chore: update access token generator

5cec1a71 · Steven · ae1e2293 · 5cec1a71 · 5cec1a71 · 5cec1a71
Commit 5cec1a71 authored Sep 20, 2023 by Steven
9 changed files
--- a/api/auth/auth.go
+++ b/api/auth/auth.go
@@ -30,9 +30,8 @@ type ClaimsMessage struct {
 }

 // GenerateAccessToken generates an access token.
-// username is the email of the user.
-func GenerateAccessToken(username string, userID int32, expirationTime time.Time, secret string) (string, error) {
-	return generateToken(username, userID, AccessTokenAudienceName, expirationTime, []byte(secret))
+func GenerateAccessToken(username string, userID int32, expirationTime time.Time, secret []byte) (string, error) {
+	return generateToken(username, userID, AccessTokenAudienceName, expirationTime, secret)
 }

 // generateToken generates a jwt token.
@@ -43,7 +42,7 @@ func generateToken(username string, userID int32, audience string, expirationTim
 		IssuedAt: jwt.NewNumericDate(time.Now()),
 		Subject:  fmt.Sprint(userID),
 	}
-	if expirationTime.After(time.Now()) {
+	if !expirationTime.IsZero() {
 		registeredClaims.ExpiresAt = jwt.NewNumericDate(expirationTime)
 	}


--- a/api/v1/auth.go
+++ b/api/v1/auth.go
@@ -104,7 +104,7 @@ func (s *APIV1Service) SignIn(c echo.Context) error {
 		return echo.NewHTTPError(http.StatusUnauthorized, "Incorrect login credentials, please try again")
 	}

-	accessToken, err := auth.GenerateAccessToken(user.Username, user.ID, time.Now().Add(auth.AccessTokenDuration), s.Secret)
+	accessToken, err := auth.GenerateAccessToken(user.Username, user.ID, time.Now().Add(auth.AccessTokenDuration), []byte(s.Secret))
 	if err != nil {
 		return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to generate tokens, err: %s", err)).SetInternal(err)
 	}
@@ -228,7 +228,7 @@ func (s *APIV1Service) SignInSSO(c echo.Context) error {
 		return echo.NewHTTPError(http.StatusForbidden, fmt.Sprintf("User has been archived with username %s", userInfo.Identifier))
 	}

-	accessToken, err := auth.GenerateAccessToken(user.Username, user.ID, time.Now().Add(auth.AccessTokenDuration), s.Secret)
+	accessToken, err := auth.GenerateAccessToken(user.Username, user.ID, time.Now().Add(auth.AccessTokenDuration), []byte(s.Secret))
 	if err != nil {
 		return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to generate tokens, err: %s", err)).SetInternal(err)
 	}
@@ -353,7 +353,7 @@ func (s *APIV1Service) SignUp(c echo.Context) error {
 	if err != nil {
 		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to create user").SetInternal(err)
 	}
-	accessToken, err := auth.GenerateAccessToken(user.Username, user.ID, time.Now().Add(auth.AccessTokenDuration), s.Secret)
+	accessToken, err := auth.GenerateAccessToken(user.Username, user.ID, time.Now().Add(auth.AccessTokenDuration), []byte(s.Secret))
 	if err != nil {
 		return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to generate tokens, err: %s", err)).SetInternal(err)
 	}

--- a/api/v2/user_service.go
+++ b/api/v2/user_service.go
@@ -177,7 +177,11 @@ func (s *UserService) CreateUserAccessToken(ctx context.Context, request *apiv2p
 		return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err)
 	}

-	accessToken, err := auth.GenerateAccessToken(user.Username, user.ID, request.UserAccessToken.ExpiresAt.AsTime(), s.Secret)
+	expiresAt := time.Time{}
+	if request.ExpiresAt != nil {
+		expiresAt = request.ExpiresAt.AsTime()
+	}
+	accessToken, err := auth.GenerateAccessToken(user.Username, user.ID, expiresAt, []byte(s.Secret))
 	if err != nil {
 		return nil, status.Errorf(codes.Internal, "failed to generate access token: %v", err)
 	}
@@ -199,13 +203,13 @@ func (s *UserService) CreateUserAccessToken(ctx context.Context, request *apiv2p
 	}

 	// Upsert the access token to user setting store.
-	if err := s.UpsertAccessTokenToStore(ctx, user, accessToken, request.UserAccessToken.Description); err != nil {
+	if err := s.UpsertAccessTokenToStore(ctx, user, accessToken, request.Description); err != nil {
 		return nil, status.Errorf(codes.Internal, "failed to upsert access token to store: %v", err)
 	}

 	userAccessToken := &apiv2pb.UserAccessToken{
 		AccessToken: accessToken,
-		Description: request.UserAccessToken.Description,
+		Description: request.Description,
 		IssuedAt:    timestamppb.New(claims.IssuedAt.Time),
 	}
 	if claims.ExpiresAt != nil {

--- a/proto/api/v2/user_service.proto
+++ b/proto/api/v2/user_service.proto
@@ -31,7 +31,7 @@ service UserService {
  rpc CreateUserAccessToken(CreateUserAccessTokenRequest) returns (CreateUserAccessTokenResponse) {
    option (google.api.http) = {
      post: "/api/v2/users/{username}/access_tokens"
-      body: "user_access_token"
+      body: "*"
    };
    option (google.api.method_signature) = "username";
  }
@@ -102,7 +102,9 @@ message ListUserAccessTokensResponse {
 message CreateUserAccessTokenRequest {
  string username = 1;

-  UserAccessToken user_access_token = 2;
+  string description = 2;
+
+  optional google.protobuf.Timestamp expires_at = 3;
 }

 message CreateUserAccessTokenResponse {

--- a/proto/gen/api/v2/README.md
+++ b/proto/gen/api/v2/README.md
@@ -480,7 +480,8 @@
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | username | [string](#string) |  |  |
-| user_access_token | [UserAccessToken](#memos-api-v2-UserAccessToken) |  |  |
+| description | [string](#string) |  |  |
+| expires_at | [google.protobuf.Timestamp](#google-protobuf-Timestamp) | optional |  |




--- a/proto/gen/api/v2/user_service.pb.go
+++ b/proto/gen/api/v2/user_service.pb.go
--- a/proto/gen/api/v2/user_service.pb.gw.go
+++ b/proto/gen/api/v2/user_service.pb.gw.go
@@ -211,7 +211,7 @@ func request_UserService_CreateUserAccessToken_0(ctx context.Context, marshaler
 	if berr != nil {
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr)
 	}
-	if err := marshaler.NewDecoder(newReader()).Decode(&protoReq.UserAccessToken); err != nil && err != io.EOF {
+	if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF {
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
 	}

@@ -245,7 +245,7 @@ func local_request_UserService_CreateUserAccessToken_0(ctx context.Context, mars
 	if berr != nil {
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr)
 	}
-	if err := marshaler.NewDecoder(newReader()).Decode(&protoReq.UserAccessToken); err != nil && err != io.EOF {
+	if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF {
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
 	}


--- a/web/src/components/CreateAccessTokenDialog.tsx
+++ b/web/src/components/CreateAccessTokenDialog.tsx
@@ -70,10 +70,8 @@ const CreateAccessTokenDialog: React.FC<Props> = (props: Props) => {
    try {
      await userServiceClient.createUserAccessToken({
        username: currentUser.username,
-        userAccessToken: {
-          description: state.description,
-          expiresAt: new Date(Date.now() + state.expiration * 1000),
-        },
+        description: state.description,
+        expiresAt: state.expiration ? new Date(Date.now() + state.expiration * 1000) : undefined,
      });

      onConfirm();

--- a/web/src/components/Settings/AccessTokenSection.tsx
+++ b/web/src/components/Settings/AccessTokenSection.tsx
@@ -119,10 +119,10 @@ const AccessTokenSection = () => {
                          {userAccessToken.description}
                        </td>
                        <td className="whitespace-nowrap px-3 py-4 text-sm text-gray-500 dark:text-gray-400">
-                          {String(userAccessToken.issuedAt)}
+                          {userAccessToken.issuedAt?.toLocaleString()}
                        </td>
                        <td className="whitespace-nowrap px-3 py-4 text-sm text-gray-500 dark:text-gray-400">
-                          {String(userAccessToken.expiresAt ?? "Never")}
+                          {userAccessToken.expiresAt?.toLocaleString() ?? "Never"}
                        </td>
                        <td className="relative whitespace-nowrap py-4 pl-3 pr-4 text-right text-sm">
                          <IconButton