Extract api_key value to a dedicated model ApiKey

.rubocop.yml

@@ -5,6 +5,8 @@ require:
   - rubocop-rails
   - rubocop-thread_safety
   - rubocop-graphql
+  - rubocop-factory_bot
+  - rubocop-rspec_rails
   - ./dev/cops/service_call_cop.rb
 
 inherit_gem:

app/controllers/api/base_controller.rb

@@ -27,8 +27,9 @@ def authenticate
       true
     end
 
-    def current_organization(api_key = nil)
-      @current_organization ||= Organization.find_by(api_key:)
+    def current_organization(value = nil)
+      @current_organization ||=
+        ApiKey.find_by(value:)&.organization || Organization.find_by(api_key: value)
     end
 
     def set_context_source

app/graphql/types/organizations/current_organization_type.rb

@@ -52,6 +52,10 @@ class CurrentOrganizationType < BaseOrganizationType
       def webhook_url
         object.webhook_endpoints.map(&:webhook_url).first
       end
+
+      def api_key
+        object.api_keys.first.value
+      end
     end
   end
 end

app/models/api_key.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+class ApiKey < ApplicationRecord
+  include PaperTrailTraceable
+
+  belongs_to :organization
+
+  before_create :set_value
+
+  def generate_value
+    value = SecureRandom.uuid
+    api_key = ApiKey.find_by(value:)
+
+    return generate_value if api_key.present?
+
+    value
+  end
+
+  private
+
+  def set_value
+    self.value = generate_value
+  end
+end
+
+# == Schema Information
+#
+# Table name: api_keys
+#
+#  id              :uuid             not null, primary key
+#  value           :string           not null
+#  created_at      :datetime         not null
+#  updated_at      :datetime         not null
+#  organization_id :uuid             not null
+#
+# Indexes
+#
+#  index_api_keys_on_organization_id  (organization_id)
+#
+# Foreign Keys
+#
+#  fk_rails_...  (organization_id => organizations.id)
+#

app/models/organization.rb

@@ -10,6 +10,7 @@ class Organization < ApplicationRecord
     'credit_note.created'
   ].freeze
 
+  has_many :api_keys
   has_many :memberships
   has_many :users, through: :memberships
   has_many :billable_metrics
@@ -58,8 +59,6 @@ class Organization < ApplicationRecord
 
   enum document_numbering: DOCUMENT_NUMBERINGS
 
-  before_create :generate_api_key
-
   validates :country, country_code: true, unless: -> { country.nil? }
   validates :default_currency, inclusion: {in: currency_list}
   validates :document_locale, language_code: true
@@ -124,15 +123,6 @@ def auto_dunning_enabled?
 
   private
 
-  def generate_api_key
-    api_key = SecureRandom.uuid
-    orga = Organization.find_by(api_key:)
-
-    return generate_api_key if orga.present?
-
-    self.api_key = SecureRandom.uuid
-  end
-
   # NOTE: After creating an organization, default document_number_prefix needs to be generated.
   # Example of expected format is ORG-4321
   def generate_document_number_prefix

app/models/webhook.rb

@@ -8,8 +8,7 @@ class Webhook < ApplicationRecord
   belongs_to :webhook_endpoint
   belongs_to :object, polymorphic: true, optional: true
 
-  # TODO: Use relation to be able to eager load
-  delegate :organization, to: :webhook_endpoint
+  has_one :organization, through: :webhook_endpoint
 
   enum status: STATUS
 
@@ -57,7 +56,8 @@ def jwt_signature
   end
 
   def hmac_signature
-    hmac = OpenSSL::HMAC.digest('sha-256', organization.api_key, payload.to_json)
+    api_key_value = organization.api_keys.first.value
+    hmac = OpenSSL::HMAC.digest('sha-256', api_key_value, payload.to_json)
     Base64.strict_encode64(hmac)
   end
 

app/services/organizations/create_service.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Organizations
+  class CreateService < BaseService
+    def initialize(params)
+      @params = params
+      super
+    end
+
+    def call
+      organization = Organization.new(params)
+
+      ActiveRecord::Base.transaction do
+        organization.save!
+        organization.api_keys.create!
+      end
+
+      result.organization = organization
+      result
+    rescue ActiveRecord::RecordInvalid => e
+      result.record_validation_failure!(record: e.record)
+    end
+
+    private
+
+    attr_reader :params
+  end
+end

app/services/users_service.rb

@@ -29,7 +29,10 @@ def register(email, password, organization_name)
 
     ActiveRecord::Base.transaction do
       result.user = User.create!(email:, password:)
-      result.organization = Organization.create!(name: organization_name, document_numbering: 'per_organization')
+
+      result.organization = Organizations::CreateService
+        .call(name: organization_name, document_numbering: 'per_organization')
+        .organization
 
       result.membership = Membership.create!(
         user: result.user,

db/migrate/20241021140054_create_api_keys.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+class CreateApiKeys < ActiveRecord::Migration[7.1]
+  def up
+    create_table :api_keys, id: :uuid do |t|
+      t.references :organization, type: :uuid, null: false, foreign_key: true
+
+      t.string :value, null: false
+
+      t.timestamps
+    end
+
+    safety_assured do
+      execute <<-SQL
+      INSERT INTO api_keys (value, organization_id, created_at, updated_at)
+      SELECT organizations.api_key, organizations.id, organizations.created_at, organizations.created_at
+      FROM organizations
+      SQL
+    end
+  end
+
+  def down
+    safety_assured do
+      execute <<-SQL
+      UPDATE organizations
+      SET api_key = first_api_key.value
+      FROM (
+          SELECT DISTINCT ON (organization_id) 
+              organization_id,
+              value
+          FROM api_keys
+          ORDER BY organization_id, id ASC
+      ) first_api_key
+      WHERE organizations.id = first_api_key.organization_id
+      AND organizations.api_key IS NULL
+      SQL
+    end
+
+    drop_table :api_keys
+  end
+end

db/seeds/base.rb

@@ -10,6 +10,7 @@
 organization = Organization.find_or_create_by!(name: 'Hooli')
 organization.premium_integrations = Organization::PREMIUM_INTEGRATIONS
 organization.save!
+ApiKey.find_or_create_by!(organization:)
 Membership.find_or_create_by!(user:, organization:, role: :admin)
 
 # NOTE: define a billing model

db/seeds/webhooks.rb

@@ -4,6 +4,7 @@
 require 'factory_bot_rails'
 
 organization = Organization.find_or_create_by!(name: 'Hooli')
+ApiKey.find_or_create_by!(organization:)
 
 webhook_endpoint = WebhookEndpoint.find_or_create_by!(organization:, webhook_url: 'http://test.lago.dev/webhook')
 

lib/tasks/signup.rake

@@ -13,9 +13,15 @@ namespace :signup do
         .find_or_create_by!(email: ENV['LAGO_ORG_USER_EMAIL'])
       organization = Organization.find_or_create_by!(name: ENV['LAGO_ORG_NAME'])
       raise "Couldn't find LAGO_ORG_API_KEY in environement variables" if ENV['LAGO_ORG_API_KEY'].blank?
-
-      organization.api_key = ENV['LAGO_ORG_API_KEY']
       organization.save!
+
+      existing_api_key = ApiKey.find_by(organization:, value: ENV['LAGO_ORG_API_KEY'])
+
+      unless existing_api_key
+        api_key = ApiKey.create!(organization:)
+        api_key.update!(value: ENV['LAGO_ORG_API_KEY'])
+      end
+
       Membership.find_or_create_by!(user:, organization:, role: :admin)
 
       pp 'ending seeding environment'

spec/factories/api_keys.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+FactoryBot.define do
+  factory :api_key do
+    organization { association(:organization) }
+  end
+end

spec/factories/organizations.rb

@@ -13,7 +13,11 @@
     end
 
     after(:create) do |organization, evaluator|
-      organization.webhook_endpoints.create(webhook_url: evaluator.webhook_url)
+      if evaluator.webhook_url
+        organization.webhook_endpoints.create!(webhook_url: evaluator.webhook_url)
+      end
+
+      organization.api_keys.create!
     end
   end
 end

spec/graphql/resolvers/organization_resolver_spec.rb

@@ -66,7 +66,7 @@
 
       aggregate_failures do
         expect(data['taxIdentificationNumber']).to eq(organization.tax_identification_number)
-        expect(data['apiKey']).to eq(organization.api_key)
+        expect(data['apiKey']).to eq(organization.api_keys.first.value)
         expect(data['webhookUrl']).to eq(organization.webhook_endpoints.first.webhook_url)
         expect(data['billingConfiguration']['invoiceFooter']).to eq(organization.invoice_footer)
         expect(data['emailSettings']).to eq(organization.email_settings.map { _1.tr('.', '_') })

spec/models/api_key_spec.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe ApiKey, type: :model do
+  it { is_expected.to belong_to(:organization) }
+
+  describe '#save' do
+    subject { api_key.save! }
+
+    before do
+      allow(api_key).to receive(:set_value).and_call_original
+      subject
+    end
+
+    context 'with a new record' do
+      let(:api_key) { build(:api_key) }
+
+      it 'calls #set_value' do
+        expect(api_key).to have_received(:set_value)
+      end
+    end
+
+    context 'with a persisted record' do
+      let(:api_key) { create(:api_key) }
+
+      it 'does not call #set_value' do
+        expect(api_key).not_to have_received(:set_value)
+      end
+    end
+  end
+
+  describe '#set_value' do
+    subject { api_key.send(:set_value) }
+
+    let(:api_key) { build(:api_key) }
+    let(:unique_value) { SecureRandom.uuid }
+
+    before { allow(api_key).to receive(:generate_value).and_return(unique_value) }
+
+    it 'sets result of #generate_value to the value' do
+      expect { subject }.to change(api_key, :value).to unique_value
+    end
+  end
+
+  describe '#generate_value' do
+    subject { api_key.generate_value }
+
+    let(:api_key) { build(:api_key) }
+    let(:used_value) { create(:api_key).value }
+    let(:unique_value) { SecureRandom.uuid }
+
+    before do
+      allow(SecureRandom).to receive(:uuid).and_return(used_value, unique_value)
+    end
+
+    it 'returns unique value between all ApiKeys' do
+      expect(subject).to eq unique_value
+    end
+  end
+end