erik/slugkit
1
0
Fork 0
Code Issues 6 Pull requests Projects Releases 6 Packages Wiki Activity Actions

Add admin API key management UI #59

Merged
erik merged 1 commit from feat/task-931b710f-admin-api-key-ui into main 2026-05-22 14:02:42 -05:00
Conversation 1 Commits 1 Files changed 5 +372 -1
erik commented 2026-05-22 14:00:41 -05:00
Owner
Copy link

Summary

  • Add protected /admin/api-keys list/create UI.
  • Add protected API key creation action that shows the raw key only in the creation response.
  • Add protected API key revocation action.
  • Keep list views metadata-only with no raw keys or hashes.
  • Add tests for anonymous access protection, metadata redaction, one-time raw key display, revocation, and revoked-key verification failure.

Testing

  • make check
  • ./scripts/pre-pr.sh

Task: #task-931b710f

## Summary - Add protected `/admin/api-keys` list/create UI. - Add protected API key creation action that shows the raw key only in the creation response. - Add protected API key revocation action. - Keep list views metadata-only with no raw keys or hashes. - Add tests for anonymous access protection, metadata redaction, one-time raw key display, revocation, and revoked-key verification failure. ## Testing - `make check` - `./scripts/pre-pr.sh` Task: #task-931b710f
feat: add admin API key UI
All checks were successful
CI / build-lint-test (pull_request) Successful in 24s
Details
9f2de7837f 
Task: #task-931b710f
erik commented 2026-05-22 14:01:50 -05:00
Author
Owner
Copy link

PR Review: Approved

Summary

Reviewed PR #59 at commit 9f2de78. The PR adds the protected admin API key management UI: authenticated owners can list API key metadata, create a key and see the raw key only in the creation response, and revoke keys. Anonymous access redirects to login, list views avoid raw keys and hashes, and revocation prevents future API key verification.

Acceptance Criteria

  • Authenticated site owner can create an API key and copy the raw key once.
  • API key list shows metadata only and does not expose raw keys or hashes.
  • Anonymous users cannot access API key management pages or actions.
  • Site owner can revoke an API key.
  • Revoked keys can no longer authenticate protected API requests.
  • Tests cover creation display, list redaction, revocation, anonymous access protection, and raw-key one-time display behavior.
  • Relevant lint/test checks pass — make check, ./scripts/pre-pr.sh, and Forgejo CI passed.

Blocking Issues

None.

Warnings

None.

Verdict

Approved for merge.

## PR Review: Approved ### Summary Reviewed PR #59 at commit `9f2de78`. The PR adds the protected admin API key management UI: authenticated owners can list API key metadata, create a key and see the raw key only in the creation response, and revoke keys. Anonymous access redirects to login, list views avoid raw keys and hashes, and revocation prevents future API key verification. ### Acceptance Criteria - [x] Authenticated site owner can create an API key and copy the raw key once. - [x] API key list shows metadata only and does not expose raw keys or hashes. - [x] Anonymous users cannot access API key management pages or actions. - [x] Site owner can revoke an API key. - [x] Revoked keys can no longer authenticate protected API requests. - [x] Tests cover creation display, list redaction, revocation, anonymous access protection, and raw-key one-time display behavior. - [x] Relevant lint/test checks pass — `make check`, `./scripts/pre-pr.sh`, and Forgejo CI passed. ### Blocking Issues None. ### Warnings None. ### Verdict Approved for merge.
erik merged commit c6aa85cf45 into main 2026-05-22 14:02:42 -05:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
activitypub

   
admin

   
api

   
articles

   
auth

   
bug

   
cleanup

   
cli

   
comments

   
compatibility

   
config

   
contacts

   
database

   
deployment

   
design

   
dev-env

   
docs

   
documentation

   
email

   
enhancement

   
feature

   
federation

   
feed

   
homepage

   
implementation

   
integration

   
media

   
openapi

   
priority:high

   
priority:low

   
priority:medium

   
proof

   
public-routes

   
public-ui

   
release

   
safety

   
social

   
sources

   
status:active

   
status:canceled

   
status:done

   
status:inprogress

   
status:waiting

   
syndication

   
tailwind

   
template

   
test

   
web
No labels
activitypub
admin
api
articles
auth
bug
cleanup
cli
comments
compatibility
config
contacts
database
deployment
design
dev-env
docs
documentation
email
enhancement
feature
federation
feed
homepage
implementation
integration
media
openapi
priority:high
priority:low
priority:medium
proof
public-routes
public-ui
release
safety
social
sources
status:active
status:canceled
status:done
status:inprogress
status:waiting
syndication
tailwind
template
test
web
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
erik/slugkit!59
No description provided.