github
/
nocodb
mirror of https://github.com/nocodb/nocodb
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

Merge pull request #9526 from nocodb/nc-refactor/api-token 

Nc refactor/api token
pull/9547/head
Pranav C 2 months ago committed by GitHub
parent
f4cba24832 4de0373f71
commit
2157a60a87
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
10 changed files with 43 additions and 32 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      packages/nc-gui/components/account/Token.vue
  2. 2
      packages/nc-gui/components/tabs/auth/ApiTokenManagement.vue
  3. 8
      packages/nocodb/src/controllers/api-tokens.controller.ts
  4. 6
      packages/nocodb/src/controllers/org-tokens.controller.ts
  5. 16
      packages/nocodb/src/models/ApiToken.ts
  6. 8
      packages/nocodb/src/schema/swagger-v2.json
  7. 14
      packages/nocodb/src/schema/swagger.json
  8. 8
      packages/nocodb/src/services/api-tokens.service.ts
  9. 2
      packages/nocodb/src/services/app-hooks/interfaces.ts
  10. 8
      packages/nocodb/src/services/org-tokens.service.ts

3
packages/nc-gui/components/account/Token.vue
Unescape View File

@ -140,7 +140,8 @@ const isValidTokenName = ref(false)
const deleteToken = async (token: string): Promise<void> => {
try {
await api.orgTokens.delete(token)
const id = allTokens.value.find((t) => t.token === token)?.id
await api.orgTokens.delete(id)
// message.success(t('msg.success.tokenDeleted'))
await loadTokens()

2
packages/nc-gui/components/tabs/auth/ApiTokenManagement.vue
Unescape View File

@ -67,7 +67,7 @@ const deleteToken = async () => {
try {
if (!base.value?.id || !selectedTokenData.value.token) return
await $api.apiToken.delete(base.value.id, selectedTokenData.value.token)
await $api.apiToken.delete(base.value.id, selectedTokenData.value.id)
// Token deleted successfully
message.success(t('msg.success.tokenDeleted'))

8
packages/nocodb/src/controllers/api-tokens.controller.ts
Unescape View File

@ -47,13 +47,13 @@ export class ApiTokensController {
}
@Delete([
'/api/v1/db/meta/projects/:baseId/api-tokens/:token',
'/api/v2/meta/bases/:baseId/api-tokens/:token',
'/api/v1/db/meta/projects/:baseId/api-tokens/:tokenId',
'/api/v2/meta/bases/:baseId/api-tokens/:tokenId',
])
@Acl('baseApiTokenDelete')
async apiTokenDelete(@Req() req: NcRequest, @Param('token') token: string) {
async apiTokenDelete(@Req() req: NcRequest, @Param('tokenId') tokenId: string) {
return await this.apiTokensService.apiTokenDelete({
token,
tokenId,
user: req['user'],
req,
});

6
packages/nocodb/src/controllers/org-tokens.controller.ts
Unescape View File

@ -55,15 +55,15 @@ export class OrgTokensController {
});
}
@Delete('/api/v1/tokens/:token')
@Delete('/api/v1/tokens/:tokenId')
@Acl('apiTokenDelete', {
scope: 'org',
// allowedRoles: [OrgUserRoles.SUPER],
blockApiTokenAccess: true,
})
async apiTokenDelete(@Req() req: NcRequest, @Param('token') token: string) {
async apiTokenDelete(@Req() req: NcRequest, @Param('tokenId') tokenId: string) {
await this.orgTokensService.apiTokenDelete({
token,
tokenId,
user: req['user'],
req,
});

16
packages/nocodb/src/models/ApiToken.ts
Unescape View File

@ -66,16 +66,17 @@ export default class ApiToken implements ApiTokenType {
return tokens?.map((t) => new ApiToken(t));
}
static async delete(token, ncMeta = Noco.ncMeta) {
static async delete(tokenId: string, ncMeta = Noco.ncMeta) {
const tokenData = await this.get(tokenId, ncMeta);
await NocoCache.deepDel(
`${CacheScope.API_TOKEN}:${token}`,
`${CacheScope.API_TOKEN}:${tokenData.id}`,
CacheDelDirection.CHILD_TO_PARENT,
);
return await ncMeta.metaDelete(
RootScopes.ROOT,
RootScopes.ROOT,
MetaTable.API_TOKENS,
{ token },
tokenId,
);
}
@ -165,4 +166,13 @@ export default class ApiToken implements ApiTokenType {
return queryBuilder;
}
static async get(tokenId: string, ncMeta = Noco.ncMeta) {
return await ncMeta.metaGet(
RootScopes.ROOT,
RootScopes.ROOT,
MetaTable.API_TOKENS,
tokenId,
);
}
}

8
packages/nocodb/src/schema/swagger-v2.json
Unescape View File

@ -11544,7 +11544,7 @@
}
]
},
"/api/v2/meta/bases/{baseId}/api-tokens/{token}": {
"/api/v2/meta/bases/{baseId}/api-tokens/{tokenId}": {
"delete": {
"summary": "Delete API Token",
"operationId": "api-token-delete",
@ -11594,12 +11594,12 @@
{
"schema": {
"type": "string",
"example": "DYh540o8hbWpUGdarekECKLdN5OhlgCUWutVJYX2"
"example": "DYh540o8hbWp"
},
"name": "token",
"name": "tokenId",
"in": "path",
"required": true,
"description": "API Token"
"description": "API Token ID"
}
]
},

14
packages/nocodb/src/schema/swagger.json
Unescape View File

@ -819,16 +819,16 @@
"description": "Creat an organisation API token. Access with API tokens will be blocked."
}
},
"/api/v1/tokens/{token}": {
"/api/v1/tokens/{tokenId}": {
"parameters": [
{
"schema": {
"type": "string"
},
"name": "token",
"name": "tokenId",
"in": "path",
"required": true,
"description": "API Token"
"description": "API Token ID"
}
],
"delete": {
@ -16429,7 +16429,7 @@
}
]
},
"/api/v1/db/meta/projects/{baseId}/api-tokens/{token}": {
"/api/v1/db/meta/projects/{baseId}/api-tokens/{tokenId}": {
"delete": {
"summary": "Delete API Token",
"operationId": "api-token-delete",
@ -16479,12 +16479,12 @@
{
"schema": {
"type": "string",
"example": "DYh540o8hbWpUGdarekECKLdN5OhlgCUWutVJYX2"
"example": "DYh540o8hbWpU"
},
"name": "token",
"name": "tokenId",
"in": "path",
"required": true,
"description": "API Token"
"description": "API Token ID"
}
]
},

8
packages/nocodb/src/services/api-tokens.service.ts
Unescape View File

@ -37,8 +37,8 @@ export class ApiTokensService {
});
}
async apiTokenDelete(param: { token; user: User; req: NcRequest }) {
const apiToken = await ApiToken.getByToken(context, param.token);
async apiTokenDelete(param: { tokenId: string; user: User; req: NcRequest }) {
const apiToken = await ApiToken.get(param.tokenId);
if (
!extractRolesObj(param.user.roles)[OrgUserRoles.SUPER_ADMIN] &&
apiToken.fk_user_id !== param.user.id
@ -48,11 +48,11 @@ export class ApiTokensService {
this.appHooksService.emit(AppEvents.API_TOKEN_DELETE, {
userId: param.user?.id,
token: param.token,
tokenId: param.tokenId,
req: param.req,
});
// todo: verify token belongs to the user
return await ApiToken.delete(context, param.token);
return await ApiToken.delete(param.tokenId);
}
}

2
packages/nocodb/src/services/app-hooks/interfaces.ts
Unescape View File

@ -176,7 +176,7 @@ export interface ApiTokenCreateEvent extends NcBaseEvent {
export interface ApiTokenDeleteEvent extends NcBaseEvent {
userId: string;
token: string;
tokenId: string;
}
export interface PluginTestEvent extends NcBaseEvent {

8
packages/nocodb/src/services/org-tokens.service.ts
Unescape View File

@ -61,19 +61,19 @@ export class OrgTokensService {
return apiToken;
}
async apiTokenDelete(param: { user: User; token: string; req: NcRequest }) {
async apiTokenDelete(param: { user: User; tokenId: string; req: NcRequest }) {
const fk_user_id = param.user.id;
const apiToken = await ApiToken.getByToken(param.token);
const apiToken = await ApiToken.get(param.tokenId);
if (
!extractRolesObj(param.user.roles)[OrgUserRoles.SUPER_ADMIN] &&
apiToken.fk_user_id !== fk_user_id
) {
NcError.notFound('Token not found');
}
const res = await ApiToken.delete(param.token);
const res = await ApiToken.delete(param.tokenId);
this.appHooksService.emit(AppEvents.ORG_API_TOKEN_DELETE, {
token: param.token,
tokenId: param.tokenId,
userId: param.user?.id,
req: param['req'],
});

Write Preview
Loading…
Cancel
Save