import type { NextApiRequest, NextApiResponse } from "next" import sqlite3 from "sqlite3" import path from "path" import { generateApiKey, hashApiKey } from "../../../lib/api-auth" export default async function handler(req: NextApiRequest, res: NextApiResponse) { const dbPath = path.join(process.cwd(), "database", "antihoax.db") const db = new sqlite3.Database(dbPath) try { if (req.method === "GET") { const keys = await new Promise((resolve, reject) => { db.all( `SELECT id, name, permissions, rate_limit, is_active, last_used, created_at FROM api_keys ORDER BY created_at DESC`, (err, rows) => { if (err) reject(err) else resolve(rows) } ) }) res.json({ keys: keys.map(key => ({ ...key, permissions: key.permissions ? JSON.parse(key.permissions) : [], key_preview: '***...' + (key.id.toString().slice(-4)) })) }) } else if (req.method === "POST") { const { name, permissions = [], rate_limit = 1000 } = req.body if (!name) { return res.status(400).json({ error: "Name required" }) } const apiKey = generateApiKey() const keyHash = hashApiKey(apiKey) const result = await new Promise((resolve, reject) => { db.run( `INSERT INTO api_keys (key_hash, name, permissions, rate_limit, is_active, created_at) VALUES (?, ?, ?, ?, 1, datetime('now'))`, [keyHash, name, JSON.stringify(permissions), rate_limit], function(err) { if (err) reject(err) else resolve({ id: this.lastID }) } ) }) res.json({ success: true, id: result.id, api_key: apiKey, // Only returned once during creation name, permissions, rate_limit }) } else if (req.method === "DELETE") { const { id } = req.query await new Promise((resolve, reject) => { db.run( 'UPDATE api_keys SET is_active = 0 WHERE id = ?', [id], (err) => { if (err) reject(err) else resolve() } ) }) res.json({ success: true }) } else { res.status(405).json({ error: "Method not allowed" }) } } catch (error) { console.error('API keys error:', error) res.status(500).json({ error: "Operation failed" }) } finally { db.close() } }