feat: Add 9 new features for enhanced UX and security

Quick Wins: - Feature 1: Ticket linking in comments (#123456789 auto-links) - Feature 6: Checkbox click area fix (click anywhere in cell) - Feature 7: User groups display in settings modal UI Enhancements: - Feature 4: Collapsible sidebar with localStorage persistence - Feature 5: Inline ticket preview popup on hover (300ms delay) - Feature 2: Mobile responsive improvements (44px touch targets, iOS zoom fix) Major Features: - Feature 3: Kanban card view with status columns (toggle with localStorage) - Feature 9: API key generation admin panel (/admin/api-keys) - Feature 8: Ticket visibility levels (public/internal/confidential) New files: - views/admin/ApiKeysView.php - api/generate_api_key.php - api/revoke_api_key.php - migrations/008_ticket_visibility.sql Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-23 10:01:50 -05:00
parent c32e9c871b
commit e86a5de3fd
19 changed files with 1933 additions and 39 deletions
--- a/views/CreateTicketView.php
+++ b/views/CreateTicketView.php
@@ -166,7 +166,51 @@
            <!-- DIVIDER -->
            <div class="ascii-divider"></div>

-            <!-- SECTION 5: Detailed Description -->
+            <!-- SECTION 5: Visibility Settings -->
+            <div class="ascii-section-header">Visibility Settings</div>
+            <div class="ascii-content">
+                <div class="ascii-frame-inner">
+                    <div class="detail-group">
+                        <label for="visibility">Ticket Visibility</label>
+                        <select id="visibility" name="visibility" class="editable" onchange="toggleVisibilityGroups()">
+                            <option value="public" selected>Public - All authenticated users</option>
+                            <option value="internal">Internal - Specific groups only</option>
+                            <option value="confidential">Confidential - Creator, assignee, admins only</option>
+                        </select>
+                        <p style="color: var(--terminal-green); font-size: 0.85rem; margin-top: 0.5rem; font-family: var(--font-mono);">
+                            Controls who can view this ticket
+                        </p>
+                    </div>
+                    <div id="visibilityGroupsContainer" class="detail-group" style="display: none; margin-top: 1rem;">
+                        <label>Allowed Groups</label>
+                        <div class="visibility-groups-list" style="display: flex; flex-wrap: wrap; gap: 0.75rem; margin-top: 0.5rem;">
+                            <?php
+                            // Get all available groups
+                            require_once __DIR__ . '/../models/UserModel.php';
+                            $userModel = new UserModel($conn);
+                            $allGroups = $userModel->getAllGroups();
+                            foreach ($allGroups as $group):
+                            ?>
+                                <label style="display: flex; align-items: center; gap: 0.5rem; cursor: pointer;">
+                                    <input type="checkbox" name="visibility_groups[]" value="<?php echo htmlspecialchars($group); ?>" class="visibility-group-checkbox">
+                                    <span class="group-badge"><?php echo htmlspecialchars($group); ?></span>
+                                </label>
+                            <?php endforeach; ?>
+                            <?php if (empty($allGroups)): ?>
+                                <span style="color: var(--text-muted);">No groups available</span>
+                            <?php endif; ?>
+                        </div>
+                        <p style="color: var(--terminal-amber); font-size: 0.85rem; margin-top: 0.5rem; font-family: var(--font-mono);">
+                            Select which groups can view this ticket
+                        </p>
+                    </div>
+                </div>
+            </div>
+
+            <!-- DIVIDER -->
+            <div class="ascii-divider"></div>
+
+            <!-- SECTION 6: Detailed Description -->
            <div class="ascii-section-header">Detailed Description</div>
            <div class="ascii-content">
                <div class="ascii-frame-inner">
@@ -251,6 +295,18 @@
        div.textContent = text;
        return div.innerHTML;
    }
+
+    function toggleVisibilityGroups() {
+        const visibility = document.getElementById('visibility').value;
+        const groupsContainer = document.getElementById('visibilityGroupsContainer');
+        if (visibility === 'internal') {
+            groupsContainer.style.display = 'block';
+        } else {
+            groupsContainer.style.display = 'none';
+            // Uncheck all group checkboxes when hiding
+            document.querySelectorAll('.visibility-group-checkbox').forEach(cb => cb.checked = false);
+        }
+    }
    </script>
 </body>
 </html>
--- a/views/DashboardView.php
+++ b/views/DashboardView.php
@@ -92,6 +92,7 @@
                            <a href="/admin/custom-fields">📝 Custom Fields</a>
                            <a href="/admin/user-activity">👥 User Activity</a>
                            <a href="/admin/audit-log">📜 Audit Log</a>
+                            <a href="/admin/api-keys">🔑 API Keys</a>
                        </div>
                    </div>
                <?php endif; ?>
@@ -125,7 +126,11 @@
    <!-- Dashboard Layout with Sidebar -->
    <div class="dashboard-layout">
        <!-- Left Sidebar with Filters -->
-        <aside class="dashboard-sidebar">
+        <aside class="dashboard-sidebar" id="dashboardSidebar">
+            <button class="sidebar-toggle" onclick="toggleSidebar()" title="Toggle Sidebar">
+                <span class="toggle-arrow">◀</span>
+            </button>
+            <div class="sidebar-content">
            <div class="ascii-frame-inner">
                <div class="ascii-subsection-header">Filters</div>

@@ -184,6 +189,7 @@
                <button id="apply-filters-btn" class="btn">Apply Filters</button>
                <button id="clear-filters-btn" class="btn btn-secondary">Clear All</button>
            </div>
+            </div>
        </aside>

        <!-- Main Content Area -->
@@ -277,6 +283,10 @@

        <!-- Center: Actions + Count -->
        <div class="toolbar-center">
+            <div class="view-toggle">
+                <button id="tableViewBtn" class="view-btn active" onclick="setViewMode('table')" title="Table View">≡</button>
+                <button id="cardViewBtn" class="view-btn" onclick="setViewMode('card')" title="Kanban View">▦</button>
+            </div>
            <button onclick="window.location.href='<?php echo $GLOBALS['config']['BASE_URL']; ?>/ticket/create'" class="btn create-ticket">+ New Ticket</button>
            <div class="export-dropdown" id="exportDropdown" style="display: none;">
                <button class="btn" onclick="toggleExportMenu(event)">↓ Export Selected (<span id="exportCount">0</span>)</button>
@@ -395,7 +405,7 @@

                    // Add checkbox column for admins
                    if ($GLOBALS['currentUser']['is_admin'] ?? false) {
-                        echo "<td><input type='checkbox' class='ticket-checkbox' value='{$row['ticket_id']}' onchange='updateSelectionCount()'></td>";
+                        echo "<td onclick='toggleRowCheckbox(event, this)' class='checkbox-cell'><input type='checkbox' class='ticket-checkbox' value='{$row['ticket_id']}' onchange='updateSelectionCount()'></td>";
                    }

                    echo "<td><a href='/ticket/{$row['ticket_id']}' class='ticket-link'>{$row['ticket_id']}</a></td>";
@@ -440,6 +450,40 @@
    </div>
    <!-- END OUTER FRAME -->

+    <!-- Kanban Card View -->
+    <div id="cardView" class="card-view-container" style="display: none;">
+        <div class="kanban-board">
+            <div class="kanban-column" data-status="Open">
+                <div class="kanban-column-header status-Open">
+                    <span class="column-title">Open</span>
+                    <span class="column-count">0</span>
+                </div>
+                <div class="kanban-cards"></div>
+            </div>
+            <div class="kanban-column" data-status="Pending">
+                <div class="kanban-column-header status-Pending">
+                    <span class="column-title">Pending</span>
+                    <span class="column-count">0</span>
+                </div>
+                <div class="kanban-cards"></div>
+            </div>
+            <div class="kanban-column" data-status="In Progress">
+                <div class="kanban-column-header status-In-Progress">
+                    <span class="column-title">In Progress</span>
+                    <span class="column-count">0</span>
+                </div>
+                <div class="kanban-cards"></div>
+            </div>
+            <div class="kanban-column" data-status="Closed">
+                <div class="kanban-column-header status-Closed">
+                    <span class="column-title">Closed</span>
+                    <span class="column-count">0</span>
+                </div>
+                <div class="kanban-cards"></div>
+            </div>
+        </div>
+    </div>
+
    <!-- Settings Modal -->
    <div class="settings-modal" id="settingsModal" style="display: none;" onclick="closeOnBackdropClick(event)">
        <div class="settings-content">
@@ -571,6 +615,23 @@

                        <div><strong>Role:</strong></div>
                        <div><?php echo $GLOBALS['currentUser']['is_admin'] ? 'Administrator' : 'User'; ?></div>
+
+                        <div><strong>Groups:</strong></div>
+                        <div class="user-groups-list">
+                            <?php
+                            $groups = explode(',', $GLOBALS['currentUser']['groups'] ?? '');
+                            foreach ($groups as $g):
+                                if (trim($g)):
+                            ?>
+                                <span class="group-badge"><?php echo htmlspecialchars(trim($g)); ?></span>
+                            <?php
+                                endif;
+                            endforeach;
+                            if (empty(trim($GLOBALS['currentUser']['groups'] ?? ''))):
+                            ?>
+                                <span style="color: var(--text-muted);">No groups assigned</span>
+                            <?php endif; ?>
+                        </div>
                    </div>
                </div>
            </div>
--- a/views/TicketView.php
+++ b/views/TicketView.php
@@ -64,14 +64,14 @@ function formatDetails($details, $actionType) {
    window.APP_TIMEZONE_ABBREV = '<?php echo $GLOBALS['config']['TIMEZONE_ABBREV']; ?>';
    </script>
    <script>
-    // Store ticket data in a global variable
+    // Store ticket data in a global variable (using json_encode for XSS safety)
    window.ticketData = {
-        ticket_id: "<?php echo $ticket['ticket_id']; ?>",
-        title: "<?php echo htmlspecialchars($ticket['title']); ?>",
-        status: "<?php echo $ticket['status']; ?>",
-        priority: "<?php echo $ticket['priority']; ?>",
-        category: "<?php echo $ticket['category']; ?>",
-        type: "<?php echo $ticket['type']; ?>"
+        ticket_id: <?php echo json_encode($ticket['ticket_id']); ?>,
+        title: <?php echo json_encode($ticket['title']); ?>,
+        status: <?php echo json_encode($ticket['status']); ?>,
+        priority: <?php echo json_encode($ticket['priority']); ?>,
+        category: <?php echo json_encode($ticket['category']); ?>,
+        type: <?php echo json_encode($ticket['type']); ?>
    };
    </script>
 </head>
@@ -167,6 +167,38 @@ function formatDetails($details, $actionType) {
                                    </select>
                                </div>
                            </div>
+
+                            <!-- Visibility Settings -->
+                            <div class="ticket-visibility-settings" style="margin-top: 0.75rem; padding-top: 0.75rem; border-top: 1px solid var(--terminal-green);">
+                                <div style="display: grid; grid-template-columns: repeat(2, 1fr); gap: 0.75rem;">
+                                    <div class="metadata-field">
+                                        <label style="font-weight: 500; display: block; margin-bottom: 0.25rem; color: var(--terminal-cyan); font-family: var(--font-mono); font-size: 0.85rem;">Visibility:</label>
+                                        <select id="visibilitySelect" class="metadata-select editable-metadata" disabled onchange="toggleVisibilityGroups()" style="width: 100%; padding: 0.25rem 0.5rem; border-radius: 0; border: 2px solid var(--terminal-green); background: var(--bg-primary); color: var(--terminal-green); font-family: var(--font-mono);">
+                                            <?php $currentVisibility = $ticket['visibility'] ?? 'public'; ?>
+                                            <option value="public" <?php echo $currentVisibility == 'public' ? 'selected' : ''; ?>>Public</option>
+                                            <option value="internal" <?php echo $currentVisibility == 'internal' ? 'selected' : ''; ?>>Internal</option>
+                                            <option value="confidential" <?php echo $currentVisibility == 'confidential' ? 'selected' : ''; ?>>Confidential</option>
+                                        </select>
+                                    </div>
+                                    <div class="metadata-field" id="visibilityGroupsField" style="<?php echo $currentVisibility !== 'internal' ? 'opacity: 0.5;' : ''; ?>">
+                                        <label style="font-weight: 500; display: block; margin-bottom: 0.25rem; color: var(--terminal-cyan); font-family: var(--font-mono); font-size: 0.85rem;">Allowed Groups:</label>
+                                        <div class="visibility-groups-display" style="font-family: var(--font-mono); font-size: 0.85rem; padding: 0.25rem;">
+                                            <?php
+                                            $visibilityGroups = array_filter(array_map('trim', explode(',', $ticket['visibility_groups'] ?? '')));
+                                            if (!empty($visibilityGroups)):
+                                                foreach ($visibilityGroups as $group):
+                                            ?>
+                                                <span class="group-badge" style="font-size: 0.75rem;"><?php echo htmlspecialchars($group); ?></span>
+                                            <?php
+                                                endforeach;
+                                            else:
+                                            ?>
+                                                <span style="color: var(--text-muted);"><?php echo $currentVisibility === 'internal' ? 'No groups selected' : '-'; ?></span>
+                                            <?php endif; ?>
+                                        </div>
+                                    </div>
+                                </div>
+                            </div>
                        </div>
                        <div class="header-controls">
                            <div class="status-priority-group">
@@ -395,15 +427,8 @@ function formatDetails($details, $actionType) {
        });
    </script>
    <script>
-    // Make ticket data available to JavaScript
-    window.ticketData = {
-        id: <?php echo json_encode($ticket['ticket_id']); ?>,
-        status: <?php echo json_encode($ticket['status']); ?>,
-        priority: <?php echo json_encode($ticket['priority']); ?>,
-        category: <?php echo json_encode($ticket['category']); ?>,
-        type: <?php echo json_encode($ticket['type']); ?>,
-        title: <?php echo json_encode($ticket['title']); ?>
-    };
+    // Ticket data already initialized in head, add id alias for compatibility
+    window.ticketData.id = window.ticketData.ticket_id;
    console.log('Ticket data loaded:', window.ticketData);
    </script>

@@ -515,6 +540,23 @@ function formatDetails($details, $actionType) {

                        <div><strong>Role:</strong></div>
                        <div><?php echo $GLOBALS['currentUser']['is_admin'] ? 'Administrator' : 'User'; ?></div>
+
+                        <div><strong>Groups:</strong></div>
+                        <div class="user-groups-list">
+                            <?php
+                            $groups = explode(',', $GLOBALS['currentUser']['groups'] ?? '');
+                            foreach ($groups as $g):
+                                if (trim($g)):
+                            ?>
+                                <span class="group-badge"><?php echo htmlspecialchars(trim($g)); ?></span>
+                            <?php
+                                endif;
+                            endforeach;
+                            if (empty(trim($GLOBALS['currentUser']['groups'] ?? ''))):
+                            ?>
+                                <span style="color: var(--text-muted);">No groups assigned</span>
+                            <?php endif; ?>
+                        </div>
                    </div>
                </div>
            </div>
--- a/views/admin/ApiKeysView.php
+++ b/views/admin/ApiKeysView.php
@@ -0,0 +1,245 @@
+<?php
+// Admin view for managing API keys
+// Receives $apiKeys from controller
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>API Keys - Admin</title>
+    <link rel="icon" type="image/png" href="<?php echo $GLOBALS['config']['ASSETS_URL']; ?>/images/favicon.png">
+    <link rel="stylesheet" href="<?php echo $GLOBALS['config']['ASSETS_URL']; ?>/css/dashboard.css">
+    <link rel="stylesheet" href="<?php echo $GLOBALS['config']['ASSETS_URL']; ?>/css/ticket.css">
+    <script src="<?php echo $GLOBALS['config']['ASSETS_URL']; ?>/js/toast.js"></script>
+    <script>
+    window.CSRF_TOKEN = '<?php
+        require_once __DIR__ . '/../../middleware/CsrfMiddleware.php';
+        echo CsrfMiddleware::getToken();
+    ?>';
+    </script>
+</head>
+<body>
+    <div class="user-header">
+        <div class="user-header-left">
+            <a href="/" class="back-link">← Dashboard</a>
+            <span style="margin-left: 1rem; color: var(--terminal-amber);">Admin: API Keys</span>
+        </div>
+        <div class="user-header-right">
+            <?php if (isset($GLOBALS['currentUser'])): ?>
+                <span class="user-name"><?php echo htmlspecialchars($GLOBALS['currentUser']['display_name'] ?? $GLOBALS['currentUser']['username']); ?></span>
+                <span class="admin-badge">Admin</span>
+            <?php endif; ?>
+        </div>
+    </div>
+
+    <div class="ascii-frame-outer" style="max-width: 1200px; margin: 2rem auto;">
+        <span class="bottom-left-corner">╚</span>
+        <span class="bottom-right-corner">╝</span>
+
+        <div class="ascii-section-header">API Key Management</div>
+        <div class="ascii-content">
+            <!-- Generate New Key Form -->
+            <div class="ascii-frame-inner" style="margin-bottom: 1.5rem;">
+                <h3 style="color: var(--terminal-amber); margin-bottom: 1rem;">Generate New API Key</h3>
+                <form id="generateKeyForm" style="display: flex; gap: 1rem; flex-wrap: wrap; align-items: flex-end;">
+                    <div style="flex: 1; min-width: 200px;">
+                        <label style="display: block; font-size: 0.8rem; color: var(--terminal-amber); margin-bottom: 0.25rem;">Key Name *</label>
+                        <input type="text" id="keyName" required placeholder="e.g., CI/CD Pipeline"
+                            style="width: 100%; padding: 0.5rem; border: 2px solid var(--terminal-green); background: var(--bg-primary); color: var(--terminal-green); font-family: var(--font-mono);">
+                    </div>
+                    <div style="min-width: 150px;">
+                        <label style="display: block; font-size: 0.8rem; color: var(--terminal-amber); margin-bottom: 0.25rem;">Expires In</label>
+                        <select id="expiresIn" style="width: 100%; padding: 0.5rem; border: 2px solid var(--terminal-green); background: var(--bg-primary); color: var(--terminal-green); font-family: var(--font-mono);">
+                            <option value="">Never</option>
+                            <option value="30">30 days</option>
+                            <option value="90">90 days</option>
+                            <option value="180">180 days</option>
+                            <option value="365">1 year</option>
+                        </select>
+                    </div>
+                    <div>
+                        <button type="submit" class="btn">Generate Key</button>
+                    </div>
+                </form>
+            </div>
+
+            <!-- New Key Display (hidden by default) -->
+            <div id="newKeyDisplay" class="ascii-frame-inner" style="display: none; margin-bottom: 1.5rem; background: rgba(255, 176, 0, 0.1); border-color: var(--terminal-amber);">
+                <h3 style="color: var(--terminal-amber); margin-bottom: 0.5rem;">New API Key Generated</h3>
+                <p style="color: var(--priority-1); margin-bottom: 1rem; font-size: 0.9rem;">
+                    Copy this key now. You won't be able to see it again!
+                </p>
+                <div style="display: flex; gap: 0.5rem; align-items: center;">
+                    <input type="text" id="newKeyValue" readonly
+                        style="flex: 1; padding: 0.75rem; font-family: var(--font-mono); font-size: 0.85rem; background: var(--bg-primary); border: 2px solid var(--terminal-green); color: var(--terminal-green);">
+                    <button onclick="copyApiKey()" class="btn" title="Copy to clipboard">Copy</button>
+                </div>
+            </div>
+
+            <!-- Existing Keys Table -->
+            <div class="ascii-frame-inner">
+                <h3 style="color: var(--terminal-amber); margin-bottom: 1rem;">Existing API Keys</h3>
+                <table style="width: 100%; font-size: 0.9rem;">
+                    <thead>
+                        <tr>
+                            <th>Name</th>
+                            <th>Key Prefix</th>
+                            <th>Created By</th>
+                            <th>Created At</th>
+                            <th>Expires At</th>
+                            <th>Last Used</th>
+                            <th>Status</th>
+                            <th>Actions</th>
+                        </tr>
+                    </thead>
+                    <tbody>
+                        <?php if (empty($apiKeys)): ?>
+                            <tr>
+                                <td colspan="8" style="text-align: center; padding: 2rem; color: var(--terminal-green-dim);">
+                                    No API keys found. Generate one above.
+                                </td>
+                            </tr>
+                        <?php else: ?>
+                            <?php foreach ($apiKeys as $key): ?>
+                                <tr id="key-row-<?php echo $key['api_key_id']; ?>">
+                                    <td><?php echo htmlspecialchars($key['key_name']); ?></td>
+                                    <td style="font-family: var(--font-mono);">
+                                        <code><?php echo htmlspecialchars($key['key_prefix']); ?>...</code>
+                                    </td>
+                                    <td><?php echo htmlspecialchars($key['display_name'] ?? $key['username'] ?? 'Unknown'); ?></td>
+                                    <td style="white-space: nowrap;"><?php echo date('Y-m-d H:i', strtotime($key['created_at'])); ?></td>
+                                    <td style="white-space: nowrap;">
+                                        <?php if ($key['expires_at']): ?>
+                                            <?php
+                                            $expired = strtotime($key['expires_at']) < time();
+                                            $color = $expired ? 'var(--priority-1)' : 'var(--terminal-green)';
+                                            ?>
+                                            <span style="color: <?php echo $color; ?>;">
+                                                <?php echo date('Y-m-d', strtotime($key['expires_at'])); ?>
+                                                <?php if ($expired): ?> (Expired)<?php endif; ?>
+                                            </span>
+                                        <?php else: ?>
+                                            <span style="color: var(--terminal-cyan);">Never</span>
+                                        <?php endif; ?>
+                                    </td>
+                                    <td style="white-space: nowrap;">
+                                        <?php echo $key['last_used'] ? date('Y-m-d H:i', strtotime($key['last_used'])) : 'Never'; ?>
+                                    </td>
+                                    <td>
+                                        <?php if ($key['is_active']): ?>
+                                            <span style="color: var(--status-open);">Active</span>
+                                        <?php else: ?>
+                                            <span style="color: var(--status-closed);">Revoked</span>
+                                        <?php endif; ?>
+                                    </td>
+                                    <td>
+                                        <?php if ($key['is_active']): ?>
+                                            <button onclick="revokeKey(<?php echo $key['api_key_id']; ?>)" class="btn btn-secondary" style="padding: 0.25rem 0.5rem; font-size: 0.8rem;">
+                                                Revoke
+                                            </button>
+                                        <?php else: ?>
+                                            <span style="color: var(--text-muted);">-</span>
+                                        <?php endif; ?>
+                                    </td>
+                                </tr>
+                            <?php endforeach; ?>
+                        <?php endif; ?>
+                    </tbody>
+                </table>
+            </div>
+
+            <!-- API Usage Info -->
+            <div class="ascii-frame-inner" style="margin-top: 1.5rem;">
+                <h3 style="color: var(--terminal-amber); margin-bottom: 1rem;">API Usage</h3>
+                <p style="margin-bottom: 0.5rem;">Include the API key in your requests using the Authorization header:</p>
+                <pre style="background: var(--bg-primary); padding: 1rem; border: 1px solid var(--terminal-green); overflow-x: auto;"><code>Authorization: Bearer YOUR_API_KEY</code></pre>
+                <p style="margin-top: 1rem; font-size: 0.9rem; color: var(--text-muted);">
+                    API keys provide programmatic access to create and manage tickets. Keep your keys secure and rotate them regularly.
+                </p>
+            </div>
+        </div>
+    </div>
+
+    <script>
+    document.getElementById('generateKeyForm').addEventListener('submit', async function(e) {
+        e.preventDefault();
+
+        const keyName = document.getElementById('keyName').value.trim();
+        const expiresIn = document.getElementById('expiresIn').value;
+
+        if (!keyName) {
+            showToast('Please enter a key name', 'error');
+            return;
+        }
+
+        try {
+            const response = await fetch('/api/generate_api_key.php', {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    'X-CSRF-Token': window.CSRF_TOKEN
+                },
+                body: JSON.stringify({
+                    key_name: keyName,
+                    expires_in_days: expiresIn || null
+                })
+            });
+
+            const data = await response.json();
+
+            if (data.success) {
+                // Show the new key
+                document.getElementById('newKeyValue').value = data.api_key;
+                document.getElementById('newKeyDisplay').style.display = 'block';
+                document.getElementById('keyName').value = '';
+
+                showToast('API key generated successfully', 'success');
+
+                // Reload page after 5 seconds to show new key in table
+                setTimeout(() => location.reload(), 5000);
+            } else {
+                showToast(data.error || 'Failed to generate API key', 'error');
+            }
+        } catch (error) {
+            showToast('Error generating API key: ' + error.message, 'error');
+        }
+    });
+
+    function copyApiKey() {
+        const keyInput = document.getElementById('newKeyValue');
+        keyInput.select();
+        document.execCommand('copy');
+        showToast('API key copied to clipboard', 'success');
+    }
+
+    async function revokeKey(keyId) {
+        if (!confirm('Are you sure you want to revoke this API key? This action cannot be undone.')) {
+            return;
+        }
+
+        try {
+            const response = await fetch('/api/revoke_api_key.php', {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    'X-CSRF-Token': window.CSRF_TOKEN
+                },
+                body: JSON.stringify({ key_id: keyId })
+            });
+
+            const data = await response.json();
+
+            if (data.success) {
+                showToast('API key revoked successfully', 'success');
+                location.reload();
+            } else {
+                showToast(data.error || 'Failed to revoke API key', 'error');
+            }
+        } catch (error) {
+            showToast('Error revoking API key: ' + error.message, 'error');
+        }
+    }
+    </script>
+</body>
+</html>