Adding docs and support for using both API keys and PATs when interacting with the env var endpoints

Author: ericallam

apps/webapp/app/presenters/v3/EnvironmentVariablesPresenter.server.ts

@@ -87,7 +87,7 @@ export class EnvironmentVariablesPresenter {
     );
 
     const repository = new EnvironmentVariablesRepository(this.#prismaClient);
-    const variables = await repository.getProject(project.id, userId);
+    const variables = await repository.getProject(project.id);
 
     return {
       environmentVariables: environmentVariables.map((environmentVariable) => {

apps/webapp/app/routes/_app.orgs.$organizationSlug.projects.v3.$projectParam.environment-variables.new/route.tsx

@@ -115,6 +115,13 @@ export const action = async ({ request, params }: ActionFunctionArgs) => {
   const project = await prisma.project.findUnique({
     where: {
       slug: params.projectParam,
+      organization: {
+        members: {
+          some: {
+            userId,
+          },
+        },
+      },
     },
     select: {
       id: true,
@@ -126,7 +133,7 @@ export const action = async ({ request, params }: ActionFunctionArgs) => {
   }
 
   const repository = new EnvironmentVariablesRepository(prisma);
-  const result = await repository.create(project.id, userId, submission.value);
+  const result = await repository.create(project.id, submission.value);
 
   if (!result.success) {
     if (result.variableErrors) {

apps/webapp/app/routes/_app.orgs.$organizationSlug.projects.v3.$projectParam.environment-variables/route.tsx

@@ -106,6 +106,13 @@ export const action = async ({ request, params }: ActionFunctionArgs) => {
   const project = await prisma.project.findUnique({
     where: {
       slug: params.projectParam,
+      organization: {
+        members: {
+          some: {
+            userId,
+          },
+        },
+      },
     },
     select: {
       id: true,
@@ -119,7 +126,7 @@ export const action = async ({ request, params }: ActionFunctionArgs) => {
   switch (submission.value.action) {
     case "edit": {
       const repository = new EnvironmentVariablesRepository(prisma);
-      const result = await repository.edit(project.id, userId, submission.value);
+      const result = await repository.edit(project.id, submission.value);
 
       if (!result.success) {
         submission.error.key = result.error;
@@ -138,7 +145,7 @@ export const action = async ({ request, params }: ActionFunctionArgs) => {
     }
     case "delete": {
       const repository = new EnvironmentVariablesRepository(prisma);
-      const result = await repository.delete(project.id, userId, submission.value);
+      const result = await repository.delete(project.id, submission.value);
 
       if (!result.success) {
         submission.error.key = result.error;

apps/webapp/app/routes/api.v1.projects.$projectRef.envvars.$slug.$name.ts

@@ -2,8 +2,10 @@ import { ActionFunctionArgs, LoaderFunctionArgs, json } from "@remix-run/server-
 import { UpdateEnvironmentVariableRequestBody } from "@trigger.dev/core/v3";
 import { z } from "zod";
 import { prisma } from "~/db.server";
-import { findProjectByRef } from "~/models/project.server";
-import { authenticateApiRequestWithPersonalAccessToken } from "~/services/personalAccessToken.server";
+import {
+  authenticateProjectApiKeyOrPersonalAccessToken,
+  authenticatedEnvironmentForAuthentication,
+} from "~/services/apiAuth.server";
 import { EnvironmentVariablesRepository } from "~/v3/environmentVariables/environmentVariablesRepository.server";
 
 const ParamsSchema = z.object({
@@ -19,44 +21,23 @@ export async function action({ params, request }: ActionFunctionArgs) {
     return json({ error: "Invalid params" }, { status: 400 });
   }
 
-  const authenticationResult = await authenticateApiRequestWithPersonalAccessToken(request);
+  const authenticationResult = await authenticateProjectApiKeyOrPersonalAccessToken(request);
 
   if (!authenticationResult) {
     return json({ error: "Invalid or Missing API key" }, { status: 401 });
   }
 
-  const user = await prisma.user.findUnique({
-    where: {
-      id: authenticationResult.userId,
-    },
-  });
-
-  if (!user) {
-    return json({ error: "Invalid or Missing API key" }, { status: 401 });
-  }
-
-  const project = await findProjectByRef(parsedParams.data.projectRef, user.id);
-
-  if (!project) {
-    return json({ error: "Project not found" }, { status: 404 });
-  }
-
-  const environment = await prisma.runtimeEnvironment.findFirst({
-    where: {
-      projectId: project.id,
-      slug: parsedParams.data.slug,
-    },
-  });
-
-  if (!environment) {
-    return json({ error: "Environment not found" }, { status: 404 });
-  }
+  const environment = await authenticatedEnvironmentForAuthentication(
+    authenticationResult,
+    parsedParams.data.projectRef,
+    parsedParams.data.slug
+  );
 
   // Find the environment variable
   const variable = await prisma.environmentVariable.findFirst({
     where: {
       key: parsedParams.data.name,
-      projectId: project.id,
+      projectId: environment.project.id,
     },
   });
 
@@ -68,7 +49,7 @@ export async function action({ params, request }: ActionFunctionArgs) {
 
   switch (request.method.toUpperCase()) {
     case "DELETE": {
-      const result = await repository.deleteValue(project.id, user.id, {
+      const result = await repository.deleteValue(environment.project.id, {
         id: variable.id,
         environmentId: environment.id,
       });
@@ -89,7 +70,7 @@ export async function action({ params, request }: ActionFunctionArgs) {
         return json({ error: "Invalid request body", issues: body.error.issues }, { status: 400 });
       }
 
-      const result = await repository.edit(project.id, user.id, {
+      const result = await repository.edit(environment.project.id, {
         values: [
           {
             value: body.data.value,
@@ -116,44 +97,23 @@ export async function loader({ params, request }: LoaderFunctionArgs) {
     return json({ error: "Invalid params" }, { status: 400 });
   }
 
-  const authenticationResult = await authenticateApiRequestWithPersonalAccessToken(request);
+  const authenticationResult = await authenticateProjectApiKeyOrPersonalAccessToken(request);
 
   if (!authenticationResult) {
     return json({ error: "Invalid or Missing API key" }, { status: 401 });
   }
 
-  const user = await prisma.user.findUnique({
-    where: {
-      id: authenticationResult.userId,
-    },
-  });
-
-  if (!user) {
-    return json({ error: "Invalid or Missing API key" }, { status: 401 });
-  }
-
-  const project = await findProjectByRef(parsedParams.data.projectRef, user.id);
-
-  if (!project) {
-    return json({ error: "Project not found" }, { status: 404 });
-  }
-
-  const environment = await prisma.runtimeEnvironment.findFirst({
-    where: {
-      projectId: project.id,
-      slug: parsedParams.data.slug,
-    },
-  });
-
-  if (!environment) {
-    return json({ error: "Environment not found" }, { status: 404 });
-  }
+  const environment = await authenticatedEnvironmentForAuthentication(
+    authenticationResult,
+    parsedParams.data.projectRef,
+    parsedParams.data.slug
+  );
 
   // Find the environment variable
   const variable = await prisma.environmentVariable.findFirst({
     where: {
       key: parsedParams.data.name,
-      projectId: project.id,
+      projectId: environment.project.id,
     },
   });
 
@@ -163,7 +123,7 @@ export async function loader({ params, request }: LoaderFunctionArgs) {
 
   const repository = new EnvironmentVariablesRepository();
 
-  const variables = await repository.getEnvironment(project.id, user.id, environment.id, true);
+  const variables = await repository.getEnvironment(environment.project.id, environment.id, true);
 
   const environmentVariable = variables.find((v) => v.key === parsedParams.data.name);
 

apps/webapp/app/routes/api.v1.projects.$projectRef.envvars.$slug.import.ts

@@ -2,9 +2,10 @@ import { ActionFunctionArgs, json } from "@remix-run/server-runtime";
 import { ImportEnvironmentVariablesRequestBody } from "@trigger.dev/core/v3";
 import { parse } from "dotenv";
 import { z } from "zod";
-import { prisma } from "~/db.server";
-import { findProjectByRef } from "~/models/project.server";
-import { authenticateApiRequestWithPersonalAccessToken } from "~/services/personalAccessToken.server";
+import {
+  authenticateProjectApiKeyOrPersonalAccessToken,
+  authenticatedEnvironmentForAuthentication,
+} from "~/services/apiAuth.server";
 import { EnvironmentVariablesRepository } from "~/v3/environmentVariables/environmentVariablesRepository.server";
 
 const ParamsSchema = z.object({
@@ -19,44 +20,23 @@ export async function action({ params, request }: ActionFunctionArgs) {
     return json({ error: "Invalid params" }, { status: 400 });
   }
 
-  const authenticationResult = await authenticateApiRequestWithPersonalAccessToken(request);
+  const authenticationResult = await authenticateProjectApiKeyOrPersonalAccessToken(request);
 
   if (!authenticationResult) {
     return json({ error: "Invalid or Missing API key" }, { status: 401 });
   }
 
-  const user = await prisma.user.findUnique({
-    where: {
-      id: authenticationResult.userId,
-    },
-  });
-
-  if (!user) {
-    return json({ error: "Invalid or Missing API key" }, { status: 401 });
-  }
-
-  const project = await findProjectByRef(parsedParams.data.projectRef, user.id);
-
-  if (!project) {
-    return json({ error: "Project not found" }, { status: 404 });
-  }
-
-  const environment = await prisma.runtimeEnvironment.findFirst({
-    where: {
-      projectId: project.id,
-      slug: parsedParams.data.slug,
-    },
-  });
-
-  if (!environment) {
-    return json({ error: "Environment not found" }, { status: 404 });
-  }
+  const environment = await authenticatedEnvironmentForAuthentication(
+    authenticationResult,
+    parsedParams.data.projectRef,
+    parsedParams.data.slug
+  );
 
   const repository = new EnvironmentVariablesRepository();
 
   const body = await parseImportBody(request);
 
-  const result = await repository.create(project.id, user.id, {
+  const result = await repository.create(environment.project.id, {
     overwrite: body.overwrite === true ? true : false,
     environmentIds: [environment.id],
     variables: Object.entries(body.variables).map(([key, value]) => ({
@@ -75,15 +55,21 @@ export async function action({ params, request }: ActionFunctionArgs) {
 async function parseImportBody(request: Request): Promise<ImportEnvironmentVariablesRequestBody> {
   const contentType = request.headers.get("content-type") ?? "application/json";
 
-  if (contentType.includes("application/octet-stream")) {
-    // We have a "dotenv" formatted file uploaded
-    const buffer = await request.arrayBuffer();
+  if (contentType.includes("multipart/form-data")) {
+    const formData = await request.formData();
+
+    const file = formData.get("file");
+    const overwrite = formData.get("overwrite") === "true";
 
-    const variables = parse(Buffer.from(buffer));
+    if (file instanceof File) {
+      const buffer = await file.arrayBuffer();
 
-    const overwrite = request.headers.get("x-overwrite") === "true";
+      const variables = parse(Buffer.from(buffer));
 
-    return { variables, overwrite };
+      return { variables, overwrite };
+    } else {
+      throw json({ error: "Invalid file" }, { status: 400 });
+    }
   } else {
     const rawBody = await request.json();