Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(api): updated functionality of API key #114

Merged
merged 14 commits into from
Feb 7, 2024
Merged

Conversation

rajdip-b
Copy link
Member

@rajdip-b rajdip-b commented Feb 7, 2024

Type

enhancement, bug_fix


Description

  • Introduced RequiredApiKeyAuthorities decorator for authority checks on various API operations.
  • Enhanced AuthGuard to support API key authentication and added ApiKeyGuard for authority checks.
  • Updated API key related DTOs and services to handle authorities.
  • Added new Authority enum values and updated database schema to include authorities field in ApiKey model.
  • Updated GitHub Actions workflows to use Codecov v4 and configured Codecov with flags for different test suites.

Changes walkthrough

Relevant files
Enhancement
18 files
api-key.e2e.spec.ts
Enhance API Key E2E Tests with Authority Checks                               

apps/api/src/api-key/api-key.e2e.spec.ts

  • Added apiKeyValue variable to store the API key value.
  • Included authorities field in API key creation and update payloads.
  • Implemented new test cases for API key authority validation and usage.
  • +46/-1   
    api-key.controller.ts
    Secure API Key Operations with Authority Checks                               

    apps/api/src/api-key/controller/api-key.controller.ts

  • Introduced RequiredApiKeyAuthorities decorator for authority checks on
    API key operations.
  • Updated import paths for AdminGuard.
  • +8/-2     
    create.api-key.ts
    Update CreateApiKey DTO to Support Authorities                                 

    apps/api/src/api-key/dto/create.api-key/create.api-key.ts

  • Made expiresAfter optional and added authorities field to CreateApiKey
    DTO.
  • +8/-3     
    api-key.service.ts
    Implement Authorities Handling in ApiKeyService                               

    apps/api/src/api-key/service/api-key.service.ts

  • Added support for handling authorities in API key creation and update.
  • +16/-1   
    auth.types.ts
    Extend AuthenticatedUserContext for API Key Support                       

    apps/api/src/auth/auth.types.ts

  • Extended AuthenticatedUserContext to include API key authentication
    details.
  • +6/-1     
    admin.guard.ts
    Implement AdminGuard for Admin Role Checks                                         

    apps/api/src/auth/guard/admin/admin.guard.ts

    • Implemented AdminGuard for admin role checks.
    +16/-1   
    api-key.guard.ts
    Implement ApiKeyGuard for API Key Authority Checks                         

    apps/api/src/auth/guard/api-key/api-key.guard.ts

    • Implemented ApiKeyGuard for API key authority checks.
    +71/-0   
    auth.guard.ts
    Enhance AuthGuard for API Key Authentication Support                     

    apps/api/src/auth/guard/auth/auth.guard.ts

    • Enhanced AuthGuard to support API key authentication.
    +64/-19 
    forbid-api-key.decorator.ts
    Introduce ForbidApiKey Decorator                                                             

    apps/api/src/decorators/forbid-api-key.decorator.ts

    • Introduced ForbidApiKey decorator to restrict API key usage.
    +5/-0     
    required-api-key-authorities.decorator.ts
    Introduce RequiredApiKeyAuthorities Decorator                                   

    apps/api/src/decorators/required-api-key-authorities.decorator.ts

  • Introduced RequiredApiKeyAuthorities decorator for authority checks.
  • +7/-0     
    environment.controller.ts
    Secure Environment Controller with Authority Checks                       

    apps/api/src/environment/controller/environment.controller.ts

  • Added RequiredApiKeyAuthorities decorator to environment controller
    methods.
  • +8/-2     
    project.controller.ts
    Secure Project Controller with Authority Checks                               

    apps/api/src/project/controller/project.controller.ts

  • Added RequiredApiKeyAuthorities decorator to project controller
    methods.
  • +8/-2     
    secret.controller.ts
    Secure Secret Controller with Authority Checks                                 

    apps/api/src/secret/controller/secret.controller.ts

  • Added RequiredApiKeyAuthorities decorator to secret controller
    methods.
  • +14/-2   
    user.controller.ts
    Secure User Controller with Authority Checks and API Key Restrictions

    apps/api/src/user/controller/user.controller.ts

  • Added RequiredApiKeyAuthorities and ForbidApiKey decorators to user
    controller methods.
  • +7/-2     
    workspace-role.controller.ts
    Secure WorkspaceRole Controller with Authority Checks                   

    apps/api/src/workspace-role/controller/workspace-role.controller.ts

  • Added RequiredApiKeyAuthorities decorator to workspace-role controller
    methods.
  • +9/-2     
    workspace.controller.ts
    Secure Workspace Controller with Authority Checks                           

    apps/api/src/workspace/controller/workspace.controller.ts

  • Added RequiredApiKeyAuthorities decorator to workspace controller
    methods.
  • +18/-2   
    migration.sql
    Database Migration for ApiKey Authorities                                           

    apps/api/src/prisma/migrations/20240207074807_modify_api_key/migration.sql

  • Added new values to Authority enum and added authorities column to
    ApiKey table.
  • +13/-0   
    schema.prisma
    Update Prisma Schema for ApiKey Authorities                                       

    apps/api/src/prisma/schema.prisma

  • Updated ApiKey model to include authorities field.
  • Added new Authority enum values.
  • +10/-7   
    Configuration changes
    6 files
    app.module.ts
    Register ApiKeyGuard as Global Guard                                                     

    apps/api/src/app/app.module.ts

    • Registered ApiKeyGuard as a global guard.
    +6/-1     
    api.yaml
    Update GitHub Actions Workflow for API with Codecov v4                 

    .github/workflows/api.yaml

  • Updated Codecov action to v4 and added separate steps for unit and e2e
    test coverage reports.
  • +16/-3   
    web.yaml
    Update GitHub Actions Workflow for Web with Codecov Flags           

    .github/workflows/web.yaml

  • Added flags option to Codecov action and updated to use needs for
    deploy-stage job.
  • +3/-0     
    project.json
    Enable Code Coverage for API Tests                                                         

    apps/api/project.json

  • Enabled code coverage for API unit and e2e tests with separate
    coverage directories.
  • +7/-0     
    codecov.yml
    Configure Codecov with Flags and Coverage Targets                           

    codecov.yml

  • Configured Codecov with flags for different test suites and coverage
    targets.
  • +41/-0   
    package.json
    Update NPM Scripts for API Test Coverage                                             

    package.json

    • Updated scripts for API tests to enable code coverage.
    +1/-1     
    Tests
    3 files
    admin.guard.spec.ts
    Add Tests for AdminGuard                                                                             

    apps/api/src/auth/guard/admin/admin.guard.spec.ts

    • Added test suite for AdminGuard.
    +8/-1     
    api-key.guard.spec.ts
    Add Tests for ApiKeyGuard                                                                           

    apps/api/src/auth/guard/api-key/api-key.guard.spec.ts

    • Added test suite for ApiKeyGuard.
    +7/-0     
    auth.guard.spec.ts
    Add Tests for AuthGuard                                                                               

    apps/api/src/auth/guard/auth/auth.guard.spec.ts

    • Added test suite for AuthGuard.
    +8/-1     
    Bug_fix
    1 files
    add-hours-to-date.ts
    Make Hours Parameter Optional in addHoursToDate                               

    apps/api/src/common/add-hours-to-date.ts

    • Made hours parameter optional in addHoursToDate function.
    +1/-1     

    ✨ Usage guide:

    Overview:
    The describe tool scans the PR code changes, and generates a description for the PR - title, type, summary, walkthrough and labels. The tool can be triggered automatically every time a new PR is opened, or can be invoked manually by commenting on a PR.

    When commenting, to edit configurations related to the describe tool (pr_description section), use the following template:

    /describe --pr_description.some_config1=... --pr_description.some_config2=...
    

    With a configuration file, use the following template:

    [pr_description]
    some_config1=...
    some_config2=...
    
    Enabling\disabling automation
    • When you first install the app, the default mode for the describe tool is:
    pr_commands = ["/describe --pr_description.add_original_user_description=true" 
                             "--pr_description.keep_original_user_title=true", ...]
    

    meaning the describe tool will run automatically on every PR, will keep the original title, and will add the original user description above the generated description.

    • Markers are an alternative way to control the generated description, to give maximal control to the user. If you set:
    pr_commands = ["/describe --pr_description.use_description_markers=true", ...]
    

    the tool will replace every marker of the form pr_agent:marker_name in the PR description with the relevant content, where marker_name is one of the following:

    • type: the PR type.
    • summary: the PR summary.
    • walkthrough: the PR walkthrough.

    Note that when markers are enabled, if the original PR description does not contain any markers, the tool will not alter the description at all.

    Custom labels

    The default labels of the describe tool are quite generic: [Bug fix, Tests, Enhancement, Documentation, Other].

    If you specify custom labels in the repo's labels page or via configuration file, you can get tailored labels for your use cases.
    Examples for custom labels:

    • Main topic:performance - pr_agent:The main topic of this PR is performance
    • New endpoint - pr_agent:A new endpoint was added in this PR
    • SQL query - pr_agent:A new SQL query was added in this PR
    • Dockerfile changes - pr_agent:The PR contains changes in the Dockerfile
    • ...

    The list above is eclectic, and aims to give an idea of different possibilities. Define custom labels that are relevant for your repo and use cases.
    Note that Labels are not mutually exclusive, so you can add multiple label categories.
    Make sure to provide proper title, and a detailed and well-phrased description for each label, so the tool will know when to suggest it.

    Inline File Walkthrough 💎

    For enhanced user experience, the describe tool can add file summaries directly to the "Files changed" tab in the PR page.
    This will enable you to quickly understand the changes in each file, while reviewing the code changes (diffs).

    To enable inline file summary, set pr_description.inline_file_summary in the configuration file, possible values are:

    • 'table': File changes walkthrough table will be displayed on the top of the "Files changed" tab, in addition to the "Conversation" tab.
    • true: A collapsable file comment with changes title and a changes summary for each file in the PR.
    • false (default): File changes walkthrough will be added only to the "Conversation" tab.
    Utilizing extra instructions

    The describe tool can be configured with extra instructions, to guide the model to a feedback tailored to the needs of your project.

    Be specific, clear, and concise in the instructions. With extra instructions, you are the prompter. Notice that the general structure of the description is fixed, and cannot be changed. Extra instructions can change the content or style of each sub-section of the PR description.

    Examples for extra instructions:

    [pr_description] 
    extra_instructions="""
    - The PR title should be in the format: '<PR type>: <title>'
    - The title should be short and concise (up to 10 words)
    - ...
    """
    

    Use triple quotes to write multi-line instructions. Use bullet points to make the instructions more readable.

    More PR-Agent commands

    To invoke the PR-Agent, add a comment using one of the following commands:

    • /review: Request a review of your Pull Request.
    • /describe: Update the PR title and description based on the contents of the PR.
    • /improve [--extended]: Suggest code improvements. Extended mode provides a higher quality feedback.
    • /ask <QUESTION>: Ask a question about the PR.
    • /update_changelog: Update the changelog based on the PR's contents.
    • /add_docs 💎: Generate docstring for new components introduced in the PR.
    • /generate_labels 💎: Generate labels for the PR based on the PR's contents.
    • /analyze 💎: Automatically analyzes the PR, and presents changes walkthrough for each component.

    See the tools guide for more details.
    To list the possible configuration parameters, add a /config comment.

    See the describe usage page for a comprehensive guide on using this tool.

    Copy link

    nx-cloud bot commented Feb 7, 2024

    ☁️ Nx Cloud Report

    CI is running/has finished running commands for commit 851a342. As they complete they will appear below. Click to see the status, the terminal output, and the build insights.

    📂 See all runs for this CI Pipeline Execution


    ✅ Successfully ran 4 targets

    Sent with 💌 from NxCloud.

    @codiumai-pr-agent-free codiumai-pr-agent-free bot added type: enhancement New feature or request bug_fix labels Feb 7, 2024
    Copy link
    Contributor

    PR Description updated to latest commit (8269d62)

    Copy link
    Contributor

    PR Analysis

    • 🎯 Main theme: Refactoring and enhancement of API key functionality
    • 📝 PR summary: This PR introduces a significant refactor and enhancement of the API key functionality. It introduces a new decorator for authority checks on various API operations, enhances the AuthGuard to support API key authentication, and updates the API key related DTOs and services to handle authorities. It also includes updates to the database schema and GitHub Actions workflows.
    • 📌 Type of PR: Enhancement
    • 🧪 Relevant tests added: Yes
    • ⏱️ Estimated effort to review [1-5]: 4, because the PR involves significant changes to the authentication and authorization system, which requires careful review to ensure security and functionality. The PR is also quite large, affecting many files and adding new functionality.
    • 🔒 Security concerns: No

    PR Feedback

    💡 General suggestions: The PR is well-structured and includes a good amount of detail in the description. The changes appear to be well thought out and implemented. However, it would be beneficial to include more comments in the code to explain the purpose and functionality of new methods and decorators. This would make the code easier to understand and maintain in the future.


    ✨ Usage guide:

    Overview:
    The review tool scans the PR code changes, and generates a PR review. The tool can be triggered automatically every time a new PR is opened, or can be invoked manually by commenting on any PR.
    When commenting, to edit configurations related to the review tool (pr_reviewer section), use the following template:

    /review --pr_reviewer.some_config1=... --pr_reviewer.some_config2=...
    

    With a configuration file, use the following template:

    [pr_reviewer]
    some_config1=...
    some_config2=...
    
    Utilizing extra instructions

    The review tool can be configured with extra instructions, which can be used to guide the model to a feedback tailored to the needs of your project.

    Be specific, clear, and concise in the instructions. With extra instructions, you are the prompter. Specify the relevant sub-tool, and the relevant aspects of the PR that you want to emphasize.

    Examples for extra instructions:

    [pr_reviewer] # /review #
    extra_instructions="""
    In the 'general suggestions' section, emphasize the following:
    - Does the code logic cover relevant edge cases?
    - Is the code logic clear and easy to understand?
    - Is the code logic efficient?
    ...
    """
    

    Use triple quotes to write multi-line instructions. Use bullet points to make the instructions more readable.

    How to enable\disable automation
    • When you first install PR-Agent app, the default mode for the review tool is:
    pr_commands = ["/review", ...]
    

    meaning the review tool will run automatically on every PR, with the default configuration.
    Edit this field to enable/disable the tool, or to change the used configurations

    Auto-labels

    The review tool can auto-generate two specific types of labels for a PR:

    • a possible security issue label, that detects possible security issues (enable_review_labels_security flag)
    • a Review effort [1-5]: x label, where x is the estimated effort to review the PR (enable_review_labels_effort flag)
    Extra sub-tools

    The review tool provides a collection of possible feedbacks about a PR.
    It is recommended to review the possible options, and choose the ones relevant for your use case.
    Some of the feature that are disabled by default are quite useful, and should be considered for enabling. For example:
    require_score_review, require_soc2_ticket, and more.

    Auto-approve PRs

    By invoking:

    /review auto_approve
    

    The tool will automatically approve the PR, and add a comment with the approval.

    To ensure safety, the auto-approval feature is disabled by default. To enable auto-approval, you need to actively set in a pre-defined configuration file the following:

    [pr_reviewer]
    enable_auto_approval = true
    

    (this specific flag cannot be set with a command line argument, only in the configuration file, committed to the repository)

    You can also enable auto-approval only if the PR meets certain requirements, such as that the estimated_review_effort is equal or below a certain threshold, by adjusting the flag:

    [pr_reviewer]
    maximal_review_effort = 5
    
    More PR-Agent commands

    To invoke the PR-Agent, add a comment using one of the following commands:

    • /review: Request a review of your Pull Request.
    • /describe: Update the PR title and description based on the contents of the PR.
    • /improve [--extended]: Suggest code improvements. Extended mode provides a higher quality feedback.
    • /ask <QUESTION>: Ask a question about the PR.
    • /update_changelog: Update the changelog based on the PR's contents.
    • /add_docs 💎: Generate docstring for new components introduced in the PR.
    • /generate_labels 💎: Generate labels for the PR based on the PR's contents.
    • /analyze 💎: Automatically analyzes the PR, and presents changes walkthrough for each component.

    See the tools guide for more details.
    To list the possible configuration parameters, add a /config comment.

    See the review usage page for a comprehensive guide on using this tool.

    Copy link
    Contributor

    PR Code Suggestions

    Suggestions                                                                                                                                                     
    enhancement
    Use a specific type or enum for expiresAfter values.            

    Consider using a more specific type or enum for expiresAfter instead of a generic string
    to ensure only valid values are used.

    apps/api/src/api-key/api-key.e2e.spec.ts [55]

    -expiresAfter: '24',
    +expiresAfter: ExpiresAfterType.TWENTY_FOUR_HOURS,
     
    Validate authorities array elements against the Authority enum.

    Add validation to the authorities array to ensure it only contains valid values from the
    Authority enum.

    apps/api/src/api-key/dto/create.api-key/create.api-key.ts [14]

    +@IsEnum(Authority, { each: true })
     authorities?: Authority[] = []
     
    Wrap API key creation in a transaction for atomicity.                        

    Use a transaction when creating or updating an API key to ensure atomicity of the
    operation.

    apps/api/src/api-key/service/api-key.service.ts [20]

    -return this.prisma.apiKey.create({
    +return this.prisma.$transaction(async (prisma) => {
    +  return prisma.apiKey.create({
     
    Assert authorities field in API key responses.                  

    Add assertions for the authorities field in the API key creation and update response to
    ensure it's being set and returned correctly.

    apps/api/src/api-key/api-key.e2e.spec.ts [68]

    -authorities: ['READ_API_KEY'],
    +authorities: expect.arrayContaining(['READ_API_KEY']),
     
    Add error details to ForbiddenException for better context.                  

    Consider adding error details in the ForbiddenException to provide more context about why
    the request is forbidden. This can help with debugging and user feedback.

    apps/api/src/auth/guard/auth/auth.guard.ts [50]

    -throw new ForbiddenException()
    +throw new ForbiddenException('E2E user email header is missing.')
     
    Use specific exceptions for different authentication failures.               

    Consider using a more specific exception instead of ForbiddenException for different
    authentication failure scenarios (e.g., ApiKeyNotFoundException,
    InvalidJwtTokenException). This can improve error handling and provide clearer feedback to
    the client.

    apps/api/src/auth/guard/auth/auth.guard.ts [77]

    -throw new ForbiddenException()
    +throw new ApiKeyNotFoundException('API key is not found or invalid.')
     
    maintainability
    Refactor authority check into a separate method for clarity.                 

    Extract the logic for checking API key authorities into a separate method to improve
    readability and maintainability.

    apps/api/src/auth/guard/api-key/api-key.guard.ts [61-66]

    -for (const requiredAuthority of requiredAuthorities) {
    -  if (!user.apiKeyAuthorities.has(requiredAuthority)) {
    -    throw new UnauthorizedException(
    -      `The API key is missing the required authority: ${requiredAuthority}`
    -    )
    -  }
    +if (!this.hasRequiredAuthorities(user.apiKeyAuthorities, requiredAuthorities)) {
    +  throw new UnauthorizedException('The API key is missing one or more required authorities.')
     }
     
    +// In the same class, add the new method:
    +private hasRequiredAuthorities(userAuthorities: Set<Authority>, requiredAuthorities: Authority[]): boolean {
    +  return requiredAuthorities.every(authority => userAuthorities.has(authority));
    +}
    +
    Abstract authentication logic into separate methods for maintainability.     

    For better maintainability, consider abstracting the logic for extracting and verifying
    API keys and JWT tokens into separate methods or services. This can make the AuthGuard
    class cleaner and easier to test.

    apps/api/src/auth/guard/auth/auth.guard.ts [61-103]

     if (authType === 'API_KEY') {
    +    this.authenticateWithApiKey(request);
    +...
    +private authenticateWithApiKey(request: Request): Promise<AuthenticatedUserContext> {
    +    // Implementation...
    +}
     
    Add descriptions to model fields for clarity.                                

    For the ApiKey model, consider adding a description to the authorities field to explain
    its purpose and usage within the application. This can improve code readability and
    maintainability.

    apps/api/src/prisma/schema.prisma [235]

    -authorities Authority[]
    +authorities Authority[] // Authorities granted to the API key
     
    best practice
    Use environment variables for header keys for configurability and security.  

    Use environment variables for X_E2E_USER_EMAIL, X_KEYSHADE_TOKEN, and AUTHORIZATION to
    avoid hardcoding values and to enhance configurability and security.

    apps/api/src/auth/guard/auth/auth.guard.ts [17-19]

    -const X_E2E_USER_EMAIL = 'x-e2e-user-email'
    -const X_KEYSHADE_TOKEN = 'x-keyshade-token'
    -const AUTHORIZATION = 'authorization'
    +const X_E2E_USER_EMAIL = process.env.X_E2E_USER_EMAIL || 'x-e2e-user-email'
    +const X_KEYSHADE_TOKEN = process.env.X_KEYSHADE_TOKEN || 'x-keyshade-token'
    +const AUTHORIZATION = process.env.AUTHORIZATION || 'authorization'
     
    Use specific HTTP status codes for clarity and correctness.                  

    Consider using a more specific HTTP status code instead of the default for the
    createWorkspaceRole method. For example, use @HttpCode(HttpStatus.CREATED) to indicate
    that a resource was successfully created.

    apps/api/src/workspace-role/controller/workspace-role.controller.ts [24-26]

     @Post(':workspaceId')
    +@HttpCode(HttpStatus.CREATED)
     @RequiredApiKeyAuthorities(Authority.CREATE_WORKSPACE_ROLE)
     async createWorkspaceRole(
     
    Use consistent action versions in GitHub workflows.                          

    To ensure consistency and avoid potential errors, use the same version of
    codecov/codecov-action across all workflow steps. Currently, there's a mix of versions v3
    and v4 used in different jobs.

    .github/workflows/api.yaml [64]

    -uses: codecov/codecov-action@v4
    +uses: codecov/codecov-action@v3
     
    possible issue
    Align the parameter type with its usage in addHoursToDate function.          

    Ensure the hours parameter type aligns with its usage. If it's intended to be a string
    that represents a number, consider parsing it to a number inside the function or changing
    the parameter type to number.

    apps/api/src/common/add-hours-to-date.ts [1]

    -export const addHoursToDate = (hours?: string): Date | undefined => {
    +export const addHoursToDate = (hours?: number): Date | undefined => {
     
    Manage potential migration impacts on production databases.                  

    Ensure to handle potential downtime or inconsistencies during the migration process,
    especially when adding new values to enums in a production database. Consider using a
    phased approach or feature flags to manage the transition smoothly.

    apps/api/src/prisma/migrations/20240207074807_modify_api_key/migration.sql [9-10]

    -ALTER TYPE "Authority" ADD VALUE 'READ_SELF';
    -ALTER TYPE "Authority" ADD VALUE 'UPDATE_SELF';
    +-- Example phased approach or feature flag management not directly applicable in SQL
     

    ✨ Usage guide:

    Overview:
    The improve tool scans the PR code changes, and automatically generates suggestions for improving the PR code. The tool can be triggered automatically every time a new PR is opened, or can be invoked manually by commenting on a PR.
    When commenting, to edit configurations related to the improve tool (pr_code_suggestions section), use the following template:

    /improve --pr_code_suggestions.some_config1=... --pr_code_suggestions.some_config2=...
    

    With a configuration file, use the following template:

    [pr_code_suggestions]
    some_config1=...
    some_config2=...
    
    Enabling\disabling automation

    When you first install the app, the default mode for the improve tool is:

    pr_commands = ["/improve --pr_code_suggestions.summarize=true", ...]
    

    meaning the improve tool will run automatically on every PR, with summarization enabled. Delete this line to disable the tool from running automatically.

    Utilizing extra instructions

    Extra instructions are very important for the improve tool, since they enable to guide the model to suggestions that are more relevant to the specific needs of the project.

    Be specific, clear, and concise in the instructions. With extra instructions, you are the prompter. Specify relevant aspects that you want the model to focus on.

    Examples for extra instructions:

    [pr_code_suggestions] # /improve #
    extra_instructions="""
    Emphasize the following aspects:
    - Does the code logic cover relevant edge cases?
    - Is the code logic clear and easy to understand?
    - Is the code logic efficient?
    ...
    """
    

    Use triple quotes to write multi-line instructions. Use bullet points to make the instructions more readable.

    A note on code suggestions quality
    • While the current AI for code is getting better and better (GPT-4), it's not flawless. Not all the suggestions will be perfect, and a user should not accept all of them automatically.
    • Suggestions are not meant to be simplistic. Instead, they aim to give deep feedback and raise questions, ideas and thoughts to the user, who can then use his judgment, experience, and understanding of the code base.
    • Recommended to use the 'extra_instructions' field to guide the model to suggestions that are more relevant to the specific needs of the project, or use the custom suggestions 💎 tool
    • With large PRs, best quality will be obtained by using 'improve --extended' mode.
    More PR-Agent commands

    To invoke the PR-Agent, add a comment using one of the following commands:

    • /review: Request a review of your Pull Request.
    • /describe: Update the PR title and description based on the contents of the PR.
    • /improve [--extended]: Suggest code improvements. Extended mode provides a higher quality feedback.
    • /ask <QUESTION>: Ask a question about the PR.
    • /update_changelog: Update the changelog based on the PR's contents.
    • /add_docs 💎: Generate docstring for new components introduced in the PR.
    • /generate_labels 💎: Generate labels for the PR based on the PR's contents.
    • /analyze 💎: Automatically analyzes the PR, and presents changes walkthrough for each component.

    See the tools guide for more details.
    To list the possible configuration parameters, add a /config comment.

    See the improve usage page for a more comprehensive guide on using this tool.

    Copy link

    codecov bot commented Feb 7, 2024

    Codecov Report

    Attention: 17 lines in your changes are missing coverage. Please review.

    Comparison is base (ae73e7a) 31.22% compared to head (3e71d23) 54.01%.

    ❗ Current head 3e71d23 differs from pull request most recent head 851a342. Consider uploading reports for the commit 851a342 to get more accurate results

    Files Patch % Lines
    apps/api/src/auth/guard/auth/auth.guard.ts 65.78% 13 Missing ⚠️
    apps/api/src/api-key/service/api-key.service.ts 50.00% 2 Missing ⚠️
    apps/api/src/auth/guard/api-key/api-key.guard.ts 92.30% 2 Missing ⚠️
    Additional details and impacted files
    @@             Coverage Diff              @@
    ##           develop     #114       +/-   ##
    ============================================
    + Coverage    31.22%   54.01%   +22.78%     
    ============================================
      Files           54       72       +18     
      Lines         1156     1346      +190     
      Branches       210      229       +19     
    ============================================
    + Hits           361      727      +366     
    + Misses         795      619      -176     
    Flag Coverage Δ
    api-e2e-tests 54.01% <83.49%> (?)
    api-unit-tests 54.01% <83.49%> (?)

    Flags with carried forward coverage won't be shown. Click here to find out more.

    ☔ View full report in Codecov by Sentry.
    📢 Have feedback on the report? Share it here.

    @rajdip-b rajdip-b changed the title patch(api): refactored functionality of API key feat(api): updated functionality of API key Feb 7, 2024
    Copy link

    sonarqubecloud bot commented Feb 7, 2024

    Quality Gate Failed Quality Gate failed

    Failed conditions

    5.2% Duplication on New Code (required ≤ 3%)
    25 Duplicated Lines on New Code (required ≤ 20)

    See analysis details on SonarCloud

    @rajdip-b rajdip-b merged commit 308fbf4 into develop Feb 7, 2024
    11 of 12 checks passed
    @rajdip-b rajdip-b deleted the refactor/api-keys branch February 7, 2024 09:23
    rajdip-b pushed a commit that referenced this pull request Feb 9, 2024
    ## 1.0.0 (2024-02-09)
    
    ### ⚠ BREAKING CHANGES
    
    * **api:** update workspace role mechanism and added functionality to create custom roles
    
    ### 🚀 Features
    
    * add api-keys module ([abb2863](abb2863))
    * add project module ([c96df17](c96df17))
    * add project, environment module ([fd5c4d7](fd5c4d7))
    * Add RBAC ([b4cb14f](b4cb14f))
    * add secret module ([cd79172](cd79172))
    * add swagger ([b15dbb0](b15dbb0))
    * added the auto assign workflow yaml file ([eadca0c](eadca0c))
    * added the auto assign workflow yaml file ([5e1d0f1](5e1d0f1))
    * **api:** add user module ([ebfb2ec](ebfb2ec))
    * **api:** add workspace module ([504f0db](504f0db))
    * **api:** update workspace role mechanism and added functionality to create custom roles ([6144aea](6144aea))
    * **api:** updated functionality of API key ([#114](#114)) ([308fbf4](308fbf4))
    * AutoCreate Admin On Startup ([#101](#101)) ([32fac3e](32fac3e))
    * create user endpoint ([53913f5](53913f5))
    * dockerize api ([ce8ee23](ce8ee23))
    * dockerize api ([dfbc58e](dfbc58e))
    * dockerize api ([63f0a27](63f0a27))
    * dockerize api ([265cec0](265cec0))
    * dockerize api ([ed595c7](ed595c7))
    * dockerize api ([6b756e8](6b756e8))
    * finish environment module ([aaf6783](aaf6783))
    * husky configured ([77bba02](77bba02))
    * invalidate older OTPs ([8ca222a](8ca222a))
    * landing page ([e1ec4d1](e1ec4d1))
    * **nx-cloud:** setup nx workspace ([#108](#108)) ([cb61d45](cb61d45))
    * **oauth:** add github oauth ([5b930a1](5b930a1))
    * **oauth:** get 'name' and 'avatar' of the user ([20e8dbf](20e8dbf))
    * responsive landing ([97bbb0c](97bbb0c))
    
    ### 🐛 Bug Fixes
    
    * **api:** addressed logical errors ([fc14179](fc14179))
    * **api:** removed api-keys.types.ts ([2b5b1f8](2b5b1f8))
    * **api:** update role based access ([5e3456c](5e3456c))
    * fix syntax error in auto-assign.yaml ([e59d410](e59d410))
    * indendation errors ([8212d59](8212d59))
    * issue auto assign cannot read properties of undefined assignees ([0ecc749](0ecc749))
    * **landing-page:** Make mobile responsive ([3fd5a1d](3fd5a1d)), closes [#41](#41)
    * **landing-page:** Make mobile responsive ([0596473](0596473)), closes [#41](#41)
    * **landing-page:** Make mobile responsive  ([2afaf0d](2afaf0d)), closes [#41](#41)
    * made images not selectable and undraggable ([b8c200e](b8c200e))
    * Merge main and made a small fix ([89b0d71](89b0d71))
    * nx run dev:api failing due to DI error ([81c63ca](81c63ca))
    * remove hardcoded email from adminUserCreateEmail mail function ([b2b9a9e](b2b9a9e))
    * remove pnpm-lock as it is causing issues in pnpm install ([d3b54d8](d3b54d8))
    * resolved merge conflict ([7ff7afb](7ff7afb))
    * typo ([587f06b](587f06b))
    * Update discord link in README.md ([c7e4b5a](c7e4b5a))
    * update lockfile ([b6f6e80](b6f6e80))
    * update pnpm scripts ([e73a877](e73a877))
    * update web workflow ([add46dd](add46dd))
    
    ### 📚 Documentation
    
    * Add CHANGELOG.md ([184220e](184220e))
    * add docs folder ([e252d68](e252d68))
    * Add getting-started.md ([617c346](617c346))
    * update CHANGELOG.md ([b01b5ca](b01b5ca))
    * Update CONTRIBUTING.md ([7fc895d](7fc895d))
    * update DB_URL in .env.example ([325880e](325880e))
    * update PULL_REQUEST_TEMPLATE.md ([e091d40](e091d40))
    * update README.md ([fb902e5](fb902e5))
    * update README.md ([d3d0d86](d3d0d86))
    
    ### 🔧 Miscellaneous Chores
    
    * ad start:api script in package.json ([ee3bc19](ee3bc19))
    * add `getAllUsers` test  ([0b51a02](0b51a02))
    * add auto release and commit config ([0fe7d19](0fe7d19))
    * add husky pre-commit check ([62bf77e](62bf77e))
    * add pr auto tag workflow ([7a44137](7a44137))
    * add PR lint ([bb28cb7](bb28cb7))
    * add prettier:fix in package.json and husky ([2451301](2451301))
    * add release drafter config ([de36d9f](de36d9f))
    * add render hook in web to auto-deploy ([b0228d0](b0228d0))
    * add semantic release ([af12daa](af12daa))
    * add test workflow ([77c49de](77c49de))
    * add workflow for CI and deployment of web ([f49b7db](f49b7db))
    * adding test command to pre commit ([09805a5](09805a5))
    * **api:** update dockerfile entrypoint ([3962beb](3962beb))
    * **auth:** loading github module optionally ([#112](#112)) ([9263737](9263737))
    * **ci:** add dummy envs to api workflow ([4f6bb44](4f6bb44))
    * **ci:** add fly.io ([46bcd22](46bcd22))
    * **ci:** fixed broken fly installation ([6ec728f](6ec728f))
    * **ci:** integrated codecov ([0daeff3](0daeff3))
    * **ci:** moving to gitflow release ([1f86a99](1f86a99))
    * **ci:** remove auto tag workflow ([63daab3](63daab3))
    * **ci:** update CI deploy stage ([cd3c47e](cd3c47e))
    * **ci:** update coverage base path ([92e3620](92e3620))
    * **ci:** update release workflow deps ([f2a8243](f2a8243))
    * **ci:** update stage deploy condition ([362e0b0](362e0b0))
    * **ci:** update workflow ([d59427e](d59427e))
    * fix changelog script ([0c8c0ef](0c8c0ef))
    * fix changelog script ([78848a0](78848a0))
    * house cleaning ([ae73e7a](ae73e7a))
    * **lint:** overwrite default eslint rules ([4bfc998](4bfc998))
    * **package.json:** update release settings ([9b0e414](9b0e414))
    * **release:** 0.1.0-alpha ([f166ee1](f166ee1))
    * **release:** 0.1.0-alpha ([867fb08](867fb08))
    * **release:** 0.2.0-alpha ([de7726c](de7726c))
    * **release:** 1.0.0-alpha.1 [skip ci] ([488dd49](488dd49)), closes [#101](#101)
    * **release:** 1.0.0-alpha.2 [skip ci] ([ca12cc3](ca12cc3)), closes [#108](#108) [#103](#103) [#106](#106)
    * remove / for consistancy ([0da0953](0da0953))
    * remove duplicate auth service ([f97adf0](f97adf0))
    * remove SDK folders ([614c304](614c304))
    * remove sdk-node workflow ([655ad27](655ad27))
    * remove unused import ([7f189dd](7f189dd))
    * remove unwanted package.json ([14cd7ad](14cd7ad))
    * rename file ([0aba0f3](0aba0f3))
    * replace script with makefile ([a92311e](a92311e))
    * replace script with makefile ([62d582d](62d582d))
    * resolve comments ([f7562c4](f7562c4))
    * update contribution readme with step to auto assign issue ([6459622](6459622))
    * update docker push workflow ([e286b1a](e286b1a))
    * update docker push workflow ([#103](#103)) ([d562e5a](d562e5a))
    * update preset ([004ea3a](004ea3a))
    * Update web CI and add Dockerfile for web ([fc9571e](fc9571e))
    
    ### 🔨 Code Refactoring
    
    * addressed sonarqube lints ([#106](#106)) ([3df13f8](3df13f8))
    * move mock data folder inside common module ([832383e](832383e))
    * service functions as suggested ([c1ae78a](c1ae78a))
    * user mock data change ([ea5c504](ea5c504))
    @rajdip-b
    Copy link
    Member Author

    rajdip-b commented Feb 9, 2024

    🎉 This PR is included in version 1.0.0 🎉

    The release is available on GitHub release

    Your semantic-release bot 📦🚀

    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Labels
    type: enhancement New feature or request
    Projects
    None yet
    Development

    Successfully merging this pull request may close these issues.

    1 participant