API: Create endpoint for fetching all revisions of a secret

keyshade-xyz · Jun 28, 2024 · b5a0637 · b5a0637
1 parent b272df3
commit b5a0637
Show file tree

Hide file tree

Showing 3 changed files with 147 additions and 0 deletions.
diff --git a/apps/api/src/secret/controller/secret.controller.ts b/apps/api/src/secret/controller/secret.controller.ts
@@ -101,4 +101,18 @@ export class SecretController {
       environmentId
     )
   }
+
+  @Get(':secretId/revisions/:environmentId')
+  @RequiredApiKeyAuthorities(Authority.READ_SECRET)
+  async getRevisionsOfSecret(
+    @CurrentUser() user: User,
+    @Param('secretId') secretId: string,
+    @Param('environmentId') environmentId: string
+  ) {
+    return await this.secretService.getRevisionsOfSecret(
+      user,
+      secretId,
+      environmentId
+    )
+  }
 }
diff --git a/apps/api/src/secret/secret.e2e.spec.ts b/apps/api/src/secret/secret.e2e.spec.ts
@@ -885,4 +885,108 @@ describe('Secret Controller Tests', () => {
     expect(event.workspaceId).toBe(workspace1.id)
     expect(event.itemId).toBe(secret1.id)
   })
+
+  //revisions test
+  it('should be able to fetch all revisions of secrets', async () => {
+    // create two more entries,totalling three versions
+    // checks if its able to fetch multiple revisions
+    await secretService.updateSecret(user1, secret1.id, {
+      entries: [
+        {
+          value: 'Updated Secret 1 value',
+          environmentId: environment1.id
+        }
+      ]
+    })
+
+    await secretService.updateSecret(user1, secret1.id, {
+      entries: [
+        {
+          value: 'Updated Secret 1 value 2',
+          environmentId: environment1.id
+        }
+      ]
+    })
+
+    const response = await app.inject({
+      method: 'GET',
+      url: `/secret/${secret1.id}/revisions/${environment1.id}`,
+      headers: {
+        'x-e2e-user-email': user1.email
+      }
+    })
+
+    expect(response.statusCode).toBe(200)
+    expect(response.json().length).toBe(3)
+  })
+
+  it('should return [] if the secret has no revision', async () => {
+    //returns [] if secret has no revision
+    await prisma.secretVersion.deleteMany({
+      where: {
+        secretId: secret1.id
+      }
+    })
+
+    const response = await app.inject({
+      method: 'GET',
+      url: `/secret/${secret1.id}/revisions/${environment1.id}`,
+      headers: {
+        'x-e2e-user-email': user1.email
+      }
+    })
+
+    expect(response.statusCode).toBe(200)
+    expect(response.json().length).toBe(0)
+  })
+
+  it('should return error if secret doesnt exist', async () => {
+    //return error if secret doesnt exist
+    const secretid = 'nonexistentsecret'
+    const response = await app.inject({
+      method: 'GET',
+      url: `/secret/${secretid}/revisions/${environment1.id}`,
+      headers: {
+        'x-e2e-user-email': user1.email
+      }
+    })
+
+    expect(response.statusCode).toBe(404)
+    expect(response.json().message).toEqual(
+      `Secret with id ${secretid} not found`
+    )
+  })
+
+  it('should return error if environment doesnt exist', async () => {
+    //return error if environment doesnt exist
+    const environmentid = 'nonexistentenv'
+    const response = await app.inject({
+      method: 'GET',
+      url: `/secret/${secret1.id}/revisions/${environmentid}`,
+      headers: {
+        'x-e2e-user-email': user1.email
+      }
+    })
+
+    expect(response.statusCode).toBe(404)
+    expect(response.json().message).toEqual(
+      `Environment with id ${environmentid} not found`
+    )
+  })
+
+  it('returns error if secret isnt accessible', async () => {
+    //return error if user has no access to secret
+    const response = await app.inject({
+      method: 'GET',
+      url: `/secret/${secret1.id}/revisions/${environment1.id}`,
+      headers: {
+        'x-e2e-user-email': user2.email
+      }
+    })
+
+    expect(response.statusCode).toBe(401)
+    expect(response.json().message).toEqual(
+      `User ${user2.id} does not have the required authorities`
+    )
+  })
 })
diff --git a/apps/api/src/secret/service/secret.service.ts b/apps/api/src/secret/service/secret.service.ts
@@ -490,6 +490,35 @@ export class SecretService {
 
     return response
   }
+  async getRevisionsOfSecret(
+    user: User,
+    secretId: Secret['id'],
+    environmentId: Environment['id']
+  ) {
+    //check access to secret
+    await this.authorityCheckerService.checkAuthorityOverSecret({
+      userId: user.id,
+      entity: { id: secretId },
+      authority: Authority.READ_SECRET,
+      prisma: this.prisma
+    })
+
+    await this.authorityCheckerService.checkAuthorityOverEnvironment({
+      userId: user.id,
+      entity: { id: environmentId },
+      authority: Authority.READ_ENVIRONMENT,
+      prisma: this.prisma
+    })
+
+    // get the revisions
+    const revisions = await this.prisma.secretVersion.findMany({
+      where: {
+        secretId: secretId,
+        environmentId: environmentId
+      }
+    })
+    return revisions
+  }
 
   async getAllSecretsOfProject(
     user: User,