Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2025-01-06 00:07:44 +01:00
Code Issues Projects Releases Wiki Activity
4a4196c66a
unleash.unleash/src/lib/db/api-token-store.ts

234 lines
7.0 KiB
TypeScript
Raw Normal View History

Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
import { EventEmitter } from 'events';
fix: more types
2021-05-02 21:11:17 +02:00
import metricsHelper from '../util/metrics-helper';
fix: refactor event types
2021-04-29 10:21:29 +02:00
import { DB_TIME } from '../metric-events';
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
import { Logger, LogProvider } from '../logger';
import NotFoundError from '../error/notfound-error';
Feat/api key scoping (#941) Co-authored-by: Christopher Kolstad <chriswk@getunleash.ai>
2021-09-15 20:28:10 +02:00
import { IApiTokenStore } from '../types/stores/api-token-store';
fix: Stores as typescript and with interfaces. (#902) Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2021-08-12 15:04:37 +02:00
import {
ApiTokenType,
IApiToken,
IApiTokenCreate,
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
isAllProjects,
Feat/api key scoping (#941) Co-authored-by: Christopher Kolstad <chriswk@getunleash.ai>
2021-09-15 20:28:10 +02:00
} from '../types/models/api-token';
fix: Issue #1444 - API import with drop=true deletes existing client keys (#1668) * fix: Does not delete api_tokens on drop-Import * feat: Cleans unused apiTokens on environment import * refactor: Moves ALL_PROJECTS and ALL_ENVIRONMENTS to constants * refactor: Renames migration 20220528143630 for a more precise name * refactor: Removes unecessary console.log * fix: Adds correct down-script for migration 20220528143630
2022-06-09 16:56:13 +02:00
import { ALL_PROJECTS } from '../util/constants';
feat: allow every store to participate in transaction (#3016)
2023-01-30 09:02:44 +01:00
import { Db } from './db';
chore: handle transactions already started at the controller layer (#4953) ## About the changes This PR adds a method to safeguard us from opening a new transaction while inside another transaction, resulting in two isolated transactions that will not be atomic (if one fails, the other might still complete successfully). https://github.com/knex/knex/blob/bbbe4d4637b3838e4a297a457460cd2c76a700d5/lib/knex-builder/make-knex.js#L143C5-L144C88 We're currently opening transactions at the controller layer https://github.com/Unleash/unleash/blob/2746bd151766f8afbbaa2f640e8ebee6f4f98086/src/lib/features/export-import-toggles/export-import-controller.ts#L206-L208 but in some other places, we do it at the store level: https://github.com/Unleash/unleash/blob/2746bd151766f8afbbaa2f640e8ebee6f4f98086/src/lib/db/access-store.ts#L577 ## Alternative We can remove store-level transactions and move them to the controller following this approach: https://github.com/Unleash/unleash/blob/cb034976b93abc799df774858d716a49f645d669/src/lib/services/index.ts#L282-L284 https://github.com/Unleash/unleash/blob/cb034976b93abc799df774858d716a49f645d669/src/lib/features/export-import-toggles/export-import-controller.ts#L206-L208 This option is more expensive because we have to: 1. Write the factory methods that propagate the transaction to the stores (therefore creating the store factory methods as well) 2. Identify the methods for creating the transactions at the store level and backtrack the calls until the controller layer
2023-10-06 13:38:32 +02:00
import { inTransaction } from './transaction';
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
const TABLE = 'api_tokens';
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
const API_LINK_TABLE = 'api_token_project';
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
Feat/api key scoping (#941) Co-authored-by: Christopher Kolstad <chriswk@getunleash.ai>
2021-09-15 20:28:10 +02:00
const ALL = '*';
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
interface ITokenInsert {
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
id: number;
secret: string;
username: string;
type: ApiTokenType;
expires_at?: Date;
created_at: Date;
seen_at?: Date;
Feat/api key scoping (#941) Co-authored-by: Christopher Kolstad <chriswk@getunleash.ai>
2021-09-15 20:28:10 +02:00
environment: string;
chore: deprecate username on api-tokens (#3616) <!-- Thanks for creating a PR! To make it easier for reviewers and everyone else to understand what your changes relate to, please add some relevant content to the headings below. Feel free to ignore or delete sections that you don't think are relevant. Thank you! ❤️ --> ## About the changes <!-- Describe the changes introduced. What are they and why are they being introduced? Feel free to also add screenshots or steps to view the changes if they're visual. --> This deprecates the `username` properties on api-token schemas, and adds a `tokenName` property. DB field `username` has been renamed to `token_name`, migration added for the rename. Both `username` and `tokenName` can be used when consuming the service, but only one of them. ## Discussion points <!-- Anything about the PR you'd like to discuss before it gets merged? Got any questions or doubts? --> There's a couple of things I'd like to get opinions on and discuss: - Frontend still uses the deprecated `username` property - ApiTokenSchema is used both for input and output of `Create` controller endpoints and should be split out into separate schemas. I'll set up a task for this --------- Co-authored-by: Thomas Heartman <thomas@getunleash.ai> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2023-05-04 09:56:00 +02:00
tokenName?: string;
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
}
interface ITokenRow extends ITokenInsert {
Feat/api key scoping (#941) Co-authored-by: Christopher Kolstad <chriswk@getunleash.ai>
2021-09-15 20:28:10 +02:00
project: string;
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
}
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
const tokenRowReducer = (acc, tokenRow) => {
const { project, ...token } = tokenRow;
if (!acc[tokenRow.secret]) {
acc[tokenRow.secret] = {
secret: token.secret,
chore: add another migration that remigrates the proper way (#3719) ## About the changes <!-- Describe the changes introduced. What are they and why are they being introduced? Feel free to also add screenshots or steps to view the changes if they're visual. --> Adds a migration that renames `token_name` back to `username`, then adds a new optional column named `token_name` ## Discussion points <!-- Anything about the PR you'd like to discuss before it gets merged? Got any questions or doubts? --> I've added fallbacks for resolving username/tokenname on insert and on making rows from results. But this adds another column renaming, which is worth discussing properly
2023-05-11 15:33:04 +02:00
tokenName: token.token_name ? token.token_name : token.username,
fix: project api token type to lowercase (#3717) <!-- Thanks for creating a PR! To make it easier for reviewers and everyone else to understand what your changes relate to, please add some relevant content to the headings below. Feel free to ignore or delete sections that you don't think are relevant. Thank you! ❤️ --> ## About the changes <!-- Describe the changes introduced. What are they and why are they being introduced? Feel free to also add screenshots or steps to view the changes if they're visual. --> <!-- Does it close an issue? Multiple? --> Closes # <!-- (For internal contributors): Does it relate to an issue on public roadmap? --> <!-- Relates to [roadmap](https://github.com/orgs/Unleash/projects/10) item: # --> ### Important files <!-- PRs can contain a lot of changes, but not all changes are equally important. Where should a reviewer start looking to get an overview of the changes? Are any files particularly important? --> ## Discussion points <!-- Anything about the PR you'd like to discuss before it gets merged? Got any questions or doubts? --> --------- Signed-off-by: andreas-unleash <andreas@getunleash.ai>
2023-05-09 11:22:21 +02:00
type: token.type.toLowerCase(),
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
project: ALL,
projects: [ALL],
environment: token.environment ? token.environment : ALL,
expiresAt: token.expires_at,
createdAt: token.created_at,
Feat/add alias to api tokens (#1931) * refactor: remove unused API definition routes * feat: embed proxy endpoints * feat: check token metadata for alias if none is found * fix: rename param * feat: add test for retrieving token by alias * fix: update schema * fix: refactor to alias * fix: refactor to null * fix: update snapshot * fix: update openapi snapshot * fix: add check to getUserForToken * refactor: add more token alias tests * refactor: use timingSafeEqual for token comparisons Co-authored-by: olav <mail@olav.io>
2022-08-19 10:48:33 +02:00
alias: token.alias,
feat: add last seen column to token table (#2520) https://linear.app/unleash/issue/2-449/add-table-column-to-api-tokens-table-ui
2022-11-30 07:07:13 +01:00
seenAt: token.seen_at,
chore: add another migration that remigrates the proper way (#3719) ## About the changes <!-- Describe the changes introduced. What are they and why are they being introduced? Feel free to also add screenshots or steps to view the changes if they're visual. --> Adds a migration that renames `token_name` back to `username`, then adds a new optional column named `token_name` ## Discussion points <!-- Anything about the PR you'd like to discuss before it gets merged? Got any questions or doubts? --> I've added fallbacks for resolving username/tokenname on insert and on making rows from results. But this adds another column renaming, which is worth discussing properly
2023-05-11 15:33:04 +02:00
username: token.token_name ? token.token_name : token.username,
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
};
}
const currentToken = acc[tokenRow.secret];
if (tokenRow.project) {
if (isAllProjects(currentToken.projects)) {
currentToken.projects = [];
}
currentToken.projects.push(tokenRow.project);
currentToken.project = currentToken.projects.join(',');
}
return acc;
};
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
const toRow = (newToken: IApiTokenCreate) => ({
chore: add another migration that remigrates the proper way (#3719) ## About the changes <!-- Describe the changes introduced. What are they and why are they being introduced? Feel free to also add screenshots or steps to view the changes if they're visual. --> Adds a migration that renames `token_name` back to `username`, then adds a new optional column named `token_name` ## Discussion points <!-- Anything about the PR you'd like to discuss before it gets merged? Got any questions or doubts? --> I've added fallbacks for resolving username/tokenname on insert and on making rows from results. But this adds another column renaming, which is worth discussing properly
2023-05-11 15:33:04 +02:00
username: newToken.tokenName ?? newToken.username,
chore: deprecate username on api-tokens (#3616) <!-- Thanks for creating a PR! To make it easier for reviewers and everyone else to understand what your changes relate to, please add some relevant content to the headings below. Feel free to ignore or delete sections that you don't think are relevant. Thank you! ❤️ --> ## About the changes <!-- Describe the changes introduced. What are they and why are they being introduced? Feel free to also add screenshots or steps to view the changes if they're visual. --> This deprecates the `username` properties on api-token schemas, and adds a `tokenName` property. DB field `username` has been renamed to `token_name`, migration added for the rename. Both `username` and `tokenName` can be used when consuming the service, but only one of them. ## Discussion points <!-- Anything about the PR you'd like to discuss before it gets merged? Got any questions or doubts? --> There's a couple of things I'd like to get opinions on and discuss: - Frontend still uses the deprecated `username` property - ApiTokenSchema is used both for input and output of `Create` controller endpoints and should be split out into separate schemas. I'll set up a task for this --------- Co-authored-by: Thomas Heartman <thomas@getunleash.ai> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2023-05-04 09:56:00 +02:00
token_name: newToken.tokenName ?? newToken.username,
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
secret: newToken.secret,
type: newToken.type,
Feat/api key scoping (#941) Co-authored-by: Christopher Kolstad <chriswk@getunleash.ai>
2021-09-15 20:28:10 +02:00
environment:
newToken.environment === ALL ? undefined : newToken.environment,
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
expires_at: newToken.expiresAt,
Feat/add alias to api tokens (#1931) * refactor: remove unused API definition routes * feat: embed proxy endpoints * feat: check token metadata for alias if none is found * fix: rename param * feat: add test for retrieving token by alias * fix: update schema * fix: refactor to alias * fix: refactor to null * fix: update snapshot * fix: update openapi snapshot * fix: add check to getUserForToken * refactor: add more token alias tests * refactor: use timingSafeEqual for token comparisons Co-authored-by: olav <mail@olav.io>
2022-08-19 10:48:33 +02:00
alias: newToken.alias || null,
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
});
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
const toTokens = (rows: any[]): IApiToken[] => {
const tokens = rows.reduce(tokenRowReducer, {});
return Object.values(tokens);
};
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
fix: Stores as typescript and with interfaces. (#902) Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2021-08-12 15:04:37 +02:00
export class ApiTokenStore implements IApiTokenStore {
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
private logger: Logger;
private timer: Function;
feat: allow every store to participate in transaction (#3016)
2023-01-30 09:02:44 +01:00
private db: Db;
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
feat: allow every store to participate in transaction (#3016)
2023-01-30 09:02:44 +01:00
constructor(db: Db, eventBus: EventEmitter, getLogger: LogProvider) {
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
this.db = db;
this.logger = getLogger('api-tokens.js');
this.timer = (action: string) =>
metricsHelper.wrapTimer(eventBus, DB_TIME, {
store: 'api-tokens',
action,
});
}
fix: add metrics for service account and api tokens (#5478)
2023-11-29 13:09:30 +01:00
async count(): Promise<number> {
feat: Add init api tokens option (#1181) Adds support for initializing a fresh Unleash instance with predefined API tokens. Co-authored-by: sighphyre <liquidwicked64@gmail.com> Co-authored-by: Juraj Malenica <juraj.malenica@mindsmiths.com> Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2022-01-05 10:00:59 +01:00
return this.db(TABLE)
.count('*')
.then((res) => Number(res[0].count));
}
fix: add metrics for service account and api tokens (#5478)
2023-11-29 13:09:30 +01:00
async countByType(): Promise<Map<string, number>> {
return this.db(TABLE)
.select('type')
.count('*')
.groupBy('type')
.then((res) => {
const map = new Map<string, number>();
res.forEach((row) => {
map.set(row.type.toString(), Number(row.count));
});
return map;
});
}
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
async getAll(): Promise<IApiToken[]> {
const stopTimer = this.timer('getAll');
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
const rows = await this.makeTokenProjectQuery();
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
stopTimer();
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
return toTokens(rows);
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
}
async getAllActive(): Promise<IApiToken[]> {
const stopTimer = this.timer('getAllActive');
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
const rows = await this.makeTokenProjectQuery()
fix: improve performance for fetching active api tokens
2021-09-02 10:05:31 +02:00
.where('expires_at', 'IS', null)
.orWhere('expires_at', '>', 'now()');
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
stopTimer();
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
return toTokens(rows);
}
private makeTokenProjectQuery() {
return this.db<ITokenRow>(`${TABLE} as tokens`)
.leftJoin(
`${API_LINK_TABLE} as token_project_link`,
'tokens.secret',
'token_project_link.secret',
)
.select(
'tokens.secret',
chore: add another migration that remigrates the proper way (#3719) ## About the changes <!-- Describe the changes introduced. What are they and why are they being introduced? Feel free to also add screenshots or steps to view the changes if they're visual. --> Adds a migration that renames `token_name` back to `username`, then adds a new optional column named `token_name` ## Discussion points <!-- Anything about the PR you'd like to discuss before it gets merged? Got any questions or doubts? --> I've added fallbacks for resolving username/tokenname on insert and on making rows from results. But this adds another column renaming, which is worth discussing properly
2023-05-11 15:33:04 +02:00
'username',
chore: deprecate username on api-tokens (#3616) <!-- Thanks for creating a PR! To make it easier for reviewers and everyone else to understand what your changes relate to, please add some relevant content to the headings below. Feel free to ignore or delete sections that you don't think are relevant. Thank you! ❤️ --> ## About the changes <!-- Describe the changes introduced. What are they and why are they being introduced? Feel free to also add screenshots or steps to view the changes if they're visual. --> This deprecates the `username` properties on api-token schemas, and adds a `tokenName` property. DB field `username` has been renamed to `token_name`, migration added for the rename. Both `username` and `tokenName` can be used when consuming the service, but only one of them. ## Discussion points <!-- Anything about the PR you'd like to discuss before it gets merged? Got any questions or doubts? --> There's a couple of things I'd like to get opinions on and discuss: - Frontend still uses the deprecated `username` property - ApiTokenSchema is used both for input and output of `Create` controller endpoints and should be split out into separate schemas. I'll set up a task for this --------- Co-authored-by: Thomas Heartman <thomas@getunleash.ai> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2023-05-04 09:56:00 +02:00
'token_name',
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
'type',
'expires_at',
'created_at',
Feat/add alias to api tokens (#1931) * refactor: remove unused API definition routes * feat: embed proxy endpoints * feat: check token metadata for alias if none is found * fix: rename param * feat: add test for retrieving token by alias * fix: update schema * fix: refactor to alias * fix: refactor to null * fix: update snapshot * fix: update openapi snapshot * fix: add check to getUserForToken * refactor: add more token alias tests * refactor: use timingSafeEqual for token comparisons Co-authored-by: olav <mail@olav.io>
2022-08-19 10:48:33 +02:00
'alias',
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
'seen_at',
'environment',
'token_project_link.project',
);
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
}
async insert(newToken: IApiTokenCreate): Promise<IApiToken> {
chore: handle transactions already started at the controller layer (#4953) ## About the changes This PR adds a method to safeguard us from opening a new transaction while inside another transaction, resulting in two isolated transactions that will not be atomic (if one fails, the other might still complete successfully). https://github.com/knex/knex/blob/bbbe4d4637b3838e4a297a457460cd2c76a700d5/lib/knex-builder/make-knex.js#L143C5-L144C88 We're currently opening transactions at the controller layer https://github.com/Unleash/unleash/blob/2746bd151766f8afbbaa2f640e8ebee6f4f98086/src/lib/features/export-import-toggles/export-import-controller.ts#L206-L208 but in some other places, we do it at the store level: https://github.com/Unleash/unleash/blob/2746bd151766f8afbbaa2f640e8ebee6f4f98086/src/lib/db/access-store.ts#L577 ## Alternative We can remove store-level transactions and move them to the controller following this approach: https://github.com/Unleash/unleash/blob/cb034976b93abc799df774858d716a49f645d669/src/lib/services/index.ts#L282-L284 https://github.com/Unleash/unleash/blob/cb034976b93abc799df774858d716a49f645d669/src/lib/features/export-import-toggles/export-import-controller.ts#L206-L208 This option is more expensive because we have to: 1. Write the factory methods that propagate the transaction to the stores (therefore creating the store factory methods as well) 2. Identify the methods for creating the transactions at the store level and backtrack the calls until the controller layer
2023-10-06 13:38:32 +02:00
const response = await inTransaction(this.db, async (tx) => {
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
const [row] = await tx<ITokenInsert>(TABLE).insert(
toRow(newToken),
['created_at'],
);
const updateProjectTasks = (newToken.projects || [])
.filter((project) => {
return project !== ALL_PROJECTS;
})
.map((project) => {
return tx.raw(
`INSERT INTO ${API_LINK_TABLE} VALUES (?, ?)`,
[newToken.secret, project],
);
});
await Promise.all(updateProjectTasks);
return {
...newToken,
chore: deprecate username on api-tokens (#3616) <!-- Thanks for creating a PR! To make it easier for reviewers and everyone else to understand what your changes relate to, please add some relevant content to the headings below. Feel free to ignore or delete sections that you don't think are relevant. Thank you! ❤️ --> ## About the changes <!-- Describe the changes introduced. What are they and why are they being introduced? Feel free to also add screenshots or steps to view the changes if they're visual. --> This deprecates the `username` properties on api-token schemas, and adds a `tokenName` property. DB field `username` has been renamed to `token_name`, migration added for the rename. Both `username` and `tokenName` can be used when consuming the service, but only one of them. ## Discussion points <!-- Anything about the PR you'd like to discuss before it gets merged? Got any questions or doubts? --> There's a couple of things I'd like to get opinions on and discuss: - Frontend still uses the deprecated `username` property - ApiTokenSchema is used both for input and output of `Create` controller endpoints and should be split out into separate schemas. I'll set up a task for this --------- Co-authored-by: Thomas Heartman <thomas@getunleash.ai> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2023-05-04 09:56:00 +02:00
username: newToken.tokenName,
Feat/add alias to api tokens (#1931) * refactor: remove unused API definition routes * feat: embed proxy endpoints * feat: check token metadata for alias if none is found * fix: rename param * feat: add test for retrieving token by alias * fix: update schema * fix: refactor to alias * fix: refactor to null * fix: update snapshot * fix: update openapi snapshot * fix: add check to getUserForToken * refactor: add more token alias tests * refactor: use timingSafeEqual for token comparisons Co-authored-by: olav <mail@olav.io>
2022-08-19 10:48:33 +02:00
alias: newToken.alias || null,
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
project: newToken.projects?.join(',') || '*',
createdAt: row.created_at,
};
});
return response;
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
}
fix: Stores as typescript and with interfaces. (#902) Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2021-08-12 15:04:37 +02:00
destroy(): void {}
async exists(secret: string): Promise<boolean> {
const result = await this.db.raw(
`SELECT EXISTS (SELECT 1 FROM ${TABLE} WHERE secret = ?) AS present`,
[secret],
);
const { present } = result.rows[0];
return present;
}
async get(key: string): Promise<IApiToken> {
task: Make operations on the API Token store auditable. (#2531) ## About the changes We need a way to have an audit log for operations made on Api Tokens. These changes adds three new event types, API_TOKEN_CREATED, API_TOKEN_UPDATED, API_TOKEN_DELETED and extends api-token-service to store these to our event store to reflect the action being taken.
2022-11-28 10:56:34 +01:00
const row = await this.makeTokenProjectQuery().where(
'tokens.secret',
key,
);
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
return toTokens(row)[0];
fix: Stores as typescript and with interfaces. (#902) Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2021-08-12 15:04:37 +02:00
}
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
async delete(secret: string): Promise<void> {
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
return this.db<ITokenRow>(TABLE).where({ secret }).del();
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
}
Migrate to jest (#854) * Migrate to jest * Use --force-exit until dns close handle issue https://github.com/facebook/jest/issues/9982 Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2021-05-28 11:10:24 +02:00
async deleteAll(): Promise<void> {
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
return this.db<ITokenRow>(TABLE).del();
Migrate to jest (#854) * Migrate to jest * Use --force-exit until dns close handle issue https://github.com/facebook/jest/issues/9982 Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2021-05-28 11:10:24 +02:00
}
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
async setExpiry(secret: string, expiresAt: Date): Promise<IApiToken> {
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
const rows = await this.makeTokenProjectQuery()
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
.update({ expires_at: expiresAt })
.where({ secret })
.returning('*');
if (rows.length > 0) {
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
return toTokens(rows)[0];
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
}
throw new NotFoundError('Could not find api-token.');
}
async markSeenAt(secrets: string[]): Promise<void> {
const now = new Date();
try {
await this.db(TABLE)
Feat update token seen at (#2514) https://linear.app/unleash/issue/2-448/update-last-seen-column-for-api-tokens Co-authored-by: Ivar Conradi Østhus <ivar@getunleash.ai>
2022-11-29 20:46:40 +01:00
.whereIn('secret', secrets)
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
.update({ seen_at: now });
} catch (err) {
this.logger.error('Could not update lastSeen, error: ', err);
}
}
}
Reference in New Issue Copy Permalink