feat: add session creation endpoint (#18295)
This commit is contained in:
Brandon Wees
@@ -18,7 +18,7 @@ describe(ApiKeyService.name, () => {
|
||||
const apiKey = factory.apiKey({ userId: auth.user.id, permissions: [Permission.ALL] });
|
||||
const key = 'super-secret';
|
||||
|
||||
mocks.crypto.newPassword.mockReturnValue(key);
|
||||
mocks.crypto.randomBytesAsText.mockReturnValue(key);
|
||||
mocks.apiKey.create.mockResolvedValue(apiKey);
|
||||
|
||||
await sut.create(auth, { name: apiKey.name, permissions: apiKey.permissions });
|
||||
@@ -29,7 +29,7 @@ describe(ApiKeyService.name, () => {
|
||||
permissions: apiKey.permissions,
|
||||
userId: apiKey.userId,
|
||||
});
|
||||
expect(mocks.crypto.newPassword).toHaveBeenCalled();
|
||||
expect(mocks.crypto.randomBytesAsText).toHaveBeenCalled();
|
||||
expect(mocks.crypto.hashSha256).toHaveBeenCalled();
|
||||
});
|
||||
|
||||
@@ -38,7 +38,7 @@ describe(ApiKeyService.name, () => {
|
||||
const apiKey = factory.apiKey({ userId: auth.user.id });
|
||||
const key = 'super-secret';
|
||||
|
||||
mocks.crypto.newPassword.mockReturnValue(key);
|
||||
mocks.crypto.randomBytesAsText.mockReturnValue(key);
|
||||
mocks.apiKey.create.mockResolvedValue(apiKey);
|
||||
|
||||
await sut.create(auth, { permissions: [Permission.ALL] });
|
||||
@@ -49,7 +49,7 @@ describe(ApiKeyService.name, () => {
|
||||
permissions: [Permission.ALL],
|
||||
userId: auth.user.id,
|
||||
});
|
||||
expect(mocks.crypto.newPassword).toHaveBeenCalled();
|
||||
expect(mocks.crypto.randomBytesAsText).toHaveBeenCalled();
|
||||
expect(mocks.crypto.hashSha256).toHaveBeenCalled();
|
||||
});
|
||||
|
||||
|
||||
@@ -9,20 +9,21 @@ import { isGranted } from 'src/utils/access';
|
||||
@Injectable()
|
||||
export class ApiKeyService extends BaseService {
|
||||
async create(auth: AuthDto, dto: APIKeyCreateDto): Promise<APIKeyCreateResponseDto> {
|
||||
const secret = this.cryptoRepository.newPassword(32);
|
||||
const token = this.cryptoRepository.randomBytesAsText(32);
|
||||
const tokenHashed = this.cryptoRepository.hashSha256(token);
|
||||
|
||||
if (auth.apiKey && !isGranted({ requested: dto.permissions, current: auth.apiKey.permissions })) {
|
||||
throw new BadRequestException('Cannot grant permissions you do not have');
|
||||
}
|
||||
|
||||
const entity = await this.apiKeyRepository.create({
|
||||
key: this.cryptoRepository.hashSha256(secret),
|
||||
key: tokenHashed,
|
||||
name: dto.name || 'API Key',
|
||||
userId: auth.user.id,
|
||||
permissions: dto.permissions,
|
||||
});
|
||||
|
||||
return { secret, apiKey: this.map(entity) };
|
||||
return { secret: token, apiKey: this.map(entity) };
|
||||
}
|
||||
|
||||
async update(auth: AuthDto, id: string, dto: APIKeyUpdateDto): Promise<APIKeyResponseDto> {
|
||||
|
||||
@@ -492,17 +492,17 @@ export class AuthService extends BaseService {
|
||||
}
|
||||
|
||||
private async createLoginResponse(user: UserAdmin, loginDetails: LoginDetails) {
|
||||
const key = this.cryptoRepository.newPassword(32);
|
||||
const token = this.cryptoRepository.hashSha256(key);
|
||||
const token = this.cryptoRepository.randomBytesAsText(32);
|
||||
const tokenHashed = this.cryptoRepository.hashSha256(token);
|
||||
|
||||
await this.sessionRepository.create({
|
||||
token,
|
||||
token: tokenHashed,
|
||||
deviceOS: loginDetails.deviceOS,
|
||||
deviceType: loginDetails.deviceType,
|
||||
userId: user.id,
|
||||
});
|
||||
|
||||
return mapLoginResponse(user, key);
|
||||
return mapLoginResponse(user, token);
|
||||
}
|
||||
|
||||
private getClaim<T>(profile: OAuthProfile, options: ClaimOptions<T>): T {
|
||||
|
||||
@@ -17,7 +17,7 @@ export class CliService extends BaseService {
|
||||
}
|
||||
|
||||
const providedPassword = await ask(mapUserAdmin(admin));
|
||||
const password = providedPassword || this.cryptoRepository.newPassword(24);
|
||||
const password = providedPassword || this.cryptoRepository.randomBytesAsText(24);
|
||||
const hashedPassword = await this.cryptoRepository.hashBcrypt(password, SALT_ROUNDS);
|
||||
|
||||
await this.userRepository.update(admin.id, { password: hashedPassword });
|
||||
|
||||
@@ -17,30 +17,9 @@ describe('SessionService', () => {
|
||||
});
|
||||
|
||||
describe('handleCleanup', () => {
|
||||
it('should return skipped if nothing is to be deleted', async () => {
|
||||
mocks.session.search.mockResolvedValue([]);
|
||||
await expect(sut.handleCleanup()).resolves.toEqual(JobStatus.SKIPPED);
|
||||
expect(mocks.session.search).toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it('should delete sessions', async () => {
|
||||
mocks.session.search.mockResolvedValue([
|
||||
{
|
||||
createdAt: new Date('1970-01-01T00:00:00.00Z'),
|
||||
updatedAt: new Date('1970-01-02T00:00:00.00Z'),
|
||||
deviceOS: '',
|
||||
deviceType: '',
|
||||
id: '123',
|
||||
token: '420',
|
||||
userId: '42',
|
||||
updateId: 'uuid-v7',
|
||||
pinExpiresAt: null,
|
||||
},
|
||||
]);
|
||||
mocks.session.delete.mockResolvedValue();
|
||||
|
||||
it('should clean sessions', async () => {
|
||||
mocks.session.cleanup.mockResolvedValue([]);
|
||||
await expect(sut.handleCleanup()).resolves.toEqual(JobStatus.SUCCESS);
|
||||
expect(mocks.session.delete).toHaveBeenCalledWith('123');
|
||||
});
|
||||
});
|
||||
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
import { Injectable } from '@nestjs/common';
|
||||
import { BadRequestException, Injectable } from '@nestjs/common';
|
||||
import { DateTime } from 'luxon';
|
||||
import { OnJob } from 'src/decorators';
|
||||
import { AuthDto } from 'src/dtos/auth.dto';
|
||||
import { SessionResponseDto, mapSession } from 'src/dtos/session.dto';
|
||||
import { SessionCreateDto, SessionCreateResponseDto, SessionResponseDto, mapSession } from 'src/dtos/session.dto';
|
||||
import { JobName, JobStatus, Permission, QueueName } from 'src/enum';
|
||||
import { BaseService } from 'src/services/base.service';
|
||||
|
||||
@@ -10,16 +10,8 @@ import { BaseService } from 'src/services/base.service';
|
||||
export class SessionService extends BaseService {
|
||||
@OnJob({ name: JobName.CLEAN_OLD_SESSION_TOKENS, queue: QueueName.BACKGROUND_TASK })
|
||||
async handleCleanup(): Promise<JobStatus> {
|
||||
const sessions = await this.sessionRepository.search({
|
||||
updatedBefore: DateTime.now().minus({ days: 90 }).toJSDate(),
|
||||
});
|
||||
|
||||
if (sessions.length === 0) {
|
||||
return JobStatus.SKIPPED;
|
||||
}
|
||||
|
||||
const sessions = await this.sessionRepository.cleanup();
|
||||
for (const session of sessions) {
|
||||
await this.sessionRepository.delete(session.id);
|
||||
this.logger.verbose(`Deleted expired session token: ${session.deviceOS}/${session.deviceType}`);
|
||||
}
|
||||
|
||||
@@ -28,6 +20,25 @@ export class SessionService extends BaseService {
|
||||
return JobStatus.SUCCESS;
|
||||
}
|
||||
|
||||
async create(auth: AuthDto, dto: SessionCreateDto): Promise<SessionCreateResponseDto> {
|
||||
if (!auth.session) {
|
||||
throw new BadRequestException('This endpoint can only be used with a session token');
|
||||
}
|
||||
|
||||
const token = this.cryptoRepository.randomBytesAsText(32);
|
||||
const tokenHashed = this.cryptoRepository.hashSha256(token);
|
||||
const session = await this.sessionRepository.create({
|
||||
parentId: auth.session.id,
|
||||
userId: auth.user.id,
|
||||
expiredAt: dto.duration ? DateTime.now().plus({ seconds: dto.duration }).toJSDate() : null,
|
||||
deviceType: dto.deviceType,
|
||||
deviceOS: dto.deviceOS,
|
||||
token: tokenHashed,
|
||||
});
|
||||
|
||||
return { ...mapSession(session), token };
|
||||
}
|
||||
|
||||
async getAll(auth: AuthDto): Promise<SessionResponseDto[]> {
|
||||
const sessions = await this.sessionRepository.getByUserId(auth.user.id);
|
||||
return sessions.map((session) => mapSession(session, auth.session?.id));
|
||||
|
||||
Reference in New Issue
Block a user