feat: added API key expiration BED-7450

[Holocraft]

Description

This changeset adds an API key expiration feature where admin users can set a specific amount of days for an API token to expire. An admin can set a number of days from 1 - 365 for the token to expire.

Motivation and Context

Resolves BED-7450

How Has This Been Tested?

Unit tests were added as well as manual testing

Screenshots (optional):

Types of changes

• New feature (non-breaking change which adds functionality)

Checklist:

• I have met the contributing prerequisites
  • Assigned myself to this PR
  • Added the appropriate labels
  • Associated an issue: Issues and Pull Requests README #672
  • Read the Contributing guide: https://github.com/SpecterOps/BloodHound/wiki/Contributing
• I have ensured that related documentation is up-to-date
  • Open API docs
  • Code comments (GoDocs / JSDocs)
• I have followed proper test practices
  • Added/updated tests to cover my changes
  • All new and existing tests passed

Summary by CodeRabbit

• New Features
  • API token expiration configuration: Administrators can now enable or disable API token expiration and configure the number of days before tokens automatically expire. This provides better control over token lifecycle management and helps enforce consistent organization-wide security policies. Default expiration is set to 90 days.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR introduces support for API token expiration configuration across the client library and UI layer. It adds a new configuration type with a corresponding parser function and a React hook to consume this configuration in the UI.

Changes

Cohort / File(s)	Summary
Client Library Configuration packages/javascript/js-client-library/src/utils/config.ts	Adds APITokenExpiration configuration key to the ConfigurationKey enum, introduces APITokenExpirationConfiguration type with enabled and days fields, extends ConfigurationPayload union, and provides parseAPITokenExpirationConfiguration parser function.
UI Configuration Hook packages/javascript/bh-shared-ui/src/hooks/useConfiguration.ts	Adds useAPITokenExpirationConfiguration hook that retrieves and parses API token expiration configuration, returning an object with enabled (default: false) and days (default: '90') properties.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check	✅ Passed	The pull request description follows the required template structure with all major sections completed including description, motivation/context with ticket reference, testing approach, change type, and checklist items marked as complete.
Title check	✅ Passed	The title 'feat: added API key expiration BED-7450' clearly summarizes the main change—addition of API key expiration functionality—and directly relates to the changeset which adds configuration support and hooks for API token expiration.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch BED-7450

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@packages/javascript/bh-shared-ui/src/hooks/useConfiguration.ts`:
- Around line 57-65: The hook useAPITokenExpirationConfiguration is collapsing
the "still loading" state into the default {enabled: false, days: '90'}, which
makes loading indistinguishable from an actual server value; change it to
preserve loading explicitly (or return undefined for fields while loading) by
checking the query status from useGetConfiguration() before applying defaults
from parseAPITokenExpirationConfiguration(data) — for example, return a
structure that includes a loading flag (or leaves days undefined) when the query
is not settled, and only apply the fallback defaults ('90' and false) when the
configuration is loaded or known-missing; update callers to handle the explicit
loading/undefined state.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: 77f2cb29-4943-4d19-ba62-ce86fbd26c67

📥 Commits

Reviewing files that changed from the base of the PR and between 65f7177 and 9978470.

📒 Files selected for processing (2)

• packages/javascript/bh-shared-ui/src/hooks/useConfiguration.ts
• packages/javascript/js-client-library/src/utils/config.ts

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Don't collapse loading state into { enabled: false, days: '90' }.

This makes “query still loading” look identical to a real config value. Any form that snapshots this hook into local state on first render can save 90 over an existing server value before the fetch resolves. Keep the fallback for the “loaded but missing” case only, or surface loading explicitly.

💡 Suggested fix

 export const useAPITokenExpirationConfiguration = () => {
-    const { data } = useGetConfiguration();
+    const { data, isLoading } = useGetConfiguration();
     const apiTokenExpirationConfig = parseAPITokenExpirationConfiguration(data)?.value;
+
+    if (isLoading) return undefined;
 
     return {
         enabled: apiTokenExpirationConfig?.enabled ?? false,
         days: apiTokenExpirationConfig?.days ?? '90',
     };
 };

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/javascript/bh-shared-ui/src/hooks/useConfiguration.ts` around lines
57 - 65, The hook useAPITokenExpirationConfiguration is collapsing the "still
loading" state into the default {enabled: false, days: '90'}, which makes
loading indistinguishable from an actual server value; change it to preserve
loading explicitly (or return undefined for fields while loading) by checking
the query status from useGetConfiguration() before applying defaults from
parseAPITokenExpirationConfiguration(data) — for example, return a structure
that includes a loading flag (or leaves days undefined) when the query is not
settled, and only apply the fallback defaults ('90' and false) when the
configuration is loaded or known-missing; update callers to handle the explicit
loading/undefined state.