Private
Public Access
1
0

Add API key authentication for programmatic access

- New ApiKey model in Prisma schema (tenant + user scoped)
- Keys are SHA-256 hashed, only shown once on creation
- Bearer token auth in hooks.server.ts (alongside session cookies)
- CRUD endpoint at /api/account/api-keys (max 10 per user)
- Keys prefixed with pnc_ for easy identification

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Catherine Renelle
2026-03-08 11:34:56 -04:00
parent 44e5af6c2b
commit d8b3935fc5
4 changed files with 178 additions and 6 deletions
+20
View File
@@ -27,6 +27,7 @@ model Tenant {
theme TenantTheme?
invites TenantInvite[]
webhooks Webhook[]
apiKeys ApiKey[]
@@map("tenants")
}
@@ -75,6 +76,7 @@ model User {
activities Activity[]
notifications Notification[]
cardWatchers CardWatcher[]
apiKeys ApiKey[]
@@unique([tenantId, email])
@@map("users")
@@ -476,6 +478,24 @@ model CardDependency {
@@map("card_dependencies")
}
// ─── API Keys ────────────────────────────────────────────────
model ApiKey {
id String @id @default(uuid()) @db.Uuid
tenantId String @map("tenant_id") @db.Uuid
userId String @map("user_id") @db.Uuid
name String
keyHash String @unique @map("key_hash")
keyPrefix String @map("key_prefix") // first 8 chars for display
lastUsedAt DateTime? @map("last_used_at")
createdAt DateTime @default(now()) @map("created_at")
tenant Tenant @relation(fields: [tenantId], references: [id], onDelete: Cascade)
user User @relation(fields: [userId], references: [id], onDelete: Cascade)
@@map("api_keys")
}
// ─── Tenant Branding & Theming ───────────────────────────────
model TenantTheme {