mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 2 Wiki Activity
Files
0363a140980749c9ec8e4a91374eb73c8e3d93e6
stack/apps/api/src/app.module.ts
Jason Woltje 46d0a06ef5 feat(#356): Build credential CRUD API endpoints 
Implement comprehensive CRUD API for managing user credentials with encryption,
RLS, and audit logging following TDD methodology.

Features:
- POST /api/credentials - Create encrypted credential
- GET /api/credentials - List credentials (masked values only)
- GET /api/credentials/:id - Get single credential (masked)
- GET /api/credentials/:id/value - Decrypt plaintext (rate limited 10/min)
- PATCH /api/credentials/:id - Update metadata
- POST /api/credentials/:id/rotate - Rotate credential value
- DELETE /api/credentials/:id - Soft delete

Security:
- All values encrypted via VaultService (TransitKey.CREDENTIALS)
- List/Get endpoints NEVER return plaintext (only maskedValue)
- getValue endpoint rate limited to 10 requests/minute per user
- All operations audit-logged with CREDENTIAL_* ActivityAction
- RLS enforces per-user isolation via getRlsClient() pattern
- Input validation via class-validator DTOs

Testing:
- 26/26 unit tests passing
- 95.71% code coverage (exceeds 85% requirement)
  - Service: 95.16%
  - Controller: 100%
- TypeScript checks pass

Files created:
- apps/api/src/credentials/credentials.service.ts
- apps/api/src/credentials/credentials.service.spec.ts
- apps/api/src/credentials/credentials.controller.ts
- apps/api/src/credentials/credentials.controller.spec.ts
- apps/api/src/credentials/credentials.module.ts
- apps/api/src/credentials/dto/*.dto.ts (5 DTOs)

Files modified:
- apps/api/src/app.module.ts - imported CredentialsModule

Note: Admin credentials endpoints deferred to future issue. Current
implementation covers all user credential endpoints.

Refs #346
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-07 16:50:02 -06:00

121 lines
4.1 KiB
TypeScript
Raw Blame History

import { Module } from "@nestjs/common";
import { APP_INTERCEPTOR, APP_GUARD } from "@nestjs/core";
import { ThrottlerModule } from "@nestjs/throttler";
import { BullModule } from "@nestjs/bullmq";
import { ThrottlerValkeyStorageService, ThrottlerApiKeyGuard } from "./common/throttler";
import { CsrfGuard } from "./common/guards/csrf.guard";
import { CsrfService } from "./common/services/csrf.service";
import { AppController } from "./app.controller";
import { AppService } from "./app.service";
import { CsrfController } from "./common/controllers/csrf.controller";
import { PrismaModule } from "./prisma/prisma.module";
import { DatabaseModule } from "./database/database.module";
import { AuthModule } from "./auth/auth.module";
import { ActivityModule } from "./activity/activity.module";
import { TasksModule } from "./tasks/tasks.module";
import { EventsModule } from "./events/events.module";
import { ProjectsModule } from "./projects/projects.module";
import { DomainsModule } from "./domains/domains.module";
import { IdeasModule } from "./ideas/ideas.module";
import { WidgetsModule } from "./widgets/widgets.module";
import { LayoutsModule } from "./layouts/layouts.module";
import { KnowledgeModule } from "./knowledge/knowledge.module";
import { UsersModule } from "./users/users.module";
import { WebSocketModule } from "./websocket/websocket.module";
import { LlmModule } from "./llm/llm.module";
import { LlmUsageModule } from "./llm-usage/llm-usage.module";
import { BrainModule } from "./brain/brain.module";
import { CronModule } from "./cron/cron.module";
import { AgentTasksModule } from "./agent-tasks/agent-tasks.module";
import { ValkeyModule } from "./valkey/valkey.module";
import { BullMqModule } from "./bullmq/bullmq.module";
import { StitcherModule } from "./stitcher/stitcher.module";
import { TelemetryModule, TelemetryInterceptor } from "./telemetry";
import { RunnerJobsModule } from "./runner-jobs/runner-jobs.module";
import { JobEventsModule } from "./job-events/job-events.module";
import { JobStepsModule } from "./job-steps/job-steps.module";
import { CoordinatorIntegrationModule } from "./coordinator-integration/coordinator-integration.module";
import { FederationModule } from "./federation/federation.module";
import { CredentialsModule } from "./credentials/credentials.module";
import { RlsContextInterceptor } from "./common/interceptors/rls-context.interceptor";
@Module({
imports: [
// Rate limiting configuration
ThrottlerModule.forRootAsync({
useFactory: () => {
const ttl = parseInt(process.env.RATE_LIMIT_TTL ?? "60", 10) * 1000; // Convert to milliseconds
const limit = parseInt(process.env.RATE_LIMIT_GLOBAL_LIMIT ?? "100", 10);
return {
throttlers: [
{
ttl,
limit,
},
],
storage: new ThrottlerValkeyStorageService(),
};
},
}),
// BullMQ job queue configuration
BullModule.forRoot({
connection: {
host: process.env.VALKEY_HOST ?? "localhost",
port: parseInt(process.env.VALKEY_PORT ?? "6379", 10),
},
}),
TelemetryModule,
PrismaModule,
DatabaseModule,
ValkeyModule,
BullMqModule,
StitcherModule,
AuthModule,
ActivityModule,
TasksModule,
EventsModule,
ProjectsModule,
DomainsModule,
IdeasModule,
WidgetsModule,
LayoutsModule,
KnowledgeModule,
UsersModule,
WebSocketModule,
LlmModule,
LlmUsageModule,
BrainModule,
CronModule,
AgentTasksModule,
RunnerJobsModule,
JobEventsModule,
JobStepsModule,
CoordinatorIntegrationModule,
FederationModule,
CredentialsModule,
],
controllers: [AppController, CsrfController],
providers: [
AppService,
CsrfService,
{
provide: APP_INTERCEPTOR,
useClass: TelemetryInterceptor,
},
{
provide: APP_INTERCEPTOR,
useClass: RlsContextInterceptor,
},
{
provide: APP_GUARD,
useClass: ThrottlerApiKeyGuard,
},
{
provide: APP_GUARD,
useClass: CsrfGuard,
},
],
})
export class AppModule {}
Reference in New Issue View Git Blame Copy Permalink