usememos/memos
1
1
Fork 0
mirror of https://github.com/usememos/memos.git synced 2025-10-28 07:19:08 +08:00
Code Issues Projects Releases Packages Wiki Activity

chore: update user access token checks

Browse source
This commit is contained in:
Steven 2024-05-20 22:32:42 +08:00
parent f54b05a521
commit f37b34544b
1 changed files with 36 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
server/router/api/v1/user_service.go
View file

@ -346,7 +346,12 @@ func (s *APIV1Service) UpdateUserSetting(ctx context.Context, request *v1pb.Upda
return s.GetUserSetting(ctx, &v1pb.GetUserSettingRequest{}) return s.GetUserSetting(ctx, &v1pb.GetUserSettingRequest{})
} }
func (s *APIV1Service) ListUserAccessTokens(ctx context.Context, _ *v1pb.ListUserAccessTokensRequest) (*v1pb.ListUserAccessTokensResponse, error) { func (s *APIV1Service) ListUserAccessTokens(ctx context.Context, request *v1pb.ListUserAccessTokensRequest) (*v1pb.ListUserAccessTokensResponse, error) {
userID, err := ExtractUserIDFromName(request.Name)
if err != nil {
return nil, status.Errorf(codes.InvalidArgument, "invalid user name: %v", err)
}
currentUser, err := getCurrentUser(ctx, s.Store) currentUser, err := getCurrentUser(ctx, s.Store)
if err != nil { if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err) return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err)
@ -354,8 +359,11 @@ func (s *APIV1Service) ListUserAccessTokens(ctx context.Context, _ *v1pb.ListUse
if currentUser == nil { if currentUser == nil {
return nil, status.Errorf(codes.PermissionDenied, "permission denied") return nil, status.Errorf(codes.PermissionDenied, "permission denied")
} }
if currentUser.ID != userID {
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
}
userAccessTokens, err := s.Store.GetUserAccessTokens(ctx, currentUser.ID) userAccessTokens, err := s.Store.GetUserAccessTokens(ctx, userID)
if err != nil { if err != nil {
return nil, status.Errorf(codes.Internal, "failed to list access tokens: %v", err) return nil, status.Errorf(codes.Internal, "failed to list access tokens: %v", err)
} }
@ -401,17 +409,27 @@ func (s *APIV1Service) ListUserAccessTokens(ctx context.Context, _ *v1pb.ListUse
} }
func (s *APIV1Service) CreateUserAccessToken(ctx context.Context, request *v1pb.CreateUserAccessTokenRequest) (*v1pb.UserAccessToken, error) { func (s *APIV1Service) CreateUserAccessToken(ctx context.Context, request *v1pb.CreateUserAccessTokenRequest) (*v1pb.UserAccessToken, error) {
user, err := getCurrentUser(ctx, s.Store) userID, err := ExtractUserIDFromName(request.Name)
if err != nil {
return nil, status.Errorf(codes.InvalidArgument, "invalid user name: %v", err)
}
currentUser, err := getCurrentUser(ctx, s.Store)
if err != nil { if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err) return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err)
} }
if currentUser == nil {
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
}
if currentUser.ID != userID {
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
}
expiresAt := time.Time{} expiresAt := time.Time{}
if request.ExpiresAt != nil { if request.ExpiresAt != nil {
expiresAt = request.ExpiresAt.AsTime() expiresAt = request.ExpiresAt.AsTime()
} }
accessToken, err := GenerateAccessToken(user.Username, user.ID, expiresAt, []byte(s.Secret)) accessToken, err := GenerateAccessToken(currentUser.Username, currentUser.ID, expiresAt, []byte(s.Secret))
if err != nil { if err != nil {
return nil, status.Errorf(codes.Internal, "failed to generate access token: %v", err) return nil, status.Errorf(codes.Internal, "failed to generate access token: %v", err)
} }
@ -433,7 +451,7 @@ func (s *APIV1Service) CreateUserAccessToken(ctx context.Context, request *v1pb.
} }
// Upsert the access token to user setting store. // Upsert the access token to user setting store.
if err := s.UpsertAccessTokenToStore(ctx, user, accessToken, request.Description); err != nil { if err := s.UpsertAccessTokenToStore(ctx, currentUser, accessToken, request.Description); err != nil {
return nil, status.Errorf(codes.Internal, "failed to upsert access token to store: %v", err) return nil, status.Errorf(codes.Internal, "failed to upsert access token to store: %v", err)
} }
@ -449,12 +467,22 @@ func (s *APIV1Service) CreateUserAccessToken(ctx context.Context, request *v1pb.
} }
func (s *APIV1Service) DeleteUserAccessToken(ctx context.Context, request *v1pb.DeleteUserAccessTokenRequest) (*emptypb.Empty, error) { func (s *APIV1Service) DeleteUserAccessToken(ctx context.Context, request *v1pb.DeleteUserAccessTokenRequest) (*emptypb.Empty, error) {
user, err := getCurrentUser(ctx, s.Store) userID, err := ExtractUserIDFromName(request.Name)
if err != nil {
return nil, status.Errorf(codes.InvalidArgument, "invalid user name: %v", err)
}
currentUser, err := getCurrentUser(ctx, s.Store)
if err != nil { if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err) return nil, status.Errorf(codes.Internal, "failed to get current user: %v", err)
} }
if currentUser == nil {
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
}
if currentUser.ID != userID {
return nil, status.Errorf(codes.PermissionDenied, "permission denied")
}
userAccessTokens, err := s.Store.GetUserAccessTokens(ctx, user.ID) userAccessTokens, err := s.Store.GetUserAccessTokens(ctx, currentUser.ID)
if err != nil { if err != nil {
return nil, status.Errorf(codes.Internal, "failed to list access tokens: %v", err) return nil, status.Errorf(codes.Internal, "failed to list access tokens: %v", err)
} }
@ -466,7 +494,7 @@ func (s *APIV1Service) DeleteUserAccessToken(ctx context.Context, request *v1pb.
updatedUserAccessTokens = append(updatedUserAccessTokens, userAccessToken) updatedUserAccessTokens = append(updatedUserAccessTokens, userAccessToken)
} }
if _, err := s.Store.UpsertUserSetting(ctx, &storepb.UserSetting{ if _, err := s.Store.UpsertUserSetting(ctx, &storepb.UserSetting{
UserId: user.ID, UserId: currentUser.ID,
Key: storepb.UserSettingKey_ACCESS_TOKENS, Key: storepb.UserSettingKey_ACCESS_TOKENS,
Value: &storepb.UserSetting_AccessTokens{ Value: &storepb.UserSetting_AccessTokens{
AccessTokens: &storepb.AccessTokensUserSetting{ AccessTokens: &storepb.AccessTokensUserSetting{