jordan/rdev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d91bfc50fa
rdev/internal/port/apikey_repository.go
jordan 4f01015132
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
feat: implement project access enforcement and management API 
- Fix no-op RequireProjectAccess middleware to enforce project_ids
- Apply project access middleware to all project-scoped routes
- Filter GET /projects by allowed project IDs for restricted keys
- Add GET /me endpoint with key identity, scopes, and project access info
- Add PATCH /keys/{id} for partial key updates (name, scopes, project_ids, allowed_ips, expires_in)
- Add GET/POST/DELETE /projects/{id}/access for project-centric access management
- Auto-grant creating key access when using POST /project/create-and-build
- Accept grant_to_key_ids in create-and-build to grant multiple keys on project creation
- Move newProvisionerWithDeps test helper from production code to test file

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-21 15:38:37 -07:00

46 lines
1.6 KiB
Go
Raw Blame History

package port
import (
"context"
"time"
"github.com/orchard9/rdev/internal/domain"
)
// APIKeyUpdate contains mutable fields for updating an API key.
// A nil pointer means "don't change" that field.
type APIKeyUpdate struct {
Name *string
Scopes []domain.Scope // nil = don't change; non-nil = replace
ProjectIDs *[]domain.ProjectID // nil ptr = don't change; ptr to nil slice = unrestricted
AllowedIPs *[]string // nil ptr = don't change; ptr to nil slice = no restriction
ExpiresAt **time.Time // nil ptr = don't change; ptr to nil ptr = remove expiry
}
// APIKeyRepository defines operations for managing API keys.
type APIKeyRepository interface {
// Create stores a new API key.
Create(ctx context.Context, key *domain.APIKey, keyHash string) error
// GetByHash retrieves an API key by its hash.
GetByHash(ctx context.Context, keyHash string) (*domain.APIKey, error)
// Get retrieves an API key by ID.
Get(ctx context.Context, id domain.APIKeyID) (*domain.APIKey, error)
// List returns all API keys (without secrets).
List(ctx context.Context) ([]*domain.APIKey, error)
// Revoke marks an API key as revoked.
Revoke(ctx context.Context, id domain.APIKeyID) error
// UpdateLastUsed updates the last used timestamp for a key.
UpdateLastUsed(ctx context.Context, id domain.APIKeyID) error
// Update applies a partial update to an API key.
Update(ctx context.Context, id domain.APIKeyID, update APIKeyUpdate) error
// ListByProjectID returns all active keys that have the given project ID in their project_ids.
ListByProjectID(ctx context.Context, projectID domain.ProjectID) ([]*domain.APIKey, error)
}
Reference in New Issue View Git Blame Copy Permalink