Initial commit: PodcastYes — AI podcast platform

app/(app)/api-keys/actions.ts

@@ -0,0 +1,46 @@
+"use server";
+
+import { revalidatePath } from "next/cache";
+import { getServerSession } from "@/lib/auth/guards";
+import { prisma } from "@/lib/db";
+import { subjectHasFeature } from "@/lib/billing/subscription";
+import { generateRawKey, hashKey, keyPreview } from "@/lib/apikeys";
+
+export async function createApiKeyAction(
+  name: string
+): Promise<{ ok: boolean; error?: string; key?: string }> {
+  const session = await getServerSession();
+  if (!session) return { ok: false, error: "You must be signed in." };
+
+  const allowed = await subjectHasFeature(
+    session.user.id,
+    "api_access",
+    session.session.activeOrganizationId
+  );
+  if (!allowed) return { ok: false, error: "API access requires the Pro plan or higher." };
+
+  const trimmed = name.trim() || "Untitled key";
+  const raw = generateRawKey();
+  await prisma.apiKey.create({
+    data: {
+      userId: session.user.id,
+      name: trimmed,
+      hashedKey: hashKey(raw),
+      prefix: keyPreview(raw),
+    },
+  });
+
+  revalidatePath("/api-keys");
+  // Return the raw key once — it is never stored in plaintext.
+  return { ok: true, key: raw };
+}
+
+export async function revokeApiKeyAction(id: string): Promise<{ ok: boolean; error?: string }> {
+  const session = await getServerSession();
+  if (!session) return { ok: false, error: "You must be signed in." };
+  const key = await prisma.apiKey.findUnique({ where: { id }, select: { userId: true } });
+  if (!key || key.userId !== session.user.id) return { ok: false, error: "Not allowed." };
+  await prisma.apiKey.update({ where: { id }, data: { revokedAt: new Date() } });
+  revalidatePath("/api-keys");
+  return { ok: true };
+}

app/(app)/api-keys/page.tsx

@@ -0,0 +1,46 @@
+import type { Metadata } from "next";
+import { requireAuth } from "@/lib/auth/guards";
+import { subjectHasFeature } from "@/lib/billing/subscription";
+import { prisma } from "@/lib/db";
+import { PageHeader } from "@/components/app/page-header";
+import { UpgradeGate } from "@/components/app/upgrade-gate";
+import { ApiKeysClient } from "@/components/app/api-keys-client";
+
+export const metadata: Metadata = { title: "API keys" };
+
+export default async function ApiKeysPage() {
+  const session = await requireAuth();
+  const allowed = await subjectHasFeature(
+    session.user.id,
+    "api_access",
+    session.session.activeOrganizationId
+  );
+
+  return (
+    <>
+      <PageHeader title="API keys" description="Programmatic access to the PodcastYes API." />
+      {!allowed ? (
+        <UpgradeGate
+          title="API access is a Pro feature"
+          description="Upgrade to Pro to create API keys and generate episodes programmatically."
+          requiredPlan="Pro"
+        />
+      ) : (
+        <ApiKeysClient
+          keys={(
+            await prisma.apiKey.findMany({
+              where: { userId: session.user.id, revokedAt: null },
+              orderBy: { createdAt: "desc" },
+            })
+          ).map((k) => ({
+            id: k.id,
+            name: k.name,
+            prefix: k.prefix,
+            lastUsedAt: k.lastUsedAt?.toISOString() ?? null,
+            createdAt: k.createdAt.toISOString(),
+          }))}
+        />
+      )}
+    </>
+  );
+}