feat: Auto Read-only API-Key bei Kunden-Erstellung

- createCustomer erstellt automatisch einen customer-scoped Read-only Key
- Response gibt Customer + neuen API-Key zurueck
- Bestehende 4 Kunden Keys nachtraglich erstellt
This commit is contained in:
cynfo3000 2026-03-09 23:56:47 +01:00
parent f658f3c4db
commit 15ad9be8e7

View File

@ -1,11 +1,28 @@
package api
import (
"crypto/rand"
"encoding/hex"
"encoding/json"
"fmt"
"log"
"net/http"
"strconv"
"github.com/cynfo/rmm-backend/db"
)
// generateCustomerAPIKey erstellt automatisch einen Read-only Key fuer einen Kunden
func generateCustomerAPIKey(database *db.Database, customerID int, number, name string) (*db.APIKey, error) {
b := make([]byte, 16)
if _, err := rand.Read(b); err != nil {
return nil, err
}
key := hex.EncodeToString(b)
keyName := fmt.Sprintf("Read-only — %s %s", number, name)
return database.CreateAPIKey(keyName, key, "read", &customerID)
}
// GET /api/v1/customers
func (h *Handler) listCustomers(w http.ResponseWriter, r *http.Request) {
customers, err := h.db.GetCustomers()
@ -31,8 +48,22 @@ func (h *Handler) createCustomer(w http.ResponseWriter, r *http.Request) {
writeError(w, http.StatusInternalServerError, "Kunde anlegen fehlgeschlagen")
return
}
// Automatisch einen Read-only API-Key fuer den neuen Kunden erstellen
apiKey, keyErr := generateCustomerAPIKey(h.db, c.ID, req.Number, req.Name)
if keyErr != nil {
log.Printf("Auto-API-Key fuer Kunde %s fehlgeschlagen: %v", req.Number, keyErr)
}
h.auditLog(r, "customer.create", "customer", req.Number, req.Name, "")
writeJSON(w, http.StatusCreated, c)
resp := map[string]interface{}{
"customer": c,
}
if apiKey != nil {
resp["api_key"] = apiKey
}
writeJSON(w, http.StatusCreated, resp)
}
// GET /api/v1/customers/{id}