[PR #1254] [MERGED] Add API key authentication #1251

New Issue

OVERLORD · 2026-02-04T21:59:40+03:00

OVERLORD commented

2026-02-04 21:59:40 +03:00

📋 Pull Request Information

Original PR: https://github.com/plankanban/planka/pull/1254
Author: @JustSamuel
Created: 7/13/2025
Status: ✅ Merged
Merged: 11/6/2025
Merged by: @meltyshev

Base: master ← Head: Feature/api-keys

📝 Commits (6)

985354d feat: apiKey migration
09bc059 feat: extend is-authenticated.js logic with api key checking
080881e feat: add routes for creating, cycling and deleting apiKeys
ba6544b feat: implement apikey management frontend
f745360 chore: Rework
2b84980 fix: Complete missing translations, cleanup

📊 Changes

75 files changed (+1504 additions, -97 deletions)

View changed files

📝 client/src/actions/users.js (+55 -0)
📝 client/src/api/users.js (+4 -0)
📝 client/src/components/board-memberships/BoardMemberships/ActionsStep.jsx (+1 -1)
📝 client/src/components/common/AdministrationModal/SmtpPane.jsx (+5 -5)
📝 client/src/components/common/AdministrationModal/UsersPane/ActionsStep.jsx (+47 -25)
➕ client/src/components/common/AdministrationModal/UsersPane/ApiKeyStep.jsx (+169 -0)
➕ client/src/components/common/AdministrationModal/UsersPane/ApiKeyStep.module.scss (+65 -0)
📝 client/src/components/common/AdministrationModal/UsersPane/Item.jsx (+51 -8)
📝 client/src/components/common/AdministrationModal/UsersPane/Item.module.scss (+33 -2)
📝 client/src/components/common/AdministrationModal/UsersPane/UsersPane.jsx (+6 -11)
📝 client/src/components/users/EditUserEmailStep/EditUserEmailStep.jsx (+6 -3)
📝 client/src/components/users/EditUserPasswordStep/EditUserPasswordStep.jsx (+8 -7)
📝 client/src/components/users/EditUserUsernameStep/EditUserUsernameStep.jsx (+6 -3)
📝 client/src/components/users/UserSettingsModal/AccountPane/AccountPane.jsx (+3 -3)
📝 client/src/constants/ActionTypes.js (+7 -0)
📝 client/src/constants/EntryActionTypes.js (+3 -0)
📝 client/src/entry-actions/users.js (+24 -0)
📝 client/src/locales/ar-YE/core.js (+17 -0)
📝 client/src/locales/bg-BG/core.js (+17 -0)
📝 client/src/locales/cs-CZ/core.js (+17 -0)

...and 55 more files

📄 Description

This PR adds API key authentication to planka using the X-Api-Key header.

Authentication works by storing a prefix and hash per user. If provided the API key is checked to see if it matches the stored hash and the user is deemed authenticated.

Closes #945

Draft

PR is in draft because this allows for intermediate feedback by any other contributors

The frontend adds a panel to the admin actions:

Which contains an overview of all current apikeys, traceable using their prefix:

A menu allows for creation:

Which updates the modal:

allowing for cycling and deleting:

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/plankanban/planka/pull/1254 **Author:** [@JustSamuel](https://github.com/JustSamuel) **Created:** 7/13/2025 **Status:** ✅ Merged **Merged:** 11/6/2025 **Merged by:** [@meltyshev](https://github.com/meltyshev) **Base:** `master` ← **Head:** `Feature/api-keys` --- ### 📝 Commits (6) - [`985354d`](https://github.com/plankanban/planka/commit/985354dcfe0d31f9057c9febf6a9ca8b6ac51b1b) feat: apiKey migration - [`09bc059`](https://github.com/plankanban/planka/commit/09bc0596f3452f35cacb01d695f1841c2ff92e0f) feat: extend is-authenticated.js logic with api key checking - [`080881e`](https://github.com/plankanban/planka/commit/080881e643b9fc03d873ae9d6af00e534350e724) feat: add routes for creating, cycling and deleting apiKeys - [`ba6544b`](https://github.com/plankanban/planka/commit/ba6544b9df09ead1401ba41480098308efbdb868) feat: implement apikey management frontend - [`f745360`](https://github.com/plankanban/planka/commit/f74536004ee21c9fda06aa8fa476bd64cfb21916) chore: Rework - [`2b84980`](https://github.com/plankanban/planka/commit/2b8498009d936608421713d415055f0dbfe70214) fix: Complete missing translations, cleanup ### 📊 Changes **75 files changed** (+1504 additions, -97 deletions) <details> <summary>View changed files</summary> 📝 `client/src/actions/users.js` (+55 -0) 📝 `client/src/api/users.js` (+4 -0) 📝 `client/src/components/board-memberships/BoardMemberships/ActionsStep.jsx` (+1 -1) 📝 `client/src/components/common/AdministrationModal/SmtpPane.jsx` (+5 -5) 📝 `client/src/components/common/AdministrationModal/UsersPane/ActionsStep.jsx` (+47 -25) ➕ `client/src/components/common/AdministrationModal/UsersPane/ApiKeyStep.jsx` (+169 -0) ➕ `client/src/components/common/AdministrationModal/UsersPane/ApiKeyStep.module.scss` (+65 -0) 📝 `client/src/components/common/AdministrationModal/UsersPane/Item.jsx` (+51 -8) 📝 `client/src/components/common/AdministrationModal/UsersPane/Item.module.scss` (+33 -2) 📝 `client/src/components/common/AdministrationModal/UsersPane/UsersPane.jsx` (+6 -11) 📝 `client/src/components/users/EditUserEmailStep/EditUserEmailStep.jsx` (+6 -3) 📝 `client/src/components/users/EditUserPasswordStep/EditUserPasswordStep.jsx` (+8 -7) 📝 `client/src/components/users/EditUserUsernameStep/EditUserUsernameStep.jsx` (+6 -3) 📝 `client/src/components/users/UserSettingsModal/AccountPane/AccountPane.jsx` (+3 -3) 📝 `client/src/constants/ActionTypes.js` (+7 -0) 📝 `client/src/constants/EntryActionTypes.js` (+3 -0) 📝 `client/src/entry-actions/users.js` (+24 -0) 📝 `client/src/locales/ar-YE/core.js` (+17 -0) 📝 `client/src/locales/bg-BG/core.js` (+17 -0) 📝 `client/src/locales/cs-CZ/core.js` (+17 -0) _...and 55 more files_ </details> ### 📄 Description This PR adds API key authentication to `planka` using the `X-Api-Key` header. Authentication works by storing a `prefix` and hash per user. If provided the API key is checked to see if it matches the stored hash and the user is deemed authenticated. # Related Closes #945 ## Draft PR is in draft because this allows for intermediate feedback by any other contributors <img width="767" height="740" alt="image" src="https://github.com/user-attachments/assets/61daa381-0711-4771-a082-2e77b1630158" /> The frontend adds a panel to the admin actions: <img width="2308" height="805" alt="image" src="https://github.com/user-attachments/assets/02cd5a68-fec3-4190-97bd-2c6ac7134663" /> Which contains an overview of all current apikeys, traceable using their prefix: <img width="802" height="422" alt="image" src="https://github.com/user-attachments/assets/95be3c6c-84be-457d-a0db-2c749a054b21" /> A menu allows for creation: <img width="990" height="413" alt="image" src="https://github.com/user-attachments/assets/90ab4393-7b97-4ecf-9fa2-cc0693f4632c" /> <img width="342" height="181" alt="image" src="https://github.com/user-attachments/assets/ab9c01cd-58fb-44d8-9c9d-ed1ff04cc9aa" /> <img width="330" height="460" alt="image" src="https://github.com/user-attachments/assets/85e1a441-5193-4161-881b-268abf75f890" /> Which updates the modal: <img width="760" height="363" alt="image" src="https://github.com/user-attachments/assets/58d5e7ac-df69-4ab0-9def-9ff02af9482b" /> allowing for cycling and deleting: <img width="502" height="235" alt="image" src="https://github.com/user-attachments/assets/4aef7ce3-d0f1-40b7-a19a-9ea99a40666c" /> <img width="330" height="228" alt="image" src="https://github.com/user-attachments/assets/25331b04-5df0-4453-bf20-8e702706a164" /> <img width="329" height="438" alt="image" src="https://github.com/user-attachments/assets/b26be262-d073-4eda-ae3f-c46e25994af7" /> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

OVERLORD added the pull-request label 2026-02-04 21:59:40 +03:00

OVERLORD closed this issue

2026-02-04 21:59:42 +03:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/planka#1251