diff --git a/apps/api/plane/api/middleware/api_authentication.py b/apps/api/plane/api/middleware/api_authentication.py index ddabb4132da..9ca0903542b 100644 --- a/apps/api/plane/api/middleware/api_authentication.py +++ b/apps/api/plane/api/middleware/api_authentication.py @@ -1,13 +1,14 @@ # Django imports from django.utils import timezone from django.db.models import Q +from django.urls import resolve, Resolver404 # Third party imports from rest_framework import authentication from rest_framework.exceptions import AuthenticationFailed # Module imports -from plane.db.models import APIToken +from plane.db.models import APIToken, Workspace class APIKeyAuthentication(authentication.BaseAuthentication): @@ -22,13 +23,21 @@ class APIKeyAuthentication(authentication.BaseAuthentication): def get_api_token(self, request): return request.headers.get(self.auth_header_name) - def validate_api_token(self, token): + def validate_api_token(self, token, workspace_slug): try: api_token = APIToken.objects.get( Q(Q(expired_at__gt=timezone.now()) | Q(expired_at__isnull=True)), token=token, is_active=True, ) + + # If the api token has workspace_id, then check if it matches the workspace_slug + if api_token.workspace_id and workspace_slug: + workspace = Workspace.objects.get(slug=workspace_slug) + + if api_token.workspace_id != workspace.id: + raise AuthenticationFailed("Given API token is not valid") + except APIToken.DoesNotExist: raise AuthenticationFailed("Given API token is not valid") @@ -38,10 +47,15 @@ def validate_api_token(self, token): return (api_token.user, api_token.token) def authenticate(self, request): + try: + workspace_slug = resolve(request.path_info).kwargs.get("slug") + except Resolver404: + workspace_slug = None + token = self.get_api_token(request=request) if not token: return None # Validate the API token - user, token = self.validate_api_token(token) + user, token = self.validate_api_token(token, workspace_slug) return user, token diff --git a/apps/api/plane/api/rate_limit.py b/apps/api/plane/api/rate_limit.py index 0d266e98b50..299a13118a9 100644 --- a/apps/api/plane/api/rate_limit.py +++ b/apps/api/plane/api/rate_limit.py @@ -3,6 +3,7 @@ # Third party imports from rest_framework.throttling import SimpleRateThrottle +from plane.db.models import APIToken class ApiKeyRateThrottle(SimpleRateThrottle): @@ -85,3 +86,41 @@ def allow_request(self, request, view): request.META["X-RateLimit-Reset"] = reset_time return allowed + + +class WorkspaceTokenRateThrottle(SimpleRateThrottle): + scope = "workspace_token" + rate = "60/minute" + + def get_cache_key(self, request, view): + api_key = request.headers.get("X-Api-Key") + if not api_key: + return None + + return f"{self.scope}:{api_key}" + + def allow_request(self, request, view): + api_key = request.headers.get("X-Api-Key") + + if api_key: + token = APIToken.objects.filter(token=api_key).only("allowed_rate_limit").first() + if token and token.allowed_rate_limit: + self.rate = token.allowed_rate_limit + + self.num_requests, self.duration = self.parse_rate(self.rate) + + allowed = super().allow_request(request, view) + + if allowed: + now = self.timer() + history = self.cache.get(self.key, []) + + while history and history[-1] <= now - self.duration: + history.pop() + + available = self.num_requests - len(history) + + request.META["X-RateLimit-Remaining"] = max(0, available) + request.META["X-RateLimit-Reset"] = int(now + self.duration) + + return allowed diff --git a/apps/api/plane/api/views/base.py b/apps/api/plane/api/views/base.py index 2e658443018..3cb736df610 100644 --- a/apps/api/plane/api/views/base.py +++ b/apps/api/plane/api/views/base.py @@ -20,7 +20,7 @@ # Module imports from plane.db.models.api import APIToken from plane.api.middleware.api_authentication import APIKeyAuthentication -from plane.api.rate_limit import ApiKeyRateThrottle, ServiceTokenRateThrottle +from plane.api.rate_limit import ApiKeyRateThrottle, ServiceTokenRateThrottle, WorkspaceTokenRateThrottle from plane.utils.exception_logger import log_exception from plane.utils.paginator import BasePaginator from plane.utils.core.mixins import ReadReplicaControlMixin @@ -60,12 +60,20 @@ def get_throttles(self): api_key = self.request.headers.get("X-Api-Key") if api_key: - service_token = APIToken.objects.filter(token=api_key, is_service=True).first() + api_token = APIToken.objects.filter(token=api_key) + + service_token = api_token.filter(is_service=True).first() + + workspace_token = api_token.filter(workspace_id__isnull=False).first() if service_token: throttle_classes.append(ServiceTokenRateThrottle()) return throttle_classes + if workspace_token: + throttle_classes.append(WorkspaceTokenRateThrottle()) + return throttle_classes + throttle_classes.append(ApiKeyRateThrottle()) return throttle_classes diff --git a/apps/api/plane/app/serializers/api.py b/apps/api/plane/app/serializers/api.py index 009f7a611f5..2150b408837 100644 --- a/apps/api/plane/app/serializers/api.py +++ b/apps/api/plane/app/serializers/api.py @@ -1,7 +1,12 @@ +# Django import +from django.utils import timezone + +# Third party import +from rest_framework import serializers + +# Module import from .base import BaseSerializer from plane.db.models import APIToken, APIActivityLog -from rest_framework import serializers -from django.utils import timezone class APITokenSerializer(BaseSerializer): diff --git a/apps/api/plane/app/urls/api.py b/apps/api/plane/app/urls/api.py index c74aeddbf2b..fd03c5dc52c 100644 --- a/apps/api/plane/app/urls/api.py +++ b/apps/api/plane/app/urls/api.py @@ -1,5 +1,5 @@ from django.urls import path -from plane.app.views import ApiTokenEndpoint, ServiceApiTokenEndpoint +from plane.app.views import ApiTokenEndpoint, ServiceApiTokenEndpoint, WorkspaceAPITokenEndpoint urlpatterns = [ # API Tokens @@ -18,5 +18,15 @@ ServiceApiTokenEndpoint.as_view(), name="service-api-tokens", ), + path( + "workspaces//api-tokens/", + WorkspaceAPITokenEndpoint.as_view(), + name="workspace-api-tokens", + ), + path( + "workspaces//api-tokens//", + WorkspaceAPITokenEndpoint.as_view(), + name="workspace-api-tokens-details", + ), ## End API Tokens ] diff --git a/apps/api/plane/app/views/__init__.py b/apps/api/plane/app/views/__init__.py index 7a0e5cb3a28..dcdb920425e 100644 --- a/apps/api/plane/app/views/__init__.py +++ b/apps/api/plane/app/views/__init__.py @@ -161,7 +161,7 @@ from .module.archive import ModuleArchiveUnarchiveEndpoint -from .api import ApiTokenEndpoint, ServiceApiTokenEndpoint +from .api import ApiTokenEndpoint, ServiceApiTokenEndpoint, WorkspaceAPITokenEndpoint from .page.base import ( PageViewSet, diff --git a/apps/api/plane/app/views/api/__init__.py b/apps/api/plane/app/views/api/__init__.py new file mode 100644 index 00000000000..6736ced5e8d --- /dev/null +++ b/apps/api/plane/app/views/api/__init__.py @@ -0,0 +1,3 @@ +from .base import ApiTokenEndpoint +from .service import ServiceApiTokenEndpoint +from .workspace import WorkspaceAPITokenEndpoint diff --git a/apps/api/plane/app/views/api.py b/apps/api/plane/app/views/api/base.py similarity index 67% rename from apps/api/plane/app/views/api.py rename to apps/api/plane/app/views/api/base.py index 41985990239..b9306506bf3 100644 --- a/apps/api/plane/app/views/api.py +++ b/apps/api/plane/app/views/api/base.py @@ -8,10 +8,9 @@ from rest_framework import status # Module import -from .base import BaseAPIView -from plane.db.models import APIToken, Workspace +from plane.app.views.base import BaseAPIView +from plane.db.models import APIToken from plane.app.serializers import APITokenSerializer, APITokenReadSerializer -from plane.app.permissions import WorkspaceEntityPermission class ApiTokenEndpoint(BaseAPIView): @@ -37,11 +36,11 @@ def post(self, request: Request) -> Response: def get(self, request: Request, pk: Optional[str] = None) -> Response: if pk is None: - api_tokens = APIToken.objects.filter(user=request.user, is_service=False) + api_tokens = APIToken.objects.filter(user=request.user, is_service=False, workspace_id__isnull=True) serializer = APITokenReadSerializer(api_tokens, many=True) return Response(serializer.data, status=status.HTTP_200_OK) else: - api_tokens = APIToken.objects.get(user=request.user, pk=pk) + api_tokens = APIToken.objects.get(user=request.user, pk=pk, workspace_id__isnull=True) serializer = APITokenReadSerializer(api_tokens) return Response(serializer.data, status=status.HTTP_200_OK) @@ -57,28 +56,3 @@ def patch(self, request: Request, pk: str) -> Response: serializer.save() return Response(serializer.data, status=status.HTTP_200_OK) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) - - -class ServiceApiTokenEndpoint(BaseAPIView): - permission_classes = [WorkspaceEntityPermission] - - def post(self, request: Request, slug: str) -> Response: - workspace = Workspace.objects.get(slug=slug) - - api_token = APIToken.objects.filter(workspace=workspace, is_service=True).first() - - if api_token: - return Response({"token": str(api_token.token)}, status=status.HTTP_200_OK) - else: - # Check the user type - user_type = 1 if request.user.is_bot else 0 - - api_token = APIToken.objects.create( - label=str(uuid4().hex), - description="Service Token", - user=request.user, - workspace=workspace, - user_type=user_type, - is_service=True, - ) - return Response({"token": str(api_token.token)}, status=status.HTTP_201_CREATED) diff --git a/apps/api/plane/app/views/api/service.py b/apps/api/plane/app/views/api/service.py new file mode 100644 index 00000000000..c22514902e0 --- /dev/null +++ b/apps/api/plane/app/views/api/service.py @@ -0,0 +1,37 @@ +# Python import +from uuid import uuid4 + +# Third party +from rest_framework.response import Response +from rest_framework.request import Request +from rest_framework import status + +# Module import +from .base import BaseAPIView +from plane.db.models import APIToken, Workspace +from plane.app.permissions import WorkspaceEntityPermission + + +class ServiceApiTokenEndpoint(BaseAPIView): + permission_classes = [WorkspaceEntityPermission] + + def post(self, request: Request, slug: str) -> Response: + workspace = Workspace.objects.get(slug=slug) + + api_token = APIToken.objects.filter(workspace=workspace, is_service=True).first() + + if api_token: + return Response({"token": str(api_token.token)}, status=status.HTTP_200_OK) + else: + # Check the user type + user_type = 1 if request.user.is_bot else 0 + + api_token = APIToken.objects.create( + label=str(uuid4().hex), + description="Service Token", + user=request.user, + workspace=workspace, + user_type=user_type, + is_service=True, + ) + return Response({"token": str(api_token.token)}, status=status.HTTP_201_CREATED) diff --git a/apps/api/plane/app/views/api/workspace.py b/apps/api/plane/app/views/api/workspace.py new file mode 100644 index 00000000000..a0a244eb85a --- /dev/null +++ b/apps/api/plane/app/views/api/workspace.py @@ -0,0 +1,68 @@ +# Python import +from typing import Optional +from uuid import uuid4 + + +# Third party +from rest_framework.response import Response +from rest_framework.request import Request +from rest_framework import status + +# Module import +from plane.app.views import BaseAPIView +from plane.db.models import APIToken, Workspace +from plane.app.serializers import APITokenSerializer, APITokenReadSerializer +from plane.app.permissions import WorkSpaceAdminPermission + + +class WorkspaceAPITokenEndpoint(BaseAPIView): + permission_classes = [ + WorkSpaceAdminPermission, + ] + + def post(self, request: Request, slug: str) -> Response: + label = request.data.get("label", str(uuid4().hex)) + description = request.data.get("description", "") + expired_at = request.data.get("expired_at", None) + + # Check the user type + user_type = 1 if request.user.is_bot else 0 + + workspace = Workspace.objects.get(slug=slug) + + api_token = APIToken.objects.create( + label=label, + description=description, + user=request.user, + user_type=user_type, + expired_at=expired_at, + workspace=workspace, + ) + + serializer = APITokenSerializer(api_token) + + return Response(serializer.data, status=status.HTTP_201_CREATED) + + def get(self, request: Request, slug: str, pk: Optional[str] = None) -> Response: + if pk is None: + api_tokens = APIToken.objects.filter(workspace__slug=slug, is_service=False, user=request.user) + + serializer = APITokenReadSerializer(api_tokens, many=True) + return Response(serializer.data, status=status.HTTP_200_OK) + else: + try: + api_tokens = APIToken.objects.get(workspace__slug=slug, pk=pk, user=request.user) + except APIToken.DoesNotExist: + return Response({"error": "API token does not exist"}, status=status.HTTP_404_NOT_FOUND) + + serializer = APITokenReadSerializer(api_tokens) + return Response(serializer.data, status=status.HTTP_200_OK) + + def delete(self, request: Request, slug: str, pk: str) -> Response: + try: + api_token = APIToken.objects.get(workspace__slug=slug, pk=pk, is_service=False, user=request.user) + except APIToken.DoesNotExist: + return Response({"error": "API token does not exist"}, status=status.HTTP_404_NOT_FOUND) + + api_token.delete() + return Response(status=status.HTTP_204_NO_CONTENT) diff --git a/apps/web/app/(all)/[workspaceSlug]/(settings)/settings/(workspace)/access-tokens/page.tsx b/apps/web/app/(all)/[workspaceSlug]/(settings)/settings/(workspace)/access-tokens/page.tsx new file mode 100644 index 00000000000..65289b5fa6e --- /dev/null +++ b/apps/web/app/(all)/[workspaceSlug]/(settings)/settings/(workspace)/access-tokens/page.tsx @@ -0,0 +1,109 @@ +import { useState } from "react"; +import { observer } from "mobx-react"; +import useSWR from "swr"; +// plane imports +import { EUserPermissions, EUserPermissionsLevel } from "@plane/constants"; +import { useTranslation } from "@plane/i18n"; +import { EmptyStateCompact } from "@plane/propel/empty-state"; +import { WorkspaceAPITokenService } from "@plane/services"; +// component +import { CreateApiTokenModal } from "@/components/api-token/modal/create-token-modal"; +import { ApiTokenListItem } from "@/components/api-token/token-list-item"; +import { NotAuthorizedView } from "@/components/auth-screens/not-authorized-view"; +import { PageHead } from "@/components/core/page-title"; +import { SettingsContentWrapper } from "@/components/settings/content-wrapper"; +import { SettingsHeading } from "@/components/settings/heading"; +import { APITokenSettingsLoader } from "@/components/ui/loader/settings/api-token"; +// constants +import { WORKSPACE_API_TOKENS_LIST } from "@/constants/fetch-keys"; +// store hooks +import { useWorkspace } from "@/hooks/store/use-workspace"; +import { useUserPermissions } from "@/hooks/store/user"; +import type { Route } from "./+types/page"; + +const workspaceApiTokenService = new WorkspaceAPITokenService(); + +function ApiTokensPage({ params }: Route.ComponentProps) { + // states + const [isCreateTokenModalOpen, setIsCreateTokenModalOpen] = useState(false); + // router + const { workspaceSlug } = params; + // plane hooks + const { t } = useTranslation(); + // store hooks + const { workspaceUserInfo, allowPermissions } = useUserPermissions(); + const { currentWorkspace } = useWorkspace(); + // derived values + const canPerformWorkspaceAdminActions = allowPermissions([EUserPermissions.ADMIN], EUserPermissionsLevel.WORKSPACE); + + const { data: tokens } = useSWR( + canPerformWorkspaceAdminActions ? WORKSPACE_API_TOKENS_LIST(workspaceSlug) : null, + canPerformWorkspaceAdminActions ? () => workspaceApiTokenService.list(workspaceSlug) : null + ); + + const pageTitle = currentWorkspace?.name + ? `${currentWorkspace.name} - ${t("workspace_settings.settings.api_tokens.title")}` + : undefined; + + if (workspaceUserInfo && !canPerformWorkspaceAdminActions) { + return ; + } + + return ( + + + {!tokens ? ( + + ) : ( +
+ setIsCreateTokenModalOpen(false)} + workspaceSlug={workspaceSlug} + /> + { + setIsCreateTokenModalOpen(true); + }, + }} + /> + {tokens.length > 0 ? ( +
+
+ {tokens.map((token) => ( + + ))} +
+
+ ) : ( +
+
+ { + setIsCreateTokenModalOpen(true); + }, + }, + ]} + align="start" + rootClassName="py-20" + /> +
+
+ )} +
+ )} + + ); +} + +export default observer(ApiTokensPage); diff --git a/apps/web/app/(all)/[workspaceSlug]/(settings)/settings/(workspace)/sidebar.tsx b/apps/web/app/(all)/[workspaceSlug]/(settings)/settings/(workspace)/sidebar.tsx index d4f6aed1a6f..2c4fcc9b435 100644 --- a/apps/web/app/(all)/[workspaceSlug]/(settings)/settings/(workspace)/sidebar.tsx +++ b/apps/web/app/(all)/[workspaceSlug]/(settings)/settings/(workspace)/sidebar.tsx @@ -1,5 +1,5 @@ import { useParams, usePathname } from "next/navigation"; -import { ArrowUpToLine, Building, CreditCard, Users, Webhook } from "lucide-react"; +import { ArrowUpToLine, Building, CreditCard, KeyRound, Users, Webhook } from "lucide-react"; import type { LucideIcon } from "lucide-react"; // plane imports import { @@ -25,6 +25,7 @@ export const WORKSPACE_SETTINGS_ICONS: Record apiTokenService.list()); const pageTitle = currentWorkspace?.name - ? `${currentWorkspace.name} - ${t("workspace_settings.settings.api_tokens.title")}` + ? `${currentWorkspace.name} - ${t("account_settings.api_tokens.title")}` : undefined; if (!tokens) { - return ; + return ; } return ( @@ -41,58 +41,43 @@ function ApiTokensPage() { setIsCreateTokenModalOpen(false)} />
+ { + setIsCreateTokenModalOpen(true); + }, + }} + /> {tokens.length > 0 ? ( <> - { - setIsCreateTokenModalOpen(true); - }, - }} - /> -
- {tokens.map((token) => ( - - ))} -
+ {tokens.map((token) => ( + + ))} ) : ( -
- { setIsCreateTokenModalOpen(true); }, - }} - /> - - { - setIsCreateTokenModalOpen(true); - }, - }, - ]} - align="start" - rootClassName="py-20" - /> -
+ }, + ]} + align="start" + rootClassName="py-20" + /> )}
); -} +}); -export default observer(ApiTokensPage); +export default ApiTokensPage; diff --git a/apps/web/app/routes/core.ts b/apps/web/app/routes/core.ts index ccb9d78d378..0d21862142d 100644 --- a/apps/web/app/routes/core.ts +++ b/apps/web/app/routes/core.ts @@ -276,6 +276,10 @@ export const coreRoutes: RouteConfigEntry[] = [ ":workspaceSlug/settings/webhooks/:webhookId", "./(all)/[workspaceSlug]/(settings)/settings/(workspace)/webhooks/[webhookId]/page.tsx" ), + route( + ":workspaceSlug/settings/access-tokens", + "./(all)/[workspaceSlug]/(settings)/settings/(workspace)/access-tokens/page.tsx" + ), ]), // -------------------------------------------------------------------- diff --git a/apps/web/core/components/api-token/delete-token-modal.tsx b/apps/web/core/components/api-token/delete-token-modal.tsx index cc42fb9a57b..40a9a1ef5d1 100644 --- a/apps/web/core/components/api-token/delete-token-modal.tsx +++ b/apps/web/core/components/api-token/delete-token-modal.tsx @@ -3,23 +3,25 @@ import { mutate } from "swr"; // types import { useTranslation } from "@plane/i18n"; import { TOAST_TYPE, setToast } from "@plane/propel/toast"; -import { APITokenService } from "@plane/services"; +import { APITokenService, WorkspaceAPITokenService } from "@plane/services"; import type { IApiToken } from "@plane/types"; // ui import { AlertModalCore } from "@plane/ui"; // fetch-keys -import { API_TOKENS_LIST } from "@/constants/fetch-keys"; +import { API_TOKENS_LIST, WORKSPACE_API_TOKENS_LIST } from "@/constants/fetch-keys"; type Props = { isOpen: boolean; onClose: () => void; tokenId: string; + workspaceSlug?: string; }; const apiTokenService = new APITokenService(); +const workspaceApiTokenService = new WorkspaceAPITokenService(); export function DeleteApiTokenModal(props: Props) { - const { isOpen, onClose, tokenId } = props; + const { isOpen, onClose, tokenId, workspaceSlug } = props; // states const [deleteLoading, setDeleteLoading] = useState(false); // router params @@ -33,8 +35,11 @@ export function DeleteApiTokenModal(props: Props) { const handleDeletion = async () => { setDeleteLoading(true); - await apiTokenService - .destroy(tokenId) + const apiCall = workspaceSlug + ? workspaceApiTokenService.destroy(workspaceSlug, tokenId) + : apiTokenService.destroy(tokenId); + + await apiCall .then(() => { setToast({ type: TOAST_TYPE.SUCCESS, @@ -43,11 +48,10 @@ export function DeleteApiTokenModal(props: Props) { }); mutate( - API_TOKENS_LIST, + workspaceSlug ? WORKSPACE_API_TOKENS_LIST(workspaceSlug) : API_TOKENS_LIST, (prevData) => (prevData ?? []).filter((token) => token.id !== tokenId), false ); - handleClose(); setDeleteLoading(false); }) diff --git a/apps/web/core/components/api-token/modal/create-token-modal.tsx b/apps/web/core/components/api-token/modal/create-token-modal.tsx index a5f9e1a6456..6da799422fb 100644 --- a/apps/web/core/components/api-token/modal/create-token-modal.tsx +++ b/apps/web/core/components/api-token/modal/create-token-modal.tsx @@ -2,12 +2,12 @@ import { useState } from "react"; import { mutate } from "swr"; // plane imports import { TOAST_TYPE, setToast } from "@plane/propel/toast"; -import { APITokenService } from "@plane/services"; +import { APITokenService, WorkspaceAPITokenService } from "@plane/services"; import type { IApiToken } from "@plane/types"; import { EModalPosition, EModalWidth, ModalCore } from "@plane/ui"; import { renderFormattedDate, csvDownload } from "@plane/utils"; // constants -import { API_TOKENS_LIST } from "@/constants/fetch-keys"; +import { API_TOKENS_LIST, WORKSPACE_API_TOKENS_LIST } from "@/constants/fetch-keys"; // local imports import { CreateApiTokenForm } from "./form"; import { GeneratedTokenDetails } from "./generated-token-details"; @@ -15,13 +15,15 @@ import { GeneratedTokenDetails } from "./generated-token-details"; type Props = { isOpen: boolean; onClose: () => void; + workspaceSlug?: string; }; // services const apiTokenService = new APITokenService(); +const workspaceApiTokenService = new WorkspaceAPITokenService(); export function CreateApiTokenModal(props: Props) { - const { isOpen, onClose } = props; + const { isOpen, onClose, workspaceSlug } = props; // states const [neverExpires, setNeverExpires] = useState(false); const [generatedToken, setGeneratedToken] = useState(null); @@ -48,14 +50,14 @@ export function CreateApiTokenModal(props: Props) { const handleCreateToken = async (data: Partial) => { // make the request to generate the token - await apiTokenService - .create(data) + const apiCall = workspaceSlug ? workspaceApiTokenService.create(workspaceSlug, data) : apiTokenService.create(data); + await apiCall .then((res) => { setGeneratedToken(res); downloadSecretKey(res); mutate( - API_TOKENS_LIST, + workspaceSlug ? WORKSPACE_API_TOKENS_LIST(workspaceSlug) : API_TOKENS_LIST, (prevData) => { if (!prevData) return; @@ -70,7 +72,6 @@ export function CreateApiTokenModal(props: Props) { title: "Error!", message: err.message || err.detail, }); - throw err; }); }; diff --git a/apps/web/core/components/api-token/token-list-item.tsx b/apps/web/core/components/api-token/token-list-item.tsx index 7bdc81fb526..e1979fa32b9 100644 --- a/apps/web/core/components/api-token/token-list-item.tsx +++ b/apps/web/core/components/api-token/token-list-item.tsx @@ -1,7 +1,7 @@ import { useState } from "react"; import { XCircle } from "lucide-react"; // plane imports -import { PROFILE_SETTINGS_TRACKER_ELEMENTS } from "@plane/constants"; +import { PROFILE_SETTINGS_TRACKER_ELEMENTS, WORKSPACE_SETTINGS_TRACKER_ELEMENTS } from "@plane/constants"; import { Tooltip } from "@plane/propel/tooltip"; import type { IApiToken } from "@plane/types"; import { renderFormattedDate, calculateTimeAgo, renderFormattedTime } from "@plane/utils"; @@ -12,24 +12,34 @@ import { usePlatformOS } from "@/hooks/use-platform-os"; type Props = { token: IApiToken; + workspaceSlug?: string; }; export function ApiTokenListItem(props: Props) { - const { token } = props; + const { token, workspaceSlug } = props; // states const [deleteModalOpen, setDeleteModalOpen] = useState(false); // hooks const { isMobile } = usePlatformOS(); + const trackerElement = workspaceSlug + ? WORKSPACE_SETTINGS_TRACKER_ELEMENTS.LIST_ITEM_DELETE_ICON + : PROFILE_SETTINGS_TRACKER_ELEMENTS.LIST_ITEM_DELETE_ICON; + return ( <> - setDeleteModalOpen(false)} tokenId={token.id} /> + setDeleteModalOpen(false)} + tokenId={token.id} + workspaceSlug={workspaceSlug} + />
diff --git a/apps/web/core/components/ui/loader/settings/api-token.tsx b/apps/web/core/components/ui/loader/settings/api-token.tsx index 8d4fe11e8f2..72d2aeda503 100644 --- a/apps/web/core/components/ui/loader/settings/api-token.tsx +++ b/apps/web/core/components/ui/loader/settings/api-token.tsx @@ -1,11 +1,15 @@ import { range } from "lodash-es"; -import { useTranslation } from "@plane/i18n"; -export function APITokenSettingsLoader() { - const { t } = useTranslation(); + +type Props = { + title: string; +}; + +export function APITokenSettingsLoader(props: Props) { + const { title } = props; return (
-

{t("workspace_settings.settings.api_tokens.title")}

+

{title}

diff --git a/apps/web/core/constants/fetch-keys.ts b/apps/web/core/constants/fetch-keys.ts index b7d669506e6..5f370714831 100644 --- a/apps/web/core/constants/fetch-keys.ts +++ b/apps/web/core/constants/fetch-keys.ts @@ -146,6 +146,8 @@ export const USER_PROFILE_PROJECT_SEGREGATION = (workspaceSlug: string, userId: // api-tokens export const API_TOKENS_LIST = `API_TOKENS_LIST`; +export const WORKSPACE_API_TOKENS_LIST = (workspaceSlug: string) => + `WORKSPACE_API_TOKENS_LIST_${workspaceSlug.toUpperCase()}`; // marketplace export const APPLICATIONS_LIST = (workspaceSlug: string) => `APPLICATIONS_LIST_${workspaceSlug.toUpperCase()}`; diff --git a/packages/constants/src/event-tracker/core.ts b/packages/constants/src/event-tracker/core.ts index e2d305052eb..c339dd9550f 100644 --- a/packages/constants/src/event-tracker/core.ts +++ b/packages/constants/src/event-tracker/core.ts @@ -483,6 +483,9 @@ export const WORKSPACE_SETTINGS_TRACKER_EVENTS = { webhook_toggled: "webhook_toggled", webhook_details_page_toggled: "webhook_details_page_toggled", webhook_updated: "webhook_updated", + // PAT + pat_created: "workspace_pat_created", + pat_deleted: "workspace_pat_deleted", }; export const WORKSPACE_SETTINGS_TRACKER_ELEMENTS = { @@ -499,4 +502,8 @@ export const WORKSPACE_SETTINGS_TRACKER_ELEMENTS = { WEBHOOK_DETAILS_PAGE_TOGGLE_SWITCH: "webhook_details_page_toggle_switch", WEBHOOK_DELETE_BUTTON: "webhook_delete_button", WEBHOOK_UPDATE_BUTTON: "webhook_update_button", + // PAT + HEADER_ADD_PAT_BUTTON: "workspace_header_add_pat_button", + EMPTY_STATE_ADD_PAT_BUTTON: "workspace_empty_state_add_pat_button", + LIST_ITEM_DELETE_ICON: "workspace_list_item_delete_icon", }; diff --git a/packages/constants/src/settings.ts b/packages/constants/src/settings.ts index 2c55a6a2dd7..448b87f9590 100644 --- a/packages/constants/src/settings.ts +++ b/packages/constants/src/settings.ts @@ -37,7 +37,7 @@ export const GROUPED_WORKSPACE_SETTINGS = { WORKSPACE_SETTINGS["export"], ], [WORKSPACE_SETTINGS_CATEGORY.FEATURES]: [], - [WORKSPACE_SETTINGS_CATEGORY.DEVELOPER]: [WORKSPACE_SETTINGS["webhooks"]], + [WORKSPACE_SETTINGS_CATEGORY.DEVELOPER]: [WORKSPACE_SETTINGS["webhooks"], WORKSPACE_SETTINGS["access-tokens"]], }; export const GROUPED_PROFILE_SETTINGS = { diff --git a/packages/constants/src/workspace.ts b/packages/constants/src/workspace.ts index 9610333c0e6..6686649b7ab 100644 --- a/packages/constants/src/workspace.ts +++ b/packages/constants/src/workspace.ts @@ -107,6 +107,13 @@ export const WORKSPACE_SETTINGS = { access: [EUserWorkspaceRoles.ADMIN], highlight: (pathname: string, baseUrl: string) => pathname === `${baseUrl}/settings/webhooks/`, }, + "access-tokens": { + key: "access-tokens", + i18n_label: "workspace_settings.settings.api_tokens.title", + href: `/settings/access-tokens`, + access: [EUserWorkspaceRoles.ADMIN], + highlight: (pathname: string, baseUrl: string) => pathname === `${baseUrl}/settings/access-tokens/`, + }, }; export const WORKSPACE_SETTINGS_ACCESS = Object.fromEntries( @@ -125,6 +132,7 @@ export const WORKSPACE_SETTINGS_LINKS: { WORKSPACE_SETTINGS["billing-and-plans"], WORKSPACE_SETTINGS["export"], WORKSPACE_SETTINGS["webhooks"], + WORKSPACE_SETTINGS["access-tokens"], ]; export const ROLE = { diff --git a/packages/i18n/src/locales/cs/translations.ts b/packages/i18n/src/locales/cs/translations.ts index 3b98f60c20a..756f5c3b20a 100644 --- a/packages/i18n/src/locales/cs/translations.ts +++ b/packages/i18n/src/locales/cs/translations.ts @@ -1708,8 +1708,10 @@ export default { }, }, api_tokens: { + heading: "API Tokeny", + description: "Generujte bezpečné API tokeny pro integraci vašich dat s externími systémy a aplikacemi.", title: "API Tokeny", - add_token: "Přidat API token", + add_token: "Přidat token přístupu", create_token: "Vytvořit token", never_expires: "Nikdy neexpiruje", generate_token: "Generovat token", diff --git a/packages/i18n/src/locales/de/translations.ts b/packages/i18n/src/locales/de/translations.ts index d6b5a7d417a..d92f63274e5 100644 --- a/packages/i18n/src/locales/de/translations.ts +++ b/packages/i18n/src/locales/de/translations.ts @@ -1728,8 +1728,11 @@ export default { }, }, api_tokens: { + heading: "API-Tokens", + description: + "Generieren Sie sichere API-Tokens, um Ihre Daten mit externen Systemen und Anwendungen zu integrieren.", title: "API-Tokens", - add_token: "API-Token hinzufügen", + add_token: "Zugriffstoken hinzufügen", create_token: "Token erstellen", never_expires: "Läuft nie ab", generate_token: "Token generieren", diff --git a/packages/i18n/src/locales/en/translations.ts b/packages/i18n/src/locales/en/translations.ts index d41e7ecb06c..af541c7b40a 100644 --- a/packages/i18n/src/locales/en/translations.ts +++ b/packages/i18n/src/locales/en/translations.ts @@ -1408,7 +1408,7 @@ export default { heading: "Security", }, api_tokens: { - heading: "Personal Access Tokens", + title: "Personal Access Tokens", description: "Generate secure API tokens to integrate your data with external systems and applications.", }, activity: { @@ -1571,14 +1571,16 @@ export default { }, }, api_tokens: { - title: "Personal Access Tokens", - add_token: "Add personal access token", + heading: "Access Tokens", + description: "Generate secure API tokens to integrate your data with external systems and applications.", + title: "Access Tokens", + add_token: "Add access token", create_token: "Create token", never_expires: "Never expires", generate_token: "Generate token", generating: "Generating", delete: { - title: "Delete personal access token", + title: "Delete access token", description: "Any application using this token will no longer have the access to Plane data. This action cannot be undone.", success: { @@ -1594,7 +1596,7 @@ export default { }, empty_state: { api_tokens: { - title: "No personal access tokens created", + title: "No access tokens created", description: "Plane APIs can be used to integrate your data in Plane with any external system. Create a token to get started.", }, diff --git a/packages/i18n/src/locales/es/translations.ts b/packages/i18n/src/locales/es/translations.ts index 85807f743f2..f291f9895af 100644 --- a/packages/i18n/src/locales/es/translations.ts +++ b/packages/i18n/src/locales/es/translations.ts @@ -1733,8 +1733,10 @@ export default { }, }, api_tokens: { + heading: "Tokens de API", + description: "Genere tokens de API seguros para integrar sus datos con sistemas y aplicaciones externos.", title: "Tokens de API", - add_token: "Agregar token de API", + add_token: "Agregar token de acceso", create_token: "Crear token", never_expires: "Nunca expira", generate_token: "Generar token", diff --git a/packages/i18n/src/locales/fr/translations.ts b/packages/i18n/src/locales/fr/translations.ts index 79673abf0e6..664e4ee6635 100644 --- a/packages/i18n/src/locales/fr/translations.ts +++ b/packages/i18n/src/locales/fr/translations.ts @@ -1731,8 +1731,11 @@ export default { }, }, api_tokens: { + heading: "Jetons API", + description: + "Générez des jetons API sécurisés pour intégrer vos données avec des systèmes et applications externes.", title: "Jetons API", - add_token: "Ajouter un jeton API", + add_token: "Ajouter un jeton d'accès", create_token: "Créer un jeton", never_expires: "N’expire jamais", generate_token: "Générer un jeton", diff --git a/packages/i18n/src/locales/id/translations.ts b/packages/i18n/src/locales/id/translations.ts index f49d4e8d25f..f918359cd26 100644 --- a/packages/i18n/src/locales/id/translations.ts +++ b/packages/i18n/src/locales/id/translations.ts @@ -1719,8 +1719,10 @@ export default { }, }, api_tokens: { + heading: "Token API", + description: "Buat token API yang aman untuk mengintegrasikan data Anda dengan sistem dan aplikasi eksternal.", title: "Token API", - add_token: "Tambah token API", + add_token: "Tambah token akses", create_token: "Buat token", never_expires: "Tidak pernah kedaluwarsa", generate_token: "Hasilkan token", diff --git a/packages/i18n/src/locales/it/translations.ts b/packages/i18n/src/locales/it/translations.ts index 0506e30693e..6e4e1eb22af 100644 --- a/packages/i18n/src/locales/it/translations.ts +++ b/packages/i18n/src/locales/it/translations.ts @@ -1723,8 +1723,10 @@ export default { }, }, api_tokens: { + heading: "Token API", + description: "Genera token API sicuri per integrare i tuoi dati con sistemi e applicazioni esterne.", title: "Token API", - add_token: "Aggiungi token API", + add_token: "Aggiungi token di accesso", create_token: "Crea token", never_expires: "Non scade mai", generate_token: "Genera token", diff --git a/packages/i18n/src/locales/ja/translations.ts b/packages/i18n/src/locales/ja/translations.ts index 80ae283c79e..d8c8732e876 100644 --- a/packages/i18n/src/locales/ja/translations.ts +++ b/packages/i18n/src/locales/ja/translations.ts @@ -1709,8 +1709,10 @@ export default { }, }, api_tokens: { + heading: "APIトークン", + description: "セキュアなAPIトークンを生成して、データを外部システムやアプリケーションと統合します。", title: "APIトークン", - add_token: "APIトークンを追加", + add_token: "アクセストークンを追加", create_token: "トークンを作成", never_expires: "無期限", generate_token: "トークンを生成", diff --git a/packages/i18n/src/locales/ko/translations.ts b/packages/i18n/src/locales/ko/translations.ts index 11b6fa1c34c..c7b2a89100a 100644 --- a/packages/i18n/src/locales/ko/translations.ts +++ b/packages/i18n/src/locales/ko/translations.ts @@ -1702,8 +1702,10 @@ export default { }, }, api_tokens: { + heading: "API 토큰", + description: "보안 API 토큰을 생성하여 데이터를 외부 시스템 및 애플리케이션과 통합합니다.", title: "API 토큰", - add_token: "API 토큰 추가", + add_token: "액세스 토큰 추가", create_token: "토큰 생성", never_expires: "만료되지 않음", generate_token: "토큰 생성", diff --git a/packages/i18n/src/locales/pl/translations.ts b/packages/i18n/src/locales/pl/translations.ts index be091cbcf5b..19311219b8e 100644 --- a/packages/i18n/src/locales/pl/translations.ts +++ b/packages/i18n/src/locales/pl/translations.ts @@ -1711,8 +1711,10 @@ export default { }, }, api_tokens: { + heading: "Tokeny API", + description: "Generuj bezpieczne tokeny API, aby integrować swoje dane z zewnętrznymi systemami i aplikacjami.", title: "Tokeny API", - add_token: "Dodaj token API", + add_token: "Dodaj token dostępu", create_token: "Utwórz token", never_expires: "Nigdy nie wygasa", generate_token: "Wygeneruj token", diff --git a/packages/i18n/src/locales/pt-BR/translations.ts b/packages/i18n/src/locales/pt-BR/translations.ts index d926cdbe186..3e22e4b1f5e 100644 --- a/packages/i18n/src/locales/pt-BR/translations.ts +++ b/packages/i18n/src/locales/pt-BR/translations.ts @@ -1731,8 +1731,10 @@ export default { }, }, api_tokens: { + heading: "Tokens de API", + description: "Gere tokens de API seguros para integrar seus dados com sistemas e aplicativos externos.", title: "Tokens de API", - add_token: "Adicionar token de API", + add_token: "Adicionar token de acesso", create_token: "Criar token", never_expires: "Nunca expira", generate_token: "Gerar token", diff --git a/packages/i18n/src/locales/ro/translations.ts b/packages/i18n/src/locales/ro/translations.ts index fc4f0430243..5f39f2dd479 100644 --- a/packages/i18n/src/locales/ro/translations.ts +++ b/packages/i18n/src/locales/ro/translations.ts @@ -1723,8 +1723,10 @@ export default { }, }, api_tokens: { + heading: "Chei secrete API", + description: "Generează chei secrete API sigure pentru a integra datele tale cu sisteme și aplicații externe.", title: "Chei secrete API", - add_token: "Adaugă cheie secretă API", + add_token: "Adaugă token de acces", create_token: "Creează cheie secretă", never_expires: "Nu expiră niciodată", generate_token: "Generează cheie secretă", diff --git a/packages/i18n/src/locales/ru/translations.ts b/packages/i18n/src/locales/ru/translations.ts index ae823d17fed..e06dcbed0f0 100644 --- a/packages/i18n/src/locales/ru/translations.ts +++ b/packages/i18n/src/locales/ru/translations.ts @@ -1713,8 +1713,11 @@ export default { }, }, api_tokens: { + heading: "API-токены", + description: + "Создавайте безопасные API-токены для интеграции ваших данных с внешними системами и приложениями.", title: "API-токены", - add_token: "Добавить токен", + add_token: "Добавить токен доступа", create_token: "Создать токен", never_expires: "Бессрочный", generate_token: "Сгенерировать токен", diff --git a/packages/i18n/src/locales/sk/translations.ts b/packages/i18n/src/locales/sk/translations.ts index fb295de3f4b..15c2bc020f1 100644 --- a/packages/i18n/src/locales/sk/translations.ts +++ b/packages/i18n/src/locales/sk/translations.ts @@ -1710,8 +1710,10 @@ export default { }, }, api_tokens: { + heading: "API Tokeny", + description: "Generujte bezpečné API tokeny na integráciu vašich dát s externými systémami a aplikáciami.", title: "API Tokeny", - add_token: "Pridať API token", + add_token: "Pridať token prístupu", create_token: "Vytvoriť token", never_expires: "Nikdy neexpiruje", generate_token: "Generovať token", diff --git a/packages/i18n/src/locales/tr-TR/translations.ts b/packages/i18n/src/locales/tr-TR/translations.ts index f7d987abb3b..bcd220e9f91 100644 --- a/packages/i18n/src/locales/tr-TR/translations.ts +++ b/packages/i18n/src/locales/tr-TR/translations.ts @@ -1719,8 +1719,11 @@ export default { }, }, api_tokens: { + heading: "API Token'ları", + description: + "Verilerinizi harici sistemler ve uygulamalarla entegre etmek için güvenli API token'ları oluşturun.", title: "API Token'ları", - add_token: "API Token'ı ekle", + add_token: "Erişim token'ı ekle", create_token: "Token oluştur", never_expires: "Süresi dolmaz", generate_token: "Token oluştur", diff --git a/packages/i18n/src/locales/ua/translations.ts b/packages/i18n/src/locales/ua/translations.ts index 04878fa054c..fe012ade3b3 100644 --- a/packages/i18n/src/locales/ua/translations.ts +++ b/packages/i18n/src/locales/ua/translations.ts @@ -1714,8 +1714,10 @@ export default { }, }, api_tokens: { + heading: "API токени", + description: "Створюйте безпечні API токени для інтеграції ваших даних із зовнішніми системами та додатками.", title: "API токени", - add_token: "Додати API токен", + add_token: "Додати токен доступу", create_token: "Створити токен", never_expires: "Ніколи не спливає", generate_token: "Згенерувати токен", diff --git a/packages/i18n/src/locales/vi-VN/translations.ts b/packages/i18n/src/locales/vi-VN/translations.ts index c913d25b09a..48a3acb3e03 100644 --- a/packages/i18n/src/locales/vi-VN/translations.ts +++ b/packages/i18n/src/locales/vi-VN/translations.ts @@ -1719,8 +1719,10 @@ export default { }, }, api_tokens: { + heading: "Token API", + description: "Tạo token API bảo mật để tích hợp dữ liệu của bạn với các hệ thống và ứng dụng bên ngoài.", title: "Token API", - add_token: "Thêm token API", + add_token: "Thêm token truy cập", create_token: "Tạo token", never_expires: "Không bao giờ hết hạn", generate_token: "Tạo token", diff --git a/packages/i18n/src/locales/zh-CN/translations.ts b/packages/i18n/src/locales/zh-CN/translations.ts index 4d2a520c2ea..ef7d65ec687 100644 --- a/packages/i18n/src/locales/zh-CN/translations.ts +++ b/packages/i18n/src/locales/zh-CN/translations.ts @@ -1690,8 +1690,10 @@ export default { }, }, api_tokens: { + heading: "API 令牌", + description: "生成安全的 API 令牌,将您的数据与外部系统和应用程序集成。", title: "API 令牌", - add_token: "添加 API 令牌", + add_token: "添加访问令牌", create_token: "创建令牌", never_expires: "永不过期", generate_token: "生成令牌", diff --git a/packages/i18n/src/locales/zh-TW/translations.ts b/packages/i18n/src/locales/zh-TW/translations.ts index d63b1d06eee..dcc18b30196 100644 --- a/packages/i18n/src/locales/zh-TW/translations.ts +++ b/packages/i18n/src/locales/zh-TW/translations.ts @@ -1691,8 +1691,10 @@ export default { }, }, api_tokens: { + heading: "API 權杖", + description: "產生安全的 API 權杖,將您的資料與外部系統和應用程式整合。", title: "API 權杖", - add_token: "新增 API 權杖", + add_token: "新增存取權杖", create_token: "建立權杖", never_expires: "永不過期", generate_token: "產生權杖", diff --git a/packages/services/src/developer/index.ts b/packages/services/src/developer/index.ts index a78a7b0929e..ccc29f68c21 100644 --- a/packages/services/src/developer/index.ts +++ b/packages/services/src/developer/index.ts @@ -1,2 +1,3 @@ export * from "./api-token.service"; export * from "./webhook.service"; +export * from "./workspace-api-token.service"; diff --git a/packages/services/src/developer/workspace-api-token.service.ts b/packages/services/src/developer/workspace-api-token.service.ts new file mode 100644 index 00000000000..a60b05a0689 --- /dev/null +++ b/packages/services/src/developer/workspace-api-token.service.ts @@ -0,0 +1,73 @@ +import { API_BASE_URL } from "@plane/constants"; +import type { IApiToken } from "@plane/types"; +import { APIService } from "../api.service"; + +/** + * Service class for managing API tokens for a workspace + * Handles CRUD operations for API tokens + * @extends {APIService} + */ +export class WorkspaceAPITokenService extends APIService { + constructor(BASE_URL?: string) { + super(BASE_URL || API_BASE_URL); + } + + /** + * Retrieves all API tokens for a workspace + * @param {string} workspaceSlug - The unique slug identifier for the workspace + * @returns {Promise} Promise resolving to array of API tokens + * @throws {Error} If the API request fails + */ + async list(workspaceSlug: string): Promise { + return this.get(`/api/workspaces/${workspaceSlug}/api-tokens/`) + .then((response) => response?.data) + .catch((error) => { + throw error?.response?.data; + }); + } + + /** + * Retrieves details of a specific API token + * @param {string} workspaceSlug - The unique slug identifier for the workspace + * @param {string} tokenId - The unique identifier of the API token + * @returns {Promise} Promise resolving to API token details + * @throws {Error} If the API request fails + */ + async retrieve(workspaceSlug: string, tokenId: string): Promise { + return this.get(`/api/workspaces/${workspaceSlug}/api-tokens/${tokenId}/`) + .then((response) => response?.data) + .catch((error) => { + throw error?.response?.data; + }); + } + + /** + * Creates a new API token for a workspace + * @param {string} workspaceSlug - The unique slug identifier for the workspace + * @param {Partial} data - API token configuration data + * @returns {Promise} Promise resolving to the created API token + * @throws {Error} If the API request fails + */ + async create(workspaceSlug: string, data: Partial): Promise { + return this.post(`/api/workspaces/${workspaceSlug}/api-tokens/`, data) + .then((response) => response?.data) + .catch((error) => { + throw error?.response?.data; + }); + } + + /** + * Deletes a specific API token from the workspace + * @param {string} workspaceSlug - The unique slug identifier for the workspace + * @param {string} tokenId - The unique identifier of the API token + * @returns {Promise} Promise resolving when API token is deleted + * @throws {Error} If the API request fails + */ + async destroy(workspaceSlug: string, tokenId: string): Promise { + return this.delete(`/api/workspaces/${workspaceSlug}/api-tokens/${tokenId}/`) + .then((response) => response?.data) + .catch((error) => { + throw error?.response?.data; + }); + } +}