src/command/user/api/apiCommand.ts

@@ -1,15 +1,15 @@
-export interface CreateWebapiCommand {
+export interface CreateApiCommand {
   title: string;
   token: string;
   expiry?: Date;
 }
 
-export interface UpdateWebapiCommand {
+export interface UpdateApiCommand {
   id: number;
   title: string;
   expiry?: Date;
 }
 
-export interface DeleteWebapiCommand {
+export interface DeleteApiCommand {
   id: number;
 }

src/command/user/api/apiCommandHandler.ts

@@ -1,23 +1,23 @@
 import { dataSource } from "../../../data-source";
-import { webapi } from "../../../entity/user/webapi";
+import { api } from "../../../entity/user/api";
 import InternalException from "../../../exceptions/internalException";
-import { CreateWebapiCommand, DeleteWebapiCommand, UpdateWebapiCommand } from "./webapiCommand";
+import { CreateApiCommand, DeleteApiCommand, UpdateApiCommand } from "./apiCommand";
 
-export default abstract class WebapiCommandHandler {
+export default abstract class ApiCommandHandler {
   /**
    * @description create api
-   * @param {CreateWebapiCommand} createWebapi
+   * @param {CreateApiCommand} createApi
    * @returns {Promise<number>}
    */
-  static async create(createWebapi: CreateWebapiCommand): Promise<number> {
+  static async create(createApi: CreateApiCommand): Promise<number> {
     return await dataSource
       .createQueryBuilder()
       .insert()
-      .into(webapi)
+      .into(api)
       .values({
-        token: createWebapi.token,
+        token: createApi.token,
-        title: createWebapi.title,
+        title: createApi.title,
-        expiry: createWebapi.expiry,
+        expiry: createApi.expiry,
       })
       .execute()
       .then((result) => {
@@ -30,18 +30,18 @@ export default abstract class WebapiCommandHandler {
 
   /**
    * @description update api
-   * @param {UpdateWebapiCommand} updateWebapi
+   * @param {UpdateApiCommand} updateApi
    * @returns {Promise<void>}
    */
-  static async update(updateWebapi: UpdateWebapiCommand): Promise<void> {
+  static async update(updateApi: UpdateApiCommand): Promise<void> {
     return await dataSource
       .createQueryBuilder()
-      .update(webapi)
+      .update(api)
       .set({
-        title: updateWebapi.title,
+        title: updateApi.title,
-        expiry: updateWebapi.expiry,
+        expiry: updateApi.expiry,
       })
-      .where("id = :id", { id: updateWebapi.id })
+      .where("id = :id", { id: updateApi.id })
       .execute()
       .then(() => {})
       .catch((err) => {
@@ -51,15 +51,15 @@ export default abstract class WebapiCommandHandler {
 
   /**
    * @description delete api
-   * @param {DeleteWebapiCommand} deleteWebapi
+   * @param {DeleteApiCommand} deleteApi
    * @returns {Promise<void>}
    */
-  static async delete(deleteWebapi: DeleteWebapiCommand): Promise<void> {
+  static async delete(deleteApi: DeleteApiCommand): Promise<void> {
     return await dataSource
       .createQueryBuilder()
       .delete()
-      .from(webapi)
+      .from(api)
-      .where("id = :id", { id: deleteWebapi.id })
+      .where("id = :id", { id: deleteApi.id })
       .execute()
       .then(() => {})
       .catch((err) => {

src/command/user/api/apiPermissionCommand.ts

@@ -1,16 +1,16 @@
 import { PermissionString } from "../../../type/permissionTypes";
 
-export interface CreateWebapiPermissionCommand {
+export interface CreateApiPermissionCommand {
   permission: PermissionString;
   apiId: number;
 }
 
-export interface DeleteWebapiPermissionCommand {
+export interface DeleteApiPermissionCommand {
   permission: PermissionString;
   apiId: number;
 }
 
-export interface UpdateWebapiPermissionsCommand {
+export interface UpdateApiPermissionsCommand {
   apiId: number;
   permissions: Array<PermissionString>;
 }

src/command/user/api/apiPermissionCommandHandler.ts

@@ -1,39 +1,34 @@
 import { DeleteResult, EntityManager, InsertResult } from "typeorm";
 import { dataSource } from "../../../data-source";
-import { webapiPermission } from "../../../entity/user/webapi_permission";
+import { apiPermission } from "../../../entity/user/api_permission";
 import InternalException from "../../../exceptions/internalException";
-import WebapiService from "../../../service/user/webapiService";
+import ApiService from "../../../service/user/apiService";
 import {
-  CreateWebapiPermissionCommand,
+  CreateApiPermissionCommand,
-  DeleteWebapiPermissionCommand,
+  DeleteApiPermissionCommand,
-  UpdateWebapiPermissionsCommand,
+  UpdateApiPermissionsCommand,
-} from "./webapiPermissionCommand";
+} from "./apiPermissionCommand";
 import PermissionHelper from "../../../helpers/permissionHelper";
-import WebapiPermissionService from "../../../service/user/webapiPermissionService";
+import ApiPermissionService from "../../../service/user/apiPermissionService";
 import { PermissionString } from "../../../type/permissionTypes";
 
-export default abstract class WebapiPermissionCommandHandler {
+export default abstract class ApiPermissionCommandHandler {
   /**
    * @description update api permissions
-   * @param {UpdateWebapiPermissionsCommand} updateWebapiPermissions
+   * @param {UpdateApiPermissionsCommand} updateApiPermissions
    * @returns {Promise<void>}
    */
-  static async updatePermissions(updateWebapiPermissions: UpdateWebapiPermissionsCommand): Promise<void> {
+  static async updatePermissions(updateApiPermissions: UpdateApiPermissionsCommand): Promise<void> {
-    let currentPermissions = (await WebapiPermissionService.getByApi(updateWebapiPermissions.apiId)).map(
+    let currentPermissions = (await ApiPermissionService.getByApi(updateApiPermissions.apiId)).map((r) => r.permission);
-      (r) => r.permission
-    );
     return await dataSource.manager
       .transaction(async (manager) => {
-        let newPermissions = PermissionHelper.getWhatToAdd(currentPermissions, updateWebapiPermissions.permissions);
+        let newPermissions = PermissionHelper.getWhatToAdd(currentPermissions, updateApiPermissions.permissions);
-        let removePermissions = PermissionHelper.getWhatToRemove(
+        let removePermissions = PermissionHelper.getWhatToRemove(currentPermissions, updateApiPermissions.permissions);
-          currentPermissions,
-          updateWebapiPermissions.permissions
-        );
         if (newPermissions.length != 0) {
-          await this.updatePermissionsAdd(manager, updateWebapiPermissions.apiId, newPermissions);
+          await this.updatePermissionsAdd(manager, updateApiPermissions.apiId, newPermissions);
         }
         if (removePermissions.length != 0) {
-          await this.updatePermissionsRemove(manager, updateWebapiPermissions.apiId, removePermissions);
+          await this.updatePermissionsRemove(manager, updateApiPermissions.apiId, removePermissions);
         }
       })
       .then(() => {})
@@ -44,17 +39,17 @@ export default abstract class WebapiPermissionCommandHandler {
 
   private static async updatePermissionsAdd(
     manager: EntityManager,
-    webapiId: number,
+    apiId: number,
     permissions: Array<PermissionString>
   ): Promise<InsertResult> {
     return await manager
       .createQueryBuilder()
       .insert()
-      .into(webapiPermission)
+      .into(apiPermission)
       .values(
         permissions.map((p) => ({
           permission: p,
-          apiId: webapiId,
+          apiId: apiId,
         }))
       )
       .orIgnore()
@@ -63,31 +58,31 @@ export default abstract class WebapiPermissionCommandHandler {
 
   private static async updatePermissionsRemove(
     manager: EntityManager,
-    webapiId: number,
+    apiId: number,
     permissions: Array<PermissionString>
   ): Promise<DeleteResult> {
     return await manager
       .createQueryBuilder()
       .delete()
-      .from(webapiPermission)
+      .from(apiPermission)
-      .where("webapiId = :id", { id: webapiId })
+      .where("apiId = :id", { id: apiId })
       .andWhere("permission IN (:...permission)", { permission: permissions })
       .execute();
   }
 
   /**
    * @description grant permission to user
-   * @param {CreateWebapiPermissionCommand} createPermission
+   * @param {CreateApiPermissionCommand} createPermission
    * @returns {Promise<number>}
    */
-  static async create(createPermission: CreateWebapiPermissionCommand): Promise<number> {
+  static async create(createPermission: CreateApiPermissionCommand): Promise<number> {
     return await dataSource
       .createQueryBuilder()
       .insert()
-      .into(webapiPermission)
+      .into(apiPermission)
       .values({
         permission: createPermission.permission,
-        webapiId: createPermission.apiId,
+        apiId: createPermission.apiId,
       })
       .execute()
       .then((result) => {
@@ -100,15 +95,15 @@ export default abstract class WebapiPermissionCommandHandler {
 
   /**
    * @description remove permission from api
-   * @param {DeleteWebapiPermissionCommand} deletePermission
+   * @param {DeleteApiPermissionCommand} deletePermission
    * @returns {Promise<any>}
    */
-  static async delete(deletePermission: DeleteWebapiPermissionCommand): Promise<any> {
+  static async delete(deletePermission: DeleteApiPermissionCommand): Promise<any> {
     return await dataSource
       .createQueryBuilder()
       .delete()
-      .from(webapiPermission)
+      .from(apiPermission)
-      .where("webapiId = :id", { id: deletePermission.apiId })
+      .where("apiId = :id", { id: deletePermission.apiId })
       .andWhere("permission = :permission", { permission: deletePermission.permission })
       .execute()
       .then(() => {})

src/controller/admin/user/apiController.ts

@@ -1,16 +1,12 @@
 import { Request, Response } from "express";
-import WebapiService from "../../../service/user/webapiService";
+import ApiService from "../../../service/user/apiService";
-import ApiFactory from "../../../factory/admin/user/webapi";
+import ApiFactory from "../../../factory/admin/user/api";
-import WebapiPermissionService from "../../../service/user/webapiPermissionService";
+import ApiPermissionService from "../../../service/user/apiPermissionService";
 import PermissionHelper from "../../../helpers/permissionHelper";
-import {
+import { CreateApiCommand, DeleteApiCommand, UpdateApiCommand } from "../../../command/user/api/apiCommand";
-  CreateWebapiCommand,
+import ApiCommandHandler from "../../../command/user/api/apiCommandHandler";
-  DeleteWebapiCommand,
+import { UpdateApiPermissionsCommand } from "../../../command/user/api/apiPermissionCommand";
-  UpdateWebapiCommand,
+import ApiPermissionCommandHandler from "../../../command/user/api/apiPermissionCommandHandler";
-} from "../../../command/user/webapi/webapiCommand";
-import WebapiCommandHandler from "../../../command/user/webapi/webapiCommandHandler";
-import { UpdateWebapiPermissionsCommand } from "../../../command/user/webapi/webapiPermissionCommand";
-import WebapiPermissionCommandHandler from "../../../command/user/webapi/webapiPermissionCommandHandler";
 import { JWTHelper } from "../../../helpers/jwtHelper";
 import { CLUB_NAME } from "../../../env.defaults";
 import { StringHelper } from "../../../helpers/stringHelper";
@@ -21,8 +17,8 @@ import { StringHelper } from "../../../helpers/stringHelper";
  * @param res {Response} Express res object
  * @returns {Promise<*>}
  */
-export async function getAllWebapis(req: Request, res: Response): Promise<any> {
+export async function getAllApis(req: Request, res: Response): Promise<any> {
-  let apis = await WebapiService.getAll();
+  let apis = await ApiService.getAll();
 
   res.json(ApiFactory.mapToBase(apis));
 }
@@ -33,9 +29,9 @@ export async function getAllWebapis(req: Request, res: Response): Promise<any> {
  * @param res {Response} Express res object
  * @returns {Promise<*>}
  */
-export async function getWebapiById(req: Request, res: Response): Promise<any> {
+export async function getApiById(req: Request, res: Response): Promise<any> {
   const id = parseInt(req.params.id);
-  let api = await WebapiService.getById(id);
+  let api = await ApiService.getById(id);
 
   res.json(ApiFactory.mapToSingle(api));
 }
@@ -46,9 +42,9 @@ export async function getWebapiById(req: Request, res: Response): Promise<any> {
  * @param res {Response} Express res object
  * @returns {Promise<*>}
  */
-export async function getWebapiTokenById(req: Request, res: Response): Promise<any> {
+export async function getApiTokenById(req: Request, res: Response): Promise<any> {
   const id = parseInt(req.params.id);
-  let { token } = await WebapiService.getTokenById(id);
+  let { token } = await ApiService.getTokenById(id);
 
   res.send(token);
 }
@@ -59,9 +55,9 @@ export async function getWebapiTokenById(req: Request, res: Response): Promise<a
  * @param res {Response} Express res object
  * @returns {Promise<*>}
  */
-export async function getWebapiPermissions(req: Request, res: Response): Promise<any> {
+export async function getApiPermissions(req: Request, res: Response): Promise<any> {
   const id = parseInt(req.params.id);
-  let permissions = await WebapiPermissionService.getByApi(id);
+  let permissions = await ApiPermissionService.getByApi(id);
 
   res.json(PermissionHelper.convertToObject(permissions.map((p) => p.permission)));
 }
@@ -72,7 +68,7 @@ export async function getWebapiPermissions(req: Request, res: Response): Promise
  * @param res {Response} Express res object
  * @returns {Promise<*>}
  */
-export async function createWebapi(req: Request, res: Response): Promise<any> {
+export async function createApi(req: Request, res: Response): Promise<any> {
   let title = req.body.title;
   let expiry = req.body.expiry;
 
@@ -83,12 +79,12 @@ export async function createWebapi(req: Request, res: Response): Promise<any> {
     aud: StringHelper.random(32),
   });
 
-  let createApi: CreateWebapiCommand = {
+  let createApi: CreateApiCommand = {
     token: token,
     title: title,
     expiry: expiry,
   };
-  await WebapiCommandHandler.create(createApi);
+  await ApiCommandHandler.create(createApi);
 
   res.sendStatus(204);
 }
@@ -99,17 +95,17 @@ export async function createWebapi(req: Request, res: Response): Promise<any> {
  * @param res {Response} Express res object
  * @returns {Promise<*>}
  */
-export async function updateWebapi(req: Request, res: Response): Promise<any> {
+export async function updateApi(req: Request, res: Response): Promise<any> {
   const id = parseInt(req.params.id);
   let title = req.body.title;
   let expiry = req.body.expiry;
 
-  let updateApi: UpdateWebapiCommand = {
+  let updateApi: UpdateApiCommand = {
     id: id,
     title: title,
     expiry: expiry,
   };
-  await WebapiCommandHandler.update(updateApi);
+  await ApiCommandHandler.update(updateApi);
 
   res.sendStatus(204);
 }
@@ -120,17 +116,17 @@ export async function updateWebapi(req: Request, res: Response): Promise<any> {
  * @param res {Response} Express res object
  * @returns {Promise<*>}
  */
-export async function updateWebapiPermissions(req: Request, res: Response): Promise<any> {
+export async function updateApiPermissions(req: Request, res: Response): Promise<any> {
   const id = parseInt(req.params.id);
   let permissions = req.body.permissions;
 
   let permissionStrings = PermissionHelper.convertToStringArray(permissions);
 
-  let updateApiPermissions: UpdateWebapiPermissionsCommand = {
+  let updateApiPermissions: UpdateApiPermissionsCommand = {
     apiId: id,
     permissions: permissionStrings,
   };
-  await WebapiPermissionCommandHandler.updatePermissions(updateApiPermissions);
+  await ApiPermissionCommandHandler.updatePermissions(updateApiPermissions);
 
   res.sendStatus(204);
 }
@@ -141,13 +137,13 @@ export async function updateWebapiPermissions(req: Request, res: Response): Prom
  * @param res {Response} Express res object
  * @returns {Promise<*>}
  */
-export async function deleteWebapi(req: Request, res: Response): Promise<any> {
+export async function deleteApi(req: Request, res: Response): Promise<any> {
   const id = parseInt(req.params.id);
 
-  let deleteApi: DeleteWebapiCommand = {
+  let deleteApi: DeleteApiCommand = {
     id: id,
   };
-  await WebapiCommandHandler.delete(deleteApi);
+  await ApiCommandHandler.delete(deleteApi);
 
   res.sendStatus(204);
 }

src/controller/apiController.ts

@@ -8,7 +8,7 @@ import UserService from "../service/user/userService";
 import speakeasy from "speakeasy";
 import UnauthorizedRequestException from "../exceptions/unauthorizedRequestException";
 import RefreshService from "../service/refreshService";
-import WebapiService from "../service/user/webapiService";
+import ApiService from "../service/user/apiService";
 import ForbiddenRequestException from "../exceptions/forbiddenRequestException";
 
 /**
@@ -17,16 +17,16 @@ import ForbiddenRequestException from "../exceptions/forbiddenRequestException";
  * @param res {Response} Express res object
  * @returns {Promise<*>}
  */
-export async function getWebApiAccess(req: Request, res: Response): Promise<any> {
+export async function getAccess(req: Request, res: Response): Promise<any> {
   const bearer = req.headers.authorization?.split(" ")?.[1] ?? undefined;
 
-  let { expiry } = await WebapiService.getByToken(bearer);
+  let { expiry } = await ApiService.getByToken(bearer);
 
   if (new Date() > new Date(expiry)) {
     throw new ForbiddenRequestException("api token expired");
   }
 
-  let accessToken = await JWTHelper.buildWebapiToken(bearer);
+  let accessToken = await JWTHelper.buildApiToken(bearer);
 
   res.json({
     accessToken,

src/data-source.ts

@@ -68,9 +68,9 @@ import { Memberlist1736079005086 } from "./migrations/1736079005086-memberlist";
 import { ExtendViewValues1736084198860 } from "./migrations/1736084198860-extendViewValues";
 import { FinishInternalIdTransfer1736505324488 } from "./migrations/1736505324488-finishInternalIdTransfer";
 import { ProtocolPresenceExcuse1737287798828 } from "./migrations/1737287798828-protocolPresenceExcuse";
-import { webapi } from "./entity/user/webapi";
+import { api } from "./entity/user/api";
-import { webapiPermission } from "./entity/user/webapi_permission";
+import { apiPermission } from "./entity/user/api_permission";
-import { AddWebapiTokens1737453096674 } from "./migrations/1737453096674-addwebapiTokens";
+import { AddApiTokens1737453096674 } from "./migrations/1737453096674-addApiTokens";
 
 const dataSource = new DataSource({
   type: DB_TYPE as any,
@@ -120,8 +120,8 @@ const dataSource = new DataSource({
     memberExecutivePositionsView,
     memberQualificationsView,
     membershipView,
-    webapi,
+    api,
-    webapiPermission,
+    apiPermission,
   ],
   migrations: [
     Initial1724317398939,
@@ -151,7 +151,7 @@ const dataSource = new DataSource({
     ExtendViewValues1736084198860,
     FinishInternalIdTransfer1736505324488,
     ProtocolPresenceExcuse1737287798828,
-    AddWebapiTokens1737453096674,
+    AddApiTokens1737453096674,
   ],
   migrationsRun: true,
   migrationsTransactionMode: "each",

src/entity/user/api.ts

@@ -1,8 +1,8 @@
 import { Column, CreateDateColumn, Entity, OneToMany, PrimaryColumn } from "typeorm";
-import { webapiPermission } from "./webapi_permission";
+import { apiPermission } from "./api_permission";
 
 @Entity()
-export class webapi {
+export class api {
   @PrimaryColumn({ generated: "increment", type: "int" })
   id: number;
 
@@ -21,6 +21,6 @@ export class webapi {
   @Column({ type: "datetime", nullable: true })
   expiry?: Date;
 
-  @OneToMany(() => webapiPermission, (apiPermission) => apiPermission.webapi)
+  @OneToMany(() => apiPermission, (apiPermission) => apiPermission.api)
-  permissions: webapiPermission[];
+  permissions: apiPermission[];
 }

src/entity/user/api_permission.ts

@@ -1,19 +1,19 @@
 import { Column, Entity, ManyToOne, OneToMany, PrimaryColumn } from "typeorm";
 import { PermissionObject, PermissionString } from "../../type/permissionTypes";
-import { webapi } from "./webapi";
+import { api } from "./api";
 
 @Entity()
-export class webapiPermission {
+export class apiPermission {
   @PrimaryColumn({ type: "int" })
-  webapiId: number;
+  apiId: number;
 
   @PrimaryColumn({ type: "varchar", length: 255 })
   permission: PermissionString;
 
-  @ManyToOne(() => webapi, {
+  @ManyToOne(() => api, {
     nullable: false,
     onDelete: "CASCADE",
     onUpdate: "RESTRICT",
   })
-  webapi: webapi;
+  api: api;
 }

src/factory/admin/user/api.ts

@@ -1,14 +1,14 @@
-import { webapi } from "../../../entity/user/webapi";
+import { api } from "../../../entity/user/api";
 import PermissionHelper from "../../../helpers/permissionHelper";
-import { ApiViewModel } from "../../../viewmodel/admin/user/webapi.models";
+import { ApiViewModel } from "../../../viewmodel/admin/user/api.models";
 
 export default abstract class ApiFactory {
   /**
    * @description map record to api
-   * @param {webapi} record
+   * @param {api} record
    * @returns {apiViewModel}
    */
-  public static mapToSingle(record: webapi): ApiViewModel {
+  public static mapToSingle(record: api): ApiViewModel {
     return {
       id: record.id,
       permissions: PermissionHelper.convertToObject(record.permissions.map((e) => e.permission)),
@@ -21,10 +21,10 @@ export default abstract class ApiFactory {
 
   /**
    * @description map records to api
-   * @param {Array<webapi>} records
+   * @param {Array<api>} records
    * @returns {Array<apiViewModel>}
    */
-  public static mapToBase(records: Array<webapi>): Array<ApiViewModel> {
+  public static mapToBase(records: Array<api>): Array<ApiViewModel> {
     return records.map((r) => this.mapToSingle(r));
   }
 }

src/helpers/jwtHelper.ts

@@ -6,8 +6,8 @@ import RolePermissionService from "../service/user/rolePermissionService";
 import UserPermissionService from "../service/user/userPermissionService";
 import UserService from "../service/user/userService";
 import PermissionHelper from "./permissionHelper";
-import WebapiService from "../service/user/webapiService";
+import ApiService from "../service/user/apiService";
-import WebapiPermissionService from "../service/user/webapiPermissionService";
+import ApiPermissionService from "../service/user/apiPermissionService";
 
 export abstract class JWTHelper {
   static validate(token: string): Promise<string | jwt.JwtPayload> {
@@ -75,11 +75,11 @@ export abstract class JWTHelper {
       });
   }
 
-  static async buildWebapiToken(token: string): Promise<string> {
+  static async buildApiToken(token: string): Promise<string> {
-    let { id, title } = await WebapiService.getByToken(token);
+    let { id, title } = await ApiService.getByToken(token);
-    let webapiPermissions = await WebapiPermissionService.getByApi(id);
+    let apiPermissions = await ApiPermissionService.getByApi(id);
-    let webapiPermissionStrings = webapiPermissions.map((e) => e.permission);
+    let apiPermissionStrings = apiPermissions.map((e) => e.permission);
-    let permissionObject = PermissionHelper.convertToObject(webapiPermissionStrings);
+    let permissionObject = PermissionHelper.convertToObject(apiPermissionStrings);
 
     let jwtData: JWTToken = {
       userId: id,
@@ -89,7 +89,6 @@ export abstract class JWTHelper {
       lastname: "",
       isOwner: false,
       permissions: permissionObject,
-      sub: "webapi_access_token",
     };
 
     return await JWTHelper.create(jwtData)
@@ -97,7 +96,7 @@ export abstract class JWTHelper {
         return result;
       })
       .catch((err) => {
-        throw new InternalException("Failed webapi accessToken creation", err);
+        throw new InternalException("Failed accessToken creation", err);
       });
   }
 }

src/index.ts

@@ -13,7 +13,6 @@ declare global {
       isOwner: boolean;
       permissions: PermissionObject;
       isPWA: boolean;
-      isWebApiRequest: boolean;
     }
   }
 }

src/middleware/authenticate.ts

@@ -37,7 +37,6 @@ export default async function authenticate(req: Request, res: Response, next: Fu
   req.username = decoded.username;
   req.isOwner = decoded.isOwner;
   req.permissions = decoded.permissions;
-  req.isWebApiRequest = decoded?.sub == "webapi_access_token";
 
   next();
 }

src/middleware/preventWebApiAccess.ts

@@ -1,10 +0,0 @@
-import { Request, Response } from "express";
-import ForbiddenRequestException from "../exceptions/forbiddenRequestException";
-
-export default async function preventWebapiAccess(req: Request, res: Response, next: Function) {
-  if (req.isWebApiRequest) {
-    throw new ForbiddenRequestException("This route cannot be accessed via webapi");
-  } else {
-    next();
-  }
-}

src/migrations/1737453096674-addApiTokens.ts

@@ -1,17 +1,17 @@
 import { MigrationInterface, QueryRunner, Table, TableForeignKey } from "typeorm";
 import { DB_TYPE } from "../env.defaults";
 
-export class AddWebapiTokens1737453096674 implements MigrationInterface {
+export class AddApiTokens1737453096674 implements MigrationInterface {
-  name = "AddWebApiTokens1737453096674";
+  name = "AddApiTokens1737453096674";
 
   public async up(queryRunner: QueryRunner): Promise<void> {
     const variableType_int = DB_TYPE == "mysql" ? "int" : "integer";
 
     await queryRunner.createTable(
       new Table({
-        name: "webapi",
+        name: "api",
         columns: [
-          { name: "id", type: variableType_int, isPrimary: true, isGenerated: true, generationStrategy: "increment" },
+          { name: "id", type: variableType_int, isPrimary: true, isNullable: false },
           { name: "token", type: "varchar", length: "255", isUnique: true, isNullable: false },
           { name: "title", type: "varchar", length: "255", isNullable: false },
           { name: "createdAt", type: "datetime", default: "CURRENT_TIMESTAMP(6)", isNullable: false },
@@ -24,9 +24,9 @@ export class AddWebapiTokens1737453096674 implements MigrationInterface {
 
     await queryRunner.createTable(
       new Table({
-        name: "webapi_permission",
+        name: "api_permission",
         columns: [
-          { name: "webapiId", type: variableType_int, isPrimary: true, isNullable: false },
+          { name: "apiId", type: variableType_int, isPrimary: true, isNullable: false },
           { name: "permission", type: "varchar", length: "255", isPrimary: true, isNullable: false },
         ],
       }),
@@ -34,11 +34,11 @@ export class AddWebapiTokens1737453096674 implements MigrationInterface {
     );
 
     await queryRunner.createForeignKey(
-      "webapi_permission",
+      "api_permission",
       new TableForeignKey({
-        columnNames: ["webapiId"],
+        columnNames: ["apiId"],
         referencedColumnNames: ["id"],
-        referencedTableName: "webapi",
+        referencedTableName: "api",
         onDelete: "CASCADE",
         onUpdate: "RESTRICT",
       })
@@ -46,10 +46,10 @@ export class AddWebapiTokens1737453096674 implements MigrationInterface {
   }
 
   public async down(queryRunner: QueryRunner): Promise<void> {
-    const table = await queryRunner.getTable("webapi_permission");
+    const table = await queryRunner.getTable("api_permission");
-    const foreignKey = table.foreignKeys.find((fk) => fk.columnNames.indexOf("webapiId") !== -1);
+    const foreignKey = table.foreignKeys.find((fk) => fk.columnNames.indexOf("apiToken") !== -1);
-    await queryRunner.dropForeignKey("webapi_permission", foreignKey);
+    await queryRunner.dropForeignKey("api_permission", foreignKey);
-    await queryRunner.dropTable("webapi_permission");
+    await queryRunner.dropTable("api_permission");
-    await queryRunner.dropTable("webapi");
+    await queryRunner.dropTable("api");
   }
 }

src/routes/admin/index.ts

@@ -21,8 +21,6 @@ import newsletter from "./club/newsletter";
 import role from "./user/role";
 import user from "./user/user";
 import invite from "./user/invite";
-import api from "./user/webapi";
-import preventWebapiAccess from "../../middleware/preventWebApiAccess";
 
 var router = express.Router({ mergeParams: true });
 
@@ -62,6 +60,5 @@ router.use("/newsletter", PermissionHelper.passCheckMiddleware("read", "club", "
 router.use("/role", PermissionHelper.passCheckMiddleware("read", "user", "role"), role);
 router.use("/user", PermissionHelper.passCheckMiddleware("read", "user", "user"), user);
 router.use("/invite", PermissionHelper.passCheckMiddleware("read", "user", "user"), invite);
-router.use("/webapi", preventWebapiAccess, PermissionHelper.passCheckMiddleware("read", "user", "webapi"), api);
 
 export default router;

src/routes/admin/user/webapi.ts

@@ -1,59 +0,0 @@
-import express, { Request, Response } from "express";
-import PermissionHelper from "../../../helpers/permissionHelper";
-import {
-  createWebapi,
-  deleteWebapi,
-  getAllWebapis,
-  getWebapiById,
-  getWebapiPermissions,
-  updateWebapi,
-  updateWebapiPermissions,
-} from "../../../controller/admin/user/webapiController";
-
-var router = express.Router({ mergeParams: true });
-
-router.get("/", async (req: Request, res: Response) => {
-  await getAllWebapis(req, res);
-});
-
-router.get("/:id", async (req: Request, res: Response) => {
-  await getWebapiById(req, res);
-});
-
-router.get("/:id/permissions", async (req: Request, res: Response) => {
-  await getWebapiPermissions(req, res);
-});
-
-router.post(
-  "/",
-  PermissionHelper.passCheckMiddleware("create", "user", "webapi"),
-  async (req: Request, res: Response) => {
-    await createWebapi(req, res);
-  }
-);
-
-router.patch(
-  "/:id",
-  PermissionHelper.passCheckMiddleware("update", "user", "webapi"),
-  async (req: Request, res: Response) => {
-    await updateWebapi(req, res);
-  }
-);
-
-router.patch(
-  "/:id/permissions",
-  PermissionHelper.passCheckMiddleware("admin", "user", "webapi"),
-  async (req: Request, res: Response) => {
-    await updateWebapiPermissions(req, res);
-  }
-);
-
-router.delete(
-  "/:id",
-  PermissionHelper.passCheckMiddleware("delete", "user", "webapi"),
-  async (req: Request, res: Response) => {
-    await deleteWebapi(req, res);
-  }
-);
-
-export default router;

src/routes/index.ts

@@ -14,8 +14,6 @@ import auth from "./auth";
 import admin from "./admin/index";
 import user from "./user";
 import detectPWA from "../middleware/detectPWA";
-import api from "./webapi";
-import authenticateAPI from "../middleware/authenticateAPI";
 
 export default (app: Express) => {
   app.set("query parser", "extended");
@@ -34,7 +32,6 @@ export default (app: Express) => {
   app.use("/api/reset", reset);
   app.use("/api/invite", invite);
   app.use("/api/auth", auth);
-  app.use("/api/webapi", authenticateAPI, api);
   app.use(authenticate);
   app.use("/api/admin", admin);
   app.use("/api/user", user);

src/routes/webapi.ts

@@ -1,10 +0,0 @@
-import express, { Request, Response } from "express";
-import { getWebApiAccess } from "../controller/webapiController";
-
-var router = express.Router({ mergeParams: true });
-
-router.get("/retrieve", async (req: Request, res: Response) => {
-  await getWebApiAccess(req, res);
-});
-
-export default router;

src/service/user/apiPermissionService.ts

@@ -1,18 +1,18 @@
 import { dataSource } from "../../data-source";
-import { webapiPermission } from "../../entity/user/webapi_permission";
+import { apiPermission } from "../../entity/user/api_permission";
 import InternalException from "../../exceptions/internalException";
 
-export default abstract class WebapiPermissionService {
+export default abstract class ApiPermissionService {
   /**
    * @description get permission by api
-   * @param webapiId number
+   * @param apiId number
-   * @returns {Promise<Array<webapiPermission>>}
+   * @returns {Promise<Array<apiPermission>>}
    */
-  static async getByApi(webapiId: number): Promise<Array<webapiPermission>> {
+  static async getByApi(apiId: number): Promise<Array<apiPermission>> {
     return await dataSource
-      .getRepository(webapiPermission)
+      .getRepository(apiPermission)
       .createQueryBuilder("api_permission")
-      .where("api_permission.apiId = :apiId", { apiId: webapiId })
+      .where("api_permission.apiId = :apiId", { apiId: apiId })
       .getMany()
       .then((res) => {
         return res;

src/service/user/apiService.ts

@@ -0,0 +1,83 @@
+import { dataSource } from "../../data-source";
+import { api } from "../../entity/user/api";
+import InternalException from "../../exceptions/internalException";
+
+export default abstract class ApiService {
+  /**
+   * @description get apis
+   * @returns {Promise<Array<api>>}
+   */
+  static async getAll(): Promise<Array<api>> {
+    return await dataSource
+      .getRepository(api)
+      .createQueryBuilder("api")
+      .leftJoinAndSelect("api.permissions", "permissions")
+      .getMany()
+      .then((res) => {
+        return res;
+      })
+      .catch((err) => {
+        throw new InternalException("apis not found", err);
+      });
+  }
+
+  /**
+   * @description get api by id
+   * @param id number
+   * @returns {Promise<api>}
+   */
+  static async getById(id: number): Promise<api> {
+    return await dataSource
+      .getRepository(api)
+      .createQueryBuilder("api")
+      .leftJoinAndSelect("api.permissions", "permissions")
+      .where("api.id = :id", { id: id })
+      .getOneOrFail()
+      .then((res) => {
+        return res;
+      })
+      .catch((err) => {
+        throw new InternalException("api not found by id", err);
+      });
+  }
+
+  /**
+   * @description get api by token
+   * @param token string
+   * @returns {Promise<api>}
+   */
+  static async getByToken(token: string): Promise<api> {
+    return await dataSource
+      .getRepository(api)
+      .createQueryBuilder("api")
+      .leftJoinAndSelect("api.permissions", "permissions")
+      .where("api.token = :token", { token: token })
+      .getOneOrFail()
+      .then((res) => {
+        return res;
+      })
+      .catch((err) => {
+        throw new InternalException("api not found by token", err);
+      });
+  }
+
+  /**
+   * @description get api by id
+   * @param id number
+   * @returns {Promise<api>}
+   */
+  static async getTokenById(id: number): Promise<api> {
+    return await dataSource
+      .getRepository(api)
+      .createQueryBuilder("api")
+      .select("token")
+      .where("api.id = :id", { id: id })
+      .getOneOrFail()
+      .then((res) => {
+        return res;
+      })
+      .catch((err) => {
+        throw new InternalException("api token not found by id", err);
+      });
+  }
+}

src/service/user/webapiService.ts

@@ -1,83 +0,0 @@
-import { dataSource } from "../../data-source";
-import { webapi } from "../../entity/user/webapi";
-import InternalException from "../../exceptions/internalException";
-
-export default abstract class WebapiService {
-  /**
-   * @description get apis
-   * @returns {Promise<Array<webapi>>}
-   */
-  static async getAll(): Promise<Array<webapi>> {
-    return await dataSource
-      .getRepository(webapi)
-      .createQueryBuilder("webapi")
-      .leftJoinAndSelect("webapi.permissions", "permissions")
-      .getMany()
-      .then((res) => {
-        return res;
-      })
-      .catch((err) => {
-        throw new InternalException("webapis not found", err);
-      });
-  }
-
-  /**
-   * @description get api by id
-   * @param id number
-   * @returns {Promise<webapi>}
-   */
-  static async getById(id: number): Promise<webapi> {
-    return await dataSource
-      .getRepository(webapi)
-      .createQueryBuilder("webapi")
-      .leftJoinAndSelect("webapi.permissions", "permissions")
-      .where("webapi.id = :id", { id: id })
-      .getOneOrFail()
-      .then((res) => {
-        return res;
-      })
-      .catch((err) => {
-        throw new InternalException("webapi not found by id", err);
-      });
-  }
-
-  /**
-   * @description get api by token
-   * @param token string
-   * @returns {Promise<webapi>}
-   */
-  static async getByToken(token: string): Promise<webapi> {
-    return await dataSource
-      .getRepository(webapi)
-      .createQueryBuilder("webapi")
-      .leftJoinAndSelect("webapi.permissions", "permissions")
-      .where("webapi.token = :token", { token: token })
-      .getOneOrFail()
-      .then((res) => {
-        return res;
-      })
-      .catch((err) => {
-        throw new InternalException("webapi not found by token", err);
-      });
-  }
-
-  /**
-   * @description get api by id
-   * @param id number
-   * @returns {Promise<webapi>}
-   */
-  static async getTokenById(id: number): Promise<webapi> {
-    return await dataSource
-      .getRepository(webapi)
-      .createQueryBuilder("webapi")
-      .select("token")
-      .where("webapi.id = :id", { id: id })
-      .getOneOrFail()
-      .then((res) => {
-        return res;
-      })
-      .catch((err) => {
-        throw new InternalException("webapi token not found by id", err);
-      });
-  }
-}

src/type/permissionTypes.ts

@@ -14,7 +14,6 @@ export type PermissionModule =
   | "calendar_type"
   | "user"
   | "role"
-  | "webapi"
   | "query"
   | "query_store"
   | "template"
@@ -56,7 +55,6 @@ export const permissionModules: Array<PermissionModule> = [
   "calendar_type",
   "user",
   "role",
-  "webapi",
   "query",
   "query_store",
   "template",
@@ -77,5 +75,5 @@ export const sectionsAndModules: SectionsAndModulesObject = {
     "template_usage",
     "newsletter_config",
   ],
-  user: ["user", "role", "webapi"],
+  user: ["user", "role"],
 };