|
},
|
|
clientCreate: {
|
|
hidden: true,
|
|
},
|
|
},
|
|
});
|
|
export type InternalProjectsCrud = CrudTypeOf<typeof internalProjectsCrud>;
|