chore: cleanup

backend/src/server/routes/v3/secret-router.ts

@@ -53,7 +53,6 @@ const SecretNameSchema = BaseSecretNameSchema.refine(
 ).refine((el) => !el.includes(":"), "Secret name cannot contain colon.");
 
 export const registerSecretRouter = async (server: FastifyZodProvider) => {
-  // ! Note(Daniel): (Tags) Does not support secrets v2. Request will fail if user doesn't have read value permission.
   server.route({
     method: "POST",
     url: "/tags/:secretName",
@@ -118,7 +117,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
     }
   });
 
-  // ! Note(Daniel): (Tags) Does not support secrets v2. Request will fail if user doesn't have read value permission.
   server.route({
     method: "DELETE",
     url: "/tags/:secretName",
@@ -180,7 +178,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
     }
   });
 
-  // !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Note(Daniel): (Secrets) Done for v2 secrets AND normal secrets GET /raw
   server.route({
     method: "GET",
     url: "/raw",
@@ -385,7 +382,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
     }
   });
 
-  // !!!!!!!!!!!!!!!!!!!!! Note(Daniel): (Secrets) Done for v2 secrets -- GET /raw/:secretName
   server.route({
     method: "GET",
     url: "/raw/:secretName",
@@ -499,7 +495,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
     }
   });
 
-  // ? Note(Daniel): No modify, if user has Create permissions it will return the value they created for this secret --- POST /raw/:secretName
   server.route({
     method: "POST",
     url: "/raw/:secretName",
@@ -613,9 +608,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
     }
   });
 
-  // ? Note(Daniel): Will NOT throw an error. If the user has access to read value, it will return value.
-  // ? Note(Daniel): If user does NOT have access to read value, it will return <hidden-by-infisical> for the value, but succeed with update.
-  // !!!!! Done for both secret types. For legacy secrets, it will return <hidden-by-infisical> if no read value permission is present.
   server.route({
     method: "PATCH",
     url: "/raw/:secretName",
@@ -667,7 +659,9 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       response: {
         200: z.union([
           z.object({
-            secret: secretRawSchema
+            secret: secretRawSchema.extend({
+              secretValueHidden: z.boolean()
+            })
           }),
           z.object({ approval: SecretApprovalRequestsSchema }).describe("When secret protection policy is enabled")
         ])
@@ -733,9 +727,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
     }
   });
 
-  // ? Note(Daniel): Will NOT throw an error. If the user has access to read value, it will return the deleted value
-  // ? Note(Daniel): If user does NOT have access to read value, it will return <hidden> for the value, but succeed with delete.
-  // !!!!! Done for both secret types. For legacy secrets, it will return <hidden> if no read value permission is present. --- /raw/:secretName
   server.route({
     method: "DELETE",
     url: "/raw/:secretName",
@@ -825,7 +816,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
     }
   });
 
-  // !!!! Done. Will throw without the `readValue` permission, just like before.
   server.route({
     method: "GET",
     url: "/",
@@ -940,7 +930,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
     }
   });
 
-  // !!!! Done. Will throw without the `readValue` permission, just like before.
   server.route({
     method: "GET",
     url: "/:secretName",
@@ -1020,7 +1009,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
     }
   });
 
-  // !!!! Done. Will work exactly like before. It will not attempt to hide the secret value, because the user creating this secret will already know the value upon creation.
   server.route({
     url: "/:secretName",
     method: "POST",
@@ -1192,7 +1180,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
     }
   });
 
-  // !!!! Done. Will work like before, EXCEPT, if the user doesn't have the `readValue` permission, the secret value will be marked as "<hidden-by-infisical>"
   server.route({
     method: "PATCH",
     url: "/:secretName",
@@ -1381,7 +1368,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
     }
   });
 
-  // !!!! Done. Will work like before, EXCEPT, if the user doesn't have the `readValue` permission, the secret value will be marked as "<hidden-by-infisical>"
   server.route({
     method: "DELETE",
     url: "/:secretName",
@@ -1402,13 +1388,12 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       response: {
         200: z.union([
           z.object({
-            secret: SecretsSchema.omit({ secretBlindIndex: true }).merge(
-              z.object({
-                _id: z.string(),
-                workspace: z.string(),
-                environment: z.string()
-              })
-            )
+            secret: SecretsSchema.omit({ secretBlindIndex: true }).extend({
+              _id: z.string(),
+              secretValueHidden: z.boolean(),
+              workspace: z.string(),
+              environment: z.string()
+            })
           }),
           z.object({ approval: SecretApprovalRequestsSchema }).describe("When secret protection policy is enabled")
         ])
@@ -1506,7 +1491,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
     }
   });
 
-  // ? No need for update, as this endpoint does not expose any values.
   server.route({
     method: "POST",
     url: "/move",
@@ -1562,7 +1546,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
     }
   });
 
-  // !!!! Done. This will works exactly like before. It will not attempt to hide the secret value, because the user creating this secret will already know the value(s) upon creation.
   server.route({
     method: "POST",
     url: "/batch",
@@ -1689,7 +1672,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
     }
   });
 
-  // !!!! Done. Works as before, EXCEPT if the user doesn't have the `readValue` permission, the secret value(s) will be marked as "<hidden-by-infisical>"
   server.route({
     method: "PATCH",
     url: "/batch",
@@ -1816,7 +1798,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
     }
   });
 
-  // !!!! Done. Works as before, EXCEPT if the user doesn't have the `readValue` permission, the secret value(s) will be marked as "<hidden-by-infisical>"
   server.route({
     method: "DELETE",
     url: "/batch",
@@ -1935,7 +1916,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
     }
   });
 
-  // ! (Daniel): Done. Will not attempt to hide secret value because this is a create operation.
   server.route({
     method: "POST",
     url: "/batch/raw",
@@ -2042,7 +2022,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
     }
   });
 
-  // ! Done. Works as before, except if the user doesn't have the `readValue` permission, the secret value(s) will be marked as "<hidden-by-infisical>"
   server.route({
     method: "PATCH",
     url: "/batch/raw",
@@ -2195,7 +2174,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
     }
   });
 
-  // ! (Daniel): Done. Works as before, except if the user doesn't have the `readValue` permission, the secret value(s) will be marked as "<hidden-by-infisical>"
   server.route({
     method: "DELETE",
     url: "/batch/raw",
@@ -2292,7 +2270,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
     }
   });
 
-  // ! IMPORTANT: CHANGED BEHAVIOR -> Now this endpoint will throw a descriptive error if the user doesn't have access to the value of the secret itself.
   server.route({
     method: "GET",
     url: "/raw/:secretName/secret-reference-tree",

backend/src/services/secret-v2-bridge/secret-v2-bridge-fns.ts

@@ -103,18 +103,6 @@ export const fnSecretBulkInsert = async ({
     }))
   );
 
-  const secretTags = await secretTagDAL.find({
-    $in: {
-      id: newSecretTags.map((el) => el.secret_tagsId)
-    }
-  });
-
-  const secretTagsWithSlugs = await secretTagDAL.find({
-    $in: {
-      id: secretTags.map((el) => el.id)
-    }
-  });
-
   const secretVersions = await secretVersionDAL.insertMany(
     sanitizedInputSecrets.map((el) => ({
       ...el,