fix: Missing plan check and ip whitelist parsing (#2379)

* fix: Missing plan check and ip whitelist parsing

* fix: adjust tests for ipwhitelist

* fix: Rename error code

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* fix: ipwhitelist via features vs enterprise plan

* fix: invert condition

* chore: add cache log

* fix: ensure workspace is loaded (#2470)

* chore: more logging and retries (#2475)

* Update 7_create_a_template.md (#2471)

* increase override limit

* Update create-new-override.tsx

* fix: Enhance API Key Detail Page: Change Permissions Visualization to Tree Format (#2238)

* fix:changed the permission view

* fixed issue comments

* [autofix.ci] apply automated fixes

* removed font

---------

Co-authored-by: Andreas Thomas <[email protected]>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

* fix: show shallow permissions followed by nested in alphabetical order (#2273)

* fix: show shallow permissions followed by nested in alphabetical order

* fix: correct the sorting of nested permissions top level keys

* [autofix.ci] apply automated fixes

---------

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

* Add Template to Markdown (#2362)

Co-authored-by: Andreas Thomas <[email protected]>

* fix: retry on any error with disabled cache

---------

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: chronark <[email protected]>
Co-authored-by: Chirag Arora <[email protected]>
Co-authored-by: RajuGangitla <[email protected]>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Anne Deepa Prasanna <[email protected]>
Co-authored-by: djnovin <[email protected]>

apps/api/src/pkg/keys/service.ts

@@ -57,7 +57,11 @@ type InvalidResponse = {
     | "DISABLED"
     | "INSUFFICIENT_PERMISSIONS";
   key: Key;
-  identity: { id: string; externalId: string; meta: Record<string, unknown> | null } | null;
+  identity: {
+    id: string;
+    externalId: string;
+    meta: Record<string, unknown> | null;
+  } | null;
   api: Api;
   ratelimit?: {
     remaining: number;
@@ -73,7 +77,11 @@ type ValidResponse = {
   code?: never;
   valid: true;
   key: Key;
-  identity: { id: string; externalId: string; meta: Record<string, unknown> | null } | null;
+  identity: {
+    id: string;
+    externalId: string;
+    meta: Record<string, unknown> | null;
+  } | null;
   api: Api;
   ratelimit?: {
     remaining: number;
@@ -451,6 +459,7 @@ export class KeyService {
 
     if (data.api.ipWhitelist) {
       const ip = c.req.header("True-Client-IP") ?? c.req.header("CF-Connecting-IP");
+
       if (!ip) {
         return Ok({
           key: data.key,
@@ -461,7 +470,8 @@ export class KeyService {
           permissions: data.permissions,
         });
       }
-      const ipWhitelist = JSON.parse(data.api.ipWhitelist) as string[];
+
+      const ipWhitelist = data.api.ipWhitelist.split(",").map((s) => s.trim());
       if (!ipWhitelist.includes(ip)) {
         return Ok({
           key: data.key,

apps/api/src/routes/legacy_keys_verifyKey.test.ts

@@ -129,7 +129,7 @@ describe("with ip whitelist", () => {
         name: "test",
         authType: "key",
         keyAuthId: keyAuthId,
-        ipWhitelist: JSON.stringify(["100.100.100.100"]),
+        ipWhitelist: ["100.100.100.100"].join(","),
         createdAt: new Date(),
         deletedAt: null,
       });
@@ -177,7 +177,7 @@ describe("with ip whitelist", () => {
         name: "test",
         authType: "key",
         keyAuthId: keyAuthid,
-        ipWhitelist: JSON.stringify(["100.100.100.100"]),
+        ipWhitelist: ["100.100.100.100"].join(","),
         createdAt: new Date(),
         deletedAt: null,
       });

apps/api/src/routes/v1_apis_getApi.happy.test.ts

@@ -31,7 +31,7 @@ test("with ip whitelist", async (t) => {
     id: newId("api"),
     name: "with ip whitelist",
     workspaceId: h.resources.userWorkspace.id,
-    ipWhitelist: JSON.stringify(["127.0.0.1"]),
+    ipWhitelist: ["127.0.0.1"].join(","),
     createdAt: new Date(),
     deletedAt: null,
   };

apps/api/src/routes/v1_keys_verifyKey.test.ts

@@ -349,6 +349,7 @@ describe("when ratelimited", () => {
     expect(res.body.identity!.externalId).toEqual(externalId);
   });
 });
+
 describe("with ratelimit override", () => {
   test("deducts the correct number of tokens", { timeout: 20000 }, async (t) => {
     const h = await IntegrationHarness.init(t);
@@ -517,7 +518,7 @@ describe("with ip whitelist", () => {
         name: "test",
         authType: "key",
         keyAuthId: keyAuthId,
-        ipWhitelist: JSON.stringify(["100.100.100.100"]),
+        ipWhitelist: ["100.100.100.100"].join(","),
         createdAt: new Date(),
       });
 
@@ -565,7 +566,7 @@ describe("with ip whitelist", () => {
           name: "test",
           authType: "key",
           keyAuthId: keyAuthid,
-          ipWhitelist: JSON.stringify(["100.100.100.100"]),
+          ipWhitelist: ["100.100.100.100"].join(","),
           createdAt: new Date(),
         });
 

apps/dashboard/app/(app)/apis/[apiId]/settings/page.tsx

@@ -34,6 +34,7 @@ export default async function SettingsPage(props: Props) {
   if (!workspace || workspace.tenantId !== tenantId) {
     return redirect("/new");
   }
+
   const api = workspace.apis.find((api) => api.id === props.params.apiId);
   if (!api) {
     return notFound();

apps/dashboard/app/(app)/apis/[apiId]/settings/update-ip-whitelist.tsx

@@ -30,7 +30,7 @@ const formSchema = z.object({
 
 type Props = {
   workspace: {
-    plan: Workspace["plan"];
+    features: Workspace["features"];
   };
   api: {
     id: string;
@@ -42,7 +42,7 @@ type Props = {
 
 export const UpdateIpWhitelist: React.FC<Props> = ({ api, workspace }) => {
   const router = useRouter();
-  const isEnabled = workspace.plan === "enterprise";
+  const isEnabled = workspace.features.ipWhitelist;
 
   const form = useForm<z.infer<typeof formSchema>>({
     resolver: zodResolver(formSchema),
@@ -79,7 +79,7 @@ export const UpdateIpWhitelist: React.FC<Props> = ({ api, workspace }) => {
           </CardDescription>
         </CardHeader>
         <CardContent>
-          {workspace.plan === "enterprise" ? (
+          {isEnabled ? (
             <div className="flex flex-col space-y-2">
               <input type="hidden" name="workspaceId" value={api.workspaceId} />
               <input type="hidden" name="apiId" value={api.id} />

apps/dashboard/lib/trpc/routers/api/updateIpWhitelist.ts

@@ -43,14 +43,27 @@ export const updateApiIpWhitelist = rateLimitedProcedure(ratelimit.update)
             "We are unable to update the API whitelist. Please try again or contact [email protected]",
         });
       });
-    if (!api || api.workspace.tenantId !== ctx.tenant.id) {
+
+    if (
+      !api ||
+      api.workspace.tenantId !== ctx.tenant.id ||
+      input.workspaceId !== api.workspace.id
+    ) {
       throw new TRPCError({
         code: "NOT_FOUND",
         message:
           "We are unable to find the correct API. Please try again or contact [email protected].",
       });
     }
 
+    if (!api.workspace.features.ipWhitelist) {
+      throw new TRPCError({
+        code: "FORBIDDEN",
+        message:
+          "IP Whitelisting is only available for enterprise plans. Please contact [email protected].",
+      });
+    }
+
     const newIpWhitelist = input.ipWhitelist === null ? null : input.ipWhitelist.join(",");
 
     await db
@@ -68,6 +81,7 @@ export const updateApiIpWhitelist = rateLimitedProcedure(ratelimit.update)
                 "We are unable to update the API whitelist. Please try again or contact [email protected]",
             });
           });
+
         await insertAuditLogs(tx, {
           workspaceId: api.workspace.id,
           actor: {