infohliadka/pages/api/admin/api-keys.ts

import type { NextApiRequest, NextApiResponse } from "next"
import sqlite3 from "sqlite3"
import path from "path"
import { generateApiKey, hashApiKey } from "../../../lib/api-auth"

export default async function handler(req: NextApiRequest, res: NextApiResponse) {
  const dbPath = path.join(process.cwd(), "database", "antihoax.db")
  const db = new sqlite3.Database(dbPath)
  
  try {
    if (req.method === "GET") {
      const keys = await new Promise<any[]>((resolve, reject) => {
        db.all(
          `SELECT id, name, permissions, rate_limit, is_active, last_used, created_at
           FROM api_keys ORDER BY created_at DESC`,
          (err, rows) => {
            if (err) reject(err)
            else resolve(rows)
          }
        )
      })
      
      res.json({ 
        keys: keys.map(key => ({
          ...key,
          permissions: key.permissions ? JSON.parse(key.permissions) : [],
          key_preview: '***...' + (key.id.toString().slice(-4))
        }))
      })
      
    } else if (req.method === "POST") {
      const { name, permissions = [], rate_limit = 1000 } = req.body
      
      if (!name) {
        return res.status(400).json({ error: "Name required" })
      }
      
      const apiKey = generateApiKey()
      const keyHash = hashApiKey(apiKey)
      
      const result = await new Promise<any>((resolve, reject) => {
        db.run(
          `INSERT INTO api_keys (key_hash, name, permissions, rate_limit, is_active, created_at)
           VALUES (?, ?, ?, ?, 1, datetime('now'))`,
          [keyHash, name, JSON.stringify(permissions), rate_limit],
          function(err) {
            if (err) reject(err)
            else resolve({ id: this.lastID })
          }
        )
      })
      
      res.json({
        success: true,
        id: result.id,
        api_key: apiKey, // Only returned once during creation
        name,
        permissions,
        rate_limit
      })
      
    } else if (req.method === "DELETE") {
      const { id } = req.query
      
      await new Promise<void>((resolve, reject) => {
        db.run(
          'UPDATE api_keys SET is_active = 0 WHERE id = ?',
          [id],
          (err) => {
            if (err) reject(err)
            else resolve()
          }
        )
      })
      
      res.json({ success: true })
      
    } else {
      res.status(405).json({ error: "Method not allowed" })
    }
    
  } catch (error) {
    console.error('API keys error:', error)
    res.status(500).json({ error: "Operation failed" })
  } finally {
    db.close()
  }
}