Add Personal Access Tokens (API Keys) for External Tool Authentication

[thejudge22]

Summary

This PR implements Personal Access Tokens (PATs) that allow users to authenticate with the nano-chat API using Bearer tokens from external tools like curl, scripts, or integrations.

Features

• Developer Settings Page (/account/developer) - New UI for generating and managing API keys
• Bearer Token Authentication - Use Authorization: Bearer nc_... header with the generate-message endpoint
• Secure Key Handling - Keys are only shown once at creation; stored securely in database
• Usage Tracking - lastUsedAt timestamp updates on each API call

Changes

New Files

• drizzle/0022_add_api_keys.sql - Database migration
• src/routes/api/api-keys/+server.ts - API key CRUD endpoints (GET/POST/DELETE)
• src/routes/account/developer/+page.server.ts - Server load function
• src/routes/account/developer/+page.svelte - Developer settings UI
• scripts/test-api-key.sh - Verification script

Modified Files

• src/lib/db/schema.ts - Added apiKeys table, relations, and type exports
• src/routes/api/generate-message/+server.ts - Added Bearer token authentication support
• src/routes/account/+layout.svelte - Added "Developer" navigation item

API Usage

curl -X POST https://your-domain.com/api/generate-message \
  -H "Authorization: Bearer nc_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"message": "Hello!", "model_id": "gpt-4o"}'

Testing

1. Navigate to /account/developer
2. Create a new API key with a descriptive name
3. Copy the key (only shown once)
4. Run: ./scripts/test-api-key.sh nc_your_key_here

Key Design Decisions

• Key Format: nc_<uuid> prefix for easy identification
• Triple-path Auth: Supports Bearer token → session_token → cookie (in priority order)
• Separate from BYOK: This is distinct from the existing "API Keys" page which is for provider keys