refactor(api): Update logic for forking projects

[Dark-Kernel]

User description

Description

1. Updated the logic to fetch from Prisma.
2. Developed if condition block to check for accessLevel is set to Global or not.
3. Added another if condition to check if the project exists.

Fixes #364

Developer's checklist

• My PR follows the style guidelines of this project
• I have performed a self-check on my work

If changes are made in the code:

• I have followed the coding guidelines
• My changes in code generate no new warnings

Documentation Update

• This PR requires an update to the documentation at docs.keyshade.xyz
• I have made the necessary updates to the documentation, or no documentation changes are required.

---

PR Type

Enhancement, Bug fix

---

Description

• Updated the logic for forking projects to fetch project details directly from Prisma.
• Added validation to check if the project exists and if the user has the required access level.
• Introduced NotFoundException for missing projects and UnauthorizedException for insufficient access levels.

---

Changes walkthrough 📝

Relevant files

Enhancement

project.service.ts Update project forking logic with enhanced validation        apps/api/src/project/service/project.service.ts Added NotFoundException and UnauthorizedException imports. Replaced authority check with a direct Prisma query to fetch project details. Added checks for project existence and access level. Threw appropriate exceptions for missing project or insufficient access level. +24/-8

---

💡 PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

[codiumai-pr-agent-free]

PR Reviewer Guide 🔍

⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪

🧪 No relevant tests

🔒 Security concerns Sensitive Data Exposure: The code includes potential exposure of sensitive data (privateKey) which might not be securely handled or necessary in the given context. This could lead to security vulnerabilities if the data is mishandled or unnecessarily exposed.

⚡ Key issues to review Missing User Context The variable user.id is used in line 358 but there is no indication that the user object is available in the scope of the function. This could lead to a runtime error if user is not defined. Sensitive Data Exposure The privateKey field is selected from the database in line 348 but it's unclear if it's securely handled or if it's necessary to expose this sensitive data in this context.

[codiumai-pr-agent-free]

PR Code Suggestions ✨

Category	Suggestion	Score
Possible issue	Improve robustness by adding error handling for database operations Add error handling for the asynchronous findUnique method call to catch and manage potential exceptions or rejections from the database operation. apps/api/src/project/service/project.service.ts [340-349] -const project = await this.prisma.project.findUnique({ - where: { id: projectId }, - select: { - id: true, - name: true, - description: true, - storePrivateKey: true, - accessLevel: true, - privateKey: true - } -}) +let project; +try { + project = await this.prisma.project.findUnique({ + where: { id: projectId }, + select: { + id: true, + name: true, + description: true, + storePrivateKey: true, + accessLevel: true, + privateKey: true + } + }); +} catch (error) { + throw new BadRequestException(`Failed to retrieve project: ${error.message}`); +} Apply this suggestion Suggestion importance[1-10]: 10 Why: Adding error handling for the asynchronous findUnique method call is essential for robustness. It ensures that potential exceptions or rejections from the database operation are managed properly, preventing unexpected crashes and providing meaningful error messages.	10
Security	Improve security by preventing potential exposure of sensitive keys Consider adding a check for storePrivateKey and privateKey fields to ensure they are not inadvertently exposed or logged, which could lead to security vulnerabilities. apps/api/src/project/service/project.service.ts [346-348] -storePrivateKey: true, -privateKey: true +storePrivateKey: false, +privateKey: false Apply this suggestion Suggestion importance[1-10]: 9 Why: This suggestion is crucial for security as it prevents the inadvertent exposure of sensitive information such as storePrivateKey and privateKey. Ensuring these fields are not exposed or logged is a significant improvement.	9
Possible bug	Ensure the user context is securely handled by replacing direct access to user.id Replace the direct access of user.id with a parameter passed to the function or obtained through a secure method to ensure that the user context is correctly handled and to avoid potential runtime errors if the user object is not defined in this scope. apps/api/src/project/service/project.service.ts [358] -`User with id ${user.id} does not have the authority in the project with id ${project.id}` +`User with id ${currentUser.id} does not have the authority in the project with id ${project.id}` Apply this suggestion Suggestion importance[1-10]: 8 Why: This suggestion addresses a potential runtime error and improves security by ensuring that the user context is correctly handled. However, it assumes that currentUser is defined and accessible in the scope, which may require additional context or changes.	8
Maintainability	Enhance code readability and maintainability by refactoring condition checks into separate methods Refactor the condition checking the accessLevel to a separate method to enhance readability and maintainability of the code. apps/api/src/project/service/project.service.ts [356-359] -if (project.accessLevel !== 'GLOBAL') { +if (!this.isGlobalAccess(project)) { throw new UnauthorizedException( `User with id ${user.id} does not have the authority in the project with id ${project.id}` ) } Apply this suggestion Suggestion importance[1-10]: 7 Why: Refactoring the condition check into a separate method improves readability and maintainability. However, it is a minor improvement and does not address any critical issues.	7