mirror of
https://github.com/kikootwo/ReadMeABook.git
synced 2026-06-03 04:40:09 +00:00
Michael Borohovski
57 lines
1.8 KiB
TypeScript
57 lines
1.8 KiB
TypeScript
/**
|
|
* Component: API Token Delete Route
|
|
* Documentation: documentation/backend/services/api-tokens.md
|
|
*/
|
|
|
|
import { NextRequest, NextResponse } from 'next/server';
|
|
import { requireAuth, requireAdmin, AuthenticatedRequest } from '@/lib/middleware/auth';
|
|
import { prisma } from '@/lib/db';
|
|
import { RMABLogger } from '@/lib/utils/logger';
|
|
import { checkApiTokenRevokeRateLimit } from '@/lib/utils/apiTokenRateLimit';
|
|
|
|
const logger = RMABLogger.create('API.Admin.ApiTokens');
|
|
|
|
/**
|
|
* DELETE /api/admin/api-tokens/[id]
|
|
* Revoke (delete) an API token
|
|
*/
|
|
export async function DELETE(
|
|
request: NextRequest,
|
|
{ params }: { params: Promise<{ id: string }> }
|
|
) {
|
|
return requireAuth(request, (req: AuthenticatedRequest) =>
|
|
requireAdmin(req, async () => {
|
|
try {
|
|
const rateLimit = checkApiTokenRevokeRateLimit(req.user!.id);
|
|
if (!rateLimit.allowed) {
|
|
return NextResponse.json(
|
|
{ error: 'Too many API token revoke attempts. Please try again later.' },
|
|
{
|
|
status: 429,
|
|
headers: {
|
|
'Retry-After': String(rateLimit.retryAfterSeconds),
|
|
},
|
|
}
|
|
);
|
|
}
|
|
|
|
const { id } = await params;
|
|
|
|
const token = await prisma.apiToken.findUnique({ where: { id } });
|
|
if (!token) {
|
|
return NextResponse.json({ error: 'Token not found' }, { status: 404 });
|
|
}
|
|
|
|
await prisma.apiToken.delete({ where: { id } });
|
|
|
|
logger.info('API token revoked', { tokenId: id, name: token.name, revokedBy: req.user!.username });
|
|
|
|
return NextResponse.json({ success: true });
|
|
} catch (error) {
|
|
logger.error('Failed to revoke API token', { error: error instanceof Error ? error.message : String(error) });
|
|
return NextResponse.json({ error: 'Failed to revoke API token' }, { status: 500 });
|
|
}
|
|
})
|
|
);
|
|
}
|