Open anudeeps352 opened 5 days ago
โฑ๏ธ Estimated effort to review [1-5] | 3 |
๐งช Relevant tests | Yes |
๐ Security concerns | No |
โก Key issues to review |
Possible Bug: Ensure that the getRevisionsOfSecret method in SecretService handles the case where the secret or environment does not exist before making database queries. This could prevent unnecessary database calls and improve error handling. |
Error Handling: Verify that the error messages returned are consistent and informative across different failure scenarios in the endpoint. |
Category | Suggestion | Score |
Possible issue |
Add error handling to improve method robustness and error reporting___ **Implement error handling for thegetRevisionsOfSecret method to manage cases where the authority checks fail or the database operations throw an exception. This will improve the robustness of the method and provide clearer error messages to the client.** [apps/api/src/secret/service/secret.service.ts [499-511]](https://github.com/keyshade-xyz/keyshade/pull/303/files#diff-dee38177617754972e3d3f727d7f1536566d7a784b7ffdda74aa97d6eec4cbc5R499-R511) ```diff -await this.authorityCheckerService.checkAuthorityOverSecret({ - userId: user.id, - entity: { id: secretId }, - authority: Authority.READ_SECRET, - prisma: this.prisma -}) -await this.authorityCheckerService.checkAuthorityOverEnvironment({ - userId: user.id, - entity: { id: environmentId }, - authority: Authority.READ_ENVIRONMENT, - prisma: this.prisma -}) +try { + await this.authorityCheckerService.checkAuthorityOverSecret({ + userId: user.id, + entity: { id: secretId }, + authority: Authority.READ_SECRET, + prisma: this.prisma + }) + await this.authorityCheckerService.checkAuthorityOverEnvironment({ + userId: user.id, + entity: { id: environmentId }, + authority: Authority.READ_ENVIRONMENT, + prisma: this.prisma + }) +} catch (error) { + throw new HttpException('Failed to verify authorities or fetch data', HttpStatus.INTERNAL_SERVER_ERROR); +} ``` - [ ] **Apply this suggestion** Suggestion importance[1-10]: 10Why: Implementing error handling for authority checks and database operations enhances the robustness of the method and provides clearer error messages to the client, which is crucial for reliability and user experience. | 10 |
Enhancement |
Add parameter validation for
___
**Consider validating the parameters | 9 |
Performance |
Suggest adding a database index on
___
**To optimize the database query when fetching secret revisions, consider including an index | 8 |
Security |
Implement a middleware to check API key authorities to centralize security checks___ **To ensure that the API key provided has the necessary authorities, consider implementing amiddleware that checks the API key before reaching the controller method. This can help centralize security checks and reduce redundancy across different endpoints.** [apps/api/src/secret/controller/secret.controller.ts [106-111]](https://github.com/keyshade-xyz/keyshade/pull/303/files#diff-504a3762c691dc3814c053b3815ff9b1f1a8eb54cde844d882d9ea06779eca84R106-R111) ```diff -@RequiredApiKeyAuthorities(Authority.READ_SECRET) +@UseGuards(ApiKeyAuthGuard) async getRevisionsOfSecret( @CurrentUser() user: User, @Param('secretId') secretId: string, @Param('environmentId') environmentId: string ) ``` - [ ] **Apply this suggestion** Suggestion importance[1-10]: 7Why: Using a middleware to check API key authorities can centralize security checks and reduce redundancy, improving maintainability. However, the current decorator approach is also valid, so this is more of a structural improvement. | 7 |
User description
Description
Create endpoint for fetching all revisions of a secret
Fixes #272
Dependencies
Mention any dependencies/packages used
Future Improvements
Mention any improvements to be done in future related to any file/feature
Mentions
Mention and tag the people
Screenshots of relevant screens
Add screenshots of relevant screens
Developer's checklist
If changes are made in the code:
Documentation Update
PR Type
Enhancement, Tests
Description
GET /api/secret/:secretId/revisions/:environmentId
to fetch all revisions of a secret.getRevisionsOfSecret
method in theSecretController
class.getRevisionsOfSecret
method to theSecretService
class, including authority checks and retrieval logic.Changes walkthrough ๐
secret.controller.ts
Add endpoint to fetch all revisions of a secret
apps/api/src/secret/controller/secret.controller.ts
GET
/api/secret/:secretId/revisions/:environmentId
to fetch all revisionsof a secret.
getRevisionsOfSecret
method in theSecretController
class.
secret.service.ts
Implement service method to fetch secret revisions
apps/api/src/secret/service/secret.service.ts
getRevisionsOfSecret
method to theSecretService
class.secret.e2e.spec.ts
Add tests for fetching all revisions of a secret endpoint
apps/api/src/secret/secret.e2e.spec.ts
a secret.
revisions, non-existent secret, non-existent environment, and
unauthorized access.