New API + API Token Updates

2026-01-16 13:20:11 -07:00
parent 756ab2a38f
commit 4412229990
26 changed files with 1661 additions and 1012 deletions
--- a/src/pages/api/user/tokens/[id].ts
+++ b/src/pages/api/user/tokens/[id].ts
@@ -0,0 +1,40 @@
+import type { APIRoute } from "astro";
+import { db } from "../../../../db";
+import { apiTokens } from "../../../../db/schema";
+import { eq, and } from "drizzle-orm";
+
+export const DELETE: APIRoute = async ({ params, locals }) => {
+  const user = locals.user;
+  if (!user) {
+    return new Response(JSON.stringify({ error: "Unauthorized" }), {
+      status: 401,
+      headers: { "Content-Type": "application/json" },
+    });
+  }
+
+  const { id } = params;
+
+  if (!id) {
+    return new Response(JSON.stringify({ error: "Token ID is required" }), {
+      status: 400,
+      headers: { "Content-Type": "application/json" },
+    });
+  }
+
+  const result = await db
+    .delete(apiTokens)
+    .where(and(eq(apiTokens.id, id), eq(apiTokens.userId, user.id)))
+    .returning();
+
+  if (result.length === 0) {
+    return new Response(JSON.stringify({ error: "Token not found" }), {
+      status: 404,
+      headers: { "Content-Type": "application/json" },
+    });
+  }
+
+  return new Response(JSON.stringify({ success: true }), {
+    status: 200,
+    headers: { "Content-Type": "application/json" },
+  });
+};
--- a/src/pages/api/user/tokens/index.ts
+++ b/src/pages/api/user/tokens/index.ts
@@ -0,0 +1,49 @@
+import type { APIRoute } from "astro";
+import { db } from "../../../../db";
+import { apiTokens } from "../../../../db/schema";
+import { generateApiToken, hashToken } from "../../../../lib/api-auth";
+
+export const POST: APIRoute = async ({ request, locals }) => {
+  const user = locals.user;
+  if (!user) {
+    return new Response(JSON.stringify({ error: "Unauthorized" }), {
+      status: 401,
+      headers: { "Content-Type": "application/json" },
+    });
+  }
+
+  const formData = await request.formData();
+  const name = formData.get("name")?.toString();
+
+  if (!name) {
+    return new Response(JSON.stringify({ error: "Name is required" }), {
+      status: 400,
+      headers: { "Content-Type": "application/json" },
+    });
+  }
+
+  const rawToken = generateApiToken();
+  const hashedToken = hashToken(rawToken);
+
+  const [newToken] = await db
+    .insert(apiTokens)
+    .values({
+      userId: user.id,
+      name,
+      token: hashedToken,
+    })
+    .returning();
+
+  return new Response(
+    JSON.stringify({
+      ...newToken,
+      token: rawToken,
+    }),
+    {
+      status: 201,
+      headers: {
+        "Content-Type": "application/json",
+      },
+    },
+  );
+};