github
/
nocodb
mirror of https://github.com/nocodb/nocodb
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

refactor: replace token with tokenId in the token deletion API

pull/9526/head
Pranav C 2 months ago
parent
e8093293c4
commit
47f546e8e6
6 changed files with 29 additions and 19 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      packages/nocodb/src/controllers/api-tokens.controller.ts
  2. 6
      packages/nocodb/src/controllers/org-tokens.controller.ts
  3. 16
      packages/nocodb/src/models/ApiToken.ts
  4. 8
      packages/nocodb/src/services/api-tokens.service.ts
  5. 2
      packages/nocodb/src/services/app-hooks/interfaces.ts
  6. 8
      packages/nocodb/src/services/org-tokens.service.ts

8
packages/nocodb/src/controllers/api-tokens.controller.ts
Unescape View File

@ -47,13 +47,13 @@ export class ApiTokensController {
}
@Delete([
'/api/v1/db/meta/projects/:baseId/api-tokens/:token',
'/api/v2/meta/bases/:baseId/api-tokens/:token',
'/api/v1/db/meta/projects/:baseId/api-tokens/:tokenId',
'/api/v2/meta/bases/:baseId/api-tokens/:tokenId',
])
@Acl('baseApiTokenDelete')
async apiTokenDelete(@Req() req: NcRequest, @Param('token') token: string) {
async apiTokenDelete(@Req() req: NcRequest, @Param('tokenId') tokenId: string) {
return await this.apiTokensService.apiTokenDelete({
token,
tokenId,
user: req['user'],
req,
});

6
packages/nocodb/src/controllers/org-tokens.controller.ts
Unescape View File

@ -55,15 +55,15 @@ export class OrgTokensController {
});
}
@Delete('/api/v1/tokens/:token')
@Delete('/api/v1/tokens/:tokenId')
@Acl('apiTokenDelete', {
scope: 'org',
// allowedRoles: [OrgUserRoles.SUPER],
blockApiTokenAccess: true,
})
async apiTokenDelete(@Req() req: NcRequest, @Param('token') token: string) {
async apiTokenDelete(@Req() req: NcRequest, @Param('tokenId') tokenId: string) {
await this.orgTokensService.apiTokenDelete({
token,
tokenId,
user: req['user'],
req,
});

16
packages/nocodb/src/models/ApiToken.ts
Unescape View File

@ -66,16 +66,17 @@ export default class ApiToken implements ApiTokenType {
return tokens?.map((t) => new ApiToken(t));
}
static async delete(token, ncMeta = Noco.ncMeta) {
static async delete(tokenId: string, ncMeta = Noco.ncMeta) {
const tokenData = await this.get(tokenId, ncMeta);
await NocoCache.deepDel(
`${CacheScope.API_TOKEN}:${token}`,
`${CacheScope.API_TOKEN}:${tokenData.id}`,
CacheDelDirection.CHILD_TO_PARENT,
);
return await ncMeta.metaDelete(
RootScopes.ROOT,
RootScopes.ROOT,
MetaTable.API_TOKENS,
{ token },
tokenId,
);
}
@ -165,4 +166,13 @@ export default class ApiToken implements ApiTokenType {
return queryBuilder;
}
static async get(tokenId: string, ncMeta = Noco.ncMeta) {
return await ncMeta.metaGet(
RootScopes.ROOT,
RootScopes.ROOT,
MetaTable.API_TOKENS,
tokenId,
);
}
}

8
packages/nocodb/src/services/api-tokens.service.ts
Unescape View File

@ -37,8 +37,8 @@ export class ApiTokensService {
});
}
async apiTokenDelete(param: { token; user: User; req: NcRequest }) {
const apiToken = await ApiToken.getByToken(context, param.token);
async apiTokenDelete(param: { tokenId: string; user: User; req: NcRequest }) {
const apiToken = await ApiToken.get(param.tokenId);
if (
!extractRolesObj(param.user.roles)[OrgUserRoles.SUPER_ADMIN] &&
apiToken.fk_user_id !== param.user.id
@ -48,11 +48,11 @@ export class ApiTokensService {
this.appHooksService.emit(AppEvents.API_TOKEN_DELETE, {
userId: param.user?.id,
token: param.token,
tokenId: param.tokenId,
req: param.req,
});
// todo: verify token belongs to the user
return await ApiToken.delete(context, param.token);
return await ApiToken.delete(param.tokenId);
}
}

2
packages/nocodb/src/services/app-hooks/interfaces.ts
Unescape View File

@ -176,7 +176,7 @@ export interface ApiTokenCreateEvent extends NcBaseEvent {
export interface ApiTokenDeleteEvent extends NcBaseEvent {
userId: string;
token: string;
tokenId: string;
}
export interface PluginTestEvent extends NcBaseEvent {

8
packages/nocodb/src/services/org-tokens.service.ts
Unescape View File

@ -61,19 +61,19 @@ export class OrgTokensService {
return apiToken;
}
async apiTokenDelete(param: { user: User; token: string; req: NcRequest }) {
async apiTokenDelete(param: { user: User; tokenId: string; req: NcRequest }) {
const fk_user_id = param.user.id;
const apiToken = await ApiToken.getByToken(param.token);
const apiToken = await ApiToken.get(param.tokenId);
if (
!extractRolesObj(param.user.roles)[OrgUserRoles.SUPER_ADMIN] &&
apiToken.fk_user_id !== fk_user_id
) {
NcError.notFound('Token not found');
}
const res = await ApiToken.delete(param.token);
const res = await ApiToken.delete(param.tokenId);
this.appHooksService.emit(AppEvents.ORG_API_TOKEN_DELETE, {
token: param.token,
tokenId: param.token,
userId: param.user?.id,
req: param['req'],
});

Write Preview
Loading…
Cancel
Save