better-auth

LukeParke/better-auth

Fork 0

mirror of https://github.com/LukeHagar/better-auth.git synced 2025-12-06 12:27:44 +00:00

Commit Graph

Author	SHA1	Message	Date
Maxwell	ec9edc357a	feat: API Key plugin (#1515 ) * feat: API-key plugin * add: `deleteAllExpiredApiKeys` functionality * fix: fetching sessions from headers * update: types & create-api-key now checks for min & max expiresIn values * tests: Started working on tests * add: features - added list functionality - added min & max prefix length - added min & max name length - added metadata enable/disable option - added `disableSessionForAPIKeys` option - verify API key now checks for expiration & refills - added regex to check prefix of api key * fix: create-api-key's expiration using `/` instead of `` update: schema `metadata` transforms invalid values as `null` * fix: create-api-key metadata should go through transformation * fix: missing metadata wouldn't have `'null'` as value * update: error types * fix: remove console.logs from verify * fix: rate-limit not working * fix: rate-limit plugin options types * chore: remove logs * update: removed `key` field from result apiKey type of the update-api-key endpoint * fix: typo * update: create & update if checks - create now checks if custom expiration times are allowed - update now allows name values & checks if name is within length range - update now also checks for custom expiration times are allowed * update(WIP): tests * fix: added the missing error throw when there is no values to update * fix: update-api-key checks expiresIn in days, not ms - also updated create-api-key & update-api-key to have more detailed event logging * fix: update api key's remaining count's min & max checks - also added more detail to the events * fix: update-api-key can now update refillInterval & refillAmount properly * fix: metadata in update-api-key transforms between string & obj correctly * add: all of the `update` tests * update: get-api-key metadata is now obj instead of string * add: listApiKeys functionality * fix: get-session to use mock session based on header API keys * update: tests to test against get-session, get-api-key, and list-api-key * add: `start` field to show the first few characters of an API key * fix: very silly mistake * update: tests to validate `start` property * update: create-api-key checks if properties are set from server & allows for custom rate-limit rules - also updated tests to check against this * update: verify-api-key to check if a row has the right user-id - this also should speed up the DB process too. (I'm pretty sure) * update: `delete-all-expired-api-keys` endpoint added & updated list-api-keys endpoint function name * add: customAPIKeyValidator fn, and fixed verification `remaining` and `lastRefillAt` values updating DB incorrectly * update: documentation * add: rate-limiting enable/disable on a per-key level * update: docs * fix: correct expiration time units and improve error messages in API key handling * fix: allow creating apiKeys by providing userId on the server * fix: user userId instead of headers to differ server vs client calls on create api key * wip * fix: JSDoc comment * fix: tests not passing due to invalid expiresIn value Since the expiresIn got changed from `ms` to `sec`, this needed to be changed as well. * wip * fix(api-key): update tests and error messages for API key verification * fix(api-key): update API key fixes * refactor tests and remove events * refactor(api-key): remove unused event handling and clean up type definitions * add: minimum values to `create-api-key` numeric input options * fix: remove `opts.events` in delete-api-key route * refactor: all returning routes which can contain `key` - more performant - better typed - cleaner code :D * update: added minimum values to update-api-key endpoint as well * fix: removed `maximumRemaining` & `minimumRemaining` default values in `opts` * docs: ready (unless I make minor adjustments later) 🫡 * fix(docs): links & invalid code examples * fix: output transform of metadata to use ParseJSON * fix: tests failing due to async metadata transform output * fix: return types for verify-api-key endpoint * fix: tests failing due to invalid expiresIn minimum value * docs: reorder sidebar items for API Key * wip * docs(api-key): enhance documentation with permissions and usage details - Updated API key documentation with comprehensive permissions explanation - Added examples for setting default permissions, creating, verifying, and updating API keys with permissions - Clarified API key creation, verification, and update processes - Improved code examples and descriptions for better understanding * chore: lint * fix(docs): incorrect wording / explanation on refillInterval/refillAmount * add(docs): missing permissions info in docs --------- Co-authored-by: Bereket Engida <bekacru@gmail.com>	2025-02-28 17:11:03 +03:00

Author

SHA1

Message

Date

Maxwell

ec9edc357a

feat: API Key plugin (#1515 )

* feat: API-key plugin

* add: `deleteAllExpiredApiKeys` functionality

* fix: fetching sessions from headers

* update: types & create-api-key now checks for min & max expiresIn values

* tests: Started working on tests

* add: features

- added list functionality
- added min & max prefix length
- added min & max name length
- added metadata enable/disable option
- added `disableSessionForAPIKeys` option
- verify API key now checks for expiration & refills
- added regex to check prefix of api key

* fix: create-api-key's expiration using `/` instead of `*`

* update: schema `metadata` transforms invalid values as `null`

* fix: create-api-key metadata should go through transformation

* fix: missing metadata wouldn't have `'null'` as value

* update: error types

* fix: remove console.logs from verify

* fix: rate-limit not working

* fix: rate-limit plugin options types

* chore: remove logs

* update: removed `key` field from result apiKey type of the update-api-key endpoint

* fix: typo

* update: create & update if checks

- create now checks if custom expiration times are allowed
- update now allows name values & checks if name is within length range
- update now also checks for custom expiration times are allowed

* update(WIP): tests

* fix: added the missing error throw when there is no values to update

* fix: update-api-key checks expiresIn in days, not ms

- also updated create-api-key & update-api-key to have more detailed event logging

* fix: update api key's remaining count's min & max checks

- also added more detail to the events

* fix: update-api-key can now update refillInterval & refillAmount properly

* fix: metadata in update-api-key transforms between string & obj correctly

* add: all of the `update` tests

* update: get-api-key metadata is now obj instead of string

* add: listApiKeys functionality

* fix: get-session to use mock session based on header API keys

* update: tests to test against get-session, get-api-key, and list-api-key

* add: `start` field to show the first few characters of an API key

* fix: very silly mistake

* update: tests to validate `start` property

* update: create-api-key checks if properties are set from server & allows for custom rate-limit rules

- also updated tests to check against this

* update: verify-api-key to check if a row has the right user-id

- this also should speed up the DB process too. (I'm pretty sure)

* update: `delete-all-expired-api-keys` endpoint added & updated list-api-keys endpoint function name

* add: customAPIKeyValidator fn, and fixed verification `remaining` and `lastRefillAt` values updating DB incorrectly

* update: documentation

* add: rate-limiting enable/disable on a per-key level

* update: docs

* fix: correct expiration time units and improve error messages in API key handling

* fix: allow creating apiKeys by providing userId on the server

* fix: user userId instead of headers to differ server vs client calls on create api key

* wip

* fix: JSDoc comment

* fix: tests not passing due to invalid expiresIn value

Since the expiresIn got changed from `ms` to `sec`, this needed to be changed as well.

* wip

* fix(api-key): update tests and error messages for API key verification

* fix(api-key): update API key fixes

* refactor tests and remove events

* refactor(api-key): remove unused event handling and clean up type definitions

* add: minimum values to `create-api-key` numeric input options

* fix: remove `opts.events` in delete-api-key route

* refactor: all returning routes which can contain `key`

- more performant
- better typed
- cleaner code

:D

* update: added minimum values to update-api-key endpoint as well

* fix: removed `maximumRemaining` & `minimumRemaining` default values in `opts`

* docs: ready (unless I make minor adjustments later) 🫡

* fix(docs): links & invalid code examples

* fix: output transform of metadata to use ParseJSON

* fix: tests failing due to async metadata transform output

* fix: return types for verify-api-key endpoint

* fix: tests failing due to invalid expiresIn minimum value

* docs: reorder sidebar items for API Key

* wip

* docs(api-key): enhance documentation with permissions and usage details

- Updated API key documentation with comprehensive permissions explanation
- Added examples for setting default permissions, creating, verifying, and updating API keys with permissions
- Clarified API key creation, verification, and update processes
- Improved code examples and descriptions for better understanding

* chore: lint

* fix(docs): incorrect wording / explanation on refillInterval/refillAmount

* add(docs): missing permissions info in docs

---------

Co-authored-by: Bereket Engida <bekacru@gmail.com>

2025-02-28 17:11:03 +03:00

1 Commits