1 год назад · 12ebed241b
--- a/apps/app/src/interfaces/access-token.ts
+++ b/apps/app/src/interfaces/access-token.ts
@@ -1,8 +1,9 @@
 
				+import type { Scope } from './scope';
			
 
				 
			
 
				 export type IAccessTokenInfo = {
			
 
				   expiredAt: Date,
			
 
				   description: string,
			
 
				-  scope: string[],
			
 
				+  scope: Scope[],
			
 
				 }
			
 
				 
			
 
				 export type IResGenerateAccessToken = IAccessTokenInfo & {
			
--- a/apps/app/src/server/routes/apiv3/personal-setting/delete-access-token.ts
+++ b/apps/app/src/server/routes/apiv3/personal-setting/delete-access-token.ts
@@ -3,6 +3,7 @@ import type { Request, RequestHandler } from 'express';
 
				 import { query } from 'express-validator';
			
 
				 
			
 
				 import { SupportedAction } from '~/interfaces/activity';
			
 
				+import { SCOPE } from '~/interfaces/scope';
			
 
				 import type Crowi from '~/server/crowi';
			
 
				 import { accessTokenParser } from '~/server/middlewares/access-token-parser';
			
 
				 import { generateAddActivityMiddleware } from '~/server/middlewares/add-activity';
			
@@ -37,7 +38,7 @@ export const deleteAccessTokenHandlersFactory: DeleteAccessTokenHandlersFactory
 
				   const activityEvent = crowi.event('activity');
			
 
				 
			
 
				   return [
			
 
				-    accessTokenParser(),
			
 
				+    accessTokenParser([SCOPE.WRITE.USER.API.ACCESS_TOKEN]),
			
 
				     loginRequiredStrictly,
			
 
				     addActivity,
			
 
				     validator,
			
--- a/apps/app/src/server/routes/apiv3/personal-setting/delete-all-access-tokens.ts
+++ b/apps/app/src/server/routes/apiv3/personal-setting/delete-all-access-tokens.ts
@@ -3,6 +3,7 @@ import { ErrorV3 } from '@growi/core/dist/models';
 
				 import type { Request, RequestHandler } from 'express';
			
 
				 
			
 
				 import { SupportedAction } from '~/interfaces/activity';
			
 
				+import { SCOPE } from '~/interfaces/scope';
			
 
				 import type Crowi from '~/server/crowi';
			
 
				 import { accessTokenParser } from '~/server/middlewares/access-token-parser';
			
 
				 import { generateAddActivityMiddleware } from '~/server/middlewares/add-activity';
			
@@ -26,7 +27,8 @@ export const deleteAllAccessTokensHandlersFactory: DeleteAllAccessTokensHandlers
 
				   const activityEvent = crowi.event('activity');
			
 
				 
			
 
				   return [
			
 
				-    accessTokenParser(), loginRequiredStrictly,
			
 
				+    accessTokenParser([SCOPE.WRITE.USER.API.ACCESS_TOKEN]),
			
 
				+    loginRequiredStrictly,
			
 
				     addActivity,
			
 
				     async(req: DeleteAllAccessTokensRequest, res: ApiV3Response) => {
			
 
				       const { user } = req;
			
--- a/apps/app/src/server/routes/apiv3/personal-setting/generate-access-token.ts
+++ b/apps/app/src/server/routes/apiv3/personal-setting/generate-access-token.ts
@@ -7,10 +7,10 @@ import { body } from 'express-validator';
 
				 
			
 
				 import { SupportedAction } from '~/interfaces/activity';
			
 
				 import type { Scope } from '~/interfaces/scope';
			
 
				-import { extractScopes, isValidScope } from '~/interfaces/scope';
			
 
				 import type Crowi from '~/server/crowi';
			
 
				 import { generateAddActivityMiddleware } from '~/server/middlewares/add-activity';
			
 
				 import { AccessToken } from '~/server/models/access-token';
			
 
				+import { extractScopes, isValidScope } from '~/server/util/scope-utils';
			
 
				 import loggerFactory from '~/utils/logger';
			
 
				 
			
 
				 import { apiV3FormValidator } from '../../../middlewares/apiv3-form-validator';
			
@@ -65,10 +65,12 @@ const validator = [
 
				     .custom((value: Scope[]) => {
			
 
				       value.forEach((scope) => {
			
 
				         if (!isValidScope(scope)) {
			
 
				-          throw new Error('Invalid scope');
			
 
				+          throw new Error(`Invalid scope: ${scope}}`);
			
 
				         }
			
 
				       });
			
 
				-    }),
			
 
				+      return true;
			
 
				+    })
			
 
				+    .withMessage('Invalid scope'),
			
 
				 ];
			
 
				 
			
 
				 export const generateAccessTokenHandlerFactory: GenerateAccessTokenHandlerFactory = (crowi) => {
			
--- a/apps/app/src/server/routes/apiv3/personal-setting/get-access-tokens.ts
+++ b/apps/app/src/server/routes/apiv3/personal-setting/get-access-tokens.ts
@@ -2,6 +2,7 @@ import type { IUserHasId } from '@growi/core/dist/interfaces';
 
				 import { ErrorV3 } from '@growi/core/dist/models';
			
 
				 import type { Request, RequestHandler } from 'express';
			
 
				 
			
 
				+import { SCOPE } from '~/interfaces/scope';
			
 
				 import type Crowi from '~/server/crowi';
			
 
				 import { accessTokenParser } from '~/server/middlewares/access-token-parser';
			
 
				 import { generateAddActivityMiddleware } from '~/server/middlewares/add-activity';
			
@@ -24,7 +25,8 @@ export const getAccessTokenHandlerFactory: GetAccessTokenHandlerFactory = (crowi
 
				   const addActivity = generateAddActivityMiddleware();
			
 
				 
			
 
				   return [
			
 
				-    accessTokenParser(), loginRequiredStrictly,
			
 
				+    accessTokenParser([SCOPE.READ.USER.API.ACCESS_TOKEN]),
			
 
				+    loginRequiredStrictly,
			
 
				     addActivity,
			
 
				     async(req: GetAccessTokenRequest, res: ApiV3Response) => {
			
 
				       const { user } = req;