Merge pull request 'feat(AccessToken&ACL): refs #7547 upgrade security' (!2630) from 7547-accessToken-security into dev
gitea/salix/pipeline/head This commit looks good Details

Reviewed-on: #2630
Reviewed-by: Juan Ferrer <juan@verdnatura.es>
This commit is contained in:
Alex Moreno 2024-09-09 11:02:06 +00:00
commit 5a04083d31
5 changed files with 72 additions and 0 deletions

View File

@ -0,0 +1,29 @@
module.exports = Self => {
Self.remoteMethodCtx('killSession', {
description: 'Kill session',
accepts: [{
arg: 'userId',
type: 'integer',
description: 'The user id',
required: true,
}, {
arg: 'created',
type: 'date',
description: 'The created time',
required: true,
}],
accessType: 'WRITE',
http: {
path: `/killSession`,
verb: 'POST'
}
});
Self.killSession = async function(ctx, userId, created) {
await Self.app.models.VnUser.userSecurity(ctx, ctx.req.accessToken.userId);
const tokens = await Self.app.models.AccessToken.find({where: {userId, created}});
if (!tokens?.length) return;
for (const token of tokens)
await Self.app.models.AccessToken.deleteById(token.id);
};
};

View File

@ -175,6 +175,9 @@
"ViaexpressConfig": {
"dataSource": "vn"
},
"VnToken": {
"dataSource": "vn"
},
"VnUser": {
"dataSource": "vn"
},

5
back/models/vn-token.js Normal file
View File

@ -0,0 +1,5 @@
const vnModel = require('vn-loopback/common/models/vn-model');
module.exports = function(Self) {
vnModel(Self);
require('../methods/vn-token/killSession')(Self);
};

22
back/models/vn-token.json Normal file
View File

@ -0,0 +1,22 @@
{
"name": "VnToken",
"base": "AccessToken",
"options": {
"mysql": {
"table": "salix.AccessToken"
}
},
"properties": {
"created": {
"type": "date"
}
},
"relations": {
"user": {
"type": "belongsTo",
"model": "VnUser",
"foreignKey": "userId"
}
},
"hidden": ["id"]
}

View File

@ -0,0 +1,13 @@
UPDATE `salix`.`ACL`
SET accessType='READ'
WHERE model = 'ACL';
UPDATE `salix`.`ACL`
SET principalId='developerBoss'
WHERE model = 'AccessToken';
INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId)
VALUES
('VnToken', '*', 'READ', 'ALLOW', 'ROLE', 'developer'),
('VnToken', 'killSession', '*', 'ALLOW', 'ROLE', 'developer'),
('ACL', '*', 'WRITE', 'ALLOW', 'ROLE', 'developerBoss');