- Add max_api_tokens_per_user config (default 5)
- Implement POST /api/tokens (T41): generate token with limit check
- Implement GET /api/tokens (T42): list active tokens, no values exposed
- Implement DELETE /api/tokens/{id} (T43): soft delete with ownership check
- Security: plaintext token shown ONLY at creation
- Security: SHA-256 hash stored in DB, never the plaintext
- Security: revoked tokens return 401 on public API
- 24 tests with 100% coverage on tokens router
Closes T41, T42, T43
Add statistics router with two endpoints:
- GET /api/stats/dashboard: Aggregated dashboard statistics
- Query param: days (1-365, default 30)
- Auth required
- Returns DashboardResponse
- GET /api/usage: Detailed usage statistics with filtering
- Required params: start_date, end_date
- Optional filters: api_key_id, model
- Pagination: skip, limit (max 1000)
- Auth required
- Returns List[UsageStatsResponse]
Also add get_usage_stats() service function for querying
individual usage records with filtering and pagination.
Add statistics aggregation service with 4 core functions:
- get_summary(): Aggregates total requests, cost, tokens with avg cost
- get_by_model(): Groups stats by model with percentage calculations
- get_by_date(): Groups stats by date for time series data
- get_dashboard_data(): Combines all stats for dashboard view
Features:
- SQLAlchemy queries with ApiKey join for user filtering
- Decimal precision for all monetary values
- Period calculation and percentage breakdowns
- Top models extraction
Test: 11 unit tests covering all aggregation functions
- T24: POST /api/keys with encryption and limit validation
- T25: GET /api/keys with pagination and sorting
- T26: PUT /api/keys/{id} for partial updates
- T27: DELETE /api/keys/{id} with cascade
- Add ownership verification (403 for unauthorized access)
- API key encryption with AES-256 before storage
- Never expose API key value in responses
- 100% coverage on api_keys router (25 tests)
Refs: T24 T25 T26 T27
Add POST /api/auth/register endpoint with:
- UserRegister schema validation
- Email uniqueness check
- Password hashing with bcrypt
- User creation in database
- UserResponse returned (excludes password)
Status: 201 Created on success, 400 for duplicate email, 422 for validation errors
Test coverage: 5 tests for register endpoint
- Add generate_api_token with format 'or_api_' + 48 bytes random
- Implement hash_token with SHA-256
- Add verify_api_token with timing-safe comparison (secrets.compare_digest)
- Only hash stored in DB, plaintext shown once
- 20 comprehensive tests with 100% coverage
- Handle TypeError for non-string inputs
- Create config.py with Pydantic Settings (SettingsConfigDict v2)
- Add all required configuration fields with defaults
- Create .env.example template with all environment variables
- Implement get_settings() with @lru_cache for performance
- Add test_configuration.py with 13 unit tests
- All tests passing (13/13)
Refs: T04
