RevokeAPIKey deletes an API key. Only the owner can revoke their own key.
(db *gorm.DB, keyID, userID string)
| 108 | |
| 109 | // RevokeAPIKey deletes an API key. Only the owner can revoke their own key. |
| 110 | func RevokeAPIKey(db *gorm.DB, keyID, userID string) error { |
| 111 | result := db.Where("id = ? AND user_id = ?", keyID, userID).Delete(&UserAPIKey{}) |
| 112 | if result.RowsAffected == 0 { |
| 113 | return fmt.Errorf("API key not found or not owned by user") |
| 114 | } |
| 115 | return result.Error |
| 116 | } |
| 117 | |
| 118 | // CleanExpiredAPIKeys removes all API keys that have passed their expiry time. |
| 119 | func CleanExpiredAPIKeys(db *gorm.DB) error { |