Merge branch 'develop' into platform

.env.example

@@ -1,6 +1,9 @@
 DATABASE_URL=postgresql://postgres:[email protected]:5432/keyshade_db
 ADMIN_EMAIL=[email protected]
 
+REDIS_URL=redis://127.0.0.1:6379
+REDIS_PASSWORD=
+
 GITHUB_CLIENT_ID= 
 GITHUB_CLIENT_SECRET= 
 GITHUB_CALLBACK_URL=
@@ -30,7 +33,9 @@ FROM_EMAIL="your-name <[email protected]>"
 
 JWT_SECRET=secret
 
-WEB_FRONTEND_URL=https://keyshade.xyz
-WORKSPACE_FRONTEND_URL=https://app.keyshade.xyz
+WEB_FRONTEND_URL=http://localhost:3000
+PLATFORM_FRONTEND_URL=http://localhost:3100
+PLATFORM_OAUTH_SUCCESS_REDIRECT_PATH=/oauth/signin
+PLATFORM_OAUTH_FAILURE_REDIRECT_PATH=/oauth/failure
 
 DOMAIN=localhost

.github/workflows/release.yml

@@ -18,9 +18,16 @@ jobs:
         with:
           node-version: 20.x
           registry-url: https://registry.npmjs.org
+      - name: install pnpm
+        run: npm i -g pnpm
       - name: install
-        run: npm install --no-save @semantic-release/commit-analyzer @semantic-release/release-notes-generator @semantic-release/changelog @semantic-release/git @semantic-release/github conventional-changelog-conventionalcommits
+        run: pnpm i
       - name: release
         env:
           GITHUB_TOKEN: ${{ secrets.RELEASE_GITHUB_TOKEN }}
-        run: npx semantic-release
+          GITHUB_CLIENT_ID: dummy
+          GITHUB_CLIENT_SECRET: dummy
+          GITHUB_CALLBACK_URL: dummy
+          REDIS_URL: redis://localhost:6379
+          JWT_SECRET: secret
+        run: pnpx semantic-release

.github/workflows/validate-api.yaml

@@ -59,6 +59,7 @@ jobs:
           GITHUB_CLIENT_SECRET: dummy
           GITHUB_CALLBACK_URL: dummy
           REDIS_URL: redis://localhost:6379
+          JWT_SECRET: secret
         run: pnpm run e2e:api
 
       - name: Upload e2e test coverage reports to Codecov

CHANGELOG.md

@@ -1,3 +1,74 @@
+## [1.3.0](https://github.com/keyshade-xyz/keyshade/compare/v1.2.0...v1.3.0) (2024-05-12)
+
+
+### 🚀 Features
+
+* Add approval support ([#158](https://github.com/keyshade-xyz/keyshade/issues/158)) ([e09ae60](https://github.com/keyshade-xyz/keyshade/commit/e09ae60f48c2339c2000af2f45b3e07db2780f41))
+* **api:** Add configuration live update support ([#181](https://github.com/keyshade-xyz/keyshade/issues/181)) ([f7d6684](https://github.com/keyshade-xyz/keyshade/commit/f7d668449bfe84286ef973eb1751a2b6c377f2ba))
+* **api:** Add feature to export data of a workspace ([#152](https://github.com/keyshade-xyz/keyshade/issues/152)) ([46833aa](https://github.com/keyshade-xyz/keyshade/commit/46833aa8bd4362cfdf08817d2faaf2a8e8bdeb99))
+* **api:** Add Integration support ([#203](https://github.com/keyshade-xyz/keyshade/issues/203)) ([f1ae87e](https://github.com/keyshade-xyz/keyshade/commit/f1ae87ecca47e74ab4897f6e5d1c2457abd18a51))
+* **api:** Add note to [secure] and variable ([#151](https://github.com/keyshade-xyz/keyshade/issues/151)) ([2e62351](https://github.com/keyshade-xyz/keyshade/commit/2e6235104c6cfeb29889a3c9beee81b893b9a26d))
+* **api:** Add OAuth redirection and polished authentication ([#212](https://github.com/keyshade-xyz/keyshade/issues/212)) ([d2968bc](https://github.com/keyshade-xyz/keyshade/commit/d2968bc3122338599031f3671bbcd3a17b0b5129))
+* **api:** Add support for storing and managing variables ([#149](https://github.com/keyshade-xyz/keyshade/issues/149)) ([963a8ae](https://github.com/keyshade-xyz/keyshade/commit/963a8ae529ddee8716b6a688e272dd635cfeaafd))
+* **api:** Added GitLab OAuth ([#188](https://github.com/keyshade-xyz/keyshade/issues/188)) ([4d3bbe4](https://github.com/keyshade-xyz/keyshade/commit/4d3bbe482e84025201e4a02b7da3ded4972fcd9a))
+* **api:** Added validation for reason field ([#190](https://github.com/keyshade-xyz/keyshade/issues/190)) ([90b8ff2](https://github.com/keyshade-xyz/keyshade/commit/90b8ff20fa47799bf7267ba45a3deae70f234d9e))
+* **api:** Create default workspace on user's creation ([#182](https://github.com/keyshade-xyz/keyshade/issues/182)) ([3dc0c4c](https://github.com/keyshade-xyz/keyshade/commit/3dc0c4c95b6dd0a484806fdf0757754ce58a7200))
+* **api:** Reading `port` Dynamically ([#170](https://github.com/keyshade-xyz/keyshade/issues/170)) ([fd46e3e](https://github.com/keyshade-xyz/keyshade/commit/fd46e3e2d37bf90572d2c9c7ec0b042e644878e0))
+* **auth:** Add Google OAuth ([#156](https://github.com/keyshade-xyz/keyshade/issues/156)) ([cf387ea](https://github.com/keyshade-xyz/keyshade/commit/cf387eade9fd72d6894bb5375d791bc722040f00))
+* **web:** Added waitlist ([#168](https://github.com/keyshade-xyz/keyshade/issues/168)) ([1084c77](https://github.com/keyshade-xyz/keyshade/commit/1084c772199382ee56cb3c515032ae1cc05d211b))
+* **web:** Landing revamp ([#165](https://github.com/keyshade-xyz/keyshade/issues/165)) ([0bc723b](https://github.com/keyshade-xyz/keyshade/commit/0bc723b5c71f7db0c2ab6e99a6ffe5e49cfd0e3d))
+
+
+### 🐛 Bug Fixes
+
+* **web:** alignment issue in “Collaboration made easy” section ([#178](https://github.com/keyshade-xyz/keyshade/issues/178)) ([df5ca75](https://github.com/keyshade-xyz/keyshade/commit/df5ca75471e7bdf611406d76b276e05fccb36db0))
+* **workspace:** delete duplicate tailwind config ([99d922a](https://github.com/keyshade-xyz/keyshade/commit/99d922ac185474435303efd4613daeb251de4bf4))
+
+
+### 📚 Documentation
+
+* add contributor list ([f37569a](https://github.com/keyshade-xyz/keyshade/commit/f37569a21091e5cd4b982b588096cc9e116e33a9))
+* Add integration docs ([#204](https://github.com/keyshade-xyz/keyshade/issues/204)) ([406ddb7](https://github.com/keyshade-xyz/keyshade/commit/406ddb7e25198d98e8bf60e4b0273f05dc47435d))
+* Added integration docs to gitbook summary ([ab37530](https://github.com/keyshade-xyz/keyshade/commit/ab375309fc93218355d1ab12aefa20377c04604c))
+* **api:** Add swagger docs of API key controller ([#167](https://github.com/keyshade-xyz/keyshade/issues/167)) ([2910476](https://github.com/keyshade-xyz/keyshade/commit/2910476ce1fcf35abf1d6d196ec34811b7f1d943))
+* **api:** Add swagger docs of User Controller ([#166](https://github.com/keyshade-xyz/keyshade/issues/166)) ([fd59522](https://github.com/keyshade-xyz/keyshade/commit/fd5952227663a68393ef5a3a10bcc9faca1683b9))
+* fix typo in environment-variables.md ([#163](https://github.com/keyshade-xyz/keyshade/issues/163)) ([48294c9](https://github.com/keyshade-xyz/keyshade/commit/48294c978df805a0543dd05375d07aafa43e31c4))
+* Remove supabase from docs ([#169](https://github.com/keyshade-xyz/keyshade/issues/169)) ([eddbce8](https://github.com/keyshade-xyz/keyshade/commit/eddbce81fe11cca8e3e759aac1524b185e1c18f8))
+* **setup:** replace NX with Turbo in setup instructions ([#175](https://github.com/keyshade-xyz/keyshade/issues/175)) ([af8a460](https://github.com/keyshade-xyz/keyshade/commit/af8a460690b17e68b204d734a94705a61183b64d))
+* Update README.md ([b59f16b](https://github.com/keyshade-xyz/keyshade/commit/b59f16beead8b7a549182e41abba90592f31a8cb))
+* Update running-the-api.md ([177dbbf](https://github.com/keyshade-xyz/keyshade/commit/177dbbf9e7737246acf3a4c241688e3a000ce66f))
+* Update running-the-api.md ([#193](https://github.com/keyshade-xyz/keyshade/issues/193)) ([3d5bcac](https://github.com/keyshade-xyz/keyshade/commit/3d5bcac76d5c5f64b13eb0f8e7bbd14a3101e322))
+
+
+### 🔧 Miscellaneous Chores
+
+* Added lockfile ([60a3b9b](https://github.com/keyshade-xyz/keyshade/commit/60a3b9bbc643beb0af1f6ec4dd7861944c6a1547))
+* Added lockfile ([6bb512c](https://github.com/keyshade-xyz/keyshade/commit/6bb512c2e4ae2dd3bbdaecd2dc51c308772bbd84))
+* **api:** Added type inference and runtime validation to `process.env` ([#200](https://github.com/keyshade-xyz/keyshade/issues/200)) ([249e07d](https://github.com/keyshade-xyz/keyshade/commit/249e07d9b7d6ac699f4a2167eb5b4c3068acb4db))
+* **api:** Fixed prisma script env errors ([#209](https://github.com/keyshade-xyz/keyshade/issues/209)) ([8762354](https://github.com/keyshade-xyz/keyshade/commit/8762354f1f70e48614655d10760440cb7d7e60d9))
+* **API:** Refactor authority check functions in API ([#189](https://github.com/keyshade-xyz/keyshade/issues/189)) ([e9d710d](https://github.com/keyshade-xyz/keyshade/commit/e9d710d49a872f6c3ca974780bcf1039f31104de))
+* **api:** Refactor user e2e tests ([b38d45a](https://github.com/keyshade-xyz/keyshade/commit/b38d45a4314257030cc3bbcd90dd02cfd3574469))
+* **ci:** Disabled api stage release ([97877c4](https://github.com/keyshade-xyz/keyshade/commit/97877c4116d88ecd633345aede552b369a03cea7))
+* **ci:** Update stage deployment config ([868a6a1](https://github.com/keyshade-xyz/keyshade/commit/868a6a105563f8da2e57c97c29e9ad08700cf01b))
+* **codecov:** update api-e2e project coverage ([1e90d7e](https://github.com/keyshade-xyz/keyshade/commit/1e90d7e1356ebbd084a31e220a7c910fa52820b3))
+* **dockerfile:** Fixed web dockerfile ([6134bb2](https://github.com/keyshade-xyz/keyshade/commit/6134bb214dad37ba074eb0183eec325dcc4586f2))
+* **docker:** Optimized web Dockerfile to reduct image size ([#173](https://github.com/keyshade-xyz/keyshade/issues/173)) ([444286a](https://github.com/keyshade-xyz/keyshade/commit/444286a70a94ae1d14cfb63614f0bd9317f032e2))
+* **release:** Downgraded package version ([c173fee](https://github.com/keyshade-xyz/keyshade/commit/c173fee2bb3799b1a696f8cfeed863b6b2bcf8b4))
+* **release:** Fix failing release ([#213](https://github.com/keyshade-xyz/keyshade/issues/213)) ([40f64f3](https://github.com/keyshade-xyz/keyshade/commit/40f64f35f01994d6d17e7d72e4d3ebd6d3a0431a))
+* **release:** Install pnpm ([1081bea](https://github.com/keyshade-xyz/keyshade/commit/1081beafc669c38a92774d6da78ee4120e6ba8ed))
+* **release:** Updated release commit ([b8958e7](https://github.com/keyshade-xyz/keyshade/commit/b8958e7e4929a128f9468ff598296b6c57ee357c))
+* **release:** Updated release commit ([e270eb8](https://github.com/keyshade-xyz/keyshade/commit/e270eb8a5b7779116a36cb9a6bf7162c12b61229))
+* Update deprecated husky Install command ([#202](https://github.com/keyshade-xyz/keyshade/issues/202)) ([e61102c](https://github.com/keyshade-xyz/keyshade/commit/e61102cb549b107354d59508d487b358a80742b9))
+* Upgrade @million/lint from 0.0.66 to 0.0.73 ([#172](https://github.com/keyshade-xyz/keyshade/issues/172)) ([dd43ed9](https://github.com/keyshade-xyz/keyshade/commit/dd43ed9c37e3694b7869b9cd21c3f395f1b53d50))
+* **web:** Updated fly memory config ([4debc66](https://github.com/keyshade-xyz/keyshade/commit/4debc668c8421347e1bec8b6a7238f22476a4e58))
+
+
+### 🔨 Code Refactoring
+
+* **api:** Made events central to workspace ([#159](https://github.com/keyshade-xyz/keyshade/issues/159)) ([9bc00ae](https://github.com/keyshade-xyz/keyshade/commit/9bc00ae0d3b0e576c72816438a4654dbfb631899))
+* **api:** Migrated to cookie based authentication ([#206](https://github.com/keyshade-xyz/keyshade/issues/206)) ([ad6911f](https://github.com/keyshade-xyz/keyshade/commit/ad6911f530bec4c345be2b492efd873e0b5d9e33))
+* **monorepo:** Migrate from nx to turbo ([#153](https://github.com/keyshade-xyz/keyshade/issues/153)) ([88b4b00](https://github.com/keyshade-xyz/keyshade/commit/88b4b00f7795348a182f5076b6b06c973e71eb3e))
+
 ## [1.2.0](https://github.com/keyshade-xyz/keyshade/compare/v1.1.0...v1.2.0) (2024-02-18)
 
 

apps/api/package.json

@@ -7,10 +7,19 @@
     "build": "nest build",
     "format": "prettier --write \"src/**/*.ts\" \"test/**/*.ts\"",
     "start": "node dist/main",
-    "dev": "nest start --watch",
+    "dev": "cross-env NODE_ENV=dev nest start --watch",
     "lint": "eslint \"{src,apps,libs,test}/**/*.ts\" --fix",
     "test": "jest",
-    "sourcemaps": "sentry-cli sourcemaps inject ./dist && sentry-cli sourcemaps upload ./dist  || echo 'Failed to upload source maps to Sentry'"
+    "db:generate-types": "pnpm dlx prisma generate --schema=src/prisma/schema.prisma",
+    "db:generate-migrations": "pnpx dotenv-cli -e ../../.env -- pnpx prisma migrate dev --create-only --skip-seed --schema=src/prisma/schema.prisma",
+    "db:deploy-migrations": "pnpx dotenv-cli -e ../../.env -- pnpx prisma migrate deploy --schema=src/prisma/schema.prisma",
+    "db:validate": "pnpx dotenv-cli -e ../../.env -- pnpm dlx prisma validate --schema=src/prisma/schema.prisma",
+    "db:format": "pnpm dlx prisma format --schema=src/prisma/schema.prisma",
+    "db:reset": "pnpx dotenv-cli -e ../../.env -- pnpm dlx prisma migrate reset --force --schema=src/prisma/schema.prisma",
+    "sourcemaps": "sentry-cli sourcemaps inject ./dist && sentry-cli sourcemaps upload ./dist  || echo 'Failed to upload source maps to Sentry'",
+    "e2e:prepare": "cd ../../ && docker compose down && docker compose -f docker-compose-test.yml up -d && cd apps/api && pnpm db:generate-types && cross-env NODE_ENV='e2e' DATABASE_URL='postgresql://prisma:prisma@localhost:5432/tests' pnpm run db:deploy-migrations",
+    "e2e": "pnpm run e2e:prepare && cross-env NODE_ENV='e2e' DATABASE_URL='postgresql://prisma:prisma@localhost:5432/tests' turbo run test --no-cache --filter=api -- --runInBand --config=jest.e2e-config.ts --coverage --coverageDirectory=../../coverage-e2e/api --coverageReporters=json && pnpm run e2e:teardown",
+    "e2e:teardown": "cd ../../ && docker compose -f docker-compose-test.yml down"
   },
   "dependencies": {
     "@nestjs/common": "^10.0.0",
@@ -24,10 +33,8 @@
     "@nestjs/schedule": "^4.0.1",
     "@nestjs/swagger": "^7.3.0",
     "@nestjs/websockets": "^10.3.7",
-    "@prisma/client": "^5.10.1",
     "@socket.io/redis-adapter": "^8.3.0",
     "@supabase/supabase-js": "^2.39.6",
-    "@types/uuid": "^9.0.8",
     "chalk": "^4.1.2",
     "class-transformer": "^0.5.1",
     "class-validator": "^0.14.1",
@@ -38,7 +45,6 @@
     "passport-github2": "^0.1.12",
     "passport-gitlab2": "^5.0.0",
     "passport-google-oauth20": "^2.0.0",
-    "prisma": "^5.10.1",
     "redis": "^4.6.13",
     "reflect-metadata": "^0.2.0",
     "rxjs": "^7.8.1",
@@ -49,10 +55,13 @@
     "@nestjs/cli": "^10.0.0",
     "@nestjs/schematics": "^10.0.0",
     "@nestjs/testing": "^10.0.0",
+    "@prisma/client": "^5.13.0",
+    "@types/uuid": "^9.0.8",
     "@types/cookie-parser": "^1.4.7",
     "@types/eccrypto": "^1.1.6",
     "@types/express": "^4.17.17",
     "@types/jest": "^29.5.2",
+    "dotenv-cli": "^7.4.2",
     "@types/node": "^20.3.1",
     "@types/supertest": "^6.0.0",
     "@typescript-eslint/eslint-plugin": "^6.0.0",
@@ -64,6 +73,7 @@
     "jest": "^29.5.0",
     "jest-mock-extended": "^3.0.5",
     "prettier": "^3.0.0",
+    "prisma": "5.13.0",
     "source-map-support": "^0.5.21",
     "supertest": "^6.3.3",
     "ts-jest": "^29.1.0",

apps/api/src/app/app.module.ts

@@ -21,13 +21,21 @@ import { ApprovalModule } from '../approval/approval.module'
 import { SocketModule } from '../socket/socket.module'
 import { ProviderModule } from '../provider/provider.module'
 import { ScheduleModule } from '@nestjs/schedule'
+import { EnvSchema } from '../common/env/env.schema'
 import { IntegrationModule } from '../integration/integration.module'
+import { FeedbackModule } from '../feedback/feedback.module'
 
 @Module({
   controllers: [AppController],
   imports: [
     ConfigModule.forRoot({
-      isGlobal: true
+      isGlobal: true,
+      envFilePath: '../../.env',
+      validate: EnvSchema.parse,
+      validationOptions: {
+        allowUnknown: false,
+        abortEarly: true
+      }
     }),
     ScheduleModule.forRoot(),
     PassportModule,
@@ -46,7 +54,8 @@ import { IntegrationModule } from '../integration/integration.module'
     ApprovalModule,
     SocketModule,
     ProviderModule,
-    IntegrationModule
+    IntegrationModule,
+    FeedbackModule
   ],
   providers: [
     {

apps/api/src/auth/auth.module.ts

@@ -14,7 +14,7 @@ import { GitlabStrategy } from '../config/oauth-strategy/gitlab/gitlab.strategy'
   imports: [
     JwtModule.register({
       global: true,
-      secret: process.env.JWT_SECRET,
+      secret: process.env.JWT_SECRET ?? 'secret',
       signOptions: {
         expiresIn: '1d',
         issuer: 'keyshade.xyz',

apps/api/src/auth/controller/auth.controller.ts

@@ -3,11 +3,13 @@ import {
   Get,
   HttpException,
   HttpStatus,
+  Logger,
   Param,
   Post,
   Query,
   Req,
   Res,
+  UnprocessableEntityException,
   UseGuards
 } from '@nestjs/common'
 import { AuthService } from '../service/auth.service'
@@ -24,10 +26,18 @@ import { GithubOAuthStrategyFactory } from '../../config/factory/github/github-s
 import { GoogleOAuthStrategyFactory } from '../../config/factory/google/google-strategy.factory'
 import { GitlabOAuthStrategyFactory } from '../../config/factory/gitlab/gitlab-strategy.factory'
 import { Response } from 'express'
+import { AuthProvider } from '@prisma/client'
+import setCookie from '../../common/set-cookie'
+import {
+  sendOAuthFailureRedirect,
+  sendOAuthSuccessRedirect
+} from '../../common/redirect'
 
 @ApiTags('Auth Controller')
 @Controller('auth')
 export class AuthController {
+  private readonly logger = new Logger(AuthController.name)
+
   constructor(
     private authService: AuthService,
     private githubOAuthStrategyFactory: GithubOAuthStrategyFactory,
@@ -97,12 +107,7 @@ export class AuthController {
     @Query('otp') otp: string,
     @Res({ passthrough: true }) response: Response
   ) {
-    const { token, ...user } = await this.authService.validateOtp(email, otp)
-    response.cookie('token', `Bearer ${token}`, {
-      domain: process.env.DOMAIN ?? 'localhost',
-      expires: new Date(Date.now() + 1000 * 60 * 60 * 24 * 7) // 7 days,
-    })
-    return user
+    return setCookie(response, await this.authService.validateOtp(email, otp))
   }
 
   /* istanbul ignore next */
@@ -144,12 +149,20 @@ export class AuthController {
   })
   async githubOAuthCallback(@Req() req: any) {
     const { emails, displayName: name, photos } = req.user
+
+    if (!emails.length) {
+      throw new UnprocessableEntityException(
+        'Email information is missing from the OAuth provider data.'
+      )
+    }
     const email = emails[0].value
-    const profilePictureUrl = photos[0].value
-    return await this.authService.handleOAuthLogin(
+    const profilePictureUrl = photos[0]?.value
+
+    return this.authService.handleOAuthLogin(
       email,
       name,
-      profilePictureUrl
+      profilePictureUrl,
+      AuthProvider.GITHUB
     )
   }
 
@@ -190,13 +203,22 @@ export class AuthController {
     status: HttpStatus.OK,
     description: 'Logged in successfully'
   })
-  async gitlabOAuthCallback(@Req() req: any) {
+  async gitlabOAuthCallback(@Req() req: any, @Res() res: Response) {
     const { emails, displayName: name, avatarUrl: profilePictureUrl } = req.user
+
+    if (!emails.length) {
+      throw new UnprocessableEntityException(
+        'Email information is missing from the OAuth provider data.'
+      )
+    }
     const email = emails[0].value
-    return await this.authService.handleOAuthLogin(
+
+    this.handleOAuthProcess(
       email,
       name,
-      profilePictureUrl
+      profilePictureUrl,
+      AuthProvider.GITLAB,
+      res
     )
   }
 
@@ -235,14 +257,51 @@ export class AuthController {
     status: HttpStatus.OK,
     description: 'Logged in successfully'
   })
-  async googleOAuthCallback(@Req() req: any) {
+  async googleOAuthCallback(@Req() req: any, @Res() res: Response) {
     const { emails, displayName: name, photos } = req.user
+
+    if (!emails.length) {
+      throw new UnprocessableEntityException(
+        'Email information is missing from the OAuth provider data.'
+      )
+    }
     const email = emails[0].value
-    const profilePictureUrl = photos[0].value
-    return await this.authService.handleOAuthLogin(
+    const profilePictureUrl = photos[0]?.value
+
+    this.handleOAuthProcess(
       email,
       name,
-      profilePictureUrl
+      profilePictureUrl,
+      AuthProvider.GOOGLE,
+      res
     )
   }
+
+  /* istanbul ignore next */
+  private async handleOAuthProcess(
+    email: string,
+    name: string,
+    profilePictureUrl: string,
+    oauthProvider: AuthProvider,
+    response: Response
+  ) {
+    try {
+      const data = await this.authService.handleOAuthLogin(
+        email,
+        name,
+        profilePictureUrl,
+        oauthProvider
+      )
+      const user = setCookie(response, data)
+      sendOAuthSuccessRedirect(response, user)
+    } catch (error) {
+      this.logger.warn(
+        'User attempted to log in with a different OAuth provider'
+      )
+      sendOAuthFailureRedirect(
+        response,
+        'User attempted to log in with a different OAuth provider'
+      )
+    }
+  }
 }