feat(api): admin user configuration (#2813)

Signed-off-by: MDzaja <[email protected]>

Author: MDzaja

apps/api/.env

@@ -96,3 +96,14 @@ DEFAULT_RUNNER_CLASS=small
 
 API_KEY_VALIDATION_CACHE_TTL_SECONDS=10
 API_KEY_USER_CACHE_TTL_SECONDS=60
+
+ADMIN_API_KEY=
+ADMIN_TOTAL_CPU_QUOTA=0
+ADMIN_TOTAL_MEMORY_QUOTA=0
+ADMIN_TOTAL_DISK_QUOTA=0
+ADMIN_MAX_CPU_PER_SANDBOX=0
+ADMIN_MAX_MEMORY_PER_SANDBOX=0
+ADMIN_MAX_DISK_PER_SANDBOX=0
+ADMIN_SNAPSHOT_QUOTA=100
+ADMIN_MAX_SNAPSHOT_SIZE=100
+ADMIN_VOLUME_QUOTA=0

apps/api/src/api-key/api-key.service.ts

@@ -49,13 +49,14 @@ export class ApiKeyService {
     name: string,
     permissions: OrganizationResourcePermission[],
     expiresAt?: Date,
+    apiKeyValue?: string,
   ): Promise<{ apiKey: ApiKey; value: string }> {
     const existingKey = await this.apiKeyRepository.findOne({ where: { organizationId, userId, name } })
     if (existingKey) {
       throw new ConflictException('API key with this name already exists')
     }
 
-    const value = this.generateApiKeyValue()
+    const value = apiKeyValue ?? this.generateApiKeyValue()
 
     const apiKey = await this.apiKeyRepository.save({
       organizationId,

apps/api/src/app.service.ts

@@ -66,20 +66,27 @@ export class AppService implements OnApplicationBootstrap, OnApplicationShutdown
       id: DAYTONA_ADMIN_USER_ID,
       name: 'Daytona Admin',
       personalOrganizationQuota: {
-        totalCpuQuota: 0,
-        totalMemoryQuota: 0,
-        totalDiskQuota: 0,
-        maxCpuPerSandbox: 0,
-        maxMemoryPerSandbox: 0,
-        maxDiskPerSandbox: 0,
-        snapshotQuota: 100,
-        maxSnapshotSize: 100,
-        volumeQuota: 0,
+        totalCpuQuota: this.configService.getOrThrow('admin.totalCpuQuota'),
+        totalMemoryQuota: this.configService.getOrThrow('admin.totalMemoryQuota'),
+        totalDiskQuota: this.configService.getOrThrow('admin.totalDiskQuota'),
+        maxCpuPerSandbox: this.configService.getOrThrow('admin.maxCpuPerSandbox'),
+        maxMemoryPerSandbox: this.configService.getOrThrow('admin.maxMemoryPerSandbox'),
+        maxDiskPerSandbox: this.configService.getOrThrow('admin.maxDiskPerSandbox'),
+        snapshotQuota: this.configService.getOrThrow('admin.snapshotQuota'),
+        maxSnapshotSize: this.configService.getOrThrow('admin.maxSnapshotSize'),
+        volumeQuota: this.configService.getOrThrow('admin.volumeQuota'),
       },
       role: SystemRole.ADMIN,
     })
     const personalOrg = await this.organizationService.findPersonal(user.id)
-    const { value } = await this.apiKeyService.createApiKey(personalOrg.id, user.id, DAYTONA_ADMIN_USER_ID, [])
+    const { value } = await this.apiKeyService.createApiKey(
+      personalOrg.id,
+      user.id,
+      DAYTONA_ADMIN_USER_ID,
+      [],
+      undefined,
+      this.configService.getOrThrow('admin.apiKey'),
+    )
     this.logger.log(
       `
 =========================================

apps/api/src/config/configuration.ts

@@ -203,6 +203,18 @@ const configuration = {
     volumeQuota: parseInt(process.env.DEFAULT_ORG_QUOTA_VOLUME_QUOTA || '100', 10),
   },
   defaultRegion: process.env.DEFAULT_REGION || 'us',
+  admin: {
+    apiKey: process.env.ADMIN_API_KEY,
+    totalCpuQuota: parseInt(process.env.ADMIN_TOTAL_CPU_QUOTA || '0', 10),
+    totalMemoryQuota: parseInt(process.env.ADMIN_TOTAL_MEMORY_QUOTA || '0', 10),
+    totalDiskQuota: parseInt(process.env.ADMIN_TOTAL_DISK_QUOTA || '0', 10),
+    maxCpuPerSandbox: parseInt(process.env.ADMIN_MAX_CPU_PER_SANDBOX || '0', 10),
+    maxMemoryPerSandbox: parseInt(process.env.ADMIN_MAX_MEMORY_PER_SANDBOX || '0', 10),
+    maxDiskPerSandbox: parseInt(process.env.ADMIN_MAX_DISK_PER_SANDBOX || '0', 10),
+    snapshotQuota: parseInt(process.env.ADMIN_SNAPSHOT_QUOTA || '100', 10),
+    maxSnapshotSize: parseInt(process.env.ADMIN_MAX_SNAPSHOT_SIZE || '100', 10),
+    volumeQuota: parseInt(process.env.ADMIN_VOLUME_QUOTA || '0', 10),
+  },
 }
 
 export { configuration }

apps/api/src/organization/services/organization.service.ts

@@ -48,6 +48,7 @@ export class OrganizationService implements OnModuleInit, TrackableJobExecutions
   activeJobs = new Set<string>()
   private readonly logger = new Logger(OrganizationService.name)
   private defaultOrganizationQuota: CreateOrganizationQuotaDto
+  private defaultSandboxLimitedNetworkEgress: boolean
 
   constructor(
     @InjectRepository(Organization)
@@ -61,6 +62,9 @@ export class OrganizationService implements OnModuleInit, TrackableJobExecutions
     private readonly redisLockProvider: RedisLockProvider,
   ) {
     this.defaultOrganizationQuota = this.configService.getOrThrow('defaultOrganizationQuota')
+    this.defaultSandboxLimitedNetworkEgress = this.configService.getOrThrow(
+      'organizationSandboxDefaultLimitedNetworkEgress',
+    )
   }
 
   async onApplicationShutdown() {
@@ -210,6 +214,7 @@ export class OrganizationService implements OnModuleInit, TrackableJobExecutions
     creatorEmailVerified: boolean,
     personal = false,
     quota: CreateOrganizationQuotaDto = this.defaultOrganizationQuota,
+    sandboxLimitedNetworkEgress: boolean = this.defaultSandboxLimitedNetworkEgress,
   ): Promise<Organization> {
     if (personal) {
       const count = await entityManager.count(Organization, {
@@ -256,7 +261,7 @@ export class OrganizationService implements OnModuleInit, TrackableJobExecutions
       organization.suspensionReason = 'Payment method required'
     }
 
-    organization.sandboxLimitedNetworkEgress = this.configService.get('organizationSandboxDefaultLimitedNetworkEgress')
+    organization.sandboxLimitedNetworkEgress = sandboxLimitedNetworkEgress
 
     const owner = new OrganizationUser()
     owner.userId = createdBy
@@ -432,6 +437,7 @@ export class OrganizationService implements OnModuleInit, TrackableJobExecutions
       payload.user.role === SystemRole.ADMIN ? true : payload.user.emailVerified,
       true,
       payload.personalOrganizationQuota,
+      payload.user.role === SystemRole.ADMIN ? false : undefined,
     )
   }