1
This commit is contained in:
张成
@@ -45,6 +45,21 @@ module.exports = {
|
||||
warn: result.warn,
|
||||
});
|
||||
},
|
||||
"POST /biz_token/edit": async (ctx) => {
|
||||
const body = ctx.getBody();
|
||||
const row = await tokenLogic.updateToken(body);
|
||||
await audit.logAudit({
|
||||
admin_user_id: audit.pickAdminId(ctx),
|
||||
biz_user_id: row.user_id,
|
||||
action: "biz_token.edit",
|
||||
resource_type: "biz_api_token",
|
||||
resource_id: row.id,
|
||||
detail: { token_name: row.token_name, key: row.key },
|
||||
});
|
||||
const plain = row.get ? row.get({ plain: true }) : { ...row };
|
||||
delete plain.secret_cipher;
|
||||
ctx.success(plain);
|
||||
},
|
||||
"POST /biz_token/revoke": async (ctx) => {
|
||||
const body = ctx.getBody();
|
||||
const row = await tokenLogic.revokeToken(body);
|
||||
|
||||
@@ -1,5 +1,10 @@
|
||||
const Sequelize = require("sequelize");
|
||||
|
||||
/**
|
||||
* 业务 API Token(管理端页面:admin/src/views/subscription/tokens.vue)
|
||||
* 动态路由 component 与 admin/src/router/component-map.js 中
|
||||
* subscription/token 或 subscription/biz_api_token 对应。
|
||||
*/
|
||||
module.exports = (db) => {
|
||||
const biz_api_token = db.define(
|
||||
"biz_api_token",
|
||||
|
||||
@@ -3,6 +3,7 @@ const Sequelize = require("sequelize");
|
||||
const op = Sequelize.Op;
|
||||
const baseModel = require("../../middleware/baseModel");
|
||||
const biz_token_secret_cipher = require("../utils/biz_token_secret_cipher");
|
||||
const { normalize_for_write } = require("../utils/query_helpers");
|
||||
|
||||
const MAX_TOKENS_PER_USER = 5;
|
||||
|
||||
@@ -74,6 +75,35 @@ async function createToken(body) {
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* 管理端编辑:名称、账号 key、过期时间(不改密钥)
|
||||
*/
|
||||
async function updateToken(body) {
|
||||
const id = body.id;
|
||||
if (id == null || id === "") throw new Error("缺少 id");
|
||||
const row = await baseModel.biz_api_token.findByPk(id);
|
||||
if (!row) throw new Error("Token 不存在");
|
||||
|
||||
const payload = normalize_for_write(
|
||||
baseModel.biz_api_token,
|
||||
{
|
||||
token_name: body.token_name,
|
||||
key: body.key,
|
||||
expire_at: body.expire_at,
|
||||
},
|
||||
{ for_create: false }
|
||||
);
|
||||
const patch = {};
|
||||
if (payload.token_name !== undefined) patch.token_name = payload.token_name;
|
||||
if (payload.key !== undefined) patch.key = payload.key;
|
||||
if (payload.expire_at !== undefined) patch.expire_at = payload.expire_at;
|
||||
if (Object.keys(patch).length === 0) throw new Error("没有可更新字段");
|
||||
|
||||
await row.update(patch);
|
||||
await row.reload();
|
||||
return row;
|
||||
}
|
||||
|
||||
async function revokeToken(body) {
|
||||
const id = body.id;
|
||||
if (id == null) throw new Error("缺少 id");
|
||||
@@ -130,6 +160,7 @@ async function revokeAllForUser(userId) {
|
||||
module.exports = {
|
||||
hashPlainToken,
|
||||
createToken,
|
||||
updateToken,
|
||||
regenerateToken,
|
||||
revokeToken,
|
||||
revokeAllForUser,
|
||||
|
||||
Reference in New Issue
Block a user