Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2025-01-06 00:07:44 +01:00
Code Issues Projects Releases Wiki Activity
d7c450abf8
unleash.unleash/src/lib/db/api-token-store.ts

206 lines
6.0 KiB
TypeScript
Raw Normal View History

Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
import { EventEmitter } from 'events';
import { Knex } from 'knex';
fix: more types
2021-05-02 21:11:17 +02:00
import metricsHelper from '../util/metrics-helper';
fix: refactor event types
2021-04-29 10:21:29 +02:00
import { DB_TIME } from '../metric-events';
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
import { Logger, LogProvider } from '../logger';
import NotFoundError from '../error/notfound-error';
Feat/api key scoping (#941) Co-authored-by: Christopher Kolstad <chriswk@getunleash.ai>
2021-09-15 20:28:10 +02:00
import { IApiTokenStore } from '../types/stores/api-token-store';
fix: Stores as typescript and with interfaces. (#902) Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2021-08-12 15:04:37 +02:00
import {
ApiTokenType,
IApiToken,
IApiTokenCreate,
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
isAllProjects,
Feat/api key scoping (#941) Co-authored-by: Christopher Kolstad <chriswk@getunleash.ai>
2021-09-15 20:28:10 +02:00
} from '../types/models/api-token';
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
import { ALL_PROJECTS } from '../../lib/services/access-service';
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
const TABLE = 'api_tokens';
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
const API_LINK_TABLE = 'api_token_project';
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
Feat/api key scoping (#941) Co-authored-by: Christopher Kolstad <chriswk@getunleash.ai>
2021-09-15 20:28:10 +02:00
const ALL = '*';
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
interface ITokenInsert {
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
id: number;
secret: string;
username: string;
type: ApiTokenType;
expires_at?: Date;
created_at: Date;
seen_at?: Date;
Feat/api key scoping (#941) Co-authored-by: Christopher Kolstad <chriswk@getunleash.ai>
2021-09-15 20:28:10 +02:00
environment: string;
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
}
interface ITokenRow extends ITokenInsert {
Feat/api key scoping (#941) Co-authored-by: Christopher Kolstad <chriswk@getunleash.ai>
2021-09-15 20:28:10 +02:00
project: string;
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
}
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
const tokenRowReducer = (acc, tokenRow) => {
const { project, ...token } = tokenRow;
if (!acc[tokenRow.secret]) {
acc[tokenRow.secret] = {
secret: token.secret,
username: token.username,
type: token.type,
project: ALL,
projects: [ALL],
environment: token.environment ? token.environment : ALL,
expiresAt: token.expires_at,
createdAt: token.created_at,
};
}
const currentToken = acc[tokenRow.secret];
if (tokenRow.project) {
if (isAllProjects(currentToken.projects)) {
currentToken.projects = [];
}
currentToken.projects.push(tokenRow.project);
currentToken.project = currentToken.projects.join(',');
}
return acc;
};
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
const toRow = (newToken: IApiTokenCreate) => ({
username: newToken.username,
secret: newToken.secret,
type: newToken.type,
Feat/api key scoping (#941) Co-authored-by: Christopher Kolstad <chriswk@getunleash.ai>
2021-09-15 20:28:10 +02:00
environment:
newToken.environment === ALL ? undefined : newToken.environment,
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
expires_at: newToken.expiresAt,
});
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
const toTokens = (rows: any[]): IApiToken[] => {
const tokens = rows.reduce(tokenRowReducer, {});
return Object.values(tokens);
};
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
fix: Stores as typescript and with interfaces. (#902) Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2021-08-12 15:04:37 +02:00
export class ApiTokenStore implements IApiTokenStore {
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
private logger: Logger;
private timer: Function;
private db: Knex;
constructor(db: Knex, eventBus: EventEmitter, getLogger: LogProvider) {
this.db = db;
this.logger = getLogger('api-tokens.js');
this.timer = (action: string) =>
metricsHelper.wrapTimer(eventBus, DB_TIME, {
store: 'api-tokens',
action,
});
}
feat: Add init api tokens option (#1181) Adds support for initializing a fresh Unleash instance with predefined API tokens. Co-authored-by: sighphyre <liquidwicked64@gmail.com> Co-authored-by: Juraj Malenica <juraj.malenica@mindsmiths.com> Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2022-01-05 10:00:59 +01:00
count(): Promise<number> {
return this.db(TABLE)
.count('*')
.then((res) => Number(res[0].count));
}
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
async getAll(): Promise<IApiToken[]> {
const stopTimer = this.timer('getAll');
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
const rows = await this.makeTokenProjectQuery();
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
stopTimer();
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
return toTokens(rows);
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
}
async getAllActive(): Promise<IApiToken[]> {
const stopTimer = this.timer('getAllActive');
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
const rows = await this.makeTokenProjectQuery()
fix: improve performance for fetching active api tokens
2021-09-02 10:05:31 +02:00
.where('expires_at', 'IS', null)
.orWhere('expires_at', '>', 'now()');
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
stopTimer();
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
return toTokens(rows);
}
private makeTokenProjectQuery() {
return this.db<ITokenRow>(`${TABLE} as tokens`)
.leftJoin(
`${API_LINK_TABLE} as token_project_link`,
'tokens.secret',
'token_project_link.secret',
)
.select(
'tokens.secret',
'username',
'type',
'expires_at',
'created_at',
'seen_at',
'environment',
'token_project_link.project',
);
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
}
async insert(newToken: IApiTokenCreate): Promise<IApiToken> {
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
const response = await this.db.transaction(async (tx) => {
const [row] = await tx<ITokenInsert>(TABLE).insert(
toRow(newToken),
['created_at'],
);
const updateProjectTasks = (newToken.projects || [])
.filter((project) => {
return project !== ALL_PROJECTS;
})
.map((project) => {
return tx.raw(
`INSERT INTO ${API_LINK_TABLE} VALUES (?, ?)`,
[newToken.secret, project],
);
});
await Promise.all(updateProjectTasks);
return {
...newToken,
project: newToken.projects?.join(',') || '*',
createdAt: row.created_at,
};
});
return response;
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
}
fix: Stores as typescript and with interfaces. (#902) Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2021-08-12 15:04:37 +02:00
destroy(): void {}
async exists(secret: string): Promise<boolean> {
const result = await this.db.raw(
`SELECT EXISTS (SELECT 1 FROM ${TABLE} WHERE secret = ?) AS present`,
[secret],
);
const { present } = result.rows[0];
return present;
}
async get(key: string): Promise<IApiToken> {
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
const row = await this.makeTokenProjectQuery().where('secret', key);
return toTokens(row)[0];
fix: Stores as typescript and with interfaces. (#902) Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2021-08-12 15:04:37 +02:00
}
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
async delete(secret: string): Promise<void> {
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
return this.db<ITokenRow>(TABLE).where({ secret }).del();
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
}
Migrate to jest (#854) * Migrate to jest * Use --force-exit until dns close handle issue https://github.com/facebook/jest/issues/9982 Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2021-05-28 11:10:24 +02:00
async deleteAll(): Promise<void> {
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
return this.db<ITokenRow>(TABLE).del();
Migrate to jest (#854) * Migrate to jest * Use --force-exit until dns close handle issue https://github.com/facebook/jest/issues/9982 Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2021-05-28 11:10:24 +02:00
}
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
async setExpiry(secret: string, expiresAt: Date): Promise<IApiToken> {
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
const rows = await this.makeTokenProjectQuery()
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
.update({ expires_at: expiresAt })
.where({ secret })
.returning('*');
if (rows.length > 0) {
feat: Implement multi token support for client tokens This adds support for multi project tokens to be created. Backward compatibility is handled at 3 different layers here: - The API is made backwards compatible though a permissive data type that accepts either a project?: string or projects?: string[] property, validation is done through JOI here, which ensures that projects and project are not set together. In the case of neither, this defaults to the previous default of ALL_PROJECTS - The service layer method to handle adding tokens has been made tolerant to either of the above case and has been deprecated, a new method supporting only the new structure of using projects has been added - Existing compatibility for consumers of Unleash as a library should not be affected either, the ApiUser constructor is now tolerant to the the first input and will internally map to the new cleaned structure
2022-04-06 08:11:41 +02:00
return toTokens(rows)[0];
Feat: Api-Tokens (#774) fixes: #774
2021-03-29 19:58:11 +02:00
}
throw new NotFoundError('Could not find api-token.');
}
async markSeenAt(secrets: string[]): Promise<void> {
const now = new Date();
try {
await this.db(TABLE)
.whereIn('secrets', secrets)
.update({ seen_at: now });
} catch (err) {
this.logger.error('Could not update lastSeen, error: ', err);
}
}
}
Reference in New Issue Copy Permalink