Files
AstrBot/astrbot/dashboard/api/api_keys.py
Weilong Liao 0d8e8682db refactor(core): migrate backend backbone from Quart to FastAPI and introduce more OpenAPI (#8688)
* refactor: migrate to fastapi

* structure refactor

* fix: pyright fix

* refactor: improve error handling and public messages in plugin services

* feat(api): refactor API client integration and enhance request handling

- Updated API client configuration to use a dedicated HTTP client.
- Introduced utility functions for generating options, queries, and form data for API requests.
- Refactored multiple API methods to utilize the new utility functions for improved consistency and readability.
- Renamed types for clarity and updated import statements accordingly.

feat(docs): add script to update OpenAPI JSON from YAML spec

- Created a Python script to convert OpenAPI YAML specification to JSON format.
- The script supports customizable input and output paths.
- Ensured the script handles directory creation for output paths and validates the YAML structure.

* fix

* feat(auth): implement rate limiting for v1 login endpoint and enhance request handling

* Refactor dashboard API routers to use legacy_router for backward compatibility

- Changed all instances of dashboard_router to legacy_router across multiple API modules including platform, plugins, providers, sessions, skills, stats, subagents, t2i, tools, updates, and asgi_runtime.
- Updated route definitions to ensure existing endpoints remain functional under the new router structure.
- Introduced support for Quart request context in asgi_runtime to enhance compatibility with existing Quart-based plugins.
- Added a test case to validate the functionality of the new Quart request context handling in plugin extensions.

* chore: remove cli test

* fix: update dashboard tests for fastapi migration

* chore: satisfy ruff checks

* fix: update openapi api key scopes

* fix: sync config scope chip selection

* fix: restore quart dependency

* docs: clarify quart plugin api compatibility

* docs: update openapi scope documentation

* fix: use singular skill openapi scope

* fix: hide update service exception details

* fix: address fastapi review comments

* fix: address dashboard review findings

* docs: revert unrelated package deployment changes

* docs: update agent api generation guidance

* feat: add plugin page web api helpers

* docs: add plugin page bridge demo

* fix: type plugin upload files

* fix: stabilize plugin page uploads

* fix: type plugin web request proxy

* docs: remove plugin page docs example

* fix: authenticate plugin page SSE bridge
2026-06-14 15:03:26 +08:00

148 lines
4.0 KiB
Python

from __future__ import annotations
from fastapi import APIRouter, Depends, Request
from astrbot.dashboard.responses import ApiError, ok
from astrbot.dashboard.schemas import ApiKeyCreateRequest, ApiKeyIdRequest
from astrbot.dashboard.services.api_key_service import (
ApiKeyService,
ApiKeyServiceError,
)
from .auth import AuthContext, require_dashboard_user, require_scope
router = APIRouter(tags=["API Keys"])
legacy_router = APIRouter(
prefix="/api/apikey",
tags=["Dashboard API Keys"],
include_in_schema=False,
)
async def require_system_scope(request: Request) -> AuthContext:
return await require_scope(request, "system")
def get_service(request: Request) -> ApiKeyService:
return request.app.state.services.api_keys
def _payload_dict(payload: ApiKeyCreateRequest) -> dict:
return payload.model_dump(exclude_none=True)
def _raise_api_key_error(exc: ApiKeyServiceError) -> None:
raise ApiError(str(exc)) from exc
async def _list_api_keys(service: ApiKeyService):
try:
return ok(await service.list_api_keys())
except ApiKeyServiceError as exc:
_raise_api_key_error(exc)
async def _create_api_key(
payload: ApiKeyCreateRequest,
*,
created_by: str,
service: ApiKeyService,
):
try:
return ok(
await service.create_api_key(
_payload_dict(payload),
created_by=created_by,
)
)
except ApiKeyServiceError as exc:
_raise_api_key_error(exc)
async def _revoke_api_key(key_id: str, service: ApiKeyService):
try:
if not await service.revoke_api_key(key_id):
raise ApiKeyServiceError("API key not found")
return ok()
except ApiKeyServiceError as exc:
_raise_api_key_error(exc)
async def _delete_api_key(key_id: str, service: ApiKeyService):
try:
if not await service.delete_api_key(key_id):
raise ApiKeyServiceError("API key not found")
return ok()
except ApiKeyServiceError as exc:
_raise_api_key_error(exc)
@router.get("/api-keys")
async def list_api_keys(
_auth: AuthContext = Depends(require_system_scope),
service: ApiKeyService = Depends(get_service),
):
return await _list_api_keys(service)
@router.post("/api-keys")
async def create_api_key(
payload: ApiKeyCreateRequest,
auth: AuthContext = Depends(require_system_scope),
service: ApiKeyService = Depends(get_service),
):
return await _create_api_key(payload, created_by=auth.username, service=service)
@router.post("/api-keys/{key_id}/revoke")
async def revoke_api_key(
key_id: str,
_auth: AuthContext = Depends(require_system_scope),
service: ApiKeyService = Depends(get_service),
):
return await _revoke_api_key(key_id, service)
@router.delete("/api-keys/{key_id}")
async def delete_api_key(
key_id: str,
_auth: AuthContext = Depends(require_system_scope),
service: ApiKeyService = Depends(get_service),
):
return await _delete_api_key(key_id, service)
@legacy_router.get("/list")
async def list_dashboard_api_keys(
_username: str = Depends(require_dashboard_user),
service: ApiKeyService = Depends(get_service),
):
return await _list_api_keys(service)
@legacy_router.post("/create")
async def create_dashboard_api_key(
payload: ApiKeyCreateRequest,
username: str = Depends(require_dashboard_user),
service: ApiKeyService = Depends(get_service),
):
return await _create_api_key(payload, created_by=username, service=service)
@legacy_router.post("/revoke")
async def revoke_dashboard_api_key(
payload: ApiKeyIdRequest,
_username: str = Depends(require_dashboard_user),
service: ApiKeyService = Depends(get_service),
):
return await _revoke_api_key(payload.key_id, service)
@legacy_router.post("/delete")
async def delete_dashboard_api_key(
payload: ApiKeyIdRequest,
_username: str = Depends(require_dashboard_user),
service: ApiKeyService = Depends(get_service),
):
return await _delete_api_key(payload.key_id, service)