mirror of
https://github.com/Dokploy/dokploy
synced 2025-06-26 18:27:59 +00:00
feat(api): implement advanced API key management with granular controls
This commit is contained in:
468
apps/dokploy/components/dashboard/settings/api/add-api-key.tsx
Normal file
468
apps/dokploy/components/dashboard/settings/api/add-api-key.tsx
Normal file
@@ -0,0 +1,468 @@
|
|||||||
|
import { Button } from "@/components/ui/button";
|
||||||
|
import { api } from "@/utils/api";
|
||||||
|
import { toast } from "sonner";
|
||||||
|
import {
|
||||||
|
Dialog,
|
||||||
|
DialogContent,
|
||||||
|
DialogHeader,
|
||||||
|
DialogTitle,
|
||||||
|
DialogTrigger,
|
||||||
|
DialogDescription,
|
||||||
|
} from "@/components/ui/dialog";
|
||||||
|
import { Input } from "@/components/ui/input";
|
||||||
|
import {
|
||||||
|
Select,
|
||||||
|
SelectContent,
|
||||||
|
SelectItem,
|
||||||
|
SelectTrigger,
|
||||||
|
SelectValue,
|
||||||
|
} from "@/components/ui/select";
|
||||||
|
import { useState } from "react";
|
||||||
|
import { useForm } from "react-hook-form";
|
||||||
|
import { zodResolver } from "@hookform/resolvers/zod";
|
||||||
|
import { z } from "zod";
|
||||||
|
import {
|
||||||
|
Form,
|
||||||
|
FormControl,
|
||||||
|
FormField,
|
||||||
|
FormItem,
|
||||||
|
FormLabel,
|
||||||
|
FormMessage,
|
||||||
|
FormDescription,
|
||||||
|
} from "@/components/ui/form";
|
||||||
|
import { Switch } from "@/components/ui/switch";
|
||||||
|
|
||||||
|
const formSchema = z.object({
|
||||||
|
name: z.string().min(1, "Name is required"),
|
||||||
|
prefix: z.string().optional(),
|
||||||
|
expiresIn: z.number().nullable(),
|
||||||
|
organizationId: z.string().min(1, "Organization is required"),
|
||||||
|
// Rate limiting fields
|
||||||
|
rateLimitEnabled: z.boolean().optional(),
|
||||||
|
rateLimitTimeWindow: z.number().nullable(),
|
||||||
|
rateLimitMax: z.number().nullable(),
|
||||||
|
// Request limiting fields
|
||||||
|
remaining: z.number().nullable().optional(),
|
||||||
|
refillAmount: z.number().nullable().optional(),
|
||||||
|
refillInterval: z.number().nullable().optional(),
|
||||||
|
});
|
||||||
|
|
||||||
|
type FormValues = z.infer<typeof formSchema>;
|
||||||
|
|
||||||
|
const EXPIRATION_OPTIONS = [
|
||||||
|
{ label: "Never", value: "0" },
|
||||||
|
{ label: "1 day", value: String(60 * 60 * 24) },
|
||||||
|
{ label: "7 days", value: String(60 * 60 * 24 * 7) },
|
||||||
|
{ label: "30 days", value: String(60 * 60 * 24 * 30) },
|
||||||
|
{ label: "90 days", value: String(60 * 60 * 24 * 90) },
|
||||||
|
{ label: "1 year", value: String(60 * 60 * 24 * 365) },
|
||||||
|
];
|
||||||
|
|
||||||
|
const TIME_WINDOW_OPTIONS = [
|
||||||
|
{ label: "1 minute", value: String(60 * 1000) },
|
||||||
|
{ label: "5 minutes", value: String(5 * 60 * 1000) },
|
||||||
|
{ label: "15 minutes", value: String(15 * 60 * 1000) },
|
||||||
|
{ label: "30 minutes", value: String(30 * 60 * 1000) },
|
||||||
|
{ label: "1 hour", value: String(60 * 60 * 1000) },
|
||||||
|
{ label: "1 day", value: String(24 * 60 * 60 * 1000) },
|
||||||
|
];
|
||||||
|
|
||||||
|
const REFILL_INTERVAL_OPTIONS = [
|
||||||
|
{ label: "1 hour", value: String(60 * 60 * 1000) },
|
||||||
|
{ label: "6 hours", value: String(6 * 60 * 60 * 1000) },
|
||||||
|
{ label: "12 hours", value: String(12 * 60 * 60 * 1000) },
|
||||||
|
{ label: "1 day", value: String(24 * 60 * 60 * 1000) },
|
||||||
|
{ label: "7 days", value: String(7 * 24 * 60 * 60 * 1000) },
|
||||||
|
{ label: "30 days", value: String(30 * 24 * 60 * 60 * 1000) },
|
||||||
|
];
|
||||||
|
|
||||||
|
export const AddApiKey = () => {
|
||||||
|
const [open, setOpen] = useState(false);
|
||||||
|
const [showSuccessModal, setShowSuccessModal] = useState(false);
|
||||||
|
const [newApiKey, setNewApiKey] = useState("");
|
||||||
|
const { refetch } = api.user.get.useQuery();
|
||||||
|
const { data: organizations } = api.organization.all.useQuery();
|
||||||
|
const createApiKey = api.user.createApiKey.useMutation({
|
||||||
|
onSuccess: (data) => {
|
||||||
|
if (!data) return;
|
||||||
|
|
||||||
|
setNewApiKey(data.key);
|
||||||
|
setOpen(false);
|
||||||
|
setShowSuccessModal(true);
|
||||||
|
form.reset();
|
||||||
|
void refetch();
|
||||||
|
},
|
||||||
|
onError: () => {
|
||||||
|
toast.error("Failed to generate API key");
|
||||||
|
},
|
||||||
|
});
|
||||||
|
|
||||||
|
const form = useForm<FormValues>({
|
||||||
|
resolver: zodResolver(formSchema),
|
||||||
|
defaultValues: {
|
||||||
|
name: "",
|
||||||
|
prefix: "",
|
||||||
|
expiresIn: null,
|
||||||
|
organizationId: "",
|
||||||
|
rateLimitEnabled: false,
|
||||||
|
rateLimitTimeWindow: null,
|
||||||
|
rateLimitMax: null,
|
||||||
|
remaining: null,
|
||||||
|
refillAmount: null,
|
||||||
|
refillInterval: null,
|
||||||
|
},
|
||||||
|
});
|
||||||
|
|
||||||
|
const rateLimitEnabled = form.watch("rateLimitEnabled");
|
||||||
|
|
||||||
|
const onSubmit = async (values: FormValues) => {
|
||||||
|
createApiKey.mutate({
|
||||||
|
name: values.name,
|
||||||
|
expiresIn: values.expiresIn || undefined,
|
||||||
|
prefix: values.prefix || undefined,
|
||||||
|
metadata: {
|
||||||
|
organizationId: values.organizationId,
|
||||||
|
},
|
||||||
|
// Rate limiting
|
||||||
|
rateLimitEnabled: values.rateLimitEnabled,
|
||||||
|
rateLimitTimeWindow: values.rateLimitTimeWindow || undefined,
|
||||||
|
rateLimitMax: values.rateLimitMax || undefined,
|
||||||
|
// Request limiting
|
||||||
|
remaining: values.remaining || undefined,
|
||||||
|
refillAmount: values.refillAmount || undefined,
|
||||||
|
refillInterval: values.refillInterval || undefined,
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
|
return (
|
||||||
|
<>
|
||||||
|
<Dialog open={open} onOpenChange={setOpen}>
|
||||||
|
<DialogTrigger asChild>
|
||||||
|
<Button>Generate New Key</Button>
|
||||||
|
</DialogTrigger>
|
||||||
|
<DialogContent className="sm:max-w-xl max-h-[90vh] overflow-y-auto">
|
||||||
|
<DialogHeader>
|
||||||
|
<DialogTitle>Generate API Key</DialogTitle>
|
||||||
|
<DialogDescription>
|
||||||
|
Create a new API key for accessing the API. You can set an
|
||||||
|
expiration date and a custom prefix for better organization.
|
||||||
|
</DialogDescription>
|
||||||
|
</DialogHeader>
|
||||||
|
<Form {...form}>
|
||||||
|
<form onSubmit={form.handleSubmit(onSubmit)} className="space-y-4">
|
||||||
|
<FormField
|
||||||
|
control={form.control}
|
||||||
|
name="name"
|
||||||
|
render={({ field }) => (
|
||||||
|
<FormItem>
|
||||||
|
<FormLabel>Name</FormLabel>
|
||||||
|
<FormControl>
|
||||||
|
<Input placeholder="My API Key" {...field} />
|
||||||
|
</FormControl>
|
||||||
|
<FormMessage />
|
||||||
|
</FormItem>
|
||||||
|
)}
|
||||||
|
/>
|
||||||
|
<FormField
|
||||||
|
control={form.control}
|
||||||
|
name="prefix"
|
||||||
|
render={({ field }) => (
|
||||||
|
<FormItem>
|
||||||
|
<FormLabel>Prefix</FormLabel>
|
||||||
|
<FormControl>
|
||||||
|
<Input placeholder="my_app" {...field} />
|
||||||
|
</FormControl>
|
||||||
|
<FormMessage />
|
||||||
|
</FormItem>
|
||||||
|
)}
|
||||||
|
/>
|
||||||
|
<FormField
|
||||||
|
control={form.control}
|
||||||
|
name="expiresIn"
|
||||||
|
render={({ field }) => (
|
||||||
|
<FormItem>
|
||||||
|
<FormLabel>Expiration</FormLabel>
|
||||||
|
<Select
|
||||||
|
value={field.value?.toString() || "0"}
|
||||||
|
onValueChange={(value) =>
|
||||||
|
field.onChange(Number.parseInt(value, 10))
|
||||||
|
}
|
||||||
|
>
|
||||||
|
<FormControl>
|
||||||
|
<SelectTrigger>
|
||||||
|
<SelectValue placeholder="Select expiration time" />
|
||||||
|
</SelectTrigger>
|
||||||
|
</FormControl>
|
||||||
|
<SelectContent>
|
||||||
|
{EXPIRATION_OPTIONS.map((option) => (
|
||||||
|
<SelectItem key={option.value} value={option.value}>
|
||||||
|
{option.label}
|
||||||
|
</SelectItem>
|
||||||
|
))}
|
||||||
|
</SelectContent>
|
||||||
|
</Select>
|
||||||
|
<FormMessage />
|
||||||
|
</FormItem>
|
||||||
|
)}
|
||||||
|
/>
|
||||||
|
<FormField
|
||||||
|
control={form.control}
|
||||||
|
name="organizationId"
|
||||||
|
render={({ field }) => (
|
||||||
|
<FormItem>
|
||||||
|
<FormLabel>Organization</FormLabel>
|
||||||
|
<Select value={field.value} onValueChange={field.onChange}>
|
||||||
|
<FormControl>
|
||||||
|
<SelectTrigger>
|
||||||
|
<SelectValue placeholder="Select organization" />
|
||||||
|
</SelectTrigger>
|
||||||
|
</FormControl>
|
||||||
|
<SelectContent>
|
||||||
|
{organizations?.map((org) => (
|
||||||
|
<SelectItem key={org.id} value={org.id}>
|
||||||
|
{org.name}
|
||||||
|
</SelectItem>
|
||||||
|
))}
|
||||||
|
</SelectContent>
|
||||||
|
</Select>
|
||||||
|
<FormMessage />
|
||||||
|
</FormItem>
|
||||||
|
)}
|
||||||
|
/>
|
||||||
|
|
||||||
|
{/* Rate Limiting Section */}
|
||||||
|
<div className="space-y-4 rounded-lg border p-4">
|
||||||
|
<h3 className="text-lg font-medium">Rate Limiting</h3>
|
||||||
|
<FormField
|
||||||
|
control={form.control}
|
||||||
|
name="rateLimitEnabled"
|
||||||
|
render={({ field }) => (
|
||||||
|
<FormItem className="flex flex-row items-center justify-between rounded-lg border p-3">
|
||||||
|
<div className="space-y-0.5">
|
||||||
|
<FormLabel>Enable Rate Limiting</FormLabel>
|
||||||
|
<FormDescription>
|
||||||
|
Limit the number of requests within a time window
|
||||||
|
</FormDescription>
|
||||||
|
</div>
|
||||||
|
<FormControl>
|
||||||
|
<Switch
|
||||||
|
checked={field.value}
|
||||||
|
onCheckedChange={field.onChange}
|
||||||
|
/>
|
||||||
|
</FormControl>
|
||||||
|
</FormItem>
|
||||||
|
)}
|
||||||
|
/>
|
||||||
|
|
||||||
|
{rateLimitEnabled && (
|
||||||
|
<>
|
||||||
|
<FormField
|
||||||
|
control={form.control}
|
||||||
|
name="rateLimitTimeWindow"
|
||||||
|
render={({ field }) => (
|
||||||
|
<FormItem>
|
||||||
|
<FormLabel>Time Window</FormLabel>
|
||||||
|
<Select
|
||||||
|
value={field.value?.toString()}
|
||||||
|
onValueChange={(value) =>
|
||||||
|
field.onChange(Number.parseInt(value, 10))
|
||||||
|
}
|
||||||
|
>
|
||||||
|
<FormControl>
|
||||||
|
<SelectTrigger>
|
||||||
|
<SelectValue placeholder="Select time window" />
|
||||||
|
</SelectTrigger>
|
||||||
|
</FormControl>
|
||||||
|
<SelectContent>
|
||||||
|
{TIME_WINDOW_OPTIONS.map((option) => (
|
||||||
|
<SelectItem
|
||||||
|
key={option.value}
|
||||||
|
value={option.value}
|
||||||
|
>
|
||||||
|
{option.label}
|
||||||
|
</SelectItem>
|
||||||
|
))}
|
||||||
|
</SelectContent>
|
||||||
|
</Select>
|
||||||
|
<FormDescription>
|
||||||
|
The duration in which requests are counted
|
||||||
|
</FormDescription>
|
||||||
|
<FormMessage />
|
||||||
|
</FormItem>
|
||||||
|
)}
|
||||||
|
/>
|
||||||
|
<FormField
|
||||||
|
control={form.control}
|
||||||
|
name="rateLimitMax"
|
||||||
|
render={({ field }) => (
|
||||||
|
<FormItem>
|
||||||
|
<FormLabel>Maximum Requests</FormLabel>
|
||||||
|
<FormControl>
|
||||||
|
<Input
|
||||||
|
type="number"
|
||||||
|
placeholder="100"
|
||||||
|
value={field.value?.toString() ?? ""}
|
||||||
|
onChange={(e) =>
|
||||||
|
field.onChange(
|
||||||
|
e.target.value
|
||||||
|
? Number.parseInt(e.target.value, 10)
|
||||||
|
: null,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
/>
|
||||||
|
</FormControl>
|
||||||
|
<FormDescription>
|
||||||
|
Maximum number of requests allowed within the time
|
||||||
|
window
|
||||||
|
</FormDescription>
|
||||||
|
<FormMessage />
|
||||||
|
</FormItem>
|
||||||
|
)}
|
||||||
|
/>
|
||||||
|
</>
|
||||||
|
)}
|
||||||
|
</div>
|
||||||
|
|
||||||
|
{/* Request Limiting Section */}
|
||||||
|
<div className="space-y-4 rounded-lg border p-4">
|
||||||
|
<h3 className="text-lg font-medium">Request Limiting</h3>
|
||||||
|
<FormField
|
||||||
|
control={form.control}
|
||||||
|
name="remaining"
|
||||||
|
render={({ field }) => (
|
||||||
|
<FormItem>
|
||||||
|
<FormLabel>Total Request Limit</FormLabel>
|
||||||
|
<FormControl>
|
||||||
|
<Input
|
||||||
|
type="number"
|
||||||
|
placeholder="Leave empty for unlimited"
|
||||||
|
value={field.value?.toString() ?? ""}
|
||||||
|
onChange={(e) =>
|
||||||
|
field.onChange(
|
||||||
|
e.target.value
|
||||||
|
? Number.parseInt(e.target.value, 10)
|
||||||
|
: null,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
/>
|
||||||
|
</FormControl>
|
||||||
|
<FormDescription>
|
||||||
|
Total number of requests allowed (leave empty for
|
||||||
|
unlimited)
|
||||||
|
</FormDescription>
|
||||||
|
<FormMessage />
|
||||||
|
</FormItem>
|
||||||
|
)}
|
||||||
|
/>
|
||||||
|
|
||||||
|
<FormField
|
||||||
|
control={form.control}
|
||||||
|
name="refillAmount"
|
||||||
|
render={({ field }) => (
|
||||||
|
<FormItem>
|
||||||
|
<FormLabel>Refill Amount</FormLabel>
|
||||||
|
<FormControl>
|
||||||
|
<Input
|
||||||
|
type="number"
|
||||||
|
placeholder="Amount to refill"
|
||||||
|
value={field.value?.toString() ?? ""}
|
||||||
|
onChange={(e) =>
|
||||||
|
field.onChange(
|
||||||
|
e.target.value
|
||||||
|
? Number.parseInt(e.target.value, 10)
|
||||||
|
: null,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
/>
|
||||||
|
</FormControl>
|
||||||
|
<FormDescription>
|
||||||
|
Number of requests to add on each refill
|
||||||
|
</FormDescription>
|
||||||
|
<FormMessage />
|
||||||
|
</FormItem>
|
||||||
|
)}
|
||||||
|
/>
|
||||||
|
|
||||||
|
<FormField
|
||||||
|
control={form.control}
|
||||||
|
name="refillInterval"
|
||||||
|
render={({ field }) => (
|
||||||
|
<FormItem>
|
||||||
|
<FormLabel>Refill Interval</FormLabel>
|
||||||
|
<Select
|
||||||
|
value={field.value?.toString()}
|
||||||
|
onValueChange={(value) =>
|
||||||
|
field.onChange(Number.parseInt(value, 10))
|
||||||
|
}
|
||||||
|
>
|
||||||
|
<FormControl>
|
||||||
|
<SelectTrigger>
|
||||||
|
<SelectValue placeholder="Select refill interval" />
|
||||||
|
</SelectTrigger>
|
||||||
|
</FormControl>
|
||||||
|
<SelectContent>
|
||||||
|
{REFILL_INTERVAL_OPTIONS.map((option) => (
|
||||||
|
<SelectItem key={option.value} value={option.value}>
|
||||||
|
{option.label}
|
||||||
|
</SelectItem>
|
||||||
|
))}
|
||||||
|
</SelectContent>
|
||||||
|
</Select>
|
||||||
|
<FormDescription>
|
||||||
|
How often to refill the request limit
|
||||||
|
</FormDescription>
|
||||||
|
<FormMessage />
|
||||||
|
</FormItem>
|
||||||
|
)}
|
||||||
|
/>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div className="flex justify-end gap-3 pt-4">
|
||||||
|
<Button
|
||||||
|
type="button"
|
||||||
|
variant="outline"
|
||||||
|
onClick={() => setOpen(false)}
|
||||||
|
>
|
||||||
|
Cancel
|
||||||
|
</Button>
|
||||||
|
<Button type="submit">Generate</Button>
|
||||||
|
</div>
|
||||||
|
</form>
|
||||||
|
</Form>
|
||||||
|
</DialogContent>
|
||||||
|
</Dialog>
|
||||||
|
|
||||||
|
<Dialog open={showSuccessModal} onOpenChange={setShowSuccessModal}>
|
||||||
|
<DialogContent className="sm:max-w-xl">
|
||||||
|
<DialogHeader>
|
||||||
|
<DialogTitle>API Key Generated Successfully</DialogTitle>
|
||||||
|
<DialogDescription>
|
||||||
|
Please copy your API key now. You won't be able to see it again!
|
||||||
|
</DialogDescription>
|
||||||
|
</DialogHeader>
|
||||||
|
<div className="mt-4 space-y-4">
|
||||||
|
<div className="rounded-md bg-muted p-4 font-mono text-sm break-all">
|
||||||
|
{newApiKey}
|
||||||
|
</div>
|
||||||
|
<div className="flex justify-end gap-3">
|
||||||
|
<Button
|
||||||
|
onClick={() => {
|
||||||
|
navigator.clipboard.writeText(newApiKey);
|
||||||
|
toast.success("API key copied to clipboard");
|
||||||
|
}}
|
||||||
|
>
|
||||||
|
Copy to Clipboard
|
||||||
|
</Button>
|
||||||
|
<Button
|
||||||
|
variant="outline"
|
||||||
|
onClick={() => setShowSuccessModal(false)}
|
||||||
|
>
|
||||||
|
Close
|
||||||
|
</Button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</DialogContent>
|
||||||
|
</Dialog>
|
||||||
|
</>
|
||||||
|
);
|
||||||
|
};
|
||||||
142
apps/dokploy/components/dashboard/settings/api/show-api-keys.tsx
Normal file
142
apps/dokploy/components/dashboard/settings/api/show-api-keys.tsx
Normal file
@@ -0,0 +1,142 @@
|
|||||||
|
import { Button } from "@/components/ui/button";
|
||||||
|
import {
|
||||||
|
Card,
|
||||||
|
CardContent,
|
||||||
|
CardDescription,
|
||||||
|
CardHeader,
|
||||||
|
CardTitle,
|
||||||
|
} from "@/components/ui/card";
|
||||||
|
import { api } from "@/utils/api";
|
||||||
|
import { ExternalLinkIcon, KeyIcon, Trash2, Clock, Tag } from "lucide-react";
|
||||||
|
import Link from "next/link";
|
||||||
|
import { toast } from "sonner";
|
||||||
|
import { formatDistanceToNow } from "date-fns";
|
||||||
|
import { DialogAction } from "@/components/shared/dialog-action";
|
||||||
|
import { AddApiKey } from "./add-api-key";
|
||||||
|
import { Badge } from "@/components/ui/badge";
|
||||||
|
|
||||||
|
export const ShowApiKeys = () => {
|
||||||
|
const { data, refetch } = api.user.get.useQuery();
|
||||||
|
const { mutateAsync: deleteApiKey, isLoading: isLoadingDelete } =
|
||||||
|
api.user.deleteApiKey.useMutation();
|
||||||
|
|
||||||
|
return (
|
||||||
|
<div className="w-full">
|
||||||
|
<Card className="h-full bg-sidebar p-2.5 rounded-xl max-w-5xl mx-auto">
|
||||||
|
<div className="rounded-xl bg-background shadow-md">
|
||||||
|
<CardHeader className="flex flex-row gap-2 flex-wrap justify-between items-center">
|
||||||
|
<div>
|
||||||
|
<CardTitle className="text-xl flex items-center gap-2">
|
||||||
|
<KeyIcon className="size-5" />
|
||||||
|
API/CLI Keys
|
||||||
|
</CardTitle>
|
||||||
|
<CardDescription>
|
||||||
|
Generate and manage API keys to access the API/CLI
|
||||||
|
</CardDescription>
|
||||||
|
</div>
|
||||||
|
<div className="flex flex-row gap-2 max-sm:flex-wrap items-end">
|
||||||
|
<span className="text-sm font-medium text-muted-foreground">
|
||||||
|
Swagger API:
|
||||||
|
</span>
|
||||||
|
<Link
|
||||||
|
href="/swagger"
|
||||||
|
target="_blank"
|
||||||
|
className="flex flex-row gap-2 items-center"
|
||||||
|
>
|
||||||
|
<span className="text-sm font-medium">View</span>
|
||||||
|
<ExternalLinkIcon className="size-4" />
|
||||||
|
</Link>
|
||||||
|
</div>
|
||||||
|
</CardHeader>
|
||||||
|
<CardContent className="space-y-6">
|
||||||
|
<div className="flex flex-col gap-4">
|
||||||
|
{data?.user.apiKeys && data.user.apiKeys.length > 0 ? (
|
||||||
|
data.user.apiKeys.map((apiKey) => (
|
||||||
|
<div
|
||||||
|
key={apiKey.id}
|
||||||
|
className="flex flex-col gap-2 p-4 border rounded-lg"
|
||||||
|
>
|
||||||
|
<div className="flex justify-between items-start">
|
||||||
|
<div className="flex flex-col gap-1">
|
||||||
|
<span className="font-medium">{apiKey.name}</span>
|
||||||
|
<div className="flex flex-wrap gap-2 items-center text-sm text-muted-foreground">
|
||||||
|
<span className="flex items-center gap-1">
|
||||||
|
<Clock className="size-3.5" />
|
||||||
|
Created{" "}
|
||||||
|
{formatDistanceToNow(new Date(apiKey.createdAt))}{" "}
|
||||||
|
ago
|
||||||
|
</span>
|
||||||
|
{apiKey.prefix && (
|
||||||
|
<Badge
|
||||||
|
variant="secondary"
|
||||||
|
className="flex items-center gap-1"
|
||||||
|
>
|
||||||
|
<Tag className="size-3.5" />
|
||||||
|
{apiKey.prefix}
|
||||||
|
</Badge>
|
||||||
|
)}
|
||||||
|
{apiKey.expiresAt && (
|
||||||
|
<Badge
|
||||||
|
variant="outline"
|
||||||
|
className="flex items-center gap-1"
|
||||||
|
>
|
||||||
|
<Clock className="size-3.5" />
|
||||||
|
Expires in{" "}
|
||||||
|
{formatDistanceToNow(
|
||||||
|
new Date(apiKey.expiresAt),
|
||||||
|
)}{" "}
|
||||||
|
</Badge>
|
||||||
|
)}
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<DialogAction
|
||||||
|
title="Delete API Key"
|
||||||
|
description="Are you sure you want to delete this API key? This action cannot be undone."
|
||||||
|
type="destructive"
|
||||||
|
onClick={async () => {
|
||||||
|
try {
|
||||||
|
await deleteApiKey({
|
||||||
|
apiKeyId: apiKey.id,
|
||||||
|
});
|
||||||
|
await refetch();
|
||||||
|
toast.success("API key deleted successfully");
|
||||||
|
} catch (error) {
|
||||||
|
toast.error(
|
||||||
|
error instanceof Error
|
||||||
|
? error.message
|
||||||
|
: "Error deleting API key",
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}}
|
||||||
|
>
|
||||||
|
<Button
|
||||||
|
variant="ghost"
|
||||||
|
size="icon"
|
||||||
|
isLoading={isLoadingDelete}
|
||||||
|
>
|
||||||
|
<Trash2 className="size-4" />
|
||||||
|
</Button>
|
||||||
|
</DialogAction>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
))
|
||||||
|
) : (
|
||||||
|
<div className="flex flex-col items-center gap-3 py-6">
|
||||||
|
<KeyIcon className="size-8 text-muted-foreground" />
|
||||||
|
<span className="text-base text-muted-foreground">
|
||||||
|
No API keys found
|
||||||
|
</span>
|
||||||
|
</div>
|
||||||
|
)}
|
||||||
|
</div>
|
||||||
|
|
||||||
|
{/* Generate new API key */}
|
||||||
|
<div className="flex justify-end pt-4 border-t">
|
||||||
|
<AddApiKey />
|
||||||
|
</div>
|
||||||
|
</CardContent>
|
||||||
|
</div>
|
||||||
|
</Card>
|
||||||
|
</div>
|
||||||
|
);
|
||||||
|
};
|
||||||
@@ -1,77 +0,0 @@
|
|||||||
import { ToggleVisibilityInput } from "@/components/shared/toggle-visibility-input";
|
|
||||||
import { Button } from "@/components/ui/button";
|
|
||||||
import {
|
|
||||||
Card,
|
|
||||||
CardContent,
|
|
||||||
CardDescription,
|
|
||||||
CardHeader,
|
|
||||||
CardTitle,
|
|
||||||
} from "@/components/ui/card";
|
|
||||||
import { Label } from "@/components/ui/label";
|
|
||||||
import { api } from "@/utils/api";
|
|
||||||
import { ExternalLinkIcon } from "lucide-react";
|
|
||||||
import Link from "next/link";
|
|
||||||
import { toast } from "sonner";
|
|
||||||
|
|
||||||
export const GenerateToken = () => {
|
|
||||||
const { data, refetch } = api.user.get.useQuery();
|
|
||||||
|
|
||||||
const { mutateAsync: generateToken, isLoading: isLoadingToken } =
|
|
||||||
api.user.generateToken.useMutation();
|
|
||||||
|
|
||||||
return (
|
|
||||||
<div className="w-full">
|
|
||||||
<Card className="h-full bg-sidebar p-2.5 rounded-xl max-w-5xl mx-auto">
|
|
||||||
<div className="rounded-xl bg-background shadow-md ">
|
|
||||||
<CardHeader className="flex flex-row gap-2 flex-wrap justify-between items-center">
|
|
||||||
<div>
|
|
||||||
<CardTitle className="text-xl">API/CLI</CardTitle>
|
|
||||||
<CardDescription>
|
|
||||||
Generate a token to access the API/CLI
|
|
||||||
</CardDescription>
|
|
||||||
</div>
|
|
||||||
<div className="flex flex-row gap-2 max-sm:flex-wrap items-end">
|
|
||||||
<span className="text-sm font-medium text-muted-foreground">
|
|
||||||
Swagger API:
|
|
||||||
</span>
|
|
||||||
<Link
|
|
||||||
href="/swagger"
|
|
||||||
target="_blank"
|
|
||||||
className="flex flex-row gap-2 items-center"
|
|
||||||
>
|
|
||||||
<span className="text-sm font-medium">View</span>
|
|
||||||
<ExternalLinkIcon className="size-4" />
|
|
||||||
</Link>
|
|
||||||
</div>
|
|
||||||
</CardHeader>
|
|
||||||
<CardContent className="space-y-2">
|
|
||||||
<div className="flex flex-row gap-2 max-sm:flex-wrap justify-end items-end">
|
|
||||||
<div className="grid w-full gap-8">
|
|
||||||
<div className="flex flex-col gap-2">
|
|
||||||
<Label>Token</Label>
|
|
||||||
<ToggleVisibilityInput
|
|
||||||
placeholder="Token"
|
|
||||||
value={data?.id || ""}
|
|
||||||
disabled
|
|
||||||
/>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
<Button
|
|
||||||
type="button"
|
|
||||||
isLoading={isLoadingToken}
|
|
||||||
onClick={async () => {
|
|
||||||
await generateToken().then(() => {
|
|
||||||
refetch();
|
|
||||||
toast.success("Token generated");
|
|
||||||
});
|
|
||||||
}}
|
|
||||||
>
|
|
||||||
Generate
|
|
||||||
</Button>
|
|
||||||
</div>
|
|
||||||
</CardContent>
|
|
||||||
</div>
|
|
||||||
</Card>
|
|
||||||
</div>
|
|
||||||
);
|
|
||||||
};
|
|
||||||
@@ -321,7 +321,6 @@ inserted_admin_members AS (
|
|||||||
"user_id",
|
"user_id",
|
||||||
role,
|
role,
|
||||||
"created_at",
|
"created_at",
|
||||||
"token",
|
|
||||||
"canAccessToAPI",
|
"canAccessToAPI",
|
||||||
"canAccessToDocker",
|
"canAccessToDocker",
|
||||||
"canAccessToGitProviders",
|
"canAccessToGitProviders",
|
||||||
@@ -340,7 +339,6 @@ inserted_admin_members AS (
|
|||||||
a."adminId",
|
a."adminId",
|
||||||
'owner',
|
'owner',
|
||||||
NOW(),
|
NOW(),
|
||||||
COALESCE(auth.token, ''),
|
|
||||||
true, -- Los admins tienen todos los permisos por defecto
|
true, -- Los admins tienen todos los permisos por defecto
|
||||||
true,
|
true,
|
||||||
true,
|
true,
|
||||||
@@ -364,7 +362,6 @@ INSERT INTO member (
|
|||||||
"user_id",
|
"user_id",
|
||||||
role,
|
role,
|
||||||
"created_at",
|
"created_at",
|
||||||
"token",
|
|
||||||
"canAccessToAPI",
|
"canAccessToAPI",
|
||||||
"canAccessToDocker",
|
"canAccessToDocker",
|
||||||
"canAccessToGitProviders",
|
"canAccessToGitProviders",
|
||||||
@@ -383,7 +380,6 @@ SELECT
|
|||||||
u."userId",
|
u."userId",
|
||||||
'member',
|
'member',
|
||||||
NOW(),
|
NOW(),
|
||||||
COALESCE(auth.token, ''),
|
|
||||||
COALESCE(u."canAccessToAPI", false),
|
COALESCE(u."canAccessToAPI", false),
|
||||||
COALESCE(u."canAccessToDocker", false),
|
COALESCE(u."canAccessToDocker", false),
|
||||||
COALESCE(u."canAccessToGitProviders", false),
|
COALESCE(u."canAccessToGitProviders", false),
|
||||||
@@ -400,6 +396,29 @@ JOIN admin a ON u."adminId" = a."adminId"
|
|||||||
JOIN inserted_orgs o ON o."owner_id" = a."adminId"
|
JOIN inserted_orgs o ON o."owner_id" = a."adminId"
|
||||||
JOIN auth ON auth.id = u."authId";
|
JOIN auth ON auth.id = u."authId";
|
||||||
|
|
||||||
|
-- Migrar tokens de auth a apikey
|
||||||
|
INSERT INTO apikey (
|
||||||
|
id,
|
||||||
|
name,
|
||||||
|
key,
|
||||||
|
user_id,
|
||||||
|
enabled,
|
||||||
|
created_at,
|
||||||
|
updated_at
|
||||||
|
)
|
||||||
|
SELECT
|
||||||
|
gen_random_uuid(),
|
||||||
|
'Legacy Token',
|
||||||
|
auth.token,
|
||||||
|
user_temp.id,
|
||||||
|
true,
|
||||||
|
NOW(),
|
||||||
|
NOW()
|
||||||
|
FROM auth
|
||||||
|
JOIN admin ON auth.id = admin."authId"
|
||||||
|
JOIN user_temp ON user_temp.id = admin."adminId"
|
||||||
|
WHERE auth.token IS NOT NULL AND auth.token != '';
|
||||||
|
|
||||||
-- Migration tables foreign keys
|
-- Migration tables foreign keys
|
||||||
|
|
||||||
ALTER TABLE "project" RENAME COLUMN "adminId" TO "userId";--> statement-breakpoint
|
ALTER TABLE "project" RENAME COLUMN "adminId" TO "userId";--> statement-breakpoint
|
||||||
@@ -436,7 +455,6 @@ ALTER TABLE "git_provider" ADD CONSTRAINT "git_provider_userId_user_temp_id_fk"
|
|||||||
ALTER TABLE "server" ADD CONSTRAINT "server_userId_user_temp_id_fk" FOREIGN KEY ("userId") REFERENCES "public"."user_temp"("id") ON DELETE cascade ON UPDATE no action;
|
ALTER TABLE "server" ADD CONSTRAINT "server_userId_user_temp_id_fk" FOREIGN KEY ("userId") REFERENCES "public"."user_temp"("id") ON DELETE cascade ON UPDATE no action;
|
||||||
|
|
||||||
|
|
||||||
ALTER TABLE "member" ALTER COLUMN "token" SET DEFAULT '';--> statement-breakpoint
|
|
||||||
ALTER TABLE "user_temp" ADD COLUMN "created_at" timestamp DEFAULT now();
|
ALTER TABLE "user_temp" ADD COLUMN "created_at" timestamp DEFAULT now();
|
||||||
|
|
||||||
|
|
||||||
@@ -635,7 +653,6 @@ ALTER TABLE "git_provider" DROP COLUMN "userId";--> statement-breakpoint
|
|||||||
ALTER TABLE "server" DROP COLUMN "userId";
|
ALTER TABLE "server" DROP COLUMN "userId";
|
||||||
|
|
||||||
-- Drop tables
|
-- Drop tables
|
||||||
--> statement-breakpoint
|
|
||||||
DROP TABLE "user" CASCADE;--> statement-breakpoint
|
DROP TABLE "user" CASCADE;--> statement-breakpoint
|
||||||
DROP TABLE "admin" CASCADE;--> statement-breakpoint
|
DROP TABLE "admin" CASCADE;--> statement-breakpoint
|
||||||
DROP TABLE "auth" CASCADE;--> statement-breakpoint
|
DROP TABLE "auth" CASCADE;--> statement-breakpoint
|
||||||
|
|||||||
@@ -470,13 +470,6 @@
|
|||||||
"when": 1739426913392,
|
"when": 1739426913392,
|
||||||
"tag": "0066_yielding_echo",
|
"tag": "0066_yielding_echo",
|
||||||
"breakpoints": true
|
"breakpoints": true
|
||||||
},
|
|
||||||
{
|
|
||||||
"idx": 67,
|
|
||||||
"version": "7",
|
|
||||||
"when": 1740860314823,
|
|
||||||
"tag": "0067_goofy_red_skull",
|
|
||||||
"breakpoints": true
|
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
@@ -1,8 +1,9 @@
|
|||||||
import { organizationClient } from "better-auth/client/plugins";
|
import { organizationClient } from "better-auth/client/plugins";
|
||||||
import { twoFactorClient } from "better-auth/client/plugins";
|
import { twoFactorClient } from "better-auth/client/plugins";
|
||||||
|
import { apiKeyClient } from "better-auth/client/plugins";
|
||||||
import { createAuthClient } from "better-auth/react";
|
import { createAuthClient } from "better-auth/react";
|
||||||
|
|
||||||
export const authClient = createAuthClient({
|
export const authClient = createAuthClient({
|
||||||
// baseURL: "http://localhost:3000", // the base url of your auth server
|
// baseURL: "http://localhost:3000", // the base url of your auth server
|
||||||
plugins: [organizationClient(), twoFactorClient()],
|
plugins: [organizationClient(), twoFactorClient(), apiKeyClient()],
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -36,7 +36,7 @@
|
|||||||
"test": "vitest --config __test__/vitest.config.ts"
|
"test": "vitest --config __test__/vitest.config.ts"
|
||||||
},
|
},
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"better-auth": "beta",
|
"better-auth": "1.2.0",
|
||||||
"bl": "6.0.11",
|
"bl": "6.0.11",
|
||||||
"rotating-file-stream": "3.2.3",
|
"rotating-file-stream": "3.2.3",
|
||||||
"qrcode": "^1.5.3",
|
"qrcode": "^1.5.3",
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
import { GenerateToken } from "@/components/dashboard/settings/profile/generate-token";
|
import { ShowApiKeys } from "@/components/dashboard/settings/api/show-api-keys";
|
||||||
import { ProfileForm } from "@/components/dashboard/settings/profile/profile-form";
|
import { ProfileForm } from "@/components/dashboard/settings/profile/profile-form";
|
||||||
import { DashboardLayout } from "@/components/layouts/dashboard-layout";
|
import { DashboardLayout } from "@/components/layouts/dashboard-layout";
|
||||||
|
|
||||||
@@ -19,7 +19,7 @@ const Page = () => {
|
|||||||
<div className="w-full">
|
<div className="w-full">
|
||||||
<div className="h-full rounded-xl max-w-5xl mx-auto flex flex-col gap-4">
|
<div className="h-full rounded-xl max-w-5xl mx-auto flex flex-col gap-4">
|
||||||
<ProfileForm />
|
<ProfileForm />
|
||||||
{(data?.canAccessToAPI || data?.role === "owner") && <GenerateToken />}
|
{(data?.canAccessToAPI || data?.role === "owner") && <ShowApiKeys />}
|
||||||
|
|
||||||
{/* {isCloud && <RemoveSelfAccount />} */}
|
{/* {isCloud && <RemoveSelfAccount />} */}
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
@@ -30,7 +30,41 @@ const Home: NextPage = () => {
|
|||||||
|
|
||||||
return (
|
return (
|
||||||
<div className="h-screen bg-white">
|
<div className="h-screen bg-white">
|
||||||
<SwaggerUI spec={spec} />
|
<SwaggerUI
|
||||||
|
spec={spec}
|
||||||
|
persistAuthorization={true}
|
||||||
|
plugins={[
|
||||||
|
{
|
||||||
|
statePlugins: {
|
||||||
|
auth: {
|
||||||
|
wrapActions: {
|
||||||
|
authorize: (ori: any) => (args: any) => {
|
||||||
|
const result = ori(args);
|
||||||
|
const apiKey = args?.apiKey?.value;
|
||||||
|
if (apiKey) {
|
||||||
|
localStorage.setItem("swagger_api_key", apiKey);
|
||||||
|
}
|
||||||
|
return result;
|
||||||
|
},
|
||||||
|
logout: (ori: any) => (args: any) => {
|
||||||
|
const result = ori(args);
|
||||||
|
localStorage.removeItem("swagger_api_key");
|
||||||
|
return result;
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
]}
|
||||||
|
requestInterceptor={(request: any) => {
|
||||||
|
const apiKey = localStorage.getItem("swagger_api_key");
|
||||||
|
if (apiKey) {
|
||||||
|
request.headers = request.headers || {};
|
||||||
|
request.headers["x-api-key"] = apiKey;
|
||||||
|
}
|
||||||
|
return request;
|
||||||
|
}}
|
||||||
|
/>
|
||||||
</div>
|
</div>
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -482,10 +482,28 @@ export const settingsRouter = createTRPCRouter({
|
|||||||
openApiDocument.info = {
|
openApiDocument.info = {
|
||||||
title: "Dokploy API",
|
title: "Dokploy API",
|
||||||
description: "Endpoints for dokploy",
|
description: "Endpoints for dokploy",
|
||||||
// TODO: get version from package.json
|
|
||||||
version: "1.0.0",
|
version: "1.0.0",
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// Add security schemes configuration
|
||||||
|
openApiDocument.components = {
|
||||||
|
...openApiDocument.components,
|
||||||
|
securitySchemes: {
|
||||||
|
apiKey: {
|
||||||
|
type: "apiKey",
|
||||||
|
in: "header",
|
||||||
|
name: "x-api-key",
|
||||||
|
description: "API key authentication",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
};
|
||||||
|
|
||||||
|
// Apply security globally to all endpoints
|
||||||
|
openApiDocument.security = [
|
||||||
|
{
|
||||||
|
apiKey: [],
|
||||||
|
},
|
||||||
|
];
|
||||||
return openApiDocument;
|
return openApiDocument;
|
||||||
},
|
},
|
||||||
),
|
),
|
||||||
|
|||||||
@@ -5,6 +5,7 @@ import {
|
|||||||
getUserByToken,
|
getUserByToken,
|
||||||
removeUserById,
|
removeUserById,
|
||||||
updateUser,
|
updateUser,
|
||||||
|
createApiKey,
|
||||||
} from "@dokploy/server";
|
} from "@dokploy/server";
|
||||||
import { db } from "@dokploy/server/db";
|
import { db } from "@dokploy/server/db";
|
||||||
import {
|
import {
|
||||||
@@ -14,6 +15,7 @@ import {
|
|||||||
apiUpdateUser,
|
apiUpdateUser,
|
||||||
invitation,
|
invitation,
|
||||||
member,
|
member,
|
||||||
|
apikey,
|
||||||
} from "@dokploy/server/db/schema";
|
} from "@dokploy/server/db/schema";
|
||||||
import * as bcrypt from "bcrypt";
|
import * as bcrypt from "bcrypt";
|
||||||
import { TRPCError } from "@trpc/server";
|
import { TRPCError } from "@trpc/server";
|
||||||
@@ -25,6 +27,24 @@ import {
|
|||||||
protectedProcedure,
|
protectedProcedure,
|
||||||
publicProcedure,
|
publicProcedure,
|
||||||
} from "../trpc";
|
} from "../trpc";
|
||||||
|
|
||||||
|
const apiCreateApiKey = z.object({
|
||||||
|
name: z.string().min(1),
|
||||||
|
prefix: z.string().optional(),
|
||||||
|
expiresIn: z.number().optional(),
|
||||||
|
metadata: z.object({
|
||||||
|
organizationId: z.string(),
|
||||||
|
}),
|
||||||
|
// Rate limiting
|
||||||
|
rateLimitEnabled: z.boolean().optional(),
|
||||||
|
rateLimitTimeWindow: z.number().optional(),
|
||||||
|
rateLimitMax: z.number().optional(),
|
||||||
|
// Request limiting
|
||||||
|
remaining: z.number().optional(),
|
||||||
|
refillAmount: z.number().optional(),
|
||||||
|
refillInterval: z.number().optional(),
|
||||||
|
});
|
||||||
|
|
||||||
export const userRouter = createTRPCRouter({
|
export const userRouter = createTRPCRouter({
|
||||||
all: adminProcedure.query(async ({ ctx }) => {
|
all: adminProcedure.query(async ({ ctx }) => {
|
||||||
return await db.query.member.findMany({
|
return await db.query.member.findMany({
|
||||||
@@ -61,7 +81,11 @@ export const userRouter = createTRPCRouter({
|
|||||||
eq(member.organizationId, ctx.session?.activeOrganizationId || ""),
|
eq(member.organizationId, ctx.session?.activeOrganizationId || ""),
|
||||||
),
|
),
|
||||||
with: {
|
with: {
|
||||||
user: true,
|
user: {
|
||||||
|
with: {
|
||||||
|
apiKeys: true,
|
||||||
|
},
|
||||||
|
},
|
||||||
},
|
},
|
||||||
});
|
});
|
||||||
|
|
||||||
@@ -249,4 +273,44 @@ export const userRouter = createTRPCRouter({
|
|||||||
generateToken: protectedProcedure.mutation(async () => {
|
generateToken: protectedProcedure.mutation(async () => {
|
||||||
return "token";
|
return "token";
|
||||||
}),
|
}),
|
||||||
|
|
||||||
|
deleteApiKey: protectedProcedure
|
||||||
|
.input(
|
||||||
|
z.object({
|
||||||
|
apiKeyId: z.string(),
|
||||||
|
}),
|
||||||
|
)
|
||||||
|
.mutation(async ({ input, ctx }) => {
|
||||||
|
try {
|
||||||
|
const apiKeyToDelete = await db.query.apikey.findFirst({
|
||||||
|
where: eq(apikey.id, input.apiKeyId),
|
||||||
|
});
|
||||||
|
|
||||||
|
if (!apiKeyToDelete) {
|
||||||
|
throw new TRPCError({
|
||||||
|
code: "NOT_FOUND",
|
||||||
|
message: "API key not found",
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
if (apiKeyToDelete.userId !== ctx.user.id) {
|
||||||
|
throw new TRPCError({
|
||||||
|
code: "UNAUTHORIZED",
|
||||||
|
message: "You are not authorized to delete this API key",
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
await db.delete(apikey).where(eq(apikey.id, input.apiKeyId));
|
||||||
|
return true;
|
||||||
|
} catch (error) {
|
||||||
|
throw error;
|
||||||
|
}
|
||||||
|
}),
|
||||||
|
|
||||||
|
createApiKey: protectedProcedure
|
||||||
|
.input(apiCreateApiKey)
|
||||||
|
.mutation(async ({ input, ctx }) => {
|
||||||
|
const apiKey = await createApiKey(ctx.user.id, input);
|
||||||
|
return apiKey;
|
||||||
|
}),
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -32,7 +32,7 @@
|
|||||||
"@oslojs/encoding":"1.1.0",
|
"@oslojs/encoding":"1.1.0",
|
||||||
"@oslojs/crypto":"1.0.1",
|
"@oslojs/crypto":"1.0.1",
|
||||||
"drizzle-dbml-generator":"0.10.0",
|
"drizzle-dbml-generator":"0.10.0",
|
||||||
"better-auth":"beta",
|
"better-auth":"1.2.0",
|
||||||
"rotating-file-stream": "3.2.3",
|
"rotating-file-stream": "3.2.3",
|
||||||
"@faker-js/faker": "^8.4.1",
|
"@faker-js/faker": "^8.4.1",
|
||||||
"@lucia-auth/adapter-drizzle": "1.0.7",
|
"@lucia-auth/adapter-drizzle": "1.0.7",
|
||||||
|
|||||||
@@ -185,3 +185,10 @@ export const apikey = pgTable("apikey", {
|
|||||||
permissions: text("permissions"),
|
permissions: text("permissions"),
|
||||||
metadata: text("metadata"),
|
metadata: text("metadata"),
|
||||||
});
|
});
|
||||||
|
|
||||||
|
export const apikeyRelations = relations(apikey, ({ one }) => ({
|
||||||
|
user: one(users_temp, {
|
||||||
|
fields: [apikey.userId],
|
||||||
|
references: [users_temp.id],
|
||||||
|
}),
|
||||||
|
}));
|
||||||
|
|||||||
@@ -10,7 +10,7 @@ import {
|
|||||||
import { createInsertSchema } from "drizzle-zod";
|
import { createInsertSchema } from "drizzle-zod";
|
||||||
import { nanoid } from "nanoid";
|
import { nanoid } from "nanoid";
|
||||||
import { z } from "zod";
|
import { z } from "zod";
|
||||||
import { account, organization } from "./account";
|
import { account, organization, apikey } from "./account";
|
||||||
import { projects } from "./project";
|
import { projects } from "./project";
|
||||||
import { certificateType } from "./shared";
|
import { certificateType } from "./shared";
|
||||||
/**
|
/**
|
||||||
@@ -123,6 +123,7 @@ export const usersRelations = relations(users_temp, ({ one, many }) => ({
|
|||||||
}),
|
}),
|
||||||
organizations: many(organization),
|
organizations: many(organization),
|
||||||
projects: many(projects),
|
projects: many(projects),
|
||||||
|
apiKeys: many(apikey),
|
||||||
}));
|
}));
|
||||||
|
|
||||||
const createSchema = createInsertSchema(users_temp, {
|
const createSchema = createInsertSchema(users_temp, {
|
||||||
|
|||||||
@@ -9,7 +9,7 @@ import * as schema from "../db/schema";
|
|||||||
import { sendEmail } from "../verification/send-verification-email";
|
import { sendEmail } from "../verification/send-verification-email";
|
||||||
import { IS_CLOUD } from "../constants";
|
import { IS_CLOUD } from "../constants";
|
||||||
|
|
||||||
export const auth = betterAuth({
|
const { handler, api } = betterAuth({
|
||||||
database: drizzleAdapter(db, {
|
database: drizzleAdapter(db, {
|
||||||
provider: "pg",
|
provider: "pg",
|
||||||
schema: schema,
|
schema: schema,
|
||||||
@@ -126,7 +126,9 @@ export const auth = betterAuth({
|
|||||||
},
|
},
|
||||||
|
|
||||||
plugins: [
|
plugins: [
|
||||||
apiKey(),
|
apiKey({
|
||||||
|
enableMetadata: true,
|
||||||
|
}),
|
||||||
twoFactor(),
|
twoFactor(),
|
||||||
organization({
|
organization({
|
||||||
async sendInvitationEmail(data, _request) {
|
async sendInvitationEmail(data, _request) {
|
||||||
@@ -145,11 +147,111 @@ export const auth = betterAuth({
|
|||||||
],
|
],
|
||||||
});
|
});
|
||||||
|
|
||||||
// export const auth = {
|
export const auth = {
|
||||||
// handler,
|
handler,
|
||||||
// };
|
api,
|
||||||
|
};
|
||||||
|
|
||||||
export const validateRequest = async (request: IncomingMessage) => {
|
export const validateRequest = async (request: IncomingMessage) => {
|
||||||
|
const apiKey = request.headers["x-api-key"] as string;
|
||||||
|
if (apiKey) {
|
||||||
|
try {
|
||||||
|
const { valid, key, error } = await api.verifyApiKey({
|
||||||
|
body: {
|
||||||
|
key: apiKey,
|
||||||
|
},
|
||||||
|
});
|
||||||
|
|
||||||
|
if (error) {
|
||||||
|
throw new Error(error.message || "Error verifying API key");
|
||||||
|
}
|
||||||
|
if (!valid || !key) {
|
||||||
|
return {
|
||||||
|
session: null,
|
||||||
|
user: null,
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
const apiKeyRecord = await db.query.apikey.findFirst({
|
||||||
|
where: eq(schema.apikey.id, key.id),
|
||||||
|
with: {
|
||||||
|
user: true,
|
||||||
|
},
|
||||||
|
});
|
||||||
|
|
||||||
|
if (!apiKeyRecord) {
|
||||||
|
return {
|
||||||
|
session: null,
|
||||||
|
user: null,
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
const organizationId = JSON.parse(
|
||||||
|
apiKeyRecord.metadata || "{}",
|
||||||
|
).organizationId;
|
||||||
|
|
||||||
|
if (!organizationId) {
|
||||||
|
return {
|
||||||
|
session: null,
|
||||||
|
user: null,
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
const member = await db.query.member.findFirst({
|
||||||
|
where: and(
|
||||||
|
eq(schema.member.userId, apiKeyRecord.user.id),
|
||||||
|
eq(schema.member.organizationId, organizationId),
|
||||||
|
),
|
||||||
|
with: {
|
||||||
|
organization: true,
|
||||||
|
},
|
||||||
|
});
|
||||||
|
|
||||||
|
const {
|
||||||
|
id,
|
||||||
|
name,
|
||||||
|
email,
|
||||||
|
emailVerified,
|
||||||
|
image,
|
||||||
|
createdAt,
|
||||||
|
updatedAt,
|
||||||
|
twoFactorEnabled,
|
||||||
|
} = apiKeyRecord.user;
|
||||||
|
|
||||||
|
const mockSession = {
|
||||||
|
session: {
|
||||||
|
user: {
|
||||||
|
id: apiKeyRecord.user.id,
|
||||||
|
email: apiKeyRecord.user.email,
|
||||||
|
name: apiKeyRecord.user.name,
|
||||||
|
},
|
||||||
|
activeOrganizationId: organizationId || "",
|
||||||
|
},
|
||||||
|
user: {
|
||||||
|
id,
|
||||||
|
name,
|
||||||
|
email,
|
||||||
|
emailVerified,
|
||||||
|
image,
|
||||||
|
createdAt,
|
||||||
|
updatedAt,
|
||||||
|
twoFactorEnabled,
|
||||||
|
role: member?.role || "member",
|
||||||
|
ownerId: member?.organization.ownerId || apiKeyRecord.user.id,
|
||||||
|
},
|
||||||
|
};
|
||||||
|
|
||||||
|
return mockSession;
|
||||||
|
} catch (error) {
|
||||||
|
console.error("Error verifying API key", error);
|
||||||
|
return {
|
||||||
|
session: null,
|
||||||
|
user: null,
|
||||||
|
};
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// If no API key, proceed with normal session validation
|
||||||
const session = await api.getSession({
|
const session = await api.getSession({
|
||||||
headers: new Headers({
|
headers: new Headers({
|
||||||
cookie: request.headers.cookie || "",
|
cookie: request.headers.cookie || "",
|
||||||
|
|||||||
@@ -1,7 +1,8 @@
|
|||||||
import { db } from "@dokploy/server/db";
|
import { db } from "@dokploy/server/db";
|
||||||
import { member, users_temp } from "@dokploy/server/db/schema";
|
import { apikey, member, users_temp } from "@dokploy/server/db/schema";
|
||||||
import { TRPCError } from "@trpc/server";
|
import { TRPCError } from "@trpc/server";
|
||||||
import { and, eq } from "drizzle-orm";
|
import { and, eq } from "drizzle-orm";
|
||||||
|
import { auth } from "../lib/auth";
|
||||||
|
|
||||||
export type User = typeof users_temp.$inferSelect;
|
export type User = typeof users_temp.$inferSelect;
|
||||||
|
|
||||||
@@ -248,3 +249,46 @@ export const updateUser = async (userId: string, userData: Partial<User>) => {
|
|||||||
|
|
||||||
return user;
|
return user;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
export const createApiKey = async (
|
||||||
|
userId: string,
|
||||||
|
input: {
|
||||||
|
name: string;
|
||||||
|
prefix?: string;
|
||||||
|
expiresIn?: number;
|
||||||
|
metadata: {
|
||||||
|
organizationId: string;
|
||||||
|
};
|
||||||
|
rateLimitEnabled?: boolean;
|
||||||
|
rateLimitTimeWindow?: number;
|
||||||
|
rateLimitMax?: number;
|
||||||
|
remaining?: number;
|
||||||
|
refillAmount?: number;
|
||||||
|
refillInterval?: number;
|
||||||
|
},
|
||||||
|
) => {
|
||||||
|
const apiKey = await auth.api.createApiKey({
|
||||||
|
body: {
|
||||||
|
name: input.name,
|
||||||
|
expiresIn: input.expiresIn,
|
||||||
|
prefix: input.prefix,
|
||||||
|
rateLimitEnabled: input.rateLimitEnabled,
|
||||||
|
rateLimitTimeWindow: input.rateLimitTimeWindow,
|
||||||
|
rateLimitMax: input.rateLimitMax,
|
||||||
|
remaining: input.remaining,
|
||||||
|
refillAmount: input.refillAmount,
|
||||||
|
refillInterval: input.refillInterval,
|
||||||
|
userId,
|
||||||
|
},
|
||||||
|
});
|
||||||
|
|
||||||
|
if (input.metadata) {
|
||||||
|
await db
|
||||||
|
.update(apikey)
|
||||||
|
.set({
|
||||||
|
metadata: JSON.stringify(input.metadata),
|
||||||
|
})
|
||||||
|
.where(eq(apikey.id, apiKey.id));
|
||||||
|
}
|
||||||
|
return apiKey;
|
||||||
|
};
|
||||||
|
|||||||
14
pnpm-lock.yaml
generated
14
pnpm-lock.yaml
generated
@@ -239,8 +239,8 @@ importers:
|
|||||||
specifier: 5.1.1
|
specifier: 5.1.1
|
||||||
version: 5.1.1(encoding@0.1.13)
|
version: 5.1.1(encoding@0.1.13)
|
||||||
better-auth:
|
better-auth:
|
||||||
specifier: beta
|
specifier: 1.2.0
|
||||||
version: 1.2.0-beta.18(typescript@5.5.3)
|
version: 1.2.0(typescript@5.5.3)
|
||||||
bl:
|
bl:
|
||||||
specifier: 6.0.11
|
specifier: 6.0.11
|
||||||
version: 6.0.11
|
version: 6.0.11
|
||||||
@@ -580,8 +580,8 @@ importers:
|
|||||||
specifier: 5.1.1
|
specifier: 5.1.1
|
||||||
version: 5.1.1(encoding@0.1.13)
|
version: 5.1.1(encoding@0.1.13)
|
||||||
better-auth:
|
better-auth:
|
||||||
specifier: beta
|
specifier: 1.2.0
|
||||||
version: 1.2.0-beta.18(typescript@5.5.3)
|
version: 1.2.0(typescript@5.5.3)
|
||||||
bl:
|
bl:
|
||||||
specifier: 6.0.11
|
specifier: 6.0.11
|
||||||
version: 6.0.11
|
version: 6.0.11
|
||||||
@@ -3879,8 +3879,8 @@ packages:
|
|||||||
before-after-hook@2.2.3:
|
before-after-hook@2.2.3:
|
||||||
resolution: {integrity: sha512-NzUnlZexiaH/46WDhANlyR2bXRopNg4F/zuSA3OpZnllCUgRaOF2znDioDWrmbNVsuZk6l9pMquQB38cfBZwkQ==}
|
resolution: {integrity: sha512-NzUnlZexiaH/46WDhANlyR2bXRopNg4F/zuSA3OpZnllCUgRaOF2znDioDWrmbNVsuZk6l9pMquQB38cfBZwkQ==}
|
||||||
|
|
||||||
better-auth@1.2.0-beta.18:
|
better-auth@1.2.0:
|
||||||
resolution: {integrity: sha512-gEjNxmrkFiATTSTcE47rkyTT9vMFMLTjtLNun4W0IWmeqfi4pIbbWpo97foY1DNXXRDkDuajquoD58dzAatQxQ==}
|
resolution: {integrity: sha512-eIRGOXfix25bh4fgs8jslZAZssufpIkxfEeEokQu5G4wICoDee1wPctkFb8v80PvhtI4dPm28SuAoZaAdRc6Wg==}
|
||||||
|
|
||||||
better-call@1.0.3:
|
better-call@1.0.3:
|
||||||
resolution: {integrity: sha512-DUKImKoDIy5UtCvQbHTg0wuBRse6gu1Yvznn7+1B3I5TeY8sclRPFce0HI+4WF2bcb+9PqmkET8nXZubrHQh9A==}
|
resolution: {integrity: sha512-DUKImKoDIy5UtCvQbHTg0wuBRse6gu1Yvznn7+1B3I5TeY8sclRPFce0HI+4WF2bcb+9PqmkET8nXZubrHQh9A==}
|
||||||
@@ -10554,7 +10554,7 @@ snapshots:
|
|||||||
|
|
||||||
before-after-hook@2.2.3: {}
|
before-after-hook@2.2.3: {}
|
||||||
|
|
||||||
better-auth@1.2.0-beta.18(typescript@5.5.3):
|
better-auth@1.2.0(typescript@5.5.3):
|
||||||
dependencies:
|
dependencies:
|
||||||
'@better-auth/utils': 0.2.3
|
'@better-auth/utils': 0.2.3
|
||||||
'@better-fetch/fetch': 1.1.15
|
'@better-fetch/fetch': 1.1.15
|
||||||
|
|||||||
Reference in New Issue
Block a user