lucasacchi/openrouter-watcher
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(tokens): T41-T43 implement API token management endpoints

Browse Source 
- Add max_api_tokens_per_user config (default 5)
- Implement POST /api/tokens (T41): generate token with limit check
- Implement GET /api/tokens (T42): list active tokens, no values exposed
- Implement DELETE /api/tokens/{id} (T43): soft delete with ownership check
- Security: plaintext token shown ONLY at creation
- Security: SHA-256 hash stored in DB, never the plaintext
- Security: revoked tokens return 401 on public API
- 24 tests with 100% coverage on tokens router

Closes T41, T42, T43
This commit is contained in:
Luca Sacchi Ricciardi
2026-04-07 16:58:57 +02:00
parent 5f39460510
commit 5e89674b94
6 changed files with 847 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/openrouter_monitor/config.py
View File

@@ -62,6 +62,10 @@ class Settings(BaseSettings):
default=10,
description="Maximum API keys per user"
)
max_api_tokens_per_user: int = Field(
default=5,
description="Maximum API tokens per user"
)
rate_limit_requests: int = Field(
default=100,
description="API rate limit requests"