/**
 * DELETE /api/workspaces/[slug]/keys/[keyId] — revoke a workspace API key
 */

import { NextResponse } from 'next/server';
import { requireWorkspacePrincipal, revokeWorkspaceApiKey } from '@/lib/auth/workspace-auth';

export async function DELETE(
  request: Request,
  { params }: { params: Promise<{ slug: string; keyId: string }> }
) {
  const { slug, keyId } = await params;
  const principal = await requireWorkspacePrincipal(request, { targetSlug: slug });
  if (principal instanceof NextResponse) return principal;

  if (principal.source !== 'session') {
    return NextResponse.json(
      { error: 'API keys can only be revoked from a signed-in session' },
      { status: 403 }
    );
  }

  const ok = await revokeWorkspaceApiKey(principal.workspace.id, keyId);
  if (!ok) {
    return NextResponse.json({ error: 'Key not found or already revoked' }, { status: 404 });
  }
  return NextResponse.json({ revoked: true });
}