Skip to content

C
canifa_note
Commit f37b3454 authored by Steven's avatar Steven
Browse files
Options

chore: update user access token checks

parent f54b05a5
Hide whitespace changes
Inline Side-by-side
Showing with 36 additions and 8 deletions
server/router/api/v1/user_service.go
View file @ f37b3454
...@@ -346,7 +346,12 @@ func (s *APIV1Service) UpdateUserSetting(ctx context.Context, request *v1pb.Upda ...@@ -346,7 +346,12 @@ func (s *APIV1Service) UpdateUserSetting(ctx context.Context, request *v1pb.Upda
return s.GetUserSetting(ctx, &v1pb.GetUserSettingRequest{}) return s.GetUserSetting(ctx, &v1pb.GetUserSettingRequest{})
} }
func (s *APIV1Service) ListUserAccessTokens(ctx context.Context, _ *v1pb.ListUserAccessTokensRequest) (*v1pb.ListUserAccessTokensResponse, error) { func (s *APIV1Service) ListUserAccessTokens(ctx context.Context, request *v1pb.ListUserAccessTokensRequest) (*v1pb.ListUserAccessTokensResponse, error) {
userID, err := ExtractUserIDFromName(request.Name)
if err != nil {
return nil, status.Errorf(codes.InvalidArgument, "invalid user name: %v", err)
}
currentUser, err := getCurrentUser(ctx, s.Store) currentUser, err := getCurrentUser(ctx, s.Store)
if err != nil { if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err) return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err)
...@@ -354,8 +359,11 @@ func (s *APIV1Service) ListUserAccessTokens(ctx context.Context, _ *v1pb.ListUse ...@@ -354,8 +359,11 @@ func (s *APIV1Service) ListUserAccessTokens(ctx context.Context, _ *v1pb.ListUse
if currentUser == nil { if currentUser == nil {
return nil, status.Errorf(codes.PermissionDenied, "permission denied") return nil, status.Errorf(codes.PermissionDenied, "permission denied")
} }
if currentUser.ID != userID {
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
}
userAccessTokens, err := s.Store.GetUserAccessTokens(ctx, currentUser.ID) userAccessTokens, err := s.Store.GetUserAccessTokens(ctx, userID)
if err != nil { if err != nil {
return nil, status.Errorf(codes.Internal, "failed to list access tokens: %v", err) return nil, status.Errorf(codes.Internal, "failed to list access tokens: %v", err)
} }
...@@ -401,17 +409,27 @@ func (s *APIV1Service) ListUserAccessTokens(ctx context.Context, _ *v1pb.ListUse ...@@ -401,17 +409,27 @@ func (s *APIV1Service) ListUserAccessTokens(ctx context.Context, _ *v1pb.ListUse
} }
func (s *APIV1Service) CreateUserAccessToken(ctx context.Context, request *v1pb.CreateUserAccessTokenRequest) (*v1pb.UserAccessToken, error) { func (s *APIV1Service) CreateUserAccessToken(ctx context.Context, request *v1pb.CreateUserAccessTokenRequest) (*v1pb.UserAccessToken, error) {
user, err := getCurrentUser(ctx, s.Store) userID, err := ExtractUserIDFromName(request.Name)
if err != nil {
return nil, status.Errorf(codes.InvalidArgument, "invalid user name: %v", err)
}
currentUser, err := getCurrentUser(ctx, s.Store)
if err != nil { if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err) return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err)
} }
if currentUser == nil {
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
}
if currentUser.ID != userID {
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
}
expiresAt := time.Time{} expiresAt := time.Time{}
if request.ExpiresAt != nil { if request.ExpiresAt != nil {
expiresAt = request.ExpiresAt.AsTime() expiresAt = request.ExpiresAt.AsTime()
} }
accessToken, err := GenerateAccessToken(user.Username, user.ID, expiresAt, []byte(s.Secret)) accessToken, err := GenerateAccessToken(currentUser.Username, currentUser.ID, expiresAt, []byte(s.Secret))
if err != nil { if err != nil {
return nil, status.Errorf(codes.Internal, "failed to generate access token: %v", err) return nil, status.Errorf(codes.Internal, "failed to generate access token: %v", err)
} }
...@@ -433,7 +451,7 @@ func (s *APIV1Service) CreateUserAccessToken(ctx context.Context, request *v1pb. ...@@ -433,7 +451,7 @@ func (s *APIV1Service) CreateUserAccessToken(ctx context.Context, request *v1pb.
} }
// Upsert the access token to user setting store. // Upsert the access token to user setting store.
if err := s.UpsertAccessTokenToStore(ctx, user, accessToken, request.Description); err != nil { if err := s.UpsertAccessTokenToStore(ctx, currentUser, accessToken, request.Description); err != nil {
return nil, status.Errorf(codes.Internal, "failed to upsert access token to store: %v", err) return nil, status.Errorf(codes.Internal, "failed to upsert access token to store: %v", err)
} }
...@@ -449,12 +467,22 @@ func (s *APIV1Service) CreateUserAccessToken(ctx context.Context, request *v1pb. ...@@ -449,12 +467,22 @@ func (s *APIV1Service) CreateUserAccessToken(ctx context.Context, request *v1pb.
} }
func (s *APIV1Service) DeleteUserAccessToken(ctx context.Context, request *v1pb.DeleteUserAccessTokenRequest) (*emptypb.Empty, error) { func (s *APIV1Service) DeleteUserAccessToken(ctx context.Context, request *v1pb.DeleteUserAccessTokenRequest) (*emptypb.Empty, error) {
user, err := getCurrentUser(ctx, s.Store) userID, err := ExtractUserIDFromName(request.Name)
if err != nil {
return nil, status.Errorf(codes.InvalidArgument, "invalid user name: %v", err)
}
currentUser, err := getCurrentUser(ctx, s.Store)
if err != nil { if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err) return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err)
} }
if currentUser == nil {
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
}
if currentUser.ID != userID {
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
}
userAccessTokens, err := s.Store.GetUserAccessTokens(ctx, user.ID) userAccessTokens, err := s.Store.GetUserAccessTokens(ctx, currentUser.ID)
if err != nil { if err != nil {
return nil, status.Errorf(codes.Internal, "failed to list access tokens: %v", err) return nil, status.Errorf(codes.Internal, "failed to list access tokens: %v", err)
} }
...@@ -466,7 +494,7 @@ func (s *APIV1Service) DeleteUserAccessToken(ctx context.Context, request *v1pb. ...@@ -466,7 +494,7 @@ func (s *APIV1Service) DeleteUserAccessToken(ctx context.Context, request *v1pb.
updatedUserAccessTokens = append(updatedUserAccessTokens, userAccessToken) updatedUserAccessTokens = append(updatedUserAccessTokens, userAccessToken)
} }
if _, err := s.Store.UpsertUserSetting(ctx, &storepb.UserSetting{ if _, err := s.Store.UpsertUserSetting(ctx, &storepb.UserSetting{
UserId: user.ID, UserId: currentUser.ID,
Key: storepb.UserSettingKey_ACCESS_TOKENS, Key: storepb.UserSettingKey_ACCESS_TOKENS,
Value: &storepb.UserSetting_AccessTokens{ Value: &storepb.UserSetting_AccessTokens{
AccessTokens: &storepb.AccessTokensUserSetting{ AccessTokens: &storepb.AccessTokensUserSetting{
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment