From f56b5cb9712f22e092faad1722760f6460e7aab3 Mon Sep 17 00:00:00 2001 From: Vishal Sharma Date: Wed, 13 Dec 2023 17:05:59 +0530 Subject: [PATCH] fix: createPAT method to return id (#4078) Update token expiry validations --- ee/query-service/app/api/pat.go | 13 ++++++++++++- ee/query-service/dao/interface.go | 2 +- ee/query-service/dao/sqlite/pat.go | 17 ++++++++++++----- ee/query-service/model/pat.go | 2 +- 4 files changed, 26 insertions(+), 8 deletions(-) diff --git a/ee/query-service/app/api/pat.go b/ee/query-service/app/api/pat.go index 619c875c8f..b0fcf073a4 100644 --- a/ee/query-service/app/api/pat.go +++ b/ee/query-service/app/api/pat.go @@ -12,6 +12,7 @@ import ( "github.com/gorilla/mux" "go.signoz.io/signoz/ee/query-service/model" "go.signoz.io/signoz/pkg/query-service/auth" + basemodel "go.signoz.io/signoz/pkg/query-service/model" "go.uber.org/zap" ) @@ -47,8 +48,18 @@ func (ah *APIHandler) createPAT(w http.ResponseWriter, r *http.Request) { req.CreatedAt = time.Now().Unix() req.Token = generatePATToken() + // default expiry is 30 days + if req.ExpiresAt == 0 { + req.ExpiresAt = time.Now().AddDate(0, 0, 30).Unix() + } + // max expiry is 1 year + if req.ExpiresAt > time.Now().AddDate(1, 0, 0).Unix() { + req.ExpiresAt = time.Now().AddDate(1, 0, 0).Unix() + } + zap.S().Debugf("Got PAT request: %+v", req) - if apierr := ah.AppDao().CreatePAT(ctx, &req); apierr != nil { + var apierr basemodel.BaseApiError + if req, apierr = ah.AppDao().CreatePAT(ctx, req); apierr != nil { RespondError(w, apierr, nil) return } diff --git a/ee/query-service/dao/interface.go b/ee/query-service/dao/interface.go index 1a8f3b2460..479ca56edc 100644 --- a/ee/query-service/dao/interface.go +++ b/ee/query-service/dao/interface.go @@ -33,7 +33,7 @@ type ModelDao interface { DeleteDomain(ctx context.Context, id uuid.UUID) basemodel.BaseApiError GetDomainByEmail(ctx context.Context, email string) (*model.OrgDomain, basemodel.BaseApiError) - CreatePAT(ctx context.Context, p *model.PAT) basemodel.BaseApiError + CreatePAT(ctx context.Context, p model.PAT) (model.PAT, basemodel.BaseApiError) GetPAT(ctx context.Context, pat string) (*model.PAT, basemodel.BaseApiError) GetPATByID(ctx context.Context, id string) (*model.PAT, basemodel.BaseApiError) GetUserByPAT(ctx context.Context, token string) (*basemodel.UserPayload, basemodel.BaseApiError) diff --git a/ee/query-service/dao/sqlite/pat.go b/ee/query-service/dao/sqlite/pat.go index cc4de546c5..5bd1b78a62 100644 --- a/ee/query-service/dao/sqlite/pat.go +++ b/ee/query-service/dao/sqlite/pat.go @@ -3,14 +3,15 @@ package sqlite import ( "context" "fmt" + "strconv" "go.signoz.io/signoz/ee/query-service/model" basemodel "go.signoz.io/signoz/pkg/query-service/model" "go.uber.org/zap" ) -func (m *modelDao) CreatePAT(ctx context.Context, p *model.PAT) basemodel.BaseApiError { - _, err := m.DB().ExecContext(ctx, +func (m *modelDao) CreatePAT(ctx context.Context, p model.PAT) (model.PAT, basemodel.BaseApiError) { + result, err := m.DB().ExecContext(ctx, "INSERT INTO personal_access_tokens (user_id, token, name, created_at, expires_at) VALUES ($1, $2, $3, $4, $5)", p.UserID, p.Token, @@ -19,9 +20,15 @@ func (m *modelDao) CreatePAT(ctx context.Context, p *model.PAT) basemodel.BaseAp p.ExpiresAt) if err != nil { zap.S().Errorf("Failed to insert PAT in db, err: %v", zap.Error(err)) - return model.InternalError(fmt.Errorf("PAT insertion failed")) + return model.PAT{}, model.InternalError(fmt.Errorf("PAT insertion failed")) } - return nil + id, err := result.LastInsertId() + if err != nil { + zap.S().Errorf("Failed to get last inserted id, err: %v", zap.Error(err)) + return model.PAT{}, model.InternalError(fmt.Errorf("PAT insertion failed")) + } + p.Id = strconv.Itoa(int(id)) + return p, nil } func (m *modelDao) ListPATs(ctx context.Context, userID string) ([]model.PAT, basemodel.BaseApiError) { @@ -90,7 +97,7 @@ func (m *modelDao) GetUserByPAT(ctx context.Context, token string) (*basemodel.U u.org_id, u.group_id FROM users u, personal_access_tokens p - WHERE u.id = p.user_id and p.token=?;` + WHERE u.id = p.user_id and p.token=? and p.expires_at >= strftime('%s', 'now');` if err := m.DB().Select(&users, query, token); err != nil { return nil, model.InternalError(fmt.Errorf("failed to fetch user from PAT, err: %v", err)) diff --git a/ee/query-service/model/pat.go b/ee/query-service/model/pat.go index c22282060b..f320d0be7c 100644 --- a/ee/query-service/model/pat.go +++ b/ee/query-service/model/pat.go @@ -6,5 +6,5 @@ type PAT struct { Token string `json:"token" db:"token"` Name string `json:"name" db:"name"` CreatedAt int64 `json:"createdAt" db:"created_at"` - ExpiresAt int64 `json:"expiresAt" db:"expires_at"` // unused as of now + ExpiresAt int64 `json:"expiresAt" db:"expires_at"` }