Skip to content

feat: Create API Token Expiration Parameter. BED-7448 #2420

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
RaymondLaubert wants to merge 6 commits into
base: main
Choose a base branch
from
+60 −1
Open

feat: Create API Token Expiration Parameter. BED-7448 #2420

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
2008837
feat: Added 'API Token Expiration' to the Parameter table. BED-7448
RaymondLaubert Feb 25, 2026
3503cf7
feat: Added the Expiration Period to the APITokenExpiration Parameter…
RaymondLaubert Feb 25, 2026
0652e54
feat: Updated the Default Value for the ExpirationPeriod. BED-7448
RaymondLaubert Feb 25, 2026
824bea2
feat: Updated the Default Value for APITokenExpiration Enabled. BED-7448
RaymondLaubert Feb 25, 2026
50e952b
feat: Fixed mistake with variable declaration. BED-7448
RaymondLaubert Feb 26, 2026
2cd90e5
feat: Resolved comments regarding APITokenExpiration ExpirationPeriod…
RaymondLaubert Feb 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions cmd/api/src/database/migration/migrations/v8.7.0.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -146,3 +146,13 @@ CREATE TABLE IF NOT EXISTS schema_list_findings (

CREATE INDEX IF NOT EXISTS idx_schema_list_findings_extension_id ON schema_list_findings (schema_extension_id);
CREATE INDEX IF NOT EXISTS idx_schema_list_findings_environment_id ON schema_list_findings(environment_id);

-- Add API Tokens Expiration Parameter
INSERT INTO parameter (key, name, description, value, created_at, updated_at)
VALUES ('auth.api_token_expiration',
'API Token Expiration',
'This configuration parameter enables/disables created API tokens to expire after the set number of days.',
'{"enabled":false, "expiration_period":90}',
current_timestamp,
current_timestamp)
ON CONFLICT DO NOTHING;
22 changes: 22 additions & 0 deletions cmd/api/src/database/parameters_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -213,3 +213,25 @@ func TestParameters_GetAPITokensParameter(t *testing.T) {

require.Equal(t, enableApiKeys, appcfg.GetAPITokensParameter(testCtx, db))
}

func TestParameters_GetAPITokenExpirationParameter(t *testing.T) {
var (
db = integration.SetupDB(t)
testCtx = context.Background()
apiKeyExpiration = true
expirationPeriod = 30
)

newVal, err := types.NewJSONBObject(map[string]any{"enabled": apiKeyExpiration, "expiration_period": expirationPeriod})
require.Nil(t, err)

require.Nil(t, db.SetConfigurationParameter(testCtx, appcfg.Parameter{
Key: appcfg.APITokenExpiration,
Value: newVal,
}))

valObtained := appcfg.GetAPITokenExpirationParameter(testCtx, db)

require.Equal(t, apiKeyExpiration, valObtained.Enabled)
require.Equal(t, expirationPeriod, valObtained.ExpirationPeriod)
}
29 changes: 28 additions & 1 deletion cmd/api/src/model/appcfg/parameter.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ const (
PruneTTL ParameterKey = "prune.ttl"
ReconciliationKey ParameterKey = "analysis.reconciliation"
ScheduledAnalysis ParameterKey = "analysis.scheduled"
APITokenExpiration ParameterKey = "auth.api_token_expiration"

// The below keys are not intended to be user updatable, so should not be added to IsValidKey
TrustedProxiesConfig ParameterKey = "http.trusted_proxies"
Expand Down Expand Up @@ -90,7 +91,7 @@ func (s *Parameter) Map(value any) error {

func (s *Parameter) IsValidKey(parameterKey ParameterKey) bool {
switch parameterKey {
case PasswordExpirationWindow, Neo4jConfigs, PruneTTL, CitrixRDPSupportKey, ReconciliationKey, ScheduledAnalysis:
case PasswordExpirationWindow, Neo4jConfigs, PruneTTL, CitrixRDPSupportKey, ReconciliationKey, ScheduledAnalysis, APITokenExpiration:
return true
default:
return false
Expand Down Expand Up @@ -151,6 +152,8 @@ func (s *Parameter) Validate() utils.Errors {
v = &TimeoutLimitParameter{}
case EnvironmentTargetedAccessControlKey:
v = &EnvironmentTargetedAccessControlParameters{}
case APITokenExpiration:
v = &APITokenExpirationParameter{}
default:
return utils.Errors{errors.New("invalid key")}
}
Expand Down Expand Up @@ -577,3 +580,27 @@ func GetEnvironmentTargetedAccessControlParameters(ctx context.Context, service

return result
}

type APITokenExpirationParameter struct {
Enabled bool `json:"enabled"`
ExpirationPeriod int `json:"expiration_period" validate:"min=1,max=365"`
}

func GetAPITokenExpirationParameter(ctx context.Context, service ParameterService) APITokenExpirationParameter {
result := APITokenExpirationParameter{Enabled: false, ExpirationPeriod: 90}

if cfg, err := service.GetConfigurationParameter(ctx, APITokenExpiration); err != nil {
slog.WarnContext(ctx, "Failed to fetch API tokens expiration configuration; returning default values.")
} else if err := cfg.Map(&result); err != nil {
slog.WarnContext(ctx, "Invalid API tokens expiration configuration supplied, returning default values.",
slog.String("invalid_configuration", err.Error()),
slog.String("parameter_key", string(APITokenExpiration)))
} else if result.ExpirationPeriod <= 0 || result.ExpirationPeriod > 365 {
slog.WarnContext(ctx, "Invalid API token expiration period supplied, returning default values.",
slog.Int("invalid_expiration_period", result.ExpirationPeriod),
slog.String("parameter_key", string(APITokenExpiration)))
result.ExpirationPeriod = 90
}

return result
}
Loading