reasonkit-web 0.1.7

High-performance MCP server for browser automation, web capture, and content extraction. Rust-powered CDP client for AI agents.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267

//! # API Key Management Module
//!
//! API key generation, rotation, and access control.
//!
//! ## Features
//!
//! - Scoped API keys with fine-grained permissions
//! - Automatic key rotation
//! - Usage tracking and rate limiting per key
//! - Key revocation with audit trail

#![allow(unused_variables)] // Stub implementation

use axum::{
    extract::{Json, Path},
    http::StatusCode,
    response::IntoResponse,
};
use chrono::{DateTime, Utc};
use serde::{Deserialize, Serialize};
use uuid::Uuid;

/// API key scopes (permissions)
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Hash)]
#[serde(rename_all = "snake_case")]
pub enum ApiKeyScope {
    /// Read reasoning results
    ReasoningRead,
    /// Execute reasoning protocols
    ReasoningWrite,
    /// Read user profile
    ProfileRead,
    /// Modify user profile
    ProfileWrite,
    /// Read settings
    SettingsRead,
    /// Modify settings
    SettingsWrite,
    /// Create exports
    ExportCreate,
    /// Full access (admin)
    Admin,
}

/// API key metadata
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ApiKey {
    /// Key ID (public identifier)
    pub id: Uuid,
    /// Key name (user-defined)
    pub name: String,
    /// Key prefix (first 8 chars for display)
    pub prefix: String,
    /// Hashed key (never expose raw key after creation)
    #[serde(skip_serializing)]
    pub key_hash: String,
    /// User ID who owns this key
    pub user_id: Uuid,
    /// Granted scopes
    pub scopes: Vec<ApiKeyScope>,
    /// Creation timestamp
    pub created_at: DateTime<Utc>,
    /// Last used timestamp
    pub last_used: Option<DateTime<Utc>>,
    /// Expiration timestamp (optional)
    pub expires_at: Option<DateTime<Utc>>,
    /// Is key active
    pub active: bool,
    /// Rate limit (requests per minute)
    pub rate_limit: Option<u32>,
    /// Total usage count
    pub usage_count: u64,
}

/// API key creation response (only time raw key is shown)
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ApiKeyCreated {
    pub id: Uuid,
    pub name: String,
    /// Raw API key - ONLY shown once at creation
    pub key: String,
    pub prefix: String,
    pub scopes: Vec<ApiKeyScope>,
    pub created_at: DateTime<Utc>,
    pub expires_at: Option<DateTime<Utc>>,
}

/// API key service for database operations
#[allow(dead_code)] // Reserved for future database validation
pub struct ApiKeyService {
    // TODO: Add database connection pool
    max_keys_per_user: usize,
}

impl ApiKeyService {
    pub fn new(max_keys_per_user: usize) -> Self {
        Self { max_keys_per_user }
    }

    /// Generate a new API key
    pub fn generate_key() -> String {
        use rand::Rng;
        let mut rng = rand::rng();
        let key: String = (0..32)
            .map(|_| {
                let idx = rng.random_range(0..62);
                "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
                    .chars()
                    .nth(idx)
                    .unwrap()
            })
            .collect();
        format!("rk_{}", key)
    }

    /// Hash an API key for storage
    pub fn hash_key(key: &str) -> String {
        use sha2::{Digest, Sha256};
        let mut hasher = Sha256::new();
        hasher.update(key.as_bytes());
        format!("{:x}", hasher.finalize())
    }

    /// Create a new API key
    pub async fn create_key(
        &self,
        user_id: Uuid,
        name: String,
        scopes: Vec<ApiKeyScope>,
        expires_at: Option<DateTime<Utc>>,
        rate_limit: Option<u32>,
    ) -> Result<ApiKeyCreated, ApiKeyError> {
        // TODO: Check user's key count
        // TODO: Store in database

        let raw_key = Self::generate_key();
        let key_hash = Self::hash_key(&raw_key);
        let prefix = raw_key[..11].to_string(); // "rk_" + 8 chars

        let created = ApiKeyCreated {
            id: Uuid::new_v4(),
            name,
            key: raw_key,
            prefix,
            scopes,
            created_at: Utc::now(),
            expires_at,
        };

        Ok(created)
    }

    /// List all keys for a user (without secrets)
    pub async fn list_keys(&self, user_id: Uuid) -> Result<Vec<ApiKey>, ApiKeyError> {
        // TODO: Query database
        Ok(vec![])
    }

    /// Revoke an API key
    pub async fn revoke_key(&self, user_id: Uuid, key_id: Uuid) -> Result<(), ApiKeyError> {
        // TODO: Update database
        Ok(())
    }

    /// Rotate an API key (revoke old, create new with same scopes)
    pub async fn rotate_key(
        &self,
        user_id: Uuid,
        key_id: Uuid,
    ) -> Result<ApiKeyCreated, ApiKeyError> {
        // TODO: Get old key, create new, revoke old
        Err(ApiKeyError::NotFound)
    }

    /// Validate an API key and return its metadata
    pub async fn validate_key(&self, raw_key: &str) -> Result<ApiKey, ApiKeyError> {
        let key_hash = Self::hash_key(raw_key);
        // TODO: Query database by hash
        Err(ApiKeyError::InvalidKey)
    }

    /// Record key usage
    pub async fn record_usage(&self, key_id: Uuid) -> Result<(), ApiKeyError> {
        // TODO: Update last_used and increment usage_count
        Ok(())
    }
}

impl Default for ApiKeyService {
    fn default() -> Self {
        Self::new(10)
    }
}

/// API key errors
#[derive(Debug, thiserror::Error)]
pub enum ApiKeyError {
    #[error("API key not found")]
    NotFound,
    #[error("Invalid API key")]
    InvalidKey,
    #[error("API key expired")]
    Expired,
    #[error("API key revoked")]
    Revoked,
    #[error("Rate limit exceeded")]
    RateLimitExceeded,
    #[error("Insufficient permissions")]
    InsufficientScope,
    #[error("Maximum keys exceeded")]
    MaxKeysExceeded,
    #[error("Database error: {0}")]
    DatabaseError(String),
}

/// HTTP handlers for API key endpoints
pub mod handlers {
    use super::*;

    #[derive(Debug, Deserialize)]
    pub struct CreateKeyRequest {
        pub name: String,
        pub scopes: Vec<ApiKeyScope>,
        #[serde(default)]
        pub expires_in_days: Option<u32>,
        pub rate_limit: Option<u32>,
    }

    /// List all API keys for current user
    pub async fn list_keys() -> impl IntoResponse {
        (StatusCode::OK, Json(serde_json::json!({"keys": []})))
    }

    /// Create a new API key
    pub async fn create_key(Json(req): Json<CreateKeyRequest>) -> impl IntoResponse {
        let raw_key = ApiKeyService::generate_key();
        let prefix = raw_key[..11].to_string();

        let response = ApiKeyCreated {
            id: Uuid::new_v4(),
            name: req.name,
            key: raw_key,
            prefix,
            scopes: req.scopes,
            created_at: Utc::now(),
            expires_at: req
                .expires_in_days
                .map(|d| Utc::now() + chrono::Duration::days(d as i64)),
        };

        (StatusCode::CREATED, Json(response))
    }

    /// Revoke an API key
    pub async fn revoke_key(Path(id): Path<Uuid>) -> impl IntoResponse {
        (
            StatusCode::OK,
            Json(serde_json::json!({"success": true, "revoked_key_id": id})),
        )
    }

    /// Rotate an API key
    pub async fn rotate_key(Path(id): Path<Uuid>) -> impl IntoResponse {
        // TODO: Implement key rotation
        StatusCode::NOT_IMPLEMENTED
    }
}