feat: implement api key last used at

api-description/web-api.swagger.yaml

@@ -8768,6 +8768,9 @@ definitions:
         type: string
       environmentName:
         type: string
+      lastUsedAt:
+        type: string
+        format: int64
   accountAPIKeyRole:
     type: string
     enum:
@@ -9335,6 +9338,8 @@ definitions:
     required:
       - changeType
       - team
+  accountUpdateAPIKeyLastUsedAtResponse:
+    type: object
   accountUpdateAPIKeyRequest:
     type: object
     properties:

migration/mysql/20251028072327_update_last_used_at_api_key_table.sql

@@ -0,0 +1 @@
+ALTER TABLE api_key ADD COLUMN last_used_at bigint DEFAULT 0;

migration/mysql/atlas.sum

@@ -1,4 +1,4 @@
-h1:sbwKrn+UjmZchqTeIaRqq00fxno8oq6vba/UVm6GN8A=
+h1:jLGSNaAAAnRJ8v7ZLH7JHqjFe8HPv3wXCLetHRB/RXg=
 20240626022133_initialization.sql h1:reSmqMhqnsrdIdPU2ezv/PXSL0COlRFX4gQA4U3/wMo=
 20240708065726_update_audit_log_table.sql h1:fi8Xxw4WfSlHDyvq2Ni/8JUiZW8z/0qWWyWm6jFdUy8=
 20240815043128_update_auto_ops_rule_table.sql h1:IKSW9W/XO6SWAYl5WPLJSg6KdsfcZ3rfQhIrf7aOnYc=
@@ -32,3 +32,4 @@ h1:sbwKrn+UjmZchqTeIaRqq00fxno8oq6vba/UVm6GN8A=
 20250411093510_update_audit_log_table.sql h1:KDbGMLbeKhtUc833pAvKOiw9JdM4rXSUVc34TOywvc8=
 20250618071930_create_team_table.sql h1:Gc0+XyVk0zM+wWdWfqtkox2WQEnzftNX3FR7qpEAioU=
 20250711131250_update_indexes.sql h1:ghjrhD9mDtCHaHL7HbiAkTjmRHp6EZ3eerVjb8cSZCA=
+20251028072327_update_last_used_at_api_key_table.sql h1:cuC7b8RV6QPv2LKij2Ld1cqkH8tpQB85Y+J8fHbi+38=

pkg/account/api/api_key.go

@@ -773,3 +773,62 @@ func (s *AccountService) UpdateAPIKey(
 
 	return &proto.UpdateAPIKeyResponse{}, nil
 }
+
+func (s *AccountService) UpdateAPIKeyLastUsedAt(
+	ctx context.Context,
+	req *proto.UpdateAPIKeyLastUsedAtRequest,
+) (*proto.UpdateAPIKeyLastUsedAtResponse, error) {
+	// No need to check roles since this is only allowed to be called internally by other services.
+	err := validateUpdateAPIKeyLastUsedAtRequest(req)
+	if err != nil {
+		s.logger.Error("Invalid UpdateAPIKeyLastUsedAt request",
+			log.FieldsFromIncomingContext(ctx).AddFields(
+				zap.Error(err),
+				zap.String("apiKeyId", req.ApiKeyId),
+				zap.Int64("lastUsedAt", req.LastUsedAt),
+			)...)
+		return nil, err
+	}
+
+	err = s.mysqlClient.RunInTransactionV2(ctx, func(contextWithTx context.Context, _ mysql.Transaction) error {
+		envAPIKey, err := s.accountStorage.GetEnvironmentAPIKey(contextWithTx, req.ApiKeyId)
+		if err != nil {
+			return err
+		}
+		apiKey := &domain.APIKey{
+			APIKey: envAPIKey.ApiKey,
+		}
+		err = apiKey.SetUsedAt(req.LastUsedAt)
+		if err != nil {
+			return err
+		}
+		return s.accountStorage.UpdateAPIKey(contextWithTx, apiKey, envAPIKey.Environment.Id)
+	})
+	if err != nil {
+		if errors.Is(err, v2as.ErrAPIKeyNotFound) {
+			return nil, statusNotFound.Err()
+		}
+		s.logger.Error(
+			"Failed to update api key last used at",
+			log.FieldsFromIncomingContext(ctx).AddFields(
+				zap.Error(err),
+				zap.String("id", req.ApiKeyId),
+			)...,
+		)
+		return nil, api.NewGRPCStatus(err).Err()
+	}
+	return &proto.UpdateAPIKeyLastUsedAtResponse{}, nil
+}
+
+func validateUpdateAPIKeyLastUsedAtRequest(
+	req *proto.UpdateAPIKeyLastUsedAtRequest,
+) error {
+	if req.ApiKeyId == "" {
+		return statusMissingAPIKeyID.Err()
+	}
+
+	if req.LastUsedAt <= 0 {
+		return statusInvalidLastUsedAt.Err()
+	}
+	return nil
+}

pkg/account/api/error.go

@@ -48,4 +48,5 @@ var (
 	statusSearchFilterIDIsEmpty                  = api.NewGRPCStatus(pkgErr.NewErrorInvalidArgEmpty(pkgErr.AccountPackageName, "search filter ID is empty", "search_filter_ID"))
 	statusSearchFilterIDNotFound                 = api.NewGRPCStatus(pkgErr.NewErrorNotFound(pkgErr.AccountPackageName, "search filter not found", "search_filter"))
 	statusInvalidListAPIKeyRequest               = api.NewGRPCStatus(pkgErr.NewErrorInvalidArgEmpty(pkgErr.AccountPackageName, "invalid list api key request", "list_api_key_request"))
+	statusInvalidLastUsedAt                      = api.NewGRPCStatus(pkgErr.NewErrorInvalidArgNotMatchFormat(pkgErr.AccountPackageName, "last used at is invalid", "last_used_at"))
 )

pkg/account/domain/api_key.go

@@ -22,11 +22,19 @@ import (
 	wrapperspb "github.com/golang/protobuf/ptypes/wrappers"
 	"github.com/jinzhu/copier"
 
+	pkgErr "github.com/bucketeer-io/bucketeer/v2/pkg/error"
 	proto "github.com/bucketeer-io/bucketeer/v2/proto/account"
 )
 
 const keyBytes = 32
 
+var (
+	ErrLastUsedAtNotUpdated = pkgErr.NewErrorFailedPrecondition(
+		pkgErr.AccountPackageName, "last used at not updated")
+	ErrInvalidLastUsedAt = pkgErr.NewErrorInvalidArgNotMatchFormat(
+		pkgErr.AccountPackageName, "invalid last used at", "last_used_at")
+)
+
 type APIKey struct {
 	*proto.APIKey
 }
@@ -115,3 +123,14 @@ func (a *APIKey) Update(
 	updated.UpdatedAt = time.Now().Unix()
 	return updated, nil
 }
+
+func (a *APIKey) SetUsedAt(lastUsedAt int64) error {
+	if lastUsedAt <= 0 {
+		return ErrInvalidLastUsedAt
+	}
+	if a.LastUsedAt >= lastUsedAt {
+		return ErrLastUsedAtNotUpdated
+	}
+	a.LastUsedAt = lastUsedAt
+	return nil
+}

pkg/account/storage/v2/api_key.go

@@ -88,6 +88,7 @@ func (s *accountStorage) UpdateAPIKey(ctx context.Context, k *domain.APIKey, env
 		k.Maintainer,
 		k.Description,
 		k.UpdatedAt,
+		k.LastUsedAt,
 		k.Id,
 		environmentID,
 	)
@@ -122,6 +123,7 @@ func (s *accountStorage) GetAPIKey(ctx context.Context, id, environmentID string
 		&apiKey.Description,
 		&apiKey.ApiKey,
 		&apiKey.Maintainer,
+		&apiKey.LastUsedAt,
 	)
 	if err != nil {
 		if errors.Is(err, mysql.ErrNoRows) {
@@ -155,6 +157,7 @@ func (s *accountStorage) GetAPIKeyByAPIKey(
 		&apiKeyDB.Description,
 		&apiKeyDB.ApiKey,
 		&apiKeyDB.Maintainer,
+		&apiKeyDB.LastUsedAt,
 	)
 	if err != nil {
 		if errors.Is(err, mysql.ErrNoRows) {
@@ -191,6 +194,7 @@ func (s *accountStorage) ListAllEnvironmentAPIKeys(
 			&apiKeyDB.Description,
 			&apiKeyDB.ApiKey,
 			&apiKeyDB.Maintainer,
+			&apiKeyDB.LastUsedAt,
 
 			// Environment columns
 			&envDB.Id,
@@ -246,6 +250,7 @@ func (s *accountStorage) GetEnvironmentAPIKey(
 		&apiKeyDB.Description,
 		&apiKeyDB.ApiKey,
 		&apiKeyDB.Maintainer,
+		&apiKeyDB.LastUsedAt,
 
 		// Environment columns
 		&envDB.Id,
@@ -306,6 +311,7 @@ func (s *accountStorage) ListAPIKeys(
 			&apiKey.EnvironmentName,
 			&apiKey.ApiKey,
 			&apiKey.Maintainer,
+			&apiKey.LastUsedAt,
 		)
 		if err != nil {
 			return nil, 0, 0, err

pkg/account/storage/v2/api_key_test.go

@@ -126,6 +126,7 @@ func TestUpdateAPIKey(t *testing.T) {
 	createdAt := int64(2)
 	updatedAt := int64(3)
 	maintainer := "demo@bucketeer.io"
+	lastUsedAt := int64(16000000000)
 
 	patterns := []struct {
 		desc          string
@@ -170,11 +171,11 @@ func TestUpdateAPIKey(t *testing.T) {
 				s.qe.(*mock.MockQueryExecer).EXPECT().ExecContext(
 					gomock.Any(),
 					gomock.Any(),
-					name, int32(role), disabled, maintainer, description, updatedAt, id, environmentId,
+					name, int32(role), disabled, maintainer, description, updatedAt, lastUsedAt, id, environmentId,
 				).Return(result, nil)
 			},
 			input: &domain.APIKey{
-				APIKey: &proto.APIKey{Id: id, Name: name, Role: role, Disabled: disabled, Maintainer: maintainer, Description: description, CreatedAt: createdAt, UpdatedAt: updatedAt},
+				APIKey: &proto.APIKey{Id: id, Name: name, Role: role, Disabled: disabled, Maintainer: maintainer, Description: description, LastUsedAt: lastUsedAt, CreatedAt: createdAt, UpdatedAt: updatedAt},
 			},
 			environmentId: environmentId,
 			expectedErr:   nil,

pkg/account/storage/v2/sql/api_key_v2/select_all_environment_api_keys_v2.sql

@@ -8,6 +8,7 @@ SELECT
     ak.description AS api_key_description,
     ak.api_key AS api_key_key,
     ak.maintainer AS api_key_maintainer,
+    ak.last_used_at AS api_key_last_used_at,
 
     env.id AS environment_id,
     env.name AS environment_name,

pkg/account/storage/v2/sql/api_key_v2/select_api_key_v2.sql

@@ -8,7 +8,8 @@ SELECT
     api_key.description,
     environment_v2.name as environment_name,
     api_key.api_key,
-    api_key.maintainer
+    api_key.maintainer,
+    api_key.last_used_at
 FROM
     api_key
 LEFT JOIN environment_v2 ON api_key.environment_id = environment_v2.id

pkg/account/storage/v2/sql/api_key_v2/select_api_key_v2_by_api_key.sql

@@ -7,7 +7,8 @@ SELECT
     updated_at,
     description,
     api_key,
-    maintainer
+    maintainer,
+    last_used_at
 FROM
     api_key
 WHERE

pkg/account/storage/v2/sql/api_key_v2/select_api_key_v2_by_id.sql

@@ -7,7 +7,8 @@ SELECT
     updated_at,
     description,
     api_key,
-    maintainer
+    maintainer,
+    last_used_at
 FROM
     api_key
 WHERE

pkg/account/storage/v2/sql/api_key_v2/select_environment_api_key_v2.sql

@@ -8,6 +8,7 @@ SELECT
     ak.description AS api_key_description,
     ak.api_key AS api_key_key,
     ak.maintainer AS api_key_maintainer,
+    ak.last_used_at AS api_key_last_used_at,
 
     env.id AS environment_id,
     env.name AS environment_name,

pkg/account/storage/v2/sql/api_key_v2/update_api_key_v2.sql

@@ -4,7 +4,8 @@ UPDATE api_key SET
     disabled = ?,
     maintainer = ?,
     description = ?,
-    updated_at = ?
+    updated_at = ?,
+    last_used_at = ?
 WHERE
     id = ? AND
     environment_id = ?