From 9587b8372e86c89743a4cd6e2d6947b70ba00f38 Mon Sep 17 00:00:00 2001 From: Aaron Dill <117116764+aarondill@users.noreply.github.com> Date: Thu, 14 Mar 2024 02:18:39 -0500 Subject: [PATCH] feat: remove the accessToken generated when logging out (#14) This means it can no longer be a security flaw if it is leaked. Additionally, keeps auth keys from piling up. --- src/features/VercelManager.ts | 1 + src/features/models.ts | 1 + src/utils/Api.ts | 13 +++++++++++++ 3 files changed, 15 insertions(+) diff --git a/src/features/VercelManager.ts b/src/features/VercelManager.ts index 0c35477..6475f48 100644 --- a/src/features/VercelManager.ts +++ b/src/features/VercelManager.ts @@ -73,6 +73,7 @@ export class VercelManager { * Un-sets authentication and project and calls didLogOut, didDeploymentsUpdated, and didEnvironmentsUpdates; */ async logOut() { + await this.api.deleteAccessToken({ tokenId: "current" }, undefined); await this.token.setAuth(undefined); await this.token.setProject(undefined); this.onDidLogOut(); diff --git a/src/features/models.ts b/src/features/models.ts index 61ae1df..78c7539 100644 --- a/src/features/models.ts +++ b/src/features/models.ts @@ -116,6 +116,7 @@ export namespace VercelResponse { message: string; }; }; + export type deleteAuthToken = { tokenId: string }; export namespace oauth { export type accessToken = { token_type: "Bearer"; diff --git a/src/utils/Api.ts b/src/utils/Api.ts index a0de1c1..d5e4893 100644 --- a/src/utils/Api.ts +++ b/src/utils/Api.ts @@ -271,6 +271,19 @@ export class Api { }, }), }; + public deleteAccessToken = this.init< + VercelResponse.deleteAuthToken, + { + /** Use special value 'current' to delete the current access token */ + tokenId: "current" | (string & Record); + teamId?: string; + } + >({ + path: "/v3/user/tokens/:tokenId", + fetch: { + method: "DELETE", + }, + }); public oauth = { accessToken: this.init< VercelResponse.oauth.accessToken,