Ghost/core/server/models/api-key.js

const crypto = require('crypto');
const ghostBookshelf = require('./base');
const {Role} = require('./role');

const createSecret = () => crypto.randomBytes(64).toString('hex');

const ApiKey = ghostBookshelf.Model.extend({
    tableName: 'api_keys',

    defaults() {
        // 512bit key for HS256 JWT signing
        const secret = createSecret();

        return {
            secret
        };
    },

    role() {
        return this.belongsTo('Role');
    },

    // if an ApiKey does not have a related Integration then it's considered
    // "internal" and shouldn't show up in the UI. Example internal API Keys
    // would be the ones used for the scheduler and backup clients
    integration() {
        return this.belongsTo('Integration');
    },

    onSaving(model, attrs, options) {
        ghostBookshelf.Model.prototype.onSaving.apply(this, arguments);

        // enforce roles which are currently hardcoded
        // - admin key = Adminstrator role
        // - content key = no role
        if (this.hasChanged('type') || this.hasChanged('role_id')) {
            if (this.get('type') === 'admin') {
                return Role.findOne({name: 'Admin Integration'}, Object.assign({}, options, {columns: ['id']}))
                    .then((role) => {
                        this.set('role_id', role.get('id'));
                    });
            }

            if (this.get('type') === 'content') {
                this.set('role_id', null);
            }
        }
    }
}, {
    refreshSecret(data, options) {
        const secret = createSecret();
        return this.edit(Object.assign({}, data, {secret}), options);
    }
});

const ApiKeys = ghostBookshelf.Collection.extend({
    model: ApiKey
});

module.exports = {
    ApiKey: ghostBookshelf.model('ApiKey', ApiKey),
    ApiKeys: ghostBookshelf.collection('ApiKeys', ApiKeys)
};
Set up schema and models for API Key authentication (#9904) refs https://github.com/TryGhost/Ghost/issues/9865 - schema migrations - adds `integrations` and `api_keys` tables - inserts `integration` and `api_key` permissions and Administrator role relationships - inserts `Admin Integration` role and permissions - adds `Integration` model - adds `ApiKey` model - creates default secret if not given - hardcodes associated role based on key type - `admin` = `Admin API Client` - `content` = no role - updates `Role` model to use `bookshelf-relations` for auto cleanup of permission relationships on destroy 2018-10-02 19:46:38 +03:00			`const crypto = require('crypto');`
			`const ghostBookshelf = require('./base');`
			`const {Role} = require('./role');`

Added refreshSecret method to ApiKey model (#9947) refs #9865 This is to allow the secret of an api_key to be refreshed, in the event of a secret being compromised. 2018-10-05 11:51:13 +03:00			`const createSecret = () => crypto.randomBytes(64).toString('hex');`

Set up schema and models for API Key authentication (#9904) refs https://github.com/TryGhost/Ghost/issues/9865 - schema migrations - adds `integrations` and `api_keys` tables - inserts `integration` and `api_key` permissions and Administrator role relationships - inserts `Admin Integration` role and permissions - adds `Integration` model - adds `ApiKey` model - creates default secret if not given - hardcodes associated role based on key type - `admin` = `Admin API Client` - `content` = no role - updates `Role` model to use `bookshelf-relations` for auto cleanup of permission relationships on destroy 2018-10-02 19:46:38 +03:00			`const ApiKey = ghostBookshelf.Model.extend({`
			`tableName: 'api_keys',`

			`defaults() {`
			`// 512bit key for HS256 JWT signing`
Added refreshSecret method to ApiKey model (#9947) refs #9865 This is to allow the secret of an api_key to be refreshed, in the event of a secret being compromised. 2018-10-05 11:51:13 +03:00			`const secret = createSecret();`
Set up schema and models for API Key authentication (#9904) refs https://github.com/TryGhost/Ghost/issues/9865 - schema migrations - adds `integrations` and `api_keys` tables - inserts `integration` and `api_key` permissions and Administrator role relationships - inserts `Admin Integration` role and permissions - adds `Integration` model - adds `ApiKey` model - creates default secret if not given - hardcodes associated role based on key type - `admin` = `Admin API Client` - `content` = no role - updates `Role` model to use `bookshelf-relations` for auto cleanup of permission relationships on destroy 2018-10-02 19:46:38 +03:00
			`return {`
			`secret`
			`};`
			`},`

			`role() {`
			`return this.belongsTo('Role');`
			`},`

			`// if an ApiKey does not have a related Integration then it's considered`
			`// "internal" and shouldn't show up in the UI. Example internal API Keys`
			`// would be the ones used for the scheduler and backup clients`
			`integration() {`
			`return this.belongsTo('Integration');`
			`},`

Updated ApiKey onSaving to forward options (#9994) refs #9865 We require models to forward options on, so that any transactions continue to work 2018-10-14 12:54:10 +03:00			`onSaving(model, attrs, options) {`
Set up schema and models for API Key authentication (#9904) refs https://github.com/TryGhost/Ghost/issues/9865 - schema migrations - adds `integrations` and `api_keys` tables - inserts `integration` and `api_key` permissions and Administrator role relationships - inserts `Admin Integration` role and permissions - adds `Integration` model - adds `ApiKey` model - creates default secret if not given - hardcodes associated role based on key type - `admin` = `Admin API Client` - `content` = no role - updates `Role` model to use `bookshelf-relations` for auto cleanup of permission relationships on destroy 2018-10-02 19:46:38 +03:00			`ghostBookshelf.Model.prototype.onSaving.apply(this, arguments);`

			`// enforce roles which are currently hardcoded`
			`// - admin key = Adminstrator role`
			`// - content key = no role`
			`if (this.hasChanged('type') \|\| this.hasChanged('role_id')) {`
			`if (this.get('type') === 'admin') {`
Updated ApiKey onSaving to forward options (#9994) refs #9865 We require models to forward options on, so that any transactions continue to work 2018-10-14 12:54:10 +03:00			`return Role.findOne({name: 'Admin Integration'}, Object.assign({}, options, {columns: ['id']}))`
Set up schema and models for API Key authentication (#9904) refs https://github.com/TryGhost/Ghost/issues/9865 - schema migrations - adds `integrations` and `api_keys` tables - inserts `integration` and `api_key` permissions and Administrator role relationships - inserts `Admin Integration` role and permissions - adds `Integration` model - adds `ApiKey` model - creates default secret if not given - hardcodes associated role based on key type - `admin` = `Admin API Client` - `content` = no role - updates `Role` model to use `bookshelf-relations` for auto cleanup of permission relationships on destroy 2018-10-02 19:46:38 +03:00			`.then((role) => {`
			`this.set('role_id', role.get('id'));`
			`});`
			`}`

			`if (this.get('type') === 'content') {`
			`this.set('role_id', null);`
			`}`
			`}`
			`}`
Added refreshSecret method to ApiKey model (#9947) refs #9865 This is to allow the secret of an api_key to be refreshed, in the event of a secret being compromised. 2018-10-05 11:51:13 +03:00			`}, {`
			`refreshSecret(data, options) {`
			`const secret = createSecret();`
			`return this.edit(Object.assign({}, data, {secret}), options);`
			`}`
Set up schema and models for API Key authentication (#9904) refs https://github.com/TryGhost/Ghost/issues/9865 - schema migrations - adds `integrations` and `api_keys` tables - inserts `integration` and `api_key` permissions and Administrator role relationships - inserts `Admin Integration` role and permissions - adds `Integration` model - adds `ApiKey` model - creates default secret if not given - hardcodes associated role based on key type - `admin` = `Admin API Client` - `content` = no role - updates `Role` model to use `bookshelf-relations` for auto cleanup of permission relationships on destroy 2018-10-02 19:46:38 +03:00			`});`

			`const ApiKeys = ghostBookshelf.Collection.extend({`
			`model: ApiKey`
			`});`

			`module.exports = {`
			`ApiKey: ghostBookshelf.model('ApiKey', ApiKey),`
			`ApiKeys: ghostBookshelf.collection('ApiKeys', ApiKeys)`
			`};`