feat: add ability to review and revoke clients

2025-04-05 17:42:32 +11:00
parent 7263ec53ac
commit 2cbee3d495
14 changed files with 248 additions and 54 deletions
@@ -27,7 +27,8 @@ export default defineEventHandler(async (h3) => {
    take: parseInt(query.limit as string),
    skip: parseInt(query.skip as string),
    orderBy: orderBy,
-    ...(tags && { tags: tags.map((e) => e.toString()) }),
+    ...(tags && { tags: tags
+      .map((e) => e.toString()) }),
    search: query.search as string,
  };

@@ -3,47 +3,60 @@ import capabilityManager, {
  validCapabilities,
 } from "~/server/internal/clients/capabilities";
 import { defineClientEventHandler } from "~/server/internal/clients/event-handler";
+import notificationSystem from "~/server/internal/notifications";

-export default defineClientEventHandler(async (h3, { clientId }) => {
-  const body = await readBody(h3);
-  const rawCapability = body.capability;
-  const configuration = body.configuration;
+export default defineClientEventHandler(
+  async (h3, { clientId, fetchClient, fetchUser }) => {
+    const body = await readBody(h3);
+    const rawCapability = body.capability;
+    const configuration = body.configuration;

-  if (!rawCapability || typeof rawCapability !== "string")
-    throw createError({
-      statusCode: 400,
-      statusMessage: "capability must be a string",
+    if (!rawCapability || typeof rawCapability !== "string")
+      throw createError({
+        statusCode: 400,
+        statusMessage: "capability must be a string",
+      });
+
+    if (!configuration || typeof configuration !== "object")
+      throw createError({
+        statusCode: 400,
+        statusMessage: "configuration must be an object",
+      });
+
+    const capability = rawCapability as InternalClientCapability;
+
+    if (!validCapabilities.includes(capability))
+      throw createError({
+        statusCode: 400,
+        statusMessage: "Invalid capability.",
+      });
+
+    const isValid = await capabilityManager.validateCapabilityConfiguration(
+      capability,
+      configuration
+    );
+    if (!isValid)
+      throw createError({
+        statusCode: 400,
+        statusMessage: "Invalid capability configuration.",
+      });
+
+    await capabilityManager.upsertClientCapability(
+      capability,
+      configuration,
+      clientId
+    );
+
+    const client = await fetchClient();
+    const user = await fetchUser();
+
+    await notificationSystem.push(user.id, {
+      nonce: `capability-${clientId}-${capability}`,
+      title: `"${client.name}" can now access ${capability}`,
+      description: `A device called "${client.name}" now has access to your ${capability}.`,
+      actions: ["Review|/account/devices"],
    });

-  if (!configuration || typeof configuration !== "object")
-    throw createError({
-      statusCode: 400,
-      statusMessage: "configuration must be an object",
-    });
-
-  const capability = rawCapability as InternalClientCapability;
-
-  if (!validCapabilities.includes(capability))
-    throw createError({
-      statusCode: 400,
-      statusMessage: "Invalid capability.",
-    });
-
-  const isValid = await capabilityManager.validateCapabilityConfiguration(
-    capability,
-    configuration
-  );
-  if (!isValid)
-    throw createError({
-      statusCode: 400,
-      statusMessage: "Invalid capability configuration.",
-    });
-
-  await capabilityManager.upsertClientCapability(
-    capability,
-    configuration,
-    clientId
-  );
-
-  return {};
-});
+    return {};
+  }
+);
@@ -0,0 +1,17 @@
+import aclManager from "~/server/internal/acls";
+import clientHandler from "~/server/internal/clients/handler";
+import prisma from "~/server/internal/db/database";
+
+export default defineEventHandler(async (h3) => {
+  const userId = await aclManager.getUserIdACL(h3, ["clients:revoke"]);
+  if (!userId) throw createError({ statusCode: 403 });
+
+  const clientId = getRouterParam(h3, "id");
+  if (!clientId)
+    throw createError({
+      statusCode: 400,
+      statusMessage: "Client ID missing in route params",
+    });
+
+  await clientHandler.removeClient(clientId);
+});
@@ -0,0 +1,15 @@
+import aclManager from "~/server/internal/acls";
+import prisma from "~/server/internal/db/database";
+
+export default defineEventHandler(async (h3) => {
+  const userId = await aclManager.getUserIdACL(h3, ["clients:read"]);
+  if (!userId) throw createError({ statusCode: 403 });
+
+  const clients = await prisma.client.findMany({
+    where: {
+      userId,
+    },
+  });
+
+  return clients;
+});