import { NextResponse } from "next/server"; import { randomBytes, createHash } from "crypto"; import { auth } from "@/auth"; import { prisma } from "@/lib/prisma"; export async function GET() { try { const session = await auth(); if (!session?.user?.id) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const keys = await prisma.apiKey.findMany({ where: { userId: session.user.id, revoked: false }, select: { id: true, name: true, keyPrefix: true, createdAt: true, lastUsedAt: true, }, orderBy: { createdAt: "desc" }, }); return NextResponse.json(keys, { status: 200 }); } catch (error) { console.error("Error listing API keys:", error); return NextResponse.json( { error: "Internal server error" }, { status: 500 } ); } } export async function POST(request: Request) { try { const session = await auth(); if (!session?.user?.id) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const MAX_KEYS_PER_USER = 10; const keyCount = await prisma.apiKey.count({ where: { userId: session.user.id, revoked: false }, }); if (keyCount >= MAX_KEYS_PER_USER) { return NextResponse.json( { error: `Maximum of ${MAX_KEYS_PER_USER} API keys allowed. Revoke an existing key first.` }, { status: 400 } ); } const body = await request.json().catch(() => ({})); const name = typeof body.name === "string" && body.name.trim() ? body.name.trim() : "Default"; const rawHex = randomBytes(24).toString("hex"); const fullKey = `al_${rawHex}`; const keyPrefix = fullKey.slice(0, 10); const keyHash = createHash("sha256").update(fullKey).digest("hex"); const apiKey = await prisma.apiKey.create({ data: { userId: session.user.id, name, keyHash, keyPrefix, }, select: { id: true, name: true, keyPrefix: true, createdAt: true, }, }); return NextResponse.json( { ...apiKey, key: fullKey }, { status: 201 } ); } catch (error) { console.error("Error creating API key:", error); return NextResponse.json( { error: "Internal server error" }, { status: 500 } ); } }