codeflash-ai/codeflash-internal
1
0
Fork 0
Code Issues Pull requests 33 Projects Releases Packages Wiki Activity Actions 742
codeflash-internal/js/cf-webapp/src/app/(dashboard)/apikeys/page.tsx
HeshamHM28 a805f4cfbf revert: rollback PR #2601 and dependent fixes to ec39cd51 
Reverts the following commits from main:
- d7a8b8f2 perf: fix CI build + lazy-load heavy libs + parallelize DB queries (#2601)
- 48b5e2b4 fix: make tree-sitter WASM build failure non-fatal when cache exists (#2602)
- c372b6bc Merge pull request #2603 from codeflash-ai/fix/deploy-build-common
- b656bb1d fix: cf-api deploy broken by pnpm workspace migration
- c1b0076c fix: align TypeScript versions to deduplicate @prisma/client in pnpm
- 09ed4d4b fix: use redirect instead of throw for auth failures during prerender
- 71127055 fix: redirect remaining auth throws that crash prerendering

PR #2601 introduced 18 bugs including 5 authorization bypass vulnerabilities:
- Cross-org data access via forged currentOrganizationId cookie
- Cross-repo/cross-org member role escalation and deletion (unscoped lookups)
- Missing replayTests/concolicTests in approval flow
- repository_id filter silently broken for personal accounts
- Tests mocking wrong Prisma method ($queryRawUnsafe vs $queryRaw)

The subsequent PRs (#2602, #2603, and follow-up commits) were dependent
fixes for issues caused by #2601 and are reverted together.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-13 18:59:11 +00:00

114 lines
3.2 KiB
TypeScript
Raw Blame History

"use server"
import { type JSX } from "react"
import { auth0 } from "@/lib/auth0"
import { CreateApiKeyDialog } from "./dialog-create-api-key"
import { Separator } from "@/components/ui/separator"
import { ApiKeyTable } from "./api-key-table"
import { type cf_api_keys } from "@prisma/client"
import PostHogClient from "@/lib/posthog"
import { VS_CODE_KEY_NAME } from "@codeflash-ai/common"
import { prisma } from "@/lib/prisma"
interface ApiKeyWithOrg extends cf_api_keys {
organization?: {
id: string
name: string
} | null
user?: {
user_id: string
github_username: string
name: string | null
email: string | null
} | null
}
export default async function APIKeyGenerator(): Promise<JSX.Element> {
const session = await auth0.getSession()
// Auth handled by middleware + layout
if (!session?.user) {
throw new Error("Authentication required")
}
const userId = session.user.sub
// Get user's organization memberships
const userOrgMemberships = await prisma.organization_members.findMany({
where: { user_id: userId },
select: { organization_id: true },
})
const userOrgIds = userOrgMemberships.map(m => m.organization_id)
// Fetch personal keys (no organization) and keys from user's organizations
const apiKeys: ApiKeyWithOrg[] = await prisma.cf_api_keys.findMany({
where: {
OR: [{ user_id: userId, organization_id: null }, { organization_id: { in: userOrgIds } }],
},
include: {
organization: {
select: { id: true, name: true },
},
user: {
select: {
user_id: true,
github_username: true,
name: true,
email: true,
},
},
},
orderBy: { created_at: "desc" },
})
const posthog = PostHogClient()
posthog?.capture({
distinctId: userId,
properties: { username: session.nickname },
event: "webapp-loaded-api-keys",
})
await posthog?.flush()
return (
<div>
<h3 className="scroll-m-20 text-2xl font-semibold tracking-tight max-w-full pb-1">
API Keys
</h3>
<Separator />
{apiKeys.length === 0 ? (
<>
<p className="leading-7 mt-6">
Welcome! Check out the{" "}
<a
href="https://docs.codeflash.ai/getting-started/local-installation"
target="_blank"
className="underline"
>
Getting Started
</a>{" "}
docs, or create your first API key below to start using Codeflash.
</p>
<p>
For help with setting up Codeflash on your codebase, please check out the Docs or{" "}
<a
href="https://calendly.com/codeflash-saurabh/codeflash-setup"
target="_blank"
className="underline"
>
book a call
</a>{" "}
with the founder.
</p>
</>
) : (
<>
{" "}
<p className="leading-7 mt-6">
These API keys are used to authenticate your requests to Codeflash&apos;s AI services.
</p>
<ApiKeyTable apiKeys={apiKeys} vscodeKeyName={VS_CODE_KEY_NAME} currentUserId={userId} />{" "}
</>
)}
<CreateApiKeyDialog />
</div>
)
}
Reference in a new issue View git blame Copy permalink