7 "github.com/bytom/blockchain/accesstoken"
8 "github.com/bytom/errors"
9 // "github.com/bytom/net/http/authz"
10 "github.com/bytom/net/http/httpjson"
15 defGenericPageSize = 100
18 var errCurrentToken = errors.New("token cannot delete itself")
20 func (bcr *BlockchainReactor) createAccessToken(ctx context.Context, x struct{ ID, Type string }) (*accesstoken.Token, error) {
21 token, err := bcr.accesstoken.Create(ctx, x.ID, x.Type)
23 return nil, errors.Wrap(err)
31 data := map[string]interface{}{
34 _, err = json.Marshal(data)
35 // guardData, err := json.Marshal(data)
37 return nil, errors.Wrap(err)
40 var grant *authz.Grant
42 // Type is deprecated; however, for backward compatibility, using the
43 // Type field will create a grant associated with this new token.
47 GuardType: "access_token",
49 Policy: "client-readwrite",
53 GuardType: "access_token",
58 // We've already returned if x.Type wasn't specified, so this must be a bad type.
59 return nil, accesstoken.ErrBadType
61 err = a.sdb.Exec(ctx, a.grants.Save(ctx, grant))
63 return nil, errors.Wrap(err)
66 token.Type = x.Type // deprecated
71 func (bcr *BlockchainReactor) listAccessTokens(ctx context.Context, x requestQuery) (*page, error) {
77 tokens, next, err := bcr.accesstoken.List(ctx, x.Type, x.After, limit)
87 Items: httpjson.Array(tokens),
88 LastPage: len(tokens) < limit,
93 func (bcr *BlockchainReactor) deleteAccessToken(ctx context.Context, x struct{ ID string }) error {
94 currentID, _, _ := httpjson.Request(ctx).BasicAuth()
95 if currentID == x.ID {
96 return errCurrentToken
98 err := bcr.accesstoken.Delete(ctx, x.ID)
104 /* err = a.sdb.Exec(ctx, a.deleteGrantsByAccessToken(x.ID))
106 // well, technically we did delete the access token, so don't return the error
107 // TODO(tessr): make this whole operation atomic, such that we either delete
108 // both the access token and its grants, or we return a failure.
109 log.Printkv(ctx, log.KeyError, err, "at", "revoking grants for access token", "token", x.ID)