API key management (#247)

tomchop · web-flow · commit e57684c8511a · 2025-02-12T10:29:35.000-05:00
diff --git a/src/components/ApiKeyManagement.vue b/src/components/ApiKeyManagement.vue
@@ -0,0 +1,188 @@
+<template>
+  <v-card>
+    <v-card-title>API Keys</v-card-title>
+    <v-card-text>
+      <v-data-table :items="Object.values(apiKeys)" :headers="apiKeyHeaders">
+        <template v-slot:item.created="{ item }">
+          {{ moment(item.created).format("YYYY-MM-DD HH:mm:ss ZZ") }}
+        </template>
+        <template v-slot:item.scopes="{ item }">
+          <v-chip v-for="scope in item.scopes" density="compact" color="green">{{ scope }}</v-chip>
+        </template>
+        <template v-slot:item.last_used="{ item }">
+          <span v-if="item.last_used">
+            {{ moment(item.last_used).format("YYYY-MM-DD HH:mm:ss ZZ") }}
+          </span>
+          <span v-else>Never</span>
+        </template>
+
+        <template v-slot:item.actions="{ item }">
+          <v-dialog max-width="420px">
+            <template v-slot:activator="{ props }">
+              <v-btn v-bind="props" class="ms-2" size="small" variant="outlined" color="error"
+                ><v-icon>mdi-delete</v-icon></v-btn
+              >
+            </template>
+            <template v-slot:default="{ isActive }">
+              <v-card>
+                <v-card-title class="text-h6">Delete API key !'{{ item.name }}'?</v-card-title>
+                <v-card-text>This action is irreversible</v-card-text>
+                <v-card-actions>
+                  <v-spacer></v-spacer>
+                  <v-btn color="light" variant="text" @click="isActive.value = false">Cancel</v-btn>
+                  <v-btn color="error" variant="flat" @click="deleteApiKey(item)">Delete</v-btn>
+                  <v-spacer></v-spacer>
+                </v-card-actions>
+              </v-card>
+            </template>
+          </v-dialog>
+        </template>
+
+        <template v-slot:item.enabled="{ item }">
+          <v-switch
+            density="compact"
+            v-model="item.enabled"
+            color="green"
+            hide-details
+            @click="toggleApiKey(item)"
+          ></v-switch>
+        </template>
+      </v-data-table>
+    </v-card-text>
+    <v-card-actions>
+      <v-dialog max-width="420px">
+        <template v-slot:activator="{ props }">
+          <v-btn v-bind="props" class="ms-2" size="small" variant="outlined" prepend-icon="mdi-plus">New API key</v-btn>
+        </template>
+        <template v-slot:default="{ isActive }">
+          <v-card>
+            <v-card-title class="text-h6">New API key</v-card-title>
+            <v-card-text v-if="!newApiKeyToken">
+              <v-text-field density="compact" label="Key name" v-model="newApiKey.name"></v-text-field>
+              <v-combobox
+                v-model="newApiKey.scopes"
+                label="Scopes"
+                :items="['all']"
+                clearable
+                multiple
+                density="compact"
+                :delimiters="[',', ' ', ';']"
+              />
+            </v-card-text>
+            <v-card-text v-else>
+              This is the only time your API key will be accessable. Please copy it to your clipboard now and store it
+              in a secure location. You'll need it to access the API and won't be able to retrieve it again later.
+              <br />
+              <div class="d-flex justify-center">
+                <v-btn class="mt-6" @click="copyApiKey(newApiKeyToken, isActive)" prepend-icon="mdi-content-copy"
+                  >Copy API key to clipboard</v-btn
+                >
+              </div>
+            </v-card-text>
+            <v-card-actions v-if="!newApiKeyToken">
+              <v-spacer></v-spacer>
+              <v-btn color="light" variant="text" @click="isActive.value = false">Cancel</v-btn>
+              <v-btn variant="flat" @click="addApiKey()">Create</v-btn>
+              <v-spacer></v-spacer>
+            </v-card-actions>
+          </v-card>
+        </template>
+      </v-dialog>
+    </v-card-actions>
+  </v-card>
+</template>
+
+<script lang="ts" setup>
+import moment from "moment";
+import axios from "axios";
+</script>
+
+<script lang="ts">
+export default {
+  name: "ApiKeyManagement",
+  data() {
+    return {
+      apiKeyHeaders: [
+        { title: "Created", value: "created" },
+        { title: "Name", value: "name" },
+        { title: "Scopes", value: "scopes" },
+        { title: "Last used", value: "last_used" },
+        { title: "Enabled", value: "enabled" },
+        { title: "Actions", value: "actions" }
+      ],
+      newApiKey: {
+        name: "",
+        scopes: []
+      },
+      newApiKeyToken: null
+    };
+  },
+  props: {
+    profileId: {
+      type: String,
+      default: null
+    },
+    apiKeys: {
+      type: Object,
+      default: {}
+    }
+  },
+  methods: {
+    addApiKey() {
+      axios
+        .post(`/api/v2/users/new-api-key`, {
+          user_id: this.profileId,
+          name: this.newApiKey.name,
+          scopes: this.newApiKey.scopes
+        })
+        .then(response => {
+          this.newApiKeyToken = response.data.token;
+          this.$emit("apiKeyUpdate", response.data.api_keys);
+        })
+        .catch(error => {
+          console.log(error);
+        })
+        .finally(() => {});
+    },
+    toggleApiKey(item) {
+      axios
+        .post(`/api/v2/users/toggle-api-key`, { user_id: this.profileId, name: item.name })
+        .then(response => {
+          item.enabled = response.data.enabled;
+        })
+        .catch(error => {
+          console.log(error);
+        })
+        .finally(() => {});
+    },
+    deleteApiKey(item) {
+      axios
+        .post(`/api/v2/users/delete-api-key`, { user_id: this.profileId, name: item.name })
+        .then(response => {
+          this.$emit("apiKeyUpdate", response.data.api_keys);
+          this.$eventBus.emit("displayMessage", {
+            message: `API key '${item.name}' succesfully deleted.`,
+            status: "success"
+          });
+        })
+        .catch(error => {
+          console.log(error);
+        })
+        .finally(() => {});
+    },
+    copyApiKey(text, isActive) {
+      navigator.clipboard.writeText(text);
+      this.$eventBus.emit("displayMessage", {
+        status: "info",
+        message: "API key copied to clipboard!"
+      });
+      this.newApiKeyToken = null;
+      isActive.value = false;
+    }
+  }
+};
+</script>
+
+<style scoped>
+/* Add custom styles here */
+</style>
diff --git a/src/views/UserAdmin.vue b/src/views/UserAdmin.vue
@@ -6,25 +6,57 @@
         <router-link :to="{ name: 'UserProfileAdmin', params: { id: item.id } }">{{ item.username }}</router-link>
       </template>
       <template v-slot:item.admin="{ item }">
-        <v-switch density="compact" color="green" v-model="item.admin" @change="toggleUser(item, 'admin')"></v-switch>
+        <v-switch
+          density="compact"
+          color="green"
+          v-model="item.admin"
+          hide-details
+          @change="toggleUser(item, 'admin')"
+        ></v-switch>
       </template>
       <template v-slot:item.enabled="{ item }">
         <v-switch
           density="compact"
           color="green"
           v-model="item.enabled"
+          hide-details
           @change="toggleUser(item, 'enabled')"
         ></v-switch>
       </template>
-      <template v-slot:item.api_key="{ item }">
-        <code>{{ item.api_key }}</code>
+      <template v-slot:item.api_keys="{ item }">
+        <code
+          ><v-chip v-for="apiKey in item.api_keys" class="me-2" density="compact" color="green">{{
+            apiKey.name
+          }}</v-chip
+          >{{
+        }}</code>
       </template>
 
       <template v-slot:item.actions="{ item }">
-        <v-btn size="small" variant="outlined" @click="resetApiKey(item)">
-          <v-icon class="me-2">mdi-key</v-icon>
-          Reset API key
-        </v-btn>
+        <v-dialog>
+          <template v-slot:activator="{ props }">
+            <v-btn v-bind="props" size="small" variant="outlined" prepend-icon="mdi-key"> Manage API keys </v-btn>
+          </template>
+          <template v-slot:default="{ isActive }">
+            <v-card>
+              <v-card-title class="text-h6">API key management for {{ item.username }}</v-card-title>
+              <v-card-text>
+                <api-key-management
+                  :profile-id="item.id"
+                  :apiKeys="item.api_keys"
+                  @api-key-update="data => (item.api_keys = data)"
+                >
+                </api-key-management>
+              </v-card-text>
+              <v-card-actions>
+                <v-spacer></v-spacer>
+                <v-btn color="light" variant="text" @click="isActive.value = false">Cancel</v-btn>
+                <v-spacer></v-spacer>
+              </v-card-actions>
+            </v-card>
+          </template>
+        </v-dialog>
+
         <v-btn class="ms-2" size="small" variant="outlined" color="error" @click="showDeleteDialog(item)">
           <v-icon>mdi-delete</v-icon>
         </v-btn>
@@ -77,17 +109,21 @@
 
 <script lang="ts" setup>
 import axios from "axios";
+import ApiKeyManagement from "@/components/ApiKeyManagement.vue";
 </script>
 
 <script lang="ts">
 export default {
   name: "UserAdmin",
+  components: {
+    ApiKeyManagement
+  },
   data() {
     return {
       users: [],
       headers: [
         { key: "username", sortable: true, title: "Username" },
-        { key: "api_key", sortable: false, title: "API key" },
+        { key: "api_keys", sortable: false, title: "API keys" },
         { key: "admin", sortable: false, title: "Admin" },
         { key: "enabled", sortable: false, title: "Enabled" },
         { key: "actions", sortable: false, title: "Actions" }
diff --git a/src/views/UserProfile.vue b/src/views/UserProfile.vue
@@ -13,15 +13,6 @@
                     <td>{{ profile.username }}</td>
                     <td></td>
                   </tr>
-                  <tr>
-                    <td>API key</td>
-                    <td>
-                      <code>{{ profile.api_key }}</code>
-                    </td>
-                    <td>
-                      <v-btn size="small" variant="outlined" @click="resetApiKey(profile)"> Reset key </v-btn>
-                    </td>
-                  </tr>
                   <tr>
                     <th>Global role</th>
                     <td>
@@ -45,6 +36,13 @@
             </v-table>
           </v-card-text>
         </v-card>
+        <api-key-management
+          v-if="profile"
+          :profile-id="profile.id"
+          :apiKeys="profile.api_keys"
+          @api-key-update="data => (profile.api_keys = data)"
+        >
+        </api-key-management>
       </v-col>
       <v-col cols="4">
         <v-card v-if="authModule === 'local'" variant="flat">
@@ -78,13 +76,15 @@ import axios from "axios";
 import { useUserStore } from "@/store/user";
 import { useAppStore } from "@/store/app";
 import GroupList from "@/components/GroupList.vue";
+import ApiKeyManagement from "@/components/ApiKeyManagement.vue";
 </script>
 
 <script lang="ts">
 export default {
   name: "UserProfile",
   components: {
-    GroupList
+    GroupList,
+    ApiKeyManagement
   },
   data() {
     return {
@@ -123,21 +123,6 @@ export default {
         })
         .finally(() => {});
     },
-    resetApiKey() {
-      axios
-        .post(`/api/v2/users/reset-api-key`, { user_id: this.profile.id })
-        .then(response => {
-          this.profile.api_key = response.data.api_key;
-          this.$eventBus.emit("displayMessage", {
-            message: "API key succesfully reset.",
-            status: "success"
-          });
-        })
-        .catch(error => {
-          console.log(error);
-        })
-        .finally(() => {});
-    },
     changeUserPassword() {
       var params = {
         user_id: this.user.id,
