refactor(api): Update logic for forking projects

Dark-Kernel commented 2 months ago

User description

Description

Updated the logic to fetch from Prisma.
Developed if condition block to check for accessLevel is set to Global or not.
Added another if condition to check if the project exists.

Fixes #364

Developer's checklist

[x] My PR follows the style guidelines of this project
[x] I have performed a self-check on my work

If changes are made in the code:

[x] I have followed the coding guidelines
[x] My changes in code generate no new warnings

Documentation Update

[ ] This PR requires an update to the documentation at docs.keyshade.xyz
[x] I have made the necessary updates to the documentation, or no documentation changes are required.

PR Type

Enhancement, Bug fix

Description

Updated the logic for forking projects to fetch project details directly from Prisma.
Added validation to check if the project exists and if the user has the required access level.
Introduced NotFoundException for missing projects and UnauthorizedException for insufficient access levels.

Changes walkthrough 📝

Relevant files

Enhancement

project.service.ts

Update project forking logic with enhanced validation

apps/api/src/project/service/project.service.ts

Added NotFoundException and UnauthorizedException imports.

Replaced authority check with a direct Prisma query to fetch project
details.

Added checks for project existence and access level.

Threw appropriate exceptions for missing project or insufficient
access level.

+24/-8

💡 PR-Agent usage: Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

codiumai-pr-agent-free[bot] commented 2 months ago

PR Reviewer Guide 🔍

⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪

🧪 No relevant tests

🔒 Security concerns

Sensitive Data Exposure:
The code includes potential exposure of sensitive data (`privateKey`) which might not be securely handled or necessary in the given context. This could lead to security vulnerabilities if the data is mishandled or unnecessarily exposed.

⚡ Key issues to review

Missing User Context
The variable `user.id` is used in line 358 but there is no indication that the `user` object is available in the scope of the function. This could lead to a runtime error if `user` is not defined. Sensitive Data Exposure
The `privateKey` field is selected from the database in line 348 but it's unclear if it's securely handled or if it's necessary to expose this sensitive data in this context.

codiumai-pr-agent-free[bot] commented 2 months ago

PR Code Suggestions ✨

Category	Suggestion	Score
Possible issue	Improve robustness by adding error handling for database operations ___ Add error handling for the asynchronous `findUnique` method call to catch and manage potential exceptions or rejections from the database operation. [apps/api/src/project/service/project.service.ts [340-349]](https://github.com/keyshade-xyz/keyshade/pull/398/files#diff-d85f483eff15c28a4b3e5f7a54c9b159c71003f8a95ef7a4be00eb80ec72b2faR340-R349) ```diff -const project = await this.prisma.project.findUnique({ - where: { id: projectId }, - select: { - id: true, - name: true, - description: true, - storePrivateKey: true, - accessLevel: true, - privateKey: true - } -}) +let project; +try { + project = await this.prisma.project.findUnique({ + where: { id: projectId }, + select: { + id: true, + name: true, + description: true, + storePrivateKey: true, + accessLevel: true, + privateKey: true + } + }); +} catch (error) { + throw new BadRequestException(`Failed to retrieve project: ${error.message}`); +} ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 10 Why: Adding error handling for the asynchronous `findUnique` method call is essential for robustness. It ensures that potential exceptions or rejections from the database operation are managed properly, preventing unexpected crashes and providing meaningful error messages.	10
Security	Improve security by preventing potential exposure of sensitive keys ___ Consider adding a check for `storePrivateKey` and `privateKey` fields to ensure they are not inadvertently exposed or logged, which could lead to security vulnerabilities. [apps/api/src/project/service/project.service.ts [346-348]](https://github.com/keyshade-xyz/keyshade/pull/398/files#diff-d85f483eff15c28a4b3e5f7a54c9b159c71003f8a95ef7a4be00eb80ec72b2faR346-R348) ```diff -storePrivateKey: true, -privateKey: true +storePrivateKey: false, +privateKey: false ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 9 Why: This suggestion is crucial for security as it prevents the inadvertent exposure of sensitive information such as `storePrivateKey` and `privateKey`. Ensuring these fields are not exposed or logged is a significant improvement.	9
Possible bug	Ensure the user context is securely handled by replacing direct access to `user.id` ___ Replace the direct access of `user.id` with a parameter passed to the function or obtained through a secure method to ensure that the user context is correctly handled and to avoid potential runtime errors if the `user` object is not defined in this scope. [apps/api/src/project/service/project.service.ts [358]](https://github.com/keyshade-xyz/keyshade/pull/398/files#diff-d85f483eff15c28a4b3e5f7a54c9b159c71003f8a95ef7a4be00eb80ec72b2faR358-R358) ```diff -`User with id ${user.id} does not have the authority in the project with id ${project.id}` +`User with id ${currentUser.id} does not have the authority in the project with id ${project.id}` ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 8 Why: This suggestion addresses a potential runtime error and improves security by ensuring that the user context is correctly handled. However, it assumes that `currentUser` is defined and accessible in the scope, which may require additional context or changes.	8
Maintainability	Enhance code readability and maintainability by refactoring condition checks into separate methods ___ Refactor the condition checking the `accessLevel` to a separate method to enhance readability and maintainability of the code. [apps/api/src/project/service/project.service.ts [356-359]](https://github.com/keyshade-xyz/keyshade/pull/398/files#diff-d85f483eff15c28a4b3e5f7a54c9b159c71003f8a95ef7a4be00eb80ec72b2faR356-R359) ```diff -if (project.accessLevel !== 'GLOBAL') { +if (!this.isGlobalAccess(project)) { throw new UnauthorizedException( `User with id ${user.id} does not have the authority in the project with id ${project.id}` ) } ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 7 Why: Refactoring the condition check into a separate method improves readability and maintainability. However, it is a minor improvement and does not address any critical issues.	7

keyshade-xyz / keyshade