chore: improve API key management

- Added a query parameter to filter API keys by status (active, revoked, all) in the getApiKey endpoint.
- Updated the AuthService to handle status filtering logic for API key retrieval.
- Modified the frontend to support status-based API key listing and added a button to view revoked keys.

Author: vernu

api/src/auth/auth.controller.ts

@@ -8,6 +8,7 @@ import {
   Param,
   Patch,
   Post,
+  Query,
   Request,
   UseGuards,
 } from '@nestjs/common'
@@ -98,10 +99,20 @@ export class AuthController {
 
   @UseGuards(AuthGuard)
   @ApiOperation({ summary: 'Get Api Key List (masked***)' })
+  @ApiQuery({
+    name: 'status',
+    required: false,
+    enum: ['active', 'revoked', 'all'],
+    description:
+      'Filter keys: active (default), revoked only, or all (legacy full list)',
+  })
   @ApiBearerAuth()
   @Get('/api-keys')
-  async getApiKey(@Request() req) {
-    const data = await this.authService.getUserApiKeys(req.user)
+  async getApiKey(
+    @Request() req,
+    @Query('status') status?: string,
+  ) {
+    const data = await this.authService.getUserApiKeys(req.user, status)
     return { data }
   }
 

api/src/auth/auth.service.ts

@@ -363,8 +363,36 @@ export class AuthService {
     return { apiKey, message: 'Save this key, it wont be shown again ;)' }
   }
 
-  async getUserApiKeys(currentUser: User) {
-    return this.apiKeyModel.find({ user: currentUser._id }, null, {
+  async getUserApiKeys(
+    currentUser: User,
+    statusParam?: string,
+  ) {
+    const normalized =
+      statusParam === undefined || statusParam === '' ? 'active' : statusParam
+    if (!['active', 'revoked', 'all'].includes(normalized)) {
+      throw new HttpException(
+        { error: 'Invalid status. Use active, revoked, or all.' },
+        HttpStatus.BAD_REQUEST,
+      )
+    }
+    const status = normalized as 'active' | 'revoked' | 'all'
+
+    const base = { user: currentUser._id }
+    let filter: Record<string, unknown> = { ...base }
+
+    if (status === 'active') {
+      filter = {
+        ...base,
+        $or: [{ revokedAt: { $exists: false } }, { revokedAt: null }],
+      }
+    } else if (status === 'revoked') {
+      filter = {
+        ...base,
+        revokedAt: { $exists: true, $ne: null },
+      }
+    }
+
+    return this.apiKeyModel.find(filter, null, {
       sort: { createdAt: -1 },
     })
   }
@@ -387,9 +415,9 @@ export class AuthService {
         HttpStatus.NOT_FOUND,
       )
     }
-    if (apiKey.usageCount > 0) {
+    if (!apiKey.revokedAt) {
       throw new HttpException(
-        { error: 'Api key cannot be deleted' },
+        { error: 'Revoke this API key before you can delete it' },
         HttpStatus.BAD_REQUEST,
       )
     }