@nocobase/plugin-api-keys 0.10.1-alpha.1

package/src/client/index.tsx

@@ -0,0 +1,29 @@
+import { SchemaComponentOptions, SettingsCenterProvider } from '@nocobase/client';
+import React from 'react';
+import { Configuration } from './Configuration';
+import { useTranslation } from './locale';
+
+const ApiKeysProvider = React.memo((props) => {
+  const { t } = useTranslation();
+  return (
+    <SettingsCenterProvider
+      settings={{
+        ['api-keys']: {
+          title: t('API keys'),
+          icon: 'EnvironmentOutlined',
+          tabs: {
+            configuration: {
+              title: t('Keys manager'),
+              component: Configuration,
+            },
+          },
+        },
+      }}
+    >
+      <SchemaComponentOptions components={{}}>{props.children}</SchemaComponentOptions>
+    </SettingsCenterProvider>
+  );
+});
+ApiKeysProvider.displayName = 'ApiKeysProvider';
+
+export default ApiKeysProvider;

package/src/client/locale/en-US.ts

@@ -0,0 +1,3 @@
+const locale = {};
+
+export default locale;

package/src/client/locale/index.ts

@@ -0,0 +1,13 @@
+import { i18n } from '@nocobase/client';
+import { useTranslation as useT } from 'react-i18next';
+import { NAMESPACE } from '../../constants';
+
+export function lang(key: string) {
+  return i18n.t(key, { ns: NAMESPACE });
+}
+
+export function useTranslation() {
+  return useT([NAMESPACE, 'client'], {
+    nsMode: 'fallback',
+  });
+}

package/src/client/locale/zh-CN.ts

@@ -0,0 +1,21 @@
+const locale = {
+  'API key created successfully': 'API key 创建成功',
+  'Make sure to copy your personal access key now as you will not be able to see this again.':
+    '请确保现在复制你的个人访问密钥，因为你将无法再次看到这个密钥。',
+  'Key name': '密钥名称',
+  Expiration: '过期时间',
+  'Delete API key': '删除 API key',
+  Role: '角色',
+  'Keys manager': '密钥管理',
+  'Created at': '创建时间',
+  'Add API key': '添加 API key',
+  Never: '永不',
+  Custom: '自定义',
+  'Never expires': '永不过期',
+  '1 Day': '1 天',
+  '7 Days': '7 天',
+  '30 Days': '30 天',
+  '90 Days': '90 天',
+};
+
+export default locale;

package/src/collections/api-keys.ts

@@ -0,0 +1,95 @@
+import type { CollectionOptions } from '@nocobase/database';
+import { generateNTemplate } from '../locale';
+
+export default {
+  namespace: 'api-keys',
+  duplicator: 'optional',
+  name: 'apiKeys',
+  title: '{{t("API keys")}}',
+  sortable: 'sort',
+  model: 'ApiKeyModel',
+  createdBy: true,
+  updatedAt: false,
+  updatedBy: false,
+  logging: true,
+  fields: [
+    {
+      name: 'id',
+      type: 'bigInt',
+      autoIncrement: true,
+      primaryKey: true,
+      allowNull: false,
+      interface: 'id',
+    },
+    {
+      type: 'string',
+      name: 'name',
+      interface: 'input',
+      uiSchema: {
+        type: 'string',
+        title: '{{t("name")}}',
+        'x-component': 'Input',
+      },
+    },
+    {
+      interface: 'obo',
+      type: 'belongsTo',
+      name: 'role',
+      target: 'roles',
+      foreignKey: 'roleName',
+      uiSchema: {
+        type: 'object',
+        title: '{{t("Roles")}}',
+        'x-component': 'Select',
+        'x-component-props': {
+          fieldNames: {
+            label: 'title',
+            value: 'name',
+          },
+          objectValue: true,
+          options: '{{ currentRoles }}',
+        },
+      },
+    },
+    {
+      name: 'expiresIn',
+      type: 'string',
+      uiSchema: {
+        type: 'string',
+        title: generateNTemplate('Expires'),
+        'x-component': 'ExpiresSelect',
+        enum: [
+          {
+            label: generateNTemplate('1 Day'),
+            value: '1d',
+          },
+          {
+            label: generateNTemplate('7 Days'),
+            value: '7d',
+          },
+          {
+            label: generateNTemplate('30 Days'),
+            value: '30d',
+          },
+          {
+            label: generateNTemplate('90 Days'),
+            value: '90d',
+          },
+          {
+            label: generateNTemplate('Custom'),
+            value: 'custom',
+          },
+          {
+            label: generateNTemplate('Never'),
+            value: 'never',
+          },
+        ],
+      },
+    },
+    {
+      name: 'token',
+      type: 'string',
+      hidden: true,
+    },
+  ],
+} as CollectionOptions;

package/src/collections/index.ts

@@ -0,0 +1 @@
+export { default as apiKeysCollection } from './api-keys';

package/src/constants.ts

@@ -0,0 +1 @@
+export const NAMESPACE = 'api-keys';

package/src/index.ts

@@ -0,0 +1 @@
+export { default } from './server';

package/src/locale.ts

@@ -0,0 +1,5 @@
+import { NAMESPACE } from './constants';
+
+export function generateNTemplate(key: string) {
+  return `{{t('${key}', { ns: '${NAMESPACE}', nsMode: 'fallback' })}}`;
+}

package/src/server/__tests__/actions.test.ts

@@ -0,0 +1,181 @@
+import Database, { Repository } from '@nocobase/database';
+import { mockServer, MockServer } from '@nocobase/test';
+
+describe('actions', () => {
+  let app: MockServer;
+  let db: Database;
+  let repo: Repository;
+  let agent;
+  let resource;
+
+  beforeEach(async () => {
+    app = mockServer({
+      registerActions: true,
+      acl: true,
+      plugins: ['users', 'auth', 'api-keys', 'acl'],
+    });
+
+    await app.loadAndInstall({ clean: true });
+    db = app.db;
+    repo = db.getRepository('apiKeys');
+    agent = app.agent();
+    resource = agent.set('X-Role', 'admin').resource('apiKeys');
+  });
+
+  afterEach(async () => {
+    await repo.destroy({
+      truncate: true,
+    });
+    await db.close();
+  });
+
+  let user;
+  let testUser;
+  let role;
+  let testRole;
+  let createData;
+  const expiresIn = 60 * 60 * 24;
+
+  beforeEach(async () => {
+    const userRepo = await db.getRepository('users');
+    user = await userRepo.findOne({
+      appends: ['roles'],
+    });
+    testUser = await userRepo.create({
+      values: {
+        nickname: 'test',
+        roles: user.roles,
+      },
+    });
+    const roleRepo = await db.getRepository('roles');
+    testRole = await roleRepo.create({
+      values: {
+        name: 'TEST_ROLE',
+      },
+    });
+
+    role = await (db.getRepository('users.roles', user.id) as unknown as Repository).findOne({
+      where: {
+        default: true,
+      },
+    });
+    createData = {
+      values: {
+        name: 'TEST',
+        role,
+        expiresIn,
+      },
+    };
+    await agent.login(user);
+  });
+
+  describe('create', () => {
+    let result;
+    let tokenData;
+
+    beforeEach(async () => {
+      result = (await resource.create(createData)).body.data;
+      tokenData = await app.authManager.jwt.decode(result.token);
+    });
+
+    it('basic', async () => {
+      expect(result).toHaveProperty('token');
+    });
+
+    it('the role that does not belong to you should throw error', async () => {
+      const res = await resource.create({
+        values: {
+          ...createData,
+          role: testRole,
+        },
+      });
+      expect(res.status).toBe(400);
+      expect(res.text).toBe('Role not found');
+    });
+
+    it('token should work', async () => {
+      const checkRes = await agent.set('Authorization', `Bearer ${result.token}`).resource('auth').check();
+      expect(checkRes.body.data.nickname).toBe(user.nickname);
+    });
+
+    it('token expiresIn correctly', async () => {
+      expect(tokenData.exp - tokenData.iat).toBe(expiresIn);
+    });
+
+    it('token roleName correctly', async () => {
+      expect(tokenData.roleName).toBe(role.name);
+    });
+  });
+
+  describe('list', () => {
+    beforeEach(async () => {
+      await resource.create(createData);
+    });
+
+    it('basic', async () => {
+      const res = await resource.list();
+      expect(res.body.data.length).toBe(1);
+      const data = res.body.data[0];
+      expect(data.name).toContain(createData.values.name);
+      expect(data.roleName).toContain(createData.values.role.name);
+    });
+
+    it("Only show current user's API keys", async () => {
+      expect((await resource.list()).body.data.length).toBe(1);
+      await agent.login(testUser);
+      expect((await resource.list()).body.data.length).toBe(0);
+      const values = {
+        name: 'TEST_USER_KEY',
+        expiresIn: 180 * 24 * 60 * 60,
+        role,
+      };
+      await resource.create({
+        values,
+      });
+      const listData = (await resource.list()).body.data;
+      expect(listData.length).toBe(1);
+      expect(listData[0].name).toBe(values.name);
+    });
+  });
+
+  describe('destroy', () => {
+    let result;
+
+    beforeEach(async () => {
+      result = (await resource.create(createData)).body.data;
+    });
+
+    it('basic', async () => {
+      const res = await resource.list();
+      expect(res.body.data.length).toBe(1);
+      const data = res.body.data[0];
+      await resource.destroy({
+        filterByTk: data.id,
+      });
+      expect((await resource.list()).body.data.length).toBe(0);
+    });
+
+    it("Cannot delete other user's API keys", async () => {
+      const res = await resource.list();
+      expect(res.body.data.length).toBe(1);
+      const data = res.body.data[0];
+      await agent.login(testUser);
+      await resource.destroy({
+        filterByTk: data.id,
+      });
+      await agent.login(user);
+      expect((await resource.list()).body.data.length).toBe(1);
+    });
+
+    it('The token should not work after removing the api key', async () => {
+      const res = await resource.list();
+      expect(res.body.data.length).toBe(1);
+      const data = res.body.data[0];
+      await resource.destroy({
+        filterByTk: data.id,
+      });
+      const response = await agent.set('Authorization', `Bearer ${result.token}`).resource('auth').check();
+      expect(response.status).toBe(401);
+    });
+  });
+});

package/src/server/actions/api-keys.ts

@@ -0,0 +1,49 @@
+import actions, { Context, Next } from '@nocobase/actions';
+import { Repository } from '@nocobase/database';
+
+export async function create(ctx: Context, next: Next) {
+  const { values } = ctx.action.params;
+
+  if (!values.role) {
+    return;
+  }
+
+  const repository = ctx.db.getRepository('users.roles', ctx.auth.user.id) as unknown as Repository;
+  const role = await repository.findOne({
+    filter: {
+      name: values.role.name,
+    },
+  });
+  if (!role) {
+    throw ctx.throw(400, ctx.t('Role not found'));
+  }
+
+  const token = ctx.app.authManager.jwt.sign(
+    { userId: ctx.auth.user.id, roleName: role.name },
+    { expiresIn: values.expiresIn },
+  );
+  ctx.action.mergeParams({
+    values: {
+      token,
+    },
+  });
+  return actions.create(ctx, async () => {
+    ctx.body = {
+      token,
+    };
+    await next();
+  });
+}
+
+export async function destroy(ctx: Context, next: Next) {
+  const repo = ctx.db.getRepository(ctx.action.resourceName);
+  const { filterByTk } = ctx.action.params;
+
+  const data = await repo.findById(filterByTk);
+  const token = data?.get('token');
+  if (token) {
+    await ctx.app.authManager.jwt.block(token);
+  }
+
+  return actions.destroy(ctx, next);
+}

package/src/server/index.ts

@@ -0,0 +1 @@
+export { default } from './plugin';

package/src/server/locale/en-US.ts

@@ -0,0 +1 @@
+export default {};

package/src/server/locale/index.ts

@@ -0,0 +1,2 @@
+export { default as enUS } from './en-US';
+export { default as zhCN } from './zh-CN';

package/src/server/locale/zh-CN.ts

@@ -0,0 +1,3 @@
+export default {
+  'Role not found': '角色不存在',
+};

package/src/server/plugin.ts

@@ -0,0 +1,53 @@
+import { Plugin } from '@nocobase/server';
+import { resolve } from 'path';
+import { NAMESPACE } from '../constants';
+import { create, destroy } from './actions/api-keys';
+import { enUS, zhCN } from './locale';
+
+export interface ApiKeysPluginConfig {
+  name?: string;
+}
+
+export default class ApiKeysPlugin extends Plugin<ApiKeysPluginConfig> {
+  resourceName = 'apiKeys';
+  constructor(app, options) {
+    super(app, options);
+  }
+
+  async beforeLoad() {
+    this.app.i18n.addResources('zh-CN', NAMESPACE, zhCN);
+    this.app.i18n.addResources('en-US', NAMESPACE, enUS);
+
+    await this.app.resourcer.define({
+      name: this.resourceName,
+      actions: {
+        create,
+        destroy,
+      },
+      only: ['list', 'create', 'destroy'],
+    });
+
+    this.app.acl.registerSnippet({
+      name: ['pm', this.name, 'configuration'].join('.'),
+      actions: ['apiKeys:list', 'apiKeys:create', 'apiKeys:destroy'],
+    });
+  }
+
+  async load() {
+    await this.db.import({
+      directory: resolve(__dirname, '../collections'),
+    });
+
+    this.app.resourcer.use(async (ctx, next) => {
+      const { resourceName, actionName } = ctx.action.params;
+      if (resourceName == this.resourceName && ['list', 'destroy'].includes(actionName)) {
+        ctx.action.mergeParams({
+          filter: {
+            createdById: ctx.auth.user.id,
+          },
+        });
+      }
+      await next();
+    });
+  }
+}