feat: Add versioned /api/v1 endpoints with secure auth, credit tracking, and usage auditing

app/actions/auth.ts

@@ -1,8 +1,8 @@
-'use server';
+"use server";
 
-import { signOut } from '@workos-inc/authkit-nextjs';
-import { requireAuth } from '@/lib/auth';
-import { getOrganizationById } from '@/lib/queries/organizations';
+import { signOut } from "@workos-inc/authkit-nextjs";
+import { requireAuth } from "@/lib/auth";
+import { getOrganizationById } from "@/lib/queries/organizations";
 
 /**
  * Server action to handle user sign out
@@ -19,4 +19,3 @@ export async function getCreditBalance(): Promise<number> {
   const organization = await getOrganizationById(user.organization_id);
   return organization?.credit_balance || 0;
 }
-

app/actions/conversations.ts

@@ -1,14 +1,14 @@
-'use server';
+"use server";
 
-import { revalidatePath } from 'next/cache';
-import { requireAuth } from '@/lib/auth';
+import { revalidatePath } from "next/cache";
+import { requireAuth } from "@/lib/auth";
 import {
   createConversation,
   updateConversation,
   deleteConversation,
   listConversationsByUser,
   getConversationWithMessages,
-} from '@/lib/queries/conversations';
+} from "@/lib/queries/conversations";
 
 export async function createConversationAction(data: {
   title: string;
@@ -21,16 +21,16 @@ export async function createConversationAction(data: {
     model: data.model,
     organization_id: user.organization_id,
     user_id: user.id,
-    status: 'active',
+    status: "active",
   });
 
-  revalidatePath('/dashboard/text');
+  revalidatePath("/dashboard/text");
   return { success: true, conversation };
 }
 
 export async function updateConversationTitleAction(
   conversationId: string,
-  title: string
+  title: string,
 ) {
   await requireAuth();
 
@@ -39,10 +39,10 @@ export async function updateConversationTitleAction(
   });
 
   if (!conversation) {
-    return { success: false, error: 'Conversation not found' };
+    return { success: false, error: "Conversation not found" };
   }
 
-  revalidatePath('/dashboard/text');
+  revalidatePath("/dashboard/text");
   return { success: true, conversation };
 }
 
@@ -51,15 +51,15 @@ export async function deleteConversationAction(conversationId: string) {
 
   await deleteConversation(conversationId);
 
-  revalidatePath('/dashboard/text');
+  revalidatePath("/dashboard/text");
   return { success: true };
 }
 
 export async function listUserConversationsAction() {
   const user = await requireAuth();
 
   const conversations = await listConversationsByUser(user.id, {
-    status: 'active',
+    status: "active",
     limit: 50,
   });
 
@@ -72,7 +72,7 @@ export async function getConversationAction(conversationId: string) {
   const conversation = await getConversationWithMessages(conversationId);
 
   if (!conversation) {
-    return { success: false, error: 'Conversation not found' };
+    return { success: false, error: "Conversation not found" };
   }
 
   return { success: true, conversation };

app/api/fal/proxy/route.ts

@@ -0,0 +1,3 @@
+import { route } from "@fal-ai/server-proxy/nextjs";
+
+export const { GET, POST } = route;

app/api/v1/api-keys/[id]/regenerate/route.ts

@@ -0,0 +1,66 @@
+import { NextRequest, NextResponse } from "next/server";
+import { requireAuth } from "@/lib/auth";
+import {
+  getApiKeyById,
+  updateApiKey,
+  generateApiKey,
+} from "@/lib/queries/api-keys";
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> },
+) {
+  try {
+    const user = await requireAuth();
+    const { id } = await params;
+
+    const existingKey = await getApiKeyById(id);
+
+    if (!existingKey) {
+      return NextResponse.json({ error: "API key not found" }, { status: 404 });
+    }
+
+    if (existingKey.organization_id !== user.organization_id) {
+      return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+    }
+
+    const { key: newKey, hash: newHash, prefix: newPrefix } = generateApiKey();
+
+    const updatedKey = await updateApiKey(id, {
+      key: newKey,
+      key_hash: newHash,
+      key_prefix: newPrefix,
+      updated_at: new Date(),
+    });
+
+    if (!updatedKey) {
+      return NextResponse.json(
+        { error: "Failed to regenerate API key" },
+        { status: 500 },
+      );
+    }
+
+    return NextResponse.json(
+      {
+        apiKey: {
+          id: updatedKey.id,
+          name: updatedKey.name,
+          description: updatedKey.description,
+          key_prefix: updatedKey.key_prefix,
+          created_at: updatedKey.created_at,
+          permissions: updatedKey.permissions,
+          rate_limit: updatedKey.rate_limit,
+          expires_at: updatedKey.expires_at,
+        },
+        plainKey: newKey,
+      },
+      { status: 200 },
+    );
+  } catch (error) {
+    console.error("Error regenerating API key:", error);
+    return NextResponse.json(
+      { error: "Failed to regenerate API key" },
+      { status: 500 },
+    );
+  }
+}

app/api/v1/api-keys/[id]/route.ts

@@ -0,0 +1,108 @@
+import { NextRequest, NextResponse } from "next/server";
+import { requireAuth } from "@/lib/auth";
+import {
+  getApiKeyById,
+  deleteApiKey,
+  updateApiKey,
+} from "@/lib/queries/api-keys";
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> },
+) {
+  try {
+    const user = await requireAuth();
+    const { id } = await params;
+
+    const existingKey = await getApiKeyById(id);
+
+    if (!existingKey) {
+      return NextResponse.json({ error: "API key not found" }, { status: 404 });
+    }
+
+    if (existingKey.organization_id !== user.organization_id) {
+      return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+    }
+
+    await deleteApiKey(id);
+
+    return NextResponse.json({ success: true }, { status: 200 });
+  } catch (error) {
+    console.error("Error deleting API key:", error);
+    return NextResponse.json(
+      { error: "Failed to delete API key" },
+      { status: 500 },
+    );
+  }
+}
+
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> },
+) {
+  try {
+    const user = await requireAuth();
+    const { id } = await params;
+
+    const existingKey = await getApiKeyById(id);
+
+    if (!existingKey) {
+      return NextResponse.json({ error: "API key not found" }, { status: 404 });
+    }
+
+    if (existingKey.organization_id !== user.organization_id) {
+      return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+    }
+
+    const body = await request.json();
+    const {
+      name,
+      description,
+      permissions,
+      rate_limit,
+      is_active,
+      expires_at,
+    } = body;
+
+    const updatedKey = await updateApiKey(id, {
+      ...(name !== undefined && { name }),
+      ...(description !== undefined && { description }),
+      ...(permissions !== undefined && { permissions }),
+      ...(rate_limit !== undefined && { rate_limit }),
+      ...(is_active !== undefined && { is_active }),
+      ...(expires_at !== undefined && {
+        expires_at: expires_at ? new Date(expires_at) : null,
+      }),
+    });
+
+    if (!updatedKey) {
+      return NextResponse.json(
+        { error: "Failed to update API key" },
+        { status: 500 },
+      );
+    }
+
+    return NextResponse.json(
+      {
+        apiKey: {
+          id: updatedKey.id,
+          name: updatedKey.name,
+          description: updatedKey.description,
+          key_prefix: updatedKey.key_prefix,
+          created_at: updatedKey.created_at,
+          permissions: updatedKey.permissions,
+          rate_limit: updatedKey.rate_limit,
+          is_active: updatedKey.is_active,
+          expires_at: updatedKey.expires_at,
+        },
+      },
+      { status: 200 },
+    );
+  } catch (error) {
+    console.error("Error updating API key:", error);
+    return NextResponse.json(
+      { error: "Failed to update API key" },
+      { status: 500 },
+    );
+  }
+}