admin/twenty
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Fix api Keys (#2583)

Browse Source
This commit is contained in:
martmull
2023-11-20 10:57:08 +01:00
committed by GitHub
parent 25950ab82a
commit eb64baa62e
1 changed files with 36 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
server/src/core/auth/strategies/jwt.auth.strategy.ts
View File

@ -1,13 +1,20 @@
import { PassportStrategy } from '@nestjs/passport'; import { PassportStrategy } from '@nestjs/passport';
import { Injectable, UnauthorizedException } from '@nestjs/common'; import {
ForbiddenException,
Injectable,
UnauthorizedException,
} from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm'; import { InjectRepository } from '@nestjs/typeorm';
import { Strategy, ExtractJwt } from 'passport-jwt'; import { Strategy, ExtractJwt } from 'passport-jwt';
import { Repository } from 'typeorm'; import { Repository } from 'typeorm';
import { assert } from 'src/utils/assert';
import { EnvironmentService } from 'src/integrations/environment/environment.service'; import { EnvironmentService } from 'src/integrations/environment/environment.service';
import { Workspace } from 'src/core/workspace/workspace.entity'; import { Workspace } from 'src/core/workspace/workspace.entity';
import { User } from 'src/core/user/user.entity'; import { User } from 'src/core/user/user.entity';
import { TypeORMService } from 'src/database/typeorm/typeorm.service';
import { DataSourceService } from 'src/metadata/data-source/data-source.service';
export type JwtPayload = { sub: string; workspaceId: string; jti?: string }; export type JwtPayload = { sub: string; workspaceId: string; jti?: string };
export type PassportUser = { user?: User; workspace: Workspace }; export type PassportUser = { user?: User; workspace: Workspace };
@ -16,6 +23,8 @@ export type PassportUser = { user?: User; workspace: Workspace };
export class JwtAuthStrategy extends PassportStrategy(Strategy, 'jwt') { export class JwtAuthStrategy extends PassportStrategy(Strategy, 'jwt') {
constructor( constructor(
private readonly environmentService: EnvironmentService, private readonly environmentService: EnvironmentService,
private readonly typeORMService: TypeORMService,
private readonly dataSourceService: DataSourceService,
@InjectRepository(Workspace) @InjectRepository(Workspace)
private readonly workspaceRepository: Repository<Workspace>, private readonly workspaceRepository: Repository<Workspace>,
@InjectRepository(User) @InjectRepository(User)
@ -36,21 +45,34 @@ export class JwtAuthStrategy extends PassportStrategy(Strategy, 'jwt') {
throw new UnauthorizedException(); throw new UnauthorizedException();
} }
if (payload.jti) { if (payload.jti) {
// If apiKey has been deleted or revoked, we throw an error const dataSourceMetadata =
// const apiKey = await this.prismaService.client.apiKey.findUniqueOrThrow({ await this.dataSourceService.getLastDataSourceMetadataFromWorkspaceIdOrFail(
// where: { id: payload.jti }, workspace.id,
// }); );
// assert(!apiKey.revokedAt, 'This API Key is revoked', ForbiddenException);
const workspaceDataSource = await this.typeORMService.connectToDataSource(
dataSourceMetadata,
);
const apiKey = await workspaceDataSource?.query(
`SELECT * FROM ${dataSourceMetadata.schema}."apiKey" WHERE id = '${payload.jti}'`,
);
assert(
apiKey.length === 1 && !apiKey[0].revokedAt,
'This API Key is revoked',
ForbiddenException,
);
} }
const user = payload.workspaceId let user;
? await this.userRepository.findOneBy({ if (payload.workspaceId) {
id: payload.sub, user = await this.userRepository.findOneBy({
}) id: payload.sub,
: undefined; });
if (!user) {
if (!user) { throw new UnauthorizedException();
throw new UnauthorizedException(); }
} }
return { user, workspace }; return { user, workspace };