TreasureTrails/backend/dist/routes/apikeys.js

"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
const express_1 = require("express");
const index_1 = require("../index");
const auth_1 = require("../middleware/auth");
const crypto_1 = __importDefault(require("crypto"));
const router = (0, express_1.Router)();
router.use(auth_1.authenticate);
router.get('/me/api-keys', async (req, res) => {
    try {
        if (!req.user?.isApiEnabled) {
            return res.status(403).json({ error: 'API access is not enabled for your account' });
        }
        const apiKeys = await index_1.prisma.apiKey.findMany({
            where: { userId: req.user.id },
            select: {
                id: true,
                name: true,
                expiresAt: true,
                lastUsed: true,
                createdAt: true
            }
        });
        res.json(apiKeys);
    }
    catch (error) {
        console.error('Get API keys error:', error);
        res.status(500).json({ error: 'Failed to get API keys' });
    }
});
router.post('/me/api-keys', async (req, res) => {
    try {
        if (!req.user?.isApiEnabled) {
            return res.status(403).json({ error: 'API access is not enabled for your account' });
        }
        const { name, expiresInDays } = req.body;
        if (!name) {
            return res.status(400).json({ error: 'Key name is required' });
        }
        const key = crypto_1.default.randomBytes(32).toString('hex');
        const keyHash = crypto_1.default.createHash('sha256').update(key).digest('hex');
        const expiresAt = expiresInDays
            ? new Date(Date.now() + expiresInDays * 24 * 60 * 60 * 1000)
            : null;
        const apiKey = await index_1.prisma.apiKey.create({
            data: {
                key: keyHash,
                name,
                userId: req.user.id,
                expiresAt
            }
        });
        res.json({
            id: apiKey.id,
            name: apiKey.name,
            key,
            expiresAt: apiKey.expiresAt,
            createdAt: apiKey.createdAt
        });
    }
    catch (error) {
        console.error('Create API key error:', error);
        res.status(500).json({ error: 'Failed to create API key' });
    }
});
router.delete('/me/api-keys/:id', async (req, res) => {
    try {
        if (!req.user?.isApiEnabled) {
            return res.status(403).json({ error: 'API access is not enabled for your account' });
        }
        const { id } = req.params;
        await index_1.prisma.apiKey.delete({
            where: { id, userId: req.user.id }
        });
        res.json({ message: 'API key revoked' });
    }
    catch (error) {
        console.error('Delete API key error:', error);
        res.status(500).json({ error: 'Failed to delete API key' });
    }
});
exports.default = router;