Improve API token format and enhance auth status command

- Change token format to reviq_<base58> prefix instead of raw hex - Add me.authStatus API endpoint for detailed auth information - Enhance CLI `reviq auth status` to show token details from API - Add comprehensive tests for token generation (18 tests) - Extract bootstrap logic to @reviq/db for reusability and testing - Remove default db export; callers must use createDb() directly Token changes: - New format: reviq_<base58-encoded-32-bytes> - Added parseToken() for validation - Added isValidTokenFormat() helper Auth status endpoint returns: - User profile information - Auth method (api_token or session) - Token/session details (name, expiration, last used) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-09 17:59:02 +08:00
parent df9b8808d0
commit 6b9b04d1d0
20 changed files with 764 additions and 125 deletions
--- a/apps/api-server/src/context.ts
+++ b/apps/api-server/src/context.ts
@@ -44,6 +44,33 @@ export interface Session {
  createdAt: Date;
 }

+/**
+ * API token authentication info
+ */
+export interface ApiTokenAuth {
+  method: "api_token";
+  tokenId: string;
+  tokenName: string;
+  expiresAt: Date;
+  lastUsedAt: Date | null;
+  createdAt: Date;
+}
+
+/**
+ * Session authentication info
+ */
+export interface SessionAuth {
+  method: "session";
+  sessionId: string;
+  expiresAt: Date;
+  createdAt: Date;
+}
+
+/**
+ * Union type for authentication method info
+ */
+export type AuthInfo = ApiTokenAuth | SessionAuth;
+
 /**
 * Authenticated API context for protected handlers
 */
@@ -52,6 +79,8 @@ export interface AuthenticatedContext extends APIContext {
  user: SessionUser;
  /** Current session */
  session: Session;
+  /** Authentication method and details */
+  auth: AuthInfo;
 }

 /**