API tokens (#201)

* fix: small fixes to request util and version update endpoint

* feat: api token creation and management

* fix: lint

* fix: remove unneeded sidebar component

server/api/v1/admin/token/[id]/index.delete.ts

@@ -0,0 +1,23 @@
+import { APITokenMode } from "~/prisma/client/enums";
+import aclManager from "~/server/internal/acls";
+import prisma from "~/server/internal/db/database";
+
+export default defineEventHandler(async (h3) => {
+  const allowed = await aclManager.allowSystemACL(h3, []); // No ACLs only allows session authentication
+  if (!allowed) throw createError({ statusCode: 403 });
+
+  const id = h3.context.params?.id;
+  if (!id)
+    throw createError({
+      statusCode: 400,
+      statusMessage: "No id in router params",
+    });
+
+  const deleted = await prisma.aPIToken.delete({
+    where: { id: id, mode: APITokenMode.System },
+  })!;
+  if (!deleted)
+    throw createError({ statusCode: 404, statusMessage: "Token not found" });
+
+  return;
+});

server/api/v1/admin/token/acls.get.ts

@@ -0,0 +1,9 @@
+import aclManager from "~/server/internal/acls";
+import { systemACLDescriptions } from "~/server/internal/acls/descriptions";
+
+export default defineEventHandler(async (h3) => {
+  const allowed = await aclManager.allowSystemACL(h3, []); // No ACLs only allows session authentication
+  if (!allowed) throw createError({ statusCode: 403 });
+
+  return systemACLDescriptions;
+});

server/api/v1/admin/token/index.get.ts

@@ -0,0 +1,15 @@
+import { APITokenMode } from "~/prisma/client/enums";
+import aclManager from "~/server/internal/acls";
+import prisma from "~/server/internal/db/database";
+
+export default defineEventHandler(async (h3) => {
+  const allowed = await aclManager.allowSystemACL(h3, []); // No ACLs only allows session authentication
+  if (!allowed) throw createError({ statusCode: 403 });
+
+  const tokens = await prisma.aPIToken.findMany({
+    where: { mode: APITokenMode.System },
+    omit: { token: true },
+  });
+
+  return tokens;
+});

server/api/v1/admin/token/index.post.ts

@@ -0,0 +1,38 @@
+import { type } from "arktype";
+import { APITokenMode } from "~/prisma/client/enums";
+import { readDropValidatedBody, throwingArktype } from "~/server/arktype";
+import aclManager, { systemACLs } from "~/server/internal/acls";
+import prisma from "~/server/internal/db/database";
+
+const CreateToken = type({
+  name: "string",
+  acls: "string[] > 0",
+  expiry: "string.date.iso.parse?",
+}).configure(throwingArktype);
+
+export default defineEventHandler(async (h3) => {
+  const allowed = await aclManager.allowSystemACL(h3, []); // No ACLs only allows session authentication
+  if (!allowed) throw createError({ statusCode: 403 });
+
+  const body = await readDropValidatedBody(h3, CreateToken);
+
+  const invalidACLs = body.acls.filter(
+    (e) => systemACLs.findIndex((v) => e == v) == -1,
+  );
+  if (invalidACLs.length > 0)
+    throw createError({
+      statusCode: 400,
+      statusMessage: `Invalid ACLs: ${invalidACLs.join(", ")}`,
+    });
+
+  const token = await prisma.aPIToken.create({
+    data: {
+      mode: APITokenMode.System,
+      name: body.name,
+      acls: body.acls,
+      expiresAt: body.expiry ?? null,
+    },
+  });
+
+  return token;
+});