Bug fixes for the ApiKeyProvider (#4)

intentionally-left-nil · web-flow · commit c7aad310b1bb · 2025-08-11T17:09:35.000-07:00
When actually implementing the ApiKeyProvider, several type issues were discovered. This PR fixes:
The api_key providers entrypoint is exported so it can be imported directly
RuntError options are optional, and the empty {} can be omitted
ListApiKeys takes in a limit/offset value
ApiKeyProvider passes back an AuthenticatedContext, to prevent unecessary non-null assertions
The index exports all the values from shared, not just the types
diff --git a/package.json b/package.json
@@ -23,6 +23,10 @@
     ".": {
       "import": "./dist/index.js",
       "types": "./dist/index.d.ts"
+    },
+    "./providers/api_key": {
+      "import": "./dist/providers/api_key.js",
+      "types": "./dist/providers/api_key.d.ts"
     }
   },
   "files": [
diff --git a/src/errors.ts b/src/errors.ts
@@ -35,7 +35,7 @@ export type ErrorPayload = {
 export class RuntError extends Error {
   constructor(
     public type: ErrorType,
-    private options: ExtensionErrorOptions
+    private options: ExtensionErrorOptions = {}
   ) {
     super(options.message ?? `RuntError: ${type}`, { cause: options.cause });
   }
diff --git a/src/index.ts b/src/index.ts
@@ -1,5 +1,5 @@
 import type { ApiKeyProvider } from './providers/api_key';
-export type * from './providers/shared';
+export * from './providers/shared';
 export * from './errors';
 
 export type BackendExtension = {
diff --git a/src/providers/api_key.ts b/src/providers/api_key.ts
@@ -1,5 +1,5 @@
 import type { Response as WorkerResponse } from '@cloudflare/workers-types';
-import type { Passport, ProviderContext, Scope, Resource } from './shared';
+import type { Passport, ProviderContext, Scope, Resource, AuthenticatedProviderContext } from './shared';
 
 export enum ApiKeyCapabilities {
   Revoke = 'revoke',
@@ -21,14 +21,19 @@ export type ApiKey = CreateApiKeyRequest & {
   revoked: boolean;
 };
 
+export type ListApiKeysRequest = {
+  limit?: number;
+  offset?: number;
+};
+
 export type ApiKeyProvider = {
   capabilities: Set<ApiKeyCapabilities>;
   overrideHandler?: (context: ProviderContext) => Promise<false | WorkerResponse>; // Any routes the provider wants to fully implement. Return false for any route not handled
   isApiKey(context: ProviderContext): boolean; // Returns true if the auth token appears to be an API key (whether or not it is valid)
   validateApiKey(context: ProviderContext): Promise<Passport>; // Ensure the API key is valid, and returns the Passport. Raise an error otherwise
-  createApiKey: (context: ProviderContext, request: CreateApiKeyRequest) => Promise<string>;
-  getApiKey: (context: ProviderContext, id: string) => Promise<ApiKey>; // Returns the API key matching the specific api key id
-  listApiKeys: (context: ProviderContext) => Promise<ApiKey[]>; // Return a list of all API keys for a user
-  revokeApiKey: (context: ProviderContext, id: string) => Promise<void>; // set the revoked flag for an API key, such that it will no longer be valid
-  deleteApiKey: (context: ProviderContext, id: string) => Promise<void>; // Delete an API key from the database
+  createApiKey: (context: AuthenticatedProviderContext, request: CreateApiKeyRequest) => Promise<string>;
+  getApiKey: (context: AuthenticatedProviderContext, id: string) => Promise<ApiKey>; // Returns the API key matching the specific api key id
+  listApiKeys: (context: AuthenticatedProviderContext, request: ListApiKeysRequest) => Promise<ApiKey[]>; // Return a list of all API keys for a user
+  revokeApiKey: (context: AuthenticatedProviderContext, id: string) => Promise<void>; // set the revoked flag for an API key, such that it will no longer be valid
+  deleteApiKey: (context: AuthenticatedProviderContext, id: string) => Promise<void>; // Delete an API key from the database
 };
diff --git a/src/providers/shared.ts b/src/providers/shared.ts
@@ -23,7 +23,7 @@ export type User = {
   email: string;
   name?: string;
   givenName?: string;
-  familyName: string;
+  familyName?: string;
 };
 
 export type Resource = {
@@ -46,3 +46,9 @@ export type ProviderContext = {
   bearerToken: string | null;
   passport: Passport | null;
 };
+
+// https://github.com/microsoft/TypeScript/issues/28374
+type NonNullableValues<T> = {
+  [P in keyof T]-?: NonNullable<T[P]>;
+};
+export type AuthenticatedProviderContext = NonNullableValues<ProviderContext>;

Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,7 @@ export type ErrorPayload = {`
`35`	`35`	`export class RuntError extends Error {`
`36`	`36`	`constructor(`
`37`	`37`	`public type: ErrorType,`
`38`		`- private options: ExtensionErrorOptions`
	`38`	`+ private options: ExtensionErrorOptions = {}`
`39`	`39`	`) {`
`40`	`40`	super(options.message ?? `RuntError: ${type}`, { cause: options.cause });
`41`	`41`	`}`