FEATURE: Overhaul of admin API key system (#8284)

- Allow revoking keys without deleting them - Auto-revoke keys after a period of no use (default 6 months) - Allow multiple keys per user - Allow attaching a description to each key, for easier auditing - Log changes to keys in the staff action log - Move all key management to one place, and improve the UI
2025-02-25 18:55:32 -06:00 · 2019-11-05 14:10:23 +00:00
parent fa2c06da93
commit 52c5cf33f8
46 changed files with 863 additions and 395 deletions
--- a/config/locales/client.en.yml
+++ b/config/locales/client.en.yml
@@ -3315,18 +3315,30 @@ en:
        none: "There are no active API keys right now."
        user: "User"
        title: "API"
-        key: "API Key"
+        key: "Key"
        created: Created
+        updated: Updated
        last_used: Last Used
        never_used: (never)
        generate: "Generate"
-        regenerate: "Regenerate"
+        undo_revoke: "Undo Revoke"
        revoke: "Revoke"
-        confirm_regen: "Are you sure you want to replace that API Key with a new one?"
-        confirm_revoke: "Are you sure you want to revoke that key?"
-        info_html: "Your API key will allow you to create and update topics using JSON calls."
        all_users: "All Users"
-        note_html: "Keep this key <strong>secret</strong>, all users that have it may create arbitrary posts as any user."
+        active_keys: "Active API Keys"
+        manage_keys: Manage Keys
+        show_details: Details
+        description: Description
+        no_description: (no description)
+        all_api_keys: All API Keys
+        user_mode: User Level
+        impersonate_all_users: Impersonate any user
+        single_user: "Single User"
+        user_placeholder: Enter username
+        description_placeholder: What will this key be used for?
+        save: Save
+        new_key: New API Key
+        revoked: Revoked
+        delete: Permenantly Delete

      web_hooks:
        title: "Webhooks"
@@ -3918,6 +3930,9 @@ en:
            change_theme_setting: "change theme setting"
            disable_theme_component: "disable theme component"
            enable_theme_component: "enable theme component"
+            api_key_create: "api key create"
+            api_key_update: "api key update"
+            api_key_destroy: "api key destroy"
        screened_emails:
          title: "Screened Emails"
          description: "When someone tries to create a new account, the following email addresses will be checked and the registration will be blocked, or some other action performed."
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -2078,6 +2078,7 @@ en:

    retain_web_hook_events_period_days: "Number of days to retain web hook event records."
    retry_web_hook_events: "Automatically retry failed web hook events for 4 times. Time gaps between the retries are 1, 5, 25 and 125 minutes."
+    revoke_api_keys_days: "Number of days before an unused API key is automatically revoked (0 for never)"

    allow_user_api_keys: "Allow generation of user API keys"
    allow_user_api_key_scopes: "List of scopes allowed for user API keys"
@@ -4572,6 +4573,12 @@ en:
    user_merged: "%{username} was merged into this account"
    user_delete_self: "Deleted by self from %{url}"
    webhook_deactivation_reason: "Your webhook has been automatically deactivated. We received multiple '%{status}' HTTP status failure responses."
+    api_key:
+      automatic_revoked:
+        one: "Automatically revoked, last activity more than %{count} day ago"
+        other: "Automatically revoked, last activity more than %{count} days ago"
+      revoked: Revoked
+      restored: Restored

  reviewables:
    priorities: