feat(api-key,js-sdk,dashboard): allow deleting api keys only once its revoked (#9118)

what: - module only deletes api keys once its revoked - disables ui elements https://github.com/user-attachments/assets/437821ae-497e-4b59-b02c-4a6ff36e6a30 RESOLVES CC-106 RESOLVES CC-105 RESOLVES CC-104
2024-09-12 12:16:15 +02:00
parent c94f89610f
commit 64d5b74c12
7 changed files with 108 additions and 24 deletions
--- a/packages/modules/api-key/src/services/api-key-module-service.ts
+++ b/packages/modules/api-key/src/services/api-key-module-service.ts
@@ -1,5 +1,3 @@
-import crypto from "crypto"
-import util from "util"
 import {
  ApiKeyTypes,
  Context,
@@ -11,6 +9,18 @@ import {
  ModuleJoinerConfig,
  ModulesSdkTypes,
 } from "@medusajs/types"
+import {
+  ApiKeyType,
+  InjectManager,
+  InjectTransactionManager,
+  isObject,
+  isPresent,
+  isString,
+  MedusaContext,
+  MedusaError,
+  MedusaService,
+  promiseAll,
+} from "@medusajs/utils"
 import { ApiKey } from "@models"
 import {
  CreateApiKeyDTO,
@@ -18,17 +28,8 @@ import {
  TokenDTO,
  UpdateApiKeyInput,
 } from "@types"
-import {
-  ApiKeyType,
-  InjectManager,
-  InjectTransactionManager,
-  isObject,
-  isString,
-  MedusaContext,
-  MedusaError,
-  MedusaService,
-  promiseAll,
-} from "@medusajs/utils"
+import crypto from "crypto"
+import util from "util"
 import { joinerConfig } from "../joiner-config"

 const scrypt = util.promisify(crypto.scrypt)
@@ -61,6 +62,40 @@ export class ApiKeyModuleService
    return joinerConfig
  }

+  @InjectTransactionManager()
+  // @ts-expect-error
+  async deleteApiKeys(
+    ids: string | string[],
+    @MedusaContext() sharedContext: Context = {}
+  ) {
+    const apiKeyIds = Array.isArray(ids) ? ids : [ids]
+
+    const unrevokedApiKeys = (
+      await this.apiKeyService_.list(
+        {
+          id: ids,
+          $or: [
+            { revoked_at: { $eq: null } },
+            { revoked_at: { $gt: new Date() } },
+          ],
+        },
+        { take: null, select: ["id"] },
+        sharedContext
+      )
+    ).map((apiKey) => apiKey.id)
+
+    if (isPresent(unrevokedApiKeys)) {
+      throw new MedusaError(
+        MedusaError.Types.NOT_ALLOWED,
+        `Cannot delete api keys that are not revoked - ${unrevokedApiKeys.join(
+          ", "
+        )}`
+      )
+    }
+
+    return await super.deleteApiKeys(apiKeyIds, sharedContext)
+  }
+
  //@ts-expect-error
  createApiKeys(
    data: ApiKeyTypes.CreateApiKeyDTO[],