opensource-management-portal/routes/settings/personalAccessTokens.ts

//
// Copyright (c) Microsoft.
// Licensed under the MIT license. See LICENSE file in the project root for full license information.
//

import { NextFunction, Response, Router } from 'express';
import asyncHandler from 'express-async-handler';
const router: Router = Router();

import { getProviders } from '../../lib/transitional';
import { PersonalAccessToken } from '../../business/entities/token/token';
import { ReposAppRequest } from '../../interfaces';

type ResponseWithNewKey = Response & {
  newKey: string;
};

interface IPersonalAccessTokenForDisplay {
  active: boolean;
  expired: boolean;
  expires: string;
  identifier: string;
  description: string;
  apis: string[];
  tokenEntity: PersonalAccessToken;
}

export interface IRequestForSettingsPersonalAccessTokens extends ReposAppRequest {
  personalAccessTokens?: IPersonalAccessTokenForDisplay[];
}

const serviceName = 'repos-pat';
const tokenExpirationMs = 1000 * 60 * 60 * 24 * 365; // 365 days

function translateTableToEntities(
  personalAccessTokens: PersonalAccessToken[]
): IPersonalAccessTokenForDisplay[] {
  return personalAccessTokens.map((pat) => {
    // So that we do not share the hashed key with the user, we
    // build a hash of that and the timestamp to offer a single-version
    // tag to use for delete operations, etc.
    const displayToken: IPersonalAccessTokenForDisplay = {
      active: pat.active,
      expired: pat.isExpired(),
      expires: pat.expires ? pat.expires.toDateString() : null,
      description: pat.description,
      apis: pat.scopes ? pat.scopes.split(',') : [],
      identifier: pat.getIdentifier(),
      tokenEntity: pat,
    };
    return displayToken;
  });
}

function getPersonalAccessTokens(req: ReposAppRequest, res: Response, next: NextFunction) {
  const providers = getProviders(req);
  const tokenProvider = providers.tokenProvider;
  const corporateId = req.individualContext.corporateIdentity.id;
  tokenProvider
    .queryTokensForCorporateId(corporateId)
    .then((tokens) => {
      req['personalAccessTokens'] = translateTableToEntities(tokens);
      return next();
    })
    .catch((error) => {
      return next(error);
    });
}

function view(req: IRequestForSettingsPersonalAccessTokens, res) {
  const personalAccessTokens = req.personalAccessTokens;
  req.individualContext.webContext.render({
    view: 'settings/personalAccessTokens',
    title: 'Personal access tokens',
    state: {
      personalAccessTokens,
      newKey: res.newKey,
      isPreviewUser: true, //req.isPreviewUser,
    },
  });
}

router.use(getPersonalAccessTokens);

router.get('/', view);

function createToken(req: ReposAppRequest, res: ResponseWithNewKey, next: NextFunction) {
  const providers = getProviders(req);
  const tokenProvider = providers.tokenProvider;
  const insights = req.insights;
  const description = req.body.description;
  if (!description) {
    return next(new Error('A description is required to create a new Personal Access Token'));
  }
  const corporateId = req.individualContext.corporateIdentity.id;
  const token = PersonalAccessToken.CreateNewToken();
  token.corporateId = corporateId;
  token.description = description;
  const now = new Date();
  token.expires = new Date(now.getTime() + tokenExpirationMs);
  token.source = serviceName;
  token.scopes = 'extension,links';
  insights.trackEvent({
    name: 'ReposCreateTokenStart',
    properties: {
      id: corporateId,
      description: description,
    },
  });
  tokenProvider
    .saveNewToken(token)
    .then((ok) => {
      insights.trackEvent({
        name: 'ReposCreateTokenFinish',
        properties: {
          id: corporateId,
          description: description,
        },
      });
      const newKey = token.getPrivateKey();
      getPersonalAccessTokens(req, res, () => {
        res.newKey = newKey;
        return view(req, res);
      });
    })
    .catch((insertError) => {
      insights.trackEvent({
        name: 'ReposCreateTokenFailure',
        properties: {
          id: corporateId,
          description: description,
        },
      });
      return next(insertError);
    });
}

router.post('/create', createToken);
router.post('/extension', createToken);

router.post(
  '/delete',
  asyncHandler(async (req: IRequestForSettingsPersonalAccessTokens, res: Response, next: NextFunction) => {
    const providers = getProviders(req);
    const tokenProvider = providers.tokenProvider;
    const revokeAll = req.body.revokeAll === '1';
    const revokeIdentifier = req.body.revoke;
    const personalAccessTokens = req.personalAccessTokens;
    for (const pat of personalAccessTokens) {
      const token = pat.tokenEntity;
      if (revokeAll || pat.identifier === revokeIdentifier) {
        token.active = false;
        await tokenProvider.updateToken(token);
      }
    }
    return res.redirect('/settings/security/tokens');
  })
);

export default router;
Route refresh 2018-05-02 20:40:50 +03:00			`//`
Code refresh to support GitHub Apps - Enables GitHub App-based server-to-server communication - Enables dynamic (database-backed) organization setting configuration - QueryCache system, when paired with a Postgres database and GitHub App webhooks keeps teams, repo lists, etc. up-to-date more efficiently than the older GitHub REST API-based method - Various bug fixes 2019-10-03 04:41:16 +03:00			`// Copyright (c) Microsoft.`
Route refresh 2018-05-02 20:40:50 +03:00			`// Licensed under the MIT license. See LICENSE file in the project root for full license information.`
			`//`

Type updates 2023-06-12 03:42:22 +03:00			`import { NextFunction, Response, Router } from 'express';`
Updating dependencies, refactoring entity providers, removing 'async' Features - Team pages now encourage native GitHub.com use for management - Adding vote capabilities for FOSS Fund (a specialized feature only) Bug fixes - Fix for GitHub REST API request endpoints using `requestAsPost` Chores - Removing async library - Cleaner throttle use through a newer `throat` library version and removing confusing typings - Removes dead code - Entity metadata providers are moving to a decoupled query and type system vs declarative shared enum sets - Firehose code is now using await/async and staggers logical threads evenly - Newer versions of all core dependencies - More routes imported as modules instead of through `require` 2020-04-19 23:52:36 +03:00			`import asyncHandler from 'express-async-handler';`
Destructed express import 2021-04-27 23:58:45 +03:00			`const router: Router = Router();`
Entity metadata provider refactoring - Entities (links, join requests, repo metadata) refactored - Entities can be stored in Postgres, Azure Table, or memory - Introduces a quickstart memory provider mode - Evolution of more classes and methods to ES6, await/async, TypeScript typings - Updates of package versions 2019-08-07 02:53:50 +03:00
Moving files 2024-01-03 22:44:13 +03:00			`import { getProviders } from '../../lib/transitional';`
			`import { PersonalAccessToken } from '../../business/entities/token/token';`
Interface and Test refactor Removing explicit casts from req.app.settings.providers and using a function. Switching from Mocha (which was mostly unused) to Jest. Moving around type definitions and interfaces in a big way to try and cleanup some legacy. 2021-04-10 02:36:15 +03:00			`import { ReposAppRequest } from '../../interfaces';`
Entity metadata provider refactoring - Entities (links, join requests, repo metadata) refactored - Entities can be stored in Postgres, Azure Table, or memory - Introduces a quickstart memory provider mode - Evolution of more classes and methods to ES6, await/async, TypeScript typings - Updates of package versions 2019-08-07 02:53:50 +03:00
Type updates 2023-06-12 03:42:22 +03:00			`type ResponseWithNewKey = Response & {`
			`newKey: string;`
			`};`

Entity metadata provider refactoring - Entities (links, join requests, repo metadata) refactored - Entities can be stored in Postgres, Azure Table, or memory - Introduces a quickstart memory provider mode - Evolution of more classes and methods to ES6, await/async, TypeScript typings - Updates of package versions 2019-08-07 02:53:50 +03:00			`interface IPersonalAccessTokenForDisplay {`
			`active: boolean;`
			`expired: boolean;`
			`expires: string;`
			`identifier: string;`
			`description: string;`
			`apis: string[];`
			`tokenEntity: PersonalAccessToken;`
			`}`

Prettier linting, README update (#399) 2022-10-08 01:25:28 +03:00			`export interface IRequestForSettingsPersonalAccessTokens extends ReposAppRequest {`
Entity metadata provider refactoring - Entities (links, join requests, repo metadata) refactored - Entities can be stored in Postgres, Azure Table, or memory - Introduces a quickstart memory provider mode - Evolution of more classes and methods to ES6, await/async, TypeScript typings - Updates of package versions 2019-08-07 02:53:50 +03:00			`personalAccessTokens?: IPersonalAccessTokenForDisplay[];`
			`}`
Route refresh 2018-05-02 20:40:50 +03:00
			`const serviceName = 'repos-pat';`
Entity metadata provider refactoring - Entities (links, join requests, repo metadata) refactored - Entities can be stored in Postgres, Azure Table, or memory - Introduces a quickstart memory provider mode - Evolution of more classes and methods to ES6, await/async, TypeScript typings - Updates of package versions 2019-08-07 02:53:50 +03:00			`const tokenExpirationMs = 1000 * 60 * 60 * 24 * 365; // 365 days`

Prettier / consistency 2022-10-07 09:59:30 +03:00			`function translateTableToEntities(`
			`personalAccessTokens: PersonalAccessToken[]`
			`): IPersonalAccessTokenForDisplay[] {`
			`return personalAccessTokens.map((pat) => {`
Entity metadata provider refactoring - Entities (links, join requests, repo metadata) refactored - Entities can be stored in Postgres, Azure Table, or memory - Introduces a quickstart memory provider mode - Evolution of more classes and methods to ES6, await/async, TypeScript typings - Updates of package versions 2019-08-07 02:53:50 +03:00			`// So that we do not share the hashed key with the user, we`
			`// build a hash of that and the timestamp to offer a single-version`
			`// tag to use for delete operations, etc.`
			`const displayToken: IPersonalAccessTokenForDisplay = {`
			`active: pat.active,`
			`expired: pat.isExpired(),`
			`expires: pat.expires ? pat.expires.toDateString() : null,`
			`description: pat.description,`
			`apis: pat.scopes ? pat.scopes.split(',') : [],`
			`identifier: pat.getIdentifier(),`
			`tokenEntity: pat,`
			`};`
			`return displayToken;`
			`});`
Route refresh 2018-05-02 20:40:50 +03:00			`}`

Type updates 2023-06-12 03:42:22 +03:00			`function getPersonalAccessTokens(req: ReposAppRequest, res: Response, next: NextFunction) {`
Refactor provider instance get For improved type safety, this uses a function to return the IProviders instance from the Express app, replacing all instances of using req.app.settings.providers as IProviders, etc. This may also make everything slightly more testable, eventually. 2021-03-19 19:20:39 +03:00			`const providers = getProviders(req);`
Entity metadata provider refactoring - Entities (links, join requests, repo metadata) refactored - Entities can be stored in Postgres, Azure Table, or memory - Introduces a quickstart memory provider mode - Evolution of more classes and methods to ES6, await/async, TypeScript typings - Updates of package versions 2019-08-07 02:53:50 +03:00			`const tokenProvider = providers.tokenProvider;`
			`const corporateId = req.individualContext.corporateIdentity.id;`
Prettier / consistency 2022-10-07 09:59:30 +03:00			`tokenProvider`
			`.queryTokensForCorporateId(corporateId)`
			`.then((tokens) => {`
			`req['personalAccessTokens'] = translateTableToEntities(tokens);`
			`return next();`
			`})`
			`.catch((error) => {`
			`return next(error);`
			`});`
Route refresh 2018-05-02 20:40:50 +03:00			`}`

Entity metadata provider refactoring - Entities (links, join requests, repo metadata) refactored - Entities can be stored in Postgres, Azure Table, or memory - Introduces a quickstart memory provider mode - Evolution of more classes and methods to ES6, await/async, TypeScript typings - Updates of package versions 2019-08-07 02:53:50 +03:00			`function view(req: IRequestForSettingsPersonalAccessTokens, res) {`
Route refresh 2018-05-02 20:40:50 +03:00			`const personalAccessTokens = req.personalAccessTokens;`
TypeScript implementation Major updates to the application, including some minor breaking changes. The public updates (that make it less Microsoft-specific) are still in development; this represents trying to get it ready for updates. 2019-04-06 00:45:34 +03:00			`req.individualContext.webContext.render({`
			`view: 'settings/personalAccessTokens',`
			`title: 'Personal access tokens',`
			`state: {`
Entity metadata provider refactoring - Entities (links, join requests, repo metadata) refactored - Entities can be stored in Postgres, Azure Table, or memory - Introduces a quickstart memory provider mode - Evolution of more classes and methods to ES6, await/async, TypeScript typings - Updates of package versions 2019-08-07 02:53:50 +03:00			`personalAccessTokens,`
TypeScript implementation Major updates to the application, including some minor breaking changes. The public updates (that make it less Microsoft-specific) are still in development; this represents trying to get it ready for updates. 2019-04-06 00:45:34 +03:00			`newKey: res.newKey,`
			`isPreviewUser: true, //req.isPreviewUser,`
			`},`
Route refresh 2018-05-02 20:40:50 +03:00			`});`
			`}`

			`router.use(getPersonalAccessTokens);`

			`router.get('/', view);`

Type updates 2023-06-12 03:42:22 +03:00			`function createToken(req: ReposAppRequest, res: ResponseWithNewKey, next: NextFunction) {`
Refactor provider instance get For improved type safety, this uses a function to return the IProviders instance from the Express app, replacing all instances of using req.app.settings.providers as IProviders, etc. This may also make everything slightly more testable, eventually. 2021-03-19 19:20:39 +03:00			`const providers = getProviders(req);`
Entity metadata provider refactoring - Entities (links, join requests, repo metadata) refactored - Entities can be stored in Postgres, Azure Table, or memory - Introduces a quickstart memory provider mode - Evolution of more classes and methods to ES6, await/async, TypeScript typings - Updates of package versions 2019-08-07 02:53:50 +03:00			`const tokenProvider = providers.tokenProvider;`
Route refresh 2018-05-02 20:40:50 +03:00			`const insights = req.insights;`
			`const description = req.body.description;`
			`if (!description) {`
Prettier linting, README update (#399) 2022-10-08 01:25:28 +03:00			`return next(new Error('A description is required to create a new Personal Access Token'));`
Route refresh 2018-05-02 20:40:50 +03:00			`}`
Entity metadata provider refactoring - Entities (links, join requests, repo metadata) refactored - Entities can be stored in Postgres, Azure Table, or memory - Introduces a quickstart memory provider mode - Evolution of more classes and methods to ES6, await/async, TypeScript typings - Updates of package versions 2019-08-07 02:53:50 +03:00			`const corporateId = req.individualContext.corporateIdentity.id;`
			`const token = PersonalAccessToken.CreateNewToken();`
			`token.corporateId = corporateId;`
			`token.description = description;`
Route refresh 2018-05-02 20:40:50 +03:00			`const now = new Date();`
Entity metadata provider refactoring - Entities (links, join requests, repo metadata) refactored - Entities can be stored in Postgres, Azure Table, or memory - Introduces a quickstart memory provider mode - Evolution of more classes and methods to ES6, await/async, TypeScript typings - Updates of package versions 2019-08-07 02:53:50 +03:00			`token.expires = new Date(now.getTime() + tokenExpirationMs);`
			`token.source = serviceName;`
			`token.scopes = 'extension,links';`
Route refresh 2018-05-02 20:40:50 +03:00			`insights.trackEvent({`
			`name: 'ReposCreateTokenStart',`
			`properties: {`
Entity metadata provider refactoring - Entities (links, join requests, repo metadata) refactored - Entities can be stored in Postgres, Azure Table, or memory - Introduces a quickstart memory provider mode - Evolution of more classes and methods to ES6, await/async, TypeScript typings - Updates of package versions 2019-08-07 02:53:50 +03:00			`id: corporateId,`
Route refresh 2018-05-02 20:40:50 +03:00			`description: description,`
			`},`
			`});`
Prettier / consistency 2022-10-07 09:59:30 +03:00			`tokenProvider`
			`.saveNewToken(token)`
			`.then((ok) => {`
			`insights.trackEvent({`
			`name: 'ReposCreateTokenFinish',`
			`properties: {`
			`id: corporateId,`
			`description: description,`
			`},`
			`});`
			`const newKey = token.getPrivateKey();`
			`getPersonalAccessTokens(req, res, () => {`
			`res.newKey = newKey;`
			`return view(req, res);`
			`});`
			`})`
			`.catch((insertError) => {`
			`insights.trackEvent({`
			`name: 'ReposCreateTokenFailure',`
			`properties: {`
			`id: corporateId,`
			`description: description,`
			`},`
			`});`
			`return next(insertError);`
Integrating stylistic community pull request saves 2021-10-08 01:23:50 +03:00			`});`
Route refresh 2018-05-02 20:40:50 +03:00			`}`

TypeScript implementation Major updates to the application, including some minor breaking changes. The public updates (that make it less Microsoft-specific) are still in development; this represents trying to get it ready for updates. 2019-04-06 00:45:34 +03:00			`router.post('/create', createToken);`
			`router.post('/extension', createToken);`
Route refresh 2018-05-02 20:40:50 +03:00
Prettier / consistency 2022-10-07 09:59:30 +03:00			`router.post(`
			`'/delete',`
Type updates 2023-06-12 03:42:22 +03:00			`asyncHandler(async (req: IRequestForSettingsPersonalAccessTokens, res: Response, next: NextFunction) => {`
Prettier linting, README update (#399) 2022-10-08 01:25:28 +03:00			`const providers = getProviders(req);`
			`const tokenProvider = providers.tokenProvider;`
			`const revokeAll = req.body.revokeAll === '1';`
			`const revokeIdentifier = req.body.revoke;`
			`const personalAccessTokens = req.personalAccessTokens;`
			`for (const pat of personalAccessTokens) {`
			`const token = pat.tokenEntity;`
			`if (revokeAll \|\| pat.identifier === revokeIdentifier) {`
			`token.active = false;`
			`await tokenProvider.updateToken(token);`
Prettier / consistency 2022-10-07 09:59:30 +03:00			`}`
Route refresh 2018-05-02 20:40:50 +03:00			`}`
Prettier linting, README update (#399) 2022-10-08 01:25:28 +03:00			`return res.redirect('/settings/security/tokens');`
			`})`
Prettier / consistency 2022-10-07 09:59:30 +03:00			`);`
Route refresh 2018-05-02 20:40:50 +03:00
Chore: cleaning up TS files - remove 'use strict' from TS files (implicit) - converting more exports to modern export defaults - connecting to support for corporate "profile" apps to remove corp-specific work - fixes a small bug in the cache provider for Cosmos 2020-07-29 02:24:21 +03:00			`export default router;`