planka/server/api/controllers/users/create-api-key.js

/*!
 * Copyright (c) 2025 PLANKA Software GmbH
 * Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
 */

/**
 * @swagger
 * /users/{id}/api-key:
 *   post:
 *     summary: Create user API key
 *     description: Generates a user's API key. The full API key is returned only once and cannot be retrieved again.
 *     tags:
 *       - Users
 *     operationId: createUserApiKey
 *     parameters:
 *       - name: id
 *         in: path
 *         required: true
 *         description: ID of the user to create API key for
 *         schema:
 *           type: string
 *           example: "1357158568008091264"
 *     responses:
 *       200:
 *         description: API key created successfully
 *         content:
 *           application/json:
 *             schema:
 *               type: object
 *               required:
 *                 - item
 *                 - included
 *               properties:
 *                 item:
 *                   $ref: '#/components/schemas/User'
 *                 included:
 *                   type: object
 *                   required:
 *                     - apiKey
 *                   properties:
 *                     apiKey:
 *                       type: string
 *                       description: API key of the user (returned only once)
 *                       example: D89VszVs_oSS6TdDtYmi0j1LhugOioY40dDVssESO
 *       400:
 *         $ref: '#/components/responses/ValidationError'
 *       401:
 *         $ref: '#/components/responses/Unauthorized'
 *       404:
 *         $ref: '#/components/responses/NotFound'
 */

const { idInput } = require('../../../utils/inputs');

const Errors = {
  USER_NOT_FOUND: {
    userNotFound: 'User not found',
  },
};

module.exports = {
  inputs: {
    id: {
      ...idInput,
      required: true,
    },
  },

  exits: {
    userNotFound: {
      responseType: 'notFound',
    },
  },

  async fn(inputs) {
    const { currentUser } = this.req;

    let user = await User.qm.getOneById(inputs.id);

    if (!user) {
      throw Errors.USER_NOT_FOUND;
    }

    const { key: apiKey, prefix: apiKeyPrefix } = sails.helpers.utils.generateApiKey();

    user = await sails.helpers.users.updateOne.with({
      record: user,
      values: {
        apiKeyPrefix,
        apiKeyHash: sails.helpers.utils.hash(apiKey),
      },
      actorUser: currentUser,
      request: this.req,
    });

    return {
      item: sails.helpers.users.presentOne(user, currentUser),
      included: {
        apiKey,
      },
    };
  },
};