Malin/paste.es
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4968cb04c31cd24379ee7f13ac8f98b27b6321fa
paste.es/api/routes/api-keys.ts
Malin bc9f96cbd4 feat: rebrand Hemmelig to paste.es for cloudhost.es 
- Set Spanish as default language with ephemeral/encrypted privacy focus
- Translate all user-facing strings and legal pages to Spanish
- Replace Norwegian flag with Spanish flag in footer
- Remove Hemmelig/terces.cloud links, add cloudhost.es sponsorship
- Rewrite PrivacyPage: zero data collection, ephemeral design emphasis
- Rewrite TermsPage: Spanish law, RGPD, paste.es/CloudHost.es references
- Update PWA manifest, HTML meta tags, package.json branding
- Rename webhook headers to X-Paste-Event / X-Paste-Signature
- Update API docs title and contact to paste.es / cloudhost.es

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-24 09:30:19 +01:00

157 lines
4.6 KiB
TypeScript
Raw Blame History

import { zValidator } from '@hono/zod-validator';
import { createHash, randomBytes } from 'crypto';
import { Hono } from 'hono';
import { z } from 'zod';
import { auth } from '../auth';
import prisma from '../lib/db';
import { handleNotFound } from '../lib/utils';
import { sendWebhook } from '../lib/webhook';
import { authMiddleware } from '../middlewares/auth';
const createApiKeySchema = z.object({
name: z.string().min(1).max(100),
expiresInDays: z.number().int().min(1).max(365).optional(),
});
const deleteApiKeySchema = z.object({
id: z.string(),
});
function hashApiKey(key: string): string {
return createHash('sha256').update(key).digest('hex');
}
function generateApiKey(): string {
const prefix = 'hemmelig';
const key = randomBytes(24).toString('base64url');
return `${prefix}_${key}`;
}
const app = new Hono<{
Variables: {
user: typeof auth.$Infer.Session.user | null;
};
}>()
.use(authMiddleware)
.get('/', async (c) => {
const user = c.get('user');
if (!user) {
return c.json({ error: 'Unauthorized' }, 401);
}
try {
const apiKeys = await prisma.apiKey.findMany({
where: { userId: user.id },
select: {
id: true,
name: true,
keyPrefix: true,
lastUsedAt: true,
expiresAt: true,
createdAt: true,
},
orderBy: { createdAt: 'desc' },
});
return c.json(apiKeys);
} catch (error) {
console.error('Failed to list API keys:', error);
return c.json({ error: 'Failed to list API keys' }, 500);
}
})
.post('/', zValidator('json', createApiKeySchema), async (c) => {
const user = c.get('user');
if (!user) {
return c.json({ error: 'Unauthorized' }, 401);
}
const { name, expiresInDays } = c.req.valid('json');
try {
// Check API key limit (max 5 per user)
const existingCount = await prisma.apiKey.count({
where: { userId: user.id },
});
if (existingCount >= 5) {
return c.json({ error: 'Maximum API key limit reached (5)' }, 400);
}
const rawKey = generateApiKey();
const keyHash = hashApiKey(rawKey);
const keyPrefix = rawKey.substring(0, 16);
const expiresAt = expiresInDays
? new Date(Date.now() + expiresInDays * 24 * 60 * 60 * 1000)
: null;
const apiKey = await prisma.apiKey.create({
data: {
name,
keyHash,
keyPrefix,
userId: user.id,
expiresAt,
},
select: {
id: true,
name: true,
keyPrefix: true,
expiresAt: true,
createdAt: true,
},
});
// Send webhook for API key creation
sendWebhook('apikey.created', {
apiKeyId: apiKey.id,
name: apiKey.name,
expiresAt: apiKey.expiresAt?.toISOString() || null,
userId: user.id,
});
// Return the raw key only once - it cannot be retrieved again
return c.json(
{
...apiKey,
key: rawKey,
},
201
);
} catch (error) {
console.error('Failed to create API key:', error);
return c.json({ error: 'Failed to create API key' }, 500);
}
})
.delete('/:id', zValidator('param', deleteApiKeySchema), async (c) => {
const user = c.get('user');
if (!user) {
return c.json({ error: 'Unauthorized' }, 401);
}
const { id } = c.req.valid('param');
try {
// Ensure the API key belongs to the user
const apiKey = await prisma.apiKey.findFirst({
where: { id, userId: user.id },
});
if (!apiKey) {
return c.json({ error: 'API key not found' }, 404);
}
await prisma.apiKey.delete({ where: { id } });
return c.json({ success: true });
} catch (error) {
console.error('Failed to delete API key:', error);
return handleNotFound(error as Error & { code?: string }, c);
}
});
export default app;
// Export helper for middleware
export { hashApiKey };
Reference in New Issue View Git Blame Copy Permalink