Feature/Add Permissions To API Keys

docker/.env.example

@@ -1,7 +1,5 @@
 PORT=3000
 
-# APIKEY_PATH=/your_apikey_path/.flowise # (will be deprecated by end of 2025)
-
 ############################################################################################################
 ############################################## DATABASE ####################################################
 ############################################################################################################

docker/worker/.env.example

@@ -1,7 +1,5 @@
 WORKER_PORT=5566
 
-# APIKEY_PATH=/your_apikey_path/.flowise # (will be deprecated by end of 2025)
-
 ############################################################################################################
 ############################################## DATABASE ####################################################
 ############################################################################################################

packages/server/.env.example

@@ -1,7 +1,5 @@
 PORT=3000
 
-# APIKEY_PATH=/your_apikey_path/.flowise # (will be deprecated by end of 2025)
-
 ############################################################################################################
 ############################################## DATABASE ####################################################
 ############################################################################################################

packages/server/src/Interface.ts

@@ -346,15 +346,6 @@ export interface IUploadFileSizeAndTypes {
     maxUploadSize: number
 }
 
-export interface IApiKey {
-    id: string
-    keyName: string
-    apiKey: string
-    apiSecret: string
-    updatedDate: Date
-    workspaceId: string
-}
-
 export interface ICustomTemplate {
     id: string
     name: string

packages/server/src/controllers/apikey/index.ts

@@ -1,18 +1,17 @@
-import { Request, Response, NextFunction } from 'express'
+import { NextFunction, Request, Response } from 'express'
 import { StatusCodes } from 'http-status-codes'
+import { LoggedInUser } from '../../enterprise/Interface.Enterprise'
 import { InternalFlowiseError } from '../../errors/internalFlowiseError'
 import apikeyService from '../../services/apikey'
 import { getPageAndLimitParams } from '../../utils/pagination'
 
 // Get api keys
 const getAllApiKeys = async (req: Request, res: Response, next: NextFunction) => {
     try {
-        const autoCreateNewKey = true
+        const user = req.user as LoggedInUser
         const { page, limit } = getPageAndLimitParams(req)
-        if (!req.user?.activeWorkspaceId) {
-            throw new InternalFlowiseError(StatusCodes.PRECONDITION_FAILED, `Workspace ID is required`)
-        }
-        const apiResponse = await apikeyService.getAllApiKeys(req.user?.activeWorkspaceId, autoCreateNewKey, page, limit)
+
+        const apiResponse = await apikeyService.getAllApiKeys(user, page, limit)
         return res.json(apiResponse)
     } catch (error) {
         next(error)
@@ -24,10 +23,14 @@ const createApiKey = async (req: Request, res: Response, next: NextFunction) =>
         if (typeof req.body === 'undefined' || !req.body.keyName) {
             throw new InternalFlowiseError(StatusCodes.PRECONDITION_FAILED, `Error: apikeyController.createApiKey - keyName not provided!`)
         }
-        if (!req.user?.activeWorkspaceId) {
-            throw new InternalFlowiseError(StatusCodes.PRECONDITION_FAILED, `Workspace ID is required`)
+        if (!req.body.permissions || typeof req.body.permissions !== 'string') {
+            throw new InternalFlowiseError(
+                StatusCodes.PRECONDITION_FAILED,
+                `Error: apikeyController.createApiKey - permissions not provided!`
+            )
         }
-        const apiResponse = await apikeyService.createApiKey(req.body.keyName, req.user?.activeWorkspaceId)
+        const user = req.user as LoggedInUser
+        const apiResponse = await apikeyService.createApiKey(user, req.body.keyName, req.body.permissions)
         return res.json(apiResponse)
     } catch (error) {
         next(error)
@@ -43,27 +46,14 @@ const updateApiKey = async (req: Request, res: Response, next: NextFunction) =>
         if (typeof req.body === 'undefined' || !req.body.keyName) {
             throw new InternalFlowiseError(StatusCodes.PRECONDITION_FAILED, `Error: apikeyController.updateApiKey - keyName not provided!`)
         }
-        if (!req.user?.activeWorkspaceId) {
-            throw new InternalFlowiseError(StatusCodes.PRECONDITION_FAILED, `Workspace ID is required`)
-        }
-        const apiResponse = await apikeyService.updateApiKey(req.params.id, req.body.keyName, req.user?.activeWorkspaceId)
-        return res.json(apiResponse)
-    } catch (error) {
-        next(error)
-    }
-}
-
-// Import Keys from JSON file
-const importKeys = async (req: Request, res: Response, next: NextFunction) => {
-    try {
-        if (typeof req.body === 'undefined' || !req.body.jsonFile) {
-            throw new InternalFlowiseError(StatusCodes.PRECONDITION_FAILED, `Error: apikeyController.importKeys - body not provided!`)
-        }
-        if (!req.user?.activeWorkspaceId) {
-            throw new InternalFlowiseError(StatusCodes.PRECONDITION_FAILED, `Workspace ID is required`)
+        if (!req.body.permissions || typeof req.body.permissions !== 'string') {
+            throw new InternalFlowiseError(
+                StatusCodes.PRECONDITION_FAILED,
+                `Error: apikeyController.updateApiKey - permissions not provided!`
+            )
         }
-        req.body.workspaceId = req.user?.activeWorkspaceId
-        const apiResponse = await apikeyService.importKeys(req.body)
+        const user = req.user as LoggedInUser
+        const apiResponse = await apikeyService.updateApiKey(user, req.params.id, req.body.keyName, req.body.permissions)
         return res.json(apiResponse)
     } catch (error) {
         next(error)
@@ -104,6 +94,5 @@ export default {
     deleteApiKey,
     getAllApiKeys,
     updateApiKey,
-    verifyApiKey,
-    importKeys
+    verifyApiKey
 }

packages/server/src/database/entities/ApiKey.ts

@@ -1,8 +1,7 @@
 import { Column, Entity, PrimaryColumn, UpdateDateColumn } from 'typeorm'
-import { IApiKey } from '../../Interface'
 
 @Entity('apikey')
-export class ApiKey implements IApiKey {
+export class ApiKey {
     @PrimaryColumn({ type: 'varchar', length: 20 })
     id: string
 
@@ -15,6 +14,9 @@ export class ApiKey implements IApiKey {
     @Column({ type: 'text' })
     keyName: string
 
+    @Column({ nullable: false, type: 'text', default: '[]' })
+    permissions: string
+
     @Column({ type: 'timestamp' })
     @UpdateDateColumn()
     updatedDate: Date

packages/server/src/database/migrations/mariadb/1765360298674-AddApiKeyPermission.ts

@@ -0,0 +1,45 @@
+import { MigrationInterface, QueryRunner } from 'typeorm'
+import { Role } from '../../../enterprise/database/entities/role.entity'
+import { hasColumn } from '../../../utils/database.util'
+import logger from '../../../utils/logger'
+
+export class AddApiKeyPermission1765360298674 implements MigrationInterface {
+    public async up(queryRunner: QueryRunner): Promise<void> {
+        const tableName = 'apikey'
+        const columnName = 'permissions'
+
+        const columnExists = await hasColumn(queryRunner, tableName, columnName)
+        if (!columnExists) {
+            await queryRunner.query(`ALTER TABLE \`${tableName}\` ADD COLUMN \`${columnName}\` TEXT NOT NULL DEFAULT ('[]');`)
+
+            const permission =
+                '["chatflows:view","chatflows:create","chatflows:update","chatflows:duplicate","chatflows:delete","chatflows:export","chatflows:import","chatflows:config","chatflows:domains","agentflows:view","agentflows:create","agentflows:update","agentflows:duplicate","agentflows:delete","agentflows:export","agentflows:import","agentflows:config","agentflows:domains","tools:view","tools:create","tools:update","tools:delete","tools:export","assistants:view","assistants:create","assistants:update","assistants:delete","credentials:view","credentials:create","credentials:update","credentials:delete","variables:view","variables:create","variables:update","variables:delete","apikeys:view","apikeys:create","apikeys:update","apikeys:delete","documentStores:view","documentStores:create","documentStores:update","documentStores:delete","documentStores:add-loader","documentStores:delete-loader","documentStores:preview-process","documentStores:upsert-config","executions:view","executions:delete","templates:marketplace","templates:custom","templates:custom-delete","templates:toolexport","templates:flowexport"]'
+
+            await queryRunner.query(`UPDATE \`${tableName}\` SET \`${columnName}\` = '${permission}';`)
+        }
+
+        const sso = 'sso:manage'
+        const apikey = 'apikeys:import'
+        const itemsToRemove = [sso, apikey]
+        const roles: Role[] = await queryRunner.query(
+            `SELECT * FROM \`role\` WHERE \`${columnName}\` LIKE '%${sso}%' OR \`${columnName}\` LIKE '%${apikey}%';`
+        )
+        if (roles.length > 0) {
+            for (const role of roles) {
+                let permissions: string[] = []
+                try {
+                    permissions = JSON.parse(role.permissions)
+                } catch (error) {
+                    logger.error(`AddApiKeyPermission1765360298674 error parsing permissions for role ${role.id}:`, error)
+                    continue
+                }
+                permissions = permissions.filter((permission: string) => !itemsToRemove.includes(permission))
+                await queryRunner.query(
+                    `UPDATE \`role\` SET \`${columnName}\` = '${JSON.stringify(permissions)}' WHERE \`id\` = '${role.id}';`
+                )
+            }
+        }
+    }
+
+    public async down(): Promise<void> {}
+}

packages/server/src/database/migrations/mariadb/index.ts

@@ -41,6 +41,7 @@ import { ModifyChatflowType1755066758601 } from './1755066758601-ModifyChatflowT
 import { AddTextToSpeechToChatFlow1759419231100 } from './1759419231100-AddTextToSpeechToChatFlow'
 import { AddChatFlowNameIndex1759424809984 } from './1759424809984-AddChatFlowNameIndex'
 import { FixDocumentStoreFileChunkLongText1765000000000 } from './1765000000000-FixDocumentStoreFileChunkLongText'
+import { AddApiKeyPermission1765360298674 } from './1765360298674-AddApiKeyPermission'
 
 import { AddAuthTables1720230151482 } from '../../../enterprise/database/migrations/mariadb/1720230151482-AddAuthTables'
 import { AddWorkspace1725437498242 } from '../../../enterprise/database/migrations/mariadb/1725437498242-AddWorkspace'
@@ -108,5 +109,6 @@ export const mariadbMigrations = [
     ModifyChatflowType1755066758601,
     AddTextToSpeechToChatFlow1759419231100,
     AddChatFlowNameIndex1759424809984,
-    FixDocumentStoreFileChunkLongText1765000000000
+    FixDocumentStoreFileChunkLongText1765000000000,
+    AddApiKeyPermission1765360298674
 ]

packages/server/src/database/migrations/mysql/1765360298674-AddApiKeyPermission.ts

@@ -0,0 +1,45 @@
+import { MigrationInterface, QueryRunner } from 'typeorm'
+import { Role } from '../../../enterprise/database/entities/role.entity'
+import { hasColumn } from '../../../utils/database.util'
+import logger from '../../../utils/logger'
+
+export class AddApiKeyPermission1765360298674 implements MigrationInterface {
+    public async up(queryRunner: QueryRunner): Promise<void> {
+        const tableName = 'apikey'
+        const columnName = 'permissions'
+
+        const columnExists = await hasColumn(queryRunner, tableName, columnName)
+        if (!columnExists) {
+            await queryRunner.query(`ALTER TABLE \`${tableName}\` ADD COLUMN \`${columnName}\` TEXT NOT NULL DEFAULT ('[]');`)
+
+            const permission =
+                '["chatflows:view","chatflows:create","chatflows:update","chatflows:duplicate","chatflows:delete","chatflows:export","chatflows:import","chatflows:config","chatflows:domains","agentflows:view","agentflows:create","agentflows:update","agentflows:duplicate","agentflows:delete","agentflows:export","agentflows:import","agentflows:config","agentflows:domains","tools:view","tools:create","tools:update","tools:delete","tools:export","assistants:view","assistants:create","assistants:update","assistants:delete","credentials:view","credentials:create","credentials:update","credentials:delete","variables:view","variables:create","variables:update","variables:delete","apikeys:view","apikeys:create","apikeys:update","apikeys:delete","documentStores:view","documentStores:create","documentStores:update","documentStores:delete","documentStores:add-loader","documentStores:delete-loader","documentStores:preview-process","documentStores:upsert-config","executions:view","executions:delete","templates:marketplace","templates:custom","templates:custom-delete","templates:toolexport","templates:flowexport"]'
+
+            await queryRunner.query(`UPDATE \`${tableName}\` SET \`${columnName}\` = '${permission}';`)
+        }
+
+        const sso = 'sso:manage'
+        const apikey = 'apikeys:import'
+        const itemsToRemove = [sso, apikey]
+        const roles: Role[] = await queryRunner.query(
+            `SELECT * FROM \`role\` WHERE \`${columnName}\` LIKE '%${sso}%' OR \`${columnName}\` LIKE '%${apikey}%';`
+        )
+        if (roles.length > 0) {
+            for (const role of roles) {
+                let permissions: string[] = []
+                try {
+                    permissions = JSON.parse(role.permissions)
+                } catch (error) {
+                    logger.error(`AddApiKeyPermission1765360298674 error parsing permissions for role ${role.id}:`, error)
+                    continue
+                }
+                permissions = permissions.filter((permission: string) => !itemsToRemove.includes(permission))
+                await queryRunner.query(
+                    `UPDATE \`role\` SET \`${columnName}\` = '${JSON.stringify(permissions)}' WHERE \`id\` = '${role.id}';`
+                )
+            }
+        }
+    }
+
+    public async down(): Promise<void> {}
+}

packages/server/src/database/migrations/mysql/index.ts

@@ -42,6 +42,7 @@ import { ModifyChatflowType1755066758601 } from './1755066758601-ModifyChatflowT
 import { AddTextToSpeechToChatFlow1759419216034 } from './1759419216034-AddTextToSpeechToChatFlow'
 import { AddChatFlowNameIndex1759424828558 } from './1759424828558-AddChatFlowNameIndex'
 import { FixDocumentStoreFileChunkLongText1765000000000 } from './1765000000000-FixDocumentStoreFileChunkLongText'
+import { AddApiKeyPermission1765360298674 } from './1765360298674-AddApiKeyPermission'
 
 import { AddAuthTables1720230151482 } from '../../../enterprise/database/migrations/mysql/1720230151482-AddAuthTables'
 import { AddWorkspace1720230151484 } from '../../../enterprise/database/migrations/mysql/1720230151484-AddWorkspace'
@@ -110,5 +111,6 @@ export const mysqlMigrations = [
     ModifyChatflowType1755066758601,
     AddTextToSpeechToChatFlow1759419216034,
     AddChatFlowNameIndex1759424828558,
-    FixDocumentStoreFileChunkLongText1765000000000
+    FixDocumentStoreFileChunkLongText1765000000000,
+    AddApiKeyPermission1765360298674
 ]

packages/server/src/database/migrations/postgres/1765360298674-AddApiKeyPermission.ts

@@ -0,0 +1,43 @@
+import { MigrationInterface, QueryRunner } from 'typeorm'
+import { Role } from '../../../enterprise/database/entities/role.entity'
+import { hasColumn } from '../../../utils/database.util'
+import logger from '../../../utils/logger'
+
+export class AddApiKeyPermission1765360298674 implements MigrationInterface {
+    public async up(queryRunner: QueryRunner): Promise<void> {
+        const tableName = 'apikey'
+        const columnName = 'permissions'
+
+        const columnExists = await hasColumn(queryRunner, tableName, columnName)
+        if (!columnExists) {
+            await queryRunner.query(`ALTER TABLE "${tableName}" ADD COLUMN "${columnName}" TEXT NOT NULL DEFAULT '[]';`)
+
+            const permission =
+                '["chatflows:view","chatflows:create","chatflows:update","chatflows:duplicate","chatflows:delete","chatflows:export","chatflows:import","chatflows:config","chatflows:domains","agentflows:view","agentflows:create","agentflows:update","agentflows:duplicate","agentflows:delete","agentflows:export","agentflows:import","agentflows:config","agentflows:domains","tools:view","tools:create","tools:update","tools:delete","tools:export","assistants:view","assistants:create","assistants:update","assistants:delete","credentials:view","credentials:create","credentials:update","credentials:delete","variables:view","variables:create","variables:update","variables:delete","apikeys:view","apikeys:create","apikeys:update","apikeys:delete","documentStores:view","documentStores:create","documentStores:update","documentStores:delete","documentStores:add-loader","documentStores:delete-loader","documentStores:preview-process","documentStores:upsert-config","executions:view","executions:delete","templates:marketplace","templates:custom","templates:custom-delete","templates:toolexport","templates:flowexport"]'
+
+            await queryRunner.query(`UPDATE "${tableName}" SET "${columnName}" = '${permission}';`)
+        }
+
+        const sso = 'sso:manage'
+        const apikey = 'apikeys:import'
+        const itemsToRemove = [sso, apikey]
+        const roles: Role[] = await queryRunner.query(
+            `SELECT * FROM "role" WHERE "${columnName}" LIKE '%${sso}%' OR "${columnName}" LIKE '%${apikey}%';`
+        )
+        if (roles.length > 0) {
+            for (const role of roles) {
+                let permissions: string[] = []
+                try {
+                    permissions = JSON.parse(role.permissions)
+                } catch (error) {
+                    logger.error(`AddApiKeyPermission1765360298674 error parsing permissions for role ${role.id}:`, error)
+                    continue
+                }
+                permissions = permissions.filter((permission: string) => !itemsToRemove.includes(permission))
+                await queryRunner.query(`UPDATE "role" SET "${columnName}" = '${JSON.stringify(permissions)}' WHERE "id" = '${role.id}';`)
+            }
+        }
+    }
+
+    public async down(): Promise<void> {}
+}

packages/server/src/database/migrations/postgres/index.ts

@@ -40,6 +40,7 @@ import { AddTextToSpeechToChatFlow1754986480347 } from './1754986480347-AddTextT
 import { ModifyChatflowType1755066758601 } from './1755066758601-ModifyChatflowType'
 import { AddTextToSpeechToChatFlow1759419194331 } from './1759419194331-AddTextToSpeechToChatFlow'
 import { AddChatFlowNameIndex1759424903973 } from './1759424903973-AddChatFlowNameIndex'
+import { AddApiKeyPermission1765360298674 } from './1765360298674-AddApiKeyPermission'
 
 import { AddAuthTables1720230151482 } from '../../../enterprise/database/migrations/postgres/1720230151482-AddAuthTables'
 import { AddWorkspace1720230151484 } from '../../../enterprise/database/migrations/postgres/1720230151484-AddWorkspace'
@@ -106,5 +107,6 @@ export const postgresMigrations = [
     AddTextToSpeechToChatFlow1754986480347,
     ModifyChatflowType1755066758601,
     AddTextToSpeechToChatFlow1759419194331,
-    AddChatFlowNameIndex1759424903973
+    AddChatFlowNameIndex1759424903973,
+    AddApiKeyPermission1765360298674
 ]