2021-03-29 19:58:11 +02:00
|
|
|
import crypto from 'crypto';
|
2021-04-22 23:40:52 +02:00
|
|
|
import { Logger } from '../logger';
|
2022-08-18 10:20:51 +02:00
|
|
|
import { ADMIN, CLIENT, FRONTEND } from '../types/permissions';
|
2021-04-22 10:07:10 +02:00
|
|
|
import { IUnleashStores } from '../types/stores';
|
|
|
|
import { IUnleashConfig } from '../types/option';
|
2021-04-22 23:40:52 +02:00
|
|
|
import ApiUser from '../types/api-user';
|
2021-08-12 15:04:37 +02:00
|
|
|
import {
|
|
|
|
ApiTokenType,
|
|
|
|
IApiToken,
|
2022-04-06 08:11:41 +02:00
|
|
|
ILegacyApiTokenCreate,
|
2021-09-15 20:28:10 +02:00
|
|
|
IApiTokenCreate,
|
2022-01-05 10:00:59 +01:00
|
|
|
validateApiToken,
|
2022-03-24 11:26:00 +01:00
|
|
|
validateApiTokenEnvironment,
|
2022-04-06 08:11:41 +02:00
|
|
|
mapLegacyToken,
|
|
|
|
mapLegacyTokenWithSecret,
|
2021-09-15 20:28:10 +02:00
|
|
|
} from '../types/models/api-token';
|
|
|
|
import { IApiTokenStore } from '../types/stores/api-token-store';
|
|
|
|
import { FOREIGN_KEY_VIOLATION } from '../error/db-error';
|
|
|
|
import BadDataError from '../error/bad-data-error';
|
2021-11-02 15:13:46 +01:00
|
|
|
import { minutesToMilliseconds } from 'date-fns';
|
2022-03-24 11:26:00 +01:00
|
|
|
import { IEnvironmentStore } from 'lib/types/stores/environment-store';
|
2021-03-29 19:58:11 +02:00
|
|
|
|
2022-08-16 15:33:33 +02:00
|
|
|
const resolveTokenPermissions = (tokenType: string) => {
|
|
|
|
if (tokenType === ApiTokenType.ADMIN) {
|
|
|
|
return [ADMIN];
|
|
|
|
}
|
|
|
|
|
|
|
|
if (tokenType === ApiTokenType.CLIENT) {
|
|
|
|
return [CLIENT];
|
|
|
|
}
|
|
|
|
|
2022-08-18 10:20:51 +02:00
|
|
|
if (tokenType === ApiTokenType.FRONTEND) {
|
|
|
|
return [FRONTEND];
|
2022-08-16 15:33:33 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return [];
|
|
|
|
};
|
|
|
|
|
2021-03-29 19:58:11 +02:00
|
|
|
export class ApiTokenService {
|
2021-08-12 15:04:37 +02:00
|
|
|
private store: IApiTokenStore;
|
2021-03-29 19:58:11 +02:00
|
|
|
|
2022-03-24 11:26:00 +01:00
|
|
|
private environmentStore: IEnvironmentStore;
|
|
|
|
|
2021-03-29 19:58:11 +02:00
|
|
|
private logger: Logger;
|
|
|
|
|
|
|
|
private timer: NodeJS.Timeout;
|
|
|
|
|
|
|
|
private activeTokens: IApiToken[] = [];
|
|
|
|
|
2021-04-22 10:07:10 +02:00
|
|
|
constructor(
|
2022-03-24 11:26:00 +01:00
|
|
|
{
|
|
|
|
apiTokenStore,
|
|
|
|
environmentStore,
|
|
|
|
}: Pick<IUnleashStores, 'apiTokenStore' | 'environmentStore'>,
|
2022-01-05 10:00:59 +01:00
|
|
|
config: Pick<IUnleashConfig, 'getLogger' | 'authentication'>,
|
2021-04-22 10:07:10 +02:00
|
|
|
) {
|
2021-08-12 15:04:37 +02:00
|
|
|
this.store = apiTokenStore;
|
2022-03-24 11:26:00 +01:00
|
|
|
this.environmentStore = environmentStore;
|
2021-03-29 19:58:11 +02:00
|
|
|
this.logger = config.getLogger('/services/api-token-service.ts');
|
|
|
|
this.fetchActiveTokens();
|
|
|
|
this.timer = setInterval(
|
|
|
|
() => this.fetchActiveTokens(),
|
2021-11-02 15:13:46 +01:00
|
|
|
minutesToMilliseconds(1),
|
2021-03-29 19:58:11 +02:00
|
|
|
).unref();
|
2022-01-05 10:00:59 +01:00
|
|
|
if (config.authentication.initApiTokens.length > 0) {
|
|
|
|
process.nextTick(async () =>
|
|
|
|
this.initApiTokens(config.authentication.initApiTokens),
|
|
|
|
);
|
|
|
|
}
|
2021-03-29 19:58:11 +02:00
|
|
|
}
|
|
|
|
|
2022-08-18 10:20:51 +02:00
|
|
|
async fetchActiveTokens(): Promise<void> {
|
2021-03-29 19:58:11 +02:00
|
|
|
try {
|
|
|
|
this.activeTokens = await this.getAllActiveTokens();
|
|
|
|
} finally {
|
|
|
|
// eslint-disable-next-line no-unsafe-finally
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
public async getAllTokens(): Promise<IApiToken[]> {
|
|
|
|
return this.store.getAll();
|
|
|
|
}
|
|
|
|
|
|
|
|
public async getAllActiveTokens(): Promise<IApiToken[]> {
|
|
|
|
return this.store.getAllActive();
|
|
|
|
}
|
|
|
|
|
2022-04-06 08:11:41 +02:00
|
|
|
private async initApiTokens(tokens: ILegacyApiTokenCreate[]) {
|
2022-01-05 10:00:59 +01:00
|
|
|
const tokenCount = await this.store.count();
|
|
|
|
if (tokenCount > 0) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
try {
|
2022-04-06 08:11:41 +02:00
|
|
|
const createAll = tokens
|
|
|
|
.map(mapLegacyTokenWithSecret)
|
|
|
|
.map((t) => this.insertNewApiToken(t));
|
2022-01-05 10:00:59 +01:00
|
|
|
await Promise.all(createAll);
|
|
|
|
} catch (e) {
|
|
|
|
this.logger.error('Unable to create initial Admin API tokens');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-04-22 23:40:52 +02:00
|
|
|
public getUserForToken(secret: string): ApiUser | undefined {
|
2022-08-18 10:20:51 +02:00
|
|
|
if (!secret) {
|
|
|
|
return undefined;
|
|
|
|
}
|
|
|
|
|
2022-08-17 10:55:52 +02:00
|
|
|
let token = this.activeTokens.find((t) => t.secret === secret);
|
|
|
|
|
|
|
|
// If the token is not found, try to find it in the legacy format with the metadata alias
|
|
|
|
// This is to ensure that previous proxies we set up for our customers continue working
|
2022-08-18 10:20:51 +02:00
|
|
|
if (!token && secret) {
|
|
|
|
token = this.activeTokens.find(
|
|
|
|
(t) => t.metadata.alias && t.metadata.alias === secret,
|
|
|
|
);
|
2022-08-17 10:55:52 +02:00
|
|
|
}
|
|
|
|
|
2021-03-29 19:58:11 +02:00
|
|
|
if (token) {
|
2021-04-22 23:40:52 +02:00
|
|
|
return new ApiUser({
|
2021-03-29 19:58:11 +02:00
|
|
|
username: token.username,
|
2022-08-16 15:33:33 +02:00
|
|
|
permissions: resolveTokenPermissions(token.type),
|
2022-04-06 08:11:41 +02:00
|
|
|
projects: token.projects,
|
2021-09-15 20:28:10 +02:00
|
|
|
environment: token.environment,
|
|
|
|
type: token.type,
|
2022-08-16 15:33:33 +02:00
|
|
|
secret: token.secret,
|
2021-03-29 19:58:11 +02:00
|
|
|
});
|
|
|
|
}
|
|
|
|
return undefined;
|
|
|
|
}
|
|
|
|
|
|
|
|
public async updateExpiry(
|
|
|
|
secret: string,
|
|
|
|
expiresAt: Date,
|
|
|
|
): Promise<IApiToken> {
|
|
|
|
return this.store.setExpiry(secret, expiresAt);
|
|
|
|
}
|
|
|
|
|
|
|
|
public async delete(secret: string): Promise<void> {
|
|
|
|
return this.store.delete(secret);
|
|
|
|
}
|
|
|
|
|
2022-04-06 08:11:41 +02:00
|
|
|
/**
|
|
|
|
* @deprecated This may be removed in a future release, prefer createApiTokenWithProjects
|
|
|
|
*/
|
2021-09-15 20:28:10 +02:00
|
|
|
public async createApiToken(
|
2022-04-06 08:11:41 +02:00
|
|
|
newToken: Omit<ILegacyApiTokenCreate, 'secret'>,
|
|
|
|
): Promise<IApiToken> {
|
|
|
|
const token = mapLegacyToken(newToken);
|
|
|
|
return this.createApiTokenWithProjects(token);
|
|
|
|
}
|
|
|
|
|
|
|
|
public async createApiTokenWithProjects(
|
2021-09-15 20:28:10 +02:00
|
|
|
newToken: Omit<IApiTokenCreate, 'secret'>,
|
2021-03-29 19:58:11 +02:00
|
|
|
): Promise<IApiToken> {
|
2022-01-05 10:00:59 +01:00
|
|
|
validateApiToken(newToken);
|
2021-09-15 20:28:10 +02:00
|
|
|
|
2022-03-24 11:26:00 +01:00
|
|
|
const environments = await this.environmentStore.getAll();
|
|
|
|
validateApiTokenEnvironment(newToken, environments);
|
|
|
|
|
2021-09-15 20:28:10 +02:00
|
|
|
const secret = this.generateSecretKey(newToken);
|
|
|
|
const createNewToken = { ...newToken, secret };
|
2022-01-05 10:00:59 +01:00
|
|
|
return this.insertNewApiToken(createNewToken);
|
|
|
|
}
|
2021-09-15 20:28:10 +02:00
|
|
|
|
2022-01-05 10:00:59 +01:00
|
|
|
private async insertNewApiToken(
|
|
|
|
newApiToken: IApiTokenCreate,
|
|
|
|
): Promise<IApiToken> {
|
2021-09-15 20:28:10 +02:00
|
|
|
try {
|
2022-01-05 10:00:59 +01:00
|
|
|
const token = await this.store.insert(newApiToken);
|
2021-09-15 20:28:10 +02:00
|
|
|
this.activeTokens.push(token);
|
|
|
|
return token;
|
|
|
|
} catch (error) {
|
|
|
|
if (error.code === FOREIGN_KEY_VIOLATION) {
|
|
|
|
let { message } = error;
|
2022-04-06 08:11:41 +02:00
|
|
|
if (error.constraint === 'api_token_project_project_fkey') {
|
|
|
|
message = `Project=${this.findInvalidProject(
|
|
|
|
error.detail,
|
|
|
|
newApiToken.projects,
|
|
|
|
)} does not exist`;
|
2021-09-15 20:28:10 +02:00
|
|
|
} else if (error.constraint === 'api_tokens_environment_fkey') {
|
2022-01-05 10:00:59 +01:00
|
|
|
message = `Environment=${newApiToken.environment} does not exist`;
|
2021-09-15 20:28:10 +02:00
|
|
|
}
|
|
|
|
throw new BadDataError(message);
|
|
|
|
}
|
|
|
|
throw error;
|
|
|
|
}
|
2021-03-29 19:58:11 +02:00
|
|
|
}
|
|
|
|
|
2022-04-06 08:11:41 +02:00
|
|
|
private findInvalidProject(errorDetails, projects) {
|
|
|
|
if (!errorDetails) {
|
|
|
|
return 'invalid';
|
|
|
|
}
|
|
|
|
let invalidProject = projects.find((project) => {
|
|
|
|
return errorDetails.includes(`=(${project})`);
|
|
|
|
});
|
|
|
|
return invalidProject || 'invalid';
|
|
|
|
}
|
|
|
|
|
|
|
|
private generateSecretKey({ projects, environment }) {
|
2021-09-15 20:28:10 +02:00
|
|
|
const randomStr = crypto.randomBytes(28).toString('hex');
|
2022-04-06 08:11:41 +02:00
|
|
|
if (projects.length > 1) {
|
|
|
|
return `[]:${environment}.${randomStr}`;
|
|
|
|
} else {
|
|
|
|
return `${projects[0]}:${environment}.${randomStr}`;
|
|
|
|
}
|
2021-03-29 19:58:11 +02:00
|
|
|
}
|
|
|
|
|
2021-04-22 23:40:52 +02:00
|
|
|
destroy(): void {
|
2021-03-29 19:58:11 +02:00
|
|
|
clearInterval(this.timer);
|
|
|
|
this.timer = null;
|
|
|
|
}
|
|
|
|
}
|