sami7777/dashcaddy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3efa5dc3f44b63dbc8c2321d6c4b07e2f9bb1b24
dashcaddy/dashcaddy-api/routes/auth/keys.js

131 lines
4.1 KiB
JavaScript
Raw Blame History

const express = require('express');
module.exports = function(ctx) {
const router = express.Router();
// Helper function to parse expiration strings to milliseconds
function parseExpiration(expStr) {
const match = expStr.match(/^(\d+)([smhdy])$/);
if (!match) return 24 * 60 * 60 * 1000; // default 24h
const value = parseInt(match[1], 10);
const unit = match[2];
const multipliers = {
s: 1000,
m: 60 * 1000,
h: 60 * 60 * 1000,
d: 24 * 60 * 60 * 1000,
y: 365 * 24 * 60 * 60 * 1000,
};
return value * (multipliers[unit] || multipliers.h);
}
// List all API keys
router.get('/auth/keys', ctx.asyncHandler(async (req, res) => {
// Require session authentication (not API key - can't manage keys with key itself)
if (!req.auth || req.auth.type !== 'session') {
return ctx.errorResponse(res, 403, 'API key management requires TOTP session authentication');
}
const keys = await ctx.authManager.listAPIKeys();
res.json({ success: true, keys });
}, 'auth-keys-list'));
// Generate new API key
router.post('/auth/keys', ctx.asyncHandler(async (req, res) => {
// Require session authentication
if (!req.auth || req.auth.type !== 'session') {
return ctx.errorResponse(res, 403, 'API key generation requires TOTP session authentication');
}
const { name, scopes } = req.body;
if (!name || typeof name !== 'string' || name.trim().length === 0) {
return ctx.errorResponse(res, 400, 'API key name is required');
}
// Validate scopes if provided
const validScopes = ['read', 'write', 'admin'];
if (scopes && (!Array.isArray(scopes) || !scopes.every(s => validScopes.includes(s)))) {
return ctx.errorResponse(res, 400, 'Invalid scopes', { validScopes });
}
const keyData = await ctx.authManager.generateAPIKey(
name.trim(),
scopes || ['read', 'write'],
);
res.json({
success: true,
key: keyData.key,
id: keyData.id,
name: keyData.name,
scopes: keyData.scopes,
createdAt: keyData.createdAt,
warning: 'Save this key securely - it will not be shown again',
});
}, 'auth-keys-generate'));
// Revoke API key
router.delete('/auth/keys/:keyId', ctx.asyncHandler(async (req, res) => {
// Require session authentication
if (!req.auth || req.auth.type !== 'session') {
return ctx.errorResponse(res, 403, 'API key revocation requires TOTP session authentication');
}
const { keyId } = req.params;
if (!keyId || typeof keyId !== 'string') {
return ctx.errorResponse(res, 400, 'Key ID is required');
}
const success = await ctx.authManager.revokeAPIKey(keyId);
if (success) {
res.json({ success: true, message: 'API key revoked successfully' });
} else {
const { NotFoundError } = require('../../errors');
throw new NotFoundError('API key');
}
}, 'auth-keys-revoke'));
// Generate JWT from TOTP session
router.post('/auth/jwt', ctx.asyncHandler(async (req, res) => {
// Require session authentication
if (!req.auth || req.auth.type !== 'session') {
return ctx.errorResponse(res, 403, 'JWT generation requires TOTP session authentication');
}
const { expiresIn, userId } = req.body;
// Validate expiresIn format if provided (e.g., '24h', '7d', '1y')
const validExpiresIn = /^(\d+[smhdy])$/.test(expiresIn || '24h');
if (expiresIn && !validExpiresIn) {
return ctx.errorResponse(res, 400, 'Invalid expiresIn format. Use: 60s, 15m, 24h, 7d, 1y');
}
const token = await ctx.authManager.generateJWT(
{
sub: userId || 'dashcaddy-admin',
scope: ['admin'], // Session-generated JWTs have admin scope
},
expiresIn || '24h',
);
// Calculate expiration timestamp
const expiresInMs = parseExpiration(expiresIn || '24h');
const expiresAt = new Date(Date.now() + expiresInMs).toISOString();
res.json({
success: true,
token,
expiresAt,
usage: 'Include in Authorization header as: Bearer <token>',
});
}, 'auth-jwt-generate'));
return router;
};
Reference in New Issue View Git Blame Copy Permalink