#591 - api keys

2025-07-05 07:52:34 +00:00 · 2025-05-20 08:15:10 +02:00
parent f7ac3c32f0
commit eb86204069
8 changed files with 372 additions and 1 deletions
--- a/app/Http/Controllers/ApiKeyController.php
+++ b/app/Http/Controllers/ApiKeyController.php
@ -0,0 +1,63 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use App\Http\Resources\ApiKeyResource;
+use App\Models\PersonalAccessToken;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Inertia\Inertia;
+use Inertia\Response;
+use Spatie\RouteAttributes\Attributes\Delete;
+use Spatie\RouteAttributes\Attributes\Get;
+use Spatie\RouteAttributes\Attributes\Middleware;
+use Spatie\RouteAttributes\Attributes\Post;
+use Spatie\RouteAttributes\Attributes\Prefix;
+
+#[Prefix('settings/api-keys')]
+#[Middleware(['auth'])]
+class ApiKeyController extends Controller
+{
+    #[Get('/', name: 'api-keys')]
+    public function index(): Response
+    {
+        $this->authorize('viewAny', PersonalAccessToken::class);
+
+        return Inertia::render('api-keys/index', [
+            'apiKeys' => ApiKeyResource::collection(user()->tokens()->simplePaginate(config('web.pagination_size'))),
+        ]);
+    }
+
+    #[Post('/', name: 'api-keys.store')]
+    public function store(Request $request): RedirectResponse
+    {
+        $this->authorize('create', PersonalAccessToken::class);
+
+        $this->validate($request, [
+            'name' => 'required|string|max:255',
+            'permission' => 'required|in:read,write',
+        ]);
+
+        $permissions = ['read'];
+        if ($request->input('permission') === 'write') {
+            $permissions[] = 'write';
+        }
+        $token = user()->createToken($request->input('name'), $permissions);
+
+        return back()
+            ->with('success', 'Api key created.')
+            ->with('data', [
+                'token' => $token->plainTextToken,
+            ]);
+    }
+
+    #[Delete('/{apiKey}', name: 'api-keys.destroy')]
+    public function destroy(PersonalAccessToken $apiKey): RedirectResponse
+    {
+        $this->authorize('delete', $apiKey);
+
+        $apiKey->delete();
+
+        return back()->with('success', 'Api Key deleted.');
+    }
+}
--- a/app/Http/Middleware/HandleInertiaRequests.php
+++ b/app/Http/Middleware/HandleInertiaRequests.php
@ -68,6 +68,10 @@ public function share(Request $request): array
                'location' => $request->url(),
            ],
            'sidebarOpen' => ! $request->hasCookie('sidebar_state') || $request->cookie('sidebar_state') === 'true',
+            'flash' => [
+                'success' => fn () => $request->session()->get('success'),
+                'data' => fn () => $request->session()->get('data'),
+            ],
        ];
    }
 }
--- a/app/Http/Resources/ApiKeyResource.php
+++ b/app/Http/Resources/ApiKeyResource.php
@ -0,0 +1,25 @@
+<?php
+
+namespace App\Http\Resources;
+
+use App\Models\PersonalAccessToken;
+use Illuminate\Http\Request;
+use Illuminate\Http\Resources\Json\JsonResource;
+
+/** @mixin PersonalAccessToken */
+class ApiKeyResource extends JsonResource
+{
+    /**
+     * @return array<string, mixed>
+     */
+    public function toArray(Request $request): array
+    {
+        return [
+            'id' => $this->id,
+            'name' => $this->name,
+            'permissions' => $this->abilities,
+            'created_at' => $this->created_at,
+            'updated_at' => $this->updated_at,
+        ];
+    }
+}