Personal access tokens (#135)

This requires MAS 1.5.0

It introduces a UI for managing personal tokens for automation purposes

Author: sandhose

openapi-ts.config.ts

@@ -33,6 +33,26 @@ export default defineConfig({
             : undefined;
         },
 
+        PersonalSession: (schema) => {
+          if (!schema.properties)
+            throw new Error("PersonalSession schema has no properties");
+
+          // openapi-ts doesn't like the nullable ref, so we make this a string
+          // instead instead of the reference to the ULID type
+          schema.properties["owner_user_id"] = {
+            description:
+              "The ID of the user who owns this session (if user-owned)",
+            type: "string",
+            nullable: true,
+          };
+          schema.properties["owner_client_id"] = {
+            description:
+              "The ID of the `OAuth2` client who owns this session (if client-owned)",
+            type: "string",
+            nullable: true,
+          };
+        },
+
         SiteConfig: (schema) => {
           // Only make the `server_name` required, rest can be optional
           schema.required = ["server_name"];

package.json

@@ -26,6 +26,7 @@
     "test": "playwright test"
   },
   "dependencies": {
+    "@floating-ui/react": "0.27.16",
     "@fontsource/inconsolata": "5.2.8",
     "@fontsource/inter": "5.2.8",
     "@formatjs/intl-localematcher": "0.6.2",

pnpm-lock.yaml

@@ -12,6 +12,9 @@ import type {
   AddUserEmailResponses,
   AddUserRegistrationTokenData,
   AddUserRegistrationTokenResponses,
+  CreatePersonalSessionData,
+  CreatePersonalSessionErrors,
+  CreatePersonalSessionResponses,
   CreateUserData,
   CreateUserErrors,
   CreateUserResponses,
@@ -42,6 +45,9 @@ import type {
   GetOAuth2SessionData,
   GetOAuth2SessionErrors,
   GetOAuth2SessionResponses,
+  GetPersonalSessionData,
+  GetPersonalSessionErrors,
+  GetPersonalSessionResponses,
   GetPolicyDataData,
   GetPolicyDataErrors,
   GetPolicyDataResponses,
@@ -72,6 +78,9 @@ import type {
   ListOAuth2SessionsData,
   ListOAuth2SessionsErrors,
   ListOAuth2SessionsResponses,
+  ListPersonalSessionsData,
+  ListPersonalSessionsErrors,
+  ListPersonalSessionsResponses,
   ListUpstreamOAuthLinksData,
   ListUpstreamOAuthLinksErrors,
   ListUpstreamOAuthLinksResponses,
@@ -93,6 +102,12 @@ import type {
   ReactivateUserData,
   ReactivateUserErrors,
   ReactivateUserResponses,
+  RegeneratePersonalSessionData,
+  RegeneratePersonalSessionErrors,
+  RegeneratePersonalSessionResponses,
+  RevokePersonalSessionData,
+  RevokePersonalSessionErrors,
+  RevokePersonalSessionResponses,
   RevokeUserRegistrationTokenData,
   RevokeUserRegistrationTokenErrors,
   RevokeUserRegistrationTokenResponses,
@@ -126,6 +141,8 @@ import {
   vAddUserEmailResponse,
   vAddUserRegistrationTokenData,
   vAddUserRegistrationTokenResponse,
+  vCreatePersonalSessionData,
+  vCreatePersonalSessionResponse,
   vCreateUserData,
   vCreateUserResponse,
   vDeactivateUserData,
@@ -146,6 +163,8 @@ import {
   vGetLatestPolicyDataResponse,
   vGetOAuth2SessionData,
   vGetOAuth2SessionResponse,
+  vGetPersonalSessionData,
+  vGetPersonalSessionResponse,
   vGetPolicyDataData,
   vGetPolicyDataResponse,
   vGetUpstreamOAuthLinkData,
@@ -166,6 +185,8 @@ import {
   vListCompatSessionsResponse,
   vListOAuth2SessionsData,
   vListOAuth2SessionsResponse,
+  vListPersonalSessionsData,
+  vListPersonalSessionsResponse,
   vListUpstreamOAuthLinksData,
   vListUpstreamOAuthLinksResponse,
   vListUpstreamOAuthProvidersData,
@@ -182,6 +203,10 @@ import {
   vLockUserResponse,
   vReactivateUserData,
   vReactivateUserResponse,
+  vRegeneratePersonalSessionData,
+  vRegeneratePersonalSessionResponse,
+  vRevokePersonalSessionData,
+  vRevokePersonalSessionResponse,
   vRevokeUserRegistrationTokenData,
   vRevokeUserRegistrationTokenResponse,
   vSetPolicyDataData,
@@ -443,6 +468,157 @@ export const finishOAuth2Session = <ThrowOnError extends boolean = false>(
   });
 };
 
+/**
+ * List personal sessions
+ * Retrieve a list of personal sessions.
+ * Note that by default, all sessions, including revoked ones are returned, with the oldest first.
+ * Use the `filter[status]` parameter to filter the sessions by their status and `page[last]` parameter to retrieve the last N sessions.
+ */
+export const listPersonalSessions = <ThrowOnError extends boolean = false>(
+  options: Options<ListPersonalSessionsData, ThrowOnError>,
+) => {
+  return options.client.get<
+    ListPersonalSessionsResponses,
+    ListPersonalSessionsErrors,
+    ThrowOnError
+  >({
+    requestValidator: async (data) => {
+      return await v.parseAsync(vListPersonalSessionsData, data);
+    },
+    responseValidator: async (data) => {
+      return await v.parseAsync(vListPersonalSessionsResponse, data);
+    },
+    security: [
+      {
+        scheme: "bearer",
+        type: "http",
+      },
+    ],
+    url: "/api/admin/v1/personal-sessions",
+    ...options,
+  });
+};
+
+/**
+ * Create a new personal session with personal access token
+ */
+export const createPersonalSession = <ThrowOnError extends boolean = false>(
+  options: Options<CreatePersonalSessionData, ThrowOnError>,
+) => {
+  return options.client.post<
+    CreatePersonalSessionResponses,
+    CreatePersonalSessionErrors,
+    ThrowOnError
+  >({
+    requestValidator: async (data) => {
+      return await v.parseAsync(vCreatePersonalSessionData, data);
+    },
+    responseValidator: async (data) => {
+      return await v.parseAsync(vCreatePersonalSessionResponse, data);
+    },
+    security: [
+      {
+        scheme: "bearer",
+        type: "http",
+      },
+    ],
+    url: "/api/admin/v1/personal-sessions",
+    ...options,
+    headers: {
+      "Content-Type": "application/json",
+      ...options.headers,
+    },
+  });
+};
+
+/**
+ * Get a personal session
+ */
+export const getPersonalSession = <ThrowOnError extends boolean = false>(
+  options: Options<GetPersonalSessionData, ThrowOnError>,
+) => {
+  return options.client.get<
+    GetPersonalSessionResponses,
+    GetPersonalSessionErrors,
+    ThrowOnError
+  >({
+    requestValidator: async (data) => {
+      return await v.parseAsync(vGetPersonalSessionData, data);
+    },
+    responseValidator: async (data) => {
+      return await v.parseAsync(vGetPersonalSessionResponse, data);
+    },
+    security: [
+      {
+        scheme: "bearer",
+        type: "http",
+      },
+    ],
+    url: "/api/admin/v1/personal-sessions/{id}",
+    ...options,
+  });
+};
+
+/**
+ * Revoke a personal session
+ */
+export const revokePersonalSession = <ThrowOnError extends boolean = false>(
+  options: Options<RevokePersonalSessionData, ThrowOnError>,
+) => {
+  return options.client.post<
+    RevokePersonalSessionResponses,
+    RevokePersonalSessionErrors,
+    ThrowOnError
+  >({
+    requestValidator: async (data) => {
+      return await v.parseAsync(vRevokePersonalSessionData, data);
+    },
+    responseValidator: async (data) => {
+      return await v.parseAsync(vRevokePersonalSessionResponse, data);
+    },
+    security: [
+      {
+        scheme: "bearer",
+        type: "http",
+      },
+    ],
+    url: "/api/admin/v1/personal-sessions/{id}/revoke",
+    ...options,
+  });
+};
+
+/**
+ * Regenerate a personal session by replacing its personal access token
+ */
+export const regeneratePersonalSession = <ThrowOnError extends boolean = false>(
+  options: Options<RegeneratePersonalSessionData, ThrowOnError>,
+) => {
+  return options.client.post<
+    RegeneratePersonalSessionResponses,
+    RegeneratePersonalSessionErrors,
+    ThrowOnError
+  >({
+    requestValidator: async (data) => {
+      return await v.parseAsync(vRegeneratePersonalSessionData, data);
+    },
+    responseValidator: async (data) => {
+      return await v.parseAsync(vRegeneratePersonalSessionResponse, data);
+    },
+    security: [
+      {
+        scheme: "bearer",
+        type: "http",
+      },
+    ],
+    url: "/api/admin/v1/personal-sessions/{id}/regenerate",
+    ...options,
+    headers: {
+      "Content-Type": "application/json",
+      ...options.headers,
+    },
+  });
+};
+
 /**
  * Set the current policy data
  */