Security enhancement to prevent disabled users from using API keys:
- Auto-disable all API keys when user is disabled/deleted
- Add user status validation during API key authentication
- Prevent API usage even if key is active but user is disabled
- Add comprehensive logging for security audit trail
This ensures disabled users cannot bypass restrictions through
existing API keys and maintains system security integrity.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Redirect users to API Keys tab after login instead of overview
- Remove Token Limit and Daily Cost Limit from user API key details modal
- Implement soft delete for API keys to preserve usage statistics
- Add admin endpoint to view deleted API keys with metadata
- Track deletion metadata (deletedBy, deletedAt, deletedByType)
- Ensure deleted API keys cannot be restored
- Include deleted key stats in user totals while excluding from active count
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
