Skip to content

refactor: update identity param for v2 #3661

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Flo4604 merged 11 commits into from
Jul 29, 2025
Merged

refactor: update identity param for v2 #3661

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
b656d5d
refactor: use single param to query identity
ogzhanolguncu Jul 25, 2025
fca1ad8
chore: replace name
ogzhanolguncu Jul 25, 2025
54a11e9
refactor: make routes consistent
ogzhanolguncu Jul 25, 2025
f84b8d7
refactor: replace delete params too
ogzhanolguncu Jul 25, 2025
2f2da3c
chore: remove comments
ogzhanolguncu Jul 25, 2025
e243b50
fix: coderabbit comments
ogzhanolguncu Jul 28, 2025
21f3d06
fix: typo
ogzhanolguncu Jul 28, 2025
39dd30c
fix: broken test case
ogzhanolguncu Jul 28, 2025
2507a9a
Merge branch 'main' of github.com:unkeyed/unkey into update-identity-…
ogzhanolguncu Jul 28, 2025
3ca7a64
refactor: atomicly remove old identity and ratelimits
ogzhanolguncu Jul 29, 2025
6d1252f
Merge branch 'main' of github.com:unkeyed/unkey into update-identity-…
ogzhanolguncu Jul 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 4 additions & 6 deletions go/apps/api/openapi/gen.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

19 changes: 8 additions & 11 deletions go/apps/api/openapi/openapi-generated.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -385,19 +385,16 @@ components:

To resolve this error, check the current state of the resource and adjust your request accordingly.
V2IdentitiesDeleteIdentityRequestBody:
additionalProperties: false
type: object
properties:
externalId:
identity:
type: string
minLength: 3
description: |
The id of this identity in your system.
This should match the externalId value you used when creating the identity.
This identifier typically comes from your authentication system and could be a userId, organizationId, or any other stable unique identifier in your application.
description: The ID of the identity to delete. This can be either the externalId (from your own system that was used during identity creation) or the identityId (the internal ID returned by the identity service).
example: user_123
additionalProperties: false
required:
- externalId
- identity
V2IdentitiesDeleteIdentityResponseBody:
type: object
description: Empty response object. A successful response indicates the identity was deleted successfully.
Expand All @@ -409,14 +406,14 @@ components:
V2IdentitiesGetIdentityRequestBody:
type: object
properties:
externalId:
identity:
type: string
minLength: 1
description: The external ID of the identity to retrieve. This is the ID from your own system that was used during identity creation.
minLength: 3
description: The ID of the identity to retrieve. This can be either the externalId (from your own system that was used during identity creation) or the identityId (the internal ID returned by the identity service).
example: user_abc123
additionalProperties: false
required:
- externalId
- identity
V2IdentitiesGetIdentityResponseBody:
type: object
required:
Expand Down
11 changes: 4 additions & 7 deletions ...penapi/spec/paths/v2/identities/deleteIdentity/V2IdentitiesDeleteIdentityRequestBody.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,10 @@
additionalProperties: false
type: object
properties:
externalId:
identity:
type: string
minLength: 3
description: |
The id of this identity in your system.
This should match the externalId value you used when creating the identity.
This identifier typically comes from your authentication system and could be a userId, organizationId, or any other stable unique identifier in your application.
description: The ID of the identity to delete. This can be either the externalId (from your own system that was used during identity creation) or the identityId (the internal ID returned by the identity service).
example: user_123
additionalProperties: false
required:
- externalId
- identity
9 changes: 4 additions & 5 deletions .../api/openapi/spec/paths/v2/identities/getIdentity/V2IdentitiesGetIdentityRequestBody.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
type: object
properties:
externalId:
identity:
type: string
minLength: 1
description: The external ID of the identity to retrieve. This is the ID
from your own system that was used during identity creation.
minLength: 3
description: The ID of the identity to retrieve. This can be either the externalId (from your own system that was used during identity creation) or the identityId (the internal ID returned by the identity service).
example: user_abc123
additionalProperties: false
required:
- externalId
- identity
10 changes: 6 additions & 4 deletions go/apps/api/routes/v2_apis_list_keys/handler.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,10 @@ import (
"github.com/unkeyed/unkey/go/pkg/zen"
)

type Request = openapi.V2ApisListKeysRequestBody
type Response = openapi.V2ApisListKeysResponseBody
type (
Request = openapi.V2ApisListKeysRequestBody
Response = openapi.V2ApisListKeysResponseBody
)

// Handler implements zen.Route interface for the v2 APIs list keys endpoint
type Handler struct {
Expand Down Expand Up @@ -175,9 +177,9 @@ func (h *Handler) Handle(ctx context.Context, s *zen.Session) error {
// 5. Query the keys
var identityId string
if req.ExternalId != nil && *req.ExternalId != "" {
identity, findErr := db.Query.FindIdentityByExternalID(ctx, h.DB.RO(), db.FindIdentityByExternalIDParams{
identity, findErr := db.Query.FindIdentity(ctx, h.DB.RO(), db.FindIdentityParams{
WorkspaceID: auth.AuthorizedWorkspaceID,
ExternalID: *req.ExternalId,
Identity: *req.ExternalId,
Deleted: false,
})
if findErr != nil {
Expand Down
46 changes: 24 additions & 22 deletions go/apps/api/routes/v2_identities_create_identity/200_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,9 +49,10 @@ func TestCreateIdentitySuccessfully(t *testing.T) {
})
require.NoError(t, err)

identity, err := db.Query.FindIdentityByID(ctx, h.DB.RO(), db.FindIdentityByIDParams{
ID: identityID,
Deleted: false,
identity, err := db.Query.FindIdentity(ctx, h.DB.RO(), db.FindIdentityParams{
Identity: identityID,
Deleted: false,
WorkspaceID: h.Resources().UserWorkspace.ID,
})
require.NoError(t, err)
require.Equal(t, identity.ExternalID, externalTestID)
Expand All @@ -71,9 +72,10 @@ func TestCreateIdentitySuccessfully(t *testing.T) {
})
require.NoError(t, err)

identity, err := db.Query.FindIdentityByID(ctx, h.DB.RO(), db.FindIdentityByIDParams{
ID: identityID,
Deleted: false,
identity, err := db.Query.FindIdentity(ctx, h.DB.RO(), db.FindIdentityParams{
Identity: identityID,
Deleted: false,
WorkspaceID: h.Resources().UserWorkspace.ID,
})
require.NoError(t, err)
require.Equal(t, identity.ExternalID, externalTestID)
Expand Down Expand Up @@ -106,9 +108,9 @@ func TestCreateIdentitySuccessfully(t *testing.T) {
require.Equal(t, 200, res.Status, "expected 200, received: %#v", res)
require.NotNil(t, res.Body)

identity, err := db.Query.FindIdentityByExternalID(ctx, h.DB.RO(), db.FindIdentityByExternalIDParams{
identity, err := db.Query.FindIdentity(ctx, h.DB.RO(), db.FindIdentityParams{
WorkspaceID: h.Resources().UserWorkspace.ID,
ExternalID: externalTestID,
Identity: externalTestID,
Deleted: false,
})
require.NoError(t, err)
Expand All @@ -128,9 +130,9 @@ func TestCreateIdentitySuccessfully(t *testing.T) {
require.Equal(t, 200, res.Status, "expected 200, received: %#v", res)
require.NotNil(t, res.Body)

identity, err := db.Query.FindIdentityByExternalID(ctx, h.DB.RO(), db.FindIdentityByExternalIDParams{
identity, err := db.Query.FindIdentity(ctx, h.DB.RO(), db.FindIdentityParams{
WorkspaceID: h.Resources().UserWorkspace.ID,
ExternalID: externalTestID,
Identity: externalTestID,
Deleted: false,
})
require.NoError(t, err)
Expand Down Expand Up @@ -169,9 +171,9 @@ func TestCreateIdentitySuccessfully(t *testing.T) {
require.Equal(t, 200, res.Status, "expected 200, received: %#v", res)
require.NotNil(t, res.Body)

identity, err := db.Query.FindIdentityByExternalID(ctx, h.DB.RO(), db.FindIdentityByExternalIDParams{
identity, err := db.Query.FindIdentity(ctx, h.DB.RO(), db.FindIdentityParams{
WorkspaceID: h.Resources().UserWorkspace.ID,
ExternalID: externalTestID,
Identity: externalTestID,
Deleted: false,
})
require.NoError(t, err)
Expand Down Expand Up @@ -228,9 +230,9 @@ func TestCreateIdentitySuccessfully(t *testing.T) {
require.Equal(t, 200, res.Status, "expected 200, received: %#v", res)
require.NotNil(t, res.Body)

identity, err := db.Query.FindIdentityByExternalID(ctx, h.DB.RO(), db.FindIdentityByExternalIDParams{
identity, err := db.Query.FindIdentity(ctx, h.DB.RO(), db.FindIdentityParams{
WorkspaceID: h.Resources().UserWorkspace.ID,
ExternalID: externalTestID,
Identity: externalTestID,
Deleted: false,
})
require.NoError(t, err)
Expand Down Expand Up @@ -304,9 +306,9 @@ func TestCreateIdentitySuccessfully(t *testing.T) {
require.Equal(t, 200, res.Status, "expected 200, received: %#v", res)
require.NotNil(t, res.Body)

identity, err := db.Query.FindIdentityByExternalID(ctx, h.DB.RO(), db.FindIdentityByExternalIDParams{
identity, err := db.Query.FindIdentity(ctx, h.DB.RO(), db.FindIdentityParams{
WorkspaceID: h.Resources().UserWorkspace.ID,
ExternalID: externalTestID,
Identity: externalTestID,
Deleted: false,
})
require.NoError(t, err)
Expand Down Expand Up @@ -345,9 +347,9 @@ func TestCreateIdentitySuccessfully(t *testing.T) {

// Verify each identity was created with the correct externalId
for i, externalID := range externalIDs {
identity, err := db.Query.FindIdentityByExternalID(ctx, h.DB.RO(), db.FindIdentityByExternalIDParams{
identity, err := db.Query.FindIdentity(ctx, h.DB.RO(), db.FindIdentityParams{
WorkspaceID: h.Resources().UserWorkspace.ID,
ExternalID: externalID,
Identity: externalID,
Deleted: false,
})
identityIDs = append(identityIDs, identity.ID)
Expand Down Expand Up @@ -375,9 +377,9 @@ func TestCreateIdentitySuccessfully(t *testing.T) {
require.NotNil(t, res.Body)

// Verify in database
identity, err := db.Query.FindIdentityByExternalID(ctx, h.DB.RO(), db.FindIdentityByExternalIDParams{
identity, err := db.Query.FindIdentity(ctx, h.DB.RO(), db.FindIdentityParams{
WorkspaceID: h.Resources().UserWorkspace.ID,
ExternalID: externalTestID,
Identity: externalTestID,
Deleted: false,
})
require.NoError(t, err)
Expand Down Expand Up @@ -415,9 +417,9 @@ func TestCreateIdentitySuccessfully(t *testing.T) {
require.NotNil(t, res.Body)

// Verify in database
identity, err := db.Query.FindIdentityByExternalID(ctx, h.DB.RO(), db.FindIdentityByExternalIDParams{
identity, err := db.Query.FindIdentity(ctx, h.DB.RO(), db.FindIdentityParams{
WorkspaceID: h.Resources().UserWorkspace.ID,
ExternalID: externalTestID,
Identity: externalTestID,
Deleted: false,
})
require.NoError(t, err)
Expand Down
54 changes: 29 additions & 25 deletions go/apps/api/routes/v2_identities_delete_identity/200_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ func createTestIdentity(t *testing.T, h *testutil.Harness, numberOfRatelimits in
require.NoError(t, err)

ratelimitIds := make([]string, 0, numberOfRatelimits)
for i := 0; i < numberOfRatelimits; i++ {
for i := range numberOfRatelimits {
rateLimitID := uid.New(uid.RatelimitPrefix)
err = db.Query.InsertIdentityRatelimit(t.Context(), h.DB.RW(), db.InsertIdentityRatelimitParams{
ID: rateLimitID,
Expand Down Expand Up @@ -82,33 +82,33 @@ func TestDeleteIdentitySuccess(t *testing.T) {
testIdentity := createTestIdentity(t, h, 0)

// Verify identity exists before deletion
identity, err := db.Query.FindIdentityByExternalID(ctx, h.DB.RO(), db.FindIdentityByExternalIDParams{
identity, err := db.Query.FindIdentity(ctx, h.DB.RO(), db.FindIdentityParams{
WorkspaceID: h.Resources().UserWorkspace.ID,
ExternalID: testIdentity.ExternalID,
Identity: testIdentity.ExternalID,
Deleted: false,
})
require.NoError(t, err)
require.Equal(t, testIdentity.ExternalID, identity.ExternalID)

// Delete the identity via API
req := handler.Request{ExternalId: testIdentity.ExternalID}
req := handler.Request{Identity: testIdentity.ExternalID}
res := testutil.CallRoute[handler.Request, handler.Response](h, route, headers, req)

require.Equal(t, 200, res.Status, "expected 200, received: %#v", res)
require.NotNil(t, res.Body)

// Verify identity is soft deleted
_, err = db.Query.FindIdentityByExternalID(ctx, h.DB.RO(), db.FindIdentityByExternalIDParams{
_, err = db.Query.FindIdentity(ctx, h.DB.RO(), db.FindIdentityParams{
WorkspaceID: h.Resources().UserWorkspace.ID,
ExternalID: testIdentity.ExternalID,
Identity: testIdentity.ExternalID,
Deleted: false,
})
require.Equal(t, sql.ErrNoRows, err, "identity should not be found with deleted=false")

// Verify identity still exists but marked as deleted
deletedIdentity, err := db.Query.FindIdentityByExternalID(ctx, h.DB.RO(), db.FindIdentityByExternalIDParams{
deletedIdentity, err := db.Query.FindIdentity(ctx, h.DB.RO(), db.FindIdentityParams{
WorkspaceID: h.Resources().UserWorkspace.ID,
ExternalID: testIdentity.ExternalID,
Identity: testIdentity.ExternalID,
Deleted: true,
})
require.NoError(t, err, "identity should still exist with deleted=true")
Expand All @@ -126,16 +126,17 @@ func TestDeleteIdentitySuccess(t *testing.T) {
require.Len(t, rateLimits, numberOfRatelimits)

// Delete the identity via API
req := handler.Request{ExternalId: testIdentity.ExternalID}
req := handler.Request{Identity: testIdentity.ExternalID}
res := testutil.CallRoute[handler.Request, handler.Response](h, route, headers, req)

require.Equal(t, 200, res.Status, "expected 200, received: %#v", res)
require.NotNil(t, res.Body)

// Verify identity is soft deleted
_, err = db.Query.FindIdentityByID(ctx, h.DB.RO(), db.FindIdentityByIDParams{
ID: testIdentity.ID,
Deleted: false,
_, err = db.Query.FindIdentity(ctx, h.DB.RO(), db.FindIdentityParams{
WorkspaceID: h.Resources().UserWorkspace.ID,
Identity: testIdentity.ID,
Deleted: false,
})
require.Equal(t, sql.ErrNoRows, err)

Expand All @@ -155,16 +156,17 @@ func TestDeleteIdentitySuccess(t *testing.T) {
"Authorization": {fmt.Sprintf("Bearer %s", wildcardKey)},
}

req := handler.Request{ExternalId: testIdentity.ExternalID}
req := handler.Request{Identity: testIdentity.ExternalID}
res := testutil.CallRoute[handler.Request, handler.Response](h, route, wildcardHeaders, req)

require.Equal(t, 200, res.Status, "expected 200, received: %#v", res)
require.NotNil(t, res.Body)

// Verify identity is soft deleted
_, err := db.Query.FindIdentityByID(ctx, h.DB.RO(), db.FindIdentityByIDParams{
ID: testIdentity.ID,
Deleted: false,
_, err := db.Query.FindIdentity(ctx, h.DB.RO(), db.FindIdentityParams{
WorkspaceID: h.Resources().UserWorkspace.ID,
Identity: testIdentity.ID,
Deleted: false,
})
require.Equal(t, sql.ErrNoRows, err)
})
Expand All @@ -173,7 +175,7 @@ func TestDeleteIdentitySuccess(t *testing.T) {
testIdentity := createTestIdentity(t, h, 2)

// Delete the identity
req := handler.Request{ExternalId: testIdentity.ExternalID}
req := handler.Request{Identity: testIdentity.ExternalID}
res := testutil.CallRoute[handler.Request, handler.Response](h, route, headers, req)

require.Equal(t, 200, res.Status, "expected 200, received: %#v", res)
Expand All @@ -199,7 +201,7 @@ func TestDeleteIdentitySuccess(t *testing.T) {
testIdentity := createTestIdentity(t, h, 0)

// Delete the identity once
req := handler.Request{ExternalId: testIdentity.ExternalID}
req := handler.Request{Identity: testIdentity.ExternalID}
res1 := testutil.CallRoute[handler.Request, handler.Response](h, route, headers, req)
require.Equal(t, 200, res1.Status, "first deletion should succeed")

Expand All @@ -216,21 +218,23 @@ func TestDeleteIdentitySuccess(t *testing.T) {
require.NoError(t, err)

// Delete the new identity (this should trigger duplicate key error handling)
req2 := handler.Request{ExternalId: testIdentity.ExternalID}
req2 := handler.Request{Identity: testIdentity.ExternalID}
res2 := testutil.CallRoute[handler.Request, handler.Response](h, route, headers, req2)
require.Equal(t, 200, res2.Status, "second deletion should succeed despite duplicate key scenario")

// Verify the new identity is soft deleted
_, err = db.Query.FindIdentityByID(ctx, h.DB.RO(), db.FindIdentityByIDParams{
ID: newIdentityID,
Deleted: false,
_, err = db.Query.FindIdentity(ctx, h.DB.RO(), db.FindIdentityParams{
WorkspaceID: h.Resources().UserWorkspace.ID,
Identity: newIdentityID,
Deleted: false,
})
require.Equal(t, sql.ErrNoRows, err)

// Verify the old identity was hard deleted (should not be found even with deleted=true)
_, err = db.Query.FindIdentityByID(ctx, h.DB.RO(), db.FindIdentityByIDParams{
ID: testIdentity.ID,
Deleted: true,
_, err = db.Query.FindIdentity(ctx, h.DB.RO(), db.FindIdentityParams{
WorkspaceID: h.Resources().UserWorkspace.ID,
Identity: testIdentity.ID,
Deleted: true,
})
require.Equal(t, sql.ErrNoRows, err, "old identity should be hard deleted")
})
Expand Down
Loading
Loading