Module: BetterAuth::APIKey::Adapter

Defined in:

lib/better_auth/api_key/adapter.rb

Constant Summary

HASH_STORAGE_PREFIX =

"api-key:"

ID_STORAGE_PREFIX =

"api-key:by-id:"

REFERENCE_STORAGE_PREFIX =

"api-key:by-ref:"

Class Method Summary

• .batch(storage_instance, &block) ⇒ Object
• .delete(ctx, record, config) ⇒ Object
• .delete_record(ctx, record, config) ⇒ Object
• .deserialize_record(record) ⇒ Object
• .find_by_hash(ctx, hashed, config) ⇒ Object
• .find_by_id(ctx, id, config) ⇒ Object
• .get(ctx, key, config) ⇒ Object
• .list_for_reference(ctx, reference_id, config) ⇒ Object
• .migrate_legacy_metadata(ctx, record, config) ⇒ Object
• .populate_reference(ctx, reference_id, records, config) ⇒ Object
• .ref_list_add(storage_instance, reference_key, id) ⇒ Object
• .ref_list_remove(storage_instance, reference_key, id) ⇒ Object
• .safe_parse_id_list(raw) ⇒ Object
• .schedule_record_delete(ctx, record, config) ⇒ Object
• .set(ctx, record, config) ⇒ Object
• .storage(config, context = nil) ⇒ Object
• .storage_key_by_hash(hashed_key) ⇒ Object
• .storage_key_by_id(id) ⇒ Object
• .storage_key_by_reference(reference_id) ⇒ Object
• .storage_record(record) ⇒ Object
• .store(ctx, data, config) ⇒ Object
• .update_record(ctx, record, update, config, defer: false) ⇒ Object

Class Method Details

.batch(storage_instance, &block) ⇒ Object

# File 'lib/better_auth/api_key/adapter.rb', line 208

def batch(storage_instance, &block)
  if storage_instance.respond_to?(:batch)
    storage_instance.batch(&block)
  else
    block.call
  end
end

.delete(ctx, record, config) ⇒ Object

# File 'lib/better_auth/api_key/adapter.rb', line 164

def delete(ctx, record, config)
  storage_instance = storage(config, ctx.context)
  return unless storage_instance

  reference_id = BetterAuth::Plugins.api_key_record_reference_id(record)
  reference_key = storage_key_by_reference(reference_id)

  batch(storage_instance) do
    operations = [
      -> { storage_instance.delete(storage_key_by_hash(record["key"])) },
      -> { storage_instance.delete(storage_key_by_id(record["id"])) },
      # Ruby-only legacy storage layout cleanup; upstream never wrote here.
      -> { storage_instance.delete("api-key:key:#{record["key"]}") },
      -> { storage_instance.delete("api-key:id:#{record["id"]}") }
    ]
    operations << if config[:fallback_to_database]
      -> { storage_instance.delete(reference_key) }
    else
      -> { ref_list_remove(storage_instance, reference_key, record["id"]) }
    end
    operations.each(&:call)
  end
end

.delete_record(ctx, record, config) ⇒ Object

# File 'lib/better_auth/api_key/adapter.rb', line 98

def delete_record(ctx, record, config)
  ctx.context.adapter.delete(model: BetterAuth::Plugins::API_KEY_TABLE_NAME, where: [{field: "id", value: record["id"]}]) if config[:storage] == "database" || config[:fallback_to_database]
  delete(ctx, record, config) if config[:storage] == "secondary-storage"
end

.deserialize_record(record) ⇒ Object

# File 'lib/better_auth/api_key/adapter.rb', line 237

def deserialize_record(record)
  %w[createdAt updatedAt expiresAt lastRefillAt lastRequest].each do |field|
    record[field] = BetterAuth::APIKey::Utils.normalize_time(record[field]) if record[field]
  end
  record
end

.find_by_hash(ctx, hashed, config) ⇒ Object

# File 'lib/better_auth/api_key/adapter.rb', line 38

def find_by_hash(ctx, hashed, config)
  if config[:storage] == "secondary-storage"
    record = get(ctx, storage_key_by_hash(hashed), config) || get(ctx, "api-key:key:#{hashed}", config)
    return record if record
    return nil unless config[:fallback_to_database]
  end
  record = ctx.context.adapter.find_one(model: BetterAuth::Plugins::API_KEY_TABLE_NAME, where: [{field: "key", value: hashed}])
  set(ctx, record, config) if record && config[:storage] == "secondary-storage" && config[:fallback_to_database]
  record
end

.find_by_id(ctx, id, config) ⇒ Object

# File 'lib/better_auth/api_key/adapter.rb', line 49

def find_by_id(ctx, id, config)
  if config[:storage] == "secondary-storage"
    record = get(ctx, storage_key_by_id(id), config) || get(ctx, "api-key:id:#{id}", config)
    return record if record
    return nil unless config[:fallback_to_database]
  end
  record = ctx.context.adapter.find_one(model: BetterAuth::Plugins::API_KEY_TABLE_NAME, where: [{field: "id", value: id}])
  set(ctx, record, config) if record && config[:storage] == "secondary-storage" && config[:fallback_to_database]
  record
end

.get(ctx, key, config) ⇒ Object

# File 'lib/better_auth/api_key/adapter.rb', line 131

def get(ctx, key, config)
  raw = storage(config, ctx.context)&.get(key)
  raw && deserialize_record(JSON.parse(raw))
rescue JSON::ParserError
  nil
end

.list_for_reference(ctx, reference_id, config) ⇒ Object

# File 'lib/better_auth/api_key/adapter.rb', line 60

def list_for_reference(ctx, reference_id, config)
  if config[:storage] == "secondary-storage"
    begin
      storage_instance = storage(config, ctx.context)
      ids = JSON.parse((storage_instance&.get(storage_key_by_reference(reference_id)) || storage_instance&.get("api-key:user:#{reference_id}")).to_s)
      records = ids.filter_map { |id| find_by_id(ctx, id, config) }
      return records unless records.empty? && config[:fallback_to_database]
    rescue JSON::ParserError, NoMethodError
      return [] unless config[:fallback_to_database]
    end
  end
  records = ctx.context.adapter.find_many(model: BetterAuth::Plugins::API_KEY_TABLE_NAME, where: [{field: "referenceId", value: reference_id}])
  legacy = ctx.context.adapter.find_many(model: BetterAuth::Plugins::API_KEY_TABLE_NAME, where: [{field: "userId", value: reference_id}])
  combined = (records + legacy).uniq { |record| record["id"] }
  populate_reference(ctx, reference_id, combined, config) if config[:storage] == "secondary-storage" && config[:fallback_to_database]
  combined
end

.migrate_legacy_metadata(ctx, record, config) ⇒ Object

# File 'lib/better_auth/api_key/adapter.rb', line 112

def migrate_legacy_metadata(ctx, record, config)
  parsed = BetterAuth::APIKey::Utils.decode_json(record["metadata"])
  return record unless parsed.is_a?(Hash)

  encoded = BetterAuth::APIKey::Utils.encode_json(parsed)
  return record.merge("metadata" => encoded) if record["metadata"] == encoded

  updated = record.merge("metadata" => encoded)
  if config[:storage] == "database" || config[:fallback_to_database]
    ctx.context.adapter.update(model: BetterAuth::Plugins::API_KEY_TABLE_NAME, where: [{field: "id", value: record["id"]}], update: {metadata: encoded})
  end
  set(ctx, updated, config) if config[:storage] == "secondary-storage"
  updated
end

.populate_reference(ctx, reference_id, records, config) ⇒ Object

# File 'lib/better_auth/api_key/adapter.rb', line 216

def populate_reference(ctx, reference_id, records, config)
  storage_instance = storage(config, ctx.context)
  return unless storage_instance

  ids = []
  records.each do |record|
    serialized = JSON.generate(storage_record(record))
    expires_at = BetterAuth::APIKey::Utils.normalize_time(record["expiresAt"])
    ttl = expires_at ? [(expires_at - Time.now).to_i, 0].max : nil
    storage_instance.set(storage_key_by_hash(record["key"]), serialized, ttl)
    storage_instance.set(storage_key_by_id(record["id"]), serialized, ttl)
    ids << record["id"]
  end
  reference_key = storage_key_by_reference(reference_id)
  ids.empty? ? storage_instance.delete(reference_key) : storage_instance.set(reference_key, JSON.generate(ids))
end

.ref_list_add(storage_instance, reference_key, id) ⇒ Object

# File 'lib/better_auth/api_key/adapter.rb', line 188

def ref_list_add(storage_instance, reference_key, id)
  ids = safe_parse_id_list(storage_instance.get(reference_key))
  ids << id unless ids.include?(id)
  storage_instance.set(reference_key, JSON.generate(ids))
end

.ref_list_remove(storage_instance, reference_key, id) ⇒ Object

# File 'lib/better_auth/api_key/adapter.rb', line 194

def ref_list_remove(storage_instance, reference_key, id)
  ids = safe_parse_id_list(storage_instance.get(reference_key)).reject { |existing| existing == id }
  ids.empty? ? storage_instance.delete(reference_key) : storage_instance.set(reference_key, JSON.generate(ids))
end

.safe_parse_id_list(raw) ⇒ Object

# File 'lib/better_auth/api_key/adapter.rb', line 199

def safe_parse_id_list(raw)
  return [] if raw.nil?

  parsed = JSON.parse(raw.to_s)
  parsed.is_a?(Array) ? parsed : []
rescue JSON::ParserError
  []
end

.schedule_record_delete(ctx, record, config) ⇒ Object

# File 'lib/better_auth/api_key/adapter.rb', line 103

def schedule_record_delete(ctx, record, config)
  task = -> { delete_record(ctx, record, config) }
  if config[:defer_updates] && BetterAuth::APIKey::Utils.background_tasks?(ctx)
    ctx.context.run_in_background(task)
  else
    task.call
  end
end

.set(ctx, record, config) ⇒ Object

# File 'lib/better_auth/api_key/adapter.rb', line 138

def set(ctx, record, config)
  storage_instance = storage(config, ctx.context)
  unless storage_instance
    raise BetterAuth::APIError.new("INTERNAL_SERVER_ERROR", message: "Secondary storage is required when storage mode is 'secondary-storage'")
  end

  serialized = JSON.generate(storage_record(record))
  expires_at = BetterAuth::APIKey::Utils.normalize_time(record["expiresAt"])
  ttl = expires_at ? [(expires_at - Time.now).to_i, 0].max : nil
  reference_id = BetterAuth::Plugins.api_key_record_reference_id(record)
  reference_key = storage_key_by_reference(reference_id)

  batch(storage_instance) do
    operations = [
      -> { storage_instance.set(storage_key_by_hash(record["key"]), serialized, ttl) },
      -> { storage_instance.set(storage_key_by_id(record["id"]), serialized, ttl) }
    ]
    operations << if config[:fallback_to_database]
      -> { storage_instance.delete(reference_key) }
    else
      -> { ref_list_add(storage_instance, reference_key, record["id"]) }
    end
    operations.each(&:call)
  end
end

.storage(config, context = nil) ⇒ Object

# File 'lib/better_auth/api_key/adapter.rb', line 127

def storage(config, context = nil)
  config[:custom_storage] || context&.options&.secondary_storage
end

.storage_key_by_hash(hashed_key) ⇒ Object

# File 'lib/better_auth/api_key/adapter.rb', line 16

def storage_key_by_hash(hashed_key)
  "#{HASH_STORAGE_PREFIX}#{hashed_key}"
end

.storage_key_by_id(id) ⇒ Object

# File 'lib/better_auth/api_key/adapter.rb', line 20

def storage_key_by_id(id)
  "#{ID_STORAGE_PREFIX}#{id}"
end

.storage_key_by_reference(reference_id) ⇒ Object

# File 'lib/better_auth/api_key/adapter.rb', line 24

def storage_key_by_reference(reference_id)
  "#{REFERENCE_STORAGE_PREFIX}#{reference_id}"
end

.storage_record(record) ⇒ Object

# File 'lib/better_auth/api_key/adapter.rb', line 233

def storage_record(record)
  record.transform_values { |value| value.is_a?(Time) ? value.iso8601 : value }
end

.store(ctx, data, config) ⇒ Object

# File 'lib/better_auth/api_key/adapter.rb', line 28

def store(ctx, data, config)
  record = nil
  if config[:storage] == "database" || config[:fallback_to_database]
    record = ctx.context.adapter.create(model: BetterAuth::Plugins::API_KEY_TABLE_NAME, data: data)
  end
  record ||= data.transform_keys { |key| BetterAuth::Schema.storage_key(key) }.merge("id" => SecureRandom.hex(16))
  set(ctx, record, config) if config[:storage] == "secondary-storage"
  record
end

.update_record(ctx, record, update, config, defer: false) ⇒ Object

# File 'lib/better_auth/api_key/adapter.rb', line 78

def update_record(ctx, record, update, config, defer: false)
  performer = lambda do
    updated = nil
    if config[:storage] == "database" || config[:fallback_to_database]
      updated = ctx.context.adapter.update(model: BetterAuth::Plugins::API_KEY_TABLE_NAME, where: [{field: "id", value: record["id"]}], update: update)
    end
    updated ||= record.merge(update.transform_keys { |key| BetterAuth::Schema.storage_key(key) })
    set(ctx, updated, config) if config[:storage] == "secondary-storage"
    updated
  end

  if defer && config[:defer_updates] && BetterAuth::Plugins.api_key_background_tasks?(ctx)
    scheduled = record.merge(update.transform_keys { |key| BetterAuth::Schema.storage_key(key) })
    ctx.context.run_in_background(performer)
    scheduled
  else
    performer.call
  end
end