import { NextRequest, NextResponse } from "next/server"; import { db } from "@/db"; import { apiKeys } from "@/db/schema"; import { eq, desc } from "drizzle-orm"; import { authenticateWebOrAPIRequest } from "@/app/lib/api-auth"; import { isAdmin } from "@/app/lib/permissions"; import { maskApiKey } from "@/app/lib/jwt"; import { getDaysRemaining, getExpiryRemainingLabel } from "@/app/lib/api-key-utils"; /** * GET /api/v1/admin/users/[id]/api-keys — Admin: seçilen kullanıcının API anahtarları */ export async function GET( request: NextRequest, context: { params: Promise<{ id: string }> } ) { const auth = await authenticateWebOrAPIRequest(request); if (!auth.authenticated) { return NextResponse.json({ error: auth.error ?? "Yetkisiz" }, { status: 401 }); } if (!isAdmin(auth.role!)) { return NextResponse.json( { error: "Bu işlem için admin yetkisi gerekir." }, { status: 403 } ); } const { id: userId } = await context.params; const rows = await db .select({ id: apiKeys.id, name: apiKeys.name, key: apiKeys.key, expiresAt: apiKeys.expiresAt, lastUsedAt: apiKeys.lastUsedAt, isActive: apiKeys.isActive, createdAt: apiKeys.createdAt, }) .from(apiKeys) .where(eq(apiKeys.userId, userId)) .orderBy(desc(apiKeys.createdAt)); return NextResponse.json({ success: true, data: { keys: rows.map((r) => { const exp = r.expiresAt ?? null; return { id: r.id, name: r.name, keyPreview: maskApiKey(r.key), expiresAt: exp?.toISOString() ?? null, daysRemaining: getDaysRemaining(exp), remainingLabel: getExpiryRemainingLabel(exp), lastUsedAt: r.lastUsedAt?.toISOString() ?? null, isActive: r.isActive, createdAt: r.createdAt.toISOString(), }; }), }, }); }