Implement limit for secret creation (#67)

demeter-run · Aug 2, 2024 · 1600e6d · 1600e6d
1 parent 22c0cc1
commit 1600e6d
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 2 deletions.
diff --git a/src/domain/mod.rs b/src/domain/mod.rs
@@ -5,6 +5,7 @@ pub mod resource;
 
 pub const PAGE_SIZE_DEFAULT: u32 = 12;
 pub const PAGE_SIZE_MAX: u32 = 120;
+pub const MAX_SECRET: usize = 2;
 
 #[cfg(test)]
 mod tests {

diff --git a/src/domain/project/command.rs b/src/domain/project/command.rs
@@ -16,7 +16,7 @@ use crate::domain::{
     auth::{Credential, UserId},
     event::{EventDrivenBridge, ProjectCreated, ProjectSecretCreated},
     project::ProjectStatus,
-    PAGE_SIZE_DEFAULT, PAGE_SIZE_MAX,
+    MAX_SECRET, PAGE_SIZE_DEFAULT, PAGE_SIZE_MAX,
 };
 
 use super::{cache::ProjectDrivenCache, Project, ProjectSecret};
@@ -66,6 +66,11 @@ pub async fn create_secret(
         bail!("project doesnt exist")
     };
 
+    let secrets = cache.find_secret_by_project_id(&cmd.project_id).await?;
+    if secrets.len() >= MAX_SECRET {
+        bail!("secrets exceeded the limit of {MAX_SECRET}")
+    }
+
     let key = Alphanumeric.sample_string(&mut rand::thread_rng(), 16);
     let salt_string = SaltString::generate(&mut OsRng);
     let secret = cmd.secret.into_bytes();
@@ -386,6 +391,9 @@ mod tests {
         cache
             .expect_find_by_id()
             .return_once(|_| Ok(Some(Project::default())));
+        cache
+            .expect_find_secret_by_project_id()
+            .return_once(|_| Ok(Vec::new()));
 
         let mut event = MockFakeEventDrivenBridge::new();
         event.expect_dispatch().return_once(|_| Ok(()));
@@ -437,6 +445,26 @@ mod tests {
         let result = create_secret(Arc::new(cache), Arc::new(event), cmd).await;
         assert!(result.is_err());
     }
+    #[tokio::test]
+    async fn it_should_fail_create_project_secret_when_max_secret_exceeded() {
+        let mut cache = MockFakeProjectDrivenCache::new();
+        cache
+            .expect_find_user_permission()
+            .return_once(|_, _| Ok(Some(ProjectUser::default())));
+        cache
+            .expect_find_by_id()
+            .return_once(|_| Ok(Some(Project::default())));
+        cache
+            .expect_find_secret_by_project_id()
+            .return_once(|_| Ok(vec![ProjectSecret::default(); 3]));
+
+        let event = MockFakeEventDrivenBridge::new();
+
+        let cmd = CreateSecretCmd::default();
+
+        let result = create_secret(Arc::new(cache), Arc::new(event), cmd).await;
+        assert!(result.is_err());
+    }
 
     #[tokio::test]
     async fn it_should_verify_secret() {

diff --git a/src/domain/project/mod.rs b/src/domain/project/mod.rs
@@ -60,7 +60,7 @@ impl Display for ProjectStatus {
     }
 }
 
-#[derive(Debug)]
+#[derive(Debug, Clone)]
 pub struct ProjectSecret {
     pub id: String,
     pub project_id: String,