Merge pull request #441 from linkwarden/feat/api-keys

Feat/api keys

lib/api/controllers/tokens/getTokens.ts

@@ -0,0 +1,21 @@
+import { prisma } from "@/lib/api/db";
+
+export default async function getToken(userId: number) {
+  const getTokens = await prisma.accessToken.findMany({
+    where: {
+      userId,
+      revoked: false,
+    },
+    select: {
+      id: true,
+      name: true,
+      expires: true,
+      createdAt: true,
+    },
+  });
+
+  return {
+    response: getTokens,
+    status: 200,
+  };
+}

lib/api/controllers/tokens/postToken.ts

@@ -0,0 +1,92 @@
+import { prisma } from "@/lib/api/db";
+import { TokenExpiry } from "@/types/global";
+import crypto from "crypto";
+import { decode, encode } from "next-auth/jwt";
+
+export default async function postToken(
+  body: {
+    name: string;
+    expires: TokenExpiry;
+  },
+  userId: number
+) {
+  console.log(body);
+
+  const checkHasEmptyFields = !body.name || body.expires === undefined;
+
+  if (checkHasEmptyFields)
+    return {
+      response: "Please fill out all the fields.",
+      status: 400,
+    };
+
+  const checkIfTokenExists = await prisma.accessToken.findFirst({
+    where: {
+      name: body.name,
+      revoked: false,
+      userId,
+    },
+  });
+
+  if (checkIfTokenExists) {
+    return {
+      response: "Token with that name already exists.",
+      status: 400,
+    };
+  }
+
+  const now = Date.now();
+  let expiryDate = new Date();
+  const oneDayInSeconds = 86400;
+  let expiryDateSecond = 7 * oneDayInSeconds;
+
+  if (body.expires === TokenExpiry.oneMonth) {
+    expiryDate.setDate(expiryDate.getDate() + 30);
+    expiryDateSecond = 30 * oneDayInSeconds;
+  } else if (body.expires === TokenExpiry.twoMonths) {
+    expiryDate.setDate(expiryDate.getDate() + 60);
+    expiryDateSecond = 60 * oneDayInSeconds;
+  } else if (body.expires === TokenExpiry.threeMonths) {
+    expiryDate.setDate(expiryDate.getDate() + 90);
+    expiryDateSecond = 90 * oneDayInSeconds;
+  } else if (body.expires === TokenExpiry.never) {
+    expiryDate.setDate(expiryDate.getDate() + 73000); // 200 years (not really never)
+    expiryDateSecond = 73050 * oneDayInSeconds;
+  } else {
+    expiryDate.setDate(expiryDate.getDate() + 7);
+    expiryDateSecond = 7 * oneDayInSeconds;
+  }
+
+  const token = await encode({
+    token: {
+      id: userId,
+      iat: now / 1000,
+      exp: (expiryDate as any) / 1000,
+      jti: crypto.randomUUID(),
+    },
+    maxAge: expiryDateSecond || 604800,
+    secret: process.env.NEXTAUTH_SECRET,
+  });
+
+  const tokenBody = await decode({
+    token,
+    secret: process.env.NEXTAUTH_SECRET,
+  });
+
+  const createToken = await prisma.accessToken.create({
+    data: {
+      name: body.name,
+      userId,
+      token: tokenBody?.jti as string,
+      expires: expiryDate,
+    },
+  });
+
+  return {
+    response: {
+      secretKey: token,
+      token: createToken,
+    },
+    status: 200,
+  };
+}

lib/api/controllers/tokens/tokenId/deleteTokenById.ts

@@ -0,0 +1,24 @@
+import { prisma } from "@/lib/api/db";
+
+export default async function deleteToken(userId: number, tokenId: number) {
+  if (!tokenId)
+    return { response: "Please choose a valid token.", status: 401 };
+
+  const tokenExists = await prisma.accessToken.findFirst({
+    where: {
+      id: tokenId,
+      userId,
+    },
+  });
+
+  const revokedToken = await prisma.accessToken.update({
+    where: {
+      id: tokenExists?.id,
+    },
+    data: {
+      revoked: true,
+    },
+  });
+
+  return { response: revokedToken, status: 200 };
+}

lib/api/verifyToken.ts

@@ -0,0 +1,36 @@
+import { NextApiRequest } from "next";
+import { JWT, getToken } from "next-auth/jwt";
+import { prisma } from "./db";
+
+type Props = {
+  req: NextApiRequest;
+};
+
+export default async function verifyToken({
+  req,
+}: Props): Promise<JWT | string> {
+  const token = await getToken({ req });
+  const userId = token?.id;
+
+  if (!userId) {
+    return "You must be logged in.";
+  }
+
+  if (token.exp < Date.now() / 1000) {
+    return "Your session has expired, please log in again.";
+  }
+
+  // check if token is revoked
+  const revoked = await prisma.accessToken.findFirst({
+    where: {
+      token: token.jti,
+      revoked: true,
+    },
+  });
+
+  if (revoked) {
+    return "Your session has expired, please log in again.";
+  }
+
+  return token;
+}

lib/api/verifyUser.ts

@@ -1,8 +1,8 @@
 import { NextApiRequest, NextApiResponse } from "next";
-import { getToken } from "next-auth/jwt";
 import { prisma } from "./db";
 import { User } from "@prisma/client";
 import verifySubscription from "./verifySubscription";
+import verifyToken from "./verifyToken";
 
 type Props = {
   req: NextApiRequest;
@@ -15,14 +15,15 @@ export default async function verifyUser({
   req,
   res,
 }: Props): Promise<User | null> {
-  const token = await getToken({ req });
-  const userId = token?.id;
+  const token = await verifyToken({ req });
 
-  if (!userId) {
-    res.status(401).json({ response: "You must be logged in." });
+  if (typeof token === "string") {
+    res.status(401).json({ response: token });
     return null;
   }
 
+  const userId = token?.id;
+
   const user = await prisma.user.findUnique({
     where: {
       id: userId,