Class: ApiKeys::KeysController
- Inherits:
-
ApplicationController
- Object
- ApplicationController
- ApiKeys::KeysController
- Defined in:
- app/controllers/api_keys/keys_controller.rb
Overview
Controller for managing API keys belonging to the current owner.
Instance Method Summary collapse
-
#create ⇒ Object
POST /keys.
-
#edit ⇒ Object
GET /keys/:id/edit.
-
#index ⇒ Object
GET /keys.
-
#new ⇒ Object
GET /keys/new.
-
#revoke ⇒ Object
POST /keys/:id/revoke.
-
#show ⇒ Object
GET /keys/:id Shows the newly generated key's plaintext token ONCE.
-
#update ⇒ Object
PATCH/PUT /keys/:id.
Instance Method Details
#create ⇒ Object
POST /keys
55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 |
# File 'app/controllers/api_keys/keys_controller.rb', line 55 def create # Use the HasApiKeys helper method to create the key begin # create_api_key! now returns the ApiKey instance @api_key = current_api_keys_owner.create_api_key!( name: api_key_params[:name], scopes: api_key_params[:scopes], expires_at: parse_expiration(api_key_params[:expires_at_preset]), key_type: api_key_params[:key_type].presence&.to_sym # Metadata could be added here if needed ) # Get the plaintext token from the instance's attr_reader plaintext_token = @api_key.token # Store the plaintext token in session to display on the show page session[:plaintext_api_key] = plaintext_token redirect_to key_path(@api_key) rescue ActiveRecord::RecordInvalid => e # If create! fails due to validation (e.g., quota exceeded) @api_key = e.record # Get the invalid ApiKey instance flash.now[:alert] = "Failed to create API key: #{e.record.errors..join(', ')}" render :new, status: :unprocessable_entity rescue => e # Catch other potential errors flash.now[:alert] = "An unexpected error occurred: #{e.}" @api_key = current_api_keys_owner.api_keys.build(api_key_params) # Rebuild form render :new, status: :unprocessable_entity end end |
#edit ⇒ Object
GET /keys/:id/edit
87 88 89 |
# File 'app/controllers/api_keys/keys_controller.rb', line 87 def edit # Key is set by set_api_key end |
#index ⇒ Object
GET /keys
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
# File 'app/controllers/api_keys/keys_controller.rb', line 10 def index # Start with all keys for the owner base_scope = current_api_keys_owner.api_keys # Filter by environment if key_types feature is enabled and cross-environment is disabled if key_types_feature_enabled? && !ApiKeys.configuration.dashboard_allow_cross_environment current_env = resolve_current_environment base_scope = base_scope.where(environment: [current_env.to_s, nil, ""]) end # Fetch only active keys for the main list, sorted by creation date @api_keys = base_scope.active.order(created_at: :desc) # Optionally, fetch inactive ones for a separate section or filter @inactive_api_keys = base_scope.inactive.order(created_at: :desc) # When key_types feature is enabled, separate publishable and secret keys if key_types_feature_enabled? @publishable_keys = @api_keys.select(&:public_key_type?) @secret_keys = @api_keys.reject(&:public_key_type?) @inactive_publishable_keys = @inactive_api_keys.select(&:public_key_type?) @inactive_secret_keys = @inactive_api_keys.reject(&:public_key_type?) end end |
#new ⇒ Object
GET /keys/new
50 51 52 |
# File 'app/controllers/api_keys/keys_controller.rb', line 50 def new @api_key = current_api_keys_owner.api_keys.build end |
#revoke ⇒ Object
POST /keys/:id/revoke
102 103 104 105 106 107 108 109 110 |
# File 'app/controllers/api_keys/keys_controller.rb', line 102 def revoke @api_key.revoke! redirect_to keys_path, notice: "API key revoked successfully." rescue ApiKeys::Errors::KeyNotRevocableError redirect_to keys_path, alert: "This API key cannot be revoked." rescue => e # This shouldn't typically fail unless there's a callback issue redirect_to keys_path, alert: "Failed to revoke API key: #{e.}" end |
#show ⇒ Object
GET /keys/:id Shows the newly generated key's plaintext token ONCE. This is not a standard show action, it's used transiently after creation.
37 38 39 40 41 42 43 44 45 46 47 |
# File 'app/controllers/api_keys/keys_controller.rb', line 37 def show # Key is set by set_api_key # We need to retrieve the plaintext token stored temporarily # after creation. This relies on how we handle creation. # We'll likely store it in the session flash or pass it directly. @plaintext_token = session.delete(:plaintext_api_key) # Retrieve and delete from session unless @plaintext_token # If accessed directly without the token, redirect or show an error redirect_to keys_path, alert: "API key token can only be shown once immediately after creation." end end |
#update ⇒ Object
PATCH/PUT /keys/:id
92 93 94 95 96 97 98 99 |
# File 'app/controllers/api_keys/keys_controller.rb', line 92 def update if @api_key.update(api_key_update_params) redirect_to keys_path, notice: "API key updated successfully." else flash.now[:alert] = "Failed to update API key: #{@api_key.errors..join(', ')}" render :edit, status: :unprocessable_entity end end |