feat(api): expand API endpoints for repo, PR, user, workspace management

- Add git operation endpoints: archive, compare branches, diff, tree, repository extras - Add repo endpoints: contributors, delete fork, get branch/commit status/deploy key/invitation/member/release/tag/webhook, topics, release assets, webhook deliveries/retry - Add PR endpoints: review requests, templates - Add user endpoints: block/unblock, follow/unfollow, presence, personal access tokens, account restore - Add workspace endpoints: billing history, approvals, domains, integrations, invitations, members, webhooks, restore - Add internal API, notification API, IM API modules - Update route configuration and OpenAPI spec
2026-06-10 18:49:27 +08:00
parent 4586b79cb8
commit cec6dce955
161 changed files with 7522 additions and 349 deletions
@@ -0,0 +1,72 @@
+use actix_web::{HttpResponse, web};
+use serde::{Deserialize, Serialize};
+
+use crate::api::response::ApiResponse;
+use crate::error::AppError;
+use crate::service::AppService;
+use crate::session::Session;
+
+#[derive(Debug, Deserialize, utoipa::ToSchema)]
+pub struct IssueApiKeyRequest {
+    pub service_name: String,
+    pub scopes: Vec<String>,
+    pub ttl_hours: Option<u64>,
+}
+
+#[derive(Debug, Serialize, utoipa::ToSchema)]
+pub struct IssueApiKeyResponse {
+    pub api_key: String,
+    pub service_name: String,
+    pub service_id: String,
+    pub scopes: Vec<String>,
+    pub expires_at: i64,
+}
+
+#[utoipa::path(
+    post,
+    path = "/api/v1/internal/api-keys",
+    tag = "Internal",
+    operation_id = "internalIssueApiKey",
+    request_body = IssueApiKeyRequest,
+    responses(
+        (status = 200, description = "API key issued", body = ApiResponse<IssueApiKeyResponse>),
+        (status = 401, description = "Authentication required"),
+        (status = 403, description = "Admin permission required"),
+    ),
+    security(("session_cookie" = []))
+)]
+pub async fn issue_api_key(
+    session: Session,
+    service: web::Data<AppService>,
+    body: web::Json<IssueApiKeyRequest>,
+) -> Result<HttpResponse, AppError> {
+    let user_uid = session.user().ok_or(AppError::Unauthorized)?;
+
+    let is_owner: bool = sqlx::query_scalar(
+        "SELECT EXISTS(SELECT 1 FROM workspace WHERE owner_id = $1 AND deleted_at IS NULL)",
+    )
+    .bind(user_uid)
+    .fetch_one(service.ctx.db.reader())
+    .await
+    .map_err(AppError::Database)?;
+
+    if !is_owner {
+        return Err(AppError::Forbidden(
+            "workspace owner permission required".into(),
+        ));
+    }
+
+    let ttl_secs = body.ttl_hours.map(|h| h * 3600);
+    let (api_key, identity) = service
+        .internal_auth
+        .issue_api_key(&body.service_name, body.scopes.clone(), ttl_secs)
+        .await?;
+
+    Ok(HttpResponse::Ok().json(ApiResponse::new(IssueApiKeyResponse {
+        api_key,
+        service_name: identity.service_name,
+        service_id: identity.service_id,
+        scopes: identity.scopes,
+        expires_at: identity.expires_at,
+    })))
+}