fix: update access token API (#973)

* fix * fix
myriadsocial · Oct 10, 2024 · f343f73 · f343f73
1 parent 2a42f27
commit f343f73
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 106 deletions.
diff --git a/.github/workflows/cicd.yaml b/.github/workflows/cicd.yaml
@@ -172,4 +172,4 @@ jobs:
         run: |
           sed -i "s|myriadsocial/myriad-api:.*|myriadsocial/myriad-api:${{ github.sha }}|" /home/$USER/docker-compose.yml
       - name: Deploy Updated Compose
-        run: sudo systemctl restart myriad-social.service
+        run: sudo systemctl restart myriad-social.service
diff --git a/src/controllers/user/personal-access-token.controller.ts b/src/controllers/user/personal-access-token.controller.ts
@@ -47,17 +47,6 @@ export class UserPersonalAccessTokenController {
     return this.userService.createAccessToken(data);
   }
 
-  @get('/user/personal-admin-access-tokens')
-  @response(200, {
-    description: 'CREATE user personal-admin-access-tokens',
-    content: {
-      'application/json': {schema: getModelSchemaRef(UserPersonalAccessToken)},
-    },
-  })
-  async generate(): Promise<UserPersonalAccessToken> {
-    return this.userService.createAdminToken();
-  }
-
   @get('/user/personal-access-tokens')
   @response(200, {
     description: 'GET user personal-access-token',
@@ -76,26 +65,6 @@ export class UserPersonalAccessTokenController {
     return this.userService.accessTokens();
   }
 
-  @patch('/user/personal-access-tokens/{id}')
-  @response(204, {
-    description: 'UPDATE user personal-access-token scopes',
-  })
-  async updateById(
-    @param.path.string('id') id: string,
-    @requestBody({
-      content: {
-        'application/json': {
-          schema: getModelSchemaRef(UpdateUserPersonalAccessTokenDto, {
-            partial: true,
-          }),
-        },
-      },
-    })
-    data: Partial<UpdateUserPersonalAccessTokenDto>,
-  ): Promise<Count> {
-    return this.userService.updateAccessTokenScopes(id, data);
-  }
-
   @del('/user/personal-access-tokens/{id}')
   @response(204, {
     description: 'REMOVE user personal-access-token',

diff --git a/src/models/user-personal-access-token.model.ts b/src/models/user-personal-access-token.model.ts
@@ -29,14 +29,7 @@ export class UserPersonalAccessToken extends Entity {
     type: 'string',
     required: true,
   })
-  description: string;
-
-  @property({
-    type: 'array',
-    itemType: 'string',
-    required: true,
-  })
-  scopes: string[];
+  hash: string;
 
   @property({
     type: 'date',
@@ -78,14 +71,13 @@ export class CreateUserPersonalAccessTokenDto extends Model {
     type: 'string',
     required: true,
   })
-  description: string;
+  token: string;
 
   @property({
-    type: 'array',
-    itemType: 'string',
+    type: 'string',
     required: true,
   })
-  scopes: string[];
+  hash: string;
 
   constructor(data: Partial<CreateUserPersonalAccessTokenDto>) {
     super(data);

diff --git a/src/services/authentication/auth.service.ts b/src/services/authentication/auth.service.ts
@@ -36,6 +36,7 @@ import {CurrencyService} from '../currency.service';
 import {MetricService} from '../metric.service';
 import {validateAccount} from '../../utils/validate-account';
 import NonceGenerator from 'a-nonce-generator';
+import {sha256} from 'js-sha256';
 
 @injectable({scope: BindingScope.TRANSIENT})
 export class AuthService {
@@ -431,10 +432,10 @@ export class AuthService {
   public async loginByPAT(requestLogin: RequestLoginByPAT): Promise<UserToken> {
     const {token} = requestLogin;
     let user: User | null = null;
+    const hash = sha256(token);
     const validPAT = await this.userPersonalAccessTokenRepository.find({
       where: {
-        description: 'Admin Personal Access Token',
-        id: token,
+        hash: hash,
       },
     });
     if (!validPAT) {

diff --git a/src/services/user.service.ts b/src/services/user.service.ts
@@ -301,17 +301,6 @@ export class UserService {
   public async createAccessToken(
     data: CreateUserPersonalAccessTokenDto,
   ): Promise<UserPersonalAccessToken> {
-    if (data.description === 'Admin Personal Access Token') {
-      throw new HttpErrors.UnprocessableEntity(
-        'The description you used is reserved for internal use. Try another description',
-      );
-    }
-    if (data.scopes.includes('Admin')) {
-      throw new HttpErrors.UnprocessableEntity(
-        'Scopes containing Admin is forbidden for this method',
-      );
-    }
-    const accessToken = await this.jwtService.generateToken(this.currentUser);
     const user = await this.userRepository.findById(
       this.currentUser[securityId],
     );
@@ -320,63 +309,15 @@ export class UserService {
     }
     const pat = new UserPersonalAccessToken({
       ...data,
-      token: accessToken,
       userId: user.id,
     });
 
     return this.userPersonalAccessTokenRepository.create(pat);
   }
 
-  public async createAdminToken(): Promise<UserPersonalAccessToken> {
-    const filter: Where<UserPersonalAccessToken> = {
-      userId: this.currentUser[securityId],
-      description: 'Admin Personal Access Token',
-    };
-    const data = {
-      description: 'Admin Personal Access Token',
-      scopes: ['Admin'],
-    };
-    await this.userPersonalAccessTokenRepository.deleteAll(filter);
-    const accessToken = await this.jwtService.generateToken(this.currentUser);
-    const user = await this.userRepository.findById(
-      this.currentUser[securityId],
-    );
-    if (!user) {
-      throw new HttpErrors.UnprocessableEntity('Unauthorized');
-    }
-    const pat = new UserPersonalAccessToken({
-      ...data,
-      token: accessToken,
-      userId: user.id,
-    });
-
-    return this.userPersonalAccessTokenRepository.create(pat);
-  }
-
-  public async updateAccessTokenScopes(
-    id: string,
-    data: Partial<UpdateUserPersonalAccessTokenDto>,
-  ): Promise<Count> {
-    if (data.description === 'Admin Personal Access Token') {
-      throw new HttpErrors.UnprocessableEntity(
-        'The description you used is reserved for internal use. Try another description',
-      );
-    }
-    if (data?.scopes?.includes('Admin')) {
-      throw new HttpErrors.UnprocessableEntity(
-        'Scopes containing Admin is forbidden for this method',
-      );
-    }
-    if (!data?.scopes) return {count: 0};
-    return this.userPersonalAccessTokenRepository.updateAll(data, {
-      id,
-      userId: this.currentUser[securityId],
-    });
-  }
-
   public async removeAccessToken(id: string): Promise<Count> {
     return this.userPersonalAccessTokenRepository.deleteAll({
-      id,
+      token: id,
       userId: this.currentUser[securityId],
     });
   }