From 1b10c97099e697870909021ebb2bc9f6c808fb16 Mon Sep 17 00:00:00 2001
From: orion <orion@op.hangman-lab.top>
Date: Thu, 16 Apr 2026 21:17:13 +0000
Subject: [PATCH] feat: allow API key auth for reset-apikey endpoint

Change dependency from get_current_user (OAuth2 only) to
get_current_user_or_apikey, enabling account-manager API key
to reset user API keys for provisioning workflows.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 app/api/routers/users.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/api/routers/users.py b/app/api/routers/users.py
index 1325f3e..ec64c92 100644
--- a/app/api/routers/users.py
+++ b/app/api/routers/users.py
@@ -241,7 +241,7 @@ def delete_user(
 def reset_user_apikey(
     identifier: str,
     db: Session = Depends(get_db),
-    current_user: models.User = Depends(get_current_user),
+    current_user: models.User = Depends(get_current_user_or_apikey),
 ):
     """Reset (regenerate) a user's API key.
 
@@ -249,6 +249,8 @@ def reset_user_apikey(
     - user.reset-apikey: can reset any user's API key
     - user.reset-self-apikey: can reset only own API key
     - admin: can reset any user's API key
+
+    Accepts both OAuth2 Bearer token and X-API-Key authentication.
     """
     import secrets
     from app.models.apikey import APIKey