Error handling for encrypt fail as well as disabled store encrypt keys

unkeyed · Sep 19, 2024 · 4b74619 · 4b74619
1 parent babbde4
commit 4b74619
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 10 deletions.
diff --git a/apps/dashboard/app/(app)/apis/[apiId]/keys/[keyAuthId]/new/client.tsx b/apps/dashboard/app/(app)/apis/[apiId]/keys/[keyAuthId]/new/client.tsx
@@ -178,8 +178,7 @@ export const CreateKey: React.FC<Props> = ({ apiId, keyAuthId }) => {
     },
     onError(err) {
       console.error(err);
-      const message = parseTrpcError(err);
-      toast.error(message);
+      toast.error(err.message);
     },
   });
 
@@ -266,7 +265,7 @@ export const CreateKey: React.FC<Props> = ({ apiId, keyAuthId }) => {
                 Please pass it on to your user or store it somewhere safe.
               </AlertDescription>
             </Alert>
-            <Code className="flex items-center justify-between w-full gap-4 mt-2 my-8 ph-no-capture max-sm:text-xs sm:overflow-hidden"> 
+            <Code className="flex items-center justify-between w-full gap-4 mt-2 my-8 ph-no-capture max-sm:text-xs sm:overflow-hidden">
               <pre>{showKey ? key.data.key : maskedKey}</pre>
               <div className="flex items-start justify-between gap-4 max-sm:absolute max-sm:right-11">
                 <VisibleButton isVisible={showKey} setIsVisible={setShowKey} />

diff --git a/apps/dashboard/lib/trpc/routers/key/create.ts b/apps/dashboard/lib/trpc/routers/key/create.ts
@@ -103,22 +103,45 @@ export const createKey = t.procedure
             "We are unable to create the key. Please contact support using support.unkey.dev",
         });
       });
+    if (input.recoverEnabled && !keyAuth?.storeEncryptedKeys) {
+      throw new TRPCError({
+        code: "INTERNAL_SERVER_ERROR",
+        message:
+          "Storing encrypted keys for your workspace is disabled. Please contact support using [email protected]",
+      });
+    }
+
     if (input.recoverEnabled && keyAuth?.storeEncryptedKeys) {
       const vault = new Vault(env().AGENT_URL, env().AGENT_TOKEN);
       const encryptReq: EncryptRequest = {
-        keyring: workspace.id,
+        keyring: workspace?.id,
         data: key,
       };
       const requestId = crypto.randomUUID();
       const context: RequestContext = { requestId };
-      const vaultRes = await vault.encrypt(context, encryptReq);
-      await db.insert(schema.encryptedKeys).values({
-        keyId: keyId,
-        workspaceId: workspace.id,
-        encrypted: vaultRes.encrypted,
-        encryptionKeyId: vaultRes.keyId,
+      const vaultRes = await vault.encrypt(context, encryptReq).catch((_err) => {
+        throw new TRPCError({
+          code: "INTERNAL_SERVER_ERROR",
+          message: "Encryption Failed. Please contact support using [email protected]",
+        });
       });
+      await db
+        .insert(schema.encryptedKeys)
+        .values({
+          keyId: keyId,
+          workspaceId: workspace?.id,
+          encrypted: vaultRes.encrypted,
+          encryptionKeyId: vaultRes.keyId,
+        })
+        .catch((_err) => {
+          throw new TRPCError({
+            code: "INTERNAL_SERVER_ERROR",
+            message:
+              "We are unable to store encrypt the key. Please contact support using [email protected]",
+          });
+        });
     }
+
     await ingestAuditLogs({
       workspaceId: workspace.id,
       actor: { type: "user", id: ctx.user.id },