starred/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2025-12-17 17:23:25 +03:00
Code Issues 418 Packages Projects Releases 12 Wiki Activity
Files
203fbd152d166a73381532d9ffa66a39a72a4779
planka/server/api/controllers/access-tokens/accept-terms.js
Maksim Eltyshev 4d77a1f596 feat: Track storage usage
2025-08-23 00:03:20 +02:00

134 lines
3.3 KiB
JavaScript
Raw Blame History

/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { getRemoteAddress } = require('../../../utils/remote-address');
const { AccessTokenSteps } = require('../../../constants');
const Errors = {
INVALID_PENDING_TOKEN: {
invalidPendingToken: 'Invalid pending token',
},
INVALID_SIGNATURE: {
invalidSignature: 'Invalid signature',
},
ADMIN_LOGIN_REQUIRED_TO_INITIALIZE_INSTANCE: {
adminLoginRequiredToInitializeInstance: 'Admin login required to initialize instance',
},
};
module.exports = {
inputs: {
pendingToken: {
type: 'string',
maxLength: 1024,
required: true,
},
signature: {
type: 'string',
minLength: 64,
maxLength: 64,
required: true,
},
},
exits: {
invalidPendingToken: {
responseType: 'unauthorized',
},
invalidSignature: {
responseType: 'forbidden',
},
adminLoginRequiredToInitializeInstance: {
responseType: 'forbidden',
},
},
async fn(inputs) {
const remoteAddress = getRemoteAddress(this.req);
const { httpOnlyToken } = this.req.cookies;
try {
payload = sails.helpers.utils.verifyJwtToken(inputs.pendingToken);
} catch (error) {
if (error.raw.name === 'TokenExpiredError') {
throw Errors.INVALID_PENDING_TOKEN;
}
sails.log.warn(`Invalid pending token! (IP: ${remoteAddress})`);
throw Errors.INVALID_PENDING_TOKEN;
}
if (payload.subject !== AccessTokenSteps.ACCEPT_TERMS) {
throw Errors.INVALID_PENDING_TOKEN;
}
let session = await Session.qm.getOneUndeletedByPendingToken(inputs.pendingToken);
if (!session) {
sails.log.warn(`Invalid pending token! (IP: ${remoteAddress})`);
throw Errors.INVALID_PENDING_TOKEN;
}
if (session.httpOnlyToken && httpOnlyToken !== session.httpOnlyToken) {
throw Errors.INVALID_PENDING_TOKEN;
}
let user = await User.qm.getOneById(session.userId, {
withDeactivated: false,
});
if (!user) {
throw Errors.INVALID_PENDING_TOKEN; // TODO: introduce separate error?
}
if (!user.termsSignature) {
const termsSignature = sails.hooks.terms.getSignatureByUserRole(user.role);
if (inputs.signature !== termsSignature) {
throw Errors.INVALID_SIGNATURE;
}
({ user } = await User.qm.updateOne(user.id, {
termsSignature,
termsAcceptedAt: new Date().toISOString(),
}));
}
const config = await Config.qm.getOneMain();
if (!config.isInitialized) {
if (user.role === User.Roles.ADMIN) {
await Config.qm.updateOneMain({
isInitialized: true,
});
} else {
throw Errors.ADMIN_LOGIN_REQUIRED_TO_INITIALIZE_INSTANCE;
}
}
const { token: accessToken, payload: accessTokenPayload } = sails.helpers.utils.createJwtToken(
user.id,
);
session = await Session.qm.updateOne(session.id, {
accessToken,
pendingToken: null,
});
if (session.httpOnlyToken && !this.req.isSocket) {
sails.helpers.utils.setHttpOnlyTokenCookie(
session.httpOnlyToken,
accessTokenPayload,
this.res,
);
}
return {
item: accessToken,
};
},
};
Reference in New Issue View Git Blame Copy Permalink