Merge branch 'develop' into simplify-rotate

briskt · briskt · commit 45e52a9451c0 · 2025-11-04T14:28:59.000+08:00
diff --git a/apikey.go b/apikey.go
@@ -400,7 +400,14 @@ func (a *App) ActivateApiKey(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	jsonResponse(w, map[string]string{"apiSecret": newKey.Secret}, http.StatusOK)
+	response := map[string]string{
+		"email":       newKey.Email,
+		"apiKeyValue": newKey.Key,
+		"apiSecret":   newKey.Secret,
+		"activatedAt": time.Unix(int64(newKey.ActivatedAt)/1000, 0).UTC().Format(time.RFC3339),
+		"createdAt":   time.Unix(int64(newKey.CreatedAt)/1000, 0).UTC().Format(time.RFC3339),
+	}
+	jsonResponse(w, response, http.StatusOK)
 }
 
 // CreateApiKey is the handler for the POST /api-key endpoint. It creates a new API Key and saves it to the database.
diff --git a/apikey_test.go b/apikey_test.go
@@ -212,55 +212,55 @@ func (ms *MfaSuite) TestActivateApiKey() {
 	localStorage, err := NewStorage(awsConfig)
 	must(err)
 
-	key1 := ApiKey{Key: "key1"}
+	key1 := ApiKey{Key: "key1", Email: "1" + exampleEmail, CreatedAt: 1744799133000}
 	must(localStorage.Store(envConfig.ApiKeyTable, &key1))
-	key2 := ApiKey{Key: "key2", ActivatedAt: 1744799134000}
+	key2 := ApiKey{Key: "key2", Email: "2" + exampleEmail, CreatedAt: 1744799133000, ActivatedAt: 1744799134000}
 	must(localStorage.Store(envConfig.ApiKeyTable, &key2))
-	key3 := ApiKey{Key: "key3"}
+	key3 := ApiKey{Key: "key3", Email: "3" + exampleEmail, CreatedAt: 1744799133000}
 	must(localStorage.Store(envConfig.ApiKeyTable, &key3))
 
 	tests := []struct {
 		name       string
-		body       any
+		body       map[string]string
 		wantStatus int
 		wantError  error
 	}{
 		{
 			name: "not previously activated",
-			body: map[string]any{
-				"email":       exampleEmail,
+			body: map[string]string{
+				"email":       key1.Email,
 				"apiKeyValue": key1.Key,
 			},
 			wantStatus: http.StatusOK,
 		},
 		{
 			name: "already activated",
-			body: map[string]any{
-				"email":       exampleEmail,
+			body: map[string]string{
+				"email":       key2.Email,
 				"apiKeyValue": key2.Key,
 			},
 			wantStatus: http.StatusBadRequest,
 			wantError:  ErrKeyAlreadyActivated,
 		},
 		{
 			name: "missing email",
-			body: map[string]any{
+			body: map[string]string{
 				"apiKeyValue": key3.Key,
 			},
 			wantStatus: http.StatusBadRequest,
 			wantError:  errors.New("email is required"),
 		},
 		{
-			name: "missing apiKey",
-			body: map[string]any{
+			name: "missing apiKeyValue",
+			body: map[string]string{
 				"email": exampleEmail,
 			},
 			wantStatus: http.StatusBadRequest,
 			wantError:  errors.New("apiKeyValue is required"),
 		},
 		{
 			name: "key not found",
-			body: map[string]any{
+			body: map[string]string{
 				"email":       exampleEmail,
 				"apiKeyValue": "not a key",
 			},
@@ -285,10 +285,18 @@ func (ms *MfaSuite) TestActivateApiKey() {
 			ms.Equal(http.StatusOK, res.Status, fmt.Sprintf("ActivateApiKey response: %s", res.Body))
 
 			var response struct {
-				ApiSecret string `json:"apiSecret"`
+				Email       string    `json:"email"`
+				ApiKeyValue string    `json:"apiKeyValue"`
+				ApiSecret   string    `json:"apiSecret"`
+				ActivatedAt time.Time `json:"activatedAt"`
+				CreatedAt   time.Time `json:"createdAt"`
 			}
 			ms.NoError(json.Unmarshal(res.Body, &response))
-			ms.Len(response.ApiSecret, 44)
+			ms.Regexp("^[A-Za-z0-9+/]{43}=$", response.ApiSecret, "apiSecret isn't correct")
+			ms.Equal(tt.body["email"], response.Email, "email isn't correct")
+			ms.Equal(tt.body["apiKeyValue"], response.ApiKeyValue, "apiKeyValue isn't correct")
+			ms.Equal(time.Date(2025, 4, 16, 10, 25, 33, 0, time.UTC), response.CreatedAt, "createdAt isn't correct")
+			ms.WithinDuration(time.Now().UTC(), response.ActivatedAt, time.Minute, "activatedAt isn't correct")
 		})
 	}
 }
diff --git a/openapi.yaml b/openapi.yaml
@@ -437,7 +437,27 @@ paths:
                     description: >
                       a random string associated with the key, when paired with the key value can be used to
                       authenticate against API endpoints
+                    required: false
+                  email:
+                    type: string
+                    description: Email address of the requester
                     required: true
+                    example: "admin@example.com"
+                  apiKeyValue:
+                    type: string
+                    description: Unique ID for the new API Key
+                    required: true
+                    example: "0123456789abcdef0123456789abcdef01234567"
+                  activatedAt:
+                    type: string
+                    description: Time the key was activated
+                    required: true
+                    example: "2006-01-02T15:04:05Z"
+                  createdAt:
+                    type: string
+                    description: Time the key was created
+                    required: true
+                    example: "2006-01-02T15:04:05Z"
         400:
           description: Bad Request
           content:

Original file line number	Diff line number	Diff line change
`@@ -400,7 +400,14 @@ func (a App) ActivateApiKey(w http.ResponseWriter, r http.Request) {`
`400`	`400`	`return`
`401`	`401`	`}`
`402`	`402`
`403`		`- jsonResponse(w, map[string]string{"apiSecret": newKey.Secret}, http.StatusOK)`
	`403`	`+ response := map[string]string{`
	`404`	`+ "email": newKey.Email,`
	`405`	`+ "apiKeyValue": newKey.Key,`
	`406`	`+ "apiSecret": newKey.Secret,`
	`407`	`+ "activatedAt": time.Unix(int64(newKey.ActivatedAt)/1000, 0).UTC().Format(time.RFC3339),`
	`408`	`+ "createdAt": time.Unix(int64(newKey.CreatedAt)/1000, 0).UTC().Format(time.RFC3339),`
	`409`	`+ }`
	`410`	`+ jsonResponse(w, response, http.StatusOK)`
`404`	`411`	`}`
`405`	`412`
`406`	`413`	`// CreateApiKey is the handler for the POST /api-key endpoint. It creates a new API Key and saves it to the database.`