use api key instead of project secret

2026-04-29 10:26:23 +02:00 · 2025-01-27 10:59:07 +05:30 · 2025-01-27 10:59:07 +05:30 · e3576489e3
commit e3576489e3
parent 83591a690d
5 changed files with 29 additions and 24 deletions
--- a/apps/python-sdk/pyproject.toml
+++ b/apps/python-sdk/pyproject.toml
@ -4,7 +4,7 @@ build-backend = "hatchling.build"

 [project]
 name = "rowboat"
-version = "0.2.1"
+version = "1.0.0"
 authors = [
    { name = "Your Name", email = "your.email@example.com" },
 ]
--- a/apps/python-sdk/src/rowboat/client.py
+++ b/apps/python-sdk/src/rowboat/client.py
@ -14,11 +14,11 @@ from .schema import (


 class Client:
-    def __init__(self, host: str, project_id: str, project_secret: str) -> None:
+    def __init__(self, host: str, project_id: str, api_key: str) -> None:
        self.base_url: str = f'{host}/api/v1/{project_id}/chat'
        self.headers: Dict[str, str] = {
            'Content-Type': 'application/json',
-            'Authorization': f'Bearer {project_secret}'
+            'Authorization': f'Bearer {api_key}'
        }

    def _call_api(
@ -167,8 +167,8 @@ def weather_lookup_tool(city_name: str) -> str:
 if __name__ == "__main__":
    host: str = "<HOST>"
    project_id: str = "<PROJECT_ID>"
-    project_secret: str = "<PROJECT_SECRET>"
-    client = Client(host, project_id, project_secret)
+    api_key: str = "<API_KEY>"
+    client = Client(host, project_id, api_key)

    tools: Dict[str, Callable[..., str]] = {
        'weather_lookup': weather_lookup_tool
--- a/apps/rowboat/app/api/v1/utils.ts
+++ b/apps/rowboat/app/api/v1/utils.ts
@ -1,22 +1,26 @@
 import { NextRequest } from "next/server";
-import { projectsCollection } from "@/app/lib/mongodb";
+import { apiKeysCollection, projectsCollection } from "@/app/lib/mongodb";

 export async function authCheck(projectId: string, req: NextRequest, handler: () => Promise<Response>): Promise<Response> {
    const authHeader = req.headers.get('Authorization');
    if (!authHeader?.startsWith('Bearer ')) {
        return Response.json({ error: "Authorization header must be a Bearer token" }, { status: 400 });
    }
-    const token = authHeader.split(' ')[1];
-    if (!token) {
+    const key = authHeader.split(' ')[1];
+    if (!key) {
        return Response.json({ error: "Missing API key in request" }, { status: 400 });
    }

-    // check the key in project settings
-    const project = await projectsCollection.findOne({
-        _id: projectId,
-        secret: token,
-    });
-    if (!project) {
+    // check if api key is valid
+    // while also updating last used timestamp
+    const result = await apiKeysCollection.findOneAndUpdate(
+        {
+            projectId,
+            key,
+        },
+        { $set: { lastUsedAt: new Date().toISOString() } }
+    );
+    if (!result) {
        return Response.json({ error: "Invalid API key" }, { status: 403 });
    }
    
--- a/apps/rowboat/app/projects/[projectId]/config/app.tsx
+++ b/apps/rowboat/app/projects/[projectId]/config/app.tsx
@ -7,6 +7,9 @@ import { getProjectConfig, updateProjectName, updateWebhookUrl, createApiKey, de
 import { CopyButton } from "@/app/lib/components/copy-button";
 import { EditableField } from "@/app/lib/components/editable-field";
 import { EyeIcon, EyeOffIcon, CopyIcon, MoreVerticalIcon, PlusIcon, EllipsisVerticalIcon } from "lucide-react";
+import { WithStringId, ApiKey } from "@/app/lib/types";
+import { z } from "zod";
+import { RelativeTime } from "@primer/react";

 export const metadata: Metadata = {
    title: "Project config",
@ -142,11 +145,7 @@ export function ApiKeysSection({
 }: {
    projectId: string;
 }) {
-    const [keys, setKeys] = useState<Array<{
-        _id: string;
-        key: string;
-        createdAt: string;
-    }>>([]);
+    const [keys, setKeys] = useState<WithStringId<z.infer<typeof ApiKey>>[]>([]);
    const [loading, setLoading] = useState(true);
    const [message, setMessage] = useState<{
        type: 'success' | 'error' | 'info';
@ -254,9 +253,11 @@ export function ApiKeysSection({
                                <ApiKeyDisplay apiKey={key.key} />
                            </div>
                            <div className="flex-1 p-2">
-                                {new Date(key.createdAt).toLocaleDateString()}
+                                <RelativeTime date={new Date(key.createdAt)} />
+                            </div>
+                            <div className="flex-1 p-2">
+                                {key.lastUsedAt ? <RelativeTime date={new Date(key.lastUsedAt)} /> : 'Never'}
                            </div>
-                            <div className="flex-1 p-2">Never</div>
                            <div className="w-10 p-2">
                                <Dropdown>
                                    <DropdownTrigger>