feat: manage / create API keys (#1516)

* fix: admin api UI update * feat: admin api - create dialog UI * feat: admin api - create + list keys * feat: admin api localization (wip) * feat: admin api localization * feat: admin api - toggle state * feat: process API keys + format gql request errors to json
2020-02-22 17:38:06 -05:00
parent f6b048f148
commit f72cf664eb
14 changed files with 712 additions and 120 deletions
--- a/server/models/apiKeys.js
+++ b/server/models/apiKeys.js
@@ -0,0 +1,71 @@
+/* global WIKI */
+
+const Model = require('objection').Model
+const moment = require('moment')
+const ms = require('ms')
+const jwt = require('jsonwebtoken')
+
+/**
+ * Users model
+ */
+module.exports = class ApiKey extends Model {
+  static get tableName() { return 'apiKeys' }
+
+  static get jsonSchema () {
+    return {
+      type: 'object',
+      required: ['name', 'key'],
+
+      properties: {
+        id: {type: 'integer'},
+        name: {type: 'string'},
+        key: {type: 'string'},
+        expiration: {type: 'string'},
+        isRevoked: {type: 'boolean'},
+        createdAt: {type: 'string'},
+        validUntil: {type: 'string'}
+      }
+    }
+  }
+
+  async $beforeUpdate(opt, context) {
+    await super.$beforeUpdate(opt, context)
+
+    this.updatedAt = moment.utc().toISOString()
+  }
+  async $beforeInsert(context) {
+    await super.$beforeInsert(context)
+
+    this.createdAt = moment.utc().toISOString()
+    this.updatedAt = moment.utc().toISOString()
+  }
+
+  static async createNewKey ({ name, expiration, fullAccess, group }) {
+    const entry = await WIKI.models.apiKeys.query().insert({
+      name,
+      key: 'pending',
+      expiration: moment.utc().add(ms(expiration), 'ms').toISOString(),
+      isRevoked: true
+    })
+
+    const key = jwt.sign({
+      api: entry.id,
+      grp: fullAccess ? 1 : group
+    }, {
+      key: WIKI.config.certs.private,
+      passphrase: WIKI.config.sessionSecret
+    }, {
+      algorithm: 'RS256',
+      expiresIn: expiration,
+      audience: WIKI.config.auth.audience,
+      issuer: 'urn:wiki.js'
+    })
+
+    await WIKI.models.apiKeys.query().findById(entry.id).patch({
+      key,
+      isRevoked: false
+    })
+
+    return key
+  }
+}
--- a/server/models/users.js
+++ b/server/models/users.js
@@ -26,7 +26,6 @@ module.exports = class User extends Model {
        name: {type: 'string', minLength: 1, maxLength: 255},
        providerId: {type: 'string'},
        password: {type: 'string'},
-        role: {type: 'string', enum: ['admin', 'guest', 'user']},
        tfaIsActive: {type: 'boolean', default: false},
        tfaSecret: {type: 'string'},
        jobTitle: {type: 'string'},