feat: add routes for creating, cycling and deleting apiKeys

server/api/helpers/api-key/create-and-store.js

@@ -0,0 +1,48 @@
+const bcrypt = require('bcrypt');
+const { v4: uuidv4 } = require('uuid');
+const crypto = require('crypto');
+
+const { idInput } = require('../../../utils/inputs');
+
+module.exports = {
+  inputs: {
+    id: {
+      ...idInput,
+      required: true,
+    },
+    cycle: { type: 'boolean', defaultsTo: false },
+  },
+
+  exits: {
+    userNotFound: {},
+    alreadyExists: {},
+    doesNotExist: {},
+  },
+
+  async fn(inputs) {
+    const { id, cycle } = inputs;
+
+    const user = await User.findOne({ id });
+    if (!user) throw 'userNotFound';
+    if (user.apiKeyHash && !cycle) throw 'alreadyExists';
+    if (!user.apiKeyHash && cycle) throw 'doesNotExist';
+
+    const prefix = `${Number(id).toString(36).padStart(8, '0')}${crypto
+      .randomBytes(4)
+      .toString('hex')}`;
+
+    const rawKey = `${prefix}.${uuidv4().replace(
+      /-/g,
+      '',
+    )}${crypto.randomBytes(16).toString('hex')}`;
+
+    const hash = await bcrypt.hash(rawKey, 12);
+
+    await User.updateOne({ id }).set({
+      apiKeyPrefix: prefix,
+      apiKeyHash: hash,
+    });
+
+    return { apiKey: rawKey };
+  },
+};

server/api/helpers/api-key/delete-one.js

@@ -0,0 +1,35 @@
+/*!
+ * Copyright (c) 2025 PLANKA Software GmbH
+ * Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
+ */
+
+const { idInput } = require('../../../utils/inputs');
+
+module.exports = {
+  inputs: {
+    id: {
+      ...idInput,
+      required: true,
+    },
+  },
+
+  exits: {
+    userNotFound: {},
+    doesNotExist: {},
+  },
+
+  async fn(inputs) {
+    const { id } = inputs;
+
+    const user = await User.findOne({ id });
+    if (!user) throw 'userNotFound';
+    if (!user.apiKeyHash) throw 'doesNotExist';
+
+    await User.updateOne({ id }).set({
+      apiKeyPrefix: null,
+      apiKeyHash: null,
+    });
+
+    return { success: true };
+  },
+};