From b53b5cf91f073a30736fe941ded9d63a1816423f Mon Sep 17 00:00:00 2001 From: Nicolai Ort Date: Tue, 29 Dec 2020 21:00:43 +0100 Subject: [PATCH] Update: keys cant be updated (for security reasons) ref #56 --- src/controllers/StatsClientController.ts | 32 ++++----------------- src/models/actions/CreateStatsClient.ts | 12 +------- src/models/entities/StatsClient.ts | 10 +------ src/models/responses/ResponseStatsClient.ts | 10 +------ 4 files changed, 8 insertions(+), 56 deletions(-) diff --git a/src/controllers/StatsClientController.ts b/src/controllers/StatsClientController.ts index b291c41..1aa46a2 100644 --- a/src/controllers/StatsClientController.ts +++ b/src/controllers/StatsClientController.ts @@ -1,7 +1,7 @@ import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post } from 'routing-controllers'; import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi'; import { getConnectionManager, Repository } from 'typeorm'; -import { StatsClientIdsNotMatchingError, StatsClientNotFoundError } from '../errors/StatsClientErrors'; +import { StatsClientNotFoundError } from '../errors/StatsClientErrors'; import { TrackNotFoundError } from "../errors/TrackErrors"; import { CreateStatsClient } from '../models/actions/CreateStatsClient'; import { StatsClient } from '../models/entities/StatsClient'; @@ -23,7 +23,7 @@ export class StatsClientController { @Get() @Authorized("STATSCLIENT:GET") @ResponseSchema(ResponseStatsClient, { isArray: true }) - @OpenAPI({ description: 'Lists all stats clients. Please remember that the key can only be viewed on creation and update.' }) + @OpenAPI({ description: 'Lists all stats clients. Please remember that the key can only be viewed on creation.' }) async getAll() { let responseClients: ResponseStatsClient[] = new Array(); const clients = await this.clientRepository.find(); @@ -38,7 +38,7 @@ export class StatsClientController { @ResponseSchema(ResponseStatsClient) @ResponseSchema(StatsClientNotFoundError, { statusCode: 404 }) @OnUndefined(StatsClientNotFoundError) - @OpenAPI({ description: "Lists all information about the stats client whose id got provided. Please remember that the key can only be viewed on creation and update" }) + @OpenAPI({ description: "Lists all information about the stats client whose id got provided. Please remember that the key can only be viewed on creation." }) async getOne(@Param('id') id: number) { let client = await this.clientRepository.findOne({ id: id }); if (!client) { throw new TrackNotFoundError(); } @@ -48,39 +48,17 @@ export class StatsClientController { @Post() @Authorized("STATSCLIENT:CREATE") @ResponseSchema(ResponseStatsClient) - @OpenAPI({ description: "Create a new stats client.
Please remember that the client\'s key will be generated automaticly and that it can only be viewed on creation and update." }) + @OpenAPI({ description: "Create a new stats client.
Please remember that the client\'s key will be generated automaticly and that it can only be viewed on creation." }) async post( @Body({ validate: true }) client: CreateStatsClient ) { let newClient = await this.clientRepository.save(await client.toStatsClient()); let responseClient = new ResponseStatsClient(newClient); - responseClient.key = newClient.key; + responseClient.key = newClient.cleartextkey; return responseClient; } - - // @Put('/:id') - // @Authorized("STATSCLIENT:UPDATE") - // @ResponseSchema(ResponseStatsClient) - // @ResponseSchema(StatsClientNotFoundError, { statusCode: 404 }) - // @ResponseSchema(StatsClientIdsNotMatchingError, { statusCode: 406 }) - // @OpenAPI({ description: "Update the stats client whose id you provided.
Please remember that ids can't be changed." }) - // async put(@Param('id') id: number, @EntityFromBody() track: Track) { - // let oldTrack = await this.trackRepository.findOne({ id: id }); - - // if (!oldTrack) { - // throw new StatsClientNotFoundError(); - // } - - // if (oldTrack.id != track.id) { - // throw new StatsClientIdsNotMatchingError(); - // } - - // await this.trackRepository.save(track); - // return new ResponseTrack(track); - // } - @Delete('/:id') @Authorized("STATSCLIENT:DELETE") @ResponseSchema(ResponseStatsClient) diff --git a/src/models/actions/CreateStatsClient.ts b/src/models/actions/CreateStatsClient.ts index 27c99e3..40172e5 100644 --- a/src/models/actions/CreateStatsClient.ts +++ b/src/models/actions/CreateStatsClient.ts @@ -1,5 +1,5 @@ import * as argon2 from "argon2"; -import { IsBoolean, IsOptional, IsString } from 'class-validator'; +import { IsOptional, IsString } from 'class-validator'; import crypto from 'crypto'; import * as uuid from 'uuid'; import { StatsClient } from '../entities/StatsClient'; @@ -15,13 +15,6 @@ export class CreateStatsClient { @IsOptional() description?: string; - /** - * Is the new client enabled. - */ - @IsBoolean() - @IsOptional() - enabled?: boolean; - /** * Converts this to a StatsClient entity. */ @@ -35,9 +28,6 @@ export class CreateStatsClient { newClient.key = await argon2.hash(newClient.prefix + "." + newUUID); newClient.cleartextkey = newClient.prefix + "." + newUUID; - if (this.enabled === undefined || this.enabled === null) { newClient.enabled = true; } - else { newClient.enabled = this.enabled } - return newClient; } } \ No newline at end of file diff --git a/src/models/entities/StatsClient.ts b/src/models/entities/StatsClient.ts index 0dff112..493a8da 100644 --- a/src/models/entities/StatsClient.ts +++ b/src/models/entities/StatsClient.ts @@ -1,4 +1,4 @@ -import { IsBoolean, IsInt, IsOptional, IsString } from "class-validator"; +import { IsInt, IsOptional, IsString } from "class-validator"; import { Column, Entity, PrimaryGeneratedColumn } from "typeorm"; /** * Defines the StatsClient entity. @@ -22,14 +22,6 @@ export class StatsClient { @IsString() description?: string; - /** - * Is the client enabled (for fraud and setup reasons)? - * Default: true - */ - @Column() - @IsBoolean() - enabled: boolean = true; - /** * The client's api key prefix. * This is used identitfy a client by it's api key. diff --git a/src/models/responses/ResponseStatsClient.ts b/src/models/responses/ResponseStatsClient.ts index b9ae535..4028e2a 100644 --- a/src/models/responses/ResponseStatsClient.ts +++ b/src/models/responses/ResponseStatsClient.ts @@ -1,5 +1,4 @@ import { - IsBoolean, IsInt, @@ -27,12 +26,6 @@ export class ResponseStatsClient { @IsOptional() description?: string; - /** - * Is the client enabled? - */ - @IsBoolean() - enabled: boolean; - /** * The client's api key. * Only visible on creation or regeneration. @@ -55,8 +48,7 @@ export class ResponseStatsClient { public constructor(client: StatsClient) { this.id = client.id; this.description = client.description; - this.enabled = client.enabled; this.prefix = client.prefix; - this.key = "Only visible on creation/update."; + this.key = "Only visible on creation."; } }