(auth: AuthDto, dto: ApiKeyCreateDto)
| 9 | @Injectable() |
| 10 | export class ApiKeyService extends BaseService { |
| 11 | async create(auth: AuthDto, dto: ApiKeyCreateDto): Promise<ApiKeyCreateResponseDto> { |
| 12 | const token = this.cryptoRepository.randomBytesAsText(32); |
| 13 | const hashed = this.cryptoRepository.hashSha256(token); |
| 14 | |
| 15 | if (auth.apiKey && !isGranted({ requested: dto.permissions, current: auth.apiKey.permissions })) { |
| 16 | throw new BadRequestException('Cannot grant permissions you do not have'); |
| 17 | } |
| 18 | |
| 19 | const entity = await this.apiKeyRepository.create({ |
| 20 | key: hashed, |
| 21 | name: dto.name || 'API Key', |
| 22 | userId: auth.user.id, |
| 23 | permissions: dto.permissions, |
| 24 | }); |
| 25 | |
| 26 | return { secret: token, apiKey: this.map(entity) }; |
| 27 | } |
| 28 | |
| 29 | async update(auth: AuthDto, id: string, dto: ApiKeyUpdateDto): Promise<ApiKeyResponseDto> { |
| 30 | const exists = await this.apiKeyRepository.getById(auth.user.id, id); |
nothing calls this directly
no test coverage detected