From 5c3bea602fb8147a77e956abbd895a2617daf919 Mon Sep 17 00:00:00 2001
From: Nathan LeRoy <NLeRoy917@gmail.com>
Date: Fri, 28 Jun 2024 14:32:57 -0400
Subject: [PATCH 01/16] add skeleton for creating user developer keys

---
 pephub/dependencies.py                        |  4 +-
 pephub/developer_keys.py                      | 67 +++++++++++++++++++
 pephub/routers/auth/base.py                   | 45 +++++++++++++
 .../developer-settings/api-key-view.tsx       | 59 ++++++++++++++++
 web/src/components/modals/add-pep.tsx         |  4 +-
 .../modals/developer-settings-modal.tsx       | 60 +++++++++++++++++
 web/src/pages/Namespace.tsx                   | 13 +++-
 7 files changed, 246 insertions(+), 6 deletions(-)
 create mode 100644 pephub/developer_keys.py
 create mode 100644 web/src/components/developer-settings/api-key-view.tsx
 create mode 100644 web/src/components/modals/developer-settings-modal.tsx

diff --git a/pephub/dependencies.py b/pephub/dependencies.py
index 77082ef0..1c479e1e 100644
--- a/pephub/dependencies.py
+++ b/pephub/dependencies.py
@@ -82,8 +82,8 @@ def _request_user_data_from_github(access_token: str) -> UserData:
             )
 
     @staticmethod
-    def jwt_encode_user_data(user_data: dict) -> str:
-        exp = datetime.utcnow() + timedelta(minutes=JWT_EXPIRATION)
+    def jwt_encode_user_data(user_data: dict, exp: datetime = None) -> str:
+        exp = exp or datetime.utcnow() + timedelta(minutes=JWT_EXPIRATION)
         encoded_user_data = jwt.encode(
             {**user_data, "exp": exp}, JWT_SECRET, algorithm="HS256"
         )
diff --git a/pephub/developer_keys.py b/pephub/developer_keys.py
new file mode 100644
index 00000000..6f172b9e
--- /dev/null
+++ b/pephub/developer_keys.py
@@ -0,0 +1,67 @@
+from datetime import datetime, timedelta
+from typing import Dict, List
+
+import jwt
+from pydantic import BaseModel
+
+from .const import JWT_SECRET
+from .dependencies import CLIAuthSystem
+
+
+class DeveloperKey(BaseModel):
+    key: str
+    created_at: str
+    expires: str
+
+
+class DeveloperKeyHandler:
+    def __init__(self, default_exp: int = 30 * 24 * 60 * 60):
+        self._keys: Dict[str, List[DeveloperKey]] = {}
+        self._default_exp = default_exp
+
+    def add_key(self, namespace: str, key: DeveloperKey):
+        """
+        Add a key to the handler for a given namespace/user
+
+        :param namespace: namespace for the key
+        :param key: DeveloperKey object
+        """
+        if namespace not in self._keys:
+            self._keys[namespace] = []
+        self._keys[namespace].append(key)
+
+    def get_keys_for_namespace(self, namespace: str) -> List[DeveloperKey]:
+        """
+        Get all the keys for a given namespace
+
+        namespace: str
+        """
+        return self._keys.get(namespace)
+
+    def remove_key(self, namespace: str, key: str):
+        """
+        Remove a key from the handler for a given namespace/user
+
+        :param namespace: namespace for the key
+        :param key: key to remove
+        """
+        if namespace in self._keys:
+            self._keys[namespace] = [k for k in self._keys[namespace] if k.key != key]
+
+    def mint_key_for_namespace(
+        self, namespace: str, session_info: dict
+    ) -> DeveloperKey:
+        """
+        Mint a new key for a given namespace
+
+        :param namespace: namespace for the key
+        """
+        expiry = datetime.utcnow() + timedelta(seconds=self._default_exp)
+        new_key = CLIAuthSystem.jwt_encode_user_data(session_info, exp=expiry)
+        key = DeveloperKey(
+            key=new_key,
+            created_at=datetime.utcnow().isoformat(),
+            expires=expiry.isoformat(),
+        )
+        self.add_key(namespace, key)
+        return key
diff --git a/pephub/routers/auth/base.py b/pephub/routers/auth/base.py
index 22380dd0..1863d452 100644
--- a/pephub/routers/auth/base.py
+++ b/pephub/routers/auth/base.py
@@ -30,11 +30,13 @@
     JWTDeviceTokenResponse,
     TokenExchange,
 )
+from ...developer_keys import DeveloperKeyHandler
 
 load_dotenv()
 
 CODE_EXCHANGE = {}
 DEVICE_CODES = {}
+dev_key_handler = DeveloperKeyHandler()
 
 templates = Jinja2Templates(directory=BASE_TEMPLATES_PATH)
 je = jinja2.Environment(loader=jinja2.FileSystemLoader(BASE_TEMPLATES_PATH))
@@ -66,6 +68,45 @@ def delete_device_code_after(code: str, expiration: int = AUTH_CODE_EXPIRATION):
     DEVICE_CODES.pop(code, None)
 
 
+@auth.get("/user/keys")
+def get_user_keys(session_info: Union[dict, None] = Depends(read_authorization_header)):
+    if session_info:
+        keys = dev_key_handler.get_keys_for_namespace(session_info["login"])
+
+        # obfuscate the keys -- we never want to show the full key
+        for key in keys:
+            key.key = key.key[:5] + "*" * 10 + key.key[-5:]
+
+        return {
+            "keys": keys,
+        }
+    else:
+        raise HTTPException(status_code=401, detail="Invalid token")
+
+
+@auth.post("/user/keys")
+def mint_user_key(
+    session_info: Union[dict, None] = Depends(read_authorization_header),
+):
+    if session_info:
+        key = dev_key_handler.mint_key_for_namespace(session_info["login"])
+        return key
+    else:
+        raise HTTPException(status_code=401, detail="Invalid token")
+
+
+@auth.delete("/user/keys")
+def delete_user_key(
+    key: str,
+    session_info: Union[dict, None] = Depends(read_authorization_header),
+):
+    if session_info:
+        dev_key_handler.remove_key(session_info["login"], key)
+        return {"message": "Key deleted successfully."}
+    else:
+        raise HTTPException(status_code=401, detail="Invalid token")
+
+
 @auth.get("/login", response_class=RedirectResponse)
 def login(
     client_redirect_uri: Union[str, None] = None,
@@ -128,6 +169,10 @@ def callback(
         headers={"Authorization": f"Bearer {x['access_token']}"},
     ).json()
 
+    # append the github access_token to the user data
+    u["gh_access_token"] = x["access_token"]
+    u["gh_refresh_token"] = x["refresh_token"]
+
     # encode the token
     token = CLIAuthSystem.jwt_encode_user_data(
         dict(orgs=[org["login"] for org in organizations], **u)
diff --git a/web/src/components/developer-settings/api-key-view.tsx b/web/src/components/developer-settings/api-key-view.tsx
new file mode 100644
index 00000000..16717f32
--- /dev/null
+++ b/web/src/components/developer-settings/api-key-view.tsx
@@ -0,0 +1,59 @@
+import { dateStringToDateTime } from '../../utils/dates';
+
+export const ApiKeyView = () => {
+  const testKeys = [
+    {
+      key_obfuscated: '*********_3456',
+      created_at: '2021-09-01T00:00:00Z',
+      expires: '2021-09-01T00:00:00Z',
+    },
+    {
+      key_obfuscated: '*********_3456',
+      created_at: '2021-09-01T00:00:00Z',
+      expires: '2021-09-01T00:00:00Z',
+    },
+  ];
+  return (
+    <div className="d-flex flex-column p-2">
+      <div>
+        <h5 className="fw-bold">Active keys:</h5>
+        {testKeys?.length > 0 ? (
+          testKeys.map((key, index) => (
+            <div key={index} className="d-flex justify-content-between border border-dark shadow-sm p-1 rounded mb-1">
+              <div className="d-flex flex-column align-items-start">
+                <div className="d-flex align-items-center">
+                  <i className="bi bi-key me-2 text-xl"></i>
+                  <span className="text-sm">
+                    <code>{key.key_obfuscated}</code>
+                  </span>
+                </div>
+                <div className="d-flex align-items-center gap-3 text-muted">
+                  <span className="text-sm">Created at: {dateStringToDateTime(key.created_at)}</span>
+                  <span className="text-sm">Expires: {dateStringToDateTime(key.expires)}</span>
+                </div>
+              </div>
+              <div className="d-flex align-items-start">
+                <button className="btn btn-sm btn-danger">
+                  <i className="bi bi-trash me-1"></i>
+                  Revoke
+                </button>
+              </div>
+            </div>
+          ))
+        ) : (
+          <div className="text-muted">No active keys. You can create a new API key below.</div>
+        )}
+      </div>
+      <div className="my-2 border-top"></div>
+      <div>
+        {/* <h5 className="fw-bold">Create new:</h5> */}
+        <div>
+          <button className="btn btn-sm btn-success">
+            <i className="bi bi-plus-circle me-2"></i>
+            Create new API key
+          </button>
+        </div>
+      </div>
+    </div>
+  );
+};
diff --git a/web/src/components/modals/add-pep.tsx b/web/src/components/modals/add-pep.tsx
index a8c0219a..53301dfb 100644
--- a/web/src/components/modals/add-pep.tsx
+++ b/web/src/components/modals/add-pep.tsx
@@ -1,4 +1,3 @@
-import { FC } from 'react';
 import { Modal, Tab, Tabs } from 'react-bootstrap';
 
 import { BlankProjectForm } from '../forms/blank-project-form';
@@ -11,7 +10,8 @@ interface Props {
   onHide: () => void;
 }
 
-export const AddPEPModal: FC<Props> = ({ show, onHide, defaultNamespace }) => {
+export const AddPEPModal = (props: Props) => {
+  const { show, onHide, defaultNamespace } = props;
   return (
     <Modal size="lg" centered animation={false} show={show} onHide={onHide}>
       <Modal.Header closeButton>
diff --git a/web/src/components/modals/developer-settings-modal.tsx b/web/src/components/modals/developer-settings-modal.tsx
new file mode 100644
index 00000000..be6499c1
--- /dev/null
+++ b/web/src/components/modals/developer-settings-modal.tsx
@@ -0,0 +1,60 @@
+import { useState } from 'react';
+import { Col, ListGroup, Modal, Row } from 'react-bootstrap';
+
+import { ApiKeyView } from '../developer-settings/api-key-view';
+
+type Props = {
+  show: boolean;
+  onHide: () => void;
+};
+
+type View = 'api-keys' | 'account' | 'settings';
+
+export const DeveloperSettingsModal = (props: Props) => {
+  const { show, onHide } = props;
+
+  const [view, setView] = useState<View>('api-keys');
+
+  return (
+    <Modal size="xl" centered animation={false} show={show} onHide={onHide}>
+      <Modal.Header closeButton>
+        <h1 className="modal-title fs-5">Developer Settings</h1>
+      </Modal.Header>
+      <Modal.Body className="bg-secondary bg-opacity-10">
+        <Row>
+          <Col className="border-end" md={3}>
+            <ListGroup defaultActiveKey="#link1">
+              <ListGroup.Item action onClick={() => setView('api-keys')}>
+                <i className="bi bi-key me-1"></i>
+                API Keys
+              </ListGroup.Item>
+              <ListGroup.Item action onClick={() => setView('account')}>
+                <i className="bi bi-person me-1"></i>
+                Account
+              </ListGroup.Item>
+              <ListGroup.Item action onClick={() => setView('settings')}>
+                <i className="bi bi-gear me-1"></i>
+                Settings
+              </ListGroup.Item>
+            </ListGroup>
+          </Col>
+          <Col md={9}>
+            <div className="border h-100 rounded bg-light">
+              {view === 'api-keys' ? (
+                <ApiKeyView />
+              ) : view === 'account' ? (
+                <div>
+                  <h1>Account View</h1>
+                </div>
+              ) : view === 'settings' ? (
+                <div>
+                  <h1>Settings View</h1>
+                </div>
+              ) : null}
+            </div>
+          </Col>
+        </Row>
+      </Modal.Body>
+    </Modal>
+  );
+};
diff --git a/web/src/pages/Namespace.tsx b/web/src/pages/Namespace.tsx
index 82c59953..4e73d713 100644
--- a/web/src/pages/Namespace.tsx
+++ b/web/src/pages/Namespace.tsx
@@ -6,6 +6,7 @@ import { GitHubAvatar } from '../components/badges/github-avatar';
 import { PageLayout } from '../components/layout/page-layout';
 import { Pagination } from '../components/layout/pagination';
 import { AddPEPModal } from '../components/modals/add-pep';
+import { DeveloperSettingsModal } from '../components/modals/developer-settings-modal';
 import { DownloadGeo } from '../components/modals/download-geo';
 import { NamespaceAPIEndpointsModal } from '../components/modals/namespace-api-endpoints';
 import { NamespaceBadge } from '../components/namespace/namespace-badge';
@@ -45,6 +46,7 @@ export const NamespacePage = () => {
   const [showAddPEPModal, setShowAddPEPModal] = useState(false);
   const [showEndpointsModal, setShowEndpointsModal] = useState(false);
   const [showGeoDownloadModal, setShowGeoDownloadModal] = useState(false);
+  const [showSettingsModal, setShowSettingsModal] = useState(false);
   const [view, setView] = useState<View>(viewFromUrl === 'stars' ? 'stars' : 'peps');
   const [starSearch, setStarSearch] = useState<string>(searchParams.get('starSearch') || '');
 
@@ -113,8 +115,8 @@ export const NamespacePage = () => {
           <h1 id="namespace-header" className="fw-bold">
             <GitHubAvatar namespace={namespace} height={60} width={60} /> {namespace}
           </h1>
-          <div className="d-flex flex-row align-items-center">
-            <button onClick={() => setShowEndpointsModal(true)} className="btn btn-sm btn-outline-dark me-1">
+          <div className="d-flex flex-row align-items-center gap-1">
+            <button onClick={() => setShowEndpointsModal(true)} className="btn btn-sm btn-outline-dark">
               <i className="bi bi-hdd-rack me-1"></i>
               API
             </button>
@@ -129,6 +131,12 @@ export const NamespacePage = () => {
                 Download
               </button>
             )}
+            {user?.login === namespace && (
+              <button className="btn btn-sm btn-dark" onClick={() => setShowSettingsModal(true)}>
+                <i className="bi bi-gear me-1"></i>
+                Settings
+              </button>
+            )}
             {user?.login === namespace || user?.orgs.includes(namespace || '') ? (
               <Fragment>
                 <button
@@ -246,6 +254,7 @@ export const NamespacePage = () => {
           onHide={() => setShowEndpointsModal(false)}
         />
         <DownloadGeo show={showGeoDownloadModal} onHide={() => setShowGeoDownloadModal(false)} />
+        <DeveloperSettingsModal show={showSettingsModal} onHide={() => setShowSettingsModal(false)} />
       </PageLayout>
     );
   }

From 73b957affd35d898b4fafb83abe00de483790c2b Mon Sep 17 00:00:00 2001
From: Nathan LeRoy <NLeRoy917@gmail.com>
Date: Fri, 28 Jun 2024 16:07:41 -0400
Subject: [PATCH 02/16] complete api key minting mvp (#313)

---
 pephub/developer_keys.py                      | 13 ++-
 pephub/routers/auth/base.py                   | 20 ++--
 pephub/routers/models.py                      |  4 +
 web/src/api/auth.ts                           | 57 +++++++++++
 .../developer-settings/api-key-view.tsx       | 97 +++++++++++++++----
 .../components/modals/new-api-key-modal.tsx   | 87 +++++++++++++++++
 web/src/hooks/mutations/useCreateNewApiKey.ts | 46 +++++++++
 web/src/hooks/mutations/useRevokeApiKey.ts    | 41 ++++++++
 web/src/hooks/queries/useUserApiKeys.ts       | 19 ++++
 9 files changed, 352 insertions(+), 32 deletions(-)
 create mode 100644 web/src/components/modals/new-api-key-modal.tsx
 create mode 100644 web/src/hooks/mutations/useCreateNewApiKey.ts
 create mode 100644 web/src/hooks/mutations/useRevokeApiKey.ts
 create mode 100644 web/src/hooks/queries/useUserApiKeys.ts

diff --git a/pephub/developer_keys.py b/pephub/developer_keys.py
index 6f172b9e..5a398af1 100644
--- a/pephub/developer_keys.py
+++ b/pephub/developer_keys.py
@@ -1,7 +1,8 @@
 from datetime import datetime, timedelta
 from typing import Dict, List
 
-import jwt
+import secrets
+
 from pydantic import BaseModel
 
 from .const import JWT_SECRET
@@ -36,9 +37,9 @@ def get_keys_for_namespace(self, namespace: str) -> List[DeveloperKey]:
 
         namespace: str
         """
-        return self._keys.get(namespace)
+        return self._keys.get(namespace) or []
 
-    def remove_key(self, namespace: str, key: str):
+    def remove_key(self, namespace: str, last_five_chars: str):
         """
         Remove a key from the handler for a given namespace/user
 
@@ -46,7 +47,9 @@ def remove_key(self, namespace: str, key: str):
         :param key: key to remove
         """
         if namespace in self._keys:
-            self._keys[namespace] = [k for k in self._keys[namespace] if k.key != key]
+            self._keys[namespace] = [
+                key for key in self._keys[namespace] if key.key[-5:] != last_five_chars
+            ]
 
     def mint_key_for_namespace(
         self, namespace: str, session_info: dict
@@ -56,6 +59,8 @@ def mint_key_for_namespace(
 
         :param namespace: namespace for the key
         """
+        salt = secrets.token_hex(32)
+        session_info["salt"] = salt
         expiry = datetime.utcnow() + timedelta(seconds=self._default_exp)
         new_key = CLIAuthSystem.jwt_encode_user_data(session_info, exp=expiry)
         key = DeveloperKey(
diff --git a/pephub/routers/auth/base.py b/pephub/routers/auth/base.py
index 1863d452..9dd4a313 100644
--- a/pephub/routers/auth/base.py
+++ b/pephub/routers/auth/base.py
@@ -8,7 +8,7 @@
 from dotenv import load_dotenv
 from fastapi import APIRouter, BackgroundTasks, Depends, Header, Request
 from fastapi.exceptions import HTTPException
-from fastapi.responses import RedirectResponse
+from fastapi.responses import RedirectResponse, JSONResponse
 from fastapi.templating import Jinja2Templates
 
 from ...const import (
@@ -29,6 +29,7 @@
     InitializeDeviceCodeResponse,
     JWTDeviceTokenResponse,
     TokenExchange,
+    RevokeRequest,
 )
 from ...developer_keys import DeveloperKeyHandler
 
@@ -77,9 +78,8 @@ def get_user_keys(session_info: Union[dict, None] = Depends(read_authorization_h
         for key in keys:
             key.key = key.key[:5] + "*" * 10 + key.key[-5:]
 
-        return {
-            "keys": keys,
-        }
+        return {"keys": keys}
+
     else:
         raise HTTPException(status_code=401, detail="Invalid token")
 
@@ -89,19 +89,23 @@ def mint_user_key(
     session_info: Union[dict, None] = Depends(read_authorization_header),
 ):
     if session_info:
-        key = dev_key_handler.mint_key_for_namespace(session_info["login"])
-        return key
+        key = dev_key_handler.mint_key_for_namespace(
+            session_info["login"], session_info=session_info
+        )
+        return {"key": key}
     else:
         raise HTTPException(status_code=401, detail="Invalid token")
 
 
 @auth.delete("/user/keys")
 def delete_user_key(
-    key: str,
+    revoke_request: RevokeRequest,
     session_info: Union[dict, None] = Depends(read_authorization_header),
 ):
     if session_info:
-        dev_key_handler.remove_key(session_info["login"], key)
+        dev_key_handler.remove_key(
+            session_info["login"], revoke_request.last_five_chars
+        )
         return {"message": "Key deleted successfully."}
     else:
         raise HTTPException(status_code=401, detail="Invalid token")
diff --git a/pephub/routers/models.py b/pephub/routers/models.py
index 9138ab25..9107839c 100644
--- a/pephub/routers/models.py
+++ b/pephub/routers/models.py
@@ -88,3 +88,7 @@ class ProjectJsonRequest(BaseModel):
     overwrite: bool = False
     pep_schema: Optional[str] = DEFAULT_PEP_SCHEMA
     pop: Optional[bool] = None
+
+
+class RevokeRequest(BaseModel):
+    last_five_chars: str
diff --git a/web/src/api/auth.ts b/web/src/api/auth.ts
index 2676a518..edf9ef9d 100644
--- a/web/src/api/auth.ts
+++ b/web/src/api/auth.ts
@@ -4,6 +4,20 @@ const API_HOST = import.meta.env.VITE_API_HOST || '';
 const AUTH_BASE = `${API_HOST}/auth`;
 const CLIENT_REDIRECT_URL = '/login/success';
 
+type ApiKey = {
+  key: string;
+  created_at: string;
+  expires: string;
+};
+
+type UserApiKeysResponse = {
+  keys: ApiKey[];
+};
+
+type CreateApiKeyResponse = {
+  key: ApiKey;
+};
+
 export const buildClientRedirectUrl = (): string => {
   const scheme = window.location.protocol;
   const url = `${scheme}//${window.location.host}${CLIENT_REDIRECT_URL}`;
@@ -15,3 +29,46 @@ export const exchangeCodeForToken = async (code: string) => {
   const clientRedirectUrl = buildClientRedirectUrl();
   return axios.post(url, { code: code, client_redirect_uri: clientRedirectUrl });
 };
+
+export const getUserApiKeys = async (jwt: string | null) => {
+  if (!jwt) {
+    throw new Error('No JWT provided');
+  }
+  const url = `${AUTH_BASE}/user/keys`;
+  const response = await axios.get<UserApiKeysResponse>(url, {
+    headers: {
+      Authorization: `Bearer ${jwt}`,
+    },
+  });
+  return response.data;
+};
+
+export const createNewApiKey = async (jwt: string | null) => {
+  if (!jwt) {
+    throw new Error('No JWT provided');
+  }
+  const url = `${AUTH_BASE}/user/keys`;
+  const response = await axios.post<CreateApiKeyResponse>(
+    url,
+    {},
+    {
+      headers: {
+        Authorization: `Bearer ${jwt}`,
+      },
+    },
+  );
+  return response.data;
+};
+
+export const revokeApiKey = async (jwt: string | null, last_five_chars: string) => {
+  if (!jwt) {
+    throw new Error('No JWT provided');
+  }
+  const url = `${AUTH_BASE}/user/keys`;
+  await axios.delete(url, {
+    data: { last_five_chars },
+    headers: {
+      Authorization: `Bearer ${jwt}`,
+    },
+  });
+};
diff --git a/web/src/components/developer-settings/api-key-view.tsx b/web/src/components/developer-settings/api-key-view.tsx
index 16717f32..c6534bcb 100644
--- a/web/src/components/developer-settings/api-key-view.tsx
+++ b/web/src/components/developer-settings/api-key-view.tsx
@@ -1,30 +1,51 @@
+import { Fragment, useState } from 'react';
+
+import { useCreateNewApiKey } from '../../hooks/mutations/useCreateNewApiKey';
+import { useRevokeApiKey } from '../../hooks/mutations/useRevokeApiKey';
+import { useUserApiKeys } from '../../hooks/queries/useUserApiKeys';
 import { dateStringToDateTime } from '../../utils/dates';
+import { NewApiKeyModal } from '../modals/new-api-key-modal';
+import { LoadingSpinner } from '../spinners/loading-spinner';
 
 export const ApiKeyView = () => {
-  const testKeys = [
-    {
-      key_obfuscated: '*********_3456',
-      created_at: '2021-09-01T00:00:00Z',
-      expires: '2021-09-01T00:00:00Z',
-    },
-    {
-      key_obfuscated: '*********_3456',
-      created_at: '2021-09-01T00:00:00Z',
-      expires: '2021-09-01T00:00:00Z',
+  //   const testKeys = [
+  //     {
+  //       key_obfuscated: '*********_3456',
+  //       created_at: '2021-09-01T00:00:00Z',
+  //       expires: '2021-09-01T00:00:00Z',
+  //     },
+  //     {
+  //       key_obfuscated: '*********_3456',
+  //       created_at: '2021-09-01T00:00:00Z',
+  //       expires: '2021-09-01T00:00:00Z',
+  //     },
+  //   ];
+
+  const [newkey, setNewKey] = useState<string>('');
+  const [newKeyModalOpen, setNewKeyModalOpen] = useState<boolean>(false);
+
+  const { data: keysResponse } = useUserApiKeys();
+  const createNewApiKey = useCreateNewApiKey({
+    onKeyCreated: (newKey) => {
+      setNewKey(newKey);
+      setNewKeyModalOpen(true);
     },
-  ];
+  });
+  const revokeApiKey = useRevokeApiKey();
+  const testKeys = keysResponse?.keys;
+
   return (
     <div className="d-flex flex-column p-2">
       <div>
         <h5 className="fw-bold">Active keys:</h5>
-        {testKeys?.length > 0 ? (
+        {testKeys && testKeys.length > 0 ? (
           testKeys.map((key, index) => (
             <div key={index} className="d-flex justify-content-between border border-dark shadow-sm p-1 rounded mb-1">
               <div className="d-flex flex-column align-items-start">
                 <div className="d-flex align-items-center">
                   <i className="bi bi-key me-2 text-xl"></i>
                   <span className="text-sm">
-                    <code>{key.key_obfuscated}</code>
+                    <code>{key.key}</code>
                   </span>
                 </div>
                 <div className="d-flex align-items-center gap-3 text-muted">
@@ -33,27 +54,63 @@ export const ApiKeyView = () => {
                 </div>
               </div>
               <div className="d-flex align-items-start">
-                <button className="btn btn-sm btn-danger">
-                  <i className="bi bi-trash me-1"></i>
-                  Revoke
+                <button
+                  onClick={() =>
+                    revokeApiKey.mutate({
+                      lastFiveChars: key.key.slice(-5),
+                    })
+                  }
+                  className="btn btn-sm btn-danger"
+                  disabled={revokeApiKey.isPending}
+                >
+                  {revokeApiKey.isPending ? (
+                    <Fragment>
+                      <LoadingSpinner className="w-4 h-4 spin me-2 mb-tiny fill-light" />
+                      Revoking...
+                    </Fragment>
+                  ) : (
+                    <Fragment>
+                      <i className="bi bi-trash me-2"></i>
+                      Revoke
+                    </Fragment>
+                  )}
                 </button>
               </div>
             </div>
           ))
         ) : (
-          <div className="text-muted">No active keys. You can create a new API key below.</div>
+          <div className="text-muted text-sm">No active keys. You can create a new API key below.</div>
         )}
       </div>
       <div className="my-2 border-top"></div>
       <div>
         {/* <h5 className="fw-bold">Create new:</h5> */}
         <div>
-          <button className="btn btn-sm btn-success">
-            <i className="bi bi-plus-circle me-2"></i>
-            Create new API key
+          <button
+            onClick={() => createNewApiKey.mutate()}
+            className="btn btn-sm btn-success"
+            disabled={createNewApiKey.isPending}
+          >
+            {createNewApiKey.isPending ? (
+              <Fragment>
+                <LoadingSpinner className="w-4 h-4 spin me-2 mb-tiny fill-light" />
+                Creating new key...
+              </Fragment>
+            ) : (
+              <Fragment>
+                <i className="bi bi-plus-circle me-2"></i>
+                Create new API key
+              </Fragment>
+            )}
           </button>
         </div>
       </div>
+      <NewApiKeyModal
+        show={newKeyModalOpen}
+        onHide={() => setNewKeyModalOpen(false)}
+        newKey={newkey}
+        setNewKey={setNewKey}
+      />
     </div>
   );
 };
diff --git a/web/src/components/modals/new-api-key-modal.tsx b/web/src/components/modals/new-api-key-modal.tsx
new file mode 100644
index 00000000..ecc2c479
--- /dev/null
+++ b/web/src/components/modals/new-api-key-modal.tsx
@@ -0,0 +1,87 @@
+import { useState } from 'react';
+import { Modal } from 'react-bootstrap';
+
+interface Props {
+  show: boolean;
+  onHide: () => void;
+  newKey: string;
+  setNewKey: (key: string) => void;
+}
+
+export const NewApiKeyModal = (props: Props) => {
+  const { show, onHide, newKey, setNewKey } = props;
+
+  const [copied, setCopied] = useState(false);
+
+  return (
+    <Modal
+      centered
+      size="lg"
+      animation={false}
+      show={show}
+      onHide={() => {
+        setNewKey('');
+        onHide();
+      }}
+    >
+      <Modal.Header closeButton>
+        <h1 className="modal-title fs-5">Success! Here is your new API key.</h1>
+      </Modal.Header>
+      <Modal.Body>
+        <h5>About your new key:</h5>
+        <p className="text-muted">
+          This is your new API key. Please copy it now, as it will not be shown again. You can use this key to access
+          the API from your scripts or other applications.
+        </p>
+        <div className="p-1 border border-dark rounded pb-4 shadow-sm">
+          <pre className="text-wrap text-xs">
+            <code>{newKey}</code>
+          </pre>
+        </div>
+        <div
+          className="d-flex align-items-center justify-content-end w-100"
+          style={{
+            transform: 'translateY(-125%)',
+          }}
+        >
+          <button
+            onClick={() => {
+              navigator.clipboard.writeText(newKey);
+              setCopied(true);
+              setTimeout(() => {
+                setCopied(false);
+              }, 2000);
+            }}
+            disabled={copied}
+            type="button"
+            className="btn btn-sm btn-dark me-2"
+          >
+            {copied ? (
+              <span>
+                <i className="bi bi-check me-2"></i>
+                Copied!
+              </span>
+            ) : (
+              <span>
+                <i className="bi bi-clipboard me-2"></i>
+                Copy to clipboard
+              </span>
+            )}
+          </button>
+        </div>
+      </Modal.Body>
+      {/* <Modal.Footer>
+        <button
+          onClick={() => {
+            onHide();
+            setNewKey('');
+          }}
+          type="button"
+          className="btn btn-dark"
+        >
+          I copied it!
+        </button>
+      </Modal.Footer> */}
+    </Modal>
+  );
+};
diff --git a/web/src/hooks/mutations/useCreateNewApiKey.ts b/web/src/hooks/mutations/useCreateNewApiKey.ts
new file mode 100644
index 00000000..94123a96
--- /dev/null
+++ b/web/src/hooks/mutations/useCreateNewApiKey.ts
@@ -0,0 +1,46 @@
+import { useMutation, useQueryClient } from '@tanstack/react-query';
+import { AxiosError } from 'axios';
+import { toast } from 'react-hot-toast';
+
+import { createNewApiKey } from '../../api/auth';
+import { extractErrorMessage } from '../../utils/etc';
+import { useSession } from '../useSession';
+
+type CreateNewApiKeyMutationProps = {
+  onKeyCreated?: (newKey: string) => void;
+};
+
+export const useCreateNewApiKey = (createNewKeyProps: CreateNewApiKeyMutationProps) => {
+  const { user, jwt } = useSession();
+  const queryClient = useQueryClient();
+
+  if (!user || !jwt) {
+    throw new Error('No user or jwt found');
+  }
+
+  const mutation = useMutation({
+    mutationFn: () => {
+      return createNewApiKey(jwt);
+    },
+    onSuccess: (data) => {
+      if (createNewKeyProps.onKeyCreated) {
+        createNewKeyProps.onKeyCreated(data.key.key);
+      }
+
+      toast.success('API key successfully created.');
+
+      queryClient.invalidateQueries({
+        queryKey: [user.login, 'api-keys'],
+      });
+    },
+    onError: (err: AxiosError) => {
+      // extract out error message if it exists, else unknown
+      const errorMessage = extractErrorMessage(err);
+      toast.error(`${errorMessage}`, {
+        duration: 5000,
+      });
+    },
+  });
+
+  return mutation;
+};
diff --git a/web/src/hooks/mutations/useRevokeApiKey.ts b/web/src/hooks/mutations/useRevokeApiKey.ts
new file mode 100644
index 00000000..d65d710f
--- /dev/null
+++ b/web/src/hooks/mutations/useRevokeApiKey.ts
@@ -0,0 +1,41 @@
+import { useMutation, useQueryClient } from '@tanstack/react-query';
+import { AxiosError } from 'axios';
+import { toast } from 'react-hot-toast';
+
+import { revokeApiKey } from '../../api/auth';
+import { extractErrorMessage } from '../../utils/etc';
+import { useSession } from '../useSession';
+
+type RevokeRequest = {
+  lastFiveChars: string;
+};
+
+export const useRevokeApiKey = () => {
+  const { user, jwt } = useSession();
+  const queryClient = useQueryClient();
+
+  if (!user || !jwt) {
+    throw new Error('No user or jwt found');
+  }
+
+  const mutation = useMutation({
+    mutationFn: (rq: RevokeRequest) => {
+      return revokeApiKey(jwt, rq.lastFiveChars);
+    },
+    onSuccess: () => {
+      toast.success('API key successfully revoked.');
+      queryClient.invalidateQueries({
+        queryKey: [user.login, 'api-keys'],
+      });
+    },
+    onError: (err: AxiosError) => {
+      // extract out error message if it exists, else unknown
+      const errorMessage = extractErrorMessage(err);
+      toast.error(`${errorMessage}`, {
+        duration: 5000,
+      });
+    },
+  });
+
+  return mutation;
+};
diff --git a/web/src/hooks/queries/useUserApiKeys.ts b/web/src/hooks/queries/useUserApiKeys.ts
new file mode 100644
index 00000000..e7d1467a
--- /dev/null
+++ b/web/src/hooks/queries/useUserApiKeys.ts
@@ -0,0 +1,19 @@
+import { useQuery } from '@tanstack/react-query';
+
+import { getUserApiKeys } from '../../api/auth';
+import { useSession } from '../useSession';
+
+export const useUserApiKeys = () => {
+  const { user, jwt } = useSession();
+
+  if (!user || !jwt) {
+    throw new Error('No user or jwt found');
+  }
+
+  const query = useQuery({
+    queryKey: [user.login, 'api-keys'],
+    queryFn: () => getUserApiKeys(jwt),
+    enabled: !!user,
+  });
+  return query;
+};

From 7e443b40f232c50210981d4097395f30f48094af Mon Sep 17 00:00:00 2001
From: Nathan LeRoy <NLeRoy917@gmail.com>
Date: Fri, 28 Jun 2024 16:37:07 -0400
Subject: [PATCH 03/16] styling

---
 web/src/components/layout/nav/nav.tsx       |   2 +-
 web/src/components/project/project-card.tsx |   4 +-
 web/src/components/tables/sample-table.tsx  | 192 +++++++++++---------
 3 files changed, 105 insertions(+), 93 deletions(-)

diff --git a/web/src/components/layout/nav/nav.tsx b/web/src/components/layout/nav/nav.tsx
index d809a96b..6029c68f 100644
--- a/web/src/components/layout/nav/nav.tsx
+++ b/web/src/components/layout/nav/nav.tsx
@@ -11,7 +11,7 @@ export const Nav: FC = () => {
       <nav
         className="d-flex flex-row align-items-center justify-content-between w-100 py-2 border-bottom"
         aria-label="navbar"
-        style={{ backgroundColor: '#EFF3F6' }}
+        // style={{ backgroundColor: '#EFF3F6' }}
       >
         <div className="d-flex flex-row align-items-center px-4">
           <NavLogo />
diff --git a/web/src/components/project/project-card.tsx b/web/src/components/project/project-card.tsx
index 1a40c92b..1629b076 100644
--- a/web/src/components/project/project-card.tsx
+++ b/web/src/components/project/project-card.tsx
@@ -31,8 +31,8 @@ export const ProjectCard: FC<Props> = ({ project }) => {
   return (
     <div
       id={`project-card-${project.namespace}/${project.name}:${project.tag}`}
-      className="w-100 border border-dark rounded shadow-sm p-2 mt-3"
-      style={{ backgroundColor: '#f6f8fa' }}
+      className="w-100 border border-dark rounded shadow-sm p-2 mt-3 bg-secondary bg-opacity-10"
+      // style={{ backgroundColor: '#f6f8fa' }}
     >
       <div className="d-flex flex-row align-items-start justify-content-between">
         <div className="d-flex flex-row align-items-center">
diff --git a/web/src/components/tables/sample-table.tsx b/web/src/components/tables/sample-table.tsx
index 0e8d202f..3c0c19e3 100644
--- a/web/src/components/tables/sample-table.tsx
+++ b/web/src/components/tables/sample-table.tsx
@@ -41,102 +41,114 @@ export const SampleTable = (props: Props) => {
 
   const hotRef = useRef<HotTable>(null);
 
+  if (hotRef) {
+    // if data-bs-theme=="dark" then add dark theme to the table
+    // data-bs-theme is on <html> tag
+    const theme = document.documentElement.getAttribute('data-bs-theme');
+
+    if (theme === 'dark') {
+      tableClassName += ' htDark';
+    }
+
+    hotRef.current?.hotInstance?.updateSettings({
+      className: tableClassName,
+    });
+  }
+
   const PH_ID_COL_NAME = 'ph_id';
 
   return (
-    <div className={tableClassName}>
-      <HotTable
-        ref={hotRef}
-        data={rows.length > 0 ? rows : [[]]}
-        stretchH={stretchH || 'all'}
-        height={height || tableHeight}
-        readOnly={readOnly}
-        colHeaders={true}
-        renderer={(instance, td, row, col, prop, value, cellProperties) => {
-          Handsontable.renderers.TextRenderer.apply(this, [instance, td, row, col, prop, value, cellProperties]);
-          td.innerHTML = `<div class="truncated">${value || ''}</div>`;
-          td.addEventListener('click', function (event) {
-            const innerDiv = td.querySelector('.truncated');
-            if (innerDiv && event.target === innerDiv) {
-              innerDiv.classList.toggle('expanded');
-            }
-          });
-        }}
-        dropdownMenu={true}
-        hiddenColumns={{
-          indicators: true,
-          columns: [numColumns - 1],
-        }}
-        afterPaste={(_, coords) => {
-          const row1 = hotRef.current?.hotInstance?.getDataAtRow(0);
-          let phIdIndex;
-          if (row1 === undefined) {
-            // this occurs when the table is empty
-            phIdIndex = -1;
-          } else {
-            phIdIndex = row1?.indexOf(PH_ID_COL_NAME) || -1;
+    <HotTable
+      ref={hotRef}
+      data={rows.length > 0 ? rows : [[]]}
+      stretchH={stretchH || 'all'}
+      height={height || tableHeight}
+      readOnly={readOnly}
+      colHeaders={true}
+      renderer={(instance, td, row, col, prop, value, cellProperties) => {
+        Handsontable.renderers.TextRenderer.apply(this, [instance, td, row, col, prop, value, cellProperties]);
+        td.innerHTML = `<div class="truncated">${value || ''}</div>`;
+        td.addEventListener('click', function (event) {
+          const innerDiv = td.querySelector('.truncated');
+          if (innerDiv && event.target === innerDiv) {
+            innerDiv.classList.toggle('expanded');
           }
-          const startRow = coords[0].startRow;
-          const endRow = coords[0].endRow;
+        });
+      }}
+      dropdownMenu={true}
+      hiddenColumns={{
+        indicators: true,
+        columns: [numColumns - 1],
+      }}
+      afterPaste={(_, coords) => {
+        const row1 = hotRef.current?.hotInstance?.getDataAtRow(0);
+        let phIdIndex;
+        if (row1 === undefined) {
+          // this occurs when the table is empty
+          phIdIndex = -1;
+        } else {
+          phIdIndex = row1?.indexOf(PH_ID_COL_NAME) || -1;
+        }
+        const startRow = coords[0].startRow;
+        const endRow = coords[0].endRow;
 
-          if (phIdIndex !== -1) {
-            for (let row = startRow; row <= endRow; row++) {
-              hotRef?.current?.hotInstance?.setDataAtCell(row, phIdIndex, null);
-            }
+        if (phIdIndex !== -1) {
+          for (let row = startRow; row <= endRow; row++) {
+            hotRef?.current?.hotInstance?.setDataAtCell(row, phIdIndex, null);
           }
-        }}
-        minCols={2}
-        minRows={minRows || 50}
-        contextMenu={[
-          'row_above',
-          'row_below',
-          '---------',
-          'col_left',
-          'col_right',
-          '---------',
-          'remove_row',
-          'remove_col',
-          '---------',
-          'alignment',
-          '---------',
-          'copy',
-          'cut',
-        ]}
-        multiColumnSorting={true}
-        filters={true}
-        rowHeaders={true}
-        beforeRenderer={addClassesToRows}
-        manualRowMove={true}
-        licenseKey="non-commercial-and-evaluation"
-        manualColumnResize
-        afterChange={(changes) => {
-          if (changes && onChange) {
-            changes.forEach((change) => {
-              const [row, col, _, newVal] = change;
-              // @ts-ignore - we know that col is a number
-              rows[row][col] = newVal;
-            });
-
-            // debugger;
-            onChange(arraysToSampleList(rows));
-          }
-        }}
-        afterRemoveCol={(index, _amount) => {
-          // remove all values at the specified index from "rows"
-          rows.forEach((row) => {
-            row.splice(index, 0);
+        }
+      }}
+      minCols={2}
+      minRows={minRows || 50}
+      contextMenu={[
+        'row_above',
+        'row_below',
+        '---------',
+        'col_left',
+        'col_right',
+        '---------',
+        'remove_row',
+        'remove_col',
+        '---------',
+        'alignment',
+        '---------',
+        'copy',
+        'cut',
+      ]}
+      multiColumnSorting={true}
+      filters={true}
+      rowHeaders={true}
+      beforeRenderer={addClassesToRows}
+      manualRowMove={true}
+      licenseKey="non-commercial-and-evaluation"
+      manualColumnResize
+      afterChange={(changes) => {
+        if (changes && onChange) {
+          changes.forEach((change) => {
+            const [row, col, _, newVal] = change;
+            // @ts-ignore - we know that col is a number
+            rows[row][col] = newVal;
           });
-          if (onChange) {
-            onChange(arraysToSampleList(rows));
-          }
-        }}
-        afterRemoveRow={(index, amount) => {
-          rows.splice(index, 0);
-          if (onChange) {
-            onChange(arraysToSampleList(rows));
-          }
-        }}
-      />
-    </div>
+
+          // debugger;
+          onChange(arraysToSampleList(rows));
+        }
+      }}
+      afterRemoveCol={(index, _amount) => {
+        // remove all values at the specified index from "rows"
+        rows.forEach((row) => {
+          row.splice(index, 0);
+        });
+        if (onChange) {
+          onChange(arraysToSampleList(rows));
+        }
+      }}
+      afterRemoveRow={(index, amount) => {
+        rows.splice(index, 0);
+        if (onChange) {
+          onChange(arraysToSampleList(rows));
+        }
+      }}
+    />
   );
 };

From 7c3cb7e72a69e8f3e3a7f01388cab4192ccd3aaa Mon Sep 17 00:00:00 2001
From: Nathan LeRoy <NLeRoy917@gmail.com>
Date: Tue, 2 Jul 2024 12:31:50 -0400
Subject: [PATCH 04/16] tweaks

---
 requirements/requirements-all.txt          | 2 +-
 web/src/components/tables/sample-table.tsx | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/requirements/requirements-all.txt b/requirements/requirements-all.txt
index 9ea37bba..4951bed6 100644
--- a/requirements/requirements-all.txt
+++ b/requirements/requirements-all.txt
@@ -1,7 +1,7 @@
 fastapi>=0.108.0
 psycopg>=3.1.15
 # pepdbagent @ git+https://github.com/pepkit/pepdbagent.git@dev#egg=pepdbagent
-pepdbagent>=0.8.0
+pepdbagent>=0.9.0
 peppy>=0.40.1
 eido>=0.2.2
 jinja2>=3.1.2
diff --git a/web/src/components/tables/sample-table.tsx b/web/src/components/tables/sample-table.tsx
index 3c0c19e3..68e33c6e 100644
--- a/web/src/components/tables/sample-table.tsx
+++ b/web/src/components/tables/sample-table.tsx
@@ -7,7 +7,7 @@ import { Sample } from '../../../types';
 import { arraysToSampleList, sampleListToArrays } from '../../utils/sample-table';
 import { addClassesToRows } from './hooks-callbacks';
 
-interface Props {
+type Props = {
   className?: string;
   data: Sample[];
   onChange?: (rows: Sample[]) => void;
@@ -15,7 +15,7 @@ interface Props {
   height?: number;
   minRows?: number;
   stretchH?: 'none' | 'all' | 'last';
-}
+};
 /**
  * This table is meant to handle csv strings, so just pass in
  * the csv string and it will handle the rest

From 6de160269bdf8d684caa94c91f0a5425aa685c75 Mon Sep 17 00:00:00 2001
From: Nathan LeRoy <NLeRoy917@gmail.com>
Date: Tue, 2 Jul 2024 16:55:35 -0400
Subject: [PATCH 05/16] rate limit key generation. limit num keys

---
 pephub/const.py                   |  1 +
 pephub/developer_keys.py          |  8 +++++++-
 pephub/limiter.py                 | 15 +++++++++++++++
 pephub/main.py                    |  9 +++++++++
 pephub/routers/auth/base.py       |  6 +++++-
 requirements/requirements-all.txt |  3 ++-
 6 files changed, 39 insertions(+), 3 deletions(-)
 create mode 100644 pephub/limiter.py

diff --git a/pephub/const.py b/pephub/const.py
index 96d0b0fd..21e73bdf 100644
--- a/pephub/const.py
+++ b/pephub/const.py
@@ -126,6 +126,7 @@
 JWT_SECRET = token_hex(32)
 JWT_EXPIRATION = 4320  # 3 days in minutes
 JWT_EXPIRATION_SECONDS = JWT_EXPIRATION * 60  # seconds
+MAX_NEW_KEYS = 5
 
 AUTH_CODE_EXPIRATION = 5 * 60  # seconds
 
diff --git a/pephub/developer_keys.py b/pephub/developer_keys.py
index 5a398af1..38a532e0 100644
--- a/pephub/developer_keys.py
+++ b/pephub/developer_keys.py
@@ -3,9 +3,10 @@
 
 import secrets
 
+from fastapi import HTTPException
 from pydantic import BaseModel
 
-from .const import JWT_SECRET
+from .const import MAX_NEW_KEYS
 from .dependencies import CLIAuthSystem
 
 
@@ -29,6 +30,11 @@ def add_key(self, namespace: str, key: DeveloperKey):
         """
         if namespace not in self._keys:
             self._keys[namespace] = []
+        if len(self._keys[namespace]) > MAX_NEW_KEYS:
+            raise HTTPException(
+                status_code=400,
+                detail="You have reached the maximum number of keys allowed",
+            )
         self._keys[namespace].append(key)
 
     def get_keys_for_namespace(self, namespace: str) -> List[DeveloperKey]:
diff --git a/pephub/limiter.py b/pephub/limiter.py
new file mode 100644
index 00000000..8294b148
--- /dev/null
+++ b/pephub/limiter.py
@@ -0,0 +1,15 @@
+from fastapi import Request, HTTPException
+from slowapi import Limiter, _rate_limit_exceeded_handler
+from slowapi.util import get_remote_address
+from slowapi.errors import RateLimitExceeded
+
+
+limiter = Limiter(key_func=get_remote_address)
+
+
+def _custom_rate_limit_exceeded_handler(request: Request, exc: RateLimitExceeded):
+    _ = _rate_limit_exceeded_handler(request, exc)
+    raise HTTPException(
+        status_code=429,
+        detail="You are requesting too many new keys. Please try again later.",
+    )
diff --git a/pephub/main.py b/pephub/main.py
index 066582bb..3b5df079 100644
--- a/pephub/main.py
+++ b/pephub/main.py
@@ -3,9 +3,13 @@
 import coloredlogs
 from fastapi import FastAPI
 from fastapi.middleware.cors import CORSMiddleware
+from slowapi import _rate_limit_exceeded_handler
+from slowapi.errors import RateLimitExceeded
+
 
 from ._version import __version__ as server_v
 from .const import ALL_VERSIONS, PKG_NAME, TAGS_METADATA
+from .limiter import limiter, _custom_rate_limit_exceeded_handler
 from .routers.api.v1.base import api as api_base
 from .routers.api.v1.namespace import namespace as api_namespace
 from .routers.api.v1.namespace import namespaces as api_namespaces
@@ -58,6 +62,11 @@
 #
 # # logfire.instrument_fastapi(app)
 
+# rate limiting
+
+app.state.limiter = limiter
+app.add_exception_handler(RateLimitExceeded, _custom_rate_limit_exceeded_handler)
+
 # CORS is required for the validation HTML SPA to work externally
 origins = ["*"]
 app.add_middleware(
diff --git a/pephub/routers/auth/base.py b/pephub/routers/auth/base.py
index 9dd4a313..771909fd 100644
--- a/pephub/routers/auth/base.py
+++ b/pephub/routers/auth/base.py
@@ -8,9 +8,11 @@
 from dotenv import load_dotenv
 from fastapi import APIRouter, BackgroundTasks, Depends, Header, Request
 from fastapi.exceptions import HTTPException
-from fastapi.responses import RedirectResponse, JSONResponse
+from fastapi.responses import RedirectResponse
 from fastapi.templating import Jinja2Templates
 
+from ...limiter import limiter
+
 from ...const import (
     AUTH_CODE_EXPIRATION,
     BASE_TEMPLATES_PATH,
@@ -85,7 +87,9 @@ def get_user_keys(session_info: Union[dict, None] = Depends(read_authorization_h
 
 
 @auth.post("/user/keys")
+@limiter.limit("5/minute")
 def mint_user_key(
+    request: Request,
     session_info: Union[dict, None] = Depends(read_authorization_header),
 ):
     if session_info:
diff --git a/requirements/requirements-all.txt b/requirements/requirements-all.txt
index 4951bed6..5bd4a088 100644
--- a/requirements/requirements-all.txt
+++ b/requirements/requirements-all.txt
@@ -13,4 +13,5 @@ requests
 pyjwt[crypto]
 coloredlogs
 fastembed
-numpy<2.0.0
\ No newline at end of file
+numpy<2.0.0
+slowapi
\ No newline at end of file

From b11e8dc7c67c75eafdafb757528a5fa2ffe46239 Mon Sep 17 00:00:00 2001
From: Nathan LeRoy <NLeRoy917@gmail.com>
Date: Tue, 2 Jul 2024 16:57:49 -0400
Subject: [PATCH 06/16] better error handling

---
 pephub/dependencies.py   | 14 +++++++-------
 pephub/developer_keys.py |  2 +-
 pephub/main.py           |  1 -
 3 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/pephub/dependencies.py b/pephub/dependencies.py
index 1c479e1e..adaf6d20 100644
--- a/pephub/dependencies.py
+++ b/pephub/dependencies.py
@@ -196,7 +196,7 @@ def get_project(
     tag: Optional[str] = DEFAULT_TAG,
     agent: PEPDatabaseAgent = Depends(get_db),
     with_id: Optional[bool] = False,
-) -> Dict[str, Any]:
+) -> Dict[str, Any]:  # type: ignore
     try:
         proj = agent.project.get(namespace, project, tag, raw=True, with_id=with_id)
         yield proj
@@ -212,7 +212,7 @@ def get_config(
     project: str,
     tag: Optional[str] = DEFAULT_TAG,
     agent: PEPDatabaseAgent = Depends(get_db),
-) -> Dict[str, Any]:
+) -> Dict[str, Any]:  # type: ignore
     try:
         config = agent.project.get_config(namespace, project, tag)
         yield config
@@ -228,7 +228,7 @@ def get_subsamples(
     project: str,
     tag: Optional[str] = DEFAULT_TAG,
     agent: PEPDatabaseAgent = Depends(get_db),
-) -> Dict[str, Any]:
+) -> Dict[str, Any]:  # type: ignore # type: ignore
     try:
         subsamples = agent.project.get_subsamples(namespace, project, tag)
         yield subsamples
@@ -245,7 +245,7 @@ def get_project_annotation(
     tag: Optional[str] = DEFAULT_TAG,
     agent: PEPDatabaseAgent = Depends(get_db),
     namespace_access_list: List[str] = Depends(get_namespace_access_list),
-) -> AnnotationModel:
+) -> AnnotationModel:  # type: ignore
     try:
         anno = agent.annotation.get(
             namespace, project, tag, admin=namespace_access_list
@@ -315,7 +315,7 @@ def verify_user_can_read_project(
 def verify_user_can_fork(
     fork_request: ForkRequest,
     namespace_access_list: List[str] = Depends(get_namespace_access_list),
-) -> bool:
+) -> bool:  # type: ignore
     fork_namespace = fork_request.fork_to
     if fork_namespace in (namespace_access_list or []):
         yield
@@ -339,7 +339,7 @@ def get_qdrant_enabled() -> bool:
 
 def get_qdrant(
     qdrant_enabled: bool = Depends(get_qdrant_enabled),
-) -> Union[QdrantClient, None]:
+) -> Union[QdrantClient, None]:  # type: ignore
     """
     Return connection to qdrant client
     """
@@ -378,7 +378,7 @@ def get_namespace_info(
     namespace: str,
     agent: PEPDatabaseAgent = Depends(get_db),
     user: str = Depends(get_user_from_session_info),
-) -> Namespace:
+) -> Namespace:  # type: ignore
     """
     Get the information on a namespace, if it exists.
     """
diff --git a/pephub/developer_keys.py b/pephub/developer_keys.py
index 38a532e0..95f18838 100644
--- a/pephub/developer_keys.py
+++ b/pephub/developer_keys.py
@@ -30,7 +30,7 @@ def add_key(self, namespace: str, key: DeveloperKey):
         """
         if namespace not in self._keys:
             self._keys[namespace] = []
-        if len(self._keys[namespace]) > MAX_NEW_KEYS:
+        if len(self._keys[namespace]) >= MAX_NEW_KEYS:
             raise HTTPException(
                 status_code=400,
                 detail="You have reached the maximum number of keys allowed",
diff --git a/pephub/main.py b/pephub/main.py
index 3b5df079..76c21375 100644
--- a/pephub/main.py
+++ b/pephub/main.py
@@ -3,7 +3,6 @@
 import coloredlogs
 from fastapi import FastAPI
 from fastapi.middleware.cors import CORSMiddleware
-from slowapi import _rate_limit_exceeded_handler
 from slowapi.errors import RateLimitExceeded
 
 

From 1118c0793a9187eda8553f017083e88045a95d25 Mon Sep 17 00:00:00 2001
From: Nathan LeRoy <NLeRoy917@gmail.com>
Date: Wed, 3 Jul 2024 09:09:33 -0400
Subject: [PATCH 07/16] add the bad_jwts list functionality

---
 pephub/dependencies.py      | 22 ++++++++++------------
 pephub/developer_keys.py    | 15 +++++++++++++--
 pephub/helpers.py           | 14 +++++++++++++-
 pephub/routers/auth/base.py |  3 +--
 4 files changed, 37 insertions(+), 17 deletions(-)

diff --git a/pephub/dependencies.py b/pephub/dependencies.py
index adaf6d20..257cccb8 100644
--- a/pephub/dependencies.py
+++ b/pephub/dependencies.py
@@ -30,10 +30,11 @@
     DEFAULT_POSTGRES_USER,
     DEFAULT_QDRANT_HOST,
     DEFAULT_QDRANT_PORT,
-    JWT_EXPIRATION,
     JWT_SECRET,
 )
+from .helpers import jwt_encode_user_data
 from .routers.models import ForkRequest
+from .developer_keys import dev_key_handler
 
 _LOGGER_PEPHUB = logging.getLogger("uvicorn.access")
 
@@ -83,13 +84,7 @@ def _request_user_data_from_github(access_token: str) -> UserData:
 
     @staticmethod
     def jwt_encode_user_data(user_data: dict, exp: datetime = None) -> str:
-        exp = exp or datetime.utcnow() + timedelta(minutes=JWT_EXPIRATION)
-        encoded_user_data = jwt.encode(
-            {**user_data, "exp": exp}, JWT_SECRET, algorithm="HS256"
-        )
-        if isinstance(encoded_user_data, bytes):
-            encoded_user_data = encoded_user_data.decode("utf-8")
-        return encoded_user_data
+        return jwt_encode_user_data(user_data, exp=exp)
 
 
 # database connection
@@ -131,19 +126,22 @@ def get_db() -> PEPDatabaseAgent:
     return agent
 
 
-def read_authorization_header(Authorization: str = Header(None)) -> Union[dict, None]:
+def read_authorization_header(authorization: str = Header(None)) -> Union[dict, None]:
     """
     Reads and decodes a JWT, returning the decoded variables.
 
     :param Authorization: JWT provided via FastAPI injection from the API cookie.
     """
-    if Authorization is None:
+    if authorization is None:
         return None
     else:
-        Authorization = Authorization.replace("Bearer ", "")
+        authorization = authorization.replace("Bearer ", "")
     try:
         # Python jwt.decode verifies content as well so this is safe.
-        session_info = jwt.decode(Authorization, JWT_SECRET, algorithms=["HS256"])
+        # check last 5 chars
+        if dev_key_handler.is_key_bad(authorization[-5:]):
+            raise HTTPException(401, "JWT has been revoked")
+        session_info = jwt.decode(authorization, JWT_SECRET, algorithms=["HS256"])
     except jwt.exceptions.InvalidSignatureError as e:
         _LOGGER_PEPHUB.error(e)
         return None
diff --git a/pephub/developer_keys.py b/pephub/developer_keys.py
index 95f18838..8e5a16c9 100644
--- a/pephub/developer_keys.py
+++ b/pephub/developer_keys.py
@@ -6,8 +6,11 @@
 from fastapi import HTTPException
 from pydantic import BaseModel
 
+from .helpers import jwt_encode_user_data
 from .const import MAX_NEW_KEYS
-from .dependencies import CLIAuthSystem
+
+
+# this is a duplicate of the function in pephub/dependencies/CliAuthSystem because of circular imports
 
 
 class DeveloperKey(BaseModel):
@@ -20,6 +23,7 @@ class DeveloperKeyHandler:
     def __init__(self, default_exp: int = 30 * 24 * 60 * 60):
         self._keys: Dict[str, List[DeveloperKey]] = {}
         self._default_exp = default_exp
+        self._bad_jwts = []
 
     def add_key(self, namespace: str, key: DeveloperKey):
         """
@@ -56,6 +60,7 @@ def remove_key(self, namespace: str, last_five_chars: str):
             self._keys[namespace] = [
                 key for key in self._keys[namespace] if key.key[-5:] != last_five_chars
             ]
+            self._bad_jwts.append(last_five_chars)
 
     def mint_key_for_namespace(
         self, namespace: str, session_info: dict
@@ -68,7 +73,7 @@ def mint_key_for_namespace(
         salt = secrets.token_hex(32)
         session_info["salt"] = salt
         expiry = datetime.utcnow() + timedelta(seconds=self._default_exp)
-        new_key = CLIAuthSystem.jwt_encode_user_data(session_info, exp=expiry)
+        new_key = jwt_encode_user_data(session_info, exp=expiry)
         key = DeveloperKey(
             key=new_key,
             created_at=datetime.utcnow().isoformat(),
@@ -76,3 +81,9 @@ def mint_key_for_namespace(
         )
         self.add_key(namespace, key)
         return key
+
+    def is_key_bad(self, last_five_chars: str) -> bool:
+        return last_five_chars in self._bad_jwts
+
+
+dev_key_handler = DeveloperKeyHandler()
diff --git a/pephub/helpers.py b/pephub/helpers.py
index ff943840..0ec53940 100644
--- a/pephub/helpers.py
+++ b/pephub/helpers.py
@@ -1,8 +1,9 @@
 import io
 import zipfile
-from datetime import date
+from datetime import date, datetime, timedelta
 from typing import Any, Dict, List, Tuple, Union
 
+import jwt
 import pandas as pd
 import yaml
 from fastapi import Response, UploadFile
@@ -15,6 +16,17 @@
     SAMPLE_RAW_DICT_KEY,
     SUBSAMPLE_RAW_LIST_KEY,
 )
+from .const import JWT_EXPIRATION, JWT_SECRET
+
+
+def jwt_encode_user_data(user_data: dict, exp: datetime = None) -> str:
+    exp = exp or datetime.utcnow() + timedelta(minutes=JWT_EXPIRATION)
+    encoded_user_data = jwt.encode(
+        {**user_data, "exp": exp}, JWT_SECRET, algorithm="HS256"
+    )
+    if isinstance(encoded_user_data, bytes):
+        encoded_user_data = encoded_user_data.decode("utf-8")
+    return encoded_user_data
 
 
 def zip_pep(project: Dict[str, Any]) -> Response:
diff --git a/pephub/routers/auth/base.py b/pephub/routers/auth/base.py
index 771909fd..47011946 100644
--- a/pephub/routers/auth/base.py
+++ b/pephub/routers/auth/base.py
@@ -33,13 +33,12 @@
     TokenExchange,
     RevokeRequest,
 )
-from ...developer_keys import DeveloperKeyHandler
+from ...developer_keys import dev_key_handler
 
 load_dotenv()
 
 CODE_EXCHANGE = {}
 DEVICE_CODES = {}
-dev_key_handler = DeveloperKeyHandler()
 
 templates = Jinja2Templates(directory=BASE_TEMPLATES_PATH)
 je = jinja2.Environment(loader=jinja2.FileSystemLoader(BASE_TEMPLATES_PATH))

From c6d3c6187b2c206d20dd104e7ce6a6c39543699f Mon Sep 17 00:00:00 2001
From: Nathan LeRoy <NLeRoy917@gmail.com>
Date: Wed, 3 Jul 2024 09:12:25 -0400
Subject: [PATCH 08/16] lint

---
 pephub/dependencies.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pephub/dependencies.py b/pephub/dependencies.py
index 518f0cca..e3c2cc58 100644
--- a/pephub/dependencies.py
+++ b/pephub/dependencies.py
@@ -199,7 +199,7 @@ def get_project(
         description="Return the project with the samples pephub_id",
         include_in_schema=False,
     ),
-) -> Dict[str, Any]: # type: ignore
+) -> Dict[str, Any]:  # type: ignore
     try:
         proj = agent.project.get(namespace, project, tag, raw=True, with_id=with_id)
         yield proj

From 394d4835a66bd4f2e90cb5afa99b1092d9692d99 Mon Sep 17 00:00:00 2001
From: Nathan LeRoy <NLeRoy917@gmail.com>
Date: Wed, 3 Jul 2024 09:13:11 -0400
Subject: [PATCH 09/16] remove comment

---
 pephub/developer_keys.py | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/pephub/developer_keys.py b/pephub/developer_keys.py
index 8e5a16c9..6c75b90f 100644
--- a/pephub/developer_keys.py
+++ b/pephub/developer_keys.py
@@ -10,9 +10,6 @@
 from .const import MAX_NEW_KEYS
 
 
-# this is a duplicate of the function in pephub/dependencies/CliAuthSystem because of circular imports
-
-
 class DeveloperKey(BaseModel):
     key: str
     created_at: str

From 7211d149891b22e9ab9e6430c64ec35686ad35ad Mon Sep 17 00:00:00 2001
From: Nathan LeRoy <NLeRoy917@gmail.com>
Date: Wed, 3 Jul 2024 09:19:01 -0400
Subject: [PATCH 10/16] renmove u nused imports

---
 pephub/dependencies.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pephub/dependencies.py b/pephub/dependencies.py
index e3c2cc58..bbf5e204 100644
--- a/pephub/dependencies.py
+++ b/pephub/dependencies.py
@@ -1,9 +1,9 @@
 import json
 import logging
 import os
-from datetime import datetime, timedelta
+from datetime import datetime
 from secrets import token_hex
-from typing import Any, Dict, Generator, List, Optional, Union
+from typing import Any, Dict, List, Optional, Union
 from cachetools import cached, TTLCache
 
 import jwt

From a092a4ae12e66b6967bb15ae53c80c26c60f6c27 Mon Sep 17 00:00:00 2001
From: Nathan LeRoy <NLeRoy917@gmail.com>
Date: Wed, 3 Jul 2024 09:32:40 -0400
Subject: [PATCH 11/16] add something for account settings

---
 .../developer-settings/account-view.tsx       | 40 +++++++++++++++++++
 .../modals/developer-settings-modal.tsx       |  9 ++---
 2 files changed, 44 insertions(+), 5 deletions(-)
 create mode 100644 web/src/components/developer-settings/account-view.tsx

diff --git a/web/src/components/developer-settings/account-view.tsx b/web/src/components/developer-settings/account-view.tsx
new file mode 100644
index 00000000..8cc13645
--- /dev/null
+++ b/web/src/components/developer-settings/account-view.tsx
@@ -0,0 +1,40 @@
+import { useSession } from '../../hooks/useSession';
+import { GitHubAvatar } from '../badges/github-avatar';
+
+export const AccountView = () => {
+  const { user } = useSession();
+  return (
+    <div className="d-flex flex-column p-2">
+      <div>
+        <h5 className="fw-bold">Account:</h5>
+      </div>
+      <div className="">
+        <div className="mb-2">
+          <h6 className="mb-0">Your organizations:</h6>
+          <div className="d-flex flex-row align-items-center gap-2">
+            {user?.orgs.map((org, index) => (
+              <span key={index} className="">
+                <GitHubAvatar namespace={org} height={20} width={20} />
+                <span className="ms-1">{org}</span>
+              </span>
+            ))}
+          </div>
+        </div>
+        <h6 className="mb-0">Name:</h6>
+        <p>{user?.name}</p>
+      </div>
+      <div className="d-flex flex-row align-items-center gap-2">
+        <a href={`https://github.com/${user?.login}`} target="_blank" rel="noreferrer">
+          <button className="btn btn-sm btn-dark">
+            <i className="bi bi-github me-2"></i>
+            View on Github
+          </button>
+        </a>
+        <button disabled className="btn btn-sm btn-danger">
+          <i className="bi bi-trash me-2"></i>
+          Clear all PEPs
+        </button>
+      </div>
+    </div>
+  );
+};
diff --git a/web/src/components/modals/developer-settings-modal.tsx b/web/src/components/modals/developer-settings-modal.tsx
index be6499c1..120ceb79 100644
--- a/web/src/components/modals/developer-settings-modal.tsx
+++ b/web/src/components/modals/developer-settings-modal.tsx
@@ -1,6 +1,7 @@
 import { useState } from 'react';
 import { Col, ListGroup, Modal, Row } from 'react-bootstrap';
 
+import { AccountView } from '../developer-settings/account-view';
 import { ApiKeyView } from '../developer-settings/api-key-view';
 
 type Props = {
@@ -32,10 +33,10 @@ export const DeveloperSettingsModal = (props: Props) => {
                 <i className="bi bi-person me-1"></i>
                 Account
               </ListGroup.Item>
-              <ListGroup.Item action onClick={() => setView('settings')}>
+              {/* <ListGroup.Item action onClick={() => setView('settings')}>
                 <i className="bi bi-gear me-1"></i>
                 Settings
-              </ListGroup.Item>
+              </ListGroup.Item> */}
             </ListGroup>
           </Col>
           <Col md={9}>
@@ -43,9 +44,7 @@ export const DeveloperSettingsModal = (props: Props) => {
               {view === 'api-keys' ? (
                 <ApiKeyView />
               ) : view === 'account' ? (
-                <div>
-                  <h1>Account View</h1>
-                </div>
+                <AccountView />
               ) : view === 'settings' ? (
                 <div>
                   <h1>Settings View</h1>

From fd2141d188bdb376c308a5420f63c6ce5d24a14d Mon Sep 17 00:00:00 2001
From: Nathan LeRoy <NLeRoy917@gmail.com>
Date: Wed, 10 Jul 2024 09:18:46 -0400
Subject: [PATCH 12/16] add function to delete all PEPs

---
 pephub/routers/api/v1/namespace.py            | 34 +++++++
 web/src/api/namespace.ts                      | 13 +++
 .../developer-settings/account-view.tsx       |  9 +-
 web/src/components/modals/delete-all-peps.tsx | 95 +++++++++++++++++++
 4 files changed, 150 insertions(+), 1 deletion(-)
 create mode 100644 web/src/components/modals/delete-all-peps.tsx

diff --git a/pephub/routers/api/v1/namespace.py b/pephub/routers/api/v1/namespace.py
index e53a006b..1fe16e2b 100644
--- a/pephub/routers/api/v1/namespace.py
+++ b/pephub/routers/api/v1/namespace.py
@@ -14,6 +14,7 @@
     ProjectAlreadyInFavorites,
     ProjectNotInFavorites,
     ProjectUniqueNameError,
+    UserNotFoundError,
 )
 from pepdbagent.models import (
     AnnotationList,
@@ -35,6 +36,7 @@
     get_db,
     get_namespace_access_list,
     get_namespace_info,
+    get_user_from_session_info,
     read_authorization_header,
     verify_user_can_write_namespace,
     get_pepdb_namespace_info,
@@ -456,3 +458,35 @@ async def get_namespace_stats(
             status_code=500,
             detail="Internal server error. Unexpected return value. Error: 500",
         )
+
+
+@namespace.delete(
+    "/",
+    summary="Delete user projects and stars from pephub",
+)
+def remove_user(
+    namespace: str,
+    agent: PEPDatabaseAgent = Depends(get_db),
+    user_name: str = Depends(get_user_from_session_info),
+):
+    """
+    Delete user related projects and stars from pephub
+    """
+    if user_name != namespace:
+        raise HTTPException(
+            status_code=403,
+            detail="Access denied. You can only delete your own namespace.",
+        )
+    try:
+        agent.user.delete(namespace)
+    except UserNotFoundError:
+        raise HTTPException(
+            status_code=404,
+            detail=f"Namespace '{namespace}' not found.",
+        )
+    return JSONResponse(
+        content={
+            "message": f"Namespace {namespace} has been deleted.",
+        },
+        status_code=202,
+    )
diff --git a/web/src/api/namespace.ts b/web/src/api/namespace.ts
index 4214709f..1592f004 100644
--- a/web/src/api/namespace.ts
+++ b/web/src/api/namespace.ts
@@ -70,6 +70,10 @@ interface RemoveStarResponse {
   namespace: string;
 }
 
+type DeleteAllPepsResponse = {
+  message: string;
+};
+
 export const getNamespaceInfo = (namespace: string, token: string | null = null) => {
   const url = `${API_BASE}/namespaces/${namespace}/`; // note the trailing slash
   if (!token) {
@@ -331,3 +335,12 @@ export const getAllNamespaces = (search?: string, limit?: number, offset?: numbe
   const url = `${API_BASE}/search/namespaces?${query.toString()}`;
   return axios.get<NamespaceSearchResponse>(url).then((res) => res.data);
 };
+
+export const deleteAllPepsFromNamespace = (namespace: string, token: string | null) => {
+  const url = `${API_BASE}/namespaces/${namespace}`;
+  return axios.delete<DeleteAllPepsResponse>(url, {
+    headers: {
+      Authorization: `Bearer ${token || 'NOTAUTHORIZED'}`,
+    },
+  });
+};
diff --git a/web/src/components/developer-settings/account-view.tsx b/web/src/components/developer-settings/account-view.tsx
index 8cc13645..2f699d7b 100644
--- a/web/src/components/developer-settings/account-view.tsx
+++ b/web/src/components/developer-settings/account-view.tsx
@@ -1,8 +1,14 @@
+import { useState } from 'react';
+
 import { useSession } from '../../hooks/useSession';
 import { GitHubAvatar } from '../badges/github-avatar';
+import { DeleteAllPepsModal } from '../modals/delete-all-peps';
 
 export const AccountView = () => {
   const { user } = useSession();
+
+  const [showDeleteAllPepsModal, setShowDeleteAllPepsModal] = useState(false);
+
   return (
     <div className="d-flex flex-column p-2">
       <div>
@@ -30,11 +36,12 @@ export const AccountView = () => {
             View on Github
           </button>
         </a>
-        <button disabled className="btn btn-sm btn-danger">
+        <button onClick={() => setShowDeleteAllPepsModal(true)} className="btn btn-sm btn-danger">
           <i className="bi bi-trash me-2"></i>
           Clear all PEPs
         </button>
       </div>
+      <DeleteAllPepsModal show={showDeleteAllPepsModal} onHide={() => setShowDeleteAllPepsModal(false)} />
     </div>
   );
 };
diff --git a/web/src/components/modals/delete-all-peps.tsx b/web/src/components/modals/delete-all-peps.tsx
new file mode 100644
index 00000000..4d5108be
--- /dev/null
+++ b/web/src/components/modals/delete-all-peps.tsx
@@ -0,0 +1,95 @@
+import { useMutation, useQueryClient } from '@tanstack/react-query';
+import { AxiosError } from 'axios';
+import { Fragment, useState } from 'react';
+import { Modal } from 'react-bootstrap';
+import toast from 'react-hot-toast';
+
+import { deleteAllPepsFromNamespace } from '../../api/namespace';
+import { useSession } from '../../hooks/useSession';
+import { extractErrorMessage } from '../../utils/etc';
+
+interface Props {
+  show: boolean;
+  onHide: () => void;
+}
+
+export const DeleteAllPepsModal = (props: Props) => {
+  const { user, jwt } = useSession();
+  const { show, onHide } = props;
+  const queryClient = useQueryClient();
+
+  const [confirmText, setConfirmText] = useState('');
+
+  const namespace = user?.login || 'NOUSER';
+
+  const mutation = useMutation({
+    mutationFn: () => {
+      return deleteAllPepsFromNamespace(namespace, jwt);
+    },
+    onSuccess: () => {
+      queryClient.invalidateQueries({
+        queryKey: [user?.login],
+      });
+    },
+    onError: (err: AxiosError) => {
+      const errorMessage = extractErrorMessage(err);
+      toast.error(`${errorMessage}`, {
+        duration: 5000,
+      });
+    },
+  });
+
+  return (
+    <Modal
+      centered
+      animation={false}
+      show={show}
+      onHide={() => {
+        onHide();
+        setConfirmText('');
+      }}
+    >
+      <Modal.Header closeButton>
+        <h1 className="modal-title fs-5">Delete all PEPs?</h1>
+      </Modal.Header>
+      <Modal.Body>
+        <p>Are you sure you want to delete all PEPs? This action cannot be undone.</p>
+        <label className="mb-3">
+          Please type <span className="fw-bold">{namespace}</span> to confirm:
+        </label>
+        <input
+          value={confirmText}
+          onChange={(e) => setConfirmText(e.target.value)}
+          id="delete-confirm-input"
+          type="text"
+          className="form-control"
+          placeholder={`${namespace}`}
+        />
+      </Modal.Body>
+      <Modal.Footer>
+        <button
+          className="btn btn-outline-dark"
+          onClick={() => {
+            setConfirmText('');
+            onHide();
+          }}
+        >
+          Nevermind
+        </button>
+        <button disabled={confirmText !== `${namespace}`} type="button" className="btn btn-danger">
+          {mutation.isPending ? (
+            <Fragment>
+              <span className="spinner-border spinner-border-sm me-1" role="status" aria-hidden="true"></span>
+              Clearing...
+            </Fragment>
+          ) : (
+            <Fragment>
+              <i className="bi bi-trash me-2"></i>
+              Clear all PEPs
+            </Fragment>
+          )}
+        </button>
+      </Modal.Footer>
+    </Modal>
+  );
+};

From e16a847254f2b210c582d3a6ebe9f1b775ed7135 Mon Sep 17 00:00:00 2001
From: Nathan LeRoy <NLeRoy917@gmail.com>
Date: Wed, 10 Jul 2024 09:19:17 -0400
Subject: [PATCH 13/16] add window reload

---
 web/src/components/modals/delete-all-peps.tsx | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/web/src/components/modals/delete-all-peps.tsx b/web/src/components/modals/delete-all-peps.tsx
index 4d5108be..308ab1a9 100644
--- a/web/src/components/modals/delete-all-peps.tsx
+++ b/web/src/components/modals/delete-all-peps.tsx
@@ -30,6 +30,8 @@ export const DeleteAllPepsModal = (props: Props) => {
       queryClient.invalidateQueries({
         queryKey: [user?.login],
       });
+      // just reload the whole thing
+      window.location.reload();
     },
     onError: (err: AxiosError) => {
       const errorMessage = extractErrorMessage(err);

From 8b0a47187c1b545fd55466888e109d3701d5e0c5 Mon Sep 17 00:00:00 2001
From: Nathan LeRoy <NLeRoy917@gmail.com>
Date: Wed, 10 Jul 2024 09:21:50 -0400
Subject: [PATCH 14/16] namespace loading page

---
 web/src/components/modals/delete-all-peps.tsx          | 10 +++++++++-
 .../namespace/namespace-page-placeholder.tsx           |  7 ++++---
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/web/src/components/modals/delete-all-peps.tsx b/web/src/components/modals/delete-all-peps.tsx
index 308ab1a9..a060e63d 100644
--- a/web/src/components/modals/delete-all-peps.tsx
+++ b/web/src/components/modals/delete-all-peps.tsx
@@ -1,5 +1,6 @@
 import { useMutation, useQueryClient } from '@tanstack/react-query';
 import { AxiosError } from 'axios';
+import { m } from 'framer-motion';
 import { Fragment, useState } from 'react';
 import { Modal } from 'react-bootstrap';
 import toast from 'react-hot-toast';
@@ -78,7 +79,14 @@ export const DeleteAllPepsModal = (props: Props) => {
         >
           Nevermind
         </button>
-        <button disabled={confirmText !== `${namespace}`} type="button" className="btn btn-danger">
+        <button
+          onClick={() => {
+            mutation.mutate();
+          }}
+          disabled={confirmText !== `${namespace}`}
+          type="button"
+          className="btn btn-danger"
+        >
           {mutation.isPending ? (
             <Fragment>
               <span className="spinner-border spinner-border-sm me-1" role="status" aria-hidden="true"></span>
diff --git a/web/src/components/namespace/namespace-page-placeholder.tsx b/web/src/components/namespace/namespace-page-placeholder.tsx
index 2979607f..6440af03 100644
--- a/web/src/components/namespace/namespace-page-placeholder.tsx
+++ b/web/src/components/namespace/namespace-page-placeholder.tsx
@@ -21,9 +21,10 @@ export const NamespacePagePlaceholder = () => {
           </div>
         </Placeholder>
         {/* replace buttons */}
-        <div className="w-25">
-          <Placeholder.Button variant="outline-dark" className="ms-1" xs={4} />
-          <Placeholder.Button variant="success" className="ms-1" xs={4} />
+        <div className="w-50 d-flex flex-row align-items-center gap-1">
+          <Placeholder.Button size="sm" variant="outline-dark" className="ms-1" xs={4} />
+          <Placeholder.Button size="sm" variant="dark" className="ms-1" xs={4} />
+          <Placeholder.Button size="sm" variant="success" className="ms-1" xs={4} />
         </div>
       </div>
       <div className="mt-3">

From 65e3c8ab000bf5d23daf88dacbf32a3efec87693 Mon Sep 17 00:00:00 2001
From: Nathan LeRoy <NLeRoy917@gmail.com>
Date: Wed, 10 Jul 2024 11:12:24 -0400
Subject: [PATCH 15/16] address some comments

---
 pephub/developer_keys.py    | 9 ++-------
 pephub/routers/auth/base.py | 8 ++------
 pephub/routers/models.py    | 6 ++++++
 3 files changed, 10 insertions(+), 13 deletions(-)

diff --git a/pephub/developer_keys.py b/pephub/developer_keys.py
index 6c75b90f..cc61113a 100644
--- a/pephub/developer_keys.py
+++ b/pephub/developer_keys.py
@@ -4,18 +4,13 @@
 import secrets
 
 from fastapi import HTTPException
-from pydantic import BaseModel
+
+from .routers.models import DeveloperKey
 
 from .helpers import jwt_encode_user_data
 from .const import MAX_NEW_KEYS
 
 
-class DeveloperKey(BaseModel):
-    key: str
-    created_at: str
-    expires: str
-
-
 class DeveloperKeyHandler:
     def __init__(self, default_exp: int = 30 * 24 * 60 * 60):
         self._keys: Dict[str, List[DeveloperKey]] = {}
diff --git a/pephub/routers/auth/base.py b/pephub/routers/auth/base.py
index 47011946..f918f6d1 100644
--- a/pephub/routers/auth/base.py
+++ b/pephub/routers/auth/base.py
@@ -8,7 +8,7 @@
 from dotenv import load_dotenv
 from fastapi import APIRouter, BackgroundTasks, Depends, Header, Request
 from fastapi.exceptions import HTTPException
-from fastapi.responses import RedirectResponse
+from fastapi.responses import RedirectResponse, JSONResponse
 from fastapi.templating import Jinja2Templates
 
 from ...limiter import limiter
@@ -109,7 +109,7 @@ def delete_user_key(
         dev_key_handler.remove_key(
             session_info["login"], revoke_request.last_five_chars
         )
-        return {"message": "Key deleted successfully."}
+        return JSONResponse({"message": "Key deleted successfully."}, status_code=202)
     else:
         raise HTTPException(status_code=401, detail="Invalid token")
 
@@ -176,10 +176,6 @@ def callback(
         headers={"Authorization": f"Bearer {x['access_token']}"},
     ).json()
 
-    # append the github access_token to the user data
-    u["gh_access_token"] = x["access_token"]
-    u["gh_refresh_token"] = x["refresh_token"]
-
     # encode the token
     token = CLIAuthSystem.jwt_encode_user_data(
         dict(orgs=[org["login"] for org in organizations], **u)
diff --git a/pephub/routers/models.py b/pephub/routers/models.py
index 97bd3b44..c88d2b68 100644
--- a/pephub/routers/models.py
+++ b/pephub/routers/models.py
@@ -100,3 +100,9 @@ class ProjectJsonRequest(BaseModel):
 
 class RevokeRequest(BaseModel):
     last_five_chars: str
+
+
+class DeveloperKey(BaseModel):
+    key: str
+    created_at: str
+    expires: str

From 922ed0a65a8628b52b4001ce860eb7937e269d0d Mon Sep 17 00:00:00 2001
From: Nathan LeRoy <NLeRoy917@gmail.com>
Date: Wed, 10 Jul 2024 11:17:19 -0400
Subject: [PATCH 16/16] address comments

---
 pephub/developer_keys.py           | 2 +-
 pephub/helpers.py                  | 6 ++++++
 pephub/limiter.py                  | 8 ++++++++
 pephub/routers/api/v1/namespace.py | 1 -
 4 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/pephub/developer_keys.py b/pephub/developer_keys.py
index cc61113a..2ec5bbf6 100644
--- a/pephub/developer_keys.py
+++ b/pephub/developer_keys.py
@@ -37,7 +37,7 @@ def get_keys_for_namespace(self, namespace: str) -> List[DeveloperKey]:
         """
         Get all the keys for a given namespace
 
-        namespace: str
+        :param namespace: namespace for the key
         """
         return self._keys.get(namespace) or []
 
diff --git a/pephub/helpers.py b/pephub/helpers.py
index 0ec53940..8cc08c65 100644
--- a/pephub/helpers.py
+++ b/pephub/helpers.py
@@ -20,6 +20,12 @@
 
 
 def jwt_encode_user_data(user_data: dict, exp: datetime = None) -> str:
+    """
+    Encode user data into a JWT token.
+
+    :param user_data: user data to encode
+    :param exp: expiration time for the token
+    """
     exp = exp or datetime.utcnow() + timedelta(minutes=JWT_EXPIRATION)
     encoded_user_data = jwt.encode(
         {**user_data, "exp": exp}, JWT_SECRET, algorithm="HS256"
diff --git a/pephub/limiter.py b/pephub/limiter.py
index 8294b148..d92814ec 100644
--- a/pephub/limiter.py
+++ b/pephub/limiter.py
@@ -8,6 +8,14 @@
 
 
 def _custom_rate_limit_exceeded_handler(request: Request, exc: RateLimitExceeded):
+    """
+    Custom rate limit exceeded handler. Simple wrapper around slowapi's handler to ensure that
+    we properly raise an HTTPException with status code 429.
+
+    :param request: request object
+    :param exc: RateLimitExceeded exception
+
+    """
     _ = _rate_limit_exceeded_handler(request, exc)
     raise HTTPException(
         status_code=429,
diff --git a/pephub/routers/api/v1/namespace.py b/pephub/routers/api/v1/namespace.py
index f1b412c6..1fe16e2b 100644
--- a/pephub/routers/api/v1/namespace.py
+++ b/pephub/routers/api/v1/namespace.py
@@ -40,7 +40,6 @@
     read_authorization_header,
     verify_user_can_write_namespace,
     get_pepdb_namespace_info,
-    get_user_from_session_info,
 )
 from ....helpers import parse_user_file_upload, split_upload_files_on_init_file
 from ...models import FavoriteRequest, ProjectJsonRequest, ProjectRawModel