Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-17 11:11:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: token rolling API for admins

Browse Source 
+ tests
This commit is contained in:
Julian Lam
2023-05-10 15:16:12 -04:00
parent ce23caf7e6
commit 4f524e9f94
15 changed files with 297 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/api/users.js
View File

@@ -18,9 +18,8 @@ const plugins = require('../plugins');
const events = require('../events');
const translator = require('../translator');
const sockets = require('../socket.io');
const utils = require('../utils');
const api = require('.');
// const api = require('.');
const usersAPI = module.exports;
@@ -310,15 +309,18 @@ usersAPI.unmute = async function (caller, data) {
};
usersAPI.generateToken = async (caller, { uid, description }) => {
const api = require('.');
await hasAdminPrivilege(caller.uid, 'settings');
if (parseInt(uid, 10) !== parseInt(caller.uid, 10)) {
throw new Error('[[error:invalid-uid]]');
}
return await api.utils.tokens.generate({ uid, description });
const tokenObj = await api.utils.tokens.generate({ uid, description });
return tokenObj.token;
};
usersAPI.deleteToken = async (caller, { uid, token }) => {
const api = require('.');
await hasAdminPrivilege(caller.uid, 'settings');
if (parseInt(uid, 10) !== parseInt(caller.uid, 10)) {
throw new Error('[[error:invalid-uid]]');

24
src/api/utils.js
View File

@@ -36,7 +36,7 @@ utils.tokens.get = async (tokens) => {
tokenObjs.forEach((tokenObj, idx) => {
tokenObj.token = tokens[idx];
tokenObj.lastSeen = lastSeen[idx];
tokenObj.lastSeenISO = new Date(lastSeen[idx]).toISOString();
tokenObj.lastSeenISO = lastSeen[idx] ? new Date(lastSeen[idx]).toISOString() : null;
tokenObj.timestampISO = new Date(parseInt(tokenObj.timestamp, 10)).toISOString();
});
@@ -80,6 +80,28 @@ utils.tokens.update = async (token, { uid, description }) => {
return await utils.tokens.get(token);
};
utils.tokens.roll = async (token) => {
const [createTime, uid, lastSeen] = await db.sortedSetsScore([`tokens:createtime`, `tokens:uid`, `tokens:lastSeen`], token);
const newToken = srcUtils.generateUUID();
const updates = [
db.rename(`token:${token}`, `token:${newToken}`),
db.sortedSetRemove(`tokens:createtime`, token),
db.sortedSetRemove(`tokens:uid`, token),
db.sortedSetRemove(`tokens:lastSeen`, token),
db.sortedSetAdd(`tokens:createtime`, createTime, newToken),
db.sortedSetAdd(`tokens:uid`, uid, newToken),
];
if (lastSeen) {
updates.push(db.sortedSetAdd(`tokens:lastSeen`, lastSeen, newToken));
}
await Promise.all(updates);
return newToken;
};
utils.tokens.delete = async (token) => {
await Promise.all([
db.delete(`token:${token}`),