huanld/speckle-server
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
d2f2d7bcfdcba170661682f106f347a86f8607d1
speckle-server/packages/server/modules/automate/services/authCode.ts
T
Chuck Driesler d2f2d7bcfd feat(automate): allow function authors to regenerate function tokens (#5057) 
* feat(automate): expose function regeneration endpoint

* chore(automate): remember to call the function

* fix(automate): use correct auth code action

* fix(automate): token regenerate policy

* fix(automate): expose function regen token policy

* feat(automate): workspace automation settings tab

* feat(automate): function token regeneration dialog

* fix(automate): improve gql usage in vue components

* chore(authz): tests for automate function policies

* fix(automate): use paginated query

* fix(automate): resolve initial result
2025-07-17 11:24:58 +02:00

105 lines
3.2 KiB
TypeScript
Raw Blame History

import { automateLogger } from '@/observability/logging'
import { CreateStoredAuthCode } from '@/modules/automate/domain/operations'
import { AutomateAuthCodeHandshakeError } from '@/modules/automate/errors/management'
import { EventBus } from '@/modules/shared/services/eventBus'
import cryptoRandomString from 'crypto-random-string'
import Redis from 'ioredis'
import { get, has, isObjectLike } from 'lodash-es'
import { Logger } from 'pino'
import { WorkspaceEvents } from '@/modules/workspacesCore/domain/events'
export enum AuthCodePayloadAction {
CreateAutomation = 'createAutomation',
CreateFunction = 'createFunction',
ListWorkspaceFunctions = 'listWorkspaceFunctions',
ListUserFunctions = 'listUserFunctions',
BecomeFunctionAuthor = 'becomeFunctionAuthor',
GetAvailableGithubOrganizations = 'getAvailableGithubOrganizations',
GenerateFunctionToken = 'generateFunctionToken',
UpdateFunction = 'updateFunction'
}
export type AuthCodePayload = {
code: string
userId: string
action: AuthCodePayloadAction
}
const isPayload = (payload: unknown): payload is AuthCodePayload =>
!!(
payload &&
isObjectLike(payload) &&
has(payload, 'code') &&
has(payload, 'userId') &&
has(payload, 'action') &&
Object.values(AuthCodePayloadAction).includes(get(payload, 'action'))
)
export const createStoredAuthCodeFactory =
(deps: { redis: Redis }): CreateStoredAuthCode =>
async (params: Omit<AuthCodePayload, 'code'>) => {
const { redis } = deps
const payload: AuthCodePayload = {
...params,
code: cryptoRandomString({ length: 20 })
}
await redis.set(payload.code, JSON.stringify(payload), 'EX', 60 * 5)
return payload
}
export const validateStoredAuthCodeFactory =
(deps: { redis: Redis; logger: Logger; emit: EventBus['emit'] }) =>
async (params: {
payload: AuthCodePayload
resources?: {
workspaceId?: string
}
}) => {
const { redis, logger, emit } = deps
const { payload, resources } = params
const potentialPayloadString = await redis.get(payload.code)
const potentialPayload: unknown = potentialPayloadString
? JSON.parse(potentialPayloadString)
: null
const formattedPayload = isPayload(potentialPayload) ? potentialPayload : null
logger.info(
{
payloadString: potentialPayloadString,
payload: {
...formattedPayload,
code: null
}
},
'Validating execution engine request with provided auth payload.'
)
if (
!formattedPayload ||
formattedPayload.code !== payload.code ||
formattedPayload.userId !== payload.userId ||
formattedPayload.action !== payload.action
) {
throw new AutomateAuthCodeHandshakeError('Invalid automate auth payload')
}
// Token is valid, confirm user is authorized to access specified resources.
if (resources?.workspaceId) {
await emit({
eventName: WorkspaceEvents.Authorizing,
payload: { userId: payload.userId, workspaceId: resources?.workspaceId }
})
}
try {
await redis.del(payload.code)
} catch (e) {
automateLogger.error(e, 'Auth code deletion unexpectedly failed')
}
return true
}
Reference in New Issue View Git Blame Copy Permalink