✨ Revoke JWT on update/delete

package.json

@@ -1,6 +1,6 @@
 {
   "name": "staart-manager",
-  "version": "1.0.81",
+  "version": "1.0.82",
   "main": "index.js",
   "repository": "[email protected]:AnandChowdhary/staart.git",
   "author": "Anand Chowdhary <[email protected]>",

setup/internal/staart-version

@@ -1 +1 @@
-1.0.81
+1.0.82

src/crud/organization.ts

@@ -12,7 +12,7 @@ import { cachedQuery, deleteItemFromCache } from "../helpers/cache";
 import { CacheCategories, ErrorCode } from "../interfaces/enum";
 import { ApiKey } from "../interfaces/tables/organization";
 import { getPaginatedData } from "./data";
-import { apiKeyToken } from "../helpers/jwt";
+import { apiKeyToken, invalidateToken } from "../helpers/jwt";
 import { TOKEN_EXPIRY_API_KEY_MAX } from "../config";
 
 /*
@@ -164,6 +164,7 @@ export const updateApiKey = async (
   data.updatedAt = new Date();
   data = removeReadOnlyValues(data);
   const apiKey = await getApiKey(organizationId, apiKeyId);
+  if (apiKey.jwtApiKey) await invalidateToken(apiKey.jwtApiKey);
   data.jwtApiKey = await apiKeyToken({ ...apiKey, ...data });
   deleteItemFromCache(CacheCategories.API_KEY, apiKeyId);
   deleteItemFromCache(
@@ -190,6 +191,8 @@ export const deleteApiKey = async (
     CacheCategories.API_KEY_ORG,
     `${organizationId}_${apiKeyId}`
   );
+  const currentApiKey = await getApiKey(organizationId, apiKeyId);
+  if (currentApiKey.jwtApiKey) await invalidateToken(currentApiKey.jwtApiKey);
   return await query(
     `DELETE FROM ${tableName(
       "api-keys"

src/helpers/middleware.ts

@@ -96,7 +96,7 @@ export const authHandler = async (
   next: NextFunction
 ) => {
   try {
-    let userJwt = req.get("Authorization") as string;
+    let userJwt = req.get("Authorization");
     if (userJwt) {
       if (userJwt.startsWith("Bearer "))
         userJwt = userJwt.replace("Bearer ", "");
@@ -108,31 +108,32 @@ export const authHandler = async (
       if (userToken) res.locals.token = userToken;
     }
 
-    let apiKeyJwt = req.get("X-Api-Key") as string;
+    let apiKeyJwt = req.get("X-Api-Key");
     if (apiKeyJwt) {
       if (apiKeyJwt.startsWith("Bearer "))
         apiKeyJwt = apiKeyJwt.replace("Bearer ", "");
       const apiKeyToken = (await verifyToken(
         apiKeyJwt,
         Tokens.API_KEY
       )) as ApiKeyResponse;
-      const referrerDomain = new URL(req.get("Origin") as string).hostname;
       await checkInvalidatedToken(apiKeyJwt);
       checkIpRestrictions(apiKeyToken, res.locals);
-      checkReferrerRestrictions(apiKeyToken, referrerDomain);
-      if (apiKeyToken.referrerRestrictions) {
-        if (
-          includesDomainInCommaList(
-            apiKeyToken.referrerRestrictions,
-            referrerDomain
-          )
-        ) {
-          res.setHeader("Access-Control-Allow-Origin", req.get(
-            "Origin"
-          ) as string);
+      const origin = req.get("Origin");
+      if (origin) {
+        const referrerDomain = new URL(origin).hostname;
+        checkReferrerRestrictions(apiKeyToken, referrerDomain);
+        if (apiKeyToken.referrerRestrictions) {
+          if (
+            includesDomainInCommaList(
+              apiKeyToken.referrerRestrictions,
+              referrerDomain
+            )
+          ) {
+            res.setHeader("Access-Control-Allow-Origin", origin);
+          }
+        } else {
+          res.setHeader("Access-Control-Allow-Origin", "*");
         }
-      } else {
-        res.setHeader("Access-Control-Allow-Origin", "*");
       }
       if (apiKeyToken && !res.locals.token) res.locals.token = apiKeyToken;
     }

src/rest/membership.ts

@@ -10,10 +10,10 @@ import {
   updateMembership
 } from "../crud/membership";
 import { User } from "../interfaces/tables/user";
-import { ApiKey } from "../interfaces/tables/organization";
 import { register } from "./auth";
 import { can } from "../helpers/authorization";
 import { Locals, KeyValue } from "../interfaces/general";
+import { ApiKeyResponse } from "../helpers/jwt";
 
 export const getMembershipDetailsForUser = async (
   userId: number,
@@ -25,7 +25,7 @@ export const getMembershipDetailsForUser = async (
 };
 
 export const inviteMemberToOrganization = async (
-  userId: number | ApiKey,
+  userId: number | ApiKeyResponse,
   organizationId: number,
   newMemberName: string,
   newMemberEmail: string,
@@ -72,7 +72,7 @@ export const inviteMemberToOrganization = async (
 };
 
 export const deleteMembershipForUser = async (
-  tokenUserId: number | ApiKey,
+  tokenUserId: number | ApiKeyResponse,
   membershipId: number,
   locals: Locals
 ) => {
@@ -97,7 +97,7 @@ export const deleteMembershipForUser = async (
 };
 
 export const updateMembershipForUser = async (
-  userId: number | ApiKey,
+  userId: number | ApiKeyResponse,
   membershipId: number,
   data: KeyValue,
   locals: Locals

src/rest/organization.ts

@@ -50,11 +50,11 @@ import {
   createStripeSubscription
 } from "../crud/billing";
 import { getUser } from "../crud/user";
-import { ApiKey } from "../interfaces/tables/organization";
 import { getUserPrimaryEmail } from "../crud/email";
+import { ApiKeyResponse } from "../helpers/jwt";
 
 export const getOrganizationForUser = async (
-  userId: number | ApiKey,
+  userId: number | ApiKeyResponse,
   organizationId: number
 ) => {
   if (await can(userId, Authorizations.READ, "organization", organizationId))
@@ -95,7 +95,7 @@ export const newOrganizationForUser = async (
 };
 
 export const updateOrganizationForUser = async (
-  userId: number | ApiKey,
+  userId: number | ApiKeyResponse,
   organizationId: number,
   data: Organization,
   locals: Locals
@@ -110,7 +110,7 @@ export const updateOrganizationForUser = async (
 };
 
 export const deleteOrganizationForUser = async (
-  userId: number | ApiKey,
+  userId: number | ApiKeyResponse,
   organizationId: number,
   locals: Locals
 ) => {
@@ -128,7 +128,7 @@ export const deleteOrganizationForUser = async (
 };
 
 export const getOrganizationBillingForUser = async (
-  userId: number | ApiKey,
+  userId: number | ApiKeyResponse,
   organizationId: number
 ) => {
   if (await can(userId, Authorizations.READ, "organization", organizationId)) {
@@ -141,7 +141,7 @@ export const getOrganizationBillingForUser = async (
 };
 
 export const updateOrganizationBillingForUser = async (
-  userId: number | ApiKey,
+  userId: number | ApiKeyResponse,
   organizationId: number,
   data: any,
   locals: Locals
@@ -160,7 +160,7 @@ export const updateOrganizationBillingForUser = async (
 };
 
 export const getOrganizationInvoicesForUser = async (
-  userId: number | ApiKey,
+  userId: number | ApiKeyResponse,
   organizationId: number,
   params: KeyValue
 ) => {
@@ -174,7 +174,7 @@ export const getOrganizationInvoicesForUser = async (
 };
 
 export const getOrganizationInvoiceForUser = async (
-  userId: number | ApiKey,
+  userId: number | ApiKeyResponse,
   organizationId: number,
   invoiceId: string
 ) => {
@@ -188,7 +188,7 @@ export const getOrganizationInvoiceForUser = async (
 };
 
 export const getOrganizationSourcesForUser = async (
-  userId: number | ApiKey,
+  userId: number | ApiKeyResponse,
   organizationId: number,
   params: KeyValue
 ) => {
@@ -202,7 +202,7 @@ export const getOrganizationSourcesForUser = async (
 };
 
 export const getOrganizationSourceForUser = async (
-  userId: number | ApiKey,
+  userId: number | ApiKeyResponse,
   organizationId: number,
   sourceId: string
 ) => {
@@ -216,7 +216,7 @@ export const getOrganizationSourceForUser = async (
 };
 
 export const getOrganizationSubscriptionsForUser = async (
-  userId: number | ApiKey,
+  userId: number | ApiKeyResponse,
   organizationId: number,
   params: KeyValue
 ) => {
@@ -233,7 +233,7 @@ export const getOrganizationSubscriptionsForUser = async (
 };
 
 export const getOrganizationSubscriptionForUser = async (
-  userId: number | ApiKey,
+  userId: number | ApiKeyResponse,
   organizationId: number,
   subscriptionId: string
 ) => {
@@ -250,7 +250,7 @@ export const getOrganizationSubscriptionForUser = async (
 };
 
 export const updateOrganizationSubscriptionForUser = async (
-  userId: number | ApiKey,
+  userId: number | ApiKeyResponse,
   organizationId: number,
   subscriptionId: string,
   data: KeyValue
@@ -269,7 +269,7 @@ export const updateOrganizationSubscriptionForUser = async (
 };
 
 export const createOrganizationSubscriptionForUser = async (
-  userId: number | ApiKey,
+  userId: number | ApiKeyResponse,
   organizationId: number,
   params: { plan: string; [index: string]: any }
 ) => {
@@ -286,7 +286,7 @@ export const createOrganizationSubscriptionForUser = async (
 };
 
 export const getOrganizationPricingPlansForUser = async (
-  userId: number | ApiKey,
+  userId: number | ApiKeyResponse,
   organizationId: number,
   productId: string
 ) => {
@@ -296,7 +296,7 @@ export const getOrganizationPricingPlansForUser = async (
 };
 
 export const deleteOrganizationSourceForUser = async (
-  userId: number | ApiKey,
+  userId: number | ApiKeyResponse,
   organizationId: number,
   sourceId: string
 ) => {
@@ -310,7 +310,7 @@ export const deleteOrganizationSourceForUser = async (
 };
 
 export const updateOrganizationSourceForUser = async (
-  userId: number | ApiKey,
+  userId: number | ApiKeyResponse,
   organizationId: number,
   sourceId: string,
   data: any
@@ -331,7 +331,7 @@ export const updateOrganizationSourceForUser = async (
 };
 
 export const createOrganizationSourceForUser = async (
-  userId: number | ApiKey,
+  userId: number | ApiKeyResponse,
   organizationId: number,
   card: any
 ) => {
@@ -347,7 +347,7 @@ export const createOrganizationSourceForUser = async (
 };
 
 export const getAllOrganizationDataForUser = async (
-  userId: number | ApiKey,
+  userId: number | ApiKeyResponse,
   organizationId: number
 ) => {
   if (
@@ -388,7 +388,7 @@ export const getAllOrganizationDataForUser = async (
 };
 
 export const getOrganizationRecentEventsForUser = async (
-  userId: number | ApiKey,
+  userId: number | ApiKeyResponse,
   organizationId: number
 ) => {
   if (await can(userId, Authorizations.READ, "organization", organizationId))
@@ -397,7 +397,7 @@ export const getOrganizationRecentEventsForUser = async (
 };
 
 export const getOrganizationMembershipsForUser = async (
-  userId: number | ApiKey,
+  userId: number | ApiKeyResponse,
   organizationId: number,
   query?: KeyValue
 ) => {
@@ -407,7 +407,7 @@ export const getOrganizationMembershipsForUser = async (
 };
 
 export const getOrganizationApiKeysForUser = async (
-  userId: number | ApiKey,
+  userId: number | ApiKeyResponse,
   organizationId: number,
   query: KeyValue
 ) => {
@@ -424,7 +424,7 @@ export const getOrganizationApiKeysForUser = async (
 };
 
 export const getOrganizationApiKeyForUser = async (
-  userId: number | ApiKey,
+  userId: number | ApiKeyResponse,
   organizationId: number,
   apiKeyId: number
 ) => {
@@ -441,7 +441,7 @@ export const getOrganizationApiKeyForUser = async (
 };
 
 export const updateApiKeyForUser = async (
-  userId: number | ApiKey,
+  userId: number | ApiKeyResponse,
   organizationId: number,
   apiKeyId: number,
   data: KeyValue,
@@ -462,7 +462,7 @@ export const updateApiKeyForUser = async (
 };
 
 export const createApiKeyForUser = async (
-  userId: number | ApiKey,
+  userId: number | ApiKeyResponse,
   organizationId: number,
   apiKey: KeyValue,
   locals: Locals
@@ -482,7 +482,7 @@ export const createApiKeyForUser = async (
 };
 
 export const deleteApiKeyForUser = async (
-  userId: number | ApiKey,
+  userId: number | ApiKeyResponse,
   organizationId: number,
   apiKeyId: number,
   locals: Locals