PeerTube/server/models/oauth/oauth-token.ts

import {
  AfterDestroy,
  AfterUpdate,
  AllowNull,
  BelongsTo,
  Column,
  CreatedAt,
  ForeignKey,
  Model,
  Scopes,
  Table,
  UpdatedAt
} from 'sequelize-typescript'
import { logger } from '../../helpers/logger'
import { UserModel } from '../account/user'
import { OAuthClientModel } from './oauth-client'
import { Transaction } from 'sequelize'
import { AccountModel } from '../account/account'
import { ActorModel } from '../activitypub/actor'
import { clearCacheByToken } from '../../lib/oauth-model'
import * as Bluebird from 'bluebird'
import { MOAuthTokenUser } from '@server/types/models/oauth/oauth-token'

export type OAuthTokenInfo = {
  refreshToken: string
  refreshTokenExpiresAt: Date
  client: {
    id: number
  }
  user: {
    id: number
  }
  token: MOAuthTokenUser
}

enum ScopeNames {
  WITH_USER = 'WITH_USER'
}

@Scopes(() => ({
  [ScopeNames.WITH_USER]: {
    include: [
      {
        model: UserModel.unscoped(),
        required: true,
        include: [
          {
            attributes: [ 'id' ],
            model: AccountModel.unscoped(),
            required: true,
            include: [
              {
                attributes: [ 'id', 'url' ],
                model: ActorModel.unscoped(),
                required: true
              }
            ]
          }
        ]
      }
    ]
  }
}))
@Table({
  tableName: 'oAuthToken',
  indexes: [
    {
      fields: [ 'refreshToken' ],
      unique: true
    },
    {
      fields: [ 'accessToken' ],
      unique: true
    },
    {
      fields: [ 'userId' ]
    },
    {
      fields: [ 'oAuthClientId' ]
    }
  ]
})
export class OAuthTokenModel extends Model<OAuthTokenModel> {

  @AllowNull(false)
  @Column
  accessToken: string

  @AllowNull(false)
  @Column
  accessTokenExpiresAt: Date

  @AllowNull(false)
  @Column
  refreshToken: string

  @AllowNull(false)
  @Column
  refreshTokenExpiresAt: Date

  @Column
  authName: string

  @CreatedAt
  createdAt: Date

  @UpdatedAt
  updatedAt: Date

  @ForeignKey(() => UserModel)
  @Column
  userId: number

  @BelongsTo(() => UserModel, {
    foreignKey: {
      allowNull: false
    },
    onDelete: 'cascade'
  })
  User: UserModel

  @ForeignKey(() => OAuthClientModel)
  @Column
  oAuthClientId: number

  @BelongsTo(() => OAuthClientModel, {
    foreignKey: {
      allowNull: false
    },
    onDelete: 'cascade'
  })
  OAuthClients: OAuthClientModel[]

  @AfterUpdate
  @AfterDestroy
  static removeTokenCache (token: OAuthTokenModel) {
    return clearCacheByToken(token.accessToken)
  }

  static loadByRefreshToken (refreshToken: string) {
    const query = {
      where: { refreshToken }
    }

    return OAuthTokenModel.findOne(query)
  }

  static getByRefreshTokenAndPopulateClient (refreshToken: string) {
    const query = {
      where: {
        refreshToken
      },
      include: [ OAuthClientModel ]
    }

    return OAuthTokenModel.scope(ScopeNames.WITH_USER)
                          .findOne(query)
                          .then(token => {
                            if (!token) return null

                            return {
                              refreshToken: token.refreshToken,
                              refreshTokenExpiresAt: token.refreshTokenExpiresAt,
                              client: {
                                id: token.oAuthClientId
                              },
                              user: token.User,
                              token
                            } as OAuthTokenInfo
                          })
                          .catch(err => {
                            logger.error('getRefreshToken error.', { err })
                            throw err
                          })
  }

  static getByTokenAndPopulateUser (bearerToken: string): Bluebird<MOAuthTokenUser> {
    const query = {
      where: {
        accessToken: bearerToken
      }
    }

    return OAuthTokenModel.scope(ScopeNames.WITH_USER)
                          .findOne(query)
                          .then(token => {
                            if (!token) return null

                            return Object.assign(token, { user: token.User })
                          })
  }

  static getByRefreshTokenAndPopulateUser (refreshToken: string): Bluebird<MOAuthTokenUser> {
    const query = {
      where: {
        refreshToken
      }
    }

    return OAuthTokenModel.scope(ScopeNames.WITH_USER)
      .findOne(query)
      .then(token => {
        if (!token) return undefined

        return Object.assign(token, { user: token.User })
      })
  }

  static deleteUserToken (userId: number, t?: Transaction) {
    const query = {
      where: {
        userId
      },
      transaction: t
    }

    return OAuthTokenModel.destroy(query)
  }
}
Cache user token 2018-09-20 11:31:48 +02:00			`import {`
Cleanup tests imports 2018-11-19 17:08:18 +01:00			`AfterDestroy,`
Cache user token 2018-09-20 11:31:48 +02:00			`AfterUpdate,`
			`AllowNull,`
			`BelongsTo,`
			`Column,`
			`CreatedAt,`
			`ForeignKey,`
			`Model,`
			`Scopes,`
			`Table,`
			`UpdatedAt`
			`} from 'sequelize-typescript'`
Propagate old comment on new follow 2017-12-28 11:16:08 +01:00			`import { logger } from '../../helpers/logger'`
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`import { UserModel } from '../account/user'`
			`import { OAuthClientModel } from './oauth-client'`
Implement user blocking on server side 2018-08-08 14:58:21 +02:00			`import { Transaction } from 'sequelize'`
Limit associations fetch when loading token 2018-09-20 10:13:13 +02:00			`import { AccountModel } from '../account/account'`
			`import { ActorModel } from '../activitypub/actor'`
Cache user token 2018-09-20 11:31:48 +02:00			`import { clearCacheByToken } from '../../lib/oauth-model'`
Stronger model typings 2019-08-15 11:53:26 +02:00			`import * as Bluebird from 'bluebird'`
Split types and typings 2020-06-18 10:45:25 +02:00			`import { MOAuthTokenUser } from '@server/types/models/oauth/oauth-token'`
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00
			`export type OAuthTokenInfo = {`
			`refreshToken: string`
Move to eslint 2020-01-31 16:56:52 +01:00			`refreshTokenExpiresAt: Date`
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`client: {`
			`id: number`
Move to eslint 2020-01-31 16:56:52 +01:00			`}`
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`user: {`
			`id: number`
			`}`
Add ability for auth plugins to hook tokens validity 2020-04-24 11:33:01 +02:00			`token: MOAuthTokenUser`
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`}`
Server: implement refresh token 2016-07-20 16:23:58 +02:00
Use sequelize scopes 2017-12-14 10:07:57 +01:00			`enum ScopeNames {`
Limit associations fetch when loading token 2018-09-20 10:13:13 +02:00			`WITH_USER = 'WITH_USER'`
Use sequelize scopes 2017-12-14 10:07:57 +01:00			`}`

Upgrade sequelize 2019-04-23 09:50:57 +02:00			`@Scopes(() => ({`
Limit associations fetch when loading token 2018-09-20 10:13:13 +02:00			`[ScopeNames.WITH_USER]: {`
Use sequelize scopes 2017-12-14 10:07:57 +01:00			`include: [`
			`{`
Upgrade sequelize 2019-04-23 09:50:57 +02:00			`model: UserModel.unscoped(),`
Limit associations fetch when loading token 2018-09-20 10:13:13 +02:00			`required: true,`
Use sequelize scopes 2017-12-14 10:07:57 +01:00			`include: [`
			`{`
Limit associations fetch when loading token 2018-09-20 10:13:13 +02:00			`attributes: [ 'id' ],`
Upgrade sequelize 2019-04-23 09:50:57 +02:00			`model: AccountModel.unscoped(),`
Limit associations fetch when loading token 2018-09-20 10:13:13 +02:00			`required: true,`
			`include: [`
			`{`
Check activities host 2018-11-14 15:01:28 +01:00			`attributes: [ 'id', 'url' ],`
Upgrade sequelize 2019-04-23 09:50:57 +02:00			`model: ActorModel.unscoped(),`
Limit associations fetch when loading token 2018-09-20 10:13:13 +02:00			`required: true`
			`}`
			`]`
Use sequelize scopes 2017-12-14 10:07:57 +01:00			`}`
			`]`
			`}`
Upgrade sequelize 2019-04-23 09:50:57 +02:00			`]`
Use sequelize scopes 2017-12-14 10:07:57 +01:00			`}`
Upgrade sequelize 2019-04-23 09:50:57 +02:00			`}))`
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`@Table({`
			`tableName: 'oAuthToken',`
			`indexes: [`
First version with PostgreSQL 2016-12-11 21:50:51 +01:00			`{`
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`fields: [ 'refreshToken' ],`
			`unique: true`
First version with PostgreSQL 2016-12-11 21:50:51 +01:00			`},`
			`{`
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`fields: [ 'accessToken' ],`
			`unique: true`
			`},`
			`{`
			`fields: [ 'userId' ]`
			`},`
			`{`
			`fields: [ 'oAuthClientId' ]`
First version with PostgreSQL 2016-12-11 21:50:51 +01:00			`}`
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`]`
			`})`
			`export class OAuthTokenModel extends Model<OAuthTokenModel> {`
First version with PostgreSQL 2016-12-11 21:50:51 +01:00
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`@AllowNull(false)`
			`@Column`
			`accessToken: string`
Type models 2017-05-22 20:58:25 +02:00
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`@AllowNull(false)`
			`@Column`
			`accessTokenExpiresAt: Date`
Type models 2017-05-22 20:58:25 +02:00
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`@AllowNull(false)`
			`@Column`
			`refreshToken: string`
OAuth/User models refractoring -> use mongoose api 2016-07-01 16:03:53 +02:00
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`@AllowNull(false)`
			`@Column`
			`refreshTokenExpiresAt: Date`
OAuth/User models refractoring -> use mongoose api 2016-07-01 16:03:53 +02:00
Support logout and add id and pass tests 2020-04-23 11:36:50 +02:00			`@Column`
			`authName: string`

Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`@CreatedAt`
			`createdAt: Date`

			`@UpdatedAt`
			`updatedAt: Date`

			`@ForeignKey(() => UserModel)`
			`@Column`
			`userId: number`

			`@BelongsTo(() => UserModel, {`
First version with PostgreSQL 2016-12-11 21:50:51 +01:00			`foreignKey: {`
			`allowNull: false`
			`},`
			`onDelete: 'cascade'`
			`})`
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`User: UserModel`
Server: Add postgresql indexes 2016-12-29 09:33:28 +01:00
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`@ForeignKey(() => OAuthClientModel)`
			`@Column`
			`oAuthClientId: number`

			`@BelongsTo(() => OAuthClientModel, {`
Server: Add postgresql indexes 2016-12-29 09:33:28 +01:00			`foreignKey: {`
			`allowNull: false`
			`},`
			`onDelete: 'cascade'`
			`})`
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`OAuthClients: OAuthClientModel[]`
First version with PostgreSQL 2016-12-11 21:50:51 +01:00
Cache user token 2018-09-20 11:31:48 +02:00			`@AfterUpdate`
Cleanup tests imports 2018-11-19 17:08:18 +01:00			`@AfterDestroy`
Cache user token 2018-09-20 11:31:48 +02:00			`static removeTokenCache (token: OAuthTokenModel) {`
			`return clearCacheByToken(token.accessToken)`
			`}`

Add ability for auth plugins to hook tokens validity 2020-04-24 11:33:01 +02:00			`static loadByRefreshToken (refreshToken: string) {`
			`const query = {`
			`where: { refreshToken }`
			`}`

			`return OAuthTokenModel.findOne(query)`
			`}`

Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`static getByRefreshTokenAndPopulateClient (refreshToken: string) {`
			`const query = {`
			`where: {`
Add ability for auth plugins to hook tokens validity 2020-04-24 11:33:01 +02:00			`refreshToken`
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`},`
			`include: [ OAuthClientModel ]`
			`}`

Add ability for auth plugins to hook tokens validity 2020-04-24 11:33:01 +02:00			`return OAuthTokenModel.scope(ScopeNames.WITH_USER)`
			`.findOne(query)`
			`.then(token => {`
			`if (!token) return null`

			`return {`
			`refreshToken: token.refreshToken,`
			`refreshTokenExpiresAt: token.refreshTokenExpiresAt,`
			`client: {`
			`id: token.oAuthClientId`
			`},`
Fix refresh token 2020-05-07 16:36:04 +02:00			`user: token.User,`
Add ability for auth plugins to hook tokens validity 2020-04-24 11:33:01 +02:00			`token`
			`} as OAuthTokenInfo`
			`})`
			`.catch(err => {`
			`logger.error('getRefreshToken error.', { err })`
			`throw err`
			`})`
First version with PostgreSQL 2016-12-11 21:50:51 +01:00			`}`

Stronger model typings 2019-08-15 11:53:26 +02:00			`static getByTokenAndPopulateUser (bearerToken: string): Bluebird<MOAuthTokenUser> {`
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`const query = {`
			`where: {`
			`accessToken: bearerToken`
Use sequelize scopes 2017-12-14 10:07:57 +01:00			`}`
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`}`
Server: implement refresh token 2016-07-20 16:23:58 +02:00
Upgrade sequelize 2019-04-23 09:50:57 +02:00			`return OAuthTokenModel.scope(ScopeNames.WITH_USER)`
			`.findOne(query)`
			`.then(token => {`
Stronger model typings 2019-08-15 11:53:26 +02:00			`if (!token) return null`
OAuth/User models refractoring -> use mongoose api 2016-07-01 16:03:53 +02:00
Stronger model typings 2019-08-15 11:53:26 +02:00			`return Object.assign(token, { user: token.User })`
Upgrade sequelize 2019-04-23 09:50:57 +02:00			`})`
First version with PostgreSQL 2016-12-11 21:50:51 +01:00			`}`

Stronger model typings 2019-08-15 11:53:26 +02:00			`static getByRefreshTokenAndPopulateUser (refreshToken: string): Bluebird<MOAuthTokenUser> {`
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`const query = {`
			`where: {`
Add ability for auth plugins to hook tokens validity 2020-04-24 11:33:01 +02:00			`refreshToken`
Use sequelize scopes 2017-12-14 10:07:57 +01:00			`}`
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`}`
First version with PostgreSQL 2016-12-11 21:50:51 +01:00
Limit associations fetch when loading token 2018-09-20 10:13:13 +02:00			`return OAuthTokenModel.scope(ScopeNames.WITH_USER)`
Use sequelize scopes 2017-12-14 10:07:57 +01:00			`.findOne(query)`
			`.then(token => {`
Add ability for auth plugins to hook tokens validity 2020-04-24 11:33:01 +02:00			`if (!token) return undefined`
Stronger model typings 2019-08-15 11:53:26 +02:00
			`return Object.assign(token, { user: token.User })`
Use sequelize scopes 2017-12-14 10:07:57 +01:00			`})`
First version with PostgreSQL 2016-12-11 21:50:51 +01:00			`}`
Destroy user token when changing its role 2018-01-23 09:15:36 +01:00
Implement user blocking on server side 2018-08-08 14:58:21 +02:00			`static deleteUserToken (userId: number, t?: Transaction) {`
Destroy user token when changing its role 2018-01-23 09:15:36 +01:00			`const query = {`
			`where: {`
			`userId`
Implement user blocking on server side 2018-08-08 14:58:21 +02:00			`},`
			`transaction: t`
Destroy user token when changing its role 2018-01-23 09:15:36 +01:00			`}`

			`return OAuthTokenModel.destroy(query)`
			`}`
Server: implement refresh token 2016-07-20 16:23:58 +02:00			`}`