Merge branch 'develop' into redistributable

server/api/v1/admin/game/[id]/index.get.ts

@@ -24,16 +24,8 @@ export default defineEventHandler(async (h3) => {
             versionIndex: "asc",
           },
         },
-        select: {
-          versionId: true,
-          versionName: true,
-          platform: true,
-          gameVersion: {
-            select: {
-              versionIndex: true,
-              delta: true,
-            },
-          },
+        omit: {
+          dropletManifest: true,
         },
       },
       tags: true,

server/api/v1/admin/token/[id]/index.delete.ts

@@ -0,0 +1,23 @@
+import { APITokenMode } from "~/prisma/client/enums";
+import aclManager from "~/server/internal/acls";
+import prisma from "~/server/internal/db/database";
+
+export default defineEventHandler(async (h3) => {
+  const allowed = await aclManager.allowSystemACL(h3, []); // No ACLs only allows session authentication
+  if (!allowed) throw createError({ statusCode: 403 });
+
+  const id = h3.context.params?.id;
+  if (!id)
+    throw createError({
+      statusCode: 400,
+      statusMessage: "No id in router params",
+    });
+
+  const deleted = await prisma.aPIToken.delete({
+    where: { id: id, mode: APITokenMode.System },
+  })!;
+  if (!deleted)
+    throw createError({ statusCode: 404, statusMessage: "Token not found" });
+
+  return;
+});

server/api/v1/admin/token/acls.get.ts

@@ -0,0 +1,9 @@
+import aclManager from "~/server/internal/acls";
+import { systemACLDescriptions } from "~/server/internal/acls/descriptions";
+
+export default defineEventHandler(async (h3) => {
+  const allowed = await aclManager.allowSystemACL(h3, []); // No ACLs only allows session authentication
+  if (!allowed) throw createError({ statusCode: 403 });
+
+  return systemACLDescriptions;
+});

server/api/v1/admin/token/index.get.ts

@@ -0,0 +1,15 @@
+import { APITokenMode } from "~/prisma/client/enums";
+import aclManager from "~/server/internal/acls";
+import prisma from "~/server/internal/db/database";
+
+export default defineEventHandler(async (h3) => {
+  const allowed = await aclManager.allowSystemACL(h3, []); // No ACLs only allows session authentication
+  if (!allowed) throw createError({ statusCode: 403 });
+
+  const tokens = await prisma.aPIToken.findMany({
+    where: { mode: APITokenMode.System },
+    omit: { token: true },
+  });
+
+  return tokens;
+});

server/api/v1/admin/token/index.post.ts

@@ -0,0 +1,38 @@
+import { type } from "arktype";
+import { APITokenMode } from "~/prisma/client/enums";
+import { readDropValidatedBody, throwingArktype } from "~/server/arktype";
+import aclManager, { systemACLs } from "~/server/internal/acls";
+import prisma from "~/server/internal/db/database";
+
+const CreateToken = type({
+  name: "string",
+  acls: "string[] > 0",
+  expiry: "string.date.iso.parse?",
+}).configure(throwingArktype);
+
+export default defineEventHandler(async (h3) => {
+  const allowed = await aclManager.allowSystemACL(h3, []); // No ACLs only allows session authentication
+  if (!allowed) throw createError({ statusCode: 403 });
+
+  const body = await readDropValidatedBody(h3, CreateToken);
+
+  const invalidACLs = body.acls.filter(
+    (e) => systemACLs.findIndex((v) => e == v) == -1,
+  );
+  if (invalidACLs.length > 0)
+    throw createError({
+      statusCode: 400,
+      statusMessage: `Invalid ACLs: ${invalidACLs.join(", ")}`,
+    });
+
+  const token = await prisma.aPIToken.create({
+    data: {
+      mode: APITokenMode.System,
+      name: body.name,
+      acls: body.acls,
+      expiresAt: body.expiry ?? null,
+    },
+  });
+
+  return token;
+});

server/api/v1/admin/users/[id]/index.get.ts

@@ -15,7 +15,7 @@ export default defineEventHandler(async (h3) => {
   if (userId == "system")
     throw createError({
       statusCode: 400,
-      statusMessage: "Cannot delete system user.",
+      statusMessage: "Cannot fetch system user.",
     });
 
   const user = await prisma.user.findUnique({ where: { id: userId } });

server/api/v1/token.get.ts

@@ -0,0 +1,6 @@
+import aclManager from "~/server/internal/acls";
+
+export default defineEventHandler(async (h3) => {
+  const acls = await aclManager.fetchAllACLs(h3);
+  return acls;
+});

server/api/v1/user/token/index.post.ts

@@ -1,30 +1,22 @@
+import { type } from "arktype";
 import { APITokenMode } from "~/prisma/client/enums";
+import { readDropValidatedBody, throwingArktype } from "~/server/arktype";
 import aclManager, { userACLs } from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 
+const CreateToken = type({
+  name: "string",
+  acls: "string[] > 0",
+  expiry: "string.date.iso.parse?",
+}).configure(throwingArktype);
+
 export default defineEventHandler(async (h3) => {
   const userId = await aclManager.getUserIdACL(h3, []); // No ACLs only allows session authentication
   if (!userId) throw createError({ statusCode: 403 });
 
-  const body = await readBody(h3);
-  const name: string = body.name;
-  const acls: string[] = body.acls;
+  const body = await readDropValidatedBody(h3, CreateToken);
 
-  if (!name || typeof name !== "string")
-    throw createError({
-      statusCode: 400,
-      statusMessage: "Token name required",
-    });
-  if (!acls || !Array.isArray(acls))
-    throw createError({ statusCode: 400, statusMessage: "ACLs required" });
-
-  if (acls.length == 0)
-    throw createError({
-      statusCode: 400,
-      statusMessage: "Token requires more than zero ACLs",
-    });
-
-  const invalidACLs = acls.filter(
+  const invalidACLs = body.acls.filter(
     (e) => userACLs.findIndex((v) => e == v) == -1,
   );
   if (invalidACLs.length > 0)
@@ -36,9 +28,10 @@ export default defineEventHandler(async (h3) => {
   const token = await prisma.aPIToken.create({
     data: {
       mode: APITokenMode.User,
-      name: name,
+      name: body.name,
       userId: userId,
-      acls: acls,
+      acls: body.acls,
+      expiresAt: body.expiry ?? null,
     },
   });