fix: create PAT not null error (#4613)

* fix: create PAT not null error allow all admins to view all pats * fix: allow revoking of token by all admin users
2025-08-10 07:09:00 +08:00 · 2024-02-28 17:37:30 +05:30 · 2024-02-28 17:37:30 +05:30 · fe0ba5e3ba
commit fe0ba5e3ba
parent 8add13743a
3 changed files with 9 additions and 18 deletions
--- a/ee/query-service/app/api/pat.go
+++ b/ee/query-service/app/api/pat.go
@ -136,7 +136,7 @@ func (ah *APIHandler) getPATs(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	zap.S().Infof("Get PATs for user: %+v", user.Id)
-	pats, apierr := ah.AppDao().ListPATs(ctx, user.Id)
+	pats, apierr := ah.AppDao().ListPATs(ctx)
 	if apierr != nil {
 		RespondError(w, apierr, nil)
 		return
@ -155,18 +155,7 @@ func (ah *APIHandler) revokePAT(w http.ResponseWriter, r *http.Request) {
 		}, nil)
 		return
 	}
-	pat, apierr := ah.AppDao().GetPATByID(ctx, id)
-	if apierr != nil {
-		RespondError(w, apierr, nil)
-		return
-	}
-	if pat.UserID != user.Id {
-		RespondError(w, &model.ApiError{
-			Typ: model.ErrorUnauthorized,
-			Err: fmt.Errorf("unauthorized PAT revoke request"),
-		}, nil)
-		return
-	}
+
 	zap.S().Debugf("Revoke PAT with id: %+v", id)
 	if apierr := ah.AppDao().RevokePAT(ctx, id, user.Id); apierr != nil {
 		RespondError(w, apierr, nil)
--- a/ee/query-service/dao/interface.go
+++ b/ee/query-service/dao/interface.go
@ -39,6 +39,6 @@ type ModelDao interface {
 	UpdatePATLastUsed(ctx context.Context, pat string, lastUsed int64) basemodel.BaseApiError
 	GetPATByID(ctx context.Context, id string) (*model.PAT, basemodel.BaseApiError)
 	GetUserByPAT(ctx context.Context, token string) (*basemodel.UserPayload, basemodel.BaseApiError)
-	ListPATs(ctx context.Context, userID string) ([]model.PAT, basemodel.BaseApiError)
+	ListPATs(ctx context.Context) ([]model.PAT, basemodel.BaseApiError)
 	RevokePAT(ctx context.Context, id string, userID string) basemodel.BaseApiError
 }
--- a/ee/query-service/dao/sqlite/pat.go
+++ b/ee/query-service/dao/sqlite/pat.go
@ -13,7 +13,7 @@ import (

 func (m *modelDao) CreatePAT(ctx context.Context, p model.PAT) (model.PAT, basemodel.BaseApiError) {
 	result, err := m.DB().ExecContext(ctx,
-		"INSERT INTO personal_access_tokens (user_id, token, role, name, created_at, expires_at, updated_at, updated_by_user_id) VALUES ($1, $2, $3, $4, $5, $6, $7, $8)",
+		"INSERT INTO personal_access_tokens (user_id, token, role, name, created_at, expires_at, updated_at, updated_by_user_id, last_used, revoked) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)",
 		p.UserID,
 		p.Token,
 		p.Role,
@ -22,6 +22,8 @@ func (m *modelDao) CreatePAT(ctx context.Context, p model.PAT) (model.PAT, basem
 		p.ExpiresAt,
 		p.UpdatedAt,
 		p.UpdatedByUserID,
+		p.LastUsed,
+		p.Revoked,
 	)
 	if err != nil {
 		zap.S().Errorf("Failed to insert PAT in db, err: %v", zap.Error(err))
@ -78,11 +80,11 @@ func (m *modelDao) UpdatePATLastUsed(ctx context.Context, token string, lastUsed
 	return nil
 }

-func (m *modelDao) ListPATs(ctx context.Context, userID string) ([]model.PAT, basemodel.BaseApiError) {
+func (m *modelDao) ListPATs(ctx context.Context) ([]model.PAT, basemodel.BaseApiError) {
 	pats := []model.PAT{}

-	if err := m.DB().Select(&pats, `SELECT * FROM personal_access_tokens WHERE user_id=? and revoked=false ORDER by updated_at DESC;`, userID); err != nil {
-		zap.S().Errorf("Failed to fetch PATs for user: %s, err: %v", userID, zap.Error(err))
+	if err := m.DB().Select(&pats, "SELECT * FROM personal_access_tokens WHERE revoked=false ORDER by updated_at DESC;"); err != nil {
+		zap.S().Errorf("Failed to fetch PATs err: %v", zap.Error(err))
 		return nil, model.InternalError(fmt.Errorf("failed to fetch PATs"))
 	}
 	for i := range pats {