feat: Adding refill to remaining keys (#682)

* updated schema for db, updated update key * Changed to Enum for refillIncrement * Converted to Enum values * Working Web App and API * Started on replenish docs * update ignore * pre commit to merge pull main * Merge origin main * Fixed type errors in keys api * Prep for Trigger * Finished Replenisment Cron Imp * feat(key replenish): added key replenishment daily and monthly Key replenishment added with changes to db schema, docs, api routes, and cron added key-299, key-300, key-301, key-302, key-303, key-304 * changed refill names and fixed wording in openAPI * Fixed refill on web app * wip * work in progress PR changes * Wording and trpc integration with replenish * chore: merge main * fix: issues * fix: issues * chore: remove log * Requested changes made * format --------- Co-authored-by: chronark <[email protected]>
unkeyed · Dec 22, 2023 · b3de29d · b3de29d · vercel · Dec 22, 2023
1 parent 96086c1
commit b3de29d
Show file tree

Hide file tree

Showing 27 changed files with 745 additions and 109 deletions.
diff --git a/.github/workflows/build_apps.yaml b/.github/workflows/build_apps.yaml
@@ -47,10 +47,6 @@ jobs:
         env:
           DRIZZLE_DATABASE_URL: 'mysql://unkey:password@localhost:3306/unkey'
 
-
-      - name: Install
-        uses: ./.github/actions/install
-
       - name: Build
         run: pnpm turbo run build --filter=${{matrix.app}}
         env:

diff --git a/.infisical.json b/.infisical.json
@@ -0,0 +1,5 @@
+{
+  "workspaceId": "6532bc32a4732d50aa605d13",
+  "defaultEnvironment": "",
+  "gitBranchToEnvironmentMapping": null
+}
diff --git a/apps/api/.infisical.json b/apps/api/.infisical.json
@@ -1,5 +1,5 @@
 {
   "workspaceId": "6532bc32a4732d50aa605d13",
-  "defaultEnvironment": "",
+  "defaultEnvironment": "dev",
   "gitBranchToEnvironmentMapping": null
 }
diff --git a/apps/api/src/routes/legacy_apis_listKeys.ts b/apps/api/src/routes/legacy_apis_listKeys.ts
@@ -64,17 +64,29 @@ export const registerLegacyApisListKeys = (app: App) =>
   app.openapi(route, async (c) => {
     const authorization = c.req.header("authorization")?.replace("Bearer ", "");
     if (!authorization) {
-      throw new UnkeyApiError({ code: "UNAUTHORIZED", message: "key required" });
+      throw new UnkeyApiError({
+        code: "UNAUTHORIZED",
+        message: "key required",
+      });
     }
     const rootKey = await keyService.verifyKey(c, { key: authorization });
     if (rootKey.error) {
-      throw new UnkeyApiError({ code: "INTERNAL_SERVER_ERROR", message: rootKey.error.message });
+      throw new UnkeyApiError({
+        code: "INTERNAL_SERVER_ERROR",
+        message: rootKey.error.message,
+      });
     }
     if (!rootKey.value.valid) {
-      throw new UnkeyApiError({ code: "UNAUTHORIZED", message: "the root key is not valid" });
+      throw new UnkeyApiError({
+        code: "UNAUTHORIZED",
+        message: "the root key is not valid",
+      });
     }
     if (!rootKey.value.isRootKey) {
-      throw new UnkeyApiError({ code: "UNAUTHORIZED", message: "root key required" });
+      throw new UnkeyApiError({
+        code: "UNAUTHORIZED",
+        message: "root key required",
+      });
     }
 
     const apiId = c.req.param("apiId");
@@ -89,7 +101,10 @@ export const registerLegacyApisListKeys = (app: App) =>
     });
 
     if (!api || api.workspaceId !== rootKey.value.authorizedWorkspaceId) {
-      throw new UnkeyApiError({ code: "NOT_FOUND", message: `api ${apiId} not found` });
+      throw new UnkeyApiError({
+        code: "NOT_FOUND",
+        message: `api ${apiId} not found`,
+      });
     }
 
     if (!api.keyAuthId) {

diff --git a/apps/api/src/routes/legacy_keys_createKey.ts b/apps/api/src/routes/legacy_keys_createKey.ts
@@ -162,17 +162,29 @@ export const registerLegacyKeysCreate = (app: App) =>
   app.openapi(route, async (c) => {
     const authorization = c.req.header("authorization")?.replace("Bearer ", "");
     if (!authorization) {
-      throw new UnkeyApiError({ code: "UNAUTHORIZED", message: "key required" });
+      throw new UnkeyApiError({
+        code: "UNAUTHORIZED",
+        message: "key required",
+      });
     }
     const rootKey = await keyService.verifyKey(c, { key: authorization });
     if (rootKey.error) {
-      throw new UnkeyApiError({ code: "INTERNAL_SERVER_ERROR", message: rootKey.error.message });
+      throw new UnkeyApiError({
+        code: "INTERNAL_SERVER_ERROR",
+        message: rootKey.error.message,
+      });
     }
     if (!rootKey.value.valid) {
-      throw new UnkeyApiError({ code: "UNAUTHORIZED", message: "the root key is not valid" });
+      throw new UnkeyApiError({
+        code: "UNAUTHORIZED",
+        message: "the root key is not valid",
+      });
     }
     if (!rootKey.value.isRootKey) {
-      throw new UnkeyApiError({ code: "UNAUTHORIZED", message: "root key required" });
+      throw new UnkeyApiError({
+        code: "UNAUTHORIZED",
+        message: "root key required",
+      });
     }
 
     const req = c.req.valid("json");
@@ -187,7 +199,10 @@ export const registerLegacyKeysCreate = (app: App) =>
     });
 
     if (!api || api.workspaceId !== rootKey.value.authorizedWorkspaceId) {
-      throw new UnkeyApiError({ code: "NOT_FOUND", message: `api ${req.apiId} not found` });
+      throw new UnkeyApiError({
+        code: "NOT_FOUND",
+        message: `api ${req.apiId} not found`,
+      });
     }
 
     if (!api.keyAuthId) {
@@ -200,7 +215,10 @@ export const registerLegacyKeysCreate = (app: App) =>
     /**
      * Set up an api for production
      */
-    const key = new KeyV1({ byteLength: req.byteLength, prefix: req.prefix }).toString();
+    const key = new KeyV1({
+      byteLength: req.byteLength,
+      prefix: req.prefix,
+    }).toString();
     const start = key.slice(0, (req.prefix?.length ?? 0) + 5);
     const keyId = newId("key");
     const hash = await sha256(key.toString());

diff --git a/apps/api/src/routes/legacy_keys_getKey.ts b/apps/api/src/routes/legacy_keys_getKey.ts
@@ -38,23 +38,38 @@ export const registerLegacyKeysGet = (app: App) =>
   app.openapi(route, async (c) => {
     const authorization = c.req.header("authorization")?.replace("Bearer ", "");
     if (!authorization) {
-      throw new UnkeyApiError({ code: "UNAUTHORIZED", message: "key required" });
+      throw new UnkeyApiError({
+        code: "UNAUTHORIZED",
+        message: "key required",
+      });
     }
     const rootKey = await keyService.verifyKey(c, { key: authorization });
     if (rootKey.error) {
-      throw new UnkeyApiError({ code: "INTERNAL_SERVER_ERROR", message: rootKey.error.message });
+      throw new UnkeyApiError({
+        code: "INTERNAL_SERVER_ERROR",
+        message: rootKey.error.message,
+      });
     }
     if (!rootKey.value.valid) {
-      throw new UnkeyApiError({ code: "UNAUTHORIZED", message: "the root key is not valid" });
+      throw new UnkeyApiError({
+        code: "UNAUTHORIZED",
+        message: "the root key is not valid",
+      });
     }
     if (!rootKey.value.isRootKey) {
-      throw new UnkeyApiError({ code: "UNAUTHORIZED", message: "root key required" });
+      throw new UnkeyApiError({
+        code: "UNAUTHORIZED",
+        message: "root key required",
+      });
     }
 
     const { keyId } = c.req.param();
 
     if (!keyId) {
-      throw new UnkeyApiError({ code: "BAD_REQUEST", message: "no key id given" });
+      throw new UnkeyApiError({
+        code: "BAD_REQUEST",
+        message: "no key id given",
+      });
     }
 
     const data = await cache.withCache(c, "keyById", keyId, async () => {
@@ -80,7 +95,10 @@ export const registerLegacyKeysGet = (app: App) =>
     });
 
     if (!data || data.key.workspaceId !== rootKey.value.authorizedWorkspaceId) {
-      throw new UnkeyApiError({ code: "NOT_FOUND", message: `key ${keyId} not found` });
+      throw new UnkeyApiError({
+        code: "NOT_FOUND",
+        message: `key ${keyId} not found`,
+      });
     }
 
     return c.json({
@@ -90,8 +108,8 @@ export const registerLegacyKeysGet = (app: App) =>
       name: data.key.name ?? undefined,
       start: data.key.start,
       ownerId: data.key.ownerId ?? undefined,
-      meta: data.key.meta ?? undefined,
-      createdAt: data.key.createdAt.getTime() ?? undefined,
+      meta: data.key.meta ? JSON.parse(data.key.meta) : undefined,
+      createdAt: data.key.createdAt.getTime(),
       forWorkspaceId: data.key.forWorkspaceId ?? undefined,
       expiresAt: data.key.expires?.getTime() ?? undefined,
       remaining: data.key.remaining ?? undefined,

diff --git a/apps/api/src/routes/legacy_keys_updateKey.ts b/apps/api/src/routes/legacy_keys_updateKey.ts
@@ -121,19 +121,31 @@ export const registerLegacyKeysUpdate = (app: App) =>
   app.openapi(route, async (c) => {
     const authorization = c.req.header("authorization")?.replace("Bearer ", "");
     if (!authorization) {
-      throw new UnkeyApiError({ code: "UNAUTHORIZED", message: "key required" });
+      throw new UnkeyApiError({
+        code: "UNAUTHORIZED",
+        message: "key required",
+      });
     }
 
     // Get root key and check for API errors
     const rootKey = await keyService.verifyKey(c, { key: authorization });
     if (rootKey.error) {
-      throw new UnkeyApiError({ code: "INTERNAL_SERVER_ERROR", message: rootKey.error.message });
+      throw new UnkeyApiError({
+        code: "INTERNAL_SERVER_ERROR",
+        message: rootKey.error.message,
+      });
     }
     if (!rootKey.value.valid) {
-      throw new UnkeyApiError({ code: "UNAUTHORIZED", message: "the root key is not valid" });
+      throw new UnkeyApiError({
+        code: "UNAUTHORIZED",
+        message: "the root key is not valid",
+      });
     }
     if (!rootKey.value.isRootKey) {
-      throw new UnkeyApiError({ code: "UNAUTHORIZED", message: "root key required" });
+      throw new UnkeyApiError({
+        code: "UNAUTHORIZED",
+        message: "root key required",
+      });
     }
     const keyId = c.req.param("keyId");
     const req = c.req.valid("json");
@@ -143,7 +155,10 @@ export const registerLegacyKeysUpdate = (app: App) =>
     });
 
     if (!key || key.workspaceId !== rootKey.value.authorizedWorkspaceId) {
-      throw new UnkeyApiError({ code: "NOT_FOUND", message: `key ${keyId} not found` });
+      throw new UnkeyApiError({
+        code: "NOT_FOUND",
+        message: `key ${keyId} not found`,
+      });
     }
 
     const authorizedWorkspaceId = rootKey.value.authorizedWorkspaceId;

diff --git a/apps/api/src/routes/legacy_keys_verifyKey.ts b/apps/api/src/routes/legacy_keys_verifyKey.ts
@@ -65,7 +65,7 @@ A key could be invalid for a number of reasons, for example if it has expired, h
                   stripeCustomerId: "cus_1234",
                 },
               }),
-            createdAt: z.number().openapi({
+            createdAt: z.number().optional().openapi({
               description: "The unix timestamp in milliseconds when the key was created",
               example: Date.now(),
             }),
@@ -110,15 +110,15 @@ A key could be invalid for a number of reasons, for example if it has expired, h
               example: 1000,
             }),
             code: z
-              .enum(["NOT_FOUND", "FORBIDDEN", "KEY_USAGE_EXCEEDED", "RATELIMITED"])
+              .enum(["NOT_FOUND", "FORBIDDEN", "USAGE_EXCEEDED", "RATE_LIMITED"])
               .optional()
               .openapi({
                 description: `If the key is invalid this field will be set to the reason why it is invalid.
 Possible values are:
 - NOT_FOUND: the key does not exist or has expired
 - FORBIDDEN: the key is not allowed to access the api
-- KEY_USAGE_EXCEEDED: the key has exceeded its request limit
-- RATELIMITED: the key has been ratelimited,
+- USAGE_EXCEEDED: the key has exceeded its request limit
+- RATE_LIMITED: the key has been ratelimited,
 `,
                 example: "NOT_FOUND",
               }),
@@ -143,7 +143,10 @@ export const registerLegacyKeysVerifyKey = (app: App) =>
 
     const { value, error } = await keyService.verifyKey(c, { key, apiId });
     if (error) {
-      throw new UnkeyApiError({ code: "INTERNAL_SERVER_ERROR", message: error.message });
+      throw new UnkeyApiError({
+        code: "INTERNAL_SERVER_ERROR",
+        message: error.message,
+      });
     }
 
     if (!value.valid) {

diff --git a/apps/api/src/routes/schema.ts b/apps/api/src/routes/schema.ts
@@ -37,7 +37,7 @@ export const keySchema = z
           stripeCustomerId: "cus_1234",
         },
       }),
-    createdAt: z.number().openapi({
+    createdAt: z.number().optional().openapi({
       description: "The unix timestamp in milliseconds when the key was created",
       example: Date.now(),
     }),
@@ -56,6 +56,30 @@ export const keySchema = z
         "The number of requests that can be made with this key before it becomes invalid. If this field is null or undefined, the key has no request limit.",
       example: 1000,
     }),
+    refill: z
+      .object({
+        interval: z.enum(["daily", "monthly"]).openapi({
+          description: "Determines the rate at which verifications will be refilled.",
+          example: "daily",
+        }),
+        amount: z.number().int().openapi({
+          description: "Resets `remaining` to this value every interval.",
+          example: 100,
+        }),
+        lastRefillAt: z.number().optional().openapi({
+          description: "The unix timestamp in miliseconds when the key was last refilled.",
+          example: 100,
+        }),
+      })
+      .optional()
+      .openapi({
+        description:
+          "Unkey allows you to refill remaining verifications on a key on a regular interval.",
+        example: {
+          interval: "daily",
+          amount: 10,
+        },
+      }),
     ratelimit: z
       .object({
         type: z

diff --git a/apps/api/src/routes/v1_apis_listKeys.ts b/apps/api/src/routes/v1_apis_listKeys.ts
@@ -61,17 +61,29 @@ export const registerV1ApisListKeys = (app: App) =>
   app.openapi(route, async (c) => {
     const authorization = c.req.header("authorization")?.replace("Bearer ", "");
     if (!authorization) {
-      throw new UnkeyApiError({ code: "UNAUTHORIZED", message: "key required" });
+      throw new UnkeyApiError({
+        code: "UNAUTHORIZED",
+        message: "key required",
+      });
     }
     const rootKey = await keyService.verifyKey(c, { key: authorization });
     if (rootKey.error) {
-      throw new UnkeyApiError({ code: "INTERNAL_SERVER_ERROR", message: rootKey.error.message });
+      throw new UnkeyApiError({
+        code: "INTERNAL_SERVER_ERROR",
+        message: rootKey.error.message,
+      });
     }
     if (!rootKey.value.valid) {
-      throw new UnkeyApiError({ code: "UNAUTHORIZED", message: "the root key is not valid" });
+      throw new UnkeyApiError({
+        code: "UNAUTHORIZED",
+        message: "the root key is not valid",
+      });
     }
     if (!rootKey.value.isRootKey) {
-      throw new UnkeyApiError({ code: "UNAUTHORIZED", message: "root key required" });
+      throw new UnkeyApiError({
+        code: "UNAUTHORIZED",
+        message: "root key required",
+      });
     }
 
     const { apiId, limit, cursor, ownerId } = c.req.query();
@@ -85,7 +97,10 @@ export const registerV1ApisListKeys = (app: App) =>
     });
 
     if (!api || api.workspaceId !== rootKey.value.authorizedWorkspaceId) {
-      throw new UnkeyApiError({ code: "NOT_FOUND", message: `api ${apiId} not found` });
+      throw new UnkeyApiError({
+        code: "NOT_FOUND",
+        message: `api ${apiId} not found`,
+      });
     }
 
     if (!api.keyAuthId) {
@@ -134,6 +149,14 @@ export const registerV1ApisListKeys = (app: App) =>
               }
             : undefined,
         remaining: k.remaining ?? undefined,
+        refill:
+          k.refillInterval && k.refillAmount && k.lastRefillAt
+            ? {
+                interval: k.refillInterval,
+                amount: k.refillAmount,
+                lastRefillAt: k.lastRefillAt?.getTime(),
+              }
+            : undefined,
       })),
       // @ts-ignore, mysql sucks
       total: parseInt(total.at(0)?.count ?? "0"),