From 24bf8a4dd42600c0a47059f028948694eabffaec Mon Sep 17 00:00:00 2001 From: Harsh Shrikant Bhat <90265455+harshsbhat@users.noreply.github.com> Date: Fri, 27 Dec 2024 23:55:39 +0530 Subject: [PATCH 1/7] create recoverable keys --- .../[apiId]/keys/[keyAuthId]/new/client.tsx | 86 ++++++++++++++++++- .../[apiId]/keys/[keyAuthId]/new/page.tsx | 1 + .../keys/[keyAuthId]/new/validation.ts | 1 + apps/dashboard/lib/trpc/routers/key/create.ts | 34 +++++++- 4 files changed, 117 insertions(+), 5 deletions(-) diff --git a/apps/dashboard/app/(app)/apis/[apiId]/keys/[keyAuthId]/new/client.tsx b/apps/dashboard/app/(app)/apis/[apiId]/keys/[keyAuthId]/new/client.tsx index ebcecf9150..273a553b78 100644 --- a/apps/dashboard/app/(app)/apis/[apiId]/keys/[keyAuthId]/new/client.tsx +++ b/apps/dashboard/app/(app)/apis/[apiId]/keys/[keyAuthId]/new/client.tsx @@ -46,11 +46,12 @@ export const dynamic = "force-dynamic"; type Props = { apiId: string; keyAuthId: string; + storeEncryptedKeys: boolean; defaultBytes: number | null; defaultPrefix: string | null; }; -export const CreateKey = ({ apiId, keyAuthId, defaultBytes, defaultPrefix }: Props) => { +export const CreateKey = ({ apiId, keyAuthId, storeEncryptedKeys, defaultBytes, defaultPrefix }: Props) => { const router = useRouter(); const form = useForm>({ resolver: async (data, context, options) => { @@ -67,6 +68,7 @@ export const CreateKey = ({ apiId, keyAuthId, defaultBytes, defaultPrefix }: Pro expireEnabled: false, limitEnabled: false, metaEnabled: false, + recoverEnabled: false, ratelimitEnabled: false, }, }); @@ -83,7 +85,7 @@ export const CreateKey = ({ apiId, keyAuthId, defaultBytes, defaultPrefix }: Pro toast.error(err.message); }, }); - + async function onSubmit(values: z.infer) { // make sure they aren't sent to the server if they are disabled. if (!values.expireEnabled) { @@ -105,6 +107,9 @@ export const CreateKey = ({ apiId, keyAuthId, defaultBytes, defaultPrefix }: Pro if (refill?.interval === "monthly" && !refill.refillDay) { refill.refillDay = 1; } + if (!values.recoverEnabled) { + setRecoverable(false); + } await key.mutateAsync({ keyAuthId, @@ -114,6 +119,7 @@ export const CreateKey = ({ apiId, keyAuthId, defaultBytes, defaultPrefix }: Pro ownerId: values.ownerId ?? undefined, remaining: values.limit?.remaining ?? undefined, refill: refill, + recoverEnabled: values.recoverEnabled, enabled: true, }); @@ -133,6 +139,7 @@ export const CreateKey = ({ apiId, keyAuthId, defaultBytes, defaultPrefix }: Pro : "*".repeat(split.at(0)?.length ?? 0); const [showKey, setShowKey] = useState(false); const [showKeyInSnippet, setShowKeyInSnippet] = useState(false); + const [recoverable, setRecoverable] = useState(false); const resetRateLimit = () => { // set them to undefined so the form resets properly. @@ -170,9 +177,29 @@ export const CreateKey = ({ apiId, keyAuthId, defaultBytes, defaultPrefix }: Pro - This key is only shown once and can not be recovered + + {recoverable ? ( + "This key can be recovered" + ) : ( + "This key is only shown once and cannot be recovered" + )} + - Please pass it on to your user or store it somewhere safe. + {recoverable ? ( + <> + It can be recovered using endpoints{" "} + + getKey + {" "} + and{" "} + + listKeys + + . Although we still recommend you to pass it on to your user or store it somewhere safe. + + ) : ( + "Please pass it on to your user or store it somewhere safe." + )} @@ -209,6 +236,7 @@ export const CreateKey = ({ apiId, keyAuthId, defaultBytes, defaultPrefix }: Pro form.setValue("expireEnabled", false); form.setValue("ratelimitEnabled", false); form.setValue("metaEnabled", false); + form.setValue("recoverEnabled", false); form.setValue("limitEnabled", false); router.refresh(); }} @@ -750,7 +778,57 @@ export const CreateKey = ({ apiId, keyAuthId, defaultBytes, defaultPrefix }: Pro ) : null} + {storeEncryptedKeys && ( + + +
+ Recoverable + + ( + + Recoverable + + { + field.onChange(e); + setRecoverable(e); + if (field.value === false) { + resetLimited(); + } + }} + /> + + + )} + /> +
+ {form.watch("recoverEnabled") ? ( + <> + {form.formState.errors.ratelimit && ( +

+ {form.formState.errors.ratelimit.message} +

+ )} + + ) : null} +

+ You can choose to recover and display plaintext keys later, though it's + not recommended. Recoverable keys are securely stored in an encrypted + vault. For more, visit{" "} + + unkey.com/docs/security/recovering-keys. + +

+
+
+ )}