Merge pull request #2434 from automatisch/delete-api-token

feat: Implement api token removal API endpoint

packages/backend/src/controllers/api/v1/admin/api-tokens/delete-api-token.ee.js

@@ -0,0 +1,11 @@
+import ApiToken from '../../../../../models/api-token.ee.js';
+
+export default async (request, response) => {
+  const apiToken = await ApiToken.query()
+    .findById(request.params.id)
+    .throwIfNotFound();
+
+  await apiToken.$query().delete();
+
+  response.status(204).end();
+};

packages/backend/src/controllers/api/v1/admin/api-tokens/delete-api-token.ee.test.js

@@ -0,0 +1,45 @@
+import Crypto from 'node:crypto';
+import { vi, describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+import app from '../../../../../app.js';
+import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by-user-id.js';
+import { createRole } from '../../../../../../test/factories/role.js';
+import { createApiToken } from '../../../../../../test/factories/api-token.js';
+import { createUser } from '../../../../../../test/factories/user.js';
+import * as license from '../../../../../helpers/license.ee.js';
+
+describe('DELETE /api/v1/admin/api-tokens/:id', () => {
+  let adminRole, currentUser, token;
+
+  beforeEach(async () => {
+    vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
+
+    adminRole = await createRole({ name: 'Admin' });
+
+    currentUser = await createUser({ roleId: adminRole.id });
+
+    token = await createAuthTokenByUserId(currentUser.id);
+  });
+
+  it('should delete the api token and return HTTP 204', async () => {
+    const apiToken = await createApiToken();
+
+    await request(app)
+      .delete(`/api/v1/admin/api-tokens/${apiToken.id}`)
+      .set('Authorization', token)
+      .expect(204);
+
+    const refetchedApiToken = await apiToken.$query();
+
+    expect(refetchedApiToken).toBeUndefined();
+  });
+
+  it('should return HTTP 404 for not existing api token id', async () => {
+    const notExistingApiTokenId = Crypto.randomUUID();
+
+    await request(app)
+      .delete(`/api/v1/admin/api-tokens/${notExistingApiTokenId}`)
+      .set('Authorization', token)
+      .expect(404);
+  });
+});

packages/backend/src/routes/api/v1/admin/api-tokens.ee.js

@@ -4,6 +4,7 @@ import { authorizeAdmin } from '../../../../helpers/authorization.js';
 import { checkIsEnterprise } from '../../../../helpers/check-is-enterprise.js';
 import createApiTokenAction from '../../../../controllers/api/v1/admin/api-tokens/create-api-token.ee.js';
 import getApiTokensAction from '../../../../controllers/api/v1/admin/api-tokens/get-api-tokens.ee.js';
+import deleteApiTokenAction from '../../../../controllers/api/v1/admin/api-tokens/delete-api-token.ee.js';
 
 const router = Router();
 
@@ -23,4 +24,12 @@ router.get(
   getApiTokensAction
 );
 
+router.delete(
+  '/:id',
+  authenticateUser,
+  authorizeAdmin,
+  checkIsEnterprise,
+  deleteApiTokenAction
+);
+
 export default router;