feat: Add legal requirements (#1306)

2025-12-19 01:12:02 +03:00 · 2025-08-21 15:10:02 +02:00
parent bb40a22563
commit 2f4bcb0583
122 changed files with 1522 additions and 81 deletions
--- a/server/api/controllers/access-tokens/revoke-pending-token.js
+++ b/server/api/controllers/access-tokens/revoke-pending-token.js
@@ -0,0 +1,49 @@
+/*!
+ * Copyright (c) 2024 PLANKA Software GmbH
+ * Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
+ */
+
+const Errors = {
+  PENDING_TOKEN_NOT_FOUND: {
+    pendingTokenNotFound: 'Pending token not found',
+  },
+};
+
+module.exports = {
+  inputs: {
+    pendingToken: {
+      type: 'string',
+      maxLength: 1024,
+      required: true,
+    },
+  },
+
+  exits: {
+    pendingTokenNotFound: {
+      responseType: 'notFound',
+    },
+  },
+
+  async fn(inputs) {
+    const { httpOnlyToken } = this.req.cookies;
+    let session = await Session.qm.getOneUndeletedByPendingToken(inputs.pendingToken);
+
+    if (!session) {
+      throw Errors.PENDING_TOKEN_NOT_FOUND;
+    }
+
+    if (session.httpOnlyToken && httpOnlyToken !== session.httpOnlyToken) {
+      throw Errors.PENDING_TOKEN_NOT_FOUND; // Forbidden
+    }
+
+    session = await Session.qm.deleteOneById(session.id);
+
+    if (session.httpOnlyToken && !this.req.isSocket) {
+      sails.helpers.utils.clearHttpOnlyTokenCookie(this.res);
+    }
+
+    return {
+      item: null,
+    };
+  },
+};