2021-08-26 14:37:55 +02:00
|
|
|
'use strict';
|
|
|
|
|
|
2021-09-20 09:20:12 +02:00
|
|
|
const { stringEquals } = require('@strapi/utils/lib');
|
2021-10-20 17:30:05 +02:00
|
|
|
const { ApplicationError } = require('@strapi/utils').errors;
|
2021-08-30 09:05:39 +02:00
|
|
|
const { trim } = require('lodash/fp');
|
2021-09-06 13:30:52 +02:00
|
|
|
const has = require('lodash/has');
|
2021-08-26 14:37:55 +02:00
|
|
|
const { getService } = require('../utils');
|
2021-09-06 13:30:52 +02:00
|
|
|
const {
|
|
|
|
|
validateApiTokenCreationInput,
|
|
|
|
|
validateApiTokenUpdateInput,
|
|
|
|
|
} = require('../validation/api-tokens');
|
2021-08-26 14:37:55 +02:00
|
|
|
|
|
|
|
|
module.exports = {
|
|
|
|
|
async create(ctx) {
|
2021-08-30 09:12:10 +02:00
|
|
|
const { body } = ctx.request;
|
2021-08-26 14:37:55 +02:00
|
|
|
const apiTokenService = getService('api-token');
|
|
|
|
|
|
2021-08-27 16:32:36 +02:00
|
|
|
/**
|
|
|
|
|
* We trim both field to avoid having issues with either:
|
|
|
|
|
* - having a space at the end or start of the value.
|
|
|
|
|
* - having only spaces as value;
|
|
|
|
|
*/
|
2021-08-30 09:12:10 +02:00
|
|
|
const attributes = {
|
|
|
|
|
name: trim(body.name),
|
|
|
|
|
description: trim(body.description),
|
|
|
|
|
type: body.type,
|
2022-08-09 09:59:09 +02:00
|
|
|
permissions: body.permissions,
|
2022-08-23 10:51:53 +02:00
|
|
|
lifespan: body.lifespan,
|
2021-08-30 09:12:10 +02:00
|
|
|
};
|
2021-08-27 16:32:36 +02:00
|
|
|
|
2021-10-20 17:30:05 +02:00
|
|
|
await validateApiTokenCreationInput(attributes);
|
2021-08-26 14:37:55 +02:00
|
|
|
|
2021-08-27 16:23:19 +02:00
|
|
|
const alreadyExists = await apiTokenService.exists({ name: attributes.name });
|
|
|
|
|
if (alreadyExists) {
|
2021-10-20 17:30:05 +02:00
|
|
|
throw new ApplicationError('Name already taken');
|
2021-08-26 14:37:55 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const apiToken = await apiTokenService.create(attributes);
|
|
|
|
|
ctx.created({ data: apiToken });
|
|
|
|
|
},
|
2021-08-27 08:14:36 +02:00
|
|
|
|
2022-08-18 13:31:02 +02:00
|
|
|
async regenerate(ctx) {
|
2022-08-18 14:03:59 +02:00
|
|
|
const { id } = ctx.params;
|
2022-08-18 13:31:02 +02:00
|
|
|
const apiTokenService = getService('api-token');
|
|
|
|
|
|
2022-08-18 14:03:59 +02:00
|
|
|
const apiTokenExists = await apiTokenService.getById(id);
|
|
|
|
|
if (!apiTokenExists) {
|
2022-08-18 13:31:02 +02:00
|
|
|
ctx.notFound('API Token not found');
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-18 14:03:59 +02:00
|
|
|
const accessToken = await apiTokenService.regenerate(id);
|
|
|
|
|
|
2022-08-18 13:31:02 +02:00
|
|
|
ctx.created({ data: accessToken });
|
|
|
|
|
},
|
|
|
|
|
|
2021-08-27 08:14:36 +02:00
|
|
|
async list(ctx) {
|
|
|
|
|
const apiTokenService = getService('api-token');
|
|
|
|
|
const apiTokens = await apiTokenService.list();
|
|
|
|
|
|
|
|
|
|
ctx.send({ data: apiTokens });
|
|
|
|
|
},
|
2021-08-31 15:31:54 +02:00
|
|
|
|
|
|
|
|
async revoke(ctx) {
|
|
|
|
|
const { id } = ctx.params;
|
|
|
|
|
const apiTokenService = getService('api-token');
|
2021-09-02 10:47:06 +02:00
|
|
|
const apiToken = await apiTokenService.revoke(id);
|
2021-08-31 15:31:54 +02:00
|
|
|
|
2021-09-02 10:47:06 +02:00
|
|
|
ctx.deleted({ data: apiToken });
|
2021-08-31 15:31:54 +02:00
|
|
|
},
|
2021-09-02 11:56:14 +02:00
|
|
|
|
|
|
|
|
async get(ctx) {
|
|
|
|
|
const { id } = ctx.params;
|
|
|
|
|
const apiTokenService = getService('api-token');
|
2021-09-06 15:14:45 +02:00
|
|
|
const apiToken = await apiTokenService.getById(id);
|
2021-09-02 11:56:14 +02:00
|
|
|
|
|
|
|
|
if (!apiToken) {
|
|
|
|
|
ctx.notFound('API Token not found');
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ctx.send({ data: apiToken });
|
|
|
|
|
},
|
2021-09-06 13:30:52 +02:00
|
|
|
|
|
|
|
|
async update(ctx) {
|
|
|
|
|
const { body } = ctx.request;
|
|
|
|
|
const { id } = ctx.params;
|
|
|
|
|
const apiTokenService = getService('api-token');
|
|
|
|
|
|
2021-09-08 14:38:43 +02:00
|
|
|
const attributes = body;
|
2021-09-06 13:30:52 +02:00
|
|
|
/**
|
|
|
|
|
* We trim both field to avoid having issues with either:
|
|
|
|
|
* - having a space at the end or start of the value.
|
|
|
|
|
* - having only spaces as value;
|
|
|
|
|
*/
|
2021-09-08 14:38:43 +02:00
|
|
|
if (has(attributes, 'name')) {
|
|
|
|
|
attributes.name = trim(body.name);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (has(attributes, 'description') || attributes.description === null) {
|
|
|
|
|
attributes.description = trim(body.description);
|
|
|
|
|
}
|
2021-09-06 13:30:52 +02:00
|
|
|
|
2021-10-20 17:30:05 +02:00
|
|
|
await validateApiTokenUpdateInput(attributes);
|
2021-09-06 13:30:52 +02:00
|
|
|
|
|
|
|
|
const apiTokenExists = await apiTokenService.getById(id);
|
|
|
|
|
if (!apiTokenExists) {
|
2021-10-20 17:30:05 +02:00
|
|
|
return ctx.notFound('API Token not found');
|
2021-09-06 13:30:52 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (has(attributes, 'name')) {
|
2021-09-08 14:38:43 +02:00
|
|
|
const nameAlreadyTaken = await apiTokenService.getByName(attributes.name);
|
2021-09-20 09:20:12 +02:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* We cast the ids as string as the one coming from the ctx isn't cast
|
|
|
|
|
* as a Number in case it is supposed to be an integer. It remains
|
|
|
|
|
* as a string. This way we avoid issues with integers in the db.
|
|
|
|
|
*/
|
|
|
|
|
if (!!nameAlreadyTaken && !stringEquals(nameAlreadyTaken.id, id)) {
|
2021-10-20 17:30:05 +02:00
|
|
|
throw new ApplicationError('Name already taken');
|
2021-09-06 13:30:52 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const apiToken = await apiTokenService.update(id, attributes);
|
|
|
|
|
ctx.send({ data: apiToken });
|
|
|
|
|
},
|
2022-08-24 18:08:17 +03:00
|
|
|
|
|
|
|
|
async getLayout(ctx) {
|
|
|
|
|
const apiTokenService = getService('api-token');
|
|
|
|
|
const layout = await apiTokenService.getApiTokenLayout();
|
|
|
|
|
|
|
|
|
|
ctx.send({ data: layout });
|
|
|
|
|
},
|
2021-08-26 14:37:55 +02:00
|
|
|
};
|
