Compare commits
No commits in common. "313785b4ace01eddc53ce48bc7b076a4eeee8c0f" and "4568bef10e469eba599fe252caa6f332d915bab7" have entirely different histories.
313785b4ac
...
4568bef10e
24 changed files with 219 additions and 318 deletions
|
|
@ -1,15 +1,15 @@
|
|||
export interface CreateWebapiCommand {
|
||||
export interface CreateApiCommand {
|
||||
title: string;
|
||||
token: string;
|
||||
expiry?: Date;
|
||||
}
|
||||
|
||||
export interface UpdateWebapiCommand {
|
||||
export interface UpdateApiCommand {
|
||||
id: number;
|
||||
title: string;
|
||||
expiry?: Date;
|
||||
}
|
||||
|
||||
export interface DeleteWebapiCommand {
|
||||
export interface DeleteApiCommand {
|
||||
id: number;
|
||||
}
|
||||
|
|
@ -1,23 +1,23 @@
|
|||
import { dataSource } from "../../../data-source";
|
||||
import { webapi } from "../../../entity/user/webapi";
|
||||
import { api } from "../../../entity/user/api";
|
||||
import InternalException from "../../../exceptions/internalException";
|
||||
import { CreateWebapiCommand, DeleteWebapiCommand, UpdateWebapiCommand } from "./webapiCommand";
|
||||
import { CreateApiCommand, DeleteApiCommand, UpdateApiCommand } from "./apiCommand";
|
||||
|
||||
export default abstract class WebapiCommandHandler {
|
||||
export default abstract class ApiCommandHandler {
|
||||
/**
|
||||
* @description create api
|
||||
* @param {CreateWebapiCommand} createWebapi
|
||||
* @param {CreateApiCommand} createApi
|
||||
* @returns {Promise<number>}
|
||||
*/
|
||||
static async create(createWebapi: CreateWebapiCommand): Promise<number> {
|
||||
static async create(createApi: CreateApiCommand): Promise<number> {
|
||||
return await dataSource
|
||||
.createQueryBuilder()
|
||||
.insert()
|
||||
.into(webapi)
|
||||
.into(api)
|
||||
.values({
|
||||
token: createWebapi.token,
|
||||
title: createWebapi.title,
|
||||
expiry: createWebapi.expiry,
|
||||
token: createApi.token,
|
||||
title: createApi.title,
|
||||
expiry: createApi.expiry,
|
||||
})
|
||||
.execute()
|
||||
.then((result) => {
|
||||
|
|
@ -30,18 +30,18 @@ export default abstract class WebapiCommandHandler {
|
|||
|
||||
/**
|
||||
* @description update api
|
||||
* @param {UpdateWebapiCommand} updateWebapi
|
||||
* @param {UpdateApiCommand} updateApi
|
||||
* @returns {Promise<void>}
|
||||
*/
|
||||
static async update(updateWebapi: UpdateWebapiCommand): Promise<void> {
|
||||
static async update(updateApi: UpdateApiCommand): Promise<void> {
|
||||
return await dataSource
|
||||
.createQueryBuilder()
|
||||
.update(webapi)
|
||||
.update(api)
|
||||
.set({
|
||||
title: updateWebapi.title,
|
||||
expiry: updateWebapi.expiry,
|
||||
title: updateApi.title,
|
||||
expiry: updateApi.expiry,
|
||||
})
|
||||
.where("id = :id", { id: updateWebapi.id })
|
||||
.where("id = :id", { id: updateApi.id })
|
||||
.execute()
|
||||
.then(() => {})
|
||||
.catch((err) => {
|
||||
|
|
@ -51,15 +51,15 @@ export default abstract class WebapiCommandHandler {
|
|||
|
||||
/**
|
||||
* @description delete api
|
||||
* @param {DeleteWebapiCommand} deleteWebapi
|
||||
* @param {DeleteApiCommand} deleteApi
|
||||
* @returns {Promise<void>}
|
||||
*/
|
||||
static async delete(deleteWebapi: DeleteWebapiCommand): Promise<void> {
|
||||
static async delete(deleteApi: DeleteApiCommand): Promise<void> {
|
||||
return await dataSource
|
||||
.createQueryBuilder()
|
||||
.delete()
|
||||
.from(webapi)
|
||||
.where("id = :id", { id: deleteWebapi.id })
|
||||
.from(api)
|
||||
.where("id = :id", { id: deleteApi.id })
|
||||
.execute()
|
||||
.then(() => {})
|
||||
.catch((err) => {
|
||||
|
|
@ -1,16 +1,16 @@
|
|||
import { PermissionString } from "../../../type/permissionTypes";
|
||||
|
||||
export interface CreateWebapiPermissionCommand {
|
||||
export interface CreateApiPermissionCommand {
|
||||
permission: PermissionString;
|
||||
apiId: number;
|
||||
}
|
||||
|
||||
export interface DeleteWebapiPermissionCommand {
|
||||
export interface DeleteApiPermissionCommand {
|
||||
permission: PermissionString;
|
||||
apiId: number;
|
||||
}
|
||||
|
||||
export interface UpdateWebapiPermissionsCommand {
|
||||
export interface UpdateApiPermissionsCommand {
|
||||
apiId: number;
|
||||
permissions: Array<PermissionString>;
|
||||
}
|
||||
|
|
@ -1,39 +1,34 @@
|
|||
import { DeleteResult, EntityManager, InsertResult } from "typeorm";
|
||||
import { dataSource } from "../../../data-source";
|
||||
import { webapiPermission } from "../../../entity/user/webapi_permission";
|
||||
import { apiPermission } from "../../../entity/user/api_permission";
|
||||
import InternalException from "../../../exceptions/internalException";
|
||||
import WebapiService from "../../../service/user/webapiService";
|
||||
import ApiService from "../../../service/user/apiService";
|
||||
import {
|
||||
CreateWebapiPermissionCommand,
|
||||
DeleteWebapiPermissionCommand,
|
||||
UpdateWebapiPermissionsCommand,
|
||||
} from "./webapiPermissionCommand";
|
||||
CreateApiPermissionCommand,
|
||||
DeleteApiPermissionCommand,
|
||||
UpdateApiPermissionsCommand,
|
||||
} from "./apiPermissionCommand";
|
||||
import PermissionHelper from "../../../helpers/permissionHelper";
|
||||
import WebapiPermissionService from "../../../service/user/webapiPermissionService";
|
||||
import ApiPermissionService from "../../../service/user/apiPermissionService";
|
||||
import { PermissionString } from "../../../type/permissionTypes";
|
||||
|
||||
export default abstract class WebapiPermissionCommandHandler {
|
||||
export default abstract class ApiPermissionCommandHandler {
|
||||
/**
|
||||
* @description update api permissions
|
||||
* @param {UpdateWebapiPermissionsCommand} updateWebapiPermissions
|
||||
* @param {UpdateApiPermissionsCommand} updateApiPermissions
|
||||
* @returns {Promise<void>}
|
||||
*/
|
||||
static async updatePermissions(updateWebapiPermissions: UpdateWebapiPermissionsCommand): Promise<void> {
|
||||
let currentPermissions = (await WebapiPermissionService.getByApi(updateWebapiPermissions.apiId)).map(
|
||||
(r) => r.permission
|
||||
);
|
||||
static async updatePermissions(updateApiPermissions: UpdateApiPermissionsCommand): Promise<void> {
|
||||
let currentPermissions = (await ApiPermissionService.getByApi(updateApiPermissions.apiId)).map((r) => r.permission);
|
||||
return await dataSource.manager
|
||||
.transaction(async (manager) => {
|
||||
let newPermissions = PermissionHelper.getWhatToAdd(currentPermissions, updateWebapiPermissions.permissions);
|
||||
let removePermissions = PermissionHelper.getWhatToRemove(
|
||||
currentPermissions,
|
||||
updateWebapiPermissions.permissions
|
||||
);
|
||||
let newPermissions = PermissionHelper.getWhatToAdd(currentPermissions, updateApiPermissions.permissions);
|
||||
let removePermissions = PermissionHelper.getWhatToRemove(currentPermissions, updateApiPermissions.permissions);
|
||||
if (newPermissions.length != 0) {
|
||||
await this.updatePermissionsAdd(manager, updateWebapiPermissions.apiId, newPermissions);
|
||||
await this.updatePermissionsAdd(manager, updateApiPermissions.apiId, newPermissions);
|
||||
}
|
||||
if (removePermissions.length != 0) {
|
||||
await this.updatePermissionsRemove(manager, updateWebapiPermissions.apiId, removePermissions);
|
||||
await this.updatePermissionsRemove(manager, updateApiPermissions.apiId, removePermissions);
|
||||
}
|
||||
})
|
||||
.then(() => {})
|
||||
|
|
@ -44,17 +39,17 @@ export default abstract class WebapiPermissionCommandHandler {
|
|||
|
||||
private static async updatePermissionsAdd(
|
||||
manager: EntityManager,
|
||||
webapiId: number,
|
||||
apiId: number,
|
||||
permissions: Array<PermissionString>
|
||||
): Promise<InsertResult> {
|
||||
return await manager
|
||||
.createQueryBuilder()
|
||||
.insert()
|
||||
.into(webapiPermission)
|
||||
.into(apiPermission)
|
||||
.values(
|
||||
permissions.map((p) => ({
|
||||
permission: p,
|
||||
apiId: webapiId,
|
||||
apiId: apiId,
|
||||
}))
|
||||
)
|
||||
.orIgnore()
|
||||
|
|
@ -63,31 +58,31 @@ export default abstract class WebapiPermissionCommandHandler {
|
|||
|
||||
private static async updatePermissionsRemove(
|
||||
manager: EntityManager,
|
||||
webapiId: number,
|
||||
apiId: number,
|
||||
permissions: Array<PermissionString>
|
||||
): Promise<DeleteResult> {
|
||||
return await manager
|
||||
.createQueryBuilder()
|
||||
.delete()
|
||||
.from(webapiPermission)
|
||||
.where("webapiId = :id", { id: webapiId })
|
||||
.from(apiPermission)
|
||||
.where("apiId = :id", { id: apiId })
|
||||
.andWhere("permission IN (:...permission)", { permission: permissions })
|
||||
.execute();
|
||||
}
|
||||
|
||||
/**
|
||||
* @description grant permission to user
|
||||
* @param {CreateWebapiPermissionCommand} createPermission
|
||||
* @param {CreateApiPermissionCommand} createPermission
|
||||
* @returns {Promise<number>}
|
||||
*/
|
||||
static async create(createPermission: CreateWebapiPermissionCommand): Promise<number> {
|
||||
static async create(createPermission: CreateApiPermissionCommand): Promise<number> {
|
||||
return await dataSource
|
||||
.createQueryBuilder()
|
||||
.insert()
|
||||
.into(webapiPermission)
|
||||
.into(apiPermission)
|
||||
.values({
|
||||
permission: createPermission.permission,
|
||||
webapiId: createPermission.apiId,
|
||||
apiId: createPermission.apiId,
|
||||
})
|
||||
.execute()
|
||||
.then((result) => {
|
||||
|
|
@ -100,15 +95,15 @@ export default abstract class WebapiPermissionCommandHandler {
|
|||
|
||||
/**
|
||||
* @description remove permission from api
|
||||
* @param {DeleteWebapiPermissionCommand} deletePermission
|
||||
* @param {DeleteApiPermissionCommand} deletePermission
|
||||
* @returns {Promise<any>}
|
||||
*/
|
||||
static async delete(deletePermission: DeleteWebapiPermissionCommand): Promise<any> {
|
||||
static async delete(deletePermission: DeleteApiPermissionCommand): Promise<any> {
|
||||
return await dataSource
|
||||
.createQueryBuilder()
|
||||
.delete()
|
||||
.from(webapiPermission)
|
||||
.where("webapiId = :id", { id: deletePermission.apiId })
|
||||
.from(apiPermission)
|
||||
.where("apiId = :id", { id: deletePermission.apiId })
|
||||
.andWhere("permission = :permission", { permission: deletePermission.permission })
|
||||
.execute()
|
||||
.then(() => {})
|
||||
|
|
@ -1,16 +1,12 @@
|
|||
import { Request, Response } from "express";
|
||||
import WebapiService from "../../../service/user/webapiService";
|
||||
import ApiFactory from "../../../factory/admin/user/webapi";
|
||||
import WebapiPermissionService from "../../../service/user/webapiPermissionService";
|
||||
import ApiService from "../../../service/user/apiService";
|
||||
import ApiFactory from "../../../factory/admin/user/api";
|
||||
import ApiPermissionService from "../../../service/user/apiPermissionService";
|
||||
import PermissionHelper from "../../../helpers/permissionHelper";
|
||||
import {
|
||||
CreateWebapiCommand,
|
||||
DeleteWebapiCommand,
|
||||
UpdateWebapiCommand,
|
||||
} from "../../../command/user/webapi/webapiCommand";
|
||||
import WebapiCommandHandler from "../../../command/user/webapi/webapiCommandHandler";
|
||||
import { UpdateWebapiPermissionsCommand } from "../../../command/user/webapi/webapiPermissionCommand";
|
||||
import WebapiPermissionCommandHandler from "../../../command/user/webapi/webapiPermissionCommandHandler";
|
||||
import { CreateApiCommand, DeleteApiCommand, UpdateApiCommand } from "../../../command/user/api/apiCommand";
|
||||
import ApiCommandHandler from "../../../command/user/api/apiCommandHandler";
|
||||
import { UpdateApiPermissionsCommand } from "../../../command/user/api/apiPermissionCommand";
|
||||
import ApiPermissionCommandHandler from "../../../command/user/api/apiPermissionCommandHandler";
|
||||
import { JWTHelper } from "../../../helpers/jwtHelper";
|
||||
import { CLUB_NAME } from "../../../env.defaults";
|
||||
import { StringHelper } from "../../../helpers/stringHelper";
|
||||
|
|
@ -21,8 +17,8 @@ import { StringHelper } from "../../../helpers/stringHelper";
|
|||
* @param res {Response} Express res object
|
||||
* @returns {Promise<*>}
|
||||
*/
|
||||
export async function getAllWebapis(req: Request, res: Response): Promise<any> {
|
||||
let apis = await WebapiService.getAll();
|
||||
export async function getAllApis(req: Request, res: Response): Promise<any> {
|
||||
let apis = await ApiService.getAll();
|
||||
|
||||
res.json(ApiFactory.mapToBase(apis));
|
||||
}
|
||||
|
|
@ -33,9 +29,9 @@ export async function getAllWebapis(req: Request, res: Response): Promise<any> {
|
|||
* @param res {Response} Express res object
|
||||
* @returns {Promise<*>}
|
||||
*/
|
||||
export async function getWebapiById(req: Request, res: Response): Promise<any> {
|
||||
export async function getApiById(req: Request, res: Response): Promise<any> {
|
||||
const id = parseInt(req.params.id);
|
||||
let api = await WebapiService.getById(id);
|
||||
let api = await ApiService.getById(id);
|
||||
|
||||
res.json(ApiFactory.mapToSingle(api));
|
||||
}
|
||||
|
|
@ -46,9 +42,9 @@ export async function getWebapiById(req: Request, res: Response): Promise<any> {
|
|||
* @param res {Response} Express res object
|
||||
* @returns {Promise<*>}
|
||||
*/
|
||||
export async function getWebapiTokenById(req: Request, res: Response): Promise<any> {
|
||||
export async function getApiTokenById(req: Request, res: Response): Promise<any> {
|
||||
const id = parseInt(req.params.id);
|
||||
let { token } = await WebapiService.getTokenById(id);
|
||||
let { token } = await ApiService.getTokenById(id);
|
||||
|
||||
res.send(token);
|
||||
}
|
||||
|
|
@ -59,9 +55,9 @@ export async function getWebapiTokenById(req: Request, res: Response): Promise<a
|
|||
* @param res {Response} Express res object
|
||||
* @returns {Promise<*>}
|
||||
*/
|
||||
export async function getWebapiPermissions(req: Request, res: Response): Promise<any> {
|
||||
export async function getApiPermissions(req: Request, res: Response): Promise<any> {
|
||||
const id = parseInt(req.params.id);
|
||||
let permissions = await WebapiPermissionService.getByApi(id);
|
||||
let permissions = await ApiPermissionService.getByApi(id);
|
||||
|
||||
res.json(PermissionHelper.convertToObject(permissions.map((p) => p.permission)));
|
||||
}
|
||||
|
|
@ -72,7 +68,7 @@ export async function getWebapiPermissions(req: Request, res: Response): Promise
|
|||
* @param res {Response} Express res object
|
||||
* @returns {Promise<*>}
|
||||
*/
|
||||
export async function createWebapi(req: Request, res: Response): Promise<any> {
|
||||
export async function createApi(req: Request, res: Response): Promise<any> {
|
||||
let title = req.body.title;
|
||||
let expiry = req.body.expiry;
|
||||
|
||||
|
|
@ -83,12 +79,12 @@ export async function createWebapi(req: Request, res: Response): Promise<any> {
|
|||
aud: StringHelper.random(32),
|
||||
});
|
||||
|
||||
let createApi: CreateWebapiCommand = {
|
||||
let createApi: CreateApiCommand = {
|
||||
token: token,
|
||||
title: title,
|
||||
expiry: expiry,
|
||||
};
|
||||
await WebapiCommandHandler.create(createApi);
|
||||
await ApiCommandHandler.create(createApi);
|
||||
|
||||
res.sendStatus(204);
|
||||
}
|
||||
|
|
@ -99,17 +95,17 @@ export async function createWebapi(req: Request, res: Response): Promise<any> {
|
|||
* @param res {Response} Express res object
|
||||
* @returns {Promise<*>}
|
||||
*/
|
||||
export async function updateWebapi(req: Request, res: Response): Promise<any> {
|
||||
export async function updateApi(req: Request, res: Response): Promise<any> {
|
||||
const id = parseInt(req.params.id);
|
||||
let title = req.body.title;
|
||||
let expiry = req.body.expiry;
|
||||
|
||||
let updateApi: UpdateWebapiCommand = {
|
||||
let updateApi: UpdateApiCommand = {
|
||||
id: id,
|
||||
title: title,
|
||||
expiry: expiry,
|
||||
};
|
||||
await WebapiCommandHandler.update(updateApi);
|
||||
await ApiCommandHandler.update(updateApi);
|
||||
|
||||
res.sendStatus(204);
|
||||
}
|
||||
|
|
@ -120,17 +116,17 @@ export async function updateWebapi(req: Request, res: Response): Promise<any> {
|
|||
* @param res {Response} Express res object
|
||||
* @returns {Promise<*>}
|
||||
*/
|
||||
export async function updateWebapiPermissions(req: Request, res: Response): Promise<any> {
|
||||
export async function updateApiPermissions(req: Request, res: Response): Promise<any> {
|
||||
const id = parseInt(req.params.id);
|
||||
let permissions = req.body.permissions;
|
||||
|
||||
let permissionStrings = PermissionHelper.convertToStringArray(permissions);
|
||||
|
||||
let updateApiPermissions: UpdateWebapiPermissionsCommand = {
|
||||
let updateApiPermissions: UpdateApiPermissionsCommand = {
|
||||
apiId: id,
|
||||
permissions: permissionStrings,
|
||||
};
|
||||
await WebapiPermissionCommandHandler.updatePermissions(updateApiPermissions);
|
||||
await ApiPermissionCommandHandler.updatePermissions(updateApiPermissions);
|
||||
|
||||
res.sendStatus(204);
|
||||
}
|
||||
|
|
@ -141,13 +137,13 @@ export async function updateWebapiPermissions(req: Request, res: Response): Prom
|
|||
* @param res {Response} Express res object
|
||||
* @returns {Promise<*>}
|
||||
*/
|
||||
export async function deleteWebapi(req: Request, res: Response): Promise<any> {
|
||||
export async function deleteApi(req: Request, res: Response): Promise<any> {
|
||||
const id = parseInt(req.params.id);
|
||||
|
||||
let deleteApi: DeleteWebapiCommand = {
|
||||
let deleteApi: DeleteApiCommand = {
|
||||
id: id,
|
||||
};
|
||||
await WebapiCommandHandler.delete(deleteApi);
|
||||
await ApiCommandHandler.delete(deleteApi);
|
||||
|
||||
res.sendStatus(204);
|
||||
}
|
||||
|
|
@ -8,7 +8,7 @@ import UserService from "../service/user/userService";
|
|||
import speakeasy from "speakeasy";
|
||||
import UnauthorizedRequestException from "../exceptions/unauthorizedRequestException";
|
||||
import RefreshService from "../service/refreshService";
|
||||
import WebapiService from "../service/user/webapiService";
|
||||
import ApiService from "../service/user/apiService";
|
||||
import ForbiddenRequestException from "../exceptions/forbiddenRequestException";
|
||||
|
||||
/**
|
||||
|
|
@ -17,16 +17,16 @@ import ForbiddenRequestException from "../exceptions/forbiddenRequestException";
|
|||
* @param res {Response} Express res object
|
||||
* @returns {Promise<*>}
|
||||
*/
|
||||
export async function getWebApiAccess(req: Request, res: Response): Promise<any> {
|
||||
export async function getAccess(req: Request, res: Response): Promise<any> {
|
||||
const bearer = req.headers.authorization?.split(" ")?.[1] ?? undefined;
|
||||
|
||||
let { expiry } = await WebapiService.getByToken(bearer);
|
||||
let { expiry } = await ApiService.getByToken(bearer);
|
||||
|
||||
if (new Date() > new Date(expiry)) {
|
||||
throw new ForbiddenRequestException("api token expired");
|
||||
}
|
||||
|
||||
let accessToken = await JWTHelper.buildWebapiToken(bearer);
|
||||
let accessToken = await JWTHelper.buildApiToken(bearer);
|
||||
|
||||
res.json({
|
||||
accessToken,
|
||||
|
|
@ -68,9 +68,9 @@ import { Memberlist1736079005086 } from "./migrations/1736079005086-memberlist";
|
|||
import { ExtendViewValues1736084198860 } from "./migrations/1736084198860-extendViewValues";
|
||||
import { FinishInternalIdTransfer1736505324488 } from "./migrations/1736505324488-finishInternalIdTransfer";
|
||||
import { ProtocolPresenceExcuse1737287798828 } from "./migrations/1737287798828-protocolPresenceExcuse";
|
||||
import { webapi } from "./entity/user/webapi";
|
||||
import { webapiPermission } from "./entity/user/webapi_permission";
|
||||
import { AddWebapiTokens1737453096674 } from "./migrations/1737453096674-addwebapiTokens";
|
||||
import { api } from "./entity/user/api";
|
||||
import { apiPermission } from "./entity/user/api_permission";
|
||||
import { AddApiTokens1737453096674 } from "./migrations/1737453096674-addApiTokens";
|
||||
|
||||
const dataSource = new DataSource({
|
||||
type: DB_TYPE as any,
|
||||
|
|
@ -120,8 +120,8 @@ const dataSource = new DataSource({
|
|||
memberExecutivePositionsView,
|
||||
memberQualificationsView,
|
||||
membershipView,
|
||||
webapi,
|
||||
webapiPermission,
|
||||
api,
|
||||
apiPermission,
|
||||
],
|
||||
migrations: [
|
||||
Initial1724317398939,
|
||||
|
|
@ -151,7 +151,7 @@ const dataSource = new DataSource({
|
|||
ExtendViewValues1736084198860,
|
||||
FinishInternalIdTransfer1736505324488,
|
||||
ProtocolPresenceExcuse1737287798828,
|
||||
AddWebapiTokens1737453096674,
|
||||
AddApiTokens1737453096674,
|
||||
],
|
||||
migrationsRun: true,
|
||||
migrationsTransactionMode: "each",
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
import { Column, CreateDateColumn, Entity, OneToMany, PrimaryColumn } from "typeorm";
|
||||
import { webapiPermission } from "./webapi_permission";
|
||||
import { apiPermission } from "./api_permission";
|
||||
|
||||
@Entity()
|
||||
export class webapi {
|
||||
export class api {
|
||||
@PrimaryColumn({ generated: "increment", type: "int" })
|
||||
id: number;
|
||||
|
||||
|
|
@ -21,6 +21,6 @@ export class webapi {
|
|||
@Column({ type: "datetime", nullable: true })
|
||||
expiry?: Date;
|
||||
|
||||
@OneToMany(() => webapiPermission, (apiPermission) => apiPermission.webapi)
|
||||
permissions: webapiPermission[];
|
||||
@OneToMany(() => apiPermission, (apiPermission) => apiPermission.api)
|
||||
permissions: apiPermission[];
|
||||
}
|
||||
|
|
@ -1,19 +1,19 @@
|
|||
import { Column, Entity, ManyToOne, OneToMany, PrimaryColumn } from "typeorm";
|
||||
import { PermissionObject, PermissionString } from "../../type/permissionTypes";
|
||||
import { webapi } from "./webapi";
|
||||
import { api } from "./api";
|
||||
|
||||
@Entity()
|
||||
export class webapiPermission {
|
||||
export class apiPermission {
|
||||
@PrimaryColumn({ type: "int" })
|
||||
webapiId: number;
|
||||
apiId: number;
|
||||
|
||||
@PrimaryColumn({ type: "varchar", length: 255 })
|
||||
permission: PermissionString;
|
||||
|
||||
@ManyToOne(() => webapi, {
|
||||
@ManyToOne(() => api, {
|
||||
nullable: false,
|
||||
onDelete: "CASCADE",
|
||||
onUpdate: "RESTRICT",
|
||||
})
|
||||
webapi: webapi;
|
||||
api: api;
|
||||
}
|
||||
|
|
@ -1,14 +1,14 @@
|
|||
import { webapi } from "../../../entity/user/webapi";
|
||||
import { api } from "../../../entity/user/api";
|
||||
import PermissionHelper from "../../../helpers/permissionHelper";
|
||||
import { ApiViewModel } from "../../../viewmodel/admin/user/webapi.models";
|
||||
import { ApiViewModel } from "../../../viewmodel/admin/user/api.models";
|
||||
|
||||
export default abstract class ApiFactory {
|
||||
/**
|
||||
* @description map record to api
|
||||
* @param {webapi} record
|
||||
* @param {api} record
|
||||
* @returns {apiViewModel}
|
||||
*/
|
||||
public static mapToSingle(record: webapi): ApiViewModel {
|
||||
public static mapToSingle(record: api): ApiViewModel {
|
||||
return {
|
||||
id: record.id,
|
||||
permissions: PermissionHelper.convertToObject(record.permissions.map((e) => e.permission)),
|
||||
|
|
@ -21,10 +21,10 @@ export default abstract class ApiFactory {
|
|||
|
||||
/**
|
||||
* @description map records to api
|
||||
* @param {Array<webapi>} records
|
||||
* @param {Array<api>} records
|
||||
* @returns {Array<apiViewModel>}
|
||||
*/
|
||||
public static mapToBase(records: Array<webapi>): Array<ApiViewModel> {
|
||||
public static mapToBase(records: Array<api>): Array<ApiViewModel> {
|
||||
return records.map((r) => this.mapToSingle(r));
|
||||
}
|
||||
}
|
||||
|
|
@ -6,8 +6,8 @@ import RolePermissionService from "../service/user/rolePermissionService";
|
|||
import UserPermissionService from "../service/user/userPermissionService";
|
||||
import UserService from "../service/user/userService";
|
||||
import PermissionHelper from "./permissionHelper";
|
||||
import WebapiService from "../service/user/webapiService";
|
||||
import WebapiPermissionService from "../service/user/webapiPermissionService";
|
||||
import ApiService from "../service/user/apiService";
|
||||
import ApiPermissionService from "../service/user/apiPermissionService";
|
||||
|
||||
export abstract class JWTHelper {
|
||||
static validate(token: string): Promise<string | jwt.JwtPayload> {
|
||||
|
|
@ -75,11 +75,11 @@ export abstract class JWTHelper {
|
|||
});
|
||||
}
|
||||
|
||||
static async buildWebapiToken(token: string): Promise<string> {
|
||||
let { id, title } = await WebapiService.getByToken(token);
|
||||
let webapiPermissions = await WebapiPermissionService.getByApi(id);
|
||||
let webapiPermissionStrings = webapiPermissions.map((e) => e.permission);
|
||||
let permissionObject = PermissionHelper.convertToObject(webapiPermissionStrings);
|
||||
static async buildApiToken(token: string): Promise<string> {
|
||||
let { id, title } = await ApiService.getByToken(token);
|
||||
let apiPermissions = await ApiPermissionService.getByApi(id);
|
||||
let apiPermissionStrings = apiPermissions.map((e) => e.permission);
|
||||
let permissionObject = PermissionHelper.convertToObject(apiPermissionStrings);
|
||||
|
||||
let jwtData: JWTToken = {
|
||||
userId: id,
|
||||
|
|
@ -89,7 +89,6 @@ export abstract class JWTHelper {
|
|||
lastname: "",
|
||||
isOwner: false,
|
||||
permissions: permissionObject,
|
||||
sub: "webapi_access_token",
|
||||
};
|
||||
|
||||
return await JWTHelper.create(jwtData)
|
||||
|
|
@ -97,7 +96,7 @@ export abstract class JWTHelper {
|
|||
return result;
|
||||
})
|
||||
.catch((err) => {
|
||||
throw new InternalException("Failed webapi accessToken creation", err);
|
||||
throw new InternalException("Failed accessToken creation", err);
|
||||
});
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,7 +13,6 @@ declare global {
|
|||
isOwner: boolean;
|
||||
permissions: PermissionObject;
|
||||
isPWA: boolean;
|
||||
isWebApiRequest: boolean;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -37,7 +37,6 @@ export default async function authenticate(req: Request, res: Response, next: Fu
|
|||
req.username = decoded.username;
|
||||
req.isOwner = decoded.isOwner;
|
||||
req.permissions = decoded.permissions;
|
||||
req.isWebApiRequest = decoded?.sub == "webapi_access_token";
|
||||
|
||||
next();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,10 +0,0 @@
|
|||
import { Request, Response } from "express";
|
||||
import ForbiddenRequestException from "../exceptions/forbiddenRequestException";
|
||||
|
||||
export default async function preventWebapiAccess(req: Request, res: Response, next: Function) {
|
||||
if (req.isWebApiRequest) {
|
||||
throw new ForbiddenRequestException("This route cannot be accessed via webapi");
|
||||
} else {
|
||||
next();
|
||||
}
|
||||
}
|
||||
|
|
@ -1,17 +1,17 @@
|
|||
import { MigrationInterface, QueryRunner, Table, TableForeignKey } from "typeorm";
|
||||
import { DB_TYPE } from "../env.defaults";
|
||||
|
||||
export class AddWebapiTokens1737453096674 implements MigrationInterface {
|
||||
name = "AddWebApiTokens1737453096674";
|
||||
export class AddApiTokens1737453096674 implements MigrationInterface {
|
||||
name = "AddApiTokens1737453096674";
|
||||
|
||||
public async up(queryRunner: QueryRunner): Promise<void> {
|
||||
const variableType_int = DB_TYPE == "mysql" ? "int" : "integer";
|
||||
|
||||
await queryRunner.createTable(
|
||||
new Table({
|
||||
name: "webapi",
|
||||
name: "api",
|
||||
columns: [
|
||||
{ name: "id", type: variableType_int, isPrimary: true, isGenerated: true, generationStrategy: "increment" },
|
||||
{ name: "id", type: variableType_int, isPrimary: true, isNullable: false },
|
||||
{ name: "token", type: "varchar", length: "255", isUnique: true, isNullable: false },
|
||||
{ name: "title", type: "varchar", length: "255", isNullable: false },
|
||||
{ name: "createdAt", type: "datetime", default: "CURRENT_TIMESTAMP(6)", isNullable: false },
|
||||
|
|
@ -24,9 +24,9 @@ export class AddWebapiTokens1737453096674 implements MigrationInterface {
|
|||
|
||||
await queryRunner.createTable(
|
||||
new Table({
|
||||
name: "webapi_permission",
|
||||
name: "api_permission",
|
||||
columns: [
|
||||
{ name: "webapiId", type: variableType_int, isPrimary: true, isNullable: false },
|
||||
{ name: "apiId", type: variableType_int, isPrimary: true, isNullable: false },
|
||||
{ name: "permission", type: "varchar", length: "255", isPrimary: true, isNullable: false },
|
||||
],
|
||||
}),
|
||||
|
|
@ -34,11 +34,11 @@ export class AddWebapiTokens1737453096674 implements MigrationInterface {
|
|||
);
|
||||
|
||||
await queryRunner.createForeignKey(
|
||||
"webapi_permission",
|
||||
"api_permission",
|
||||
new TableForeignKey({
|
||||
columnNames: ["webapiId"],
|
||||
columnNames: ["apiId"],
|
||||
referencedColumnNames: ["id"],
|
||||
referencedTableName: "webapi",
|
||||
referencedTableName: "api",
|
||||
onDelete: "CASCADE",
|
||||
onUpdate: "RESTRICT",
|
||||
})
|
||||
|
|
@ -46,10 +46,10 @@ export class AddWebapiTokens1737453096674 implements MigrationInterface {
|
|||
}
|
||||
|
||||
public async down(queryRunner: QueryRunner): Promise<void> {
|
||||
const table = await queryRunner.getTable("webapi_permission");
|
||||
const foreignKey = table.foreignKeys.find((fk) => fk.columnNames.indexOf("webapiId") !== -1);
|
||||
await queryRunner.dropForeignKey("webapi_permission", foreignKey);
|
||||
await queryRunner.dropTable("webapi_permission");
|
||||
await queryRunner.dropTable("webapi");
|
||||
const table = await queryRunner.getTable("api_permission");
|
||||
const foreignKey = table.foreignKeys.find((fk) => fk.columnNames.indexOf("apiToken") !== -1);
|
||||
await queryRunner.dropForeignKey("api_permission", foreignKey);
|
||||
await queryRunner.dropTable("api_permission");
|
||||
await queryRunner.dropTable("api");
|
||||
}
|
||||
}
|
||||
|
|
@ -21,8 +21,6 @@ import newsletter from "./club/newsletter";
|
|||
import role from "./user/role";
|
||||
import user from "./user/user";
|
||||
import invite from "./user/invite";
|
||||
import api from "./user/webapi";
|
||||
import preventWebapiAccess from "../../middleware/preventWebApiAccess";
|
||||
|
||||
var router = express.Router({ mergeParams: true });
|
||||
|
||||
|
|
@ -62,6 +60,5 @@ router.use("/newsletter", PermissionHelper.passCheckMiddleware("read", "club", "
|
|||
router.use("/role", PermissionHelper.passCheckMiddleware("read", "user", "role"), role);
|
||||
router.use("/user", PermissionHelper.passCheckMiddleware("read", "user", "user"), user);
|
||||
router.use("/invite", PermissionHelper.passCheckMiddleware("read", "user", "user"), invite);
|
||||
router.use("/webapi", preventWebapiAccess, PermissionHelper.passCheckMiddleware("read", "user", "webapi"), api);
|
||||
|
||||
export default router;
|
||||
|
|
|
|||
|
|
@ -1,59 +0,0 @@
|
|||
import express, { Request, Response } from "express";
|
||||
import PermissionHelper from "../../../helpers/permissionHelper";
|
||||
import {
|
||||
createWebapi,
|
||||
deleteWebapi,
|
||||
getAllWebapis,
|
||||
getWebapiById,
|
||||
getWebapiPermissions,
|
||||
updateWebapi,
|
||||
updateWebapiPermissions,
|
||||
} from "../../../controller/admin/user/webapiController";
|
||||
|
||||
var router = express.Router({ mergeParams: true });
|
||||
|
||||
router.get("/", async (req: Request, res: Response) => {
|
||||
await getAllWebapis(req, res);
|
||||
});
|
||||
|
||||
router.get("/:id", async (req: Request, res: Response) => {
|
||||
await getWebapiById(req, res);
|
||||
});
|
||||
|
||||
router.get("/:id/permissions", async (req: Request, res: Response) => {
|
||||
await getWebapiPermissions(req, res);
|
||||
});
|
||||
|
||||
router.post(
|
||||
"/",
|
||||
PermissionHelper.passCheckMiddleware("create", "user", "webapi"),
|
||||
async (req: Request, res: Response) => {
|
||||
await createWebapi(req, res);
|
||||
}
|
||||
);
|
||||
|
||||
router.patch(
|
||||
"/:id",
|
||||
PermissionHelper.passCheckMiddleware("update", "user", "webapi"),
|
||||
async (req: Request, res: Response) => {
|
||||
await updateWebapi(req, res);
|
||||
}
|
||||
);
|
||||
|
||||
router.patch(
|
||||
"/:id/permissions",
|
||||
PermissionHelper.passCheckMiddleware("admin", "user", "webapi"),
|
||||
async (req: Request, res: Response) => {
|
||||
await updateWebapiPermissions(req, res);
|
||||
}
|
||||
);
|
||||
|
||||
router.delete(
|
||||
"/:id",
|
||||
PermissionHelper.passCheckMiddleware("delete", "user", "webapi"),
|
||||
async (req: Request, res: Response) => {
|
||||
await deleteWebapi(req, res);
|
||||
}
|
||||
);
|
||||
|
||||
export default router;
|
||||
|
|
@ -14,8 +14,6 @@ import auth from "./auth";
|
|||
import admin from "./admin/index";
|
||||
import user from "./user";
|
||||
import detectPWA from "../middleware/detectPWA";
|
||||
import api from "./webapi";
|
||||
import authenticateAPI from "../middleware/authenticateAPI";
|
||||
|
||||
export default (app: Express) => {
|
||||
app.set("query parser", "extended");
|
||||
|
|
@ -34,7 +32,6 @@ export default (app: Express) => {
|
|||
app.use("/api/reset", reset);
|
||||
app.use("/api/invite", invite);
|
||||
app.use("/api/auth", auth);
|
||||
app.use("/api/webapi", authenticateAPI, api);
|
||||
app.use(authenticate);
|
||||
app.use("/api/admin", admin);
|
||||
app.use("/api/user", user);
|
||||
|
|
|
|||
|
|
@ -1,10 +0,0 @@
|
|||
import express, { Request, Response } from "express";
|
||||
import { getWebApiAccess } from "../controller/webapiController";
|
||||
|
||||
var router = express.Router({ mergeParams: true });
|
||||
|
||||
router.get("/retrieve", async (req: Request, res: Response) => {
|
||||
await getWebApiAccess(req, res);
|
||||
});
|
||||
|
||||
export default router;
|
||||
|
|
@ -1,18 +1,18 @@
|
|||
import { dataSource } from "../../data-source";
|
||||
import { webapiPermission } from "../../entity/user/webapi_permission";
|
||||
import { apiPermission } from "../../entity/user/api_permission";
|
||||
import InternalException from "../../exceptions/internalException";
|
||||
|
||||
export default abstract class WebapiPermissionService {
|
||||
export default abstract class ApiPermissionService {
|
||||
/**
|
||||
* @description get permission by api
|
||||
* @param webapiId number
|
||||
* @returns {Promise<Array<webapiPermission>>}
|
||||
* @param apiId number
|
||||
* @returns {Promise<Array<apiPermission>>}
|
||||
*/
|
||||
static async getByApi(webapiId: number): Promise<Array<webapiPermission>> {
|
||||
static async getByApi(apiId: number): Promise<Array<apiPermission>> {
|
||||
return await dataSource
|
||||
.getRepository(webapiPermission)
|
||||
.getRepository(apiPermission)
|
||||
.createQueryBuilder("api_permission")
|
||||
.where("api_permission.apiId = :apiId", { apiId: webapiId })
|
||||
.where("api_permission.apiId = :apiId", { apiId: apiId })
|
||||
.getMany()
|
||||
.then((res) => {
|
||||
return res;
|
||||
83
src/service/user/apiService.ts
Normal file
83
src/service/user/apiService.ts
Normal file
|
|
@ -0,0 +1,83 @@
|
|||
import { dataSource } from "../../data-source";
|
||||
import { api } from "../../entity/user/api";
|
||||
import InternalException from "../../exceptions/internalException";
|
||||
|
||||
export default abstract class ApiService {
|
||||
/**
|
||||
* @description get apis
|
||||
* @returns {Promise<Array<api>>}
|
||||
*/
|
||||
static async getAll(): Promise<Array<api>> {
|
||||
return await dataSource
|
||||
.getRepository(api)
|
||||
.createQueryBuilder("api")
|
||||
.leftJoinAndSelect("api.permissions", "permissions")
|
||||
.getMany()
|
||||
.then((res) => {
|
||||
return res;
|
||||
})
|
||||
.catch((err) => {
|
||||
throw new InternalException("apis not found", err);
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* @description get api by id
|
||||
* @param id number
|
||||
* @returns {Promise<api>}
|
||||
*/
|
||||
static async getById(id: number): Promise<api> {
|
||||
return await dataSource
|
||||
.getRepository(api)
|
||||
.createQueryBuilder("api")
|
||||
.leftJoinAndSelect("api.permissions", "permissions")
|
||||
.where("api.id = :id", { id: id })
|
||||
.getOneOrFail()
|
||||
.then((res) => {
|
||||
return res;
|
||||
})
|
||||
.catch((err) => {
|
||||
throw new InternalException("api not found by id", err);
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* @description get api by token
|
||||
* @param token string
|
||||
* @returns {Promise<api>}
|
||||
*/
|
||||
static async getByToken(token: string): Promise<api> {
|
||||
return await dataSource
|
||||
.getRepository(api)
|
||||
.createQueryBuilder("api")
|
||||
.leftJoinAndSelect("api.permissions", "permissions")
|
||||
.where("api.token = :token", { token: token })
|
||||
.getOneOrFail()
|
||||
.then((res) => {
|
||||
return res;
|
||||
})
|
||||
.catch((err) => {
|
||||
throw new InternalException("api not found by token", err);
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* @description get api by id
|
||||
* @param id number
|
||||
* @returns {Promise<api>}
|
||||
*/
|
||||
static async getTokenById(id: number): Promise<api> {
|
||||
return await dataSource
|
||||
.getRepository(api)
|
||||
.createQueryBuilder("api")
|
||||
.select("token")
|
||||
.where("api.id = :id", { id: id })
|
||||
.getOneOrFail()
|
||||
.then((res) => {
|
||||
return res;
|
||||
})
|
||||
.catch((err) => {
|
||||
throw new InternalException("api token not found by id", err);
|
||||
});
|
||||
}
|
||||
}
|
||||
|
|
@ -1,83 +0,0 @@
|
|||
import { dataSource } from "../../data-source";
|
||||
import { webapi } from "../../entity/user/webapi";
|
||||
import InternalException from "../../exceptions/internalException";
|
||||
|
||||
export default abstract class WebapiService {
|
||||
/**
|
||||
* @description get apis
|
||||
* @returns {Promise<Array<webapi>>}
|
||||
*/
|
||||
static async getAll(): Promise<Array<webapi>> {
|
||||
return await dataSource
|
||||
.getRepository(webapi)
|
||||
.createQueryBuilder("webapi")
|
||||
.leftJoinAndSelect("webapi.permissions", "permissions")
|
||||
.getMany()
|
||||
.then((res) => {
|
||||
return res;
|
||||
})
|
||||
.catch((err) => {
|
||||
throw new InternalException("webapis not found", err);
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* @description get api by id
|
||||
* @param id number
|
||||
* @returns {Promise<webapi>}
|
||||
*/
|
||||
static async getById(id: number): Promise<webapi> {
|
||||
return await dataSource
|
||||
.getRepository(webapi)
|
||||
.createQueryBuilder("webapi")
|
||||
.leftJoinAndSelect("webapi.permissions", "permissions")
|
||||
.where("webapi.id = :id", { id: id })
|
||||
.getOneOrFail()
|
||||
.then((res) => {
|
||||
return res;
|
||||
})
|
||||
.catch((err) => {
|
||||
throw new InternalException("webapi not found by id", err);
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* @description get api by token
|
||||
* @param token string
|
||||
* @returns {Promise<webapi>}
|
||||
*/
|
||||
static async getByToken(token: string): Promise<webapi> {
|
||||
return await dataSource
|
||||
.getRepository(webapi)
|
||||
.createQueryBuilder("webapi")
|
||||
.leftJoinAndSelect("webapi.permissions", "permissions")
|
||||
.where("webapi.token = :token", { token: token })
|
||||
.getOneOrFail()
|
||||
.then((res) => {
|
||||
return res;
|
||||
})
|
||||
.catch((err) => {
|
||||
throw new InternalException("webapi not found by token", err);
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* @description get api by id
|
||||
* @param id number
|
||||
* @returns {Promise<webapi>}
|
||||
*/
|
||||
static async getTokenById(id: number): Promise<webapi> {
|
||||
return await dataSource
|
||||
.getRepository(webapi)
|
||||
.createQueryBuilder("webapi")
|
||||
.select("token")
|
||||
.where("webapi.id = :id", { id: id })
|
||||
.getOneOrFail()
|
||||
.then((res) => {
|
||||
return res;
|
||||
})
|
||||
.catch((err) => {
|
||||
throw new InternalException("webapi token not found by id", err);
|
||||
});
|
||||
}
|
||||
}
|
||||
|
|
@ -14,7 +14,6 @@ export type PermissionModule =
|
|||
| "calendar_type"
|
||||
| "user"
|
||||
| "role"
|
||||
| "webapi"
|
||||
| "query"
|
||||
| "query_store"
|
||||
| "template"
|
||||
|
|
@ -56,7 +55,6 @@ export const permissionModules: Array<PermissionModule> = [
|
|||
"calendar_type",
|
||||
"user",
|
||||
"role",
|
||||
"webapi",
|
||||
"query",
|
||||
"query_store",
|
||||
"template",
|
||||
|
|
@ -77,5 +75,5 @@ export const sectionsAndModules: SectionsAndModulesObject = {
|
|||
"template_usage",
|
||||
"newsletter_config",
|
||||
],
|
||||
user: ["user", "role", "webapi"],
|
||||
user: ["user", "role"],
|
||||
};
|
||||
|
|
|
|||
Loading…
Reference in a new issue