app/%28app%29/api-keys/actions.ts

"use server";

import { revalidatePath } from "next/cache";
import { getServerSession } from "@/lib/auth/guards";
import { prisma } from "@/lib/db";
import { subjectHasFeature } from "@/lib/billing/subscription";
import { generateRawKey, hashKey, keyPreview } from "@/lib/apikeys";

export async function createApiKeyAction(
  name: string
): Promise<{ ok: boolean; error?: string; key?: string }> {
  const session = await getServerSession();
  if (!session) return { ok: false, error: "You must be signed in." };

  const allowed = await subjectHasFeature(
    session.user.id,
    "api_access",
    session.session.activeOrganizationId
  );
  if (!allowed) return { ok: false, error: "API access requires the Pro plan or higher." };

  const trimmed = name.trim() || "Untitled key";
  const raw = generateRawKey();
  await prisma.apiKey.create({
    data: {
      userId: session.user.id,
      name: trimmed,
      hashedKey: hashKey(raw),
      prefix: keyPreview(raw),
    },
  });

  revalidatePath("/api-keys");
  // Return the raw key once — it is never stored in plaintext.
  return { ok: true, key: raw };
}

export async function revokeApiKeyAction(id: string): Promise<{ ok: boolean; error?: string }> {
  const session = await getServerSession();
  if (!session) return { ok: false, error: "You must be signed in." };
  const key = await prisma.apiKey.findUnique({ where: { id }, select: { userId: true } });
  if (!key || key.userId !== session.user.id) return { ok: false, error: "Not allowed." };
  await prisma.apiKey.update({ where: { id }, data: { revokedAt: new Date() } });
  revalidatePath("/api-keys");
  return { ok: true };
}
Initial commit: PodcastYes — AI podcast platform 2026-06-07 03:58:32 -04:00			`"use server";`

			`import { revalidatePath } from "next/cache";`
			`import { getServerSession } from "@/lib/auth/guards";`
			`import { prisma } from "@/lib/db";`
			`import { subjectHasFeature } from "@/lib/billing/subscription";`
			`import { generateRawKey, hashKey, keyPreview } from "@/lib/apikeys";`

			`export async function createApiKeyAction(`
			`name: string`
			`): Promise<{ ok: boolean; error?: string; key?: string }> {`
			`const session = await getServerSession();`
			`if (!session) return { ok: false, error: "You must be signed in." };`

			`const allowed = await subjectHasFeature(`
			`session.user.id,`
			`"api_access",`
			`session.session.activeOrganizationId`
			`);`
			`if (!allowed) return { ok: false, error: "API access requires the Pro plan or higher." };`

			`const trimmed = name.trim() \|\| "Untitled key";`
			`const raw = generateRawKey();`
			`await prisma.apiKey.create({`
			`data: {`
			`userId: session.user.id,`
			`name: trimmed,`
			`hashedKey: hashKey(raw),`
			`prefix: keyPreview(raw),`
			`},`
			`});`

			`revalidatePath("/api-keys");`
			`// Return the raw key once — it is never stored in plaintext.`
			`return { ok: true, key: raw };`
			`}`

			`export async function revokeApiKeyAction(id: string): Promise<{ ok: boolean; error?: string }> {`
			`const session = await getServerSession();`
			`if (!session) return { ok: false, error: "You must be signed in." };`
			`const key = await prisma.apiKey.findUnique({ where: { id }, select: { userId: true } });`
			`if (!key \|\| key.userId !== session.user.id) return { ok: false, error: "Not allowed." };`
			`await prisma.apiKey.update({ where: { id }, data: { revokedAt: new Date() } });`
			`revalidatePath("/api-keys");`
			`return { ok: true };`
			`}`