Simplify API key.

An API key optionally belong to a service.

Author: jasny

package.json

@@ -20,7 +20,7 @@
     "test:e2e": "jest --config ./test/jest-e2e.json"
   },
   "dependencies": {
-    "@letsflow/core": "^1.0.4",
+    "@letsflow/core": "^1.2.4",
     "@nestjs/common": "^10.3.9",
     "@nestjs/core": "^10.3.9",
     "@nestjs/event-emitter": "^3.0.0",

src/apikey/apikey.dto.ts

@@ -34,35 +34,13 @@ export class ApiKey {
   revoked?: Date;
 
   @ApiProperty({
-    enum: privileges,
     type: 'array',
-    items: { type: 'string' },
+    items: { type: 'string', enum: privileges as any },
   })
   privileges: Array<Privilege>;
 
-  @ApiProperty({
-    type: 'array',
-    items: {
-      type: 'object',
-      properties: {
-        scenario: { type: 'string', format: 'uuid' },
-        actors: {
-          type: 'array',
-          items: { type: 'string' },
-        },
-        actions: {
-          type: 'array',
-          items: { type: 'string' },
-        },
-      },
-      required: ['scenario'],
-    },
-  })
-  processes?: Array<{
-    scenario: string;
-    actors?: string[];
-    actions?: string[];
-  }>;
+  @ApiProperty()
+  service?: string;
 
   isActive(): boolean {
     return !this.revoked && (!this.expiration || this.expiration > new Date());
@@ -83,26 +61,6 @@ export class IssueApiKeyDto {
   })
   privileges: Array<Privilege>;
 
-  @ApiProperty({
-    type: 'array',
-    items: {
-      type: 'object',
-      properties: {
-        scenario: { type: 'string', format: 'uuid' },
-        actors: {
-          type: 'array',
-          items: { type: 'string' },
-        },
-        actions: {
-          type: 'array',
-          items: { type: 'string' },
-        },
-      },
-    },
-  })
-  processes?: Array<{
-    scenario: string;
-    actors?: string[];
-    actions?: string[];
-  }>;
+  @ApiProperty()
+  service?: string;
 }

src/apikey/apikey.service.spec.ts

@@ -39,13 +39,7 @@ describe('ApiKeyService', () => {
         description: 'Test description',
         expirationDays: 1,
         privileges: ['process:start', 'process:step'],
-        processes: [
-          {
-            scenario: '43dec73d-7e4c-4f48-aacc-f913ff16e14f',
-            actions: ['complete'],
-            actors: ['admin'],
-          },
-        ],
+        service: 'test',
       };
 
       const insertOne = collection.insertOne.mockResolvedValue({
@@ -71,13 +65,7 @@ describe('ApiKeyService', () => {
       expect(insertedDoc.expiration.toISOString()).toEqual(expiration.toISOString());
 
       expect(insertedDoc).toHaveProperty('privileges', ['process:start', 'process:step']);
-      expect(insertedDoc).toHaveProperty('processes', [
-        {
-          scenario: '43dec73d-7e4c-4f48-aacc-f913ff16e14f',
-          actions: ['complete'],
-          actors: ['admin'],
-        },
-      ]);
+      expect(insertedDoc).toHaveProperty('service', 'test');
     });
   });
 
@@ -121,13 +109,7 @@ describe('ApiKeyService', () => {
         issued: new Date('2023-01-01'),
         expiration: new Date('2024-01-01'),
         privileges: ['process:step'],
-        processes: [
-          {
-            scenario: '43dec73d-7e4c-4f48-aacc-f913ff16e14f',
-            actions: ['complete'],
-            actors: ['admin'],
-          },
-        ],
+        service: 'test',
       });
 
       const apiKey = await service.get('123456789012345678901234');
@@ -143,6 +125,7 @@ describe('ApiKeyService', () => {
       expect(apiKey.issued.toISOString()).toEqual(new Date('2023-01-01').toISOString());
       expect(apiKey.expiration.toISOString()).toEqual(new Date('2024-01-01').toISOString());
       expect(apiKey.privileges).toEqual(['process:step']);
+      expect(apiKey.service).toEqual('test');
     });
   });
 

src/apikey/apikey.service.ts

@@ -38,8 +38,8 @@ export class ApiKeyService implements OnModuleInit {
         ? new Date(input.expiration)
         : this.determineExpiration(issued, input.expirationDays),
       privileges: input.privileges ?? [],
+      service: input.service,
     };
-    if (input.processes) apiKey.processes = input.processes;
 
     const result = await this.collection.insertOne(apiKey);
 

src/auth/auth.service.ts

@@ -116,11 +116,11 @@ export class AuthService implements OnModuleInit {
     };
   }
 
-  async verifyApiKey(token: string): Promise<Pick<ApiKey, 'privileges' | 'processes'> | null> {
+  async verifyApiKey(token: string): Promise<Pick<ApiKey, 'privileges' | 'service'> | null> {
     const doc = await this.apiKeys.findOne(
       { token, expiration: { $gt: new Date() }, revoked: { $exists: false } },
       {
-        projection: { _id: 0, privileges: 1, processes: 1 },
+        projection: { _id: 0, privileges: 1, service: 1 },
       },
     );
 

src/auth/types.ts

@@ -1,6 +1,6 @@
 import { ApiKey as FullApiKey } from '@/apikey';
 
-export type ApiKey = Pick<FullApiKey, 'privileges' | 'processes'>;
+export type ApiKey = Pick<FullApiKey, 'privileges' | 'service'>;
 
 export interface Account {
   id: string;

src/common/utils/clean.ts

@@ -0,0 +1,3 @@
+export function clean<T extends Record<string, any>>(input: T): T {
+  return Object.fromEntries(Object.entries(input).filter(([_, v]) => v !== undefined)) as T;
+}

src/notify/notify.service.ts

@@ -1,6 +1,6 @@
 import { Injectable, Logger } from '@nestjs/common';
 import { ZeromqService } from './zeromq/zeromq.service';
-import { Notify, Process } from '@letsflow/core/process';
+import { determineTrigger, Notify, Process } from '@letsflow/core/process';
 import { ConfigService } from '@/common/config/config.service';
 import { NotifyProvider } from './notify-provider.interface';
 import { OnEvent } from '@nestjs/event-emitter';
@@ -38,14 +38,24 @@ export class NotifyService implements NotifyProvider {
     try {
       const response = await this.getProvider(args.service).notify(process, args);
 
-      if (args.trigger && typeof response !== 'undefined') {
-        await this.processes.step(process, args.trigger, { key: `service:${args.service}` }, response);
+      if (typeof response !== 'undefined') {
+        await this.step(process, args.service, response);
       }
     } catch (err) {
       this.logger.error(err.message);
     }
   }
 
+  private async step(process: Process, service: string, response: any): Promise<void> {
+    const action = determineTrigger(process, service, response);
+
+    if (!action) {
+      throw new Error(`Service '${service}' gave a response, but unable to determine which action was executed`);
+    }
+
+    await this.processes.step(process, action, { key: `service:${service}` }, response);
+  }
+
   private getProvider(service: string): NotifyProvider {
     const settings = this.config.get('services')[service];
 

src/process/process.controller.spec.ts

@@ -102,52 +102,59 @@ describe('ProcessController', () => {
     ];
 
     const user = { id: '2', roles: ['admin', 'team', 'assistant'] } as Account;
-    const apiKey = {
-      processes: [{ scenario: 'test' }, { scenario: 'test2', actors: ['system'] }],
-    } as ApiKey;
+    const apiKey = { service: 'system' } as ApiKey;
 
     it('should return a list of processes', async () => {
       jest.spyOn(processService, 'list').mockResolvedValue(mockProcesses as any);
 
-      await controller.list(undefined, undefined, undefined, undefined, mockResponse);
+      await controller.list(undefined, undefined, undefined, undefined, undefined, mockResponse);
 
-      expect(processService.list).toHaveBeenCalledWith({ limit: 100, page: 1 });
+      expect(processService.list).toHaveBeenCalledWith({}, { limit: 100, page: 1 });
       expect(mockResponse.status).toHaveBeenCalledWith(HttpStatus.OK);
       expect(mockResponse.json).toHaveBeenCalledWith(mockProcesses);
     });
 
     it('should return page 2', async () => {
       jest.spyOn(processService, 'list').mockResolvedValue(mockProcesses as any);
 
-      await controller.list(2, undefined, undefined, undefined, mockResponse);
+      await controller.list(2, undefined, undefined, undefined, undefined, mockResponse);
 
-      expect(processService.list).toHaveBeenCalledWith({ limit: 100, page: 2 });
+      expect(processService.list).toHaveBeenCalledWith({}, { limit: 100, page: 2 });
     });
 
     it('should filter processes by actor for user', async () => {
       jest.spyOn(processService, 'list').mockResolvedValue(mockProcesses as any);
 
-      await controller.list(undefined, undefined, user, undefined, mockResponse);
+      await controller.list(undefined, undefined, undefined, user, undefined, mockResponse);
 
-      expect(processService.list).toHaveBeenCalledWith({
-        limit: 100,
-        page: 1,
-        actors: [{ id: '2' }, { role: 'admin' }, { role: 'team' }, { role: 'assistant' }],
-      });
+      expect(processService.list).toHaveBeenCalledWith(
+        { actors: [{ id: '2' }, { role: 'admin' }, { role: 'team' }, { role: 'assistant' }] },
+        { limit: 100, page: 1 },
+      );
     });
 
     it('should not filter processes by actor for admin user requesting all processes', async () => {
       jest.spyOn(processService, 'list').mockResolvedValue(mockProcesses as any);
 
-      await controller.list(undefined, true, user, undefined, mockResponse);
+      await controller.list(undefined, undefined, true, user, undefined, mockResponse);
 
-      expect(processService.list).toHaveBeenCalledWith({ limit: 100, page: 1 });
+      expect(processService.list).toHaveBeenCalledWith({}, { limit: 100, page: 1 });
     });
 
     it('should not allow user with super privileges to list all processes', async () => {
       authService.hasPrivilege.mockReturnValue(false);
 
-      await controller.list(undefined, true, { id: '2', roles: ['team'] } as Account, undefined, mockResponse);
+      await controller.list(
+        undefined,
+        undefined,
+        true,
+        {
+          id: '2',
+          roles: ['team'],
+        } as Account,
+        undefined,
+        mockResponse,
+      );
 
       expect(mockResponse.status).toHaveBeenCalledWith(HttpStatus.FORBIDDEN);
       expect(mockResponse.send).toHaveBeenCalledWith('Not allowed to list all processes');
@@ -159,21 +166,17 @@ describe('ProcessController', () => {
     it('should filter processes by scenario for API key', async () => {
       jest.spyOn(processService, 'list').mockResolvedValue(mockProcesses as any);
 
-      await controller.list(undefined, undefined, undefined, apiKey, mockResponse);
+      await controller.list(undefined, undefined, undefined, undefined, apiKey, mockResponse);
 
-      expect(processService.list).toHaveBeenCalledWith({
-        limit: 100,
-        page: 1,
-        scenarios: ['test', 'test2'],
-      });
+      expect(processService.list).toHaveBeenCalledWith({ service: 'system' }, { limit: 100, page: 1 });
     });
 
     it('should not filter processes for an API key without process limitations', async () => {
       jest.spyOn(processService, 'list').mockResolvedValue(mockProcesses as any);
 
-      await controller.list(undefined, true, undefined, {} as ApiKey, mockResponse);
+      await controller.list(undefined, undefined, true, undefined, {} as ApiKey, mockResponse);
 
-      expect(processService.list).toHaveBeenCalledWith({ limit: 100, page: 1 });
+      expect(processService.list).toHaveBeenCalledWith({}, { limit: 100, page: 1 });
     });
   });
 
@@ -186,6 +189,15 @@ describe('ProcessController', () => {
         client: { id: '3' },
         assistant: { role: 'assistant' },
       },
+      current: {
+        key: 'foo',
+        actions: [
+          {
+            key: 'generate',
+            actor: ['service:system'],
+          },
+        ],
+      },
       created: new Date(),
       lastUpdated: new Date(),
     };
@@ -194,13 +206,13 @@ describe('ProcessController', () => {
       ['admin user', { id: '1', roles: ['admin'], token: '' }, undefined],
       ['user by role', { id: '2', roles: ['assistant'], token: '' }, undefined],
       ['user by id', { id: '3', roles: [], token: '' }, undefined],
-      ['API key', undefined, { privileges: ['process:read'] }],
-      ['API key with scenario', undefined, { privileges: ['process:read'], processes: [{ scenario: 'test' }] }],
+      ['API key of service', undefined, { privileges: ['process:read'], service: 'system' }],
+      ['API key with super privs', undefined, { privileges: ['process:read', 'process:super'] }],
     ])('should return a process for %s', async (_, user, apiKey) => {
       processService.has.mockResolvedValue(true);
       processService.get.mockResolvedValue(mockProcess as any);
 
-      await controller.get('00000000-0000-0000-0001-000000000001', user, apiKey, mockResponse);
+      await controller.get('00000000-0000-0000-0001-000000000001', user, apiKey, false, mockResponse);
 
       expect(processService.has).toHaveBeenCalledWith('00000000-0000-0000-0001-000000000001');
       expect(processService.get).toHaveBeenCalledWith('00000000-0000-0000-0001-000000000001');
@@ -211,7 +223,7 @@ describe('ProcessController', () => {
     it('should return 404 if process not found', async () => {
       processService.has.mockResolvedValue(false);
 
-      await controller.get('00000000-0000-0000-0001-000000000001', undefined, undefined, mockResponse);
+      await controller.get('00000000-0000-0000-0001-000000000001', undefined, undefined, false, mockResponse);
 
       expect(processService.has).toHaveBeenCalledWith('00000000-0000-0000-0001-000000000001');
       expect(mockResponse.status).toHaveBeenCalledWith(HttpStatus.NOT_FOUND);
@@ -225,7 +237,7 @@ describe('ProcessController', () => {
       authService.hasPrivilege.mockReturnValue(false);
 
       const user = { id: '99', roles: [], token: '', info: {} };
-      await controller.get('00000000-0000-0000-0001-000000000001', user, undefined, mockResponse);
+      await controller.get('00000000-0000-0000-0001-000000000001', user, undefined, false, mockResponse);
 
       expect(mockResponse.status).toHaveBeenCalledWith(HttpStatus.FORBIDDEN);
 
@@ -242,7 +254,7 @@ describe('ProcessController', () => {
 
       const apiKey = { processes: [{ scenario: 'foo' }], privileges: [] };
 
-      await controller.get('00000000-0000-0000-0001-000000000001', undefined, apiKey, mockResponse);
+      await controller.get('00000000-0000-0000-0001-000000000001', undefined, apiKey, false, mockResponse);
 
       expect(mockResponse.status).toHaveBeenCalledWith(HttpStatus.FORBIDDEN);
     });
@@ -281,7 +293,7 @@ describe('ProcessController', () => {
       scenarioService.getStatus.mockResolvedValue('available');
       scenarioService.get.mockResolvedValue(scenario);
       processService.determineActor.mockReturnValue(actor);
-      processService.instantiate.mockResolvedValue(process);
+      processService.instantiate.mockReturnValue(process);
     });
 
     it('should start a new process', async () => {
@@ -293,7 +305,7 @@ describe('ProcessController', () => {
       const steppedProcess = step(process, 'init', actor);
       processService.step.mockResolvedValue(steppedProcess);
 
-      await controller.start(undefined, user, undefined, mockInstructions, mockResponse);
+      await controller.start(undefined, user, undefined, false, mockInstructions, mockResponse);
 
       expect(mockResponse.status).toHaveBeenCalledWith(HttpStatus.CREATED);
       expect(mockResponse.header).toHaveBeenCalledWith('Location', `/processes/${process.id}`);
@@ -316,7 +328,7 @@ describe('ProcessController', () => {
       const steppedProcess = step(process, 'init', actor, 'hello');
       processService.step.mockResolvedValue(steppedProcess);
 
-      await controller.start(undefined, user, undefined, mockInstructions, mockResponse);
+      await controller.start(undefined, user, undefined, false, mockInstructions, mockResponse);
 
       expect(mockResponse.status).toHaveBeenCalledWith(HttpStatus.CREATED);
       expect(mockResponse.header).toHaveBeenCalledWith('Location', `/processes/${process.id}`);
@@ -335,7 +347,7 @@ describe('ProcessController', () => {
       const steppedProcess = step(process, 'wrongAction', actor, {});
       processService.step.mockResolvedValue(steppedProcess);
 
-      await controller.start(undefined, user, undefined, mockInstructions, mockResponse);
+      await controller.start(undefined, user, undefined, false, mockInstructions, mockResponse);
 
       expect(mockResponse.status).toHaveBeenCalledWith(HttpStatus.BAD_REQUEST);
       expect(mockResponse.json).toHaveBeenCalledWith({