Add API key

Author: sangnguyenplus

public/css/api-settings.css

@@ -0,0 +1,109 @@
+$(() => {
+    'use strict';
+
+    // Edit API key - enable the field for editing
+    $(document).on('click', '#edit-api-key', function(e) {
+        e.preventDefault();
+
+        const apiKeyInput = $('#api-key-input');
+        const editButton = $(this);
+        const copyButton = $('#copy-api-key');
+
+        // Enable the input field
+        apiKeyInput.prop('readonly', false).focus();
+
+        // Hide edit button and show copy button
+        editButton.hide();
+        copyButton.show();
+
+        // Show success message
+        Botble.showSuccess(window.trans.api.api_key_edit_enabled || 'API key field is now editable.');
+    });
+
+    // Generate random API key
+    $('#generate-api-key').on('click', function(e) {
+        e.preventDefault();
+
+        const apiKeyInput = $('#api-key-input');
+        const editButton = $('#edit-api-key');
+        const copyButton = $('#copy-api-key');
+        const newApiKey = generateRandomApiKey();
+
+        // Enable the input field and set new value
+        apiKeyInput.prop('readonly', false).val(newApiKey);
+
+        // Update button visibility
+        editButton.hide();
+        copyButton.show();
+
+        // Show success message
+        Botble.showSuccess(window.trans.api.api_key_generated || 'API key generated successfully!');
+
+        // Update examples with new key
+        updateExamplesWithApiKey(newApiKey);
+    });
+
+    // The copy functionality is now handled by the <x-core::copy> component
+
+    // Update examples when API key changes
+    $('#api-key-input').on('input', function() {
+        const apiKey = $(this).val() || 'your-api-key-here';
+        updateExamplesWithApiKey(apiKey);
+
+        // Show/hide copy button based on whether there's a value
+        const copyButton = $('#copy-api-key');
+        if (apiKey && apiKey !== 'your-api-key-here') {
+            copyButton.show();
+        } else {
+            copyButton.hide();
+        }
+    });
+
+    // Initialize examples on page load
+    const currentApiKey = $('#api-key-input').val() || 'your-api-key-here';
+    updateExamplesWithApiKey(currentApiKey);
+
+    /**
+     * Generate a random API key
+     * @returns {string}
+     */
+    function generateRandomApiKey() {
+        const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+        let result = '';
+        
+        // Generate a 32-character random string
+        for (let i = 0; i < 32; i++) {
+            result += chars.charAt(Math.floor(Math.random() * chars.length));
+        }
+        
+        return result;
+    }
+
+    /**
+     * Update code examples with the current API key
+     * @param {string} apiKey
+     */
+    function updateExamplesWithApiKey(apiKey) {
+        const baseUrl = window.location.origin + '/api/v1';
+        
+        // Update cURL example
+        const curlExample = `curl -X GET "${baseUrl}/products" \\
+     -H "Accept: application/json" \\
+     -H "X-API-KEY: ${apiKey}"`;
+        
+        $('#curl-example').text(curlExample);
+        
+        // Update JavaScript example
+        const jsExample = `fetch("${baseUrl}/products", {
+    method: "GET",
+    headers: {
+        "Accept": "application/json",
+        "X-API-KEY": "${apiKey}"
+    }
+})
+.then(response => response.json())
+.then(data => console.log(data));`;
+        
+        $('#js-example').text(jsExample);
+    }
+});

public/js/api-settings.js

@@ -5,6 +5,25 @@
     'settings_description' => 'View and update your API settings',
     'save_settings' => 'Save settings',
     'setting_title' => 'API settings',
-    'setting_description' => 'Settings for API',
-    'api_enabled' => 'API enabled?',
+    'setting_description' => 'Configure your API access and security settings',
+    'api_enabled' => 'Enable API',
+    'api_enabled_description' => 'Enable or disable the REST API for your website. When disabled, all API endpoints will be inaccessible.',
+    'api_key' => 'API Key',
+    'api_key_description' => 'Optional security key for API access. When set, all API requests must include this key in the X-API-KEY header.',
+    'api_key_placeholder' => 'Enter your API key (leave empty to disable)',
+    'generate_api_key' => 'Generate Random Key',
+    'edit_api_key' => 'Edit API Key',
+    'copy_api_key' => 'Copy to Clipboard',
+    'api_key_generated' => 'New API key generated successfully!',
+    'api_key_copied' => 'API key copied to clipboard!',
+    'api_key_edit_enabled' => 'API key field is now editable.',
+    'api_documentation' => 'API Documentation',
+    'api_documentation_description' => 'View the complete API documentation with examples and endpoint details.',
+    'view_documentation' => 'View API Docs',
+    'api_usage_examples' => 'Usage Examples',
+    'api_usage_curl_example' => 'Example cURL request with API key:',
+    'api_usage_javascript_example' => 'Example JavaScript request:',
+    'api_security_section' => 'Security Settings',
+    'api_general_section' => 'General Settings',
+    'api_help_section' => 'Help & Documentation',
 ];

resources/js/api-settings.js

@@ -0,0 +1,110 @@
+// API Settings Styles
+
+.api-key-field {
+    .btn-group {
+        .btn {
+            border-radius: 0.375rem;
+            
+            &:first-child {
+                border-top-right-radius: 0;
+                border-bottom-right-radius: 0;
+            }
+            
+            &:last-child {
+                border-top-left-radius: 0;
+                border-bottom-left-radius: 0;
+                border-left: 0;
+            }
+            
+            &:hover {
+                z-index: 2;
+            }
+        }
+    }
+    
+    .form-control {
+        font-family: 'SFMono-Regular', Consolas, 'Liberation Mono', Menlo, Courier, monospace;
+        font-size: 0.875rem;
+
+        &[readonly] {
+            background-color: #f8f9fa;
+            border-color: #dee2e6;
+            cursor: not-allowed;
+
+            &:focus {
+                background-color: #f8f9fa;
+                border-color: #dee2e6;
+                box-shadow: none;
+            }
+        }
+    }
+}
+
+.api-documentation-card {
+    transition: all 0.2s ease-in-out;
+    
+    &:hover {
+        transform: translateY(-2px);
+        box-shadow: 0 4px 12px rgba(0, 0, 0, 0.1);
+    }
+}
+
+.api-code-example {
+    position: relative;
+    
+    pre {
+        border-radius: 0.5rem;
+        margin-bottom: 0;
+        
+        code {
+            font-size: 0.8rem;
+            line-height: 1.4;
+        }
+    }
+    
+    .copy-button {
+        opacity: 0.7;
+        transition: opacity 0.2s ease-in-out;
+        
+        &:hover {
+            opacity: 1;
+        }
+    }
+}
+
+// Responsive improvements
+@media (max-width: 576px) {
+    .api-key-field {
+        .row {
+            .col-auto {
+                .btn-group {
+                    width: 100%;
+                    margin-top: 0.5rem;
+                    
+                    .btn {
+                        flex: 1;
+                        border-radius: 0.375rem !important;
+                        border-left: 1px solid var(--bs-border-color) !important;
+                        
+                        &:first-child {
+                            border-top-right-radius: 0.375rem !important;
+                            border-bottom-right-radius: 0.375rem !important;
+                        }
+                        
+                        &:last-child {
+                            border-top-left-radius: 0.375rem !important;
+                            border-bottom-left-radius: 0.375rem !important;
+                        }
+                    }
+                }
+            }
+        }
+    }
+    
+    .api-code-example {
+        pre {
+            padding: 1rem !important;
+            font-size: 0.75rem;
+        }
+    }
+}

resources/lang/en/api.php

@@ -11,3 +11,12 @@
         </div>
     @endif
 @endsection
+
+@push('footer')
+    <script>
+        'use strict';
+
+        window.trans = window.trans || {};
+        window.trans.api = {!! json_encode($translations, JSON_HEX_APOS) !!};
+    </script>
+@endpush

resources/sass/api-settings.scss

@@ -0,0 +1,22 @@
+@php
+    $hasApiKey = !empty($apiKey ?? '');
+@endphp
+
+<div class="btn-group" role="group">
+    <button type="button" class="btn btn-outline-primary" id="generate-api-key" title="{{ trans('packages/api::api.generate_api_key') }}">
+        <x-core::icon name="ti ti-refresh" />
+        <span class="d-none d-sm-inline ms-1">{{ trans('packages/api::api.generate_api_key') }}</span>
+    </button>
+
+    <x-core::copy
+        :copyableState="''"
+        :copyableMessage="trans('packages/api::api.api_key_copied')"
+        class="btn btn-outline-secondary {{ !$hasApiKey ? 'd-none' : '' }}"
+        title="{{ trans('packages/api::api.copy_api_key') }}"
+        id="copy-api-key"
+        data-clipboard-target="#api-key-input"
+    >
+        <x-core::icon name="ti ti-clipboard" class="me-0" />
+        <span class="d-none d-sm-inline ms-1">{{ trans('packages/api::api.copy_api_key') }}</span>
+    </x-core::copy>
+</div>

resources/views/settings.blade.php

@@ -0,0 +1,43 @@
+<div class="mb-3 api-key-field">
+    <label for="api-key-input" class="form-label">
+        {{ trans('packages/api::api.api_key') }}
+    </label>
+
+    <div class="row g-2">
+        <div class="col">
+            <input
+                type="text"
+                class="form-control"
+                id="api-key-input"
+                name="api_key"
+                value="{{ $apiKey }}"
+                placeholder="{{ trans('packages/api::api.api_key_placeholder') }}"
+                autocomplete="off"
+                @if(!empty($apiKey)) readonly @endif
+            >
+        </div>
+        <div class="col-auto">
+            @include('packages/api::settings.partials.api-key-actions', ['apiKey' => $apiKey])
+        </div>
+    </div>
+    
+    <div class="form-text">
+        {{ trans('packages/api::api.api_key_description') }}
+    </div>
+    
+    @if(!empty($apiKey))
+        <div class="mt-2">
+            <small class="text-success">
+                <x-core::icon name="ti ti-shield-check" class="me-1" />
+                API key protection is <strong>enabled</strong>. All requests require the X-API-KEY header.
+            </small>
+        </div>
+    @else
+        <div class="mt-2">
+            <small class="text-warning">
+                <x-core::icon name="ti ti-shield-x" class="me-1" />
+                API key protection is <strong>disabled</strong>. Endpoints are publicly accessible.
+            </small>
+        </div>
+    @endif
+</div>

resources/views/settings/partials/api-key-actions.blade.php

@@ -0,0 +1,18 @@
+@php
+    $docsUrl = url('/docs');
+@endphp
+
+<div class="card border-0 bg-white api-documentation-card">
+    <div class="card-body">
+        <div class="d-flex align-items-center">
+            <div class="flex-grow-1">
+                <h6 class="mb-1">{{ trans('packages/api::api.api_documentation') }}</h6>
+                <p class="mb-2 text-muted">{{ trans('packages/api::api.api_documentation_description') }}</p>
+                <a href="{{ $docsUrl }}" target="_blank" class="btn btn-sm btn-primary">
+                    <x-core::icon name="ti ti-external-link" class="me-1" />
+                    {{ trans('packages/api::api.view_documentation') }}
+                </a>
+            </div>
+        </div>
+    </div>
+</div>

resources/views/settings/partials/api-key-field.blade.php

@@ -0,0 +1,43 @@
+@php
+    $baseUrl = url('/api/v1');
+@endphp
+
+<div class="mt-3">
+    <h6>{{ trans('packages/api::api.api_usage_examples') }}</h6>
+    
+    <div class="mb-3 api-code-example">
+        <label class="form-label">{{ trans('packages/api::api.api_usage_curl_example') }}</label>
+        <div class="position-relative">
+            <pre class="bg-dark text-light p-3 rounded" style="font-size: 0.875rem;"><code id="curl-example">curl -X GET "{{ $baseUrl }}/products" \
+     -H "Accept: application/json" \
+     -H "X-API-KEY: your-api-key-here"</code></pre>
+            <x-core::copy
+                :copyableState="''"
+                copyableMessage="Code copied to clipboard!"
+                class="btn btn-sm btn-outline-light position-absolute top-0 end-0 m-2 copy-button"
+                data-clipboard-target="#curl-example"
+            />
+        </div>
+    </div>
+    
+    <div class="mb-3 api-code-example">
+        <label class="form-label">{{ trans('packages/api::api.api_usage_javascript_example') }}</label>
+        <div class="position-relative">
+            <pre class="bg-dark text-light p-3 rounded" style="font-size: 0.875rem;"><code id="js-example">fetch("{{ $baseUrl }}/products", {
+    method: "GET",
+    headers: {
+        "Accept": "application/json",
+        "X-API-KEY": "your-api-key-here"
+    }
+})
+.then(response => response.json())
+.then(data => console.log(data));</code></pre>
+            <x-core::copy
+                :copyableState="''"
+                copyableMessage="Code copied to clipboard!"
+                class="btn btn-sm btn-outline-light position-absolute top-0 end-0 m-2 copy-button"
+                data-clipboard-target="#js-example"
+            />
+        </div>
+    </div>
+</div>