import datetime import logging from fastapi import APIRouter, Depends, Query from src.config import settings from src.exceptions import DisabledException, ValidationException from src.security import ( JWTParams, create_jwt, require_auth, ) from src.utils.formatting import format_datetime_utc logger = logging.getLogger(__name__) router = APIRouter( prefix="/keys", tags=["keys"], dependencies=[Depends(require_auth(admin=True))], ) @router.post("") async def create_key( workspace_id: str | None = Query( None, description="ID of the workspace to scope the key to" ), peer_id: str | None = Query(None, description="ID of the peer to scope the key to"), session_id: str | None = Query( None, description="ID of the session to scope the key to" ), expires_at: datetime.datetime | None = None, ): """Create a new Key""" if not settings.AUTH.USE_AUTH: raise DisabledException() # Validate that at least one parameter is provided for proper scoping if not any([workspace_id, peer_id, session_id]): raise ValidationException( "At least one of workspace_id, peer_id, or session_id must be provided" ) key_str = create_jwt( JWTParams( exp=format_datetime_utc(expires_at) if expires_at else None, w=workspace_id, p=peer_id, s=session_id, ) ) return { "key": key_str, }