StyAndCo/zappyzep
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

More work on API permissions

Browse source
This commit is contained in:
Dragory 2019-11-08 00:04:24 +02:00
parent 79b0adf81a
commit c9a21c64bf
14 changed files with 318 additions and 85 deletions
Download patch file Download diff file Expand all files Collapse all files

6
backend/src/api/auth.ts
View file

@ -7,7 +7,7 @@ import pick from "lodash.pick";
import https from "https";
import { ApiUserInfo } from "../data/ApiUserInfo";
import { ApiUserInfoData } from "../data/entities/ApiUserInfo";
import { ApiPermissions } from "../data/ApiPermissions";
import { ApiPermissionAssignments } from "../data/ApiPermissionAssignments";
import { ok } from "./responses";
interface IPassportApiUser {
@ -71,7 +71,7 @@ export function initAuth(app: express.Express) {
const apiLogins = new ApiLogins();
const apiUserInfo = new ApiUserInfo();
const apiPermissions = new ApiPermissions();
const apiPermissionAssignments = new ApiPermissionAssignments();
// Initialize API tokens
passport.use(
@ -105,7 +105,7 @@ export function initAuth(app: express.Express) {
const user = await simpleDiscordAPIRequest(accessToken, "users/@me");
// Make sure the user is able to access at least 1 guild
const permissions = await apiPermissions.getByUserId(user.id);
const permissions = await apiPermissionAssignments.getByUserId(user.id);
if (permissions.length === 0) {
cb(null, {});
return;

27
backend/src/api/guilds.ts
View file

@ -1,35 +1,38 @@
import express from "express";
import passport from "passport";
import express, { Request, Response } from "express";
import { AllowedGuilds } from "../data/AllowedGuilds";
import { ApiPermissions } from "../data/ApiPermissions";
import { clientError, error, ok, serverError, unauthorized } from "./responses";
import { clientError, ok, serverError, unauthorized } from "./responses";
import { Configs } from "../data/Configs";
import { ApiRoles } from "../data/ApiRoles";
import { validateGuildConfig } from "../configValidator";
import yaml, { YAMLException } from "js-yaml";
import { apiTokenAuthHandlers } from "./auth";
import { ApiPermissions, hasPermission, permissionArrToSet } from "@shared/apiPermissions";
import { ApiPermissionAssignments } from "../data/ApiPermissionAssignments";
export function initGuildsAPI(app: express.Express) {
const allowedGuilds = new AllowedGuilds();
const apiPermissions = new ApiPermissions();
const apiPermissionAssignments = new ApiPermissionAssignments();
const configs = new Configs();
app.get("/guilds/available", ...apiTokenAuthHandlers(), async (req, res) => {
app.get("/guilds/available", ...apiTokenAuthHandlers(), async (req: Request, res: Response) => {
const guilds = await allowedGuilds.getForApiUser(req.user.userId);
res.json(guilds);
});
app.get("/guilds/:guildId/config", ...apiTokenAuthHandlers(), async (req, res) => {
const permissions = await apiPermissions.getByGuildAndUserId(req.params.guildId, req.user.userId);
if (!permissions) return unauthorized(res);
app.get("/guilds/:guildId/config", ...apiTokenAuthHandlers(), async (req: Request, res: Response) => {
const permAssignment = await apiPermissionAssignments.getByGuildAndUserId(req.params.guildId, req.user.userId);
if (!permAssignment || !hasPermission(permissionArrToSet(permAssignment.permissions), ApiPermissions.ReadConfig)) {
return unauthorized(res);
}
const config = await configs.getActiveByKey(`guild-${req.params.guildId}`);
res.json({ config: config ? config.config : "" });
});
app.post("/guilds/:guildId/config", ...apiTokenAuthHandlers(), async (req, res) => {
const permissions = await apiPermissions.getByGuildAndUserId(req.params.guildId, req.user.userId);
if (!permissions || ApiRoles[permissions.role] < ApiRoles.Editor) return unauthorized(res);
const permAssignment = await apiPermissionAssignments.getByGuildAndUserId(req.params.guildId, req.user.userId);
if (!permAssignment || !hasPermission(permissionArrToSet(permAssignment.permissions), ApiPermissions.EditConfig)) {
return unauthorized(res);
}
let config = req.body.config;
if (config == null) return clientError(res, "No config supplied");

5
backend/src/data/AllowedGuilds.ts
View file

@ -9,6 +9,7 @@ import {
} from "typeorm";
import { BaseGuildRepository } from "./BaseGuildRepository";
import { BaseRepository } from "./BaseRepository";
import { ApiPermissionTypes } from "./ApiPermissionAssignments";
export class AllowedGuilds extends BaseRepository {
private allowedGuilds: Repository<AllowedGuild>;
@ -33,8 +34,8 @@ export class AllowedGuilds extends BaseRepository {
.innerJoin(
"api_permissions",
"api_permissions",
"api_permissions.guild_id = allowed_guilds.id AND api_permissions.user_id = :userId",
{ userId },
"api_permissions.guild_id = allowed_guilds.id AND api_permissions.type = :type AND api_permissions.target_id = :userId",
{ type: ApiPermissionTypes.User, userId },
)
.getMany();
}

36
backend/src/data/ApiPermissionAssignments.ts Normal file
View file

@ -0,0 +1,36 @@
import { getRepository, Repository } from "typeorm";
import { ApiPermissionAssignment } from "./entities/ApiPermissionAssignment";
import { BaseRepository } from "./BaseRepository";
export enum ApiPermissionTypes {
User = "USER",
Role = "ROLE",
}
export class ApiPermissionAssignments extends BaseRepository {
private apiPermissions: Repository<ApiPermissionAssignment>;
constructor() {
super();
this.apiPermissions = getRepository(ApiPermissionAssignment);
}
getByUserId(userId) {
return this.apiPermissions.find({
where: {
type: ApiPermissionTypes.User,
target_id: userId,
},
});
}
getByGuildAndUserId(guildId, userId) {
return this.apiPermissions.findOne({
where: {
guild_id: guildId,
type: ApiPermissionTypes.User,
target_id: userId,
},
});
}
}

29
backend/src/data/ApiPermissions.ts
View file

@ -1,29 +0,0 @@
import { getRepository, Repository } from "typeorm";
import { ApiPermission } from "./entities/ApiPermission";
import { BaseRepository } from "./BaseRepository";
export class ApiPermissions extends BaseRepository {
private apiPermissions: Repository<ApiPermission>;
constructor() {
super();
this.apiPermissions = getRepository(ApiPermission);
}
getByUserId(userId) {
return this.apiPermissions.find({
where: {
user_id: userId,
},
});
}
getByGuildAndUserId(guildId, userId) {
return this.apiPermissions.findOne({
where: {
guild_id: guildId,
user_id: userId,
},
});
}
}

6
backend/src/data/ApiRoles.ts
View file

@ -1,6 +0,0 @@
export enum ApiRoles {
Viewer = 1,
Editor,
Manager,
ServerOwner,
}

14
backend/src/data/entities/ApiPermission.ts → backend/src/data/entities/ApiPermissionAssignment.ts
View file

@ -2,19 +2,23 @@ import { Entity, Column, PrimaryColumn, ManyToOne, JoinColumn } from "typeorm";
import { ApiUserInfo } from "./ApiUserInfo";
@Entity("api_permissions")
export class ApiPermission {
export class ApiPermissionAssignment {
@Column()
@PrimaryColumn()
guild_id: string;
@Column()
@PrimaryColumn()
user_id: string;
type: string;
@Column()
role: string;
@PrimaryColumn()
target_id: string;
@ManyToOne(type => ApiUserInfo, userInfo => userInfo.permissions)
@JoinColumn({ name: "user_id" })
@Column("simple-array")
permissions: string[];
@ManyToOne(type => ApiUserInfo, userInfo => userInfo.permissionAssignments)
@JoinColumn({ name: "target_id" })
userInfo: ApiUserInfo;
}

6
backend/src/data/entities/ApiUserInfo.ts
View file

@ -1,6 +1,6 @@
import { Entity, Column, PrimaryColumn, OneToMany } from "typeorm";
import { ApiLogin } from "./ApiLogin";
import { ApiPermission } from "./ApiPermission";
import { ApiPermissionAssignment } from "./ApiPermissionAssignment";
export interface ApiUserInfoData {
username: string;
@ -23,6 +23,6 @@ export class ApiUserInfo {
@OneToMany(type => ApiLogin, login => login.userInfo)
logins: ApiLogin[];
@OneToMany(type => ApiPermission, perm => perm.userInfo)
permissions: ApiPermission[];
@OneToMany(type => ApiPermissionAssignment, p => p.userInfo)
permissionAssignments: ApiPermissionAssignment[];
}

74
backend/src/migrations/1573158035867-AddTypeAndPermissionsToApiPermissions.ts Normal file
View file

@ -0,0 +1,74 @@
import { MigrationInterface, QueryRunner, TableColumn, TableIndex } from "typeorm";
export class AddTypeAndPermissionsToApiPermissions1573158035867 implements MigrationInterface {
public async up(queryRunner: QueryRunner): Promise<any> {
await queryRunner.dropPrimaryKey("api_permissions");
await queryRunner.dropIndex("api_permissions", "IDX_5e371749d4cb4a5191f35e26f6");
await queryRunner.addColumn(
"api_permissions",
new TableColumn({
name: "type",
type: "varchar",
length: "16",
}),
);
await queryRunner.renameColumn("api_permissions", "user_id", "target_id");
await queryRunner.createPrimaryKey("api_permissions", ["guild_id", "type", "target_id"]);
await queryRunner.dropColumn("api_permissions", "role");
await queryRunner.addColumn(
"api_permissions",
new TableColumn({
name: "permissions",
type: "text",
}),
);
await queryRunner.query(`
UPDATE api_permissions
SET type="USER",
permissions="EDIT_CONFIG"
`);
await queryRunner.createIndex(
"api_permissions",
new TableIndex({
columnNames: ["type", "target_id"],
}),
);
}
public async down(queryRunner: QueryRunner): Promise<any> {
await queryRunner.dropIndex("api_permissions", "IDX_e06d750f13e6a4b4d3d6b847a9");
await queryRunner.dropColumn("api_permissions", "permissions");
await queryRunner.addColumn(
"api_permissions",
new TableColumn({
name: "role",
type: "varchar",
length: "32",
}),
);
await queryRunner.dropPrimaryKey("api_permissions");
await queryRunner.renameColumn("api_permissions", "target_id", "user_id");
await queryRunner.dropColumn("api_permissions", "type");
await queryRunner.createIndex(
"api_permissions",
new TableIndex({
columnNames: ["user_id"],
}),
);
await queryRunner.createPrimaryKey("api_permissions", ["guild_id", "user_id"]);
}
}