unleash.unleash/src/lib/routes/admin-api/api-token-controller.ts

import { Response } from 'express';

import Controller from '../controller';
import {
    ADMIN,
    CREATE_API_TOKEN,
    DELETE_API_TOKEN,
    READ_API_TOKEN,
    UPDATE_API_TOKEN,
} from '../../types/permissions';
import { ApiTokenService } from '../../services/api-token-service';
import { Logger } from '../../logger';
import { AccessService } from '../../services/access-service';
import { IAuthRequest } from '../unleash-types';
import User from '../../types/user';
import { IUnleashConfig } from '../../types/option';
import { ApiTokenType, IApiToken } from '../../types/models/api-token';
import { createApiToken } from '../../schema/api-token-schema';

interface IServices {
    apiTokenService: ApiTokenService;
    accessService: AccessService;
}

class ApiTokenController extends Controller {
    private apiTokenService: ApiTokenService;

    private accessService: AccessService;

    private logger: Logger;

    constructor(config: IUnleashConfig, services: IServices) {
        super(config);
        this.apiTokenService = services.apiTokenService;
        this.accessService = services.accessService;
        this.logger = config.getLogger('api-token-controller.js');

        this.get('/', this.getAllApiTokens, READ_API_TOKEN);
        this.post('/', this.createApiToken, CREATE_API_TOKEN);
        this.put('/:token', this.updateApiToken, UPDATE_API_TOKEN);
        this.delete('/:token', this.deleteApiToken, DELETE_API_TOKEN);
    }

    async getAllApiTokens(req: IAuthRequest, res: Response): Promise<void> {
        const { user } = req;
        const tokens = await this.accessibleTokens(user);
        res.json({ tokens });
    }

    async createApiToken(req: IAuthRequest, res: Response): Promise<any> {
        const createToken = await createApiToken.validateAsync(req.body);
        const token = await this.apiTokenService.createApiToken(createToken);
        return res.status(201).json(token);
    }

    async deleteApiToken(req: IAuthRequest, res: Response): Promise<void> {
        const { token } = req.params;

        await this.apiTokenService.delete(token);
        res.status(200).end();
    }

    async updateApiToken(req: IAuthRequest, res: Response): Promise<any> {
        const { token } = req.params;
        const { expiresAt } = req.body;

        if (!expiresAt) {
            this.logger.error(req.body);
            return res.status(400).send();
        }

        await this.apiTokenService.updateExpiry(token, expiresAt);
        return res.status(200).end();
    }

    private async accessibleTokens(user: User): Promise<IApiToken[]> {
        const allTokens = await this.apiTokenService.getAllTokens();

        if (user.isAPI && user.permissions.includes(ADMIN)) {
            return allTokens;
        }

        if (await this.accessService.hasPermission(user, UPDATE_API_TOKEN)) {
            return allTokens;
        }

        return allTokens.filter((t) => t.type !== ApiTokenType.ADMIN);
    }
}

module.exports = ApiTokenController;
export default ApiTokenController;
Feat: Api-Tokens (#774) fixes: #774 2021-03-29 19:58:11 +02:00			`import { Response } from 'express';`

			`import Controller from '../controller';`
			`import {`
			`ADMIN,`
			`CREATE_API_TOKEN,`
			`DELETE_API_TOKEN,`
feat: add READ_API_TOKEN permission (#1528) * refactor: extract accessibleTokens fn * feat: add READ_API_TOKEN permission 2022-04-26 10:24:34 +02:00			`READ_API_TOKEN,`
Feat: Api-Tokens (#774) fixes: #774 2021-03-29 19:58:11 +02:00			`UPDATE_API_TOKEN,`
fix: move permission to types 2021-05-02 20:58:02 +02:00			`} from '../../types/permissions';`
Feat: Api-Tokens (#774) fixes: #774 2021-03-29 19:58:11 +02:00			`import { ApiTokenService } from '../../services/api-token-service';`
fix: migrate all permissions to rbac (#782) * fix: migrate all permissions to rbac * fix: update migration guide fixes #782 2021-04-12 20:25:03 +02:00			`import { Logger } from '../../logger';`
Feat: Api-Tokens (#774) fixes: #774 2021-03-29 19:58:11 +02:00			`import { AccessService } from '../../services/access-service';`
			`import { IAuthRequest } from '../unleash-types';`
fix: User should require a ID field set (#799) 2021-04-22 23:40:52 +02:00			`import User from '../../types/user';`
Feat/options need types (#794) feat: options are now typed - This makes it easier to know what to send to unleash.start / unleash.create - Using a Partial to instantiate the config, then melding it with defaults to get a config object with all fields set either to their defaults or to whatever is passed in. Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com> Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com> 2021-04-22 10:07:10 +02:00			`import { IUnleashConfig } from '../../types/option';`
feat: add READ_API_TOKEN permission (#1528) * refactor: extract accessibleTokens fn * feat: add READ_API_TOKEN permission 2022-04-26 10:24:34 +02:00			`import { ApiTokenType, IApiToken } from '../../types/models/api-token';`
Feat/api key scoping (#941) Co-authored-by: Christopher Kolstad <chriswk@getunleash.ai> 2021-09-15 20:28:10 +02:00			`import { createApiToken } from '../../schema/api-token-schema';`
Feat: Api-Tokens (#774) fixes: #774 2021-03-29 19:58:11 +02:00
			`interface IServices {`
			`apiTokenService: ApiTokenService;`
			`accessService: AccessService;`
			`}`

			`class ApiTokenController extends Controller {`
			`private apiTokenService: ApiTokenService;`

			`private accessService: AccessService;`

			`private logger: Logger;`

feat: Add username/password authentication (#777) 2021-04-09 13:46:53 +02:00			`constructor(config: IUnleashConfig, services: IServices) {`
Feat: Api-Tokens (#774) fixes: #774 2021-03-29 19:58:11 +02:00			`super(config);`
			`this.apiTokenService = services.apiTokenService;`
			`this.accessService = services.accessService;`
			`this.logger = config.getLogger('api-token-controller.js');`

feat: add READ_API_TOKEN permission (#1528) * refactor: extract accessibleTokens fn * feat: add READ_API_TOKEN permission 2022-04-26 10:24:34 +02:00			`this.get('/', this.getAllApiTokens, READ_API_TOKEN);`
Feat: Api-Tokens (#774) fixes: #774 2021-03-29 19:58:11 +02:00			`this.post('/', this.createApiToken, CREATE_API_TOKEN);`
			`this.put('/:token', this.updateApiToken, UPDATE_API_TOKEN);`
			`this.delete('/:token', this.deleteApiToken, DELETE_API_TOKEN);`
			`}`

			`async getAllApiTokens(req: IAuthRequest, res: Response): Promise<void> {`
			`const { user } = req;`
feat: add READ_API_TOKEN permission (#1528) * refactor: extract accessibleTokens fn * feat: add READ_API_TOKEN permission 2022-04-26 10:24:34 +02:00			`const tokens = await this.accessibleTokens(user);`
			`res.json({ tokens });`
Feat: Api-Tokens (#774) fixes: #774 2021-03-29 19:58:11 +02:00			`}`

			`async createApiToken(req: IAuthRequest, res: Response): Promise<any> {`
Feat/api key scoping (#941) Co-authored-by: Christopher Kolstad <chriswk@getunleash.ai> 2021-09-15 20:28:10 +02:00			`const createToken = await createApiToken.validateAsync(req.body);`
			`const token = await this.apiTokenService.createApiToken(createToken);`
			`return res.status(201).json(token);`
Feat: Api-Tokens (#774) fixes: #774 2021-03-29 19:58:11 +02:00			`}`

			`async deleteApiToken(req: IAuthRequest, res: Response): Promise<void> {`
			`const { token } = req.params;`

Feat/api key scoping (#941) Co-authored-by: Christopher Kolstad <chriswk@getunleash.ai> 2021-09-15 20:28:10 +02:00			`await this.apiTokenService.delete(token);`
			`res.status(200).end();`
Feat: Api-Tokens (#774) fixes: #774 2021-03-29 19:58:11 +02:00			`}`

			`async updateApiToken(req: IAuthRequest, res: Response): Promise<any> {`
			`const { token } = req.params;`
			`const { expiresAt } = req.body;`

			`if (!expiresAt) {`
			`this.logger.error(req.body);`
			`return res.status(400).send();`
			`}`

Feat/api key scoping (#941) Co-authored-by: Christopher Kolstad <chriswk@getunleash.ai> 2021-09-15 20:28:10 +02:00			`await this.apiTokenService.updateExpiry(token, expiresAt);`
			`return res.status(200).end();`
Feat: Api-Tokens (#774) fixes: #774 2021-03-29 19:58:11 +02:00			`}`
feat: add READ_API_TOKEN permission (#1528) * refactor: extract accessibleTokens fn * feat: add READ_API_TOKEN permission 2022-04-26 10:24:34 +02:00
			`private async accessibleTokens(user: User): Promise<IApiToken[]> {`
			`const allTokens = await this.apiTokenService.getAllTokens();`

			`if (user.isAPI && user.permissions.includes(ADMIN)) {`
			`return allTokens;`
			`}`

			`if (await this.accessService.hasPermission(user, UPDATE_API_TOKEN)) {`
			`return allTokens;`
			`}`

			`return allTokens.filter((t) => t.type !== ApiTokenType.ADMIN);`
			`}`
Feat: Api-Tokens (#774) fixes: #774 2021-03-29 19:58:11 +02:00			`}`

			`module.exports = ApiTokenController;`
			`export default ApiTokenController;`