sami7777/dashcaddy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
dashcaddy/dashcaddy-api/routes/auth/keys.js
Krystie df3e8efdd0 Refactor auth routes: explicit dependency injection 
- Updated all auth route modules to use destructured dependencies
- Added JSDoc comments for factory functions
- Replaced ctx. references with direct parameter access
- Updated auth/index.js to extract and pass explicit dependencies
- sso-gate.js maintains session helper exports from session-handlers
- All files pass syntax validation

Files refactored:
- routes/auth/keys.js
- routes/auth/session-handlers.js
- routes/auth/sso-gate.js
- routes/auth/totp.js
- routes/auth/index.js (orchestrator)
2026-03-29 21:42:30 -07:00

139 lines
4.4 KiB
JavaScript
Raw Permalink Blame History

const express = require('express');
const { ValidationError, ForbiddenError, NotFoundError } = require('../../errors');
/**
* Auth API keys routes factory
* @param {Object} deps - Explicit dependencies
* @param {Object} deps.authManager - Auth manager
* @param {Function} deps.asyncHandler - Async route handler wrapper
* @param {Object} deps.log - Logger instance
* @returns {express.Router}
*/
module.exports = function({ authManager, asyncHandler, log }) {
const router = express.Router();
// Helper function to parse expiration strings to milliseconds
function parseExpiration(expStr) {
const match = expStr.match(/^(\d+)([smhdy])$/);
if (!match) return 24 * 60 * 60 * 1000; // default 24h
const value = parseInt(match[1], 10);
const unit = match[2];
const multipliers = {
s: 1000,
m: 60 * 1000,
h: 60 * 60 * 1000,
d: 24 * 60 * 60 * 1000,
y: 365 * 24 * 60 * 60 * 1000
};
return value * (multipliers[unit] || multipliers.h);
}
// List all API keys
router.get('/auth/keys', asyncHandler(async (req, res) => {
// Require session authentication (not API key - can't manage keys with key itself)
if (!req.auth || req.auth.type !== 'session') {
throw new ForbiddenError('API key management requires TOTP session authentication');
}
const keys = await authManager.listAPIKeys();
res.json({ success: true, keys });
}, 'auth-keys-list'));
// Generate new API key
router.post('/auth/keys', asyncHandler(async (req, res) => {
// Require session authentication
if (!req.auth || req.auth.type !== 'session') {
throw new ForbiddenError('API key generation requires TOTP session authentication');
}
const { name, scopes } = req.body;
if (!name || typeof name !== 'string' || name.trim().length === 0) {
throw new ValidationError('API key name is required', 'name');
}
// Validate scopes if provided
const validScopes = ['read', 'write', 'admin'];
if (scopes && (!Array.isArray(scopes) || !scopes.every(s => validScopes.includes(s)))) {
throw new ValidationError(`Invalid scopes. Valid options: ${validScopes.join(', ')}`, 'scopes');
}
const keyData = await authManager.generateAPIKey(
name.trim(),
scopes || ['read', 'write']
);
res.json({
success: true,
key: keyData.key,
id: keyData.id,
name: keyData.name,
scopes: keyData.scopes,
createdAt: keyData.createdAt,
warning: 'Save this key securely - it will not be shown again'
});
}, 'auth-keys-generate'));
// Revoke API key
router.delete('/auth/keys/:keyId', asyncHandler(async (req, res) => {
// Require session authentication
if (!req.auth || req.auth.type !== 'session') {
throw new ForbiddenError('API key revocation requires TOTP session authentication');
}
const { keyId } = req.params;
if (!keyId || typeof keyId !== 'string') {
throw new ValidationError('Key ID is required', 'keyId');
}
const success = await authManager.revokeAPIKey(keyId);
if (success) {
res.json({ success: true, message: 'API key revoked successfully' });
} else {
throw new NotFoundError(`API key ${keyId}`);
}
}, 'auth-keys-revoke'));
// Generate JWT from TOTP session
router.post('/auth/jwt', asyncHandler(async (req, res) => {
// Require session authentication
if (!req.auth || req.auth.type !== 'session') {
throw new ForbiddenError('JWT generation requires TOTP session authentication');
}
const { expiresIn, userId } = req.body;
// Validate expiresIn format if provided (e.g., '24h', '7d', '1y')
const validExpiresIn = /^(\d+[smhdy])$/.test(expiresIn || '24h');
if (expiresIn && !validExpiresIn) {
throw new ValidationError('Invalid expiresIn format. Use: 60s, 15m, 24h, 7d, 1y', 'expiresIn');
}
const token = await authManager.generateJWT(
{
sub: userId || 'dashcaddy-admin',
scope: ['admin'] // Session-generated JWTs have admin scope
},
expiresIn || '24h'
);
// Calculate expiration timestamp
const expiresInMs = parseExpiration(expiresIn || '24h');
const expiresAt = new Date(Date.now() + expiresInMs).toISOString();
res.json({
success: true,
token,
expiresAt,
usage: 'Include in Authorization header as: Bearer <token>'
});
}, 'auth-jwt-generate'));
return router;
};
Reference in New Issue View Git Blame Copy Permalink