From 79de79d03ccfb9c07e59b50248ee23eaeb85fb87 Mon Sep 17 00:00:00 2001
From: ukrocks007 <ukrocks.mehta@gmail.com>
Date: Fri, 6 Oct 2023 12:39:45 +0530
Subject: [PATCH 1/4] changes

---
 src/handlers/revokeViewerSessions.ts   | 31 ++++++++++++++++++++++++++
 src/models/viewer_descriptor/delete.ts | 22 ++++++++++++++++++
 src/routes.ts                          |  6 +++++
 src/security/vouchers.ts               | 13 ++++++++++-
 4 files changed, 71 insertions(+), 1 deletion(-)
 create mode 100644 src/handlers/revokeViewerSessions.ts
 create mode 100644 src/models/viewer_descriptor/delete.ts

diff --git a/src/handlers/revokeViewerSessions.ts b/src/handlers/revokeViewerSessions.ts
new file mode 100644
index 000000000..13842c694
--- /dev/null
+++ b/src/handlers/revokeViewerSessions.ts
@@ -0,0 +1,31 @@
+import Authenticator from "../security/Authenticator";
+import modelDeleteViewerDescriptors from "../models/viewer_descriptor/delete";
+import { RawResponse } from "../router";
+
+export default async function handlerRaw(req): Promise<RawResponse> {
+  const auth = req.get("Authorization");
+  const projectId = req.params.projectId;
+  const groupId = req.params.groupId;
+  const actorId = req.params.actorId;
+  await revokeViewerSessions(auth, projectId, actorId, groupId);
+  return {
+    status: 200,
+    body: "",
+  };
+}
+
+export async function revokeViewerSessions(
+  auth: string,
+  projectId: string,
+  actorId: string,
+  groupId: string
+): Promise<void> {
+  const apiToken = await Authenticator.default().getApiTokenOr401(auth, projectId);
+
+  await modelDeleteViewerDescriptors({
+    projectId,
+    environmentId: apiToken.environmentId,
+    groupId,
+    actorId,
+  });
+}
diff --git a/src/models/viewer_descriptor/delete.ts b/src/models/viewer_descriptor/delete.ts
new file mode 100644
index 000000000..d5a177419
--- /dev/null
+++ b/src/models/viewer_descriptor/delete.ts
@@ -0,0 +1,22 @@
+import getPgPool from "../../persistence/pg";
+
+const pgPool = getPgPool();
+
+export interface Options {
+  projectId: string;
+  environmentId: string;
+  groupId: string;
+  actorId: string;
+}
+
+export default async function modelDeleteViewerDescriptors(opts: Options): Promise<void> {
+  const q = `
+        DELETE FROM viewer_descriptors
+        WHERE project_id = $1 AND
+            environment_id = $2 AND
+            group_id = $3 AND
+            actor_id = $4`;
+  const values = [opts.projectId, opts.environmentId, opts.groupId, opts.actorId];
+
+  await pgPool.query(q, values);
+}
diff --git a/src/routes.ts b/src/routes.ts
index 75389e469..fd18fb6e8 100644
--- a/src/routes.ts
+++ b/src/routes.ts
@@ -1,6 +1,7 @@
 // core
 import createViewerSession from "./handlers/createViewerSession";
 import getInvite from "./handlers/getInvite";
+import revokeViewerSessions from "./handlers/revokeViewerSessions";
 import graphQL from "./handlers/graphql";
 
 // admin
@@ -179,6 +180,11 @@ export default {
     method: "post",
     handler: createViewerSession,
   },
+  revokeViewerSessions: {
+    path: "/viewer/v1/project/:projectId/group/:groupId/actor/:actorId/viewersessions",
+    method: "delete",
+    handler: revokeViewerSessions,
+  },
   viewerCreateEitapiToken: {
     path: "/viewer/v1/project/:projectId/eitapi_token",
     method: "post",
diff --git a/src/security/vouchers.ts b/src/security/vouchers.ts
index ffed0e3af..cee97f2c2 100644
--- a/src/security/vouchers.ts
+++ b/src/security/vouchers.ts
@@ -2,6 +2,7 @@ import jwt from "jsonwebtoken";
 import config from "../config";
 
 import ViewerDescriptor from "../models/viewer_descriptor/def";
+import getViewerToken from "../models/viewer_descriptor/get";
 
 export interface AdminClaims {
   userId: string;
@@ -31,7 +32,7 @@ export async function validateAdminVoucher(voucher: string): Promise<AdminClaims
 }
 
 export async function validateViewerDescriptorVoucher(voucher: string): Promise<ViewerDescriptor> {
-  return new Promise<ViewerDescriptor>((resolve, reject) => {
+  const claims = await new Promise<ViewerDescriptor>((resolve, reject) => {
     jwt.verify(voucher, config.HMAC_SECRET_VIEWER, (err, claims) => {
       if (err) {
         reject(err);
@@ -40,4 +41,14 @@ export async function validateViewerDescriptorVoucher(voucher: string): Promise<
       resolve(claims);
     });
   });
+
+  const token = await getViewerToken({
+    id: claims.id,
+  });
+
+  if (!token) {
+    throw new Error("Invalid token");
+  }
+
+  return claims;
 }

From a5eae0e34b692e256f962ecdd329668bb04359c6 Mon Sep 17 00:00:00 2001
From: ukrocks007 <ukrocks.mehta@gmail.com>
Date: Fri, 6 Oct 2023 15:02:09 +0530
Subject: [PATCH 2/4] jackson version update

---
 docker-compose.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yaml b/docker-compose.yaml
index 01bd6e69c..dcf28ed54 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -199,7 +199,7 @@ services:
     restart: "on-failure"
 
   admin-portal:
-    image: boxyhq/jackson:1.11.0
+    image: boxyhq/jackson:1.12.0
     ports:
       - "5225:5225"
     networks:

From b2a83ef57c0c8e5de4eb0261ac754f92c46081af Mon Sep 17 00:00:00 2001
From: ukrocks007 <ukrocks.mehta@gmail.com>
Date: Fri, 6 Oct 2023 18:48:39 +0530
Subject: [PATCH 3/4] linting fix

---
 src/security/vouchers.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/security/vouchers.ts b/src/security/vouchers.ts
index cee97f2c2..c176d48b7 100644
--- a/src/security/vouchers.ts
+++ b/src/security/vouchers.ts
@@ -33,12 +33,12 @@ export async function validateAdminVoucher(voucher: string): Promise<AdminClaims
 
 export async function validateViewerDescriptorVoucher(voucher: string): Promise<ViewerDescriptor> {
   const claims = await new Promise<ViewerDescriptor>((resolve, reject) => {
-    jwt.verify(voucher, config.HMAC_SECRET_VIEWER, (err, claims) => {
+    jwt.verify(voucher, config.HMAC_SECRET_VIEWER, (err, claimsObj) => {
       if (err) {
         reject(err);
         return;
       }
-      resolve(claims);
+      resolve(claimsObj);
     });
   });
 

From 88dbc7262e8c6dd09dd83e04a11ef62420f60bd1 Mon Sep 17 00:00:00 2001
From: ukrocks007 <ukrocks.mehta@gmail.com>
Date: Mon, 9 Oct 2023 14:08:58 +0530
Subject: [PATCH 4/4] fix

---
 docker-compose.yaml                          | 2 +-
 integration/test/viewer/createsavedexport.ts | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/docker-compose.yaml b/docker-compose.yaml
index dcf28ed54..f5a2c4a11 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -199,7 +199,7 @@ services:
     restart: "on-failure"
 
   admin-portal:
-    image: boxyhq/jackson:1.12.0
+    image: boxyhq/jackson:1.13.0
     ports:
       - "5225:5225"
     networks:
diff --git a/integration/test/viewer/createsavedexport.ts b/integration/test/viewer/createsavedexport.ts
index 9f6d0d0d6..d41ede7bd 100644
--- a/integration/test/viewer/createsavedexport.ts
+++ b/integration/test/viewer/createsavedexport.ts
@@ -138,6 +138,7 @@ describe("Viewer API", function () {
                 const desc = {
                   environmentId: Env.EnvironmentID,
                   groupId: groupID,
+                  id: token,
                 };
                 const tkn = jwt.sign(desc, process.env.HMAC_SECRET_VIEWER);
                 chai