From 0dfae21005190e4e2571e05154af98592444344a Mon Sep 17 00:00:00 2001
From: Alice Gaudon <alice@gaudon.pro>
Date: Mon, 29 Mar 2021 12:55:20 +0200
Subject: [PATCH] Move auth tokens to dedicated page

---
 src/controllers/AuthTokenController.ts        | 12 +++
 .../{desktop-utility.njk => auth-tokens.njk}  | 96 ++++++++++---------
 views/layouts/base.njk                        |  1 +
 3 files changed, 65 insertions(+), 44 deletions(-)
 rename views/{desktop-utility.njk => auth-tokens.njk} (94%)

diff --git a/src/controllers/AuthTokenController.ts b/src/controllers/AuthTokenController.ts
index 837e15b..a452283 100644
--- a/src/controllers/AuthTokenController.ts
+++ b/src/controllers/AuthTokenController.ts
@@ -3,13 +3,25 @@ import {RequireAuthMiddleware} from "swaf/auth/AuthComponent";
 import {Request, Response} from "express";
 import AuthToken from "../models/AuthToken";
 import {BadRequestError, ForbiddenHttpError, NotFoundHttpError} from "swaf/HttpError";
+import config from "config";
 
 export default class AuthTokenController extends Controller {
     public routes(): void {
+        this.get('/auth-tokens', this.getAuthTokens, 'auth-tokens', RequireAuthMiddleware);
         this.post('/gen-auth-token', this.postGenAuthToken, 'generate-token', RequireAuthMiddleware);
         this.post('/revoke-auth-token/:id', this.postRevokeAuthToken, 'revoke-token', RequireAuthMiddleware);
     }
 
+    public async getAuthTokens(req: Request, res: Response): Promise<void> {
+        const allowedDomains = config.get<string[]>('allowed_url_domains');
+        const user = req.as(RequireAuthMiddleware).getUser();
+        res.render('auth-tokens', {
+            allowed_domains: allowedDomains,
+            default_domain: allowedDomains[config.get<number>('default_url_domain_for_files')],
+            auth_tokens: await AuthToken.select().where('user_id', user.id).get(),
+        });
+    }
+
     protected async postGenAuthToken(req: Request, res: Response): Promise<void> {
         const user = req.as(RequireAuthMiddleware).getUser();
         const authToken = AuthToken.create({
diff --git a/views/desktop-utility.njk b/views/auth-tokens.njk
similarity index 94%
rename from views/desktop-utility.njk
rename to views/auth-tokens.njk
index 55760a5..eb18a2b 100644
--- a/views/desktop-utility.njk
+++ b/views/auth-tokens.njk
@@ -1,4 +1,53 @@
+{% extends 'layouts/base.njk' %}
+
+{% set title = app.name + ' - Auth tokens' %}
+
+{% block body %}
 <div class="container">
+    <section class="panel">
+        <h2><i data-feather="key"></i> Auth tokens</h2>
+        <form action="{{ route('generate-token') }}" method="POST">
+            {{ macros.csrf(getCsrfToken) }}
+
+            <button type="submit"><i data-feather="plus"></i> Generate a new token</button>
+        </form>
+
+        <table class="data-table">
+            <thead>
+            <tr>
+                <th>#</th>
+                <th class="table-col-grow">Secret</th>
+                <th>Created at</th>
+                <th>Last used at</th>
+                <th>Actions</th>
+            </tr>
+            </thead>
+
+            <tbody>
+            {% for token in auth_tokens %}
+                <tr>
+                    <td>{{ token.id }}</td>
+                    <td>
+                        <div class="copyable-text">
+                            <div class="content">{{ token.secret }}</div>
+                            <button class="copy-button"><i data-feather="copy"></i></button>
+                        </div>
+                    </td>
+                    <td>{{ token.created_at.toISOString() }}</td>
+                    <td>{{ token.used_at.toISOString() }}</td>
+                    <td class="actions">
+                        <form action="{{ route('revoke-token', token.id) }}" method="POST">
+                            <button class="button danger"><i data-feather="trash"></i> <span class="tip">Revoke</span></button>
+                            {{ macros.csrf(getCsrfToken) }}
+                        </form>
+                    </td>
+                </tr>
+            {% endfor %}
+            </tbody>
+        </table>
+    </section>
+
+
     <section class="panel">
         <h2><i data-feather="tool"></i> Setup a desktop utility</h2>
         <p>There may be a desktop client at some point. For now, if you're an advanced user, you can setup
@@ -32,8 +81,8 @@
             <p>Examples:</p>
             <pre>upload_file.sh path/to/file</pre>
             <pre>upload_file.sh path/to/file my_very_important_file.png</pre>
-            <pre>shrink_url.sh https://gitlab.com/ArisuOngaku/ilyli</pre>
-            <pre>shrink_url.sh https://gitlab.com/ArisuOngaku/ilyli repo</pre>
+            <pre>shrink_url.sh https://eternae.ink/ashpie/ily.li</pre>
+            <pre>shrink_url.sh https://eternae.ink/ashpie/ily.li repo</pre>
         </section>
 
         <hr>
@@ -114,46 +163,5 @@
             <p>For examples with curl, please download and review the scripts above.</p>
         </section>
     </section>
-
-    <section class="panel">
-        <h2><i data-feather="key"></i> Auth tokens</h2>
-        <form action="{{ route('generate-token') }}" method="POST">
-            {{ macros.csrf(getCsrfToken) }}
-
-            <button type="submit"><i data-feather="plus"></i> Generate a new token</button>
-        </form>
-
-        <table class="data-table">
-            <thead>
-            <tr>
-                <th>#</th>
-                <th class="table-col-grow">Secret</th>
-                <th>Created at</th>
-                <th>Last used at</th>
-                <th>Actions</th>
-            </tr>
-            </thead>
-
-            <tbody>
-            {% for token in auth_tokens %}
-                <tr>
-                    <td>{{ token.id }}</td>
-                    <td>
-                        <div class="copyable-text">
-                            <div class="content">{{ token.secret }}</div>
-                            <button class="copy-button"><i data-feather="copy"></i></button>
-                        </div>
-                    </td>
-                    <td>{{ token.created_at.toISOString() }}</td>
-                    <td>{{ token.used_at.toISOString() }}</td>
-                    <td class="actions">
-                        <form action="{{ route('revoke-token', token.id) }}" method="POST">
-                            <button class="button danger"><i data-feather="trash"></i> <span class="tip">Revoke</span></button>
-                        </form>
-                    </td>
-                </tr>
-            {% endfor %}
-            </tbody>
-        </table>
-    </section>
 </div>
+{% endblock %}
diff --git a/views/layouts/base.njk b/views/layouts/base.njk
index 7ae68a8..5f377c0 100644
--- a/views/layouts/base.njk
+++ b/views/layouts/base.njk
@@ -25,6 +25,7 @@
                 {% endif %}
                 <li><a href="{{ route('account') }}"><i data-feather="user"></i> <span class="tip">{{ user.name | default('Account') }}</span></a>
                     <ul class="dropdown">
+                        <li><a href="{{ route('auth-tokens') }}"><i data-feather="key"></i> <span class="tip">Manage auth tokens</span></a></li>
                         <li>
                             <hr>
                             <form action="{{ route('logout') }}?{{ querystring.stringify({redirect_uri: '/'}) }}" method="POST">