Skip to content

Commit

Permalink
feat: Update details in listing secrets (#686)
Browse files Browse the repository at this point in the history
  • Loading branch information
@rajdip-b
rajdip-b authored Feb 4, 2025
1 parent d1b9767 commit 84aa5f4
Show file tree
Hide file tree
Showing 22 changed files with 376 additions and 756 deletions.
26 changes: 0 additions & 26 deletions api-collection/Secret Controller/Fetch all by project and environment.bru
View file

This file was deleted.

16 changes: 2 additions & 14 deletions apps/api/src/secret/controller/secret.controller.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,26 +88,13 @@ export class SecretController {
)
}

@Get('/:projectSlug/:environmentSlug')
@RequiredApiKeyAuthorities(Authority.READ_SECRET)
async getAllSecretsOfEnvironment(
@CurrentUser() user: User,
@Param('projectSlug') projectSlug: string,
@Param('environmentSlug') environmentSlug: string
) {
return await this.secretService.getAllSecretsOfProjectAndEnvironment(
user,
projectSlug,
environmentSlug
)
}

@Get(':secretSlug/revisions/:environmentSlug')
@RequiredApiKeyAuthorities(Authority.READ_SECRET)
async getRevisionsOfSecret(
@CurrentUser() user: User,
@Param('secretSlug') secretSlug: string,
@Param('environmentSlug') environmentSlug: string,
@Query('decryptValue') decryptValue: boolean = false,
@Query('page') page: number = 0,
@Query('limit') limit: number = 10,
@Query('order') order: 'asc' | 'desc' = 'desc'
Expand All @@ -116,6 +103,7 @@ export class SecretController {
user,
secretSlug,
environmentSlug,
decryptValue,
page,
limit,
order
Expand Down
113 changes: 6 additions & 107 deletions apps/api/src/secret/secret.e2e.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -632,7 +632,8 @@ describe('Secret Controller Tests', () => {
lastUpdatedById: secret1.lastUpdatedById,
lastUpdatedBy: {
id: user1.id,
name: user1.name
name: user1.name,
profilePictureUrl: user1.profilePictureUrl
},
createdAt: secret1.createdAt.toISOString(),
updatedAt: secret1.updatedAt.toISOString(),
Expand Down Expand Up @@ -697,7 +698,8 @@ describe('Secret Controller Tests', () => {
lastUpdatedById: secret1.lastUpdatedById,
lastUpdatedBy: {
id: user1.id,
name: user1.name
name: user1.name,
profilePictureUrl: user1.profilePictureUrl
},
createdAt: secret1.createdAt.toISOString(),
updatedAt: expect.any(String),
Expand Down Expand Up @@ -751,7 +753,8 @@ describe('Secret Controller Tests', () => {
lastUpdatedById: secret1.lastUpdatedById,
lastUpdatedBy: {
id: user1.id,
name: user1.name
name: user1.name,
profilePictureUrl: user1.profilePictureUrl
},
createdAt: secret1.createdAt.toISOString(),
updatedAt: secret1.updatedAt.toISOString(),
Expand Down Expand Up @@ -860,110 +863,6 @@ describe('Secret Controller Tests', () => {
})
})

describe('Fetch All Secrets By Project And Environment Tests', () => {
it('should be able to fetch all secrets by project and environment', async () => {
const response = await app.inject({
method: 'GET',
url: `/secret/${project1.slug}/${environment1.slug}`,
headers: {
'x-e2e-user-email': user1.email
}
})

expect(response.statusCode).toBe(200)
expect(response.json().length).toBe(1)

const secret = response.json()[0]
expect(secret.name).toBe('Secret 1')
expect(secret.value).toBe('Secret 1 value')
expect(secret.isPlaintext).toBe(true)
})

it('should not be able to fetch all secrets by project and environment if project does not exists', async () => {
const response = await app.inject({
method: 'GET',
url: `/secret/non-existing-project-slug/${environment1.slug}`,
headers: {
'x-e2e-user-email': user1.email
}
})

expect(response.statusCode).toBe(404)
expect(response.json().message).toEqual(
'Project non-existing-project-slug not found'
)
})

it('should not be able to fetch all secrets by project and environment if environment does not exists', async () => {
const response = await app.inject({
method: 'GET',
url: `/secret/${project1.slug}/non-existing-environment-slug`,
headers: {
'x-e2e-user-email': user1.email
}
})

expect(response.statusCode).toBe(404)
expect(response.json().message).toEqual(
'Environment non-existing-environment-slug not found'
)
})

it('should not be able to fetch all secrets by project and environment if the user has no access to the project', async () => {
const response = await app.inject({
method: 'GET',
url: `/secret/${project1.slug}/${environment1.slug}`,
headers: {
'x-e2e-user-email': user2.email
}
})

expect(response.statusCode).toBe(401)
})

it('should not be sending the plaintext secret if project does not store the private key', async () => {
// Get the first environment of project 2
const environment = await prisma.environment.findFirst({
where: {
projectId: project2.id
}
})

// Create a secret in project 2
await secretService.createSecret(
user1,
{
name: 'Secret 20',
entries: [
{
environmentSlug: environment.slug,
value: 'Secret 20 value'
}
],
rotateAfter: '24',
note: 'Secret 20 note'
},
project2.slug
)

const response = await app.inject({
method: 'GET',
url: `/secret/${project2.slug}/${environment.slug}`,
headers: {
'x-e2e-user-email': user1.email
}
})

expect(response.statusCode).toBe(200)
expect(response.json().length).toBe(1)

const secret = response.json()[0]
expect(secret.name).toBe('Secret 20')
expect(secret.value).not.toBe('Secret 20 value')
expect(secret.isPlaintext).toBe(false)
})
})

describe('Delete Secret Tests', () => {
it('should not be able to delete a non-existing secret', async () => {
const response = await app.inject({
Expand Down
Loading

0 comments on commit 84aa5f4

Please sign in to comment.