artifacts/api-server/src/routes/apiKeys.ts

import { Router } from "express";
import { createHash, randomBytes } from "crypto";
import { requireJwtAuth } from "./auth";
import { db, apiKeysTable } from "@workspace/db";
import { eq, and } from "drizzle-orm";

const router = Router();

router.get("/", requireJwtAuth, async (req: any, res) => {
  const keys = await db
    .select({
      id: apiKeysTable.id,
      name: apiKeysTable.name,
      keyPrefix: apiKeysTable.keyPrefix,
      createdAt: apiKeysTable.createdAt,
      lastUsedAt: apiKeysTable.lastUsedAt,
    })
    .from(apiKeysTable)
    .where(eq(apiKeysTable.userId, String(req.jwtUserId)));

  res.json({ keys });
});

router.post("/", requireJwtAuth, async (req: any, res) => {
  const name = (req.body?.name as string)?.trim() || "Default Key";
  const rawKey = `sk-sf-${randomBytes(24).toString("hex")}`;
  const keyHash = createHash("sha256").update(rawKey).digest("hex");
  const keyPrefix = rawKey.slice(0, 12) + "...";

  const [inserted] = await db
    .insert(apiKeysTable)
    .values({ userId: String(req.jwtUserId), keyHash, keyPrefix, name })
    .returning({
      id: apiKeysTable.id,
      name: apiKeysTable.name,
      keyPrefix: apiKeysTable.keyPrefix,
      createdAt: apiKeysTable.createdAt,
    });

  res.json({ key: rawKey, ...inserted });
});

router.delete("/:id", requireJwtAuth, async (req: any, res) => {
  const id = Number(req.params.id);
  if (isNaN(id)) return res.status(400).json({ error: "Invalid ID" });

  const deleted = await db
    .delete(apiKeysTable)
    .where(and(eq(apiKeysTable.id, id), eq(apiKeysTable.userId, String(req.jwtUserId))))
    .returning();

  if (!deleted.length) return res.status(404).json({ error: "Not found" });
  res.json({ success: true });
});

export default router;