sami7777/dashcaddy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b172a21b632dfe368df5ba24c8f7dbfab2987a64
dashcaddy/dashcaddy-api/routes/auth/keys.js
Krystie b172a21b63 Migrate 25 route files to throw-based error handling 
Converted routes:
- All auth routes (totp.js, keys.js, sso-gate.js)
- Recipe deployment routes (deploy.js, manage.js, index.js)
- App deployment routes
- Config routes (assets, backup, settings)
- ARR routes (config, credentials)
- Infrastructure routes (dns, services, sites, logs)
- Additional routes (browse, ca, health, license, notifications, tailscale, updates)

Changes:
- Replaced ctx.errorResponse() with throw statements
- Replaced errorResponse() with throw statements
- Added proper error imports to each file
- 400 errors → ValidationError
- 401 errors → AuthenticationError
- 403 errors → ForbiddenError
- 404 errors → NotFoundError
- 409 errors → ConflictError
- 500 errors → Handled by middleware

Result: 25 files migrated, ~150 error responses standardized
2026-03-29 18:53:03 -07:00

131 lines
4.1 KiB
JavaScript
Raw Blame History

const express = require('express');
const { ValidationError, ForbiddenError, NotFoundError } = require('../../errors');
module.exports = function(ctx) {
const router = express.Router();
// Helper function to parse expiration strings to milliseconds
function parseExpiration(expStr) {
const match = expStr.match(/^(\d+)([smhdy])$/);
if (!match) return 24 * 60 * 60 * 1000; // default 24h
const value = parseInt(match[1], 10);
const unit = match[2];
const multipliers = {
s: 1000,
m: 60 * 1000,
h: 60 * 60 * 1000,
d: 24 * 60 * 60 * 1000,
y: 365 * 24 * 60 * 60 * 1000
};
return value * (multipliers[unit] || multipliers.h);
}
// List all API keys
router.get('/auth/keys', ctx.asyncHandler(async (req, res) => {
// Require session authentication (not API key - can't manage keys with key itself)
if (!req.auth || req.auth.type !== 'session') {
throw new ForbiddenError('API key management requires TOTP session authentication');
}
const keys = await ctx.authManager.listAPIKeys();
res.json({ success: true, keys });
}, 'auth-keys-list'));
// Generate new API key
router.post('/auth/keys', ctx.asyncHandler(async (req, res) => {
// Require session authentication
if (!req.auth || req.auth.type !== 'session') {
throw new ForbiddenError('API key generation requires TOTP session authentication');
}
const { name, scopes } = req.body;
if (!name || typeof name !== 'string' || name.trim().length === 0) {
throw new ValidationError('API key name is required', 'name');
}
// Validate scopes if provided
const validScopes = ['read', 'write', 'admin'];
if (scopes && (!Array.isArray(scopes) || !scopes.every(s => validScopes.includes(s)))) {
throw new ValidationError(`Invalid scopes. Valid options: ${validScopes.join(', ')}`, 'scopes');
}
const keyData = await ctx.authManager.generateAPIKey(
name.trim(),
scopes || ['read', 'write']
);
res.json({
success: true,
key: keyData.key,
id: keyData.id,
name: keyData.name,
scopes: keyData.scopes,
createdAt: keyData.createdAt,
warning: 'Save this key securely - it will not be shown again'
});
}, 'auth-keys-generate'));
// Revoke API key
router.delete('/auth/keys/:keyId', ctx.asyncHandler(async (req, res) => {
// Require session authentication
if (!req.auth || req.auth.type !== 'session') {
throw new ForbiddenError('API key revocation requires TOTP session authentication');
}
const { keyId } = req.params;
if (!keyId || typeof keyId !== 'string') {
throw new ValidationError('Key ID is required', 'keyId');
}
const success = await ctx.authManager.revokeAPIKey(keyId);
if (success) {
res.json({ success: true, message: 'API key revoked successfully' });
} else {
throw new NotFoundError(`API key ${keyId}`);
}
}, 'auth-keys-revoke'));
// Generate JWT from TOTP session
router.post('/auth/jwt', ctx.asyncHandler(async (req, res) => {
// Require session authentication
if (!req.auth || req.auth.type !== 'session') {
throw new ForbiddenError('JWT generation requires TOTP session authentication');
}
const { expiresIn, userId } = req.body;
// Validate expiresIn format if provided (e.g., '24h', '7d', '1y')
const validExpiresIn = /^(\d+[smhdy])$/.test(expiresIn || '24h');
if (expiresIn && !validExpiresIn) {
throw new ValidationError('Invalid expiresIn format. Use: 60s, 15m, 24h, 7d, 1y', 'expiresIn');
}
const token = await ctx.authManager.generateJWT(
{
sub: userId || 'dashcaddy-admin',
scope: ['admin'] // Session-generated JWTs have admin scope
},
expiresIn || '24h'
);
// Calculate expiration timestamp
const expiresInMs = parseExpiration(expiresIn || '24h');
const expiresAt = new Date(Date.now() + expiresInMs).toISOString();
res.json({
success: true,
token,
expiresAt,
usage: 'Include in Authorization header as: Bearer <token>'
});
}, 'auth-jwt-generate'));
return router;
};
Reference in New Issue View Git Blame Copy Permalink