feature(#22): this commit introduces an endpoint for rotating realm secrets

https-richardy · https-richardy · commit 821ac9282259 · 2026-04-21T20:57:24.000-03:00
diff --git a/Applications/Backend/Source/HttpsRichardy.Federation.WebApi/Controllers/RealmsController.cs b/Applications/Backend/Source/HttpsRichardy.Federation.WebApi/Controllers/RealmsController.cs
@@ -89,6 +89,24 @@ public async Task<IActionResult> GetRealmSecretsAsync([FromRoute] string id, [Fr
         };
     }
 
+    [HttpPost("{id}/secrets/rotate")]
+    [Authorize(Roles = Permissions.EditRealm)]
+    [Stability(Stability.Stable)]
+    public async Task<IActionResult> RotateRealmSecretsAsync([FromRoute] string id, CancellationToken cancellation)
+    {
+        var request = new RotateRealmSecretsParameters { RealmId = id };
+        var result = await dispatcher.DispatchAsync(request, cancellation);
+
+        return result switch
+        {
+            { IsSuccess: true } =>
+                StatusCode(StatusCodes.Status204NoContent),
+
+            { IsFailure: true } when result.Error == RealmErrors.RealmDoesNotExist =>
+                StatusCode(StatusCodes.Status404NotFound, result.Error),
+        };
+    }
+
     [HttpGet("{id}/permissions")]
     [Authorize(Roles = Permissions.ViewPermissions)]
     [Stability(Stability.Stable)]
diff --git a/Applications/Backend/Source/HttpsRichardy.Federation.WebApi/Conventions/RealmsConventions.cs b/Applications/Backend/Source/HttpsRichardy.Federation.WebApi/Conventions/RealmsConventions.cs
@@ -28,6 +28,11 @@ public static void DeleteRealmAsync(string id, CancellationToken cancellation) {
     [ProducesResponseType(typeof(Error), StatusCodes.Status404NotFound)]
     public static void GetRealmSecretsAsync(string id, FetchRealmSecretsParameters request, CancellationToken cancellation) { }
 
+    [ApiConventionNameMatch(ApiConventionNameMatchBehavior.Prefix)]
+    [ProducesResponseType(StatusCodes.Status204NoContent)]
+    [ProducesResponseType(typeof(Error), StatusCodes.Status404NotFound)]
+    public static void RotateRealmSecretsAsync(string id, CancellationToken cancellation) { }
+
     [ApiConventionNameMatch(ApiConventionNameMatchBehavior.Prefix)]
     [ProducesResponseType(typeof(IReadOnlyCollection<PermissionDetailsScheme>), StatusCodes.Status200OK)]
     [ProducesResponseType(typeof(Error), StatusCodes.Status404NotFound)]
