diff --git a/packages/nc-gui/components/account/Token.vue b/packages/nc-gui/components/account/Token.vue index ec82567685..cbf49d9ed8 100644 --- a/packages/nc-gui/components/account/Token.vue +++ b/packages/nc-gui/components/account/Token.vue @@ -140,7 +140,8 @@ const isValidTokenName = ref(false) const deleteToken = async (token: string): Promise => { try { - await api.orgTokens.delete(token) + const id = allTokens.value.find((t) => t.token === token)?.id + await api.orgTokens.delete(id) // message.success(t('msg.success.tokenDeleted')) await loadTokens() diff --git a/packages/nc-gui/components/tabs/auth/ApiTokenManagement.vue b/packages/nc-gui/components/tabs/auth/ApiTokenManagement.vue index 35e12bb2a6..bc2f10b56e 100644 --- a/packages/nc-gui/components/tabs/auth/ApiTokenManagement.vue +++ b/packages/nc-gui/components/tabs/auth/ApiTokenManagement.vue @@ -67,7 +67,7 @@ const deleteToken = async () => { try { if (!base.value?.id || !selectedTokenData.value.token) return - await $api.apiToken.delete(base.value.id, selectedTokenData.value.token) + await $api.apiToken.delete(base.value.id, selectedTokenData.value.id) // Token deleted successfully message.success(t('msg.success.tokenDeleted')) diff --git a/packages/nocodb/src/controllers/api-tokens.controller.ts b/packages/nocodb/src/controllers/api-tokens.controller.ts index acedfd9004..4cba808fce 100644 --- a/packages/nocodb/src/controllers/api-tokens.controller.ts +++ b/packages/nocodb/src/controllers/api-tokens.controller.ts @@ -47,13 +47,13 @@ export class ApiTokensController { } @Delete([ - '/api/v1/db/meta/projects/:baseId/api-tokens/:token', - '/api/v2/meta/bases/:baseId/api-tokens/:token', + '/api/v1/db/meta/projects/:baseId/api-tokens/:tokenId', + '/api/v2/meta/bases/:baseId/api-tokens/:tokenId', ]) @Acl('baseApiTokenDelete') - async apiTokenDelete(@Req() req: NcRequest, @Param('token') token: string) { + async apiTokenDelete(@Req() req: NcRequest, @Param('tokenId') tokenId: string) { return await this.apiTokensService.apiTokenDelete({ - token, + tokenId, user: req['user'], req, }); diff --git a/packages/nocodb/src/controllers/org-tokens.controller.ts b/packages/nocodb/src/controllers/org-tokens.controller.ts index a879471fd1..80957aa1f9 100644 --- a/packages/nocodb/src/controllers/org-tokens.controller.ts +++ b/packages/nocodb/src/controllers/org-tokens.controller.ts @@ -55,15 +55,15 @@ export class OrgTokensController { }); } - @Delete('/api/v1/tokens/:token') + @Delete('/api/v1/tokens/:tokenId') @Acl('apiTokenDelete', { scope: 'org', // allowedRoles: [OrgUserRoles.SUPER], blockApiTokenAccess: true, }) - async apiTokenDelete(@Req() req: NcRequest, @Param('token') token: string) { + async apiTokenDelete(@Req() req: NcRequest, @Param('tokenId') tokenId: string) { await this.orgTokensService.apiTokenDelete({ - token, + tokenId, user: req['user'], req, }); diff --git a/packages/nocodb/src/models/ApiToken.ts b/packages/nocodb/src/models/ApiToken.ts index 8dfafb95c8..42ffd6b53e 100644 --- a/packages/nocodb/src/models/ApiToken.ts +++ b/packages/nocodb/src/models/ApiToken.ts @@ -66,16 +66,17 @@ export default class ApiToken implements ApiTokenType { return tokens?.map((t) => new ApiToken(t)); } - static async delete(token, ncMeta = Noco.ncMeta) { + static async delete(tokenId: string, ncMeta = Noco.ncMeta) { + const tokenData = await this.get(tokenId, ncMeta); await NocoCache.deepDel( - `${CacheScope.API_TOKEN}:${token}`, + `${CacheScope.API_TOKEN}:${tokenData.id}`, CacheDelDirection.CHILD_TO_PARENT, ); return await ncMeta.metaDelete( RootScopes.ROOT, RootScopes.ROOT, MetaTable.API_TOKENS, - { token }, + tokenId, ); } @@ -165,4 +166,13 @@ export default class ApiToken implements ApiTokenType { return queryBuilder; } + + static async get(tokenId: string, ncMeta = Noco.ncMeta) { + return await ncMeta.metaGet( + RootScopes.ROOT, + RootScopes.ROOT, + MetaTable.API_TOKENS, + tokenId, + ); + } } diff --git a/packages/nocodb/src/schema/swagger-v2.json b/packages/nocodb/src/schema/swagger-v2.json index f73000b519..36d1298fa0 100644 --- a/packages/nocodb/src/schema/swagger-v2.json +++ b/packages/nocodb/src/schema/swagger-v2.json @@ -11544,7 +11544,7 @@ } ] }, - "/api/v2/meta/bases/{baseId}/api-tokens/{token}": { + "/api/v2/meta/bases/{baseId}/api-tokens/{tokenId}": { "delete": { "summary": "Delete API Token", "operationId": "api-token-delete", @@ -11594,12 +11594,12 @@ { "schema": { "type": "string", - "example": "DYh540o8hbWpUGdarekECKLdN5OhlgCUWutVJYX2" + "example": "DYh540o8hbWp" }, - "name": "token", + "name": "tokenId", "in": "path", "required": true, - "description": "API Token" + "description": "API Token ID" } ] }, diff --git a/packages/nocodb/src/schema/swagger.json b/packages/nocodb/src/schema/swagger.json index 621171a8a3..c0b31098db 100644 --- a/packages/nocodb/src/schema/swagger.json +++ b/packages/nocodb/src/schema/swagger.json @@ -819,16 +819,16 @@ "description": "Creat an organisation API token. Access with API tokens will be blocked." } }, - "/api/v1/tokens/{token}": { + "/api/v1/tokens/{tokenId}": { "parameters": [ { "schema": { "type": "string" }, - "name": "token", + "name": "tokenId", "in": "path", "required": true, - "description": "API Token" + "description": "API Token ID" } ], "delete": { @@ -16429,7 +16429,7 @@ } ] }, - "/api/v1/db/meta/projects/{baseId}/api-tokens/{token}": { + "/api/v1/db/meta/projects/{baseId}/api-tokens/{tokenId}": { "delete": { "summary": "Delete API Token", "operationId": "api-token-delete", @@ -16479,12 +16479,12 @@ { "schema": { "type": "string", - "example": "DYh540o8hbWpUGdarekECKLdN5OhlgCUWutVJYX2" + "example": "DYh540o8hbWpU" }, - "name": "token", + "name": "tokenId", "in": "path", "required": true, - "description": "API Token" + "description": "API Token ID" } ] }, diff --git a/packages/nocodb/src/services/api-tokens.service.ts b/packages/nocodb/src/services/api-tokens.service.ts index 43b5f5db9e..1f16e18908 100644 --- a/packages/nocodb/src/services/api-tokens.service.ts +++ b/packages/nocodb/src/services/api-tokens.service.ts @@ -37,8 +37,8 @@ export class ApiTokensService { }); } - async apiTokenDelete(param: { token; user: User; req: NcRequest }) { - const apiToken = await ApiToken.getByToken(context, param.token); + async apiTokenDelete(param: { tokenId: string; user: User; req: NcRequest }) { + const apiToken = await ApiToken.get(param.tokenId); if ( !extractRolesObj(param.user.roles)[OrgUserRoles.SUPER_ADMIN] && apiToken.fk_user_id !== param.user.id @@ -48,11 +48,11 @@ export class ApiTokensService { this.appHooksService.emit(AppEvents.API_TOKEN_DELETE, { userId: param.user?.id, - token: param.token, + tokenId: param.tokenId, req: param.req, }); // todo: verify token belongs to the user - return await ApiToken.delete(context, param.token); + return await ApiToken.delete(param.tokenId); } } diff --git a/packages/nocodb/src/services/app-hooks/interfaces.ts b/packages/nocodb/src/services/app-hooks/interfaces.ts index ae06144b60..d302b9095c 100644 --- a/packages/nocodb/src/services/app-hooks/interfaces.ts +++ b/packages/nocodb/src/services/app-hooks/interfaces.ts @@ -176,7 +176,7 @@ export interface ApiTokenCreateEvent extends NcBaseEvent { export interface ApiTokenDeleteEvent extends NcBaseEvent { userId: string; - token: string; + tokenId: string; } export interface PluginTestEvent extends NcBaseEvent { diff --git a/packages/nocodb/src/services/org-tokens.service.ts b/packages/nocodb/src/services/org-tokens.service.ts index a0d499220b..5872d882ea 100644 --- a/packages/nocodb/src/services/org-tokens.service.ts +++ b/packages/nocodb/src/services/org-tokens.service.ts @@ -61,19 +61,19 @@ export class OrgTokensService { return apiToken; } - async apiTokenDelete(param: { user: User; token: string; req: NcRequest }) { + async apiTokenDelete(param: { user: User; tokenId: string; req: NcRequest }) { const fk_user_id = param.user.id; - const apiToken = await ApiToken.getByToken(param.token); + const apiToken = await ApiToken.get(param.tokenId); if ( !extractRolesObj(param.user.roles)[OrgUserRoles.SUPER_ADMIN] && apiToken.fk_user_id !== fk_user_id ) { NcError.notFound('Token not found'); } - const res = await ApiToken.delete(param.token); + const res = await ApiToken.delete(param.tokenId); this.appHooksService.emit(AppEvents.ORG_API_TOKEN_DELETE, { - token: param.token, + tokenId: param.tokenId, userId: param.user?.id, req: param['req'], });