feat: api

website/src/lib/server/api-auth.ts

@@ -0,0 +1,20 @@
+import { auth } from "$lib/auth";
+import { error } from "@sveltejs/kit";
+
+export async function verifyApiKeyAndGetUser(request: Request) {
+    const authHeader = request.headers.get('Authorization');
+    if (!authHeader?.startsWith('Bearer ')) {
+        throw error(401, 'API key required. Use Authorization: Bearer <api-key>');
+    }
+
+    const apiKeyStr = authHeader.substring(7);
+    const { valid, error: verifyError, key } = await auth.api.verifyApiKey({
+        body: { key: apiKeyStr }
+    });
+
+    if (verifyError || !valid || !key) {
+        throw error(401, 'Invalid API key');
+    }
+
+    return key.userId;
+}

website/src/lib/server/db/schema.ts

@@ -274,4 +274,30 @@ export const notifications = pgTable("notification", {
 		isReadIdx: index("notification_is_read_idx").on(table.isRead),
 		createdAtIdx: index("notification_created_at_idx").on(table.createdAt),
 	};
-});
+});
+
+export const apikey = pgTable("apikey", {
+	id: serial("id").primaryKey(),
+	name: text('name'),
+	start: text('start'),
+	prefix: text('prefix'),
+	key: text('key').notNull(),
+	userId: integer('user_id').notNull().references(() => user.id, { onDelete: 'cascade' }),
+	refillInterval: integer('refill_interval'),
+	refillAmount: integer('refill_amount'),
+	lastRefillAt: timestamp('last_refill_at'),
+	enabled: boolean('enabled'),
+	rateLimitEnabled: boolean('rate_limit_enabled'),
+	rateLimitTimeWindow: integer('rate_limit_time_window'),
+	rateLimitMax: integer('rate_limit_max'),
+	requestCount: integer('request_count'),
+	remaining: integer('remaining'),
+	lastRequest: timestamp('last_request'),
+	expiresAt: timestamp('expires_at'),
+	createdAt: timestamp('created_at').notNull(),
+	updatedAt: timestamp('updated_at').notNull(),
+	permissions: text('permissions'),
+	metadata: text('metadata')
+}, (table) => ({
+	userIdx: index("idx_apikey_user").on(table.userId)
+}));