]>
Commit | Line | Data |
---|---|---|
1 | import { Transaction } from 'sequelize' | |
2 | import { | |
3 | AfterDestroy, | |
4 | AfterUpdate, | |
5 | AllowNull, | |
6 | BelongsTo, | |
7 | Column, | |
8 | CreatedAt, | |
9 | ForeignKey, | |
10 | Model, | |
11 | Scopes, | |
12 | Table, | |
13 | UpdatedAt | |
14 | } from 'sequelize-typescript' | |
15 | import { TokensCache } from '@server/lib/auth/tokens-cache' | |
16 | import { MUserAccountId } from '@server/types/models' | |
17 | import { MOAuthTokenUser } from '@server/types/models/oauth/oauth-token' | |
18 | import { AttributesOnly } from '@shared/typescript-utils' | |
19 | import { logger } from '../../helpers/logger' | |
20 | import { AccountModel } from '../account/account' | |
21 | import { ActorModel } from '../actor/actor' | |
22 | import { UserModel } from '../user/user' | |
23 | import { OAuthClientModel } from './oauth-client' | |
24 | ||
25 | export type OAuthTokenInfo = { | |
26 | refreshToken: string | |
27 | refreshTokenExpiresAt: Date | |
28 | client: { | |
29 | id: number | |
30 | } | |
31 | user: MUserAccountId | |
32 | token: MOAuthTokenUser | |
33 | } | |
34 | ||
35 | enum ScopeNames { | |
36 | WITH_USER = 'WITH_USER' | |
37 | } | |
38 | ||
39 | @Scopes(() => ({ | |
40 | [ScopeNames.WITH_USER]: { | |
41 | include: [ | |
42 | { | |
43 | model: UserModel.unscoped(), | |
44 | required: true, | |
45 | include: [ | |
46 | { | |
47 | attributes: [ 'id' ], | |
48 | model: AccountModel.unscoped(), | |
49 | required: true, | |
50 | include: [ | |
51 | { | |
52 | attributes: [ 'id', 'url' ], | |
53 | model: ActorModel.unscoped(), | |
54 | required: true | |
55 | } | |
56 | ] | |
57 | } | |
58 | ] | |
59 | } | |
60 | ] | |
61 | } | |
62 | })) | |
63 | @Table({ | |
64 | tableName: 'oAuthToken', | |
65 | indexes: [ | |
66 | { | |
67 | fields: [ 'refreshToken' ], | |
68 | unique: true | |
69 | }, | |
70 | { | |
71 | fields: [ 'accessToken' ], | |
72 | unique: true | |
73 | }, | |
74 | { | |
75 | fields: [ 'userId' ] | |
76 | }, | |
77 | { | |
78 | fields: [ 'oAuthClientId' ] | |
79 | } | |
80 | ] | |
81 | }) | |
82 | export class OAuthTokenModel extends Model<Partial<AttributesOnly<OAuthTokenModel>>> { | |
83 | ||
84 | @AllowNull(false) | |
85 | @Column | |
86 | accessToken: string | |
87 | ||
88 | @AllowNull(false) | |
89 | @Column | |
90 | accessTokenExpiresAt: Date | |
91 | ||
92 | @AllowNull(false) | |
93 | @Column | |
94 | refreshToken: string | |
95 | ||
96 | @AllowNull(false) | |
97 | @Column | |
98 | refreshTokenExpiresAt: Date | |
99 | ||
100 | @Column | |
101 | authName: string | |
102 | ||
103 | @CreatedAt | |
104 | createdAt: Date | |
105 | ||
106 | @UpdatedAt | |
107 | updatedAt: Date | |
108 | ||
109 | @ForeignKey(() => UserModel) | |
110 | @Column | |
111 | userId: number | |
112 | ||
113 | @BelongsTo(() => UserModel, { | |
114 | foreignKey: { | |
115 | allowNull: false | |
116 | }, | |
117 | onDelete: 'cascade' | |
118 | }) | |
119 | User: UserModel | |
120 | ||
121 | @ForeignKey(() => OAuthClientModel) | |
122 | @Column | |
123 | oAuthClientId: number | |
124 | ||
125 | @BelongsTo(() => OAuthClientModel, { | |
126 | foreignKey: { | |
127 | allowNull: false | |
128 | }, | |
129 | onDelete: 'cascade' | |
130 | }) | |
131 | OAuthClients: OAuthClientModel[] | |
132 | ||
133 | @AfterUpdate | |
134 | @AfterDestroy | |
135 | static removeTokenCache (token: OAuthTokenModel) { | |
136 | return TokensCache.Instance.clearCacheByToken(token.accessToken) | |
137 | } | |
138 | ||
139 | static loadByRefreshToken (refreshToken: string) { | |
140 | const query = { | |
141 | where: { refreshToken } | |
142 | } | |
143 | ||
144 | return OAuthTokenModel.findOne(query) | |
145 | } | |
146 | ||
147 | static getByRefreshTokenAndPopulateClient (refreshToken: string) { | |
148 | const query = { | |
149 | where: { | |
150 | refreshToken | |
151 | }, | |
152 | include: [ OAuthClientModel ] | |
153 | } | |
154 | ||
155 | return OAuthTokenModel.scope(ScopeNames.WITH_USER) | |
156 | .findOne(query) | |
157 | .then(token => { | |
158 | if (!token) return null | |
159 | ||
160 | return { | |
161 | refreshToken: token.refreshToken, | |
162 | refreshTokenExpiresAt: token.refreshTokenExpiresAt, | |
163 | client: { | |
164 | id: token.oAuthClientId | |
165 | }, | |
166 | user: token.User, | |
167 | token | |
168 | } as OAuthTokenInfo | |
169 | }) | |
170 | .catch(err => { | |
171 | logger.error('getRefreshToken error.', { err }) | |
172 | throw err | |
173 | }) | |
174 | } | |
175 | ||
176 | static getByTokenAndPopulateUser (bearerToken: string): Promise<MOAuthTokenUser> { | |
177 | const query = { | |
178 | where: { | |
179 | accessToken: bearerToken | |
180 | } | |
181 | } | |
182 | ||
183 | return OAuthTokenModel.scope(ScopeNames.WITH_USER) | |
184 | .findOne(query) | |
185 | .then(token => { | |
186 | if (!token) return null | |
187 | ||
188 | return Object.assign(token, { user: token.User }) | |
189 | }) | |
190 | } | |
191 | ||
192 | static getByRefreshTokenAndPopulateUser (refreshToken: string): Promise<MOAuthTokenUser> { | |
193 | const query = { | |
194 | where: { | |
195 | refreshToken | |
196 | } | |
197 | } | |
198 | ||
199 | return OAuthTokenModel.scope(ScopeNames.WITH_USER) | |
200 | .findOne(query) | |
201 | .then(token => { | |
202 | if (!token) return undefined | |
203 | ||
204 | return Object.assign(token, { user: token.User }) | |
205 | }) | |
206 | } | |
207 | ||
208 | static deleteUserToken (userId: number, t?: Transaction) { | |
209 | TokensCache.Instance.deleteUserToken(userId) | |
210 | ||
211 | const query = { | |
212 | where: { | |
213 | userId | |
214 | }, | |
215 | transaction: t | |
216 | } | |
217 | ||
218 | return OAuthTokenModel.destroy(query) | |
219 | } | |
220 | } |