fix: omitting array vs null

apps/api/src/routes/v1_migrations_createKey.happy.test.ts

@@ -480,10 +480,12 @@ test("an error rolls back and does not create any keys", async (t) => {
   // add a duplicate
   req.push(req[0]);
 
-
-  const res = await h.post<V1MigrationsCreateKeysRequest, {
-    error: { code: string }
-  }>({
+  const res = await h.post<
+    V1MigrationsCreateKeysRequest,
+    {
+      error: { code: string };
+    }
+  >({
     url: "/v1/migrations.createKeys",
     headers: {
       "Content-Type": "application/json",

go/apps/api/routes/v2_identities_list_identities/200_test.go

@@ -13,6 +13,7 @@ import (
 	"github.com/stretchr/testify/require"
 	handler "github.com/unkeyed/unkey/go/apps/api/routes/v2_identities_list_identities"
 	"github.com/unkeyed/unkey/go/pkg/db"
+	"github.com/unkeyed/unkey/go/pkg/ptr"
 	"github.com/unkeyed/unkey/go/pkg/testutil"
 	"github.com/unkeyed/unkey/go/pkg/uid"
 )
@@ -348,19 +349,32 @@ func TestSuccess(t *testing.T) {
 
 		// If we have results, verify the structure of an identity
 		if len(res.Body.Data) > 0 {
-			// Check the first identity
-			identity := res.Body.Data[0]
-
-			// ID fields should never be empty
-			require.NotEmpty(t, identity.ExternalId, "External ID should not be empty")
+			// Check all identities
+			for _, identity := range res.Body.Data {
+				// ID fields should never be empty
+				require.NotEmpty(t, identity.ExternalId, "External ID should not be empty")
+
+				dbIdentity, err := db.Query.FindIdentity(ctx, h.DB.RW(), db.FindIdentityParams{WorkspaceID: workspaceID, Identity: identity.ExternalId, Deleted: false})
+				require.NoError(t, err)
+				require.NotNil(t, dbIdentity, "Identity should be found in the database")
+
+				identityRatelimits, err := db.Query.ListIdentityRatelimits(ctx, h.DB.RW(), sql.NullString{Valid: true, String: dbIdentity.ID})
+				require.NoError(t, err)
+
+				if len(identityRatelimits) == 0 {
+					require.Nil(t, identity.Ratelimits, "Ratelimits should be nil")
+				} else {
+					require.NotNil(t, identity.Ratelimits, "Ratelimits should be set")
+					require.Len(t, ptr.SafeDeref(identity.Ratelimits), len(identityRatelimits), "Ratelimits should match the database")
+				}
 
-			// Meta might be nil if none set
-			if identity.Meta != nil {
-				// If present, should be a valid map
-				require.NotNil(t, *identity.Meta, "Meta should be a valid map")
+				if len(dbIdentity.Meta) > 0 {
+					raw, err := json.Marshal(identity.Meta)
+					require.NoError(t, err)
+					require.NotNil(t, identity.Meta, "Meta should be set")
+					require.JSONEq(t, string(raw), string(dbIdentity.Meta), "Meta should match the database")
+				}
 			}
-
-			require.NotNil(t, identity.Ratelimits, "Ratelimits should be set")
 		}
 	})
 }

go/apps/api/routes/v2_keys_get_key/handler.go

@@ -311,7 +311,9 @@ func (h *Handler) Handle(ctx context.Context, s *zen.Session) error {
 		}
 	}
 
-	k.Ratelimits = ptr.P(ratelimitsResponse)
+	if len(ratelimitsResponse) > 0 {
+		k.Ratelimits = ptr.P(ratelimitsResponse)
+	}
 
 	if key.Meta.Valid {
 		err = json.Unmarshal([]byte(key.Meta.String), &k.Meta)
@@ -330,7 +332,9 @@ func (h *Handler) Handle(ctx context.Context, s *zen.Session) error {
 		return fault.Wrap(err, fault.Code(codes.App.Internal.UnexpectedError.URN()),
 			fault.Internal("unable to find permissions for key"), fault.Public("Could not load permissions for key."))
 	}
-	k.Permissions = ptr.P(permissionSlugs)
+	if len(permissionSlugs) > 0 {
+		k.Permissions = ptr.P(permissionSlugs)
+	}
 
 	// Get roles for the key
 	roles, err := db.Query.ListRolesByKeyID(ctx, h.DB.RO(), k.KeyId)
@@ -339,12 +343,14 @@ func (h *Handler) Handle(ctx context.Context, s *zen.Session) error {
 			fault.Internal("unable to find roles for key"), fault.Public("Could not load roles for key."))
 	}
 
-	roleNames := make([]string, len(roles))
-	for i, role := range roles {
-		roleNames[i] = role.Name
-	}
+	if len(roles) > 0 {
+		roleNames := make([]string, len(roles))
+		for i, role := range roles {
+			roleNames[i] = role.Name
+		}
 
-	k.Roles = ptr.P(roleNames)
+		k.Roles = ptr.P(roleNames)
+	}
 
 	return s.JSON(http.StatusOK, Response{
 		Meta: openapi.Meta{

go/apps/api/routes/v2_keys_whoami/handler.go

@@ -239,7 +239,9 @@ func (h *Handler) Handle(ctx context.Context, s *zen.Session) error {
 		}
 	}
 
-	k.Ratelimits = ptr.P(ratelimitsResponse)
+	if len(ratelimitsResponse) > 0 {
+		k.Ratelimits = ptr.P(ratelimitsResponse)
+	}
 
 	if key.Meta.Valid {
 		err = json.Unmarshal([]byte(key.Meta.String), &k.Meta)
@@ -258,7 +260,10 @@ func (h *Handler) Handle(ctx context.Context, s *zen.Session) error {
 		return fault.Wrap(err, fault.Code(codes.App.Internal.UnexpectedError.URN()),
 			fault.Internal("unable to find permissions for key"), fault.Public("Could not load permissions for key."))
 	}
-	k.Permissions = ptr.P(permissionSlugs)
+
+	if len(permissionSlugs) > 0 {
+		k.Permissions = ptr.P(permissionSlugs)
+	}
 
 	// Get roles for the key
 	roles, err := db.Query.ListRolesByKeyID(ctx, h.DB.RO(), k.KeyId)
@@ -267,12 +272,14 @@ func (h *Handler) Handle(ctx context.Context, s *zen.Session) error {
 			fault.Internal("unable to find roles for key"), fault.Public("Could not load roles for key."))
 	}
 
-	roleNames := make([]string, len(roles))
-	for i, role := range roles {
-		roleNames[i] = role.Name
-	}
+	if len(roles) > 0 {
+		roleNames := make([]string, len(roles))
+		for i, role := range roles {
+			roleNames[i] = role.Name
+		}
 
-	k.Roles = ptr.P(roleNames)
+		k.Roles = ptr.P(roleNames)
+	}
 
 	return s.JSON(http.StatusOK, Response{
 		Meta: openapi.Meta{