feat: Add API key authentication system for external service access (#1757)

* Initial plan

* feat: Add API key authentication system backend

Co-authored-by: RockChinQ <45992437+RockChinQ@users.noreply.github.com>

* feat: Add API key management UI in frontend sidebar

Co-authored-by: RockChinQ <45992437+RockChinQ@users.noreply.github.com>

* fix: Correct import paths in API controller groups

Co-authored-by: RockChinQ <45992437+RockChinQ@users.noreply.github.com>

* fix: Address code review feedback - add i18n and validation

Co-authored-by: RockChinQ <45992437+RockChinQ@users.noreply.github.com>

* refactor: Enable API key auth on existing endpoints instead of creating separate service API

- Added USER_TOKEN_OR_API_KEY auth type that accepts both authentication methods
- Removed separate /api/service/v1/models endpoints
- Updated existing endpoints (models, bots, pipelines) to accept API keys
- External services can now use API keys to access all existing LangBot APIs
- Updated documentation to reflect unified API approach

Co-authored-by: RockChinQ <45992437+RockChinQ@users.noreply.github.com>

* docs: Add OpenAPI specification for API key authenticated endpoints

Co-authored-by: RockChinQ <45992437+RockChinQ@users.noreply.github.com>

* chore: rename openapi spec

* perf: ui and i18n

* fix: ui bug

* chore: tidy docs

* chore: fix linter errors

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: RockChinQ <45992437+RockChinQ@users.noreply.github.com>
Co-authored-by: Junyan Qin <rockchinq@gmail.com>

pkg/api/http/service/apikey.py

@@ -0,0 +1,79 @@
+from __future__ import annotations
+
+import secrets
+import sqlalchemy
+
+from ....core import app
+from ....entity.persistence import apikey
+
+
+class ApiKeyService:
+    ap: app.Application
+
+    def __init__(self, ap: app.Application) -> None:
+        self.ap = ap
+
+    async def get_api_keys(self) -> list[dict]:
+        """Get all API keys"""
+        result = await self.ap.persistence_mgr.execute_async(sqlalchemy.select(apikey.ApiKey))
+
+        keys = result.all()
+        return [self.ap.persistence_mgr.serialize_model(apikey.ApiKey, key) for key in keys]
+
+    async def create_api_key(self, name: str, description: str = '') -> dict:
+        """Create a new API key"""
+        # Generate a secure random API key
+        key = f'lbk_{secrets.token_urlsafe(32)}'
+
+        key_data = {'name': name, 'key': key, 'description': description}
+
+        await self.ap.persistence_mgr.execute_async(sqlalchemy.insert(apikey.ApiKey).values(**key_data))
+
+        # Retrieve the created key
+        result = await self.ap.persistence_mgr.execute_async(
+            sqlalchemy.select(apikey.ApiKey).where(apikey.ApiKey.key == key)
+        )
+        created_key = result.first()
+
+        return self.ap.persistence_mgr.serialize_model(apikey.ApiKey, created_key)
+
+    async def get_api_key(self, key_id: int) -> dict | None:
+        """Get a specific API key by ID"""
+        result = await self.ap.persistence_mgr.execute_async(
+            sqlalchemy.select(apikey.ApiKey).where(apikey.ApiKey.id == key_id)
+        )
+
+        key = result.first()
+
+        if key is None:
+            return None
+
+        return self.ap.persistence_mgr.serialize_model(apikey.ApiKey, key)
+
+    async def verify_api_key(self, key: str) -> bool:
+        """Verify if an API key is valid"""
+        result = await self.ap.persistence_mgr.execute_async(
+            sqlalchemy.select(apikey.ApiKey).where(apikey.ApiKey.key == key)
+        )
+
+        key_obj = result.first()
+        return key_obj is not None
+
+    async def delete_api_key(self, key_id: int) -> None:
+        """Delete an API key"""
+        await self.ap.persistence_mgr.execute_async(
+            sqlalchemy.delete(apikey.ApiKey).where(apikey.ApiKey.id == key_id)
+        )
+
+    async def update_api_key(self, key_id: int, name: str = None, description: str = None) -> None:
+        """Update an API key's metadata (name, description)"""
+        update_data = {}
+        if name is not None:
+            update_data['name'] = name
+        if description is not None:
+            update_data['description'] = description
+
+        if update_data:
+            await self.ap.persistence_mgr.execute_async(
+                sqlalchemy.update(apikey.ApiKey).where(apikey.ApiKey.id == key_id).values(**update_data)
+            )