Add API key authentication for programmatic access
- New ApiKey model in Prisma schema (tenant + user scoped) - Keys are SHA-256 hashed, only shown once on creation - Bearer token auth in hooks.server.ts (alongside session cookies) - CRUD endpoint at /api/account/api-keys (max 10 per user) - Keys prefixed with pnc_ for easy identification Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -27,6 +27,7 @@ model Tenant {
|
||||
theme TenantTheme?
|
||||
invites TenantInvite[]
|
||||
webhooks Webhook[]
|
||||
apiKeys ApiKey[]
|
||||
|
||||
@@map("tenants")
|
||||
}
|
||||
@@ -75,6 +76,7 @@ model User {
|
||||
activities Activity[]
|
||||
notifications Notification[]
|
||||
cardWatchers CardWatcher[]
|
||||
apiKeys ApiKey[]
|
||||
|
||||
@@unique([tenantId, email])
|
||||
@@map("users")
|
||||
@@ -476,6 +478,24 @@ model CardDependency {
|
||||
@@map("card_dependencies")
|
||||
}
|
||||
|
||||
// ─── API Keys ────────────────────────────────────────────────
|
||||
|
||||
model ApiKey {
|
||||
id String @id @default(uuid()) @db.Uuid
|
||||
tenantId String @map("tenant_id") @db.Uuid
|
||||
userId String @map("user_id") @db.Uuid
|
||||
name String
|
||||
keyHash String @unique @map("key_hash")
|
||||
keyPrefix String @map("key_prefix") // first 8 chars for display
|
||||
lastUsedAt DateTime? @map("last_used_at")
|
||||
createdAt DateTime @default(now()) @map("created_at")
|
||||
|
||||
tenant Tenant @relation(fields: [tenantId], references: [id], onDelete: Cascade)
|
||||
user User @relation(fields: [userId], references: [id], onDelete: Cascade)
|
||||
|
||||
@@map("api_keys")
|
||||
}
|
||||
|
||||
// ─── Tenant Branding & Theming ───────────────────────────────
|
||||
|
||||
model TenantTheme {
|
||||
|
||||
Reference in New Issue
Block a user