Package dev.dokimos.server.service

Class ApiKeyService

java.lang.Object
dev.dokimos.server.service.ApiKeyService
@Service public class ApiKeyService extends Object
Mints and manages scoped API keys. A raw key is generated from a CSPRNG, returned to the caller once, and stored only as a SHA-256 hash. Reads and revocation operate on the hashed records and never expose key material.

  • Constructor Details

  • Method Details

    • create

      @Transactional public CreatedApiKeyView create(CreateApiKeyRequest request)
      Generates a key, stores its hash, and returns the raw key exactly once.
      Parameters:
      request - the key definition
      Returns:
      the created key's metadata plus the raw key (the only time it is exposed)

    • list

      @Transactional(readOnly=true) public List<ApiKeyView> list()
      Lists every key as metadata only; key material is never included.

    • disable

      @Transactional public ApiKeyView disable(UUID id)
      Disables a key so future authentication attempts with it are rejected, keeping its record for audit. Disabling an already-disabled key is a no-op.
      Parameters:
      id - the key to disable
      Returns:
      the updated metadata
      Throws:
      IllegalArgumentException - if no key has the id (mapped to 404)

    • delete

      @Transactional public void delete(UUID id)
      Permanently deletes a key.
      Parameters:
      id - the key to delete
      Throws:
      IllegalArgumentException - if no key has the id (mapped to 404)