add my tokens page under settings

david-crespo · david-crespo · commit 1dbd08c93699 · 2025-06-03T09:45:13.000-05:00
diff --git a/app/layouts/ProjectLayoutBase.tsx b/app/layouts/ProjectLayoutBase.tsx
@@ -70,7 +70,7 @@ export function ProjectLayoutBase({ overrideContentPane }: ProjectLayoutProps) {
           { value: 'VPCs', path: pb.vpcs(projectSelector) },
           { value: 'Floating IPs', path: pb.floatingIps(projectSelector) },
           { value: 'Affinity Groups', path: pb.affinity(projectSelector) },
-          { value: 'Access', path: pb.projectAccess(projectSelector) },
+          { value: 'Project Access', path: pb.projectAccess(projectSelector) },
         ]
           // filter out the entry for the path we're currently on
           .filter((i) => i.path !== pathname)
@@ -118,7 +118,7 @@ export function ProjectLayoutBase({ overrideContentPane }: ProjectLayoutProps) {
             <Affinity16Icon /> Affinity Groups
           </NavLinkItem>
           <NavLinkItem to={pb.projectAccess(projectSelector)}>
-            <Access16Icon /> Access
+            <Access16Icon /> Project Access
           </NavLinkItem>
         </Sidebar.Nav>
       </Sidebar>
diff --git a/app/layouts/SettingsLayout.tsx b/app/layouts/SettingsLayout.tsx
@@ -8,7 +8,12 @@
 import { useMemo } from 'react'
 import { useLocation, useNavigate } from 'react-router'
 
-import { Folder16Icon, Key16Icon, Profile16Icon } from '@oxide/design-system/icons/react'
+import {
+  Access16Icon,
+  Folder16Icon,
+  Key16Icon,
+  Profile16Icon,
+} from '@oxide/design-system/icons/react'
 
 import { TopBar } from '~/components/TopBar'
 import { makeCrumb } from '~/hooks/use-crumbs'
@@ -31,6 +36,7 @@ export default function SettingsLayout() {
         [
           { value: 'Profile', path: pb.profile() },
           { value: 'SSH Keys', path: pb.sshKeys() },
+          { value: 'Access Tokens', path: pb.accessTokens() },
         ]
           // filter out the entry for the path we're currently on
           .filter((i) => i.path !== pathname)
@@ -61,6 +67,9 @@ export default function SettingsLayout() {
           <NavLinkItem to={pb.sshKeys()}>
             <Key16Icon /> SSH Keys
           </NavLinkItem>
+          <NavLinkItem to={pb.accessTokens()}>
+            <Access16Icon /> Access Tokens
+          </NavLinkItem>
         </Sidebar.Nav>
       </Sidebar>
       <ContentPane />
diff --git a/app/layouts/SiloLayout.tsx b/app/layouts/SiloLayout.tsx
@@ -36,7 +36,7 @@ export default function SiloLayout() {
           { value: 'Projects', path: pb.projects() },
           { value: 'Images', path: pb.siloImages() },
           { value: 'Utilization', path: pb.siloUtilization() },
-          { value: 'Access', path: pb.siloAccess() },
+          { value: 'Silo Access', path: pb.siloAccess() },
         ]
           // filter out the entry for the path we're currently on
           .filter((i) => i.path !== pathname)
diff --git a/app/pages/settings/AccessTokensPage.tsx b/app/pages/settings/AccessTokensPage.tsx
@@ -0,0 +1,111 @@
+/*
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * Copyright Oxide Computer Company
+ */
+import { createColumnHelper } from '@tanstack/react-table'
+import { useCallback, useMemo } from 'react'
+
+import {
+  getListQFn,
+  queryClient,
+  useApiMutation,
+  useApiQueryClient,
+  type DeviceAccessToken,
+} from '@oxide/api'
+import { Key16Icon, Key24Icon } from '@oxide/design-system/icons/react'
+
+import { HL } from '~/components/HL'
+import { makeCrumb } from '~/hooks/use-crumbs'
+import { confirmDelete } from '~/stores/confirm-delete'
+import { addToast } from '~/stores/toast'
+import { getActionsCol, type MenuAction } from '~/table/columns/action-col'
+import { Columns } from '~/table/columns/common'
+import { useQueryTable } from '~/table/QueryTable'
+import { DateTime } from '~/ui/lib/DateTime'
+import { EmptyMessage } from '~/ui/lib/EmptyMessage'
+import { PageHeader, PageTitle } from '~/ui/lib/PageHeader'
+import { TipIcon } from '~/ui/lib/TipIcon'
+import { pb } from '~/util/path-builder'
+
+const tokenList = () => getListQFn('currentUserAccessTokenList', {})
+export const handle = makeCrumb('Access Tokens', pb.accessTokens)
+
+export async function clientLoader() {
+  await queryClient.prefetchQuery(tokenList().optionsFn())
+  return null
+}
+
+const colHelper = createColumnHelper<DeviceAccessToken>()
+
+export default function AccessTokensPage() {
+  const queryClient = useApiQueryClient()
+
+  const { mutateAsync: deleteToken } = useApiMutation('currentUserAccessTokenDelete', {
+    onSuccess: (_data, variables) => {
+      queryClient.invalidateQueries('currentUserAccessTokenList')
+      addToast(<>Access token <HL>{variables.path.tokenId}</HL> deleted</>) // prettier-ignore
+    },
+  })
+
+  const makeActions = useCallback(
+    (token: DeviceAccessToken): MenuAction[] => [
+      {
+        label: 'Delete',
+        onActivate: confirmDelete({
+          doDelete: () => deleteToken({ path: { tokenId: token.id } }),
+          label: token.id,
+          extraContent:
+            'This cannot be undone. Any application or instances of the Oxide CLI that depends on this token will need a new one.',
+        }),
+      },
+    ],
+    [deleteToken]
+  )
+
+  const columns = useMemo(() => {
+    return [
+      colHelper.accessor('id', {
+        header: () => (
+          <>
+            ID{' '}
+            <TipIcon className="ml-1.5">
+              A database ID for the token record, not the bearer token itself.
+            </TipIcon>
+          </>
+        ),
+        cell: (info) => <span className="font-mono">{info.getValue()}</span>,
+      }),
+      colHelper.accessor('timeCreated', Columns.timeCreated),
+      colHelper.accessor('timeExpires', {
+        header: 'Expires',
+        cell: (info) => {
+          const date = info.getValue()
+          if (!date) return 'Never'
+          return <DateTime date={date} />
+        },
+      }),
+      getActionsCol(makeActions),
+    ]
+  }, [makeActions])
+
+  const emptyState = (
+    <EmptyMessage
+      icon={<Key16Icon />}
+      title="No access tokens"
+      body="Your access tokens will appear here when they are created"
+    />
+  )
+  const { table } = useQueryTable({ query: tokenList(), columns, emptyState })
+
+  return (
+    <>
+      <PageHeader>
+        <PageTitle icon={<Key24Icon />}>Access Tokens</PageTitle>
+      </PageHeader>
+      {table}
+    </>
+  )
+}
diff --git a/app/routes.tsx b/app/routes.tsx
@@ -110,6 +110,10 @@ export const routes = createRoutesFromElements(
             lazy={() => import('./pages/settings/ssh-key-create').then(convert)}
           />
         </Route>
+        <Route
+          path="access-tokens"
+          lazy={() => import('./pages/settings/AccessTokensPage').then(convert)}
+        />
       </Route>
 
       <Route path="system" lazy={() => import('./layouts/SystemLayout').then(convert)}>
diff --git a/app/util/__snapshots__/path-builder.spec.ts.snap b/app/util/__snapshots__/path-builder.spec.ts.snap
@@ -2,6 +2,16 @@
 
 exports[`breadcrumbs 2`] = `
 {
+  "accessTokens (/settings/access-tokens)": [
+    {
+      "label": "Settings",
+      "path": "/settings/profile",
+    },
+    {
+      "label": "Access Tokens",
+      "path": "/settings/access-tokens",
+    },
+  ],
   "affinity (/projects/p/affinity)": [
     {
       "label": "Projects",
diff --git a/app/util/path-builder.spec.ts b/app/util/path-builder.spec.ts
@@ -41,6 +41,7 @@ test('path builder', () => {
   expect(Object.fromEntries(Object.entries(pb).map(([key, fn]) => [key, fn(params)])))
     .toMatchInlineSnapshot(`
       {
+        "accessTokens": "/settings/access-tokens",
         "affinity": "/projects/p/affinity",
         "affinityNew": "/projects/p/affinity-new",
         "antiAffinityGroup": "/projects/p/affinity/aag",
diff --git a/app/util/path-builder.ts b/app/util/path-builder.ts
@@ -132,6 +132,7 @@ export const pb = {
   sshKeys: () => '/settings/ssh-keys',
   sshKeysNew: () => '/settings/ssh-keys-new',
   sshKeyEdit: (params: PP.SshKey) => `/settings/ssh-keys/${params.sshKey}/edit`,
+  accessTokens: () => '/settings/access-tokens',
 
   deviceSuccess: () => '/device/success',
 }
diff --git a/mock-api/msw/db.ts b/mock-api/msw/db.ts
@@ -18,6 +18,8 @@ import type * as Sel from '~/api/selectors'
 import { commaSeries } from '~/util/str'
 
 import type { Json } from '../json-type'
+import { siloSettings } from '../silo'
+import { deviceTokens } from '../token'
 import { internalError } from './util'
 
 export const notFoundErr = (msg: string) => {
@@ -476,6 +478,7 @@ const initDb = {
   affinityGroupMemberLists: [...mock.affinityGroupMemberLists],
   antiAffinityGroups: [...mock.antiAffinityGroups],
   antiAffinityGroupMemberLists: [...mock.antiAffinityGroupMemberLists],
+  deviceTokens: [...deviceTokens],
   disks: [...mock.disks],
   diskBulkImportState: new Map<string, DiskBulkImport>(),
   floatingIps: [...mock.floatingIps],
@@ -499,6 +502,7 @@ const initDb = {
   silos: [...mock.silos],
   siloQuotas: [...mock.siloQuotas],
   siloProvisioned: [...mock.siloProvisioned],
+  siloSettings: [...siloSettings],
   identityProviders: [...mock.identityProviders],
   sleds: [...mock.sleds],
   switches: [...mock.switches],
diff --git a/mock-api/msw/handlers.ts b/mock-api/msw/handlers.ts
@@ -1457,6 +1457,15 @@ export const handlers = makeHandlers({
     db.sshKeys = db.sshKeys.filter((i) => i.id !== sshKey.id)
     return 204
   },
+  currentUserAccessTokenDelete({ path }) {
+    // Mock delete token - find and remove from mock tokens
+    db.deviceTokens = db.deviceTokens.filter((token) => token.id !== path.tokenId)
+    return 204
+  },
+  currentUserAccessTokenList({ query }) {
+    // Mock token list - return dummy tokens for current user
+    return paginated(query, db.deviceTokens)
+  },
   sledView({ path, cookies }) {
     requireFleetViewer(cookies)
     return lookup.sled(path)
@@ -1498,6 +1507,7 @@ export const handlers = makeHandlers({
     db.silos.push(newSilo)
     db.siloQuotas.push({ silo_id: newSilo.id, ...quotas })
     db.siloProvisioned.push({ silo_id: newSilo.id, cpus: 0, memory: 0, storage: 0 })
+    db.siloSettings.push({ silo_id: newSilo.id, device_token_max_ttl_seconds: null })
     return json(newSilo, { status: 201 })
   },
   siloView({ path, cookies }) {
@@ -1509,6 +1519,7 @@ export const handlers = makeHandlers({
     const silo = lookup.silo(path)
     db.silos = db.silos.filter((i) => i.id !== silo.id)
     db.ipPoolSilos = db.ipPoolSilos.filter((i) => i.silo_id !== silo.id)
+    db.siloSettings = db.siloSettings.filter((i) => i.silo_id !== silo.id)
     return 204
   },
   siloIdentityProviderList({ query, cookies }) {
@@ -1799,14 +1810,10 @@ export const handlers = makeHandlers({
   alertReceiverSubscriptionRemove: NotImplemented,
   alertReceiverView: NotImplemented,
   antiAffinityGroupMemberInstanceView: NotImplemented,
-  authSettingsUpdate: NotImplemented,
-  authSettingsView: NotImplemented,
   certificateCreate: NotImplemented,
   certificateDelete: NotImplemented,
   certificateList: NotImplemented,
   certificateView: NotImplemented,
-  currentUserAccessTokenDelete: NotImplemented,
-  currentUserAccessTokenList: NotImplemented,
   instanceSerialConsole: NotImplemented,
   instanceSerialConsoleStream: NotImplemented,
   instanceSshPublicKeyList: NotImplemented,
@@ -1866,6 +1873,22 @@ export const handlers = makeHandlers({
   rackView: NotImplemented,
   roleList: NotImplemented,
   roleView: NotImplemented,
+  authSettingsUpdate({ body }) {
+    // Find settings for default silo (assume it exists)
+    const settingsIndex = db.siloSettings.findIndex((s) => s.silo_id === defaultSilo.id)
+
+    // Update existing settings
+    db.siloSettings[settingsIndex] = {
+      ...db.siloSettings[settingsIndex],
+      device_token_max_ttl_seconds: body.device_token_max_ttl_seconds,
+    }
+    return db.siloSettings[settingsIndex]
+  },
+  authSettingsView() {
+    // Find settings for default silo (assume it exists)
+    const settings = db.siloSettings.find((s) => s.silo_id === defaultSilo.id)!
+    return settings
+  },
   siloPolicyUpdate: NotImplemented,
   siloPolicyView: NotImplemented,
   siloUserList: NotImplemented,
diff --git a/mock-api/silo.ts b/mock-api/silo.ts
@@ -7,7 +7,13 @@
  */
 import * as R from 'remeda'
 
-import type { IdentityProvider, SamlIdentityProvider, Silo, SiloQuotas } from '@oxide/api'
+import type {
+  IdentityProvider,
+  SamlIdentityProvider,
+  Silo,
+  SiloAuthSettings,
+  SiloQuotas,
+} from '@oxide/api'
 
 import { GiB, TiB } from '~/util/units'
 
@@ -111,3 +117,14 @@ export const toIdp = ({ provider, type }: DbIdp): Json<IdentityProvider> => ({
   provider_type: type,
   ...R.pick(provider, ['id', 'name', 'description', 'time_created', 'time_modified']),
 })
+
+export const siloSettings: Json<SiloAuthSettings>[] = [
+  {
+    silo_id: defaultSilo.id,
+    device_token_max_ttl_seconds: 3600 * 24, // 1 hour in seconds
+  },
+  {
+    silo_id: silos[1].id,
+    device_token_max_ttl_seconds: 7200, // 2 hours in seconds
+  },
+]
diff --git a/mock-api/token.ts b/mock-api/token.ts
@@ -0,0 +1,28 @@
+/*
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * Copyright Oxide Computer Company
+ */
+import type { DeviceAccessToken } from '@oxide/api'
+
+import type { Json } from './json-type'
+
+export const deviceTokens: Json<DeviceAccessToken>[] = [
+  {
+    id: 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
+    time_created: new Date(Date.now() - 7 * 24 * 60 * 60 * 1000).toISOString(), // 7 days ago
+    time_expires: new Date(Date.now() + 30 * 24 * 60 * 60 * 1000).toISOString(), // 30 days from now
+  },
+  {
+    id: 'b2c3d4e5-f6g7-8901-bcde-f23456789012',
+    time_created: new Date(Date.now() - 14 * 24 * 60 * 60 * 1000).toISOString(), // 14 days ago
+    time_expires: new Date(Date.now() + 60 * 24 * 60 * 60 * 1000).toISOString(), // 60 days from now
+  },
+  {
+    id: 'c3d4e5f6-g7h8-9012-cdef-345678901234',
+    time_created: new Date(Date.now() - 3 * 24 * 60 * 60 * 1000).toISOString(), // 3 days ago
+    time_expires: null, // Never expires
+  },
+]

Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ export default function SiloLayout() {`
`36`	`36`	`{ value: 'Projects', path: pb.projects() },`
`37`	`37`	`{ value: 'Images', path: pb.siloImages() },`
`38`	`38`	`{ value: 'Utilization', path: pb.siloUtilization() },`
`39`		`- { value: 'Access', path: pb.siloAccess() },`
	`39`	`+ { value: 'Silo Access', path: pb.siloAccess() },`
`40`	`40`	`]`
`41`	`41`	`// filter out the entry for the path we're currently on`
`42`	`42`	`.filter((i) => i.path !== pathname)`
Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,7 @@ test('path builder', () => {`
`41`	`41`	`expect(Object.fromEntries(Object.entries(pb).map(([key, fn]) => [key, fn(params)])))`
`42`	`42`	.toMatchInlineSnapshot(`
`43`	`43`	`{`
	`44`	`+ "accessTokens": "/settings/access-tokens",`
`44`	`45`	`"affinity": "/projects/p/affinity",`
`45`	`46`	`"affinityNew": "/projects/p/affinity-new",`
`46`	`47`	`"antiAffinityGroup": "/projects/p/affinity/aag",`
Original file line number	Diff line number	Diff line change
`@@ -132,6 +132,7 @@ export const pb = {`
`132`	`132`	`sshKeys: () => '/settings/ssh-keys',`
`133`	`133`	`sshKeysNew: () => '/settings/ssh-keys-new',`
`134`	`134`	sshKeyEdit: (params: PP.SshKey) => `/settings/ssh-keys/${params.sshKey}/edit`,
	`135`	`+ accessTokens: () => '/settings/access-tokens',`
`135`	`136`
`136`	`137`	`deviceSuccess: () => '/device/success',`
`137`	`138`	`}`