Browse Source

refactor: replace token with tokenId in the token deletion API

pull/9526/head
Pranav C 3 months ago
parent
commit
47f546e8e6
  1. 8
      packages/nocodb/src/controllers/api-tokens.controller.ts
  2. 6
      packages/nocodb/src/controllers/org-tokens.controller.ts
  3. 16
      packages/nocodb/src/models/ApiToken.ts
  4. 8
      packages/nocodb/src/services/api-tokens.service.ts
  5. 2
      packages/nocodb/src/services/app-hooks/interfaces.ts
  6. 8
      packages/nocodb/src/services/org-tokens.service.ts

8
packages/nocodb/src/controllers/api-tokens.controller.ts

@ -47,13 +47,13 @@ export class ApiTokensController {
}
@Delete([
'/api/v1/db/meta/projects/:baseId/api-tokens/:token',
'/api/v2/meta/bases/:baseId/api-tokens/:token',
'/api/v1/db/meta/projects/:baseId/api-tokens/:tokenId',
'/api/v2/meta/bases/:baseId/api-tokens/:tokenId',
])
@Acl('baseApiTokenDelete')
async apiTokenDelete(@Req() req: NcRequest, @Param('token') token: string) {
async apiTokenDelete(@Req() req: NcRequest, @Param('tokenId') tokenId: string) {
return await this.apiTokensService.apiTokenDelete({
token,
tokenId,
user: req['user'],
req,
});

6
packages/nocodb/src/controllers/org-tokens.controller.ts

@ -55,15 +55,15 @@ export class OrgTokensController {
});
}
@Delete('/api/v1/tokens/:token')
@Delete('/api/v1/tokens/:tokenId')
@Acl('apiTokenDelete', {
scope: 'org',
// allowedRoles: [OrgUserRoles.SUPER],
blockApiTokenAccess: true,
})
async apiTokenDelete(@Req() req: NcRequest, @Param('token') token: string) {
async apiTokenDelete(@Req() req: NcRequest, @Param('tokenId') tokenId: string) {
await this.orgTokensService.apiTokenDelete({
token,
tokenId,
user: req['user'],
req,
});

16
packages/nocodb/src/models/ApiToken.ts

@ -66,16 +66,17 @@ export default class ApiToken implements ApiTokenType {
return tokens?.map((t) => new ApiToken(t));
}
static async delete(token, ncMeta = Noco.ncMeta) {
static async delete(tokenId: string, ncMeta = Noco.ncMeta) {
const tokenData = await this.get(tokenId, ncMeta);
await NocoCache.deepDel(
`${CacheScope.API_TOKEN}:${token}`,
`${CacheScope.API_TOKEN}:${tokenData.id}`,
CacheDelDirection.CHILD_TO_PARENT,
);
return await ncMeta.metaDelete(
RootScopes.ROOT,
RootScopes.ROOT,
MetaTable.API_TOKENS,
{ token },
tokenId,
);
}
@ -165,4 +166,13 @@ export default class ApiToken implements ApiTokenType {
return queryBuilder;
}
static async get(tokenId: string, ncMeta = Noco.ncMeta) {
return await ncMeta.metaGet(
RootScopes.ROOT,
RootScopes.ROOT,
MetaTable.API_TOKENS,
tokenId,
);
}
}

8
packages/nocodb/src/services/api-tokens.service.ts

@ -37,8 +37,8 @@ export class ApiTokensService {
});
}
async apiTokenDelete(param: { token; user: User; req: NcRequest }) {
const apiToken = await ApiToken.getByToken(context, param.token);
async apiTokenDelete(param: { tokenId: string; user: User; req: NcRequest }) {
const apiToken = await ApiToken.get(param.tokenId);
if (
!extractRolesObj(param.user.roles)[OrgUserRoles.SUPER_ADMIN] &&
apiToken.fk_user_id !== param.user.id
@ -48,11 +48,11 @@ export class ApiTokensService {
this.appHooksService.emit(AppEvents.API_TOKEN_DELETE, {
userId: param.user?.id,
token: param.token,
tokenId: param.tokenId,
req: param.req,
});
// todo: verify token belongs to the user
return await ApiToken.delete(context, param.token);
return await ApiToken.delete(param.tokenId);
}
}

2
packages/nocodb/src/services/app-hooks/interfaces.ts

@ -176,7 +176,7 @@ export interface ApiTokenCreateEvent extends NcBaseEvent {
export interface ApiTokenDeleteEvent extends NcBaseEvent {
userId: string;
token: string;
tokenId: string;
}
export interface PluginTestEvent extends NcBaseEvent {

8
packages/nocodb/src/services/org-tokens.service.ts

@ -61,19 +61,19 @@ export class OrgTokensService {
return apiToken;
}
async apiTokenDelete(param: { user: User; token: string; req: NcRequest }) {
async apiTokenDelete(param: { user: User; tokenId: string; req: NcRequest }) {
const fk_user_id = param.user.id;
const apiToken = await ApiToken.getByToken(param.token);
const apiToken = await ApiToken.get(param.tokenId);
if (
!extractRolesObj(param.user.roles)[OrgUserRoles.SUPER_ADMIN] &&
apiToken.fk_user_id !== fk_user_id
) {
NcError.notFound('Token not found');
}
const res = await ApiToken.delete(param.token);
const res = await ApiToken.delete(param.tokenId);
this.appHooksService.emit(AppEvents.ORG_API_TOKEN_DELETE, {
token: param.token,
tokenId: param.token,
userId: param.user?.id,
req: param['req'],
});

Loading…
Cancel
Save