bdea490c21
- Migration 082: api_keys table (user_id, name, prefix, hashed_key, scopes, last_used_at, expires_at) - APIKey model, APIKeyService (Create, List, Delete, ValidateAPIKey) - APIKeyHandler: GET/POST/DELETE /api/v1/developer/api-keys - AuthMiddleware: X-API-Key and Bearer vza_* accepted as alternative to JWT - CSRF: skip for API key auth (stateless) - Key format: vza_ prefix, SHA-256 hashed storage
27 lines
797 B
Go
27 lines
797 B
Go
package api
|
|
|
|
import (
|
|
"github.com/gin-gonic/gin"
|
|
|
|
"veza-backend-api/internal/handlers"
|
|
"veza-backend-api/internal/services"
|
|
)
|
|
|
|
// setupDeveloperRoutes configures developer portal routes (API keys)
|
|
func (r *APIRouter) setupDeveloperRoutes(router *gin.RouterGroup) {
|
|
if r.config == nil || r.config.AuthMiddleware == nil {
|
|
return
|
|
}
|
|
apiKeyService := services.NewAPIKeyService(r.db.GormDB, r.logger)
|
|
apiKeyHandler := handlers.NewAPIKeyHandler(apiKeyService, r.logger)
|
|
|
|
developer := router.Group("/developer")
|
|
developer.Use(r.config.AuthMiddleware.RequireAuth())
|
|
r.applyCSRFProtection(developer)
|
|
{
|
|
apiKeys := developer.Group("/api-keys")
|
|
apiKeys.GET("", apiKeyHandler.ListAPIKeys)
|
|
apiKeys.POST("", apiKeyHandler.CreateAPIKey)
|
|
apiKeys.DELETE("/:id", apiKeyHandler.DeleteAPIKey)
|
|
}
|
|
}
|