diff --git a/backend/api/customers.go b/backend/api/customers.go index 403731d..b3477e0 100644 --- a/backend/api/customers.go +++ b/backend/api/customers.go @@ -1,11 +1,28 @@ package api import ( + "crypto/rand" + "encoding/hex" "encoding/json" + "fmt" + "log" "net/http" "strconv" + + "github.com/cynfo/rmm-backend/db" ) +// generateCustomerAPIKey erstellt automatisch einen Read-only Key fuer einen Kunden +func generateCustomerAPIKey(database *db.Database, customerID int, number, name string) (*db.APIKey, error) { + b := make([]byte, 16) + if _, err := rand.Read(b); err != nil { + return nil, err + } + key := hex.EncodeToString(b) + keyName := fmt.Sprintf("Read-only — %s %s", number, name) + return database.CreateAPIKey(keyName, key, "read", &customerID) +} + // GET /api/v1/customers func (h *Handler) listCustomers(w http.ResponseWriter, r *http.Request) { customers, err := h.db.GetCustomers() @@ -31,8 +48,22 @@ func (h *Handler) createCustomer(w http.ResponseWriter, r *http.Request) { writeError(w, http.StatusInternalServerError, "Kunde anlegen fehlgeschlagen") return } + + // Automatisch einen Read-only API-Key fuer den neuen Kunden erstellen + apiKey, keyErr := generateCustomerAPIKey(h.db, c.ID, req.Number, req.Name) + if keyErr != nil { + log.Printf("Auto-API-Key fuer Kunde %s fehlgeschlagen: %v", req.Number, keyErr) + } + h.auditLog(r, "customer.create", "customer", req.Number, req.Name, "") - writeJSON(w, http.StatusCreated, c) + + resp := map[string]interface{}{ + "customer": c, + } + if apiKey != nil { + resp["api_key"] = apiKey + } + writeJSON(w, http.StatusCreated, resp) } // GET /api/v1/customers/{id}