PR for Issue#332 [BE: API key & code snippet]

backend/.env

@@ -13,6 +13,9 @@ EMAIL_ENABLE=false
 # JWT Secret Key
 JWT_SECRET="NKrbO2lpCsOpVAlqAPsjZ0tZXzIoKru7gAmYZ7XlHn0=qqwqeq"
 
+# API KEY ENCRYPTION SECRET KEY
+API_KEY_ENCRYPTION_KEY="\wd?jqf7o5*v;[{/s$9_u3`h+i4r2(^ymt'#|kn-@~!x1ea6pb"
+
 TEST_DB_USERNAME=user123
 TEST_DB_PASSWORD=password123
 TEST_DB_NAME=onboarding_db_test

backend/.env.production

@@ -9,3 +9,6 @@ PROD_DB_PORT=5432
 
 # JWT Secret Key
 JWT_SECRET=your_prod_jwt_secret_key_here
+
+# API KEY ENCRYPTION SECRET KEY
+API_KEY_ENCRYPTION_KEY=your_prod_api_key_encryption_key_here

backend/.env.test

@@ -13,3 +13,6 @@ POSTGRES_DB=onboarding_db_test
 
 # JWT Secret Key
 JWT_SECRET=your_test_jwt_secret_key_here
+
+# API KEY ENCRYPTION SECRET KEY
+API_KEY_ENCRYPTION_KEY=your_prod_api_key_encryption_key_here

backend/config/settings.js

@@ -23,6 +23,7 @@ module.exports = {
       popups: [userRole.ADMIN],
       hints: [userRole.ADMIN],
       banners: [userRole.ADMIN],
+      serverUrlAndApiKey: [userRole.ADMIN],
       links: [userRole.ADMIN],
       tours: [userRole.ADMIN],
       helpers: [userRole.ADMIN],

backend/migrations/20241115084356-api_key_server_url_cols_teams_rel.js

@@ -0,0 +1,21 @@
+'use strict';
+
+module.exports = {
+  async up (queryInterface, Sequelize) {
+    await queryInterface.addColumn('teams', 'apiKey', {
+      type: Sequelize.TEXT,
+      allowNull: true,
+      defaultValue: null,
+    })
+    await queryInterface.addColumn('teams', 'serverUrl', {
+      type: Sequelize.TEXT,
+      allowNull: true,
+      defaultValue: null,
+    })
+  },
+
+  async down (queryInterface, Sequelize) {
+    await queryInterface.removeColumn('teams', 'apiKey')
+    await queryInterface.removeColumn('teams', 'serverUrl')
+  }
+};

backend/src/controllers/team.controller.js

@@ -1,8 +1,10 @@
 const settings = require("../../config/settings");
 const TeamService = require("../service/team.service");
 const { internalServerError } = require("../utils/errors.helper");
-const { MAX_ORG_NAME_LENGTH, ORG_NAME_REGEX } = require('../utils/constants.helper');
+const { MAX_ORG_NAME_LENGTH, ORG_NAME_REGEX, VALID_URL_REGEX } = require('../utils/constants.helper');
 const db = require("../models");
+const { decryptApiKey, encryptApiKey } = require("../utils/team.helper");
+const { validationResult } = require("express-validator");
 
 const Team = db.Team;
 const teamService = new TeamService();
@@ -61,21 +63,39 @@ const getTeamCount = async (req, res) => {
   }
 };
 
+const getServerUrlAndApiKey = async (req, res) => {
+  try {
+    let { serverUrl, apiKey } = await teamService.fetchServerUrlAndApiKey();
+    apiKey = decryptApiKey(apiKey);
+    const data = {
+      serverUrl,
+      apiKey
+    }
+    return res.status(200).json(data);
+  } catch (err) {
+    const { statusCode, payload } = internalServerError(
+      "GET_SERVER_URL_AND_API_KEY_ERROR",
+      err.message
+    );
+    res.status(statusCode).json(payload);
+  }
+};
+
 const getTeamDetails = async (req, res) => {
   try {
     const data = await teamService.getTeam();
     if (!data || !data.team || !data.users) {
       throw new Error("Team data not found");
     }
     const result = {
-        name: data.team.name,
-        users: data.users.map((user)=> ({
-            id: user.id,
-            name: user.name,
-            email: user.email,
-            role: settings.user.roleName[user.role],
-            createdAt: new Intl.DateTimeFormat('en-US').format(user.createdAt)
-        })),
+      name: data.team.name,
+      users: data.users.map((user) => ({
+        id: user.id,
+        name: user.name,
+        email: user.email,
+        role: settings.user.roleName[user.role],
+        createdAt: new Intl.DateTimeFormat('en-US').format(user.createdAt)
+      })),
     }
     return res.status(200).json(result);
   } catch (err) {
@@ -88,19 +108,41 @@ const getTeamDetails = async (req, res) => {
 };
 
 const updateTeamDetails = async (req, res) => {
-    const { name } = req.body;
-    try {
-      await teamService.updateTeam(name);
-      return res.status(200).json({ message: "Team Details Updated Successfully" });
-    } catch (err) {
-      const { statusCode, payload } = internalServerError(
-        "UPDATE_TEAM_ERROR",
-        err.message,
-      );
-      res.status(statusCode).json(payload);
-    }
+  const { name } = req.body;
+  try {
+    await teamService.updateTeam(name);
+    return res.status(200).json({ message: "Team Details Updated Successfully" });
+  } catch (err) {
+    const { statusCode, payload } = internalServerError(
+      "UPDATE_TEAM_ERROR",
+      err.message,
+    );
+    res.status(statusCode).json(payload);
+  }
 };
 
+const setConfig = async (req, res) => {
+  const validationErrors = validationResult(req);
+
+  if (!validationErrors.isEmpty()) {
+    return res.status(400).json({ errors: validationErrors.array() });
+  }
+
+  try {
+    const { serverUrl, apiKey } = req.body;
+    const encryptedApiKey = encryptApiKey(apiKey);
+
+    await teamService.addServerUrlAndApiKey(serverUrl, encryptedApiKey);
+    return res.status(200).json({ message: "Server URL and API Key Set Successfully" });
+  } catch (err) {
+    const { statusCode, payload } = internalServerError(
+      "SET_CONFIG_ERROR",
+      err.message
+    )
+    res.status(statusCode).json(payload);
+  }
+}
+
 const removeMember = async (req, res) => {
   const userId = req.user.id;
   const { memberId } = req.params;
@@ -130,4 +172,4 @@ const changeRole = async (req, res) => {
   }
 }
 
-module.exports = { setOrganisation, getTeamDetails, updateTeamDetails, removeMember, changeRole, getTeamCount, teamService };
+module.exports = { setOrganisation, getTeamDetails, getServerUrlAndApiKey, updateTeamDetails, removeMember, changeRole, getTeamCount, setConfig, teamService };

backend/src/models/Team.js

@@ -11,6 +11,16 @@ module.exports = (sequelize, DataTypes) => {
           type: DataTypes.STRING(50),
           allowNull: false,
         },
+        apiKey: {
+          type: DataTypes.TEXT,
+          allowNull: true,
+          defaultValue: null,
+        },
+        serverUrl: {
+          type: DataTypes.TEXT,
+          allowNull: true,
+          defaultValue: null,
+        },
         createdAt: {
           type: DataTypes.DATE,
           allowNull: false,

backend/src/routes/team.routes.js

@@ -1,7 +1,9 @@
 const express = require("express");
 const { 
   setOrganisation,
+  setConfig,
   getTeamDetails,
+  getServerUrlAndApiKey,
   getTeamCount,
   updateTeamDetails, 
   removeMember, 
@@ -14,17 +16,20 @@ const {
 const authenticateJWT = require("../middleware/auth.middleware");
 const accessGuard = require("../middleware/accessGuard.middleware");
 const settings = require("../../config/settings");
+const { validateSetConfig } = require("../utils/team.helper");
 
 const router = express.Router();
 const teamPermissions = settings.team.permissions;
 
 router.get("/details", authenticateJWT, getTeamDetails);
+router.get('/get-config', authenticateJWT, accessGuard(teamPermissions.serverUrlAndApiKey), getServerUrlAndApiKey);
 router.get("/count", getTeamCount);
 
 router.post("/set-organisation", authenticateJWT, accessGuard(teamPermissions.setOrg), setOrganisation);
 router.post("/invite", authenticateJWT, accessGuard(teamPermissions.invite), sendTeamInvite);
 router.put("/update", authenticateJWT, accessGuard(teamPermissions.update), updateTeamDetails);
 router.put("/change-role", authenticateJWT, accessGuard(teamPermissions.changeRole), changeRole);
+router.put('/set-config', authenticateJWT, accessGuard(teamPermissions.serverUrlAndApiKey), validateSetConfig, setConfig);
 
 router.delete("/remove/:memberId", authenticateJWT, accessGuard(teamPermissions.removeUser), removeMember);
 router.get('/get-all-invites', authenticateJWT, accessGuard(teamPermissions.removeUser), getAllInvites);

backend/src/service/team.service.js

@@ -1,3 +1,4 @@
+const { where } = require("sequelize");
 const settings = require("../../config/settings");
 const db = require("../models");
 const Team = db.Team;
@@ -128,6 +129,37 @@ class TeamService {
             throw new Error(`Failed to update user role ~ ${err.message}`);
         }
     }
+
+    async addServerUrlAndApiKey(serverUrl, apiKey) {
+        const transaction = await sequelize.transaction();
+        try {
+            await Team.update({
+                serverUrl,
+                apiKey
+            }, {
+                where: {}
+            }, {
+                transaction
+            });
+            await transaction.commit();
+        } catch (err) {
+            await transaction.rollback();
+            throw new Error("Failed to add server url and api key");
+        }
+    }
+
+    async fetchServerUrlAndApiKey() {
+        try {
+            const team = await Team.findOne({
+                limit: 1,
+
+            });
+            const { serverUrl, apiKey } = team;
+            return { serverUrl, apiKey };
+        } catch (err) {
+            throw new Error("Failed to fetch server url and api key");
+        }
+    }
 }
 
 module.exports = TeamService;

backend/src/utils/constants.helper.js

@@ -11,5 +11,7 @@ module.exports = Object.freeze({
     },
     MAX_ORG_NAME_LENGTH: 100,
     ORG_NAME_REGEX: /^[a-zA-Z0-9\s\-_&.]+$/,
+    URL_PROTOCOL_REGEX: /^(https?:\/\/)/,
+    URL_DOMAIN_REGEX: /^https?:\/\/([a-zA-Z0-9.-]+\.[a-zA-Z]{2,})/,
   }); 
 

backend/src/utils/team.helper.js

@@ -0,0 +1,63 @@
+const jwt = require('jsonwebtoken');
+const { URL_PROTOCOL_REGEX, URL_DOMAIN_REGEX } = require('./constants.helper');
+const { check } = require('express-validator');
+
+require('dotenv').config();
+
+const encryptApiKey = (apiKey) => {
+  return jwt.sign(apiKey, process.env.API_KEY_ENCRYPTION_KEY);
+};
+
+const decryptApiKey = (apiKey) => {
+  try {
+    return jwt.verify(apiKey, process.env.API_KEY_ENCRYPTION_KEY);
+  } catch (err) {
+    return null;
+  }
+}
+
+const validateServerUrl = url => {
+  const errors = [];
+
+  if (!URL_PROTOCOL_REGEX.test(url)) {
+    errors.push("Invalid or missing protocol (must be 'http://' or 'https://').")
+  }
+
+  const domainMatch = url.match(URL_DOMAIN_REGEX);
+  if (!domainMatch) {
+    errors.push("Invalid domain name (must include a valid top-level domain like '.com').");
+  } else {
+    const domain = domainMatch[1];
+    if (!/^[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/.test(domain)) {
+      errors.push(`Malformed domain: '${domain}'.`);
+    }
+  }
+
+  if (errors.length === 0) {
+    return { valid: true, errors: null }
+  }
+
+  return { valid: false, errors }
+};
+
+const validateSetConfig = [
+  check('apiKey')
+    .exists().withMessage('API Key is required')
+    .isString().withMessage('API Key must be a string')
+    .trim()
+    .notEmpty().withMessage('API Key cannot be empty'),
+
+  check('serverUrl')
+    .optional()
+    .isString().withMessage('Server URL must be a string')
+    .trim()
+    .custom(value => {
+      const result = validateServerUrl(value);
+      if (result.valid) {
+        return true;
+      }
+      throw new Error(result.errors);
+    })
+];
+
+module.exports = { encryptApiKey, decryptApiKey, validateSetConfig };

frontend/dist/index.html

@@ -1,17 +1,17 @@
-<!doctype html>
-<html lang="en">
-
-    <head>
-        <meta charset="UTF-8" />
-        <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-        <title>Bluewave Onboarding</title>
-      <script type="module" crossorigin src="/assets/index-BZ7MeYpO.js"></script>
-      <link rel="stylesheet" crossorigin href="/assets/index-CpCaKGtQ.css">
-    </head>
-
-    <body>
-        <div id="root"></div>
-
-    </body>
-
+<!doctype html>
+<html lang="en">
+
+    <head>
+        <meta charset="UTF-8" />
+        <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+        <title>Bluewave Onboarding</title>
+      <script type="module" crossorigin src="/assets/index-BZ7MeYpO.js"></script>
+      <link rel="stylesheet" crossorigin href="/assets/index-CpCaKGtQ.css">
+    </head>
+
+    <body>
+        <div id="root"></div>
+
+    </body>
+
 </html>