feat(backend): Add API key DB table

[aarushik93]

Background

We will be adding API level access, as such need to have access to API keys for users. This PR migrates the DB

Changes 🏗️

• Introduces APIKey model for managing API access credentials
• Implements granular permissions system with 4 core permissions:
  • EXECUTE_GRAPH: Run agent graphs
  • READ_GRAPH: Access graph information and versions
  • EXECUTE_BLOCK: Run individual blocks
  • READ_BLOCK: Access block information
• Adds API key status tracking (ACTIVE/REVOKED/SUSPENDED)
• Adds relates migrations

Testing 🔍

Note

Only for the new autogpt platform, currently in autogpt_platform/

• Create from scratch and execute an agent with at least 3 blocks
• Import an agent from file upload, and confirm it executes correctly
• Upload agent to marketplace
• Import an agent from marketplace and confirm it executes correctly
• Edit an agent from monitor, and confirm it executes correctly

Configuration Changes 📝

Note

Only for the new autogpt platform, currently in autogpt_platform/

If you're making configuration or infrastructure changes, please remember to check you've updated the related infrastructure code in the autogpt_platform/infra folder.

Examples of such changes might include:

• Changing ports
• Adding new services that need to communicate with each other
• Secrets or environment variable changes
• New or infrastructure changes such as databases

[qodo-merge-pro]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 Security concerns Sensitive information exposure: The key field in the APIKey table (line 12 in the migration file) is stored as plain text. This could lead to exposure of API keys if the database is compromised. It's recommended to store a hashed version of the key instead of the plain text value. Additionally, ensure that the prefix field doesn't contain any sensitive information from the actual key.

⚡ Recommended focus areas for review Security Concern The key field in the APIKey table is stored as plain text. Consider using a hashing mechanism to store the API key securely. Missing Validation The APIKey model doesn't have any constraints on the permissions field. Consider adding a check to ensure at least one permission is assigned. Potential Improvement Consider adding a expiresAt field to the APIKey model for implementing key rotation policies.