diff --git a/ee/query-service/app/api/pat.go b/ee/query-service/app/api/pat.go index 49ed36f092..ea43f47fb0 100644 --- a/ee/query-service/app/api/pat.go +++ b/ee/query-service/app/api/pat.go @@ -136,7 +136,7 @@ func (ah *APIHandler) getPATs(w http.ResponseWriter, r *http.Request) { return } zap.S().Infof("Get PATs for user: %+v", user.Id) - pats, apierr := ah.AppDao().ListPATs(ctx, user.Id) + pats, apierr := ah.AppDao().ListPATs(ctx) if apierr != nil { RespondError(w, apierr, nil) return @@ -155,18 +155,7 @@ func (ah *APIHandler) revokePAT(w http.ResponseWriter, r *http.Request) { }, nil) return } - pat, apierr := ah.AppDao().GetPATByID(ctx, id) - if apierr != nil { - RespondError(w, apierr, nil) - return - } - if pat.UserID != user.Id { - RespondError(w, &model.ApiError{ - Typ: model.ErrorUnauthorized, - Err: fmt.Errorf("unauthorized PAT revoke request"), - }, nil) - return - } + zap.S().Debugf("Revoke PAT with id: %+v", id) if apierr := ah.AppDao().RevokePAT(ctx, id, user.Id); apierr != nil { RespondError(w, apierr, nil) diff --git a/ee/query-service/dao/interface.go b/ee/query-service/dao/interface.go index 78155bc23a..695ff860a0 100644 --- a/ee/query-service/dao/interface.go +++ b/ee/query-service/dao/interface.go @@ -39,6 +39,6 @@ type ModelDao interface { UpdatePATLastUsed(ctx context.Context, pat string, lastUsed int64) basemodel.BaseApiError GetPATByID(ctx context.Context, id string) (*model.PAT, basemodel.BaseApiError) GetUserByPAT(ctx context.Context, token string) (*basemodel.UserPayload, basemodel.BaseApiError) - ListPATs(ctx context.Context, userID string) ([]model.PAT, basemodel.BaseApiError) + ListPATs(ctx context.Context) ([]model.PAT, basemodel.BaseApiError) RevokePAT(ctx context.Context, id string, userID string) basemodel.BaseApiError } diff --git a/ee/query-service/dao/sqlite/pat.go b/ee/query-service/dao/sqlite/pat.go index a1752ea238..b2af1640c3 100644 --- a/ee/query-service/dao/sqlite/pat.go +++ b/ee/query-service/dao/sqlite/pat.go @@ -13,7 +13,7 @@ import ( func (m *modelDao) CreatePAT(ctx context.Context, p model.PAT) (model.PAT, basemodel.BaseApiError) { result, err := m.DB().ExecContext(ctx, - "INSERT INTO personal_access_tokens (user_id, token, role, name, created_at, expires_at, updated_at, updated_by_user_id) VALUES ($1, $2, $3, $4, $5, $6, $7, $8)", + "INSERT INTO personal_access_tokens (user_id, token, role, name, created_at, expires_at, updated_at, updated_by_user_id, last_used, revoked) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)", p.UserID, p.Token, p.Role, @@ -22,6 +22,8 @@ func (m *modelDao) CreatePAT(ctx context.Context, p model.PAT) (model.PAT, basem p.ExpiresAt, p.UpdatedAt, p.UpdatedByUserID, + p.LastUsed, + p.Revoked, ) if err != nil { zap.S().Errorf("Failed to insert PAT in db, err: %v", zap.Error(err)) @@ -78,11 +80,11 @@ func (m *modelDao) UpdatePATLastUsed(ctx context.Context, token string, lastUsed return nil } -func (m *modelDao) ListPATs(ctx context.Context, userID string) ([]model.PAT, basemodel.BaseApiError) { +func (m *modelDao) ListPATs(ctx context.Context) ([]model.PAT, basemodel.BaseApiError) { pats := []model.PAT{} - if err := m.DB().Select(&pats, `SELECT * FROM personal_access_tokens WHERE user_id=? and revoked=false ORDER by updated_at DESC;`, userID); err != nil { - zap.S().Errorf("Failed to fetch PATs for user: %s, err: %v", userID, zap.Error(err)) + if err := m.DB().Select(&pats, "SELECT * FROM personal_access_tokens WHERE revoked=false ORDER by updated_at DESC;"); err != nil { + zap.S().Errorf("Failed to fetch PATs err: %v", zap.Error(err)) return nil, model.InternalError(fmt.Errorf("failed to fetch PATs")) } for i := range pats {