Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 | 1x 1x 1x 1x 1x 1x 9x 9x 9x 1x 8x 8x 1x 7x 6x 1x 5x 1x 4x 1x 3x 2x 2x 2x | /**
* Revoke API Key Lambda
* DELETE /v1/admin/api-keys/{id}
*
* Revokes an API key (sets status to 'revoked')
* Requires JWT authentication and ownership verification
*/
const { DynamoDBClient } = require('@aws-sdk/client-dynamodb')
const { DynamoDBDocumentClient, GetCommand, UpdateCommand } = require('@aws-sdk/lib-dynamodb')
const client = new DynamoDBClient({})
const docClient = DynamoDBDocumentClient.from(client)
const API_KEYS_TABLE = process.env.API_KEYS_TABLE
exports.handler = async (event) => {
try {
// Only JWT authentication allowed for admin operations
const userId = event.requestContext?.authorizer?.claims?.sub
if (!userId) {
return {
statusCode: 401,
headers: {
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*'
},
body: JSON.stringify({ error: 'Authentication required' })
}
}
// Get API key ID from path
const keyId = event.pathParameters?.id
if (!keyId) {
return {
statusCode: 400,
headers: {
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*'
},
body: JSON.stringify({ error: 'API key ID is required' })
}
}
// Get existing API key
const getResult = await docClient.send(
new GetCommand({
TableName: API_KEYS_TABLE,
Key: { id: keyId }
})
)
if (!getResult.Item) {
return {
statusCode: 404,
headers: {
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*'
},
body: JSON.stringify({ error: 'API key not found' })
}
}
// Verify ownership
if (getResult.Item.createdBy !== userId) {
return {
statusCode: 403,
headers: {
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*'
},
body: JSON.stringify({ error: 'You do not have permission to revoke this API key' })
}
}
// Check if already revoked
if (getResult.Item.status === 'revoked') {
return {
statusCode: 400,
headers: {
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*'
},
body: JSON.stringify({ error: 'API key is already revoked' })
}
}
// Revoke the API key
await docClient.send(
new UpdateCommand({
TableName: API_KEYS_TABLE,
Key: { id: keyId },
UpdateExpression: 'SET #status = :status, revokedAt = :revokedAt, revokedBy = :revokedBy',
ExpressionAttributeNames: {
'#status': 'status'
},
ExpressionAttributeValues: {
':status': 'revoked',
':revokedAt': new Date().toISOString(),
':revokedBy': userId
}
})
)
return {
statusCode: 200,
headers: {
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*'
},
body: JSON.stringify({
message: 'API key revoked successfully',
id: keyId
})
}
} catch (error) {
console.error('Error revoking API key:', error)
return {
statusCode: 500,
headers: {
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*'
},
body: JSON.stringify({
error: 'Failed to revoke API key',
message: error.message
})
}
}
}
|