unleash-server/dist/lib/routes/admin-api/api-token.js

Unleash is an enterprise ready feature toggles service. It provides different strategies for handling feature toggles.

"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.ApiTokenController = void 0;
const controller_1 = __importDefault(require("../controller"));
const permissions_1 = require("../../types/permissions");
const api_token_1 = require("../../types/models/api-token");
const api_token_schema_1 = require("../../schema/api-token-schema");
const create_request_schema_1 = require("../../openapi/util/create-request-schema");
const create_response_schema_1 = require("../../openapi/util/create-response-schema");
const api_tokens_schema_1 = require("../../openapi/spec/api-tokens-schema");
const serialize_dates_1 = require("../../types/serialize-dates");
const api_token_schema_2 = require("../../openapi/spec/api-token-schema");
const standard_responses_1 = require("../../openapi/util/standard-responses");
const util_1 = require("../../util");
class ApiTokenController extends controller_1.default {
    constructor(config, { apiTokenService, accessService, proxyService, openApiService, }) {
        super(config);
        this.apiTokenService = apiTokenService;
        this.accessService = accessService;
        this.proxyService = proxyService;
        this.openApiService = openApiService;
        this.logger = config.getLogger('api-token-controller.js');
        this.route({
            method: 'get',
            path: '',
            handler: this.getAllApiTokens,
            permission: permissions_1.READ_API_TOKEN,
            middleware: [
                openApiService.validPath({
                    tags: ['API tokens'],
                    operationId: 'getAllApiTokens',
                    responses: {
                        200: (0, create_response_schema_1.createResponseSchema)('apiTokensSchema'),
                    },
                }),
            ],
        });
        this.route({
            method: 'post',
            path: '',
            handler: this.createApiToken,
            permission: permissions_1.CREATE_API_TOKEN,
            middleware: [
                openApiService.validPath({
                    tags: ['API tokens'],
                    operationId: 'createApiToken',
                    requestBody: (0, create_request_schema_1.createRequestSchema)('createApiTokenSchema'),
                    responses: {
                        201: (0, create_response_schema_1.resourceCreatedResponseSchema)('apiTokenSchema'),
                    },
                }),
            ],
        });
        this.route({
            method: 'put',
            path: '/:token',
            handler: this.updateApiToken,
            permission: permissions_1.UPDATE_API_TOKEN,
            middleware: [
                openApiService.validPath({
                    tags: ['API tokens'],
                    operationId: 'updateApiToken',
                    requestBody: (0, create_request_schema_1.createRequestSchema)('updateApiTokenSchema'),
                    responses: {
                        200: standard_responses_1.emptyResponse,
                    },
                }),
            ],
        });
        this.route({
            method: 'delete',
            path: '/:token',
            handler: this.deleteApiToken,
            acceptAnyContentType: true,
            permission: permissions_1.DELETE_API_TOKEN,
            middleware: [
                openApiService.validPath({
                    tags: ['API tokens'],
                    operationId: 'deleteApiToken',
                    responses: {
                        200: standard_responses_1.emptyResponse,
                    },
                }),
            ],
        });
    }
    async getAllApiTokens(req, res) {
        const { user } = req;
        const tokens = await this.accessibleTokens(user);
        this.openApiService.respondWithValidation(200, res, api_tokens_schema_1.apiTokensSchema.$id, { tokens: (0, serialize_dates_1.serializeDates)(tokens) });
    }
    async createApiToken(req, res) {
        const createToken = await api_token_schema_1.createApiToken.validateAsync(req.body);
        const token = await this.apiTokenService.createApiToken(createToken, (0, util_1.extractUsername)(req));
        this.openApiService.respondWithValidation(201, res, api_token_schema_2.apiTokenSchema.$id, (0, serialize_dates_1.serializeDates)(token), { location: `api-tokens` });
    }
    async updateApiToken(req, res) {
        const { token } = req.params;
        const { expiresAt } = req.body;
        if (!expiresAt) {
            this.logger.error(req.body);
            return res.status(400).send();
        }
        await this.apiTokenService.updateExpiry(token, new Date(expiresAt), (0, util_1.extractUsername)(req));
        return res.status(200).end();
    }
    async deleteApiToken(req, res) {
        const { token } = req.params;
        await this.apiTokenService.delete(token, (0, util_1.extractUsername)(req));
        this.proxyService.deleteClientForProxyToken(token);
        res.status(200).end();
    }
    async accessibleTokens(user) {
        const allTokens = await this.apiTokenService.getAllTokens();
        if (user.isAPI && user.permissions.includes(permissions_1.ADMIN)) {
            return allTokens;
        }
        if (await this.accessService.hasPermission(user, permissions_1.UPDATE_API_TOKEN)) {
            return allTokens;
        }
        return allTokens.filter((token) => token.type !== api_token_1.ApiTokenType.ADMIN);
    }
}
exports.ApiTokenController = ApiTokenController;
//# sourceMappingURL=api-token.js.map