server/models/oauth/oauth-token.ts

   1 import { Transaction } from 'sequelize'
   2 import {
   3   AfterDestroy,
   4   AfterUpdate,
   5   AllowNull,
   6   BelongsTo,
   7   Column,
   8   CreatedAt,
   9   ForeignKey,
  10   Model,
  11   Scopes,
  12   Table,
  13   UpdatedAt
  14 } from 'sequelize-typescript'
  15 import { TokensCache } from '@server/lib/auth/tokens-cache'
  16 import { MUserAccountId } from '@server/types/models'
  17 import { MOAuthTokenUser } from '@server/types/models/oauth/oauth-token'
  18 import { AttributesOnly } from '@shared/core-utils'
  19 import { logger } from '../../helpers/logger'
  20 import { AccountModel } from '../account/account'
  21 import { ActorModel } from '../actor/actor'
  22 import { UserModel } from '../user/user'
  23 import { OAuthClientModel } from './oauth-client'
  24
  25 export type OAuthTokenInfo = {
  26   refreshToken: string
  27   refreshTokenExpiresAt: Date
  28   client: {
  29     id: number
  30   }
  31   user: MUserAccountId
  32   token: MOAuthTokenUser
  33 }
  34
  35 enum ScopeNames {
  36   WITH_USER = 'WITH_USER'
  37 }
  38
  39 @Scopes(() => ({
  40   [ScopeNames.WITH_USER]: {
  41     include: [
  42       {
  43         model: UserModel.unscoped(),
  44         required: true,
  45         include: [
  46           {
  47             attributes: [ 'id' ],
  48             model: AccountModel.unscoped(),
  49             required: true,
  50             include: [
  51               {
  52                 attributes: [ 'id', 'url' ],
  53                 model: ActorModel.unscoped(),
  54                 required: true
  55               }
  56             ]
  57           }
  58         ]
  59       }
  60     ]
  61   }
  62 }))
  63 @Table({
  64   tableName: 'oAuthToken',
  65   indexes: [
  66     {
  67       fields: [ 'refreshToken' ],
  68       unique: true
  69     },
  70     {
  71       fields: [ 'accessToken' ],
  72       unique: true
  73     },
  74     {
  75       fields: [ 'userId' ]
  76     },
  77     {
  78       fields: [ 'oAuthClientId' ]
  79     }
  80   ]
  81 })
  82 export class OAuthTokenModel extends Model<Partial<AttributesOnly<OAuthTokenModel>>> {
  83
  84   @AllowNull(false)
  85   @Column
  86   accessToken: string
  87
  88   @AllowNull(false)
  89   @Column
  90   accessTokenExpiresAt: Date
  91
  92   @AllowNull(false)
  93   @Column
  94   refreshToken: string
  95
  96   @AllowNull(false)
  97   @Column
  98   refreshTokenExpiresAt: Date
  99
 100   @Column
 101   authName: string
 102
 103   @CreatedAt
 104   createdAt: Date
 105
 106   @UpdatedAt
 107   updatedAt: Date
 108
 109   @ForeignKey(() => UserModel)
 110   @Column
 111   userId: number
 112
 113   @BelongsTo(() => UserModel, {
 114     foreignKey: {
 115       allowNull: false
 116     },
 117     onDelete: 'cascade'
 118   })
 119   User: UserModel
 120
 121   @ForeignKey(() => OAuthClientModel)
 122   @Column
 123   oAuthClientId: number
 124
 125   @BelongsTo(() => OAuthClientModel, {
 126     foreignKey: {
 127       allowNull: false
 128     },
 129     onDelete: 'cascade'
 130   })
 131   OAuthClients: OAuthClientModel[]
 132
 133   @AfterUpdate
 134   @AfterDestroy
 135   static removeTokenCache (token: OAuthTokenModel) {
 136     return TokensCache.Instance.clearCacheByToken(token.accessToken)
 137   }
 138
 139   static loadByRefreshToken (refreshToken: string) {
 140     const query = {
 141       where: { refreshToken }
 142     }
 143
 144     return OAuthTokenModel.findOne(query)
 145   }
 146
 147   static getByRefreshTokenAndPopulateClient (refreshToken: string) {
 148     const query = {
 149       where: {
 150         refreshToken
 151       },
 152       include: [ OAuthClientModel ]
 153     }
 154
 155     return OAuthTokenModel.scope(ScopeNames.WITH_USER)
 156                           .findOne(query)
 157                           .then(token => {
 158                             if (!token) return null
 159
 160                             return {
 161                               refreshToken: token.refreshToken,
 162                               refreshTokenExpiresAt: token.refreshTokenExpiresAt,
 163                               client: {
 164                                 id: token.oAuthClientId
 165                               },
 166                               user: token.User,
 167                               token
 168                             } as OAuthTokenInfo
 169                           })
 170                           .catch(err => {
 171                             logger.error('getRefreshToken error.', { err })
 172                             throw err
 173                           })
 174   }
 175
 176   static getByTokenAndPopulateUser (bearerToken: string): Promise<MOAuthTokenUser> {
 177     const query = {
 178       where: {
 179         accessToken: bearerToken
 180       }
 181     }
 182
 183     return OAuthTokenModel.scope(ScopeNames.WITH_USER)
 184                           .findOne(query)
 185                           .then(token => {
 186                             if (!token) return null
 187
 188                             return Object.assign(token, { user: token.User })
 189                           })
 190   }
 191
 192   static getByRefreshTokenAndPopulateUser (refreshToken: string): Promise<MOAuthTokenUser> {
 193     const query = {
 194       where: {
 195         refreshToken
 196       }
 197     }
 198
 199     return OAuthTokenModel.scope(ScopeNames.WITH_USER)
 200       .findOne(query)
 201       .then(token => {
 202         if (!token) return undefined
 203
 204         return Object.assign(token, { user: token.User })
 205       })
 206   }
 207
 208   static deleteUserToken (userId: number, t?: Transaction) {
 209     TokensCache.Instance.deleteUserToken(userId)
 210
 211     const query = {
 212       where: {
 213         userId
 214       },
 215       transaction: t
 216     }
 217
 218     return OAuthTokenModel.destroy(query)
 219   }
 220 }