import { NextResponse } from "next/server"; import { db } from "@/lib/db"; import { requireAuth } from "@/lib/auth"; // DELETE /api/account/tokens/:id — revoke one of your own tokens. export async function DELETE(_req: Request, { params }: { params: { id: string } }) { try { const session = await requireAuth(); const token = await db.apiToken.findUnique({ where: { id: params.id } }); if (!token || token.userId !== session.user.id) return NextResponse.json({ error: "Not found" }, { status: 404 }); await db.apiToken.update({ where: { id: params.id }, data: { revokedAt: new Date() } }); await db.auditEvent.create({ data: { action: "api_token.revoke", entityId: params.id, actorId: session.user.id, payload: { name: token.name }, }, }); return NextResponse.json({ ok: true }); } catch (err) { if (err instanceof Error && err.message === "Unauthorized") return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); console.error(err); return NextResponse.json({ error: "Server error" }, { status: 500 }); } }