feat(AccessToken&ACL): refs #7547 upgrade security #2630
|
@ -0,0 +1,29 @@
|
|||
module.exports = Self => {
|
||||
Self.remoteMethodCtx('killSession', {
|
||||
description: 'Kill session',
|
||||
accepts: [{
|
||||
arg: 'userId',
|
||||
type: 'integer',
|
||||
description: 'The user id',
|
||||
required: true,
|
||||
}, {
|
||||
arg: 'created',
|
||||
type: 'date',
|
||||
description: 'The created time',
|
||||
required: true,
|
||||
}],
|
||||
accessType: 'WRITE',
|
||||
http: {
|
||||
path: `/killSession`,
|
||||
verb: 'POST'
|
||||
}
|
||||
});
|
||||
|
||||
Self.killSession = async function(ctx, userId, created) {
|
||||
await Self.app.models.VnUser.userSecurity(ctx, ctx.req.accessToken.userId);
|
||||
const tokens = await Self.app.models.AccessToken.find({where: {userId, created}});
|
||||
if (!tokens?.length) return;
|
||||
for (const token of tokens)
|
||||
await Self.app.models.AccessToken.deleteById(token.id);
|
||||
};
|
||||
};
|
|
@ -175,6 +175,9 @@
|
|||
"ViaexpressConfig": {
|
||||
"dataSource": "vn"
|
||||
},
|
||||
"VnToken": {
|
||||
"dataSource": "vn"
|
||||
},
|
||||
"VnUser": {
|
||||
"dataSource": "vn"
|
||||
},
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
const vnModel = require('vn-loopback/common/models/vn-model');
|
||||
module.exports = function(Self) {
|
||||
vnModel(Self);
|
||||
require('../methods/vn-token/killSession')(Self);
|
||||
};
|
|
@ -0,0 +1,22 @@
|
|||
{
|
||||
"name": "VnToken",
|
||||
"base": "AccessToken",
|
||||
"options": {
|
||||
"mysql": {
|
||||
"table": "salix.AccessToken"
|
||||
}
|
||||
},
|
||||
"properties": {
|
||||
"created": {
|
||||
"type": "date"
|
||||
}
|
||||
},
|
||||
"relations": {
|
||||
"user": {
|
||||
"type": "belongsTo",
|
||||
"model": "VnUser",
|
||||
"foreignKey": "userId"
|
||||
}
|
||||
},
|
||||
"hidden": ["id"]
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
UPDATE `salix`.`ACL`
|
||||
SET accessType='READ'
|
||||
WHERE model = 'ACL';
|
||||
|
||||
UPDATE `salix`.`ACL`
|
||||
SET principalId='developerBoss'
|
||||
WHERE model = 'AccessToken';
|
||||
|
||||
INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId)
|
||||
VALUES
|
||||
('VnToken', '*', 'READ', 'ALLOW', 'ROLE', 'developer'),
|
||||
('VnToken', 'killSession', '*', 'ALLOW', 'ROLE', 'developer'),
|
||||
('ACL', '*', 'WRITE', 'ALLOW', 'ROLE', 'developerBoss');
|
Loading…
Reference in New Issue