* feat: API-key plugin
* add: `deleteAllExpiredApiKeys` functionality
* fix: fetching sessions from headers
* update: types & create-api-key now checks for min & max expiresIn values
* tests: Started working on tests
* add: features
- added list functionality
- added min & max prefix length
- added min & max name length
- added metadata enable/disable option
- added `disableSessionForAPIKeys` option
- verify API key now checks for expiration & refills
- added regex to check prefix of api key
* fix: create-api-key's expiration using `/` instead of `*`
* update: schema `metadata` transforms invalid values as `null`
* fix: create-api-key metadata should go through transformation
* fix: missing metadata wouldn't have `'null'` as value
* update: error types
* fix: remove console.logs from verify
* fix: rate-limit not working
* fix: rate-limit plugin options types
* chore: remove logs
* update: removed `key` field from result apiKey type of the update-api-key endpoint
* fix: typo
* update: create & update if checks
- create now checks if custom expiration times are allowed
- update now allows name values & checks if name is within length range
- update now also checks for custom expiration times are allowed
* update(WIP): tests
* fix: added the missing error throw when there is no values to update
* fix: update-api-key checks expiresIn in days, not ms
- also updated create-api-key & update-api-key to have more detailed event logging
* fix: update api key's remaining count's min & max checks
- also added more detail to the events
* fix: update-api-key can now update refillInterval & refillAmount properly
* fix: metadata in update-api-key transforms between string & obj correctly
* add: all of the `update` tests
* update: get-api-key metadata is now obj instead of string
* add: listApiKeys functionality
* fix: get-session to use mock session based on header API keys
* update: tests to test against get-session, get-api-key, and list-api-key
* add: `start` field to show the first few characters of an API key
* fix: very silly mistake
* update: tests to validate `start` property
* update: create-api-key checks if properties are set from server & allows for custom rate-limit rules
- also updated tests to check against this
* update: verify-api-key to check if a row has the right user-id
- this also should speed up the DB process too. (I'm pretty sure)
* update: `delete-all-expired-api-keys` endpoint added & updated list-api-keys endpoint function name
* add: customAPIKeyValidator fn, and fixed verification `remaining` and `lastRefillAt` values updating DB incorrectly
* update: documentation
* add: rate-limiting enable/disable on a per-key level
* update: docs
* fix: correct expiration time units and improve error messages in API key handling
* fix: allow creating apiKeys by providing userId on the server
* fix: user userId instead of headers to differ server vs client calls on create api key
* wip
* fix: JSDoc comment
* fix: tests not passing due to invalid expiresIn value
Since the expiresIn got changed from `ms` to `sec`, this needed to be changed as well.
* wip
* fix(api-key): update tests and error messages for API key verification
* fix(api-key): update API key fixes
* refactor tests and remove events
* refactor(api-key): remove unused event handling and clean up type definitions
* add: minimum values to `create-api-key` numeric input options
* fix: remove `opts.events` in delete-api-key route
* refactor: all returning routes which can contain `key`
- more performant
- better typed
- cleaner code
:D
* update: added minimum values to update-api-key endpoint as well
* fix: removed `maximumRemaining` & `minimumRemaining` default values in `opts`
* docs: ready (unless I make minor adjustments later) 🫡
* fix(docs): links & invalid code examples
* fix: output transform of metadata to use ParseJSON
* fix: tests failing due to async metadata transform output
* fix: return types for verify-api-key endpoint
* fix: tests failing due to invalid expiresIn minimum value
* docs: reorder sidebar items for API Key
* wip
* docs(api-key): enhance documentation with permissions and usage details
- Updated API key documentation with comprehensive permissions explanation
- Added examples for setting default permissions, creating, verifying, and updating API keys with permissions
- Clarified API key creation, verification, and update processes
- Improved code examples and descriptions for better understanding
* chore: lint
* fix(docs): incorrect wording / explanation on refillInterval/refillAmount
* add(docs): missing permissions info in docs
---------
Co-authored-by: Bereket Engida <bekacru@gmail.com>
* add option to create a otp
* add description
* use tabs instead of spaces
* rename create to generate and replace all uses fo generateRandomString
* remove length
* fix type in forgot-password
* add generateOTP option and tests for email OTP functionality
---------
Co-authored-by: Bereket Engida <bekacru@gmail.com>
docs/concepts/cookies:
- updated the `Cross Subdomain Cookies` section with missing details and additional information to make subdomain cookies work
docs/reference/security:
- updated the `Cookies` section with corrected attribute and option names
