Skip to content

fix: validate API key prefixes before creation#64

Merged
AminDhouib merged 3 commits into
canaryfrom
port/upr-4629
Jul 15, 2026
Merged

fix: validate API key prefixes before creation#64
AminDhouib merged 3 commits into
canaryfrom
port/upr-4629

Conversation

@AminDhouib

@AminDhouib AminDhouib commented Jul 12, 2026

Copy link
Copy Markdown
Member

Ports Dokploy#4629 by @KirillYarkov (2 commits, cherry-picked with -x, original authorship preserved).

What / why

Hardening of the API-key creation path. The user-supplied key prefix previously flowed unvalidated into auth.createApiKey; malformed prefixes could produce broken/confusing API keys and opaque creation failures.

  • Router layer (apps/dokploy/server/api/routers/user.ts): zod schema trims the prefix, converts empty string to undefined, and enforces ^[A-Za-z0-9_-]+$ (ASCII letters, numbers, underscore, hyphen).
  • Service layer (packages/server/src/services/user.ts): normalizeApiKeyPrefix() re-validates defensively and throws TRPCError(BAD_REQUEST) — protection holds even for callers that bypass the router schema.
  • UI (add-api-key.tsx + new api-key-errors.ts): API-key creation errors (including the prefix validation message) are now surfaced to the user instead of a generic failure.

Adaptations

None — both commits applied cleanly onto fork canary.

Test evidence

  • vitest run __test__/user/create-api-key.test.ts __test__/user/create-api-key-errors.test.ts: 14/14 passed (Windows local).
  • pnpm --filter=dokploy run typecheck: clean.

Overlap notes

No file overlap with open fork PRs #36/#58 or with the other salvo-2 M2 ports.

@AminDhouib AminDhouib merged commit 6459242 into canary Jul 15, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants