[Feature]: allow resetting a users API-key

[hseeberger]

Describe the feature

A user should be able to reset their api-key, this is important functionality to have in case users leak their key. This should generate a new api-key and persist it in the users table.

Questions

• A JWT will be cached with the api-key or a cookie sid as the key for 10 minutes, should we also clear this? Can we?
• Should this only be possible through the console?

Tasks

• Add a new reset endpoint to auth
• Update gateway to forward reset requests to auth
• Clean the cache in gateway
• Add a subcommand to the cli

Suggestion or Example of how the feature would be used

No response

Duplicate declaration

• I have searched the issues and this feature has not been requested before.

[hseeberger]

Shuttle Batch 2.0 project https://shuttle-hq.notion.site/535743328783490baacd6fbb7befdd5d?v=f0988ae59d8f47e788bed373047a4255&p=916eeba051f74a07a27f20efb8711bc8&pm=s.

Picked by @jonaro00 and @hseeberger.

[hseeberger]

Looking at the code it seems to me that there is only one API key per user. Is that correct?

[oddgrd]

Yes, that is correct. 👍

[jonaro00]

I saw a suggestion to allow users to have more than one key, but we can wait with that until later if deemed appropriate.