|
| 1 | +package vercel |
| 2 | + |
| 3 | +import ( |
| 4 | + "net/http" |
| 5 | + |
| 6 | + corehttp "github.com/vercel-labs/emulate/internal/core/http" |
| 7 | + corestore "github.com/vercel-labs/emulate/internal/core/store" |
| 8 | +) |
| 9 | + |
| 10 | +func (s *Service) registerAPIKeyRoutes(router *corehttp.Router) { |
| 11 | + router.Post("/v1/api-keys", func(c *corehttp.Context) { |
| 12 | + user, ok := s.currentUser(c) |
| 13 | + if !ok { |
| 14 | + return |
| 15 | + } |
| 16 | + body, err := parseJSONBody(c.Request) |
| 17 | + if err != nil { |
| 18 | + writeVercelError(c, http.StatusBadRequest, "bad_request", "Invalid JSON body") |
| 19 | + return |
| 20 | + } |
| 21 | + name := stringValue(body["name"]) |
| 22 | + if name == "" { |
| 23 | + name = "API Key" |
| 24 | + } |
| 25 | + teamID := c.Query("teamId") |
| 26 | + var teamValue any |
| 27 | + if teamID != "" { |
| 28 | + teamValue = teamID |
| 29 | + } |
| 30 | + tokenString := "vercel_api_" + generateSecret() |
| 31 | + uid := generateUID("ak") |
| 32 | + s.store.APIKeys.Insert(corestore.Record{ |
| 33 | + "uid": uid, |
| 34 | + "name": name, |
| 35 | + "teamId": teamValue, |
| 36 | + "userId": stringField(user, "uid"), |
| 37 | + "tokenString": tokenString, |
| 38 | + }) |
| 39 | + c.JSON(http.StatusOK, map[string]any{ |
| 40 | + "apiKeyString": tokenString, |
| 41 | + "apiKey": map[string]any{ |
| 42 | + "id": uid, |
| 43 | + "name": name, |
| 44 | + "teamId": teamValue, |
| 45 | + "createdAt": nowMillis(), |
| 46 | + }, |
| 47 | + }) |
| 48 | + }) |
| 49 | + |
| 50 | + router.Get("/v1/api-keys", func(c *corehttp.Context) { |
| 51 | + user, ok := s.currentUser(c) |
| 52 | + if !ok { |
| 53 | + return |
| 54 | + } |
| 55 | + teamID := c.Query("teamId") |
| 56 | + keys := make([]map[string]any, 0) |
| 57 | + for _, key := range s.store.APIKeys.FindBy("userId", stringField(user, "uid")) { |
| 58 | + if teamID != "" && stringField(key, "teamId") != teamID { |
| 59 | + continue |
| 60 | + } |
| 61 | + keys = append(keys, map[string]any{ |
| 62 | + "id": stringField(key, "uid"), |
| 63 | + "name": stringField(key, "name"), |
| 64 | + "teamId": key["teamId"], |
| 65 | + "createdAt": timeMillisField(key, "created_at"), |
| 66 | + }) |
| 67 | + } |
| 68 | + c.JSON(http.StatusOK, map[string]any{"keys": keys}) |
| 69 | + }) |
| 70 | + |
| 71 | + router.Delete("/v1/api-keys/:keyId", func(c *corehttp.Context) { |
| 72 | + user, ok := s.currentUser(c) |
| 73 | + if !ok { |
| 74 | + return |
| 75 | + } |
| 76 | + key := firstRecord(s.store.APIKeys.FindBy("uid", c.Param("keyId"))) |
| 77 | + if key == nil { |
| 78 | + writeVercelError(c, http.StatusNotFound, "not_found", "API key not found") |
| 79 | + return |
| 80 | + } |
| 81 | + if stringField(key, "userId") != stringField(user, "uid") { |
| 82 | + writeVercelError(c, http.StatusForbidden, "forbidden", "Not authorized to delete this API key") |
| 83 | + return |
| 84 | + } |
| 85 | + s.store.APIKeys.Delete(intField(key, "id")) |
| 86 | + c.JSON(http.StatusOK, map[string]any{}) |
| 87 | + }) |
| 88 | +} |
0 commit comments