return the key in the response to the POST /api-key request

briskt · briskt · commit e0b46307f7fa · 2025-11-03T11:55:52.000+08:00
diff --git a/apikey.go b/apikey.go
@@ -438,7 +438,12 @@ func (a *App) CreateApiKey(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	jsonResponse(w, nil, http.StatusNoContent)
+	response := map[string]string{
+		"email":      key.Email,
+		"id":         key.Key,
+		"created_at": time.Unix(int64(key.CreatedAt)/1000, 0).UTC().Format(time.RFC3339),
+	}
+	jsonResponse(w, response, http.StatusOK)
 }
 
 // RotateApiKey facilitates the rotation of API Keys. All data in webauthn and totp tables that is encrypted by the old
diff --git a/apikey_test.go b/apikey_test.go
@@ -308,7 +308,7 @@ func (ms *MfaSuite) TestCreateApiKey() {
 			body: map[string]interface{}{
 				"email": exampleEmail,
 			},
-			wantStatus: http.StatusNoContent,
+			wantStatus: http.StatusOK,
 		},
 		{
 			name:       "missing email",
@@ -332,6 +332,16 @@ func (ms *MfaSuite) TestCreateApiKey() {
 			}
 
 			ms.Equal(tt.wantStatus, res.Status, fmt.Sprintf("CreateApiKey response: %s", res.Body))
+
+			var response struct {
+				Email     string    `json:"email"`
+				ID        string    `json:"id"`
+				CreatedAt time.Time `json:"created_at"`
+			}
+			ms.NoError(json.Unmarshal(res.Body, &response))
+			ms.Equal(exampleEmail, response.Email)
+			ms.Regexp("^[0-9a-z]{40}$", response.ID)
+			ms.WithinDuration(time.Now().UTC(), response.CreatedAt, time.Minute)
 		})
 	}
 }
diff --git a/openapi.yaml b/openapi.yaml
@@ -364,8 +364,27 @@ paths:
                   required: true
                   example: email@example.com
       responses:
-        204:
+        200:
           description: New API key created
+          content:
+            application/json:
+              schema:
+                properties:
+                  email:
+                    type: string
+                    description: email
+                    required: true
+                    example: "admin@example.com"
+                  id:
+                    type: string
+                    description: id
+                    required: true
+                    example: "0123456789abcdef0123456789abcdef01234567"
+                  created_at:
+                    type: string
+                    description: created_at
+                    required: true
+                    example: "2006-01-02T15:04:05Z"
         400:
           description: Bad Request
           content:

Original file line number	Diff line number	Diff line change
`@@ -438,7 +438,12 @@ func (a App) CreateApiKey(w http.ResponseWriter, r http.Request) {`
`438`	`438`	`return`
`439`	`439`	`}`
`440`	`440`
`441`		`- jsonResponse(w, nil, http.StatusNoContent)`
	`441`	`+ response := map[string]string{`
	`442`	`+ "email": key.Email,`
	`443`	`+ "id": key.Key,`
	`444`	`+ "created_at": time.Unix(int64(key.CreatedAt)/1000, 0).UTC().Format(time.RFC3339),`
	`445`	`+ }`
	`446`	`+ jsonResponse(w, response, http.StatusOK)`
`442`	`447`	`}`
`443`	`448`
`444`	`449`	`// RotateApiKey facilitates the rotation of API Keys. All data in webauthn and totp tables that is encrypted by the old`
Original file line number	Diff line number	Diff line change
`@@ -308,7 +308,7 @@ func (ms *MfaSuite) TestCreateApiKey() {`
`308`	`308`	`body: map[string]interface{}{`
`309`	`309`	`"email": exampleEmail,`
`310`	`310`	`},`
`311`		`- wantStatus: http.StatusNoContent,`
	`311`	`+ wantStatus: http.StatusOK,`
`312`	`312`	`},`
`313`	`313`	`{`
`314`	`314`	`name: "missing email",`
`@@ -332,6 +332,16 @@ func (ms *MfaSuite) TestCreateApiKey() {`
`332`	`332`	`}`
`333`	`333`
`334`	`334`	`ms.Equal(tt.wantStatus, res.Status, fmt.Sprintf("CreateApiKey response: %s", res.Body))`
	`335`	`+`
	`336`	`+ var response struct {`
	`337`	+ Email string `json:"email"`
	`338`	+ ID string `json:"id"`
	`339`	+ CreatedAt time.Time `json:"created_at"`
	`340`	`+ }`
	`341`	`+ ms.NoError(json.Unmarshal(res.Body, &response))`
	`342`	`+ ms.Equal(exampleEmail, response.Email)`
	`343`	`+ ms.Regexp("^[0-9a-z]{40}$", response.ID)`
	`344`	`+ ms.WithinDuration(time.Now().UTC(), response.CreatedAt, time.Minute)`
`335`	`345`	`})`
`336`	`346`	`}`
`337`	`347`	`}`