feature(#22): this commit introduces an endpoint to list secrets in a realm, allowing you to retrieve secrets from a specific realm with the appropriate authorization.

https-richardy · https-richardy · commit 659c70ec58c6 · 2026-04-21T20:49:43.000-03:00
diff --git a/Applications/Backend/Source/HttpsRichardy.Federation.WebApi/Controllers/RealmsController.cs b/Applications/Backend/Source/HttpsRichardy.Federation.WebApi/Controllers/RealmsController.cs
@@ -72,6 +72,23 @@ public async Task<IActionResult> DeleteRealmAsync([FromRoute] string id, [FromQu
         };
     }
 
+    [HttpGet("{id}/secrets")]
+    [Authorize(Roles = Permissions.ViewRealms)]
+    [Stability(Stability.Stable)]
+    public async Task<IActionResult> GetRealmSecretsAsync([FromRoute] string id, [FromQuery] FetchRealmSecretsParameters request, CancellationToken cancellation)
+    {
+        var result = await dispatcher.DispatchAsync(request with { RealmId = id }, cancellation);
+
+        return result switch
+        {
+            { IsSuccess: true } when result.Data is not null =>
+                StatusCode(StatusCodes.Status200OK, result.Data),
+
+            { IsFailure: true } when result.Error == RealmErrors.RealmDoesNotExist =>
+                StatusCode(StatusCodes.Status404NotFound, result.Error),
+        };
+    }
+
     [HttpGet("{id}/permissions")]
     [Authorize(Roles = Permissions.ViewPermissions)]
     [Stability(Stability.Stable)]
diff --git a/Applications/Backend/Source/HttpsRichardy.Federation.WebApi/Conventions/RealmsConventions.cs b/Applications/Backend/Source/HttpsRichardy.Federation.WebApi/Conventions/RealmsConventions.cs
@@ -23,6 +23,11 @@ public static void UpdateRealmAsync(string id, RealmUpdateScheme request, Cancel
     [ProducesResponseType(typeof(Error), StatusCodes.Status404NotFound)]
     public static void DeleteRealmAsync(string id, CancellationToken cancellation) { }
 
+    [ApiConventionNameMatch(ApiConventionNameMatchBehavior.Prefix)]
+    [ProducesResponseType(typeof(IReadOnlyCollection<SecretScheme>), StatusCodes.Status200OK)]
+    [ProducesResponseType(typeof(Error), StatusCodes.Status404NotFound)]
+    public static void GetRealmSecretsAsync(string id, FetchRealmSecretsParameters request, CancellationToken cancellation) { }
+
     [ApiConventionNameMatch(ApiConventionNameMatchBehavior.Prefix)]
     [ProducesResponseType(typeof(IReadOnlyCollection<PermissionDetailsScheme>), StatusCodes.Status200OK)]
     [ProducesResponseType(typeof(Error), StatusCodes.Status404NotFound)]
