Merge branch 'main' into brandfetch-plugin

Author: bensabic

.gitignore

@@ -12,6 +12,10 @@
 
 # testing
 /coverage
+/test-results/
+/playwright-report/
+/blob-report/
+/playwright/.cache/
 
 # next.js
 /.next/
@@ -47,4 +51,5 @@ tmp/
 # generated files
 lib/types/integration.ts
 lib/codegen-registry.ts
-lib/step-registry.ts
+lib/step-registry.ts
+lib/output-display-configs.ts

README.md

@@ -81,6 +81,7 @@ Visit [http://localhost:3000](http://localhost:3000) to get started.
 <!-- PLUGINS:START - Do not remove. Auto-generated by discover-plugins -->
 - **AI Gateway**: Generate Text, Generate Image
 - **Blob**: Put Blob, List Blobs
+- **Clerk**: Get User, Create User, Update User, Delete User
 - **fal.ai**: Generate Image, Generate Video, Upscale Image, Remove Background, Image to Image
 - **Firecrawl**: Scrape URL, Search Web
 - **GitHub**: Create Issue, List Issues, Get Issue, Update Issue
@@ -292,7 +293,7 @@ This template is built on top of Workflow DevKit, a powerful workflow execution
 - Built-in logging and error handling
 - Serverless deployment support
 
-Learn more about Workflow DevKit at [workflow.dev](https://useworkflow.dev)
+Learn more about Workflow DevKit at [useworkflow.dev](https://useworkflow.dev)
 
 ## License
 

app/api/api-keys/[keyId]/route.ts

@@ -0,0 +1,40 @@
+import { and, eq } from "drizzle-orm";
+import { NextResponse } from "next/server";
+import { auth } from "@/lib/auth";
+import { db } from "@/lib/db";
+import { apiKeys } from "@/lib/db/schema";
+
+// DELETE - Delete an API key
+export async function DELETE(
+  request: Request,
+  context: { params: Promise<{ keyId: string }> }
+) {
+  try {
+    const { keyId } = await context.params;
+    const session = await auth.api.getSession({
+      headers: request.headers,
+    });
+
+    if (!session?.user) {
+      return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+    }
+
+    // Delete the key (only if it belongs to the user)
+    const result = await db
+      .delete(apiKeys)
+      .where(and(eq(apiKeys.id, keyId), eq(apiKeys.userId, session.user.id)))
+      .returning({ id: apiKeys.id });
+
+    if (result.length === 0) {
+      return NextResponse.json({ error: "API key not found" }, { status: 404 });
+    }
+
+    return NextResponse.json({ success: true });
+  } catch (error) {
+    console.error("Failed to delete API key:", error);
+    return NextResponse.json(
+      { error: "Failed to delete API key" },
+      { status: 500 }
+    );
+  }
+}

app/api/api-keys/route.ts

@@ -0,0 +1,107 @@
+import { createHash, randomBytes } from "node:crypto";
+import { eq } from "drizzle-orm";
+import { NextResponse } from "next/server";
+import { auth } from "@/lib/auth";
+import { db } from "@/lib/db";
+import { apiKeys } from "@/lib/db/schema";
+
+// Generate a secure API key
+function generateApiKey(): { key: string; hash: string; prefix: string } {
+  const randomPart = randomBytes(24).toString("base64url");
+  const key = `wfb_${randomPart}`;
+  const hash = createHash("sha256").update(key).digest("hex");
+  const prefix = key.slice(0, 11); // "wfb_" + first 7 chars
+  return { key, hash, prefix };
+}
+
+// GET - List all API keys for the current user
+export async function GET(request: Request) {
+  try {
+    const session = await auth.api.getSession({
+      headers: request.headers,
+    });
+
+    if (!session?.user) {
+      return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+    }
+
+    const keys = await db.query.apiKeys.findMany({
+      where: eq(apiKeys.userId, session.user.id),
+      columns: {
+        id: true,
+        name: true,
+        keyPrefix: true,
+        createdAt: true,
+        lastUsedAt: true,
+      },
+      orderBy: (table, { desc }) => [desc(table.createdAt)],
+    });
+
+    return NextResponse.json(keys);
+  } catch (error) {
+    console.error("Failed to list API keys:", error);
+    return NextResponse.json(
+      { error: "Failed to list API keys" },
+      { status: 500 }
+    );
+  }
+}
+
+// POST - Create a new API key
+export async function POST(request: Request) {
+  try {
+    const session = await auth.api.getSession({
+      headers: request.headers,
+    });
+
+    if (!session?.user) {
+      return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+    }
+
+    // Check if user is anonymous
+    const isAnonymous =
+      session.user.name === "Anonymous" ||
+      session.user.email?.startsWith("temp-");
+
+    if (isAnonymous) {
+      return NextResponse.json(
+        { error: "Anonymous users cannot create API keys" },
+        { status: 403 }
+      );
+    }
+
+    const body = await request.json().catch(() => ({}));
+    const name = body.name || null;
+
+    // Generate new API key
+    const { key, hash, prefix } = generateApiKey();
+
+    // Save to database
+    const [newKey] = await db
+      .insert(apiKeys)
+      .values({
+        userId: session.user.id,
+        name,
+        keyHash: hash,
+        keyPrefix: prefix,
+      })
+      .returning({
+        id: apiKeys.id,
+        name: apiKeys.name,
+        keyPrefix: apiKeys.keyPrefix,
+        createdAt: apiKeys.createdAt,
+      });
+
+    // Return the full key only on creation (won't be shown again)
+    return NextResponse.json({
+      ...newKey,
+      key, // Full key - only returned once!
+    });
+  } catch (error) {
+    console.error("Failed to create API key:", error);
+    return NextResponse.json(
+      { error: "Failed to create API key" },
+      { status: 500 }
+    );
+  }
+}