fix: cleanup obsoleted legacy api keys on api startup

[pujitm]

Summary by CodeRabbit

• Bug Fixes

  • Automatically removes stale legacy internal API keys at startup to prevent conflicts and reduce authentication issues.

• Chores

  • Added a startup cleanup routine to ensure legacy internal keys are cleared before monitoring changes.
  • Improved logging around cleanup outcomes for better observability.

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

Adds a startup-time cleanup in api-key.service to delete legacy internal API keys (CliInternal, ConnectInternal) from memory and persist deletion before enabling file watching. The cleanup is invoked in onModuleInit after loading keys. Success and failure paths are logged.

Changes

Cohort / File(s)	Summary
Auth API key service api/src/unraid-api/auth/api-key.service.ts	Added private cleanupLegacyInternalKeys method to find and delete legacy internal keys (CliInternal, ConnectInternal) from memoryApiKeys via deleteApiKeys. Called during onModuleInit after loadAllKeys and before watch setup. Added logging for cleanup result and failures.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Module as ApiKeyService (module)
  participant Store as memoryApiKeys
  participant Deleter as deleteApiKeys
  participant Watcher as File Watcher
  participant Log as Logger

  Note over Module: onModuleInit()
  Module->>Store: loadAllKeys()
  Store-->>Module: keys loaded

  rect rgba(223,245,255,0.4)
    Note over Module,Deleter: Startup cleanup of legacy keys (new)
    Module->>Module: cleanupLegacyInternalKeys()
    Module->>Store: find keys by name [CliInternal, ConnectInternal]
    alt Keys found
      Module->>Deleter: deleteApiKeys([legacyIds])
      Deleter-->>Module: deletion result
      Module->>Log: info/debug cleanup count
    else None found or error
      Module->>Log: debug failure or zero cleaned
    end
  end

  Module->>Watcher: enable file watching
  Watcher-->>Module: watching for changes

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

I sweep old keys with a thump-thump hop,
Cli and Connect—into the cleanup shop.
Before the watcher blinks its eyes,
I tidy the burrow, trim surprise.
Logs nibble numbers, carrots of truth—
Fresh starts, clean starts, code in youth. 🥕🐇

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between ab11e7f and 99ea31c.

📒 Files selected for processing (1)

• api/src/unraid-api/auth/api-key.service.ts (1 hunks)

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/legacy-key-cleanup

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[claude]

Claude finished @pujitm's task —— View job

---

Code Review Complete

Todo List:

• Read the changed file to understand the diff
• Analyze the added lines for critical issues
• Provide focused review feedback

Review Findings

✅ No critical issues found in changes

The added cleanup logic (lines 38, 44-59) appears safe:

• Data Safety: Uses existing deleteApiKeys() method which has proper validation
• Error Handling: Wrapped in try-catch with appropriate logging
• Scope: Only targets specific legacy keys ('CliInternal', 'ConnectInternal')
• Non-Breaking: Cleanup is optional and won't affect normal operations if it fails

The implementation follows existing patterns and doesn't introduce security, logic, or data loss risks.

---

[github-actions]

This plugin has been deployed to Cloudflare R2 and is available for testing.
Download it at this URL:

https://preview.dl.unraid.net/unraid-api/tag/PR1630/dynamix.unraid.net.plg