root/navi-1

Fork: 0

root / navi-1

History for navi-1 / webclient / src / components / settings / ApiKeysPanel.vue

2026-05-24	4c72096 Browse files » Remove redundant success toast on token creation — modal is enough ... Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Eugene Sukhodolskiy committed on 24 May
	e34a0d6 Browse files » Fix ApiKeysPanel by removing GnTable wrapper — required columns/rows props were missing ... Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Eugene Sukhodolskiy committed on 24 May
	9582516 Browse files » Apply review fixes to API token auth system ... Backend: - navi/auth/deps.py: replace 3 DB round-trips with single JOIN query for token resolution; update last_used_at still separate (best-effort) - navi/api/routes/api_tokens.py: replace asyncpg-specific "UPDATE 1" string check with RETURNING id fetchrow; increase token_prefix from 8 to 12 chars for better visual identification; add security notes - tests/unit/auth/test_api_tokens.py: update tests for JOIN query and RETURNING-based revoke Frontend: - webclient/src/components/settings/ShowTokenModal.vue: new modal that shows the plain token in a readonly field with copy button and explicit warning — replaces the transient toast notification - webclient/src/components/settings/ApiKeysPanel.vue: use ShowTokenModal - webclient/src/composables/useWebSocket.js: add security comment about localStorage XSS risk and query param log exposure Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Eugene Sukhodolskiy committed on 24 May
	5de0d33 Browse files » Add API token auth system for headless/micro clients ... Backend: - navi/auth/_ddl.py: add api_tokens table with boot-time migration - navi/auth/deps.py: _resolve_user now falls back to X-Api-Token header and ?api_token query param for WebSocket auth - navi/auth/__init__.py: add ApiToken pydantic model - navi/api/routes/api_tokens.py: CRUD endpoints (POST/GET/DELETE) - navi/main.py: wire api_tokens router Frontend: - webclient/src/App.vue: add #settings hash routing - webclient/src/components/settings/: SettingsView, ApiKeysPanel, CreateKeyModal with copy-to-clipboard flow - webclient/src/api/index.js: token CRUD API functions - webclient/src/stores/apiTokens.js: Pinia store - webclient/src/components/sidebar/AppSidebar.vue: settings link - webclient/src/composables/useWebSocket.js: append ?api_token= when localStorage token is present Tests: - tests/unit/auth/test_api_tokens.py: 10 unit tests covering token resolution (header + query param), revoke, missing/revoked tokens, orphan users, and CRUD endpoints Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Eugene Sukhodolskiy committed on 24 May