Add API token management for CLI authentication

- Add reviq auth login --token <token> command for CLI authentication - Create /account/api-tokens page for token management (superuser only) - Add me.apiTokens endpoints (list, create, delete) - Require superuser status and trusted session for token creation - Show API Tokens nav link only for superusers Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-10 18:58:27 +08:00
parent 42badf3c52
commit a7d6beaf5a
8 changed files with 566 additions and 130 deletions
--- a/apps/cli/src/utils/api-client.ts
+++ b/apps/cli/src/utils/api-client.ts
@@ -10,25 +10,48 @@ import { readConfig } from "./config.js";

 export type ApiClient = ContractRouterClient<typeof contract>;

+/**
+ * Create an oRPC API client with provided credentials
+ */
+export function createApiClient(apiUrl: string, token: string): ApiClient;
+
 /**
 * Create an oRPC API client with the stored credentials
 * Throws an error if not logged in
 */
-export const createApiClient = async (): Promise<ApiClient> => {
-  const config = await readConfig();
-  if (!config) {
-    throw new Error(
-      "Not logged in. Run 'reviq bootstrap' or 'reviq auth login' first.",
-    );
+export function createApiClient(): Promise<ApiClient>;
+
+export function createApiClient(
+  apiUrl?: string,
+  token?: string,
+): ApiClient | Promise<ApiClient> {
+  // If both arguments are provided, create client directly
+  if (apiUrl !== undefined && token !== undefined) {
+    const link = new RPCLink({
+      url: `${apiUrl}/api/v1/rpc`,
+      headers: {
+        "X-API-Key": token,
+      },
+    });
+    return createORPCClient(link) as unknown as ApiClient;
  }

-  const link = new RPCLink({
-    url: `${config.apiUrl}/api/v1/rpc`,
-    headers: {
-      "X-API-Key": config.token,
-    },
-  });
+  // Otherwise, read from config asynchronously
+  return (async (): Promise<ApiClient> => {
+    const config = await readConfig();
+    if (!config) {
+      throw new Error(
+        "Not logged in. Run 'reviq bootstrap' or 'reviq auth login' first.",
+      );
+    }

-  // Cast to ApiClient for type-safe API calls
-  return createORPCClient(link) as unknown as ApiClient;
-};
+    const link = new RPCLink({
+      url: `${config.apiUrl}/api/v1/rpc`,
+      headers: {
+        "X-API-Key": config.token,
+      },
+    });
+
+    return createORPCClient(link) as unknown as ApiClient;
+  })();
+}