From 47f546e8e6f95ef2124a66d50519b7a7f74ad975 Mon Sep 17 00:00:00 2001 From: Pranav C Date: Fri, 20 Sep 2024 18:29:11 +0000 Subject: [PATCH] refactor: replace token with tokenId in the token deletion API --- .../src/controllers/api-tokens.controller.ts | 8 ++++---- .../src/controllers/org-tokens.controller.ts | 6 +++--- packages/nocodb/src/models/ApiToken.ts | 16 +++++++++++++--- .../nocodb/src/services/api-tokens.service.ts | 8 ++++---- .../nocodb/src/services/app-hooks/interfaces.ts | 2 +- .../nocodb/src/services/org-tokens.service.ts | 8 ++++---- 6 files changed, 29 insertions(+), 19 deletions(-) diff --git a/packages/nocodb/src/controllers/api-tokens.controller.ts b/packages/nocodb/src/controllers/api-tokens.controller.ts index acedfd9004..4cba808fce 100644 --- a/packages/nocodb/src/controllers/api-tokens.controller.ts +++ b/packages/nocodb/src/controllers/api-tokens.controller.ts @@ -47,13 +47,13 @@ export class ApiTokensController { } @Delete([ - '/api/v1/db/meta/projects/:baseId/api-tokens/:token', - '/api/v2/meta/bases/:baseId/api-tokens/:token', + '/api/v1/db/meta/projects/:baseId/api-tokens/:tokenId', + '/api/v2/meta/bases/:baseId/api-tokens/:tokenId', ]) @Acl('baseApiTokenDelete') - async apiTokenDelete(@Req() req: NcRequest, @Param('token') token: string) { + async apiTokenDelete(@Req() req: NcRequest, @Param('tokenId') tokenId: string) { return await this.apiTokensService.apiTokenDelete({ - token, + tokenId, user: req['user'], req, }); diff --git a/packages/nocodb/src/controllers/org-tokens.controller.ts b/packages/nocodb/src/controllers/org-tokens.controller.ts index a879471fd1..80957aa1f9 100644 --- a/packages/nocodb/src/controllers/org-tokens.controller.ts +++ b/packages/nocodb/src/controllers/org-tokens.controller.ts @@ -55,15 +55,15 @@ export class OrgTokensController { }); } - @Delete('/api/v1/tokens/:token') + @Delete('/api/v1/tokens/:tokenId') @Acl('apiTokenDelete', { scope: 'org', // allowedRoles: [OrgUserRoles.SUPER], blockApiTokenAccess: true, }) - async apiTokenDelete(@Req() req: NcRequest, @Param('token') token: string) { + async apiTokenDelete(@Req() req: NcRequest, @Param('tokenId') tokenId: string) { await this.orgTokensService.apiTokenDelete({ - token, + tokenId, user: req['user'], req, }); diff --git a/packages/nocodb/src/models/ApiToken.ts b/packages/nocodb/src/models/ApiToken.ts index 8dfafb95c8..42ffd6b53e 100644 --- a/packages/nocodb/src/models/ApiToken.ts +++ b/packages/nocodb/src/models/ApiToken.ts @@ -66,16 +66,17 @@ export default class ApiToken implements ApiTokenType { return tokens?.map((t) => new ApiToken(t)); } - static async delete(token, ncMeta = Noco.ncMeta) { + static async delete(tokenId: string, ncMeta = Noco.ncMeta) { + const tokenData = await this.get(tokenId, ncMeta); await NocoCache.deepDel( - `${CacheScope.API_TOKEN}:${token}`, + `${CacheScope.API_TOKEN}:${tokenData.id}`, CacheDelDirection.CHILD_TO_PARENT, ); return await ncMeta.metaDelete( RootScopes.ROOT, RootScopes.ROOT, MetaTable.API_TOKENS, - { token }, + tokenId, ); } @@ -165,4 +166,13 @@ export default class ApiToken implements ApiTokenType { return queryBuilder; } + + static async get(tokenId: string, ncMeta = Noco.ncMeta) { + return await ncMeta.metaGet( + RootScopes.ROOT, + RootScopes.ROOT, + MetaTable.API_TOKENS, + tokenId, + ); + } } diff --git a/packages/nocodb/src/services/api-tokens.service.ts b/packages/nocodb/src/services/api-tokens.service.ts index 43b5f5db9e..1f16e18908 100644 --- a/packages/nocodb/src/services/api-tokens.service.ts +++ b/packages/nocodb/src/services/api-tokens.service.ts @@ -37,8 +37,8 @@ export class ApiTokensService { }); } - async apiTokenDelete(param: { token; user: User; req: NcRequest }) { - const apiToken = await ApiToken.getByToken(context, param.token); + async apiTokenDelete(param: { tokenId: string; user: User; req: NcRequest }) { + const apiToken = await ApiToken.get(param.tokenId); if ( !extractRolesObj(param.user.roles)[OrgUserRoles.SUPER_ADMIN] && apiToken.fk_user_id !== param.user.id @@ -48,11 +48,11 @@ export class ApiTokensService { this.appHooksService.emit(AppEvents.API_TOKEN_DELETE, { userId: param.user?.id, - token: param.token, + tokenId: param.tokenId, req: param.req, }); // todo: verify token belongs to the user - return await ApiToken.delete(context, param.token); + return await ApiToken.delete(param.tokenId); } } diff --git a/packages/nocodb/src/services/app-hooks/interfaces.ts b/packages/nocodb/src/services/app-hooks/interfaces.ts index ae06144b60..d302b9095c 100644 --- a/packages/nocodb/src/services/app-hooks/interfaces.ts +++ b/packages/nocodb/src/services/app-hooks/interfaces.ts @@ -176,7 +176,7 @@ export interface ApiTokenCreateEvent extends NcBaseEvent { export interface ApiTokenDeleteEvent extends NcBaseEvent { userId: string; - token: string; + tokenId: string; } export interface PluginTestEvent extends NcBaseEvent { diff --git a/packages/nocodb/src/services/org-tokens.service.ts b/packages/nocodb/src/services/org-tokens.service.ts index a0d499220b..4fd444a291 100644 --- a/packages/nocodb/src/services/org-tokens.service.ts +++ b/packages/nocodb/src/services/org-tokens.service.ts @@ -61,19 +61,19 @@ export class OrgTokensService { return apiToken; } - async apiTokenDelete(param: { user: User; token: string; req: NcRequest }) { + async apiTokenDelete(param: { user: User; tokenId: string; req: NcRequest }) { const fk_user_id = param.user.id; - const apiToken = await ApiToken.getByToken(param.token); + const apiToken = await ApiToken.get(param.tokenId); if ( !extractRolesObj(param.user.roles)[OrgUserRoles.SUPER_ADMIN] && apiToken.fk_user_id !== fk_user_id ) { NcError.notFound('Token not found'); } - const res = await ApiToken.delete(param.token); + const res = await ApiToken.delete(param.tokenId); this.appHooksService.emit(AppEvents.ORG_API_TOKEN_DELETE, { - token: param.token, + tokenId: param.token, userId: param.user?.id, req: param['req'], });