( params: CredentialActorParams )
| 151 | } |
| 152 | |
| 153 | export async function performDeleteCredential( |
| 154 | params: CredentialActorParams |
| 155 | ): Promise<PerformCredentialResult> { |
| 156 | try { |
| 157 | const access = await getCredentialActorContext(params.credentialId, params.userId) |
| 158 | if (!access.credential) { |
| 159 | return { success: false, error: 'Credential not found', errorCode: 'not_found' } |
| 160 | } |
| 161 | if (!access.hasWorkspaceAccess || !access.isAdmin) { |
| 162 | return { |
| 163 | success: false, |
| 164 | error: 'Credential admin permission required', |
| 165 | errorCode: 'forbidden', |
| 166 | } |
| 167 | } |
| 168 | if (params.allowedTypes && !params.allowedTypes.includes(access.credential.type)) { |
| 169 | return { |
| 170 | success: false, |
| 171 | error: `Only ${params.allowedTypes.join(', ')} credentials can be managed with this tool.`, |
| 172 | errorCode: 'validation', |
| 173 | } |
| 174 | } |
| 175 | |
| 176 | if (access.credential.type === 'env_personal' && access.credential.envKey) { |
| 177 | const ownerUserId = access.credential.envOwnerUserId |
| 178 | if (!ownerUserId) { |
| 179 | return { success: false, error: 'Invalid personal secret owner', errorCode: 'validation' } |
| 180 | } |
| 181 | |
| 182 | const [personalRow] = await db |
| 183 | .select({ variables: environment.variables }) |
| 184 | .from(environment) |
| 185 | .where(eq(environment.userId, ownerUserId)) |
| 186 | .limit(1) |
| 187 | |
| 188 | const current = ((personalRow?.variables as Record<string, string> | null) ?? {}) as Record< |
| 189 | string, |
| 190 | string |
| 191 | > |
| 192 | if (access.credential.envKey in current) delete current[access.credential.envKey] |
| 193 | |
| 194 | await db |
| 195 | .insert(environment) |
| 196 | .values({ id: ownerUserId, userId: ownerUserId, variables: current, updatedAt: new Date() }) |
| 197 | .onConflictDoUpdate({ |
| 198 | target: [environment.userId], |
| 199 | set: { variables: current, updatedAt: new Date() }, |
| 200 | }) |
| 201 | |
| 202 | await syncPersonalEnvCredentialsForUser({ |
| 203 | userId: ownerUserId, |
| 204 | envKeys: Object.keys(current), |
| 205 | }) |
| 206 | |
| 207 | captureServerEvent( |
| 208 | params.userId, |
| 209 | 'credential_deleted', |
| 210 | { |
no test coverage detected