Class: ApiKeys::KeysController

Inherits:
ApplicationController show all
Defined in:
app/controllers/api_keys/keys_controller.rb

Overview

Controller for managing API keys belonging to the current owner.

Instance Method Summary collapse

Instance Method Details

#createObject

POST /keys



37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
# File 'app/controllers/api_keys/keys_controller.rb', line 37

def create
  # Use the HasApiKeys helper method to create the key
  begin
    # create_api_key! now returns the ApiKey instance
    @api_key = current_api_keys_owner.create_api_key!(
      name: api_key_params[:name],
      scopes: api_key_params[:scopes],
      expires_at: parse_expiration(api_key_params[:expires_at_preset])
      # Metadata could be added here if needed
    )

    # Get the plaintext token from the instance's attr_reader
    plaintext_token = @api_key.token

    # Store the plaintext token in session to display on the show page
    session[:plaintext_api_key] = plaintext_token

    redirect_to key_path(@api_key)
  rescue ActiveRecord::RecordInvalid => e
    # If create! fails due to validation (e.g., quota exceeded)
    @api_key = e.record # Get the invalid ApiKey instance
    flash.now[:alert] = "Failed to create API key: #{e.record.errors.full_messages.join(', ')}"
    render :new, status: :unprocessable_entity
  rescue => e # Catch other potential errors
    flash.now[:alert] = "An unexpected error occurred: #{e.message}"
    @api_key = current_api_keys_owner.api_keys.build(api_key_params) # Rebuild form
    render :new, status: :unprocessable_entity
  end
end

#editObject

GET /keys/:id/edit



68
69
70
 
# File 'app/controllers/api_keys/keys_controller.rb', line 68

def edit
  # Key is set by set_api_key
end

#indexObject

GET /keys



9
10
11
12
13
14
 
# File 'app/controllers/api_keys/keys_controller.rb', line 9

def index
  # Fetch only active keys for the main list, maybe sorted by creation date
  @api_keys = current_api_keys_owner.api_keys.active.order(created_at: :desc)
  # Optionally, fetch inactive ones for a separate section or filter
  @inactive_api_keys = current_api_keys_owner.api_keys.inactive.order(created_at: :desc)
end

#newObject

GET /keys/new



32
33
34
 
# File 'app/controllers/api_keys/keys_controller.rb', line 32

def new
  @api_key = current_api_keys_owner.api_keys.build
end

#revokeObject

POST /keys/:id/revoke



83
84
85
86
87
88
89
90
 
# File 'app/controllers/api_keys/keys_controller.rb', line 83

def revoke
  if @api_key.revoke!
    redirect_to keys_path, notice: "API key revoked successfully."
  else
    # This shouldn't typically fail unless there's a callback issue
    redirect_to keys_path, alert: "Failed to revoke API key."
  end
end

#showObject

GET /keys/:id Shows the newly generated key’s plaintext token ONCE. This is not a standard show action, it’s used transiently after creation.



19
20
21
22
23
24
25
26
27
28
29
 
# File 'app/controllers/api_keys/keys_controller.rb', line 19

def show
  # Key is set by set_api_key
  # We need to retrieve the plaintext token stored temporarily
  # after creation. This relies on how we handle creation.
  # We'll likely store it in the session flash or pass it directly.
  @plaintext_token = session.delete(:plaintext_api_key) # Retrieve and delete from session
  unless @plaintext_token
    # If accessed directly without the token, redirect or show an error
    redirect_to keys_path, alert: "API key token can only be shown once immediately after creation."
  end
end

#updateObject

PATCH/PUT /keys/:id



73
74
75
76
77
78
79
80
 
# File 'app/controllers/api_keys/keys_controller.rb', line 73

def update
  if @api_key.update(api_key_update_params)
    redirect_to keys_path, notice: "API key updated successfully."
  else
    flash.now[:alert] = "Failed to update API key: #{@api_key.errors.full_messages.join(', ')}"
    render :edit, status: :unprocessable_entity
  end
end