packages/api/src/router/apiKeys.ts

import { z } from "zod/v4";

import { createSaltAsync, hashPasswordAsync } from "@homarr/auth";
import { createId } from "@homarr/common";
import { generateSecureRandomToken } from "@homarr/common/server";
import { db, eq } from "@homarr/db";
import { apiKeys } from "@homarr/db/schema";

import { createTRPCRouter, permissionRequiredProcedure } from "../trpc";

export const apiKeysRouter = createTRPCRouter({
  getAll: permissionRequiredProcedure.requiresPermission("admin").query(() => {
    return db.query.apiKeys.findMany({
      columns: {
        id: true,
        apiKey: false,
        salt: false,
      },
      with: {
        user: {
          columns: {
            id: true,
            name: true,
            image: true,
          },
        },
      },
    });
  }),
  create: permissionRequiredProcedure.requiresPermission("admin").mutation(async ({ ctx }) => {
    const salt = await createSaltAsync();
    const randomToken = generateSecureRandomToken(64);
    const hashedRandomToken = await hashPasswordAsync(randomToken, salt);
    const id = createId();
    await db.insert(apiKeys).values({
      id,
      apiKey: hashedRandomToken,
      salt,
      userId: ctx.session.user.id,
    });
    return {
      apiKey: `${id}.${randomToken}`,
    };
  }),
  delete: permissionRequiredProcedure
    .requiresPermission("admin")
    .input(z.object({ apiKeyId: z.string() }))
    .mutation(async ({ ctx, input }) => {
      await ctx.db.delete(apiKeys).where(eq(apiKeys.id, input.apiKeyId)).limit(1);
    }),
});
fix(deps): upgrade zod to v4 and fix breaking changes (#3461) * fix(deps): update dependency drizzle-zod to ^0.8.2 * chore: update zod to v4 import * fix: path is no longer available in transform context * fix: AnyZodObject does no longer exist * fix: auth env.ts using wrong createEnv and remove unused file env-validation.ts * fix: required_error no longer exists on z.string * fix: zod error map is deprecated and replaced with config * fix: default requires callback now * fix: migrate zod resolver for mantine * fix: remove unused form translation file * fix: wrong enum type * fix: record now requires two arguments * fix: add-confirm-password-refinement type issues * fix: add missing first record argument for entityStateSchema * fix: migrate superrefine to check * fix(deps): upgrade zod-form-data to v3 * fix: migrate superRefine to check for mediaUploadSchema * fix: authProvidersSchema default is array * fix: use stringbool instead of custom implementation * fix: record requires first argument * fix: migrate superRefine to check for certificate router * fix: confirm pasword refinement is overwriting types * fix: email optional not working * fix: migrate intersection to object converter * fix: safe parse return value rename * fix: easier access for min and max number value * fix: migrate superRefine to check for oldmarr import file * fix: inference of enum shape for old-import board-size wrong * fix: errors renamed to issues * chore: address pull request feedback * fix: zod form requires object * fix: inference for use-zod-form not working * fix: remove unnecessary convertion * fix(deps): upgrade trpc-to-openapi to v3 * fix: build error * fix: migrate missing zod imports to v4 * fix: migrate zod records to v4 * fix: missing core package dependency in api module * fix: unable to convert custom zod schema to openapi schema * fix(deps): upgrade zod to v4 * chore(renovate): enable zod dependency updates * test: add simple unit test for convertIntersectionToZodObject --------- Co-authored-by: homarr-renovate[bot] <158783068+homarr-renovate[bot]@users.noreply.github.com> 2025-08-15 20:15:58 +02:00			`import { z } from "zod/v4";`
feat: add api key delete (#2210) Co-authored-by: Meier Lukas <meierschlumpf@gmail.com> 2025-02-04 17:14:15 +01:00
feat: add api keys (#991) * feat: add api keys * chore: address pull request feedback --------- Co-authored-by: Meier Lukas <meierschlumpf@gmail.com> 2024-10-05 16:18:31 +02:00			`import { createSaltAsync, hashPasswordAsync } from "@homarr/auth";`
refactor: move usages of create-id to common package (#3606) 2025-07-17 10:42:11 +02:00			`import { createId } from "@homarr/common";`
feat: add api keys (#991) * feat: add api keys * chore: address pull request feedback --------- Co-authored-by: Meier Lukas <meierschlumpf@gmail.com> 2024-10-05 16:18:31 +02:00			`import { generateSecureRandomToken } from "@homarr/common/server";`
refactor: move usages of create-id to common package (#3606) 2025-07-17 10:42:11 +02:00			`import { db, eq } from "@homarr/db";`
fix: mysql operations not working (#1728) 2024-12-19 16:10:22 +01:00			`import { apiKeys } from "@homarr/db/schema";`
feat: add api keys (#991) * feat: add api keys * chore: address pull request feedback --------- Co-authored-by: Meier Lukas <meierschlumpf@gmail.com> 2024-10-05 16:18:31 +02:00
			`import { createTRPCRouter, permissionRequiredProcedure } from "../trpc";`

			`export const apiKeysRouter = createTRPCRouter({`
			`getAll: permissionRequiredProcedure.requiresPermission("admin").query(() => {`
			`return db.query.apiKeys.findMany({`
			`columns: {`
			`id: true,`
			`apiKey: false,`
			`salt: false,`
			`},`
			`with: {`
			`user: {`
			`columns: {`
			`id: true,`
			`name: true,`
			`image: true,`
			`},`
			`},`
			`},`
			`});`
			`}),`
			`create: permissionRequiredProcedure.requiresPermission("admin").mutation(async ({ ctx }) => {`
			`const salt = await createSaltAsync();`
			`const randomToken = generateSecureRandomToken(64);`
			`const hashedRandomToken = await hashPasswordAsync(randomToken, salt);`
fix: api keys authentication does not work #1511 (#1512) * fix: api keys authentication does not work #1511 * chore: add ip and user-agent to logs of unauthenticated api-keys 2024-11-20 21:55:04 +01:00			`const id = createId();`
feat: add api keys (#991) * feat: add api keys * chore: address pull request feedback --------- Co-authored-by: Meier Lukas <meierschlumpf@gmail.com> 2024-10-05 16:18:31 +02:00			`await db.insert(apiKeys).values({`
fix: api keys authentication does not work #1511 (#1512) * fix: api keys authentication does not work #1511 * chore: add ip and user-agent to logs of unauthenticated api-keys 2024-11-20 21:55:04 +01:00			`id,`
feat: add api keys (#991) * feat: add api keys * chore: address pull request feedback --------- Co-authored-by: Meier Lukas <meierschlumpf@gmail.com> 2024-10-05 16:18:31 +02:00			`apiKey: hashedRandomToken,`
			`salt,`
			`userId: ctx.session.user.id,`
			`});`
			`return {`
fix: api keys authentication does not work #1511 (#1512) * fix: api keys authentication does not work #1511 * chore: add ip and user-agent to logs of unauthenticated api-keys 2024-11-20 21:55:04 +01:00			apiKey: `${id}.${randomToken}`,
feat: add api keys (#991) * feat: add api keys * chore: address pull request feedback --------- Co-authored-by: Meier Lukas <meierschlumpf@gmail.com> 2024-10-05 16:18:31 +02:00			`};`
			`}),`
feat: add api key delete (#2210) Co-authored-by: Meier Lukas <meierschlumpf@gmail.com> 2025-02-04 17:14:15 +01:00			`delete: permissionRequiredProcedure`
			`.requiresPermission("admin")`
			`.input(z.object({ apiKeyId: z.string() }))`
			`.mutation(async ({ ctx, input }) => {`
			`await ctx.db.delete(apiKeys).where(eq(apiKeys.id, input.apiKeyId)).limit(1);`
			`}),`
feat: add api keys (#991) * feat: add api keys * chore: address pull request feedback --------- Co-authored-by: Meier Lukas <meierschlumpf@gmail.com> 2024-10-05 16:18:31 +02:00			`});`