generated from coulomb/repo-seed
Bernd Worsch
ce42607fca
Convert all remaining `<- paramOrNothing / param / paramOrDefault /
currentUserOrNothing` monadic binds to `let` — these functions are pure
(ImplicitParams-based) in IHP v1.5, so `<-` is a type error in an IO
do-block.
Controllers fixed:
AgentDelegations, AiGovernancePolicies, Annotations, ApiConsumers,
CollectiveProposals, DecisionRecords, DeploymentRecords,
HubCapabilityManifests, HubRoutingRules, InstitutionalKnowledge,
OutcomeCorrelations, RequirementCandidates, TypeRegistries,
WebhookSubscriptions, Widgets,
Api/V2/{Annotations,InteractionEvents,Token}
WebhookSubscriptions: remove orphaned `Right () ->` case arm that was
left inside a bare `unless` block (structural parse error).
Also carries forward all in-progress fixes from the working tree:
helpers (AgentBridge, ApiRateLimit, BottleneckDetector,
CrossHubPropagation, FrictionScore),
views (CanSelect instances, HSX lambda extraction, formFor wrappers),
env/build (envrc GHCi perms, flake.nix Tailwind + GHC resource limits,
static/app.css additional Tailwind output).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
55 lines
1.9 KiB
Haskell
55 lines
1.9 KiB
Haskell
module Web.Controller.ApiKeys where
|
|
|
|
import Web.Types
|
|
import Web.View.ApiKeys.New
|
|
import Web.View.ApiKeys.Created
|
|
import Generated.Types
|
|
import IHP.Prelude
|
|
import IHP.ControllerPrelude
|
|
import qualified Data.Text as T
|
|
import qualified Data.Text.Encoding as TE
|
|
import qualified "cryptohash-sha256" Crypto.Hash.SHA256 as SHA256
|
|
import qualified Data.ByteString.Base16 as Base16
|
|
import qualified Data.ByteString.Random as Random
|
|
|
|
instance Controller ApiKeysController where
|
|
beforeAction = ensureIsUser
|
|
|
|
action ApiKeysAction { apiConsumerId } = do
|
|
-- Redirect to consumer show page which displays keys
|
|
redirectTo (ShowApiConsumerAction apiConsumerId)
|
|
|
|
action NewApiKeyAction { apiConsumerId } = do
|
|
consumer <- fetch apiConsumerId
|
|
let apiKey = newRecord @ApiKey
|
|
render NewView { apiKey, consumer }
|
|
|
|
action CreateApiKeyAction = do
|
|
let apiConsumerId = param @(Id ApiConsumer) "apiConsumerId"
|
|
consumer <- fetch apiConsumerId
|
|
let scopes = fromMaybe "" (paramOrNothing @Text "scopes")
|
|
|
|
-- Generate a random 32-byte key, encode as hex (64 chars)
|
|
rawBytes <- liftIO $ Random.random 32
|
|
let fullKey = TE.decodeUtf8 (Base16.encode rawBytes)
|
|
let prefix = T.take 8 fullKey
|
|
let keyHash = TE.decodeUtf8 $ Base16.encode $ SHA256.hash (TE.encodeUtf8 fullKey)
|
|
|
|
_key <- newRecord @ApiKey
|
|
|> set #apiConsumerId consumer.id
|
|
|> set #keyPrefix prefix
|
|
|> set #keyHash keyHash
|
|
|> set #scopes scopes
|
|
|> set #tokenType "static"
|
|
|> createRecord
|
|
|
|
-- Show full key once; never again
|
|
render CreatedView { consumer, fullKey }
|
|
|
|
action RevokeApiKeyAction { apiKeyId } = do
|
|
apiKey <- fetch apiKeyId
|
|
now <- getCurrentTime
|
|
apiKey |> set #revokedAt (Just now) |> updateRecord
|
|
consumer <- fetch apiKey.apiConsumerId
|
|
redirectTo (ShowApiConsumerAction consumer.id)
|