Gergő Jedlicska
b84b24467d
* feat: make automate app registration optional based on the existence of the url config * docs: add back automate env var with docs * feat: app redirect url application side override * chore: cleanup
101 lines
3.2 KiB
JavaScript
101 lines
3.2 KiB
JavaScript
'use strict'
|
|
const knex = require('@/db/knex')
|
|
const Scopes = () => knex('scopes')
|
|
const Apps = () => knex('server_apps')
|
|
const AppScopes = () => knex('server_apps_scopes')
|
|
|
|
const { getApp } = require('@/modules/auth/services/apps')
|
|
const { difference } = require('lodash')
|
|
const { moduleLogger } = require('@/logging/logging')
|
|
const { getDefaultApps } = require('@/modules/auth/defaultApps')
|
|
|
|
let allScopes = []
|
|
|
|
module.exports = async () => {
|
|
allScopes = await Scopes().select('*')
|
|
|
|
// Note: shallow cloning of app objs so as to not interfere with the original objects.
|
|
await Promise.all(getDefaultApps().map((app) => registerOrUpdateApp({ ...app })))
|
|
}
|
|
|
|
async function registerOrUpdateApp(app) {
|
|
if (app.scopes && app.scopes === 'all') {
|
|
// let scopes = await Scopes( ).select( '*' )
|
|
// logger.debug( allScopes.length )
|
|
app.scopes = allScopes.map((s) => s.name)
|
|
}
|
|
|
|
const existingApp = await getApp({ id: app.id })
|
|
if (existingApp) {
|
|
updateDefaultApp(app, existingApp)
|
|
} else {
|
|
await registerDefaultApp(app)
|
|
}
|
|
}
|
|
|
|
async function registerDefaultApp(app) {
|
|
const scopes = app.scopes.map((s) => ({ appId: app.id, scopeName: s }))
|
|
delete app.scopes
|
|
await Apps().insert(app)
|
|
await AppScopes().insert(scopes)
|
|
}
|
|
|
|
async function updateDefaultApp(app, existingApp) {
|
|
const existingAppScopes = existingApp.scopes.map((s) => s.name)
|
|
|
|
const newScopes = difference(app.scopes, existingAppScopes)
|
|
const removedScopes = difference(existingAppScopes, app.scopes)
|
|
|
|
let affectedTokenIds = []
|
|
|
|
if (newScopes.length || removedScopes.length) {
|
|
moduleLogger.info(`🔑 Updating default app ${app.name}`)
|
|
affectedTokenIds = await knex('user_server_app_tokens')
|
|
.where({ appId: app.id })
|
|
.pluck('tokenId')
|
|
}
|
|
|
|
// the internal code block makes sure if an error occurred, the trx gets rolled back
|
|
await knex.transaction(async (trx) => {
|
|
// add new scopes to the app
|
|
if (newScopes.length)
|
|
await AppScopes()
|
|
.insert(newScopes.map((s) => ({ appId: app.id, scopeName: s })))
|
|
.transacting(trx)
|
|
|
|
// remove scopes from the app
|
|
if (removedScopes.length)
|
|
await AppScopes()
|
|
.where({ appId: app.id })
|
|
.whereIn('scopeName', removedScopes)
|
|
.delete()
|
|
.transacting(trx)
|
|
|
|
//update user tokens with scope changes
|
|
if (affectedTokenIds.length)
|
|
await Promise.all(
|
|
affectedTokenIds.map(async (tokenId) => {
|
|
if (newScopes.length)
|
|
await knex('token_scopes')
|
|
.insert(newScopes.map((s) => ({ tokenId, scopeName: s })))
|
|
.transacting(trx)
|
|
|
|
if (removedScopes.length)
|
|
await knex('token_scopes')
|
|
.where({ tokenId })
|
|
.whereIn('scopeName', removedScopes)
|
|
.delete()
|
|
.transacting(trx)
|
|
})
|
|
)
|
|
delete app.scopes
|
|
// not writing the redirect url to the DB anymore
|
|
// it will be patched on an application level from the default app definitions
|
|
delete app.redirectUrl
|
|
await Apps().where({ id: app.id }).update(app).transacting(trx)
|
|
})
|
|
}
|
|
|
|
// this is exported to be able to test the retention of permissions
|
|
module.exports.updateDefaultApp = updateDefaultApp
|