Docker/planka
Docker/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2025-07-18 20:59:44 +02:00
Code Issues Releases Activity

Merge 846b0579b3 into fdac299fc7

Browse source
This commit is contained in:
Samuel 2025-07-18 09:22:15 +02:00 committed by GitHub
commit ffafa8c8f1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
10 changed files with 295 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

51
server/api/controllers/api-key/create.js Normal file
View file

@ -0,0 +1,51 @@
/*!
* Copyright (c) 2025 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
USER_NOT_FOUND: {
userNotFound: 'User not found',
},
ALREADY_EXISTS: {
alreadyExists: 'API key already exists',
},
};
module.exports = {
inputs: {
id: {
...idInput,
required: true,
},
},
exits: {
userNotFound: {
responseType: 'notFound',
},
alreadyExists: {
responseType: 'conflict',
},
},
async fn(inputs) {
const { id } = inputs;
const { apiKey } = await sails.helpers.apiKey.createAndStore
.with({
id,
cycle: false,
})
.intercept('alreadyExists', () => Errors.ALREADY_EXISTS)
.intercept('userNotFound', () => Errors.USER_NOT_FOUND);
return {
item: {
apiKey,
},
};
},
};

51
server/api/controllers/api-key/cycle.js Normal file
View file

@ -0,0 +1,51 @@
/*!
* Copyright (c) 2025 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
USER_NOT_FOUND: {
userNotFound: 'User not found',
},
DOES_NOT_EXIST: {
doesNotExist: 'User does not have an API key',
},
};
module.exports = {
inputs: {
id: {
...idInput,
required: true,
},
},
exits: {
userNotFound: {
responseType: 'notFound',
},
doesNotExist: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { id } = inputs;
const { apiKey } = await sails.helpers.apiKey.createAndStore
.with({
id,
cycle: true,
})
.intercept('doesNotExist', () => Errors.DOES_NOT_EXIST)
.intercept('userNotFound', () => Errors.USER_NOT_FOUND);
return {
item: {
apiKey,
},
};
},
};

50
server/api/controllers/api-key/delete.js Normal file
View file

@ -0,0 +1,50 @@
/*!
* Copyright (c) 2025 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
USER_NOT_FOUND: {
userNotFound: 'User not found',
},
DOES_NOT_EXIST: {
doesNotExist: 'User does not have an API key',
},
};
module.exports = {
inputs: {
id: {
...idInput,
required: true,
},
},
exits: {
userNotFound: {
responseType: 'notFound',
},
doesNotExist: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { id } = inputs;
await sails.helpers.apiKey.deleteOne
.with({
id,
})
.intercept('doesNotExist', () => Errors.DOES_NOT_EXIST)
.intercept('userNotFound', () => Errors.USER_NOT_FOUND);
return {
item: {
success: true,
},
};
},
};

48
server/api/helpers/api-key/create-and-store.js Normal file
View file

@ -0,0 +1,48 @@
const bcrypt = require('bcrypt');
const { v4: uuidv4 } = require('uuid');
const crypto = require('crypto');
const { idInput } = require('../../../utils/inputs');
module.exports = {
inputs: {
id: {
...idInput,
required: true,
},
cycle: { type: 'boolean', defaultsTo: false },
},
exits: {
userNotFound: {},
alreadyExists: {},
doesNotExist: {},
},
async fn(inputs) {
const { id, cycle } = inputs;
const user = await User.findOne({ id });
if (!user) throw 'userNotFound';
if (user.apiKeyHash && !cycle) throw 'alreadyExists';
if (!user.apiKeyHash && cycle) throw 'doesNotExist';
const prefix = `${Number(id).toString(36).padStart(8, '0')}${crypto
.randomBytes(4)
.toString('hex')}`;
const rawKey = `${prefix}.${uuidv4().replace(
/-/g,
'',
)}${crypto.randomBytes(16).toString('hex')}`;
const hash = await bcrypt.hash(rawKey, 12);
await User.updateOne({ id }).set({
apiKeyPrefix: prefix,
apiKeyHash: hash,
});
return { apiKey: rawKey };
},
};

35
server/api/helpers/api-key/delete-one.js Normal file
View file

@ -0,0 +1,35 @@
/*!
* Copyright (c) 2025 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
module.exports = {
inputs: {
id: {
...idInput,
required: true,
},
},
exits: {
userNotFound: {},
doesNotExist: {},
},
async fn(inputs) {
const { id } = inputs;
const user = await User.findOne({ id });
if (!user) throw 'userNotFound';
if (!user.apiKeyHash) throw 'doesNotExist';
await User.updateOne({ id }).set({
apiKeyPrefix: null,
apiKeyHash: null,
});
return { success: true };
},
};

13
server/api/models/User.js
View file

@ -204,6 +204,19 @@ module.exports = {
type: 'ref', type: 'ref',
columnName: 'password_changed_at', columnName: 'password_changed_at',
}, },
apiKeyPrefix: {
type: 'string',
columnName: 'api_key_prefix',
isNotEmptyString: true,
allowNull: true,
unique: true,
},
apiKeyHash: {
type: 'string',
columnName: 'api_key_hash',
isNotEmptyString: true,
allowNull: true,
},
// ╔═╗╔╦╗╔╗ ╔═╗╔╦╗╔═╗ // ╔═╗╔╦╗╔╗ ╔═╗╔╦╗╔═╗
// ║╣ ║║║╠╩╗║╣ ║║╚═╗ // ║╣ ║║║╠╩╗║╣ ║║╚═╗

21
server/api/policies/is-authenticated.js
View file

@ -3,10 +3,29 @@
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md * Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/ */
const bcrypt = require('bcrypt');
const API_KEY_HEADER = 'x-api-key';
module.exports = async function isAuthenticated(req, res, proceed) { module.exports = async function isAuthenticated(req, res, proceed) {
if (!req.currentUser) { if (req.currentUser) return proceed();
const apiKeyHeader = req.headers[API_KEY_HEADER.toLowerCase()];
if (!apiKeyHeader) {
return res.unauthorized('Access token is missing, invalid or expired'); return res.unauthorized('Access token is missing, invalid or expired');
} }
if (!apiKeyHeader.includes('.')) return res.unauthorized('Invalid API key');
const [prefix] = apiKeyHeader.split('.');
if (!prefix) return res.unauthorized('Invalid API key');
const user = await User.findOne({ apiKeyPrefix: prefix, apiKeyHash: { '!=': null } });
if (!user) return res.unauthorized('Invalid API key');
const isMatch = await bcrypt.compare(apiKeyHeader, user.apiKeyHash);
if (!isMatch) return res.unauthorized('Invalid API key');
req.currentUser = user;
return proceed(); return proceed();
}; };

4
server/config/policies.js
View file

@ -33,6 +33,10 @@ module.exports.policies = {
'users/update-avatar': 'is-authenticated', 'users/update-avatar': 'is-authenticated',
'users/delete': ['is-authenticated', 'is-admin'], 'users/delete': ['is-authenticated', 'is-admin'],
'api-keys/create': ['is-authenticated', 'is-admin'],
'api-keys/cycle': ['is-authenticated', 'is-admin'],
'api-keys/delete': ['is-authenticated', 'is-admin'],
'projects/create': ['is-authenticated', 'is-external', 'is-admin-or-project-owner'], 'projects/create': ['is-authenticated', 'is-external', 'is-admin-or-project-owner'],
'config/show': true, 'config/show': true,

4
server/config/routes.js
View file

@ -83,6 +83,10 @@ module.exports.routes = {
'POST /api/users/:id/avatar': 'users/update-avatar', 'POST /api/users/:id/avatar': 'users/update-avatar',
'DELETE /api/users/:id': 'users/delete', 'DELETE /api/users/:id': 'users/delete',
'POST /api/users/:id/api-key': 'api-key/create',
'PATCH /api/users/:id/api-key': 'api-key/cycle',
'DELETE /api/users/:id/api-key': 'api-key/delete',
'GET /api/projects': 'projects/index', 'GET /api/projects': 'projects/index',
'POST /api/projects': 'projects/create', 'POST /api/projects': 'projects/create',
'GET /api/projects/:id': 'projects/show', 'GET /api/projects/:id': 'projects/show',

19
server/db/migrations/20250712223423_add_api_key_fields_to_user.js Normal file
View file

@ -0,0 +1,19 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
exports.up = (knex) => {
return knex.schema.alterTable('user_account', (table) => {
table.string('api_key_prefix', 255).unique().nullable();
table.string('api_key_hash', 255).nullable();
});
};
exports.down = (knex) => {
return knex.schema.alterTable('user_account', (table) => {
table.dropUnique(['api_key_prefix']);
table.dropColumn('api_key_prefix');
table.dropColumn('api_key_hash');
});
};