From 9568e8fe6ba3d02f00b9fa964bfd563a501df578 Mon Sep 17 00:00:00 2001 From: CaiCandong <1290147055@qq.com> Date: Fri, 4 Aug 2023 14:24:10 +0800 Subject: [PATCH 1/5] refator --- routers/api/v1/api.go | 14 ++- routers/api/v1/user/app.go | 21 +--- templates/swagger/v1_json.tmpl | 207 +++++++++++++++------------------ 3 files changed, 105 insertions(+), 137 deletions(-) diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index 397eb105582b0..eb4b1c492985d 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -796,11 +796,6 @@ func Routes() *web.Route { } m.Get("/repos", tokenRequiresScopes(auth_model.AccessTokenScopeCategoryRepository), reqExploreSignIn(), user.ListUserRepos) - m.Group("/tokens", func() { - m.Combo("").Get(user.ListAccessTokens). - Post(bind(api.CreateAccessTokenOption{}), reqToken(), user.CreateAccessToken) - m.Combo("/{id}").Delete(reqToken(), user.DeleteAccessToken) - }, reqBasicAuth()) m.Get("/activities/feeds", user.ListUserActivityFeeds) }, context_service.UserAssignmentAPI()) @@ -824,6 +819,15 @@ func Routes() *web.Route { }, context_service.UserAssignmentAPI()) }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser), reqToken()) + // User (requires user scope) + m.Group("user", func() { + m.Group("/tokens", func() { + m.Combo("").Get(user.ListAccessTokens). + Post(bind(api.CreateAccessTokenOption{}), reqToken(), user.CreateAccessToken) + m.Combo("/{id}").Delete(reqToken(), user.DeleteAccessToken) + }, reqBasicAuth()) + }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser)) + // Users (requires user scope) m.Group("/user", func() { m.Get("", user.GetAuthenticatedUser) diff --git a/routers/api/v1/user/app.go b/routers/api/v1/user/app.go index f89d53945fa0b..7d8f0ea7c502c 100644 --- a/routers/api/v1/user/app.go +++ b/routers/api/v1/user/app.go @@ -21,17 +21,12 @@ import ( // ListAccessTokens list all the access tokens func ListAccessTokens(ctx *context.APIContext) { - // swagger:operation GET /users/{username}/tokens user userGetTokens + // swagger:operation GET /user/tokens user userGetTokens // --- // summary: List the authenticated user's access tokens // produces: // - application/json // parameters: - // - name: username - // in: path - // description: username of user - // type: string - // required: true // - name: page // in: query // description: page number of results to return (1-based) @@ -73,7 +68,7 @@ func ListAccessTokens(ctx *context.APIContext) { // CreateAccessToken create access tokens func CreateAccessToken(ctx *context.APIContext) { - // swagger:operation POST /users/{username}/tokens user userCreateToken + // swagger:operation POST /user/tokens user userCreateToken // --- // summary: Create an access token // consumes: @@ -81,11 +76,6 @@ func CreateAccessToken(ctx *context.APIContext) { // produces: // - application/json // parameters: - // - name: username - // in: path - // description: username of user - // required: true - // type: string // - name: body // in: body // schema: @@ -134,17 +124,12 @@ func CreateAccessToken(ctx *context.APIContext) { // DeleteAccessToken delete access tokens func DeleteAccessToken(ctx *context.APIContext) { - // swagger:operation DELETE /users/{username}/tokens/{token} user userDeleteAccessToken + // swagger:operation DELETE /user/tokens/{token} user userDeleteAccessToken // --- // summary: delete an access token // produces: // - application/json // parameters: - // - name: username - // in: path - // description: username of user - // type: string - // required: true // - name: token // in: path // description: token to be deleted, identified by ID and if not available by name diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl index 8cf5332bafc48..4f0f82dd70dd2 100644 --- a/templates/swagger/v1_json.tmpl +++ b/templates/swagger/v1_json.tmpl @@ -15009,6 +15009,99 @@ } } }, + "/user/tokens": { + "get": { + "produces": [ + "application/json" + ], + "tags": [ + "user" + ], + "summary": "List the authenticated user's access tokens", + "operationId": "userGetTokens", + "parameters": [ + { + "type": "integer", + "description": "page number of results to return (1-based)", + "name": "page", + "in": "query" + }, + { + "type": "integer", + "description": "page size of results", + "name": "limit", + "in": "query" + } + ], + "responses": { + "200": { + "$ref": "#/responses/AccessTokenList" + } + } + }, + "post": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "user" + ], + "summary": "Create an access token", + "operationId": "userCreateToken", + "parameters": [ + { + "name": "body", + "in": "body", + "schema": { + "$ref": "#/definitions/CreateAccessTokenOption" + } + } + ], + "responses": { + "201": { + "$ref": "#/responses/AccessToken" + }, + "400": { + "$ref": "#/responses/error" + } + } + } + }, + "/user/tokens/{token}": { + "delete": { + "produces": [ + "application/json" + ], + "tags": [ + "user" + ], + "summary": "delete an access token", + "operationId": "userDeleteAccessToken", + "parameters": [ + { + "type": "string", + "description": "token to be deleted, identified by ID and if not available by name", + "name": "token", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "$ref": "#/responses/empty" + }, + "404": { + "$ref": "#/responses/notFound" + }, + "422": { + "$ref": "#/responses/error" + } + } + } + }, "/users/search": { "get": { "produces": [ @@ -15561,120 +15654,6 @@ } } }, - "/users/{username}/tokens": { - "get": { - "produces": [ - "application/json" - ], - "tags": [ - "user" - ], - "summary": "List the authenticated user's access tokens", - "operationId": "userGetTokens", - "parameters": [ - { - "type": "string", - "description": "username of user", - "name": "username", - "in": "path", - "required": true - }, - { - "type": "integer", - "description": "page number of results to return (1-based)", - "name": "page", - "in": "query" - }, - { - "type": "integer", - "description": "page size of results", - "name": "limit", - "in": "query" - } - ], - "responses": { - "200": { - "$ref": "#/responses/AccessTokenList" - } - } - }, - "post": { - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "user" - ], - "summary": "Create an access token", - "operationId": "userCreateToken", - "parameters": [ - { - "type": "string", - "description": "username of user", - "name": "username", - "in": "path", - "required": true - }, - { - "name": "body", - "in": "body", - "schema": { - "$ref": "#/definitions/CreateAccessTokenOption" - } - } - ], - "responses": { - "201": { - "$ref": "#/responses/AccessToken" - }, - "400": { - "$ref": "#/responses/error" - } - } - } - }, - "/users/{username}/tokens/{token}": { - "delete": { - "produces": [ - "application/json" - ], - "tags": [ - "user" - ], - "summary": "delete an access token", - "operationId": "userDeleteAccessToken", - "parameters": [ - { - "type": "string", - "description": "username of user", - "name": "username", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "token to be deleted, identified by ID and if not available by name", - "name": "token", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "$ref": "#/responses/empty" - }, - "404": { - "$ref": "#/responses/notFound" - }, - "422": { - "$ref": "#/responses/error" - } - } - } - }, "/version": { "get": { "produces": [ From e17916c2cdb41ddc4ceb9d4e4417ba24cd9d8526 Mon Sep 17 00:00:00 2001 From: CaiCandong <1290147055@qq.com> Date: Fri, 4 Aug 2023 16:07:40 +0800 Subject: [PATCH 2/5] add token operations of admin --- routers/api/v1/admin/user.go | 182 +++++++++++++++++++++++++++++++++ routers/api/v1/api.go | 12 +++ templates/swagger/v1_json.tmpl | 112 ++++++++++++++++++++ 3 files changed, 306 insertions(+) diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go index 4f1e9a3f5373a..37c101330102e 100644 --- a/routers/api/v1/admin/user.go +++ b/routers/api/v1/admin/user.go @@ -8,11 +8,13 @@ import ( "errors" "fmt" "net/http" + "strconv" "strings" "code.gitea.io/gitea/models" asymkey_model "code.gitea.io/gitea/models/asymkey" "code.gitea.io/gitea/models/auth" + auth_model "code.gitea.io/gitea/models/auth" "code.gitea.io/gitea/models/db" user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/modules/auth/password" @@ -530,3 +532,183 @@ func RenameUser(ctx *context.APIContext) { log.Trace("User name changed: %s -> %s", oldName, newName) ctx.Status(http.StatusOK) } + +// ListAccessTokens list all the access tokens +func ListAccessTokens(ctx *context.APIContext) { + // swagger:operation GET /admin/users/{username}/tokens admin listAccessTokens + // --- + // summary: List the user's access tokens of {username} by admin + // produces: + // - application/json + // parameters: + // - name: username + // in: path + // description: username of user + // type: string + // required: true + // - name: page + // in: query + // description: page number of results to return (1-based) + // type: integer + // - name: limit + // in: query + // description: page size of results + // type: integer + // responses: + // "200": + // "$ref": "#/responses/AccessTokenList" + + opts := auth_model.ListAccessTokensOptions{UserID: ctx.ContextUser.ID, ListOptions: utils.GetListOptions(ctx)} + + count, err := auth_model.CountAccessTokens(opts) + if err != nil { + ctx.InternalServerError(err) + return + } + tokens, err := auth_model.ListAccessTokens(opts) + if err != nil { + ctx.InternalServerError(err) + return + } + + apiTokens := make([]*api.AccessToken, len(tokens)) + for i := range tokens { + apiTokens[i] = &api.AccessToken{ + ID: tokens[i].ID, + Name: tokens[i].Name, + TokenLastEight: tokens[i].TokenLastEight, + Scopes: tokens[i].Scope.StringSlice(), + } + } + + ctx.SetTotalCountHeader(count) + ctx.JSON(http.StatusOK, &apiTokens) +} + +// CreateAccessToken create access tokens +func CreateAccessToken(ctx *context.APIContext) { + // swagger:operation POST /admin/users/{username}/tokens admin adminCreateAccessToken + // --- + // summary: Create an access token for {username} by admin + // consumes: + // - application/json + // produces: + // - application/json + // parameters: + // - name: username + // in: path + // description: username of user + // type: string + // required: true + // - name: body + // in: body + // schema: + // "$ref": "#/definitions/CreateAccessTokenOption" + // responses: + // "201": + // "$ref": "#/responses/AccessToken" + // "400": + // "$ref": "#/responses/error" + + form := web.GetForm(ctx).(*api.CreateAccessTokenOption) + + t := &auth_model.AccessToken{ + UID: ctx.ContextUser.ID, + Name: form.Name, + } + + exist, err := auth_model.AccessTokenByNameExists(t) + if err != nil { + ctx.InternalServerError(err) + return + } + if exist { + ctx.Error(http.StatusBadRequest, "AccessTokenByNameExists", errors.New("access token name has been used already")) + return + } + + scope, err := auth_model.AccessTokenScope(strings.Join(form.Scopes, ",")).Normalize() + if err != nil { + ctx.Error(http.StatusBadRequest, "AccessTokenScope.Normalize", fmt.Errorf("invalid access token scope provided: %w", err)) + return + } + t.Scope = scope + + if err := auth_model.NewAccessToken(t); err != nil { + ctx.Error(http.StatusInternalServerError, "NewAccessToken", err) + return + } + ctx.JSON(http.StatusCreated, &api.AccessToken{ + Name: t.Name, + Token: t.Token, + ID: t.ID, + TokenLastEight: t.TokenLastEight, + }) +} + +// DeleteAccessToken delete access tokens +func DeleteAccessToken(ctx *context.APIContext) { + // swagger:operation DELETE /admin/users/{username}/tokens admin adminDeleteAccessToken + // --- + // summary: delete an access token of {username} by admin + // produces: + // - application/json + // parameters: + // - name: username + // in: path + // description: username of user + // type: string + // required: true + // - name: token + // in: path + // description: token to be deleted, identified by ID and if not available by name + // type: string + // required: true + // responses: + // "204": + // "$ref": "#/responses/empty" + // "404": + // "$ref": "#/responses/notFound" + // "422": + // "$ref": "#/responses/error" + + token := ctx.Params(":id") + tokenID, _ := strconv.ParseInt(token, 0, 64) + + if tokenID == 0 { + tokens, err := auth_model.ListAccessTokens(auth_model.ListAccessTokensOptions{ + Name: token, + UserID: ctx.ContextUser.ID, + }) + if err != nil { + ctx.Error(http.StatusInternalServerError, "ListAccessTokens", err) + return + } + + switch len(tokens) { + case 0: + ctx.NotFound() + return + case 1: + tokenID = tokens[0].ID + default: + ctx.Error(http.StatusUnprocessableEntity, "DeleteAccessTokenByID", fmt.Errorf("multiple matches for token name '%s'", token)) + return + } + } + if tokenID == 0 { + ctx.Error(http.StatusInternalServerError, "Invalid TokenID", nil) + return + } + + if err := auth_model.DeleteAccessTokenByID(tokenID, ctx.Doer.ID); err != nil { + if auth_model.IsErrAccessTokenNotExist(err) { + ctx.NotFound() + } else { + ctx.Error(http.StatusInternalServerError, "DeleteAccessTokenByID", err) + } + return + } + + ctx.Status(http.StatusNoContent) +} diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index eb4b1c492985d..233bc157b3a29 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -1354,6 +1354,18 @@ func Routes() *web.Route { m.Get("/activities/feeds", org.ListTeamActivityFeeds) }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryOrganization), orgAssignment(false, true), reqToken(), reqTeamMembership()) + m.Group("/admin", func() { + m.Group("/users", func() { + m.Group("/{username}", func() { + m.Group("/tokens", func() { + m.Combo("").Get(admin.ListAccessTokens). + Post(bind(api.CreateAccessTokenOption{}), reqToken(), admin.CreateAccessToken) + m.Combo("/{id}").Delete(reqToken(), admin.DeleteAccessToken) + }) + }, context_service.UserAssignmentAPI()) + }) + }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryAdmin), reqBasicAuth(), reqSiteAdmin()) + m.Group("/admin", func() { m.Group("/cron", func() { m.Get("", admin.ListCronTasks) diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl index 4f0f82dd70dd2..15c1769d2767f 100644 --- a/templates/swagger/v1_json.tmpl +++ b/templates/swagger/v1_json.tmpl @@ -886,6 +886,118 @@ } } }, + "/admin/users/{username}/tokens": { + "get": { + "produces": [ + "application/json" + ], + "tags": [ + "admin" + ], + "summary": "List the user's access tokens of {username} by admin", + "operationId": "listAccessTokens", + "parameters": [ + { + "type": "string", + "description": "username of user", + "name": "username", + "in": "path", + "required": true + }, + { + "type": "integer", + "description": "page number of results to return (1-based)", + "name": "page", + "in": "query" + }, + { + "type": "integer", + "description": "page size of results", + "name": "limit", + "in": "query" + } + ], + "responses": { + "200": { + "$ref": "#/responses/AccessTokenList" + } + } + }, + "post": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "admin" + ], + "summary": "Create an access token for {username} by admin", + "operationId": "adminCreateAccessToken", + "parameters": [ + { + "type": "string", + "description": "username of user", + "name": "username", + "in": "path", + "required": true + }, + { + "name": "body", + "in": "body", + "schema": { + "$ref": "#/definitions/CreateAccessTokenOption" + } + } + ], + "responses": { + "201": { + "$ref": "#/responses/AccessToken" + }, + "400": { + "$ref": "#/responses/error" + } + } + }, + "delete": { + "produces": [ + "application/json" + ], + "tags": [ + "admin" + ], + "summary": "delete an access token of {username} by admin", + "operationId": "adminDeleteAccessToken", + "parameters": [ + { + "type": "string", + "description": "username of user", + "name": "username", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "token to be deleted, identified by ID and if not available by name", + "name": "token", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "$ref": "#/responses/empty" + }, + "404": { + "$ref": "#/responses/notFound" + }, + "422": { + "$ref": "#/responses/error" + } + } + } + }, "/gitignore/templates": { "get": { "produces": [ From e1e4469ee49a3080a0a6a0ab6178ef53eec1196f Mon Sep 17 00:00:00 2001 From: CaiCandong <1290147055@qq.com> Date: Fri, 4 Aug 2023 16:48:38 +0800 Subject: [PATCH 3/5] keep compatible --- routers/api/v1/api.go | 6 +- routers/api/v1/user/app.go | 103 +++++++++++++++++++++++++++ templates/swagger/v1_json.tmpl | 126 +++++++++++++++++++++++++++++++++ 3 files changed, 234 insertions(+), 1 deletion(-) diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index 233bc157b3a29..f51e9493d739c 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -796,7 +796,11 @@ func Routes() *web.Route { } m.Get("/repos", tokenRequiresScopes(auth_model.AccessTokenScopeCategoryRepository), reqExploreSignIn(), user.ListUserRepos) - + m.Group("/tokens", func() { + m.Combo("").Get(user.ListAccessTokensDeprecated). + Post(bind(api.CreateAccessTokenOption{}), reqToken(), user.CreateAccessTokenDeprecated) + m.Combo("/{id}").Delete(reqToken(), user.DeleteAccessTokenDeprecated) + }, reqBasicAuth()) m.Get("/activities/feeds", user.ListUserActivityFeeds) }, context_service.UserAssignmentAPI()) }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser)) diff --git a/routers/api/v1/user/app.go b/routers/api/v1/user/app.go index 7d8f0ea7c502c..3428d04a121e3 100644 --- a/routers/api/v1/user/app.go +++ b/routers/api/v1/user/app.go @@ -184,6 +184,109 @@ func DeleteAccessToken(ctx *context.APIContext) { ctx.Status(http.StatusNoContent) } +// ListAccessTokens list all the access tokens +func ListAccessTokensDeprecated(ctx *context.APIContext) { + // swagger:operation GET /users/{username}/tokens user userGetTokensDeprecated + // --- + // summary: List the authenticated user's access tokens + // produces: + // - application/json + // parameters: + // - name: username + // in: path + // description: username of user + // type: string + // required: true + // - name: page + // in: query + // description: page number of results to return (1-based) + // type: integer + // - name: limit + // in: query + // description: page size of results + // type: integer + // responses: + // "200": + // "$ref": "#/responses/AccessTokenList" + // "403": + // "$ref": "#/responses/error" + // Deprecated: true + if ctx.Doer != ctx.ContextUser { + ctx.Error(http.StatusForbidden, "ListAccessTokens", errors.New("can only list access tokens for yourself")) + return + } + ListAccessTokens(ctx) +} + +// CreateAccessTokenDeprecated create access tokens +func CreateAccessTokenDeprecated(ctx *context.APIContext) { + // swagger:operation POST /users/{username}/tokens user CreateAccessTokenDeprecated + // --- + // summary: Create an access token + // consumes: + // - application/json + // produces: + // - application/json + // parameters: + // - name: username + // in: path + // description: username of user + // required: true + // type: string + // - name: body + // in: body + // schema: + // "$ref": "#/definitions/CreateAccessTokenOption" + // responses: + // "201": + // "$ref": "#/responses/AccessToken" + // "400": + // "$ref": "#/responses/error" + // "403": + // "$ref": "#/responses/error" + // Deprecated: true + if ctx.Doer != ctx.ContextUser { + ctx.Error(http.StatusForbidden, "", errors.New("Can't create token for another user")) + return + } + CreateAccessToken(ctx) +} + +// DeleteAccessToken delete access tokens +func DeleteAccessTokenDeprecated(ctx *context.APIContext) { + // swagger:operation DELETE /users/{username}/tokens/{token} user userDeleteAccessTokenDeprecated + // --- + // summary: delete an access token + // produces: + // - application/json + // parameters: + // - name: username + // in: path + // description: username of user + // type: string + // required: true + // - name: token + // in: path + // description: token to be deleted, identified by ID and if not available by name + // type: string + // required: true + // responses: + // "204": + // "$ref": "#/responses/empty" + // "403": + // "$ref": "#/responses/error" + // "404": + // "$ref": "#/responses/notFound" + // "422": + // "$ref": "#/responses/error" + // Deprecated: true + if ctx.Doer != ctx.ContextUser { + ctx.Error(http.StatusForbidden, "", "You can only delete your own tokens.") + return + } + DeleteAccessToken(ctx) +} + // CreateOauth2Application is the handler to create a new OAuth2 Application for the authenticated user func CreateOauth2Application(ctx *context.APIContext) { // swagger:operation POST /user/applications/oauth2 user userCreateOAuth2Application diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl index 15c1769d2767f..4a44d229ed990 100644 --- a/templates/swagger/v1_json.tmpl +++ b/templates/swagger/v1_json.tmpl @@ -15766,6 +15766,132 @@ } } }, + "/users/{username}/tokens": { + "get": { + "produces": [ + "application/json" + ], + "tags": [ + "user" + ], + "summary": "List the authenticated user's access tokens", + "operationId": "userGetTokensDeprecated", + "deprecated": true, + "parameters": [ + { + "type": "string", + "description": "username of user", + "name": "username", + "in": "path", + "required": true + }, + { + "type": "integer", + "description": "page number of results to return (1-based)", + "name": "page", + "in": "query" + }, + { + "type": "integer", + "description": "page size of results", + "name": "limit", + "in": "query" + } + ], + "responses": { + "200": { + "$ref": "#/responses/AccessTokenList" + }, + "403": { + "$ref": "#/responses/error" + } + } + }, + "post": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "user" + ], + "summary": "Create an access token", + "operationId": "CreateAccessTokenDeprecated", + "deprecated": true, + "parameters": [ + { + "type": "string", + "description": "username of user", + "name": "username", + "in": "path", + "required": true + }, + { + "name": "body", + "in": "body", + "schema": { + "$ref": "#/definitions/CreateAccessTokenOption" + } + } + ], + "responses": { + "201": { + "$ref": "#/responses/AccessToken" + }, + "400": { + "$ref": "#/responses/error" + }, + "403": { + "$ref": "#/responses/error" + } + } + } + }, + "/users/{username}/tokens/{token}": { + "delete": { + "produces": [ + "application/json" + ], + "tags": [ + "user" + ], + "summary": "delete an access token", + "operationId": "userDeleteAccessTokenDeprecated", + "deprecated": true, + "parameters": [ + { + "type": "string", + "description": "username of user", + "name": "username", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "token to be deleted, identified by ID and if not available by name", + "name": "token", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "$ref": "#/responses/empty" + }, + "403": { + "$ref": "#/responses/error" + }, + "404": { + "$ref": "#/responses/notFound" + }, + "422": { + "$ref": "#/responses/error" + } + } + } + }, "/version": { "get": { "produces": [ From 2c8a8b16b13bba59f140e3ada04a47476e0928d0 Mon Sep 17 00:00:00 2001 From: CaiCandong <1290147055@qq.com> Date: Fri, 4 Aug 2023 17:20:59 +0800 Subject: [PATCH 4/5] fix lint --- routers/api/v1/admin/user.go | 23 +++++++++++------------ templates/swagger/v1_json.tmpl | 4 +++- 2 files changed, 14 insertions(+), 13 deletions(-) diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go index 37c101330102e..fce3b0aef352e 100644 --- a/routers/api/v1/admin/user.go +++ b/routers/api/v1/admin/user.go @@ -14,7 +14,6 @@ import ( "code.gitea.io/gitea/models" asymkey_model "code.gitea.io/gitea/models/asymkey" "code.gitea.io/gitea/models/auth" - auth_model "code.gitea.io/gitea/models/auth" "code.gitea.io/gitea/models/db" user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/modules/auth/password" @@ -558,14 +557,14 @@ func ListAccessTokens(ctx *context.APIContext) { // "200": // "$ref": "#/responses/AccessTokenList" - opts := auth_model.ListAccessTokensOptions{UserID: ctx.ContextUser.ID, ListOptions: utils.GetListOptions(ctx)} + opts := auth.ListAccessTokensOptions{UserID: ctx.ContextUser.ID, ListOptions: utils.GetListOptions(ctx)} - count, err := auth_model.CountAccessTokens(opts) + count, err := auth.CountAccessTokens(opts) if err != nil { ctx.InternalServerError(err) return } - tokens, err := auth_model.ListAccessTokens(opts) + tokens, err := auth.ListAccessTokens(opts) if err != nil { ctx.InternalServerError(err) return @@ -612,12 +611,12 @@ func CreateAccessToken(ctx *context.APIContext) { form := web.GetForm(ctx).(*api.CreateAccessTokenOption) - t := &auth_model.AccessToken{ + t := &auth.AccessToken{ UID: ctx.ContextUser.ID, Name: form.Name, } - exist, err := auth_model.AccessTokenByNameExists(t) + exist, err := auth.AccessTokenByNameExists(t) if err != nil { ctx.InternalServerError(err) return @@ -627,14 +626,14 @@ func CreateAccessToken(ctx *context.APIContext) { return } - scope, err := auth_model.AccessTokenScope(strings.Join(form.Scopes, ",")).Normalize() + scope, err := auth.AccessTokenScope(strings.Join(form.Scopes, ",")).Normalize() if err != nil { ctx.Error(http.StatusBadRequest, "AccessTokenScope.Normalize", fmt.Errorf("invalid access token scope provided: %w", err)) return } t.Scope = scope - if err := auth_model.NewAccessToken(t); err != nil { + if err := auth.NewAccessToken(t); err != nil { ctx.Error(http.StatusInternalServerError, "NewAccessToken", err) return } @@ -648,7 +647,7 @@ func CreateAccessToken(ctx *context.APIContext) { // DeleteAccessToken delete access tokens func DeleteAccessToken(ctx *context.APIContext) { - // swagger:operation DELETE /admin/users/{username}/tokens admin adminDeleteAccessToken + // swagger:operation DELETE /admin/users/{username}/tokens/{token} admin adminDeleteAccessToken // --- // summary: delete an access token of {username} by admin // produces: @@ -676,7 +675,7 @@ func DeleteAccessToken(ctx *context.APIContext) { tokenID, _ := strconv.ParseInt(token, 0, 64) if tokenID == 0 { - tokens, err := auth_model.ListAccessTokens(auth_model.ListAccessTokensOptions{ + tokens, err := auth.ListAccessTokens(auth.ListAccessTokensOptions{ Name: token, UserID: ctx.ContextUser.ID, }) @@ -701,8 +700,8 @@ func DeleteAccessToken(ctx *context.APIContext) { return } - if err := auth_model.DeleteAccessTokenByID(tokenID, ctx.Doer.ID); err != nil { - if auth_model.IsErrAccessTokenNotExist(err) { + if err := auth.DeleteAccessTokenByID(tokenID, ctx.Doer.ID); err != nil { + if auth.IsErrAccessTokenNotExist(err) { ctx.NotFound() } else { ctx.Error(http.StatusInternalServerError, "DeleteAccessTokenByID", err) diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl index 4a44d229ed990..13fdc518011e9 100644 --- a/templates/swagger/v1_json.tmpl +++ b/templates/swagger/v1_json.tmpl @@ -959,7 +959,9 @@ "$ref": "#/responses/error" } } - }, + } + }, + "/admin/users/{username}/tokens/{token}": { "delete": { "produces": [ "application/json" From 0cfbdc88e687aecb99b83df4aa2e0f5985b9b78d Mon Sep 17 00:00:00 2001 From: caicandong <1290147055@qq.com> Date: Thu, 14 Sep 2023 13:19:49 +0800 Subject: [PATCH 5/5] fix --- routers/api/v1/api.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index 0d8acf8540f2b..2ea5506c531ea 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -937,7 +937,7 @@ func Routes() *web.Route { m.Combo("").Get(user.ListAccessTokens). Post(bind(api.CreateAccessTokenOption{}), reqToken(), user.CreateAccessToken) m.Combo("/{id}").Delete(reqToken(), user.DeleteAccessToken) - }, reqBasicAuth()) + }, reqBasicOrRevProxyAuth()) }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser)) // Users (requires user scope) @@ -1494,7 +1494,7 @@ func Routes() *web.Route { }) }, context_service.UserAssignmentAPI()) }) - }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryAdmin), reqBasicAuth(), reqSiteAdmin()) + }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryAdmin), reqBasicOrRevProxyAuth(), reqSiteAdmin()) m.Group("/admin", func() { m.Group("/cron", func() {