Browse Source

Merge pull request #9526 from nocodb/nc-refactor/api-token

Nc refactor/api token
pull/9547/head
Pranav C 3 months ago committed by GitHub
parent
commit
2157a60a87
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
  1. 3
      packages/nc-gui/components/account/Token.vue
  2. 2
      packages/nc-gui/components/tabs/auth/ApiTokenManagement.vue
  3. 8
      packages/nocodb/src/controllers/api-tokens.controller.ts
  4. 6
      packages/nocodb/src/controllers/org-tokens.controller.ts
  5. 16
      packages/nocodb/src/models/ApiToken.ts
  6. 8
      packages/nocodb/src/schema/swagger-v2.json
  7. 14
      packages/nocodb/src/schema/swagger.json
  8. 8
      packages/nocodb/src/services/api-tokens.service.ts
  9. 2
      packages/nocodb/src/services/app-hooks/interfaces.ts
  10. 8
      packages/nocodb/src/services/org-tokens.service.ts

3
packages/nc-gui/components/account/Token.vue

@ -140,7 +140,8 @@ const isValidTokenName = ref(false)
const deleteToken = async (token: string): Promise<void> => {
try {
await api.orgTokens.delete(token)
const id = allTokens.value.find((t) => t.token === token)?.id
await api.orgTokens.delete(id)
// message.success(t('msg.success.tokenDeleted'))
await loadTokens()

2
packages/nc-gui/components/tabs/auth/ApiTokenManagement.vue

@ -67,7 +67,7 @@ const deleteToken = async () => {
try {
if (!base.value?.id || !selectedTokenData.value.token) return
await $api.apiToken.delete(base.value.id, selectedTokenData.value.token)
await $api.apiToken.delete(base.value.id, selectedTokenData.value.id)
// Token deleted successfully
message.success(t('msg.success.tokenDeleted'))

8
packages/nocodb/src/controllers/api-tokens.controller.ts

@ -47,13 +47,13 @@ export class ApiTokensController {
}
@Delete([
'/api/v1/db/meta/projects/:baseId/api-tokens/:token',
'/api/v2/meta/bases/:baseId/api-tokens/:token',
'/api/v1/db/meta/projects/:baseId/api-tokens/:tokenId',
'/api/v2/meta/bases/:baseId/api-tokens/:tokenId',
])
@Acl('baseApiTokenDelete')
async apiTokenDelete(@Req() req: NcRequest, @Param('token') token: string) {
async apiTokenDelete(@Req() req: NcRequest, @Param('tokenId') tokenId: string) {
return await this.apiTokensService.apiTokenDelete({
token,
tokenId,
user: req['user'],
req,
});

6
packages/nocodb/src/controllers/org-tokens.controller.ts

@ -55,15 +55,15 @@ export class OrgTokensController {
});
}
@Delete('/api/v1/tokens/:token')
@Delete('/api/v1/tokens/:tokenId')
@Acl('apiTokenDelete', {
scope: 'org',
// allowedRoles: [OrgUserRoles.SUPER],
blockApiTokenAccess: true,
})
async apiTokenDelete(@Req() req: NcRequest, @Param('token') token: string) {
async apiTokenDelete(@Req() req: NcRequest, @Param('tokenId') tokenId: string) {
await this.orgTokensService.apiTokenDelete({
token,
tokenId,
user: req['user'],
req,
});

16
packages/nocodb/src/models/ApiToken.ts

@ -66,16 +66,17 @@ export default class ApiToken implements ApiTokenType {
return tokens?.map((t) => new ApiToken(t));
}
static async delete(token, ncMeta = Noco.ncMeta) {
static async delete(tokenId: string, ncMeta = Noco.ncMeta) {
const tokenData = await this.get(tokenId, ncMeta);
await NocoCache.deepDel(
`${CacheScope.API_TOKEN}:${token}`,
`${CacheScope.API_TOKEN}:${tokenData.id}`,
CacheDelDirection.CHILD_TO_PARENT,
);
return await ncMeta.metaDelete(
RootScopes.ROOT,
RootScopes.ROOT,
MetaTable.API_TOKENS,
{ token },
tokenId,
);
}
@ -165,4 +166,13 @@ export default class ApiToken implements ApiTokenType {
return queryBuilder;
}
static async get(tokenId: string, ncMeta = Noco.ncMeta) {
return await ncMeta.metaGet(
RootScopes.ROOT,
RootScopes.ROOT,
MetaTable.API_TOKENS,
tokenId,
);
}
}

8
packages/nocodb/src/schema/swagger-v2.json

@ -11544,7 +11544,7 @@
}
]
},
"/api/v2/meta/bases/{baseId}/api-tokens/{token}": {
"/api/v2/meta/bases/{baseId}/api-tokens/{tokenId}": {
"delete": {
"summary": "Delete API Token",
"operationId": "api-token-delete",
@ -11594,12 +11594,12 @@
{
"schema": {
"type": "string",
"example": "DYh540o8hbWpUGdarekECKLdN5OhlgCUWutVJYX2"
"example": "DYh540o8hbWp"
},
"name": "token",
"name": "tokenId",
"in": "path",
"required": true,
"description": "API Token"
"description": "API Token ID"
}
]
},

14
packages/nocodb/src/schema/swagger.json

@ -819,16 +819,16 @@
"description": "Creat an organisation API token. Access with API tokens will be blocked."
}
},
"/api/v1/tokens/{token}": {
"/api/v1/tokens/{tokenId}": {
"parameters": [
{
"schema": {
"type": "string"
},
"name": "token",
"name": "tokenId",
"in": "path",
"required": true,
"description": "API Token"
"description": "API Token ID"
}
],
"delete": {
@ -16429,7 +16429,7 @@
}
]
},
"/api/v1/db/meta/projects/{baseId}/api-tokens/{token}": {
"/api/v1/db/meta/projects/{baseId}/api-tokens/{tokenId}": {
"delete": {
"summary": "Delete API Token",
"operationId": "api-token-delete",
@ -16479,12 +16479,12 @@
{
"schema": {
"type": "string",
"example": "DYh540o8hbWpUGdarekECKLdN5OhlgCUWutVJYX2"
"example": "DYh540o8hbWpU"
},
"name": "token",
"name": "tokenId",
"in": "path",
"required": true,
"description": "API Token"
"description": "API Token ID"
}
]
},

8
packages/nocodb/src/services/api-tokens.service.ts

@ -37,8 +37,8 @@ export class ApiTokensService {
});
}
async apiTokenDelete(param: { token; user: User; req: NcRequest }) {
const apiToken = await ApiToken.getByToken(context, param.token);
async apiTokenDelete(param: { tokenId: string; user: User; req: NcRequest }) {
const apiToken = await ApiToken.get(param.tokenId);
if (
!extractRolesObj(param.user.roles)[OrgUserRoles.SUPER_ADMIN] &&
apiToken.fk_user_id !== param.user.id
@ -48,11 +48,11 @@ export class ApiTokensService {
this.appHooksService.emit(AppEvents.API_TOKEN_DELETE, {
userId: param.user?.id,
token: param.token,
tokenId: param.tokenId,
req: param.req,
});
// todo: verify token belongs to the user
return await ApiToken.delete(context, param.token);
return await ApiToken.delete(param.tokenId);
}
}

2
packages/nocodb/src/services/app-hooks/interfaces.ts

@ -176,7 +176,7 @@ export interface ApiTokenCreateEvent extends NcBaseEvent {
export interface ApiTokenDeleteEvent extends NcBaseEvent {
userId: string;
token: string;
tokenId: string;
}
export interface PluginTestEvent extends NcBaseEvent {

8
packages/nocodb/src/services/org-tokens.service.ts

@ -61,19 +61,19 @@ export class OrgTokensService {
return apiToken;
}
async apiTokenDelete(param: { user: User; token: string; req: NcRequest }) {
async apiTokenDelete(param: { user: User; tokenId: string; req: NcRequest }) {
const fk_user_id = param.user.id;
const apiToken = await ApiToken.getByToken(param.token);
const apiToken = await ApiToken.get(param.tokenId);
if (
!extractRolesObj(param.user.roles)[OrgUserRoles.SUPER_ADMIN] &&
apiToken.fk_user_id !== fk_user_id
) {
NcError.notFound('Token not found');
}
const res = await ApiToken.delete(param.token);
const res = await ApiToken.delete(param.tokenId);
this.appHooksService.emit(AppEvents.ORG_API_TOKEN_DELETE, {
token: param.token,
tokenId: param.tokenId,
userId: param.user?.id,
req: param['req'],
});

Loading…
Cancel
Save