Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions app/Services/Api/ApiKeyGenerator.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
<?php

declare(strict_types=1);

namespace App\Services\Api;

use App\Models\ApiKey;
use App\Models\User;
use Illuminate\Support\Str;

final class ApiKeyGenerator
{
public function create(User $user, string $name): GeneratedApiKey
{
$plainToken = 'fc_'.Str::random(64);
$hash = hash('sha256', $plainToken);

$apiKey = ApiKey::create([
'user_id' => $user->id,
'name' => $name,
'token_hash' => $hash,
]);

return new GeneratedApiKey(apiKey: $apiKey, plainToken: $plainToken);
}
}
15 changes: 15 additions & 0 deletions app/Services/Api/GeneratedApiKey.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
<?php

declare(strict_types=1);

namespace App\Services\Api;

use App\Models\ApiKey;

final readonly class GeneratedApiKey
{
public function __construct(
public ApiKey $apiKey,
public string $plainToken,
) {}
}
40 changes: 40 additions & 0 deletions tests/Feature/Services/Api/ApiKeyGeneratorTest.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
<?php

declare(strict_types=1);

use App\Models\User;
use App\Services\Api\ApiKeyGenerator;

it('creates api key and returns plain token once', function () {
$user = User::factory()->create();

$result = app(ApiKeyGenerator::class)->create($user, 'Test key');

expect($result->plainToken)->toStartWith('fc_');
expect($result->apiKey->name)->toBe('Test key');
expect($result->apiKey->token_hash)->not->toBe($result->plainToken);
expect(hash('sha256', $result->plainToken))->toBe($result->apiKey->token_hash);
});

it('stores api key for the given user', function () {
$user = User::factory()->create();

$result = app(ApiKeyGenerator::class)->create($user, 'My key');

expect($result->apiKey->user_id)->toBe($user->id);
$this->assertDatabaseHas('api_keys', [
'user_id' => $user->id,
'name' => 'My key',
'token_hash' => hash('sha256', $result->plainToken),
]);
});

it('does not store plain token in database', function () {
$user = User::factory()->create();

$result = app(ApiKeyGenerator::class)->create($user, 'Secure key');

$this->assertDatabaseMissing('api_keys', [
'token_hash' => $result->plainToken,
]);
});