2024-09-27 21:39:03 -04:00
|
|
|
import { Router } from "express";
|
2025-01-01 21:41:31 -05:00
|
|
|
import config from "@server/lib/config";
|
2024-10-02 00:04:40 -04:00
|
|
|
import * as site from "./site";
|
|
|
|
|
import * as org from "./org";
|
|
|
|
|
import * as resource from "./resource";
|
2025-02-16 18:09:17 -05:00
|
|
|
import * as domain from "./domain";
|
2024-10-02 00:04:40 -04:00
|
|
|
import * as target from "./target";
|
|
|
|
|
import * as user from "./user";
|
|
|
|
|
import * as auth from "./auth";
|
2024-10-12 21:36:14 -04:00
|
|
|
import * as role from "./role";
|
2024-12-18 23:14:26 -05:00
|
|
|
import * as accessToken from "./accessToken";
|
2024-10-02 00:04:40 -04:00
|
|
|
import HttpCode from "@server/types/HttpCode";
|
2024-10-04 23:14:40 -04:00
|
|
|
import {
|
2024-12-18 23:14:26 -05:00
|
|
|
verifyAccessTokenAccess,
|
2024-10-04 23:14:40 -04:00
|
|
|
rateLimitMiddleware,
|
|
|
|
|
verifySessionMiddleware,
|
|
|
|
|
verifySessionUserMiddleware,
|
|
|
|
|
verifyOrgAccess,
|
|
|
|
|
verifySiteAccess,
|
|
|
|
|
verifyResourceAccess,
|
|
|
|
|
verifyTargetAccess,
|
2024-10-12 21:36:14 -04:00
|
|
|
verifyRoleAccess,
|
2024-11-16 22:48:10 -05:00
|
|
|
verifySetResourceUsers,
|
2024-10-12 23:03:56 -04:00
|
|
|
verifyUserAccess,
|
2024-12-16 22:40:42 -05:00
|
|
|
getUserOrgs
|
2024-11-16 22:48:10 -05:00
|
|
|
} from "@server/middlewares";
|
|
|
|
|
import { verifyUserHasAction } from "../middlewares/verifyUserHasAction";
|
2024-11-05 23:55:46 -05:00
|
|
|
import { ActionsEnum } from "@server/auth/actions";
|
2024-11-16 22:48:10 -05:00
|
|
|
import { verifyUserIsOrgOwner } from "../middlewares/verifyUserIsOrgOwner";
|
2024-11-10 17:08:29 -05:00
|
|
|
import { createNewt, getToken } from "./newt";
|
2025-02-05 22:46:33 -05:00
|
|
|
import rateLimit from "express-rate-limit";
|
|
|
|
|
import createHttpError from "http-errors";
|
2024-09-27 21:39:03 -04:00
|
|
|
|
2024-10-02 00:04:40 -04:00
|
|
|
// Root routes
|
|
|
|
|
export const unauthenticated = Router();
|
2024-09-27 21:39:03 -04:00
|
|
|
|
2024-10-02 00:04:40 -04:00
|
|
|
unauthenticated.get("/", (_, res) => {
|
|
|
|
|
res.status(HttpCode.OK).json({ message: "Healthy" });
|
2024-09-27 21:39:03 -04:00
|
|
|
});
|
|
|
|
|
|
2024-10-02 00:04:40 -04:00
|
|
|
// Authenticated Root routes
|
|
|
|
|
export const authenticated = Router();
|
2024-10-04 23:14:40 -04:00
|
|
|
authenticated.use(verifySessionUserMiddleware);
|
2024-09-28 12:14:44 -04:00
|
|
|
|
2024-10-14 19:30:38 -04:00
|
|
|
authenticated.get("/org/checkId", org.checkId);
|
2024-10-03 22:31:20 -04:00
|
|
|
authenticated.put("/org", getUserOrgs, org.createOrg);
|
|
|
|
|
authenticated.get("/orgs", getUserOrgs, org.listOrgs); // TODO we need to check the orgs here
|
2024-11-05 23:55:46 -05:00
|
|
|
authenticated.get(
|
|
|
|
|
"/org/:orgId",
|
|
|
|
|
verifyOrgAccess,
|
|
|
|
|
verifyUserHasAction(ActionsEnum.getOrg),
|
2024-12-16 22:40:42 -05:00
|
|
|
org.getOrg
|
2024-11-05 23:55:46 -05:00
|
|
|
);
|
|
|
|
|
authenticated.post(
|
|
|
|
|
"/org/:orgId",
|
|
|
|
|
verifyOrgAccess,
|
|
|
|
|
verifyUserHasAction(ActionsEnum.updateOrg),
|
2024-12-16 22:40:42 -05:00
|
|
|
org.updateOrg
|
2024-11-05 23:55:46 -05:00
|
|
|
);
|
2024-11-09 00:08:17 -05:00
|
|
|
authenticated.delete(
|
|
|
|
|
"/org/:orgId",
|
|
|
|
|
verifyOrgAccess,
|
|
|
|
|
verifyUserIsOrgOwner,
|
2024-12-16 22:40:42 -05:00
|
|
|
org.deleteOrg
|
2024-11-09 00:08:17 -05:00
|
|
|
);
|
2024-10-02 00:04:40 -04:00
|
|
|
|
2024-11-05 23:55:46 -05:00
|
|
|
authenticated.put(
|
|
|
|
|
"/org/:orgId/site",
|
|
|
|
|
verifyOrgAccess,
|
|
|
|
|
verifyUserHasAction(ActionsEnum.createSite),
|
2024-12-16 22:40:42 -05:00
|
|
|
site.createSite
|
2024-11-05 23:55:46 -05:00
|
|
|
);
|
|
|
|
|
authenticated.get(
|
|
|
|
|
"/org/:orgId/sites",
|
|
|
|
|
verifyOrgAccess,
|
|
|
|
|
verifyUserHasAction(ActionsEnum.listSites),
|
2024-12-16 22:40:42 -05:00
|
|
|
site.listSites
|
2024-11-05 23:55:46 -05:00
|
|
|
);
|
|
|
|
|
authenticated.get(
|
|
|
|
|
"/org/:orgId/site/:niceId",
|
|
|
|
|
verifyOrgAccess,
|
|
|
|
|
verifyUserHasAction(ActionsEnum.getSite),
|
2024-12-16 22:40:42 -05:00
|
|
|
site.getSite
|
2024-11-05 23:55:46 -05:00
|
|
|
);
|
2024-10-14 22:26:32 -04:00
|
|
|
|
2024-11-02 18:12:17 -04:00
|
|
|
authenticated.get(
|
2024-11-03 13:57:51 -05:00
|
|
|
"/org/:orgId/pick-site-defaults",
|
2024-11-02 18:12:17 -04:00
|
|
|
verifyOrgAccess,
|
2024-11-05 23:55:46 -05:00
|
|
|
verifyUserHasAction(ActionsEnum.createSite),
|
2024-12-16 22:40:42 -05:00
|
|
|
site.pickSiteDefaults
|
2024-11-02 18:12:17 -04:00
|
|
|
);
|
2024-11-05 23:55:46 -05:00
|
|
|
authenticated.get(
|
|
|
|
|
"/site/:siteId",
|
|
|
|
|
verifySiteAccess,
|
|
|
|
|
verifyUserHasAction(ActionsEnum.getSite),
|
2024-12-16 22:40:42 -05:00
|
|
|
site.getSite
|
2024-11-05 23:55:46 -05:00
|
|
|
);
|
|
|
|
|
// authenticated.get(
|
|
|
|
|
// "/site/:siteId/roles",
|
|
|
|
|
// verifySiteAccess,
|
|
|
|
|
// verifyUserHasAction(ActionsEnum.listSiteRoles),
|
|
|
|
|
// site.listSiteRoles
|
|
|
|
|
// );
|
|
|
|
|
authenticated.post(
|
|
|
|
|
"/site/:siteId",
|
|
|
|
|
verifySiteAccess,
|
|
|
|
|
verifyUserHasAction(ActionsEnum.updateSite),
|
2024-12-16 22:40:42 -05:00
|
|
|
site.updateSite
|
2024-11-05 23:55:46 -05:00
|
|
|
);
|
|
|
|
|
authenticated.delete(
|
|
|
|
|
"/site/:siteId",
|
|
|
|
|
verifySiteAccess,
|
|
|
|
|
verifyUserHasAction(ActionsEnum.deleteSite),
|
2024-12-16 22:40:42 -05:00
|
|
|
site.deleteSite
|
2024-11-05 23:55:46 -05:00
|
|
|
);
|
2024-10-02 22:05:21 -04:00
|
|
|
|
2024-10-04 23:14:40 -04:00
|
|
|
authenticated.put(
|
|
|
|
|
"/org/:orgId/site/:siteId/resource",
|
|
|
|
|
verifyOrgAccess,
|
2024-11-05 23:55:46 -05:00
|
|
|
verifyUserHasAction(ActionsEnum.createResource),
|
2024-12-16 22:40:42 -05:00
|
|
|
resource.createResource
|
2024-10-04 23:14:40 -04:00
|
|
|
);
|
2024-12-18 23:14:26 -05:00
|
|
|
|
2024-11-05 23:55:46 -05:00
|
|
|
authenticated.get(
|
|
|
|
|
"/site/:siteId/resources",
|
|
|
|
|
verifyUserHasAction(ActionsEnum.listResources),
|
2024-12-16 22:40:42 -05:00
|
|
|
resource.listResources
|
2024-11-05 23:55:46 -05:00
|
|
|
);
|
2024-12-18 23:14:26 -05:00
|
|
|
|
2024-10-04 23:14:40 -04:00
|
|
|
authenticated.get(
|
|
|
|
|
"/org/:orgId/resources",
|
|
|
|
|
verifyOrgAccess,
|
2024-11-05 23:55:46 -05:00
|
|
|
verifyUserHasAction(ActionsEnum.listResources),
|
2024-12-16 22:40:42 -05:00
|
|
|
resource.listResources
|
2024-11-02 18:12:17 -04:00
|
|
|
);
|
|
|
|
|
|
2025-02-16 18:09:17 -05:00
|
|
|
authenticated.get(
|
|
|
|
|
"/org/:orgId/domains",
|
|
|
|
|
verifyOrgAccess,
|
|
|
|
|
verifyUserHasAction(ActionsEnum.listOrgDomains),
|
|
|
|
|
domain.listDomains
|
|
|
|
|
);
|
|
|
|
|
|
2024-11-02 18:12:17 -04:00
|
|
|
authenticated.post(
|
|
|
|
|
"/org/:orgId/create-invite",
|
|
|
|
|
verifyOrgAccess,
|
2024-11-05 23:55:46 -05:00
|
|
|
verifyUserHasAction(ActionsEnum.inviteUser),
|
2024-12-16 22:40:42 -05:00
|
|
|
user.inviteUser
|
2024-11-02 23:46:08 -04:00
|
|
|
); // maybe make this /invite/create instead
|
2024-12-31 18:25:11 -05:00
|
|
|
unauthenticated.post("/invite/accept", user.acceptInvite); // this is supposed to be unauthenticated
|
2024-11-02 18:12:17 -04:00
|
|
|
|
2024-11-15 18:25:27 -05:00
|
|
|
authenticated.get(
|
|
|
|
|
"/resource/:resourceId/roles",
|
|
|
|
|
verifyResourceAccess,
|
|
|
|
|
verifyUserHasAction(ActionsEnum.listResourceRoles),
|
2024-12-16 22:40:42 -05:00
|
|
|
resource.listResourceRoles
|
2024-11-15 18:25:27 -05:00
|
|
|
);
|
|
|
|
|
|
2024-11-15 23:38:08 -05:00
|
|
|
authenticated.get(
|
|
|
|
|
"/resource/:resourceId/users",
|
|
|
|
|
verifyResourceAccess,
|
|
|
|
|
verifyUserHasAction(ActionsEnum.listResourceUsers),
|
2024-12-16 22:40:42 -05:00
|
|
|
resource.listResourceUsers
|
2024-11-15 23:38:08 -05:00
|
|
|
);
|
|
|
|
|
|
2024-10-04 23:14:40 -04:00
|
|
|
authenticated.get(
|
|
|
|
|
"/resource/:resourceId",
|
|
|
|
|
verifyResourceAccess,
|
2024-11-05 23:55:46 -05:00
|
|
|
verifyUserHasAction(ActionsEnum.getResource),
|
2024-12-16 22:40:42 -05:00
|
|
|
resource.getResource
|
2024-10-04 23:14:40 -04:00
|
|
|
);
|
|
|
|
|
authenticated.post(
|
|
|
|
|
"/resource/:resourceId",
|
|
|
|
|
verifyResourceAccess,
|
2024-11-05 23:55:46 -05:00
|
|
|
verifyUserHasAction(ActionsEnum.updateResource),
|
2024-12-16 22:40:42 -05:00
|
|
|
resource.updateResource
|
2024-10-04 23:14:40 -04:00
|
|
|
);
|
|
|
|
|
authenticated.delete(
|
|
|
|
|
"/resource/:resourceId",
|
|
|
|
|
verifyResourceAccess,
|
2024-11-05 23:55:46 -05:00
|
|
|
verifyUserHasAction(ActionsEnum.deleteResource),
|
2024-12-16 22:40:42 -05:00
|
|
|
resource.deleteResource
|
2024-10-04 23:14:40 -04:00
|
|
|
);
|
2024-10-03 22:31:20 -04:00
|
|
|
|
2024-10-04 23:14:40 -04:00
|
|
|
authenticated.put(
|
|
|
|
|
"/resource/:resourceId/target",
|
|
|
|
|
verifyResourceAccess,
|
2024-11-05 23:55:46 -05:00
|
|
|
verifyUserHasAction(ActionsEnum.createTarget),
|
2024-12-16 22:40:42 -05:00
|
|
|
target.createTarget
|
2024-10-04 23:14:40 -04:00
|
|
|
);
|
|
|
|
|
authenticated.get(
|
|
|
|
|
"/resource/:resourceId/targets",
|
|
|
|
|
verifyResourceAccess,
|
2024-11-05 23:55:46 -05:00
|
|
|
verifyUserHasAction(ActionsEnum.listTargets),
|
2024-12-16 22:40:42 -05:00
|
|
|
target.listTargets
|
2024-10-04 23:14:40 -04:00
|
|
|
);
|
2025-02-08 17:02:22 -05:00
|
|
|
|
|
|
|
|
authenticated.put(
|
2025-02-08 17:38:30 -05:00
|
|
|
"/resource/:resourceId/rule",
|
2025-02-08 17:02:22 -05:00
|
|
|
verifyResourceAccess,
|
|
|
|
|
verifyUserHasAction(ActionsEnum.createResourceRule),
|
|
|
|
|
resource.createResourceRule
|
|
|
|
|
);
|
|
|
|
|
authenticated.get(
|
|
|
|
|
"/resource/:resourceId/rules",
|
|
|
|
|
verifyResourceAccess,
|
|
|
|
|
verifyUserHasAction(ActionsEnum.listResourceRules),
|
|
|
|
|
resource.listResourceRules
|
|
|
|
|
);
|
2025-02-08 17:10:37 -05:00
|
|
|
authenticated.post(
|
2025-02-08 17:38:30 -05:00
|
|
|
"/resource/:resourceId/rule/:ruleId",
|
2025-02-08 17:10:37 -05:00
|
|
|
verifyResourceAccess,
|
|
|
|
|
verifyUserHasAction(ActionsEnum.updateResourceRule),
|
|
|
|
|
resource.updateResourceRule
|
|
|
|
|
);
|
2025-02-08 17:02:22 -05:00
|
|
|
authenticated.delete(
|
2025-02-08 17:38:30 -05:00
|
|
|
"/resource/:resourceId/rule/:ruleId",
|
2025-02-08 17:02:22 -05:00
|
|
|
verifyResourceAccess,
|
|
|
|
|
verifyUserHasAction(ActionsEnum.deleteResourceRule),
|
|
|
|
|
resource.deleteResourceRule
|
|
|
|
|
);
|
|
|
|
|
|
2024-11-05 23:55:46 -05:00
|
|
|
authenticated.get(
|
|
|
|
|
"/target/:targetId",
|
|
|
|
|
verifyTargetAccess,
|
|
|
|
|
verifyUserHasAction(ActionsEnum.getTarget),
|
2024-12-16 22:40:42 -05:00
|
|
|
target.getTarget
|
2024-11-05 23:55:46 -05:00
|
|
|
);
|
2024-10-04 23:14:40 -04:00
|
|
|
authenticated.post(
|
|
|
|
|
"/target/:targetId",
|
|
|
|
|
verifyTargetAccess,
|
2024-11-05 23:55:46 -05:00
|
|
|
verifyUserHasAction(ActionsEnum.updateTarget),
|
2024-12-16 22:40:42 -05:00
|
|
|
target.updateTarget
|
2024-10-04 23:14:40 -04:00
|
|
|
);
|
|
|
|
|
authenticated.delete(
|
|
|
|
|
"/target/:targetId",
|
|
|
|
|
verifyTargetAccess,
|
2024-11-05 23:55:46 -05:00
|
|
|
verifyUserHasAction(ActionsEnum.deleteTarget),
|
2024-12-16 22:40:42 -05:00
|
|
|
target.deleteTarget
|
2024-10-04 23:14:40 -04:00
|
|
|
);
|
2024-10-02 00:04:40 -04:00
|
|
|
|
2025-02-08 17:02:22 -05:00
|
|
|
|
2024-11-09 00:08:17 -05:00
|
|
|
authenticated.put(
|
|
|
|
|
"/org/:orgId/role",
|
|
|
|
|
verifyOrgAccess,
|
|
|
|
|
verifyUserHasAction(ActionsEnum.createRole),
|
2024-12-16 22:40:42 -05:00
|
|
|
role.createRole
|
2024-11-09 00:08:17 -05:00
|
|
|
);
|
2024-11-08 00:03:54 -05:00
|
|
|
authenticated.get(
|
|
|
|
|
"/org/:orgId/roles",
|
|
|
|
|
verifyOrgAccess,
|
|
|
|
|
verifyUserHasAction(ActionsEnum.listRoles),
|
2024-12-16 22:40:42 -05:00
|
|
|
role.listRoles
|
2024-11-08 00:03:54 -05:00
|
|
|
);
|
2024-11-03 17:28:12 -05:00
|
|
|
// authenticated.get(
|
|
|
|
|
// "/role/:roleId",
|
|
|
|
|
// verifyRoleAccess,
|
|
|
|
|
// verifyUserInRole,
|
2024-11-05 23:55:46 -05:00
|
|
|
// verifyUserHasAction(ActionsEnum.getRole),
|
2024-11-03 17:28:12 -05:00
|
|
|
// role.getRole
|
|
|
|
|
// );
|
2024-11-03 13:57:51 -05:00
|
|
|
// authenticated.post(
|
|
|
|
|
// "/role/:roleId",
|
|
|
|
|
// verifyRoleAccess,
|
2024-11-05 23:55:46 -05:00
|
|
|
// verifyUserHasAction(ActionsEnum.updateRole),
|
2024-11-03 13:57:51 -05:00
|
|
|
// role.updateRole
|
|
|
|
|
// );
|
2024-11-09 23:59:19 -05:00
|
|
|
authenticated.delete(
|
|
|
|
|
"/role/:roleId",
|
|
|
|
|
verifyRoleAccess,
|
|
|
|
|
verifyUserHasAction(ActionsEnum.deleteRole),
|
2024-12-16 22:40:42 -05:00
|
|
|
role.deleteRole
|
2024-11-09 23:59:19 -05:00
|
|
|
);
|
|
|
|
|
authenticated.post(
|
|
|
|
|
"/role/:roleId/add/:userId",
|
|
|
|
|
verifyRoleAccess,
|
|
|
|
|
verifyUserAccess,
|
|
|
|
|
verifyUserHasAction(ActionsEnum.addUserRole),
|
2024-12-16 22:40:42 -05:00
|
|
|
user.addUserRole
|
2024-11-09 23:59:19 -05:00
|
|
|
);
|
2024-10-12 21:36:14 -04:00
|
|
|
|
2024-11-03 17:28:12 -05:00
|
|
|
// authenticated.put(
|
|
|
|
|
// "/role/:roleId/site",
|
|
|
|
|
// verifyRoleAccess,
|
|
|
|
|
// verifyUserInRole,
|
2024-11-05 23:55:46 -05:00
|
|
|
// verifyUserHasAction(ActionsEnum.addRoleSite),
|
2024-11-03 17:28:12 -05:00
|
|
|
// role.addRoleSite
|
|
|
|
|
// );
|
|
|
|
|
// authenticated.delete(
|
|
|
|
|
// "/role/:roleId/site",
|
|
|
|
|
// verifyRoleAccess,
|
|
|
|
|
// verifyUserInRole,
|
2024-11-05 23:55:46 -05:00
|
|
|
// verifyUserHasAction(ActionsEnum.removeRoleSite),
|
2024-11-03 17:28:12 -05:00
|
|
|
// role.removeRoleSite
|
|
|
|
|
// );
|
|
|
|
|
// authenticated.get(
|
|
|
|
|
// "/role/:roleId/sites",
|
|
|
|
|
// verifyRoleAccess,
|
|
|
|
|
// verifyUserInRole,
|
2024-11-05 23:55:46 -05:00
|
|
|
// verifyUserHasAction(ActionsEnum.listRoleSites),
|
2024-11-03 17:28:12 -05:00
|
|
|
// role.listRoleSites
|
|
|
|
|
// );
|
2024-11-15 18:25:27 -05:00
|
|
|
|
|
|
|
|
authenticated.post(
|
|
|
|
|
"/resource/:resourceId/roles",
|
|
|
|
|
verifyResourceAccess,
|
|
|
|
|
verifyRoleAccess,
|
|
|
|
|
verifyUserHasAction(ActionsEnum.setResourceRoles),
|
2024-12-16 22:40:42 -05:00
|
|
|
resource.setResourceRoles
|
2024-11-15 23:38:08 -05:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
authenticated.post(
|
|
|
|
|
"/resource/:resourceId/users",
|
|
|
|
|
verifyResourceAccess,
|
|
|
|
|
verifySetResourceUsers,
|
|
|
|
|
verifyUserHasAction(ActionsEnum.setResourceUsers),
|
2024-12-16 22:40:42 -05:00
|
|
|
resource.setResourceUsers
|
2024-11-15 18:25:27 -05:00
|
|
|
);
|
|
|
|
|
|
2024-11-17 22:44:11 -05:00
|
|
|
authenticated.post(
|
|
|
|
|
`/resource/:resourceId/password`,
|
|
|
|
|
verifyResourceAccess,
|
2024-12-18 23:14:26 -05:00
|
|
|
verifyUserHasAction(ActionsEnum.setResourcePassword),
|
2024-12-16 22:40:42 -05:00
|
|
|
resource.setResourcePassword
|
2024-11-17 22:44:11 -05:00
|
|
|
);
|
2024-11-23 20:08:56 -05:00
|
|
|
|
|
|
|
|
authenticated.post(
|
|
|
|
|
`/resource/:resourceId/pincode`,
|
|
|
|
|
verifyResourceAccess,
|
2024-12-18 23:14:26 -05:00
|
|
|
verifyUserHasAction(ActionsEnum.setResourcePincode),
|
2024-12-16 22:40:42 -05:00
|
|
|
resource.setResourcePincode
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
authenticated.post(
|
|
|
|
|
`/resource/:resourceId/whitelist`,
|
|
|
|
|
verifyResourceAccess,
|
2024-12-18 23:14:26 -05:00
|
|
|
verifyUserHasAction(ActionsEnum.setResourceWhitelist),
|
2024-12-16 22:40:42 -05:00
|
|
|
resource.setResourceWhitelist
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
authenticated.get(
|
|
|
|
|
`/resource/:resourceId/whitelist`,
|
|
|
|
|
verifyResourceAccess,
|
2024-12-18 23:14:26 -05:00
|
|
|
verifyUserHasAction(ActionsEnum.getResourceWhitelist),
|
2024-12-16 22:40:42 -05:00
|
|
|
resource.getResourceWhitelist
|
2024-11-23 20:08:56 -05:00
|
|
|
);
|
2024-11-17 22:44:11 -05:00
|
|
|
|
2025-01-16 21:15:41 +01:00
|
|
|
authenticated.post(
|
|
|
|
|
`/resource/:resourceId/transfer`,
|
|
|
|
|
verifyResourceAccess,
|
|
|
|
|
verifyUserHasAction(ActionsEnum.updateResource),
|
|
|
|
|
resource.transferResource
|
|
|
|
|
);
|
|
|
|
|
|
2024-12-18 23:14:26 -05:00
|
|
|
authenticated.post(
|
|
|
|
|
`/resource/:resourceId/access-token`,
|
|
|
|
|
verifyResourceAccess,
|
|
|
|
|
verifyUserHasAction(ActionsEnum.generateAccessToken),
|
|
|
|
|
accessToken.generateAccessToken
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
authenticated.delete(
|
|
|
|
|
`/access-token/:accessTokenId`,
|
|
|
|
|
verifyAccessTokenAccess,
|
|
|
|
|
verifyUserHasAction(ActionsEnum.deleteAcessToken),
|
|
|
|
|
accessToken.deleteAccessToken
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
authenticated.get(
|
|
|
|
|
`/org/:orgId/access-tokens`,
|
|
|
|
|
verifyOrgAccess,
|
|
|
|
|
verifyUserHasAction(ActionsEnum.listAccessTokens),
|
|
|
|
|
accessToken.listAccessTokens
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
authenticated.get(
|
|
|
|
|
`/resource/:resourceId/access-tokens`,
|
|
|
|
|
verifyResourceAccess,
|
|
|
|
|
verifyUserHasAction(ActionsEnum.listAccessTokens),
|
|
|
|
|
accessToken.listAccessTokens
|
|
|
|
|
);
|
|
|
|
|
|
2024-12-26 19:33:56 -05:00
|
|
|
authenticated.get(`/org/:orgId/overview`, verifyOrgAccess, org.getOrgOverview);
|
|
|
|
|
|
2024-11-17 23:24:30 -05:00
|
|
|
unauthenticated.get("/resource/:resourceId/auth", resource.getResourceAuthInfo);
|
|
|
|
|
|
2024-11-03 17:28:12 -05:00
|
|
|
// authenticated.get(
|
|
|
|
|
// "/role/:roleId/resources",
|
|
|
|
|
// verifyRoleAccess,
|
|
|
|
|
// verifyUserInRole,
|
2024-11-05 23:55:46 -05:00
|
|
|
// verifyUserHasAction(ActionsEnum.listRoleResources),
|
2024-11-03 17:28:12 -05:00
|
|
|
// role.listRoleResources
|
|
|
|
|
// );
|
|
|
|
|
// authenticated.put(
|
|
|
|
|
// "/role/:roleId/action",
|
|
|
|
|
// verifyRoleAccess,
|
|
|
|
|
// verifyUserInRole,
|
2024-11-05 23:55:46 -05:00
|
|
|
// verifyUserHasAction(ActionsEnum.addRoleAction),
|
2024-11-03 17:28:12 -05:00
|
|
|
// role.addRoleAction
|
|
|
|
|
// );
|
|
|
|
|
// authenticated.delete(
|
|
|
|
|
// "/role/:roleId/action",
|
|
|
|
|
// verifyRoleAccess,
|
|
|
|
|
// verifyUserInRole,
|
2024-11-05 23:55:46 -05:00
|
|
|
// verifyUserHasAction(ActionsEnum.removeRoleAction),
|
2024-11-03 17:28:12 -05:00
|
|
|
// role.removeRoleAction
|
|
|
|
|
// );
|
|
|
|
|
// authenticated.get(
|
|
|
|
|
// "/role/:roleId/actions",
|
|
|
|
|
// verifyRoleAccess,
|
|
|
|
|
// verifyUserInRole,
|
2024-11-05 23:55:46 -05:00
|
|
|
// verifyUserHasAction(ActionsEnum.listRoleActions),
|
2024-11-03 17:28:12 -05:00
|
|
|
// role.listRoleActions
|
|
|
|
|
// );
|
2024-10-12 21:36:14 -04:00
|
|
|
|
2024-10-13 15:05:52 -04:00
|
|
|
unauthenticated.get("/user", verifySessionMiddleware, user.getUser);
|
|
|
|
|
|
2024-11-09 23:59:19 -05:00
|
|
|
authenticated.get("/org/:orgId/user/:userId", verifyOrgAccess, user.getOrgUser);
|
2024-11-05 23:55:46 -05:00
|
|
|
authenticated.get(
|
|
|
|
|
"/org/:orgId/users",
|
|
|
|
|
verifyOrgAccess,
|
|
|
|
|
verifyUserHasAction(ActionsEnum.listUsers),
|
2024-12-16 22:40:42 -05:00
|
|
|
user.listUsers
|
2024-11-05 23:55:46 -05:00
|
|
|
);
|
2024-10-12 23:03:56 -04:00
|
|
|
authenticated.delete(
|
|
|
|
|
"/org/:orgId/user/:userId",
|
|
|
|
|
verifyOrgAccess,
|
|
|
|
|
verifyUserAccess,
|
2024-11-05 23:55:46 -05:00
|
|
|
verifyUserHasAction(ActionsEnum.removeUser),
|
2024-12-16 22:40:42 -05:00
|
|
|
user.removeUserOrg
|
2024-10-12 23:03:56 -04:00
|
|
|
);
|
2024-10-12 22:31:24 -04:00
|
|
|
|
2024-11-03 17:28:12 -05:00
|
|
|
// authenticated.put(
|
|
|
|
|
// "/user/:userId/site",
|
|
|
|
|
// verifySiteAccess,
|
|
|
|
|
// verifyUserAccess,
|
2024-11-05 23:55:46 -05:00
|
|
|
// verifyUserHasAction(ActionsEnum.addRoleSite),
|
2024-11-03 17:28:12 -05:00
|
|
|
// role.addRoleSite
|
|
|
|
|
// );
|
|
|
|
|
// authenticated.delete(
|
|
|
|
|
// "/user/:userId/site",
|
|
|
|
|
// verifySiteAccess,
|
|
|
|
|
// verifyUserAccess,
|
2024-11-05 23:55:46 -05:00
|
|
|
// verifyUserHasAction(ActionsEnum.removeRoleSite),
|
2024-11-03 17:28:12 -05:00
|
|
|
// role.removeRoleSite
|
|
|
|
|
// );
|
|
|
|
|
// authenticated.put(
|
|
|
|
|
// "/org/:orgId/user/:userId/action",
|
|
|
|
|
// verifyOrgAccess,
|
|
|
|
|
// verifyUserAccess,
|
2024-11-05 23:55:46 -05:00
|
|
|
// verifyUserHasAction(ActionsEnum.addRoleAction),
|
2024-11-03 17:28:12 -05:00
|
|
|
// role.addRoleAction
|
|
|
|
|
// );
|
|
|
|
|
// authenticated.delete(
|
|
|
|
|
// "/org/:orgId/user/:userId/action",
|
|
|
|
|
// verifyOrgAccess,
|
|
|
|
|
// verifyUserAccess,
|
2024-11-05 23:55:46 -05:00
|
|
|
// verifyUserHasAction(ActionsEnum.removeRoleAction),
|
2024-11-03 17:28:12 -05:00
|
|
|
// role.removeRoleAction
|
|
|
|
|
// );
|
2024-10-02 00:04:40 -04:00
|
|
|
|
2024-11-10 17:08:29 -05:00
|
|
|
authenticated.put("/newt", createNewt);
|
|
|
|
|
|
2024-10-02 00:04:40 -04:00
|
|
|
// Auth routes
|
2024-10-05 15:11:51 -04:00
|
|
|
export const authRouter = Router();
|
|
|
|
|
unauthenticated.use("/auth", authRouter);
|
|
|
|
|
authRouter.use(
|
|
|
|
|
rateLimitMiddleware({
|
2024-12-21 21:01:12 -05:00
|
|
|
windowMin:
|
2025-01-01 17:50:12 -05:00
|
|
|
config.getRawConfig().rate_limits.auth?.window_minutes ||
|
|
|
|
|
config.getRawConfig().rate_limits.global.window_minutes,
|
2024-12-21 21:01:12 -05:00
|
|
|
max:
|
2025-01-01 17:50:12 -05:00
|
|
|
config.getRawConfig().rate_limits.auth?.max_requests ||
|
|
|
|
|
config.getRawConfig().rate_limits.global.max_requests,
|
2024-12-16 22:40:42 -05:00
|
|
|
type: "IP_AND_PATH"
|
|
|
|
|
})
|
2024-10-05 15:11:51 -04:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
authRouter.put("/signup", auth.signup);
|
|
|
|
|
authRouter.post("/login", auth.login);
|
|
|
|
|
authRouter.post("/logout", auth.logout);
|
2024-11-13 20:08:05 -05:00
|
|
|
authRouter.post("/newt/get-token", getToken);
|
2024-11-10 17:08:29 -05:00
|
|
|
|
2024-10-05 17:01:49 -04:00
|
|
|
authRouter.post("/2fa/enable", verifySessionUserMiddleware, auth.verifyTotp);
|
2024-10-05 15:11:51 -04:00
|
|
|
authRouter.post(
|
2024-10-05 17:01:49 -04:00
|
|
|
"/2fa/request",
|
2024-10-05 15:11:51 -04:00
|
|
|
verifySessionUserMiddleware,
|
2024-12-16 22:40:42 -05:00
|
|
|
auth.requestTotpSecret
|
2024-10-04 23:14:40 -04:00
|
|
|
);
|
2024-10-05 15:48:19 -04:00
|
|
|
authRouter.post("/2fa/disable", verifySessionUserMiddleware, auth.disable2fa);
|
2024-10-05 15:11:51 -04:00
|
|
|
authRouter.post("/verify-email", verifySessionMiddleware, auth.verifyEmail);
|
2025-02-05 22:46:33 -05:00
|
|
|
|
2024-10-05 15:11:51 -04:00
|
|
|
authRouter.post(
|
2024-10-05 17:01:49 -04:00
|
|
|
"/verify-email/request",
|
2024-10-04 23:14:40 -04:00
|
|
|
verifySessionMiddleware,
|
2025-02-05 22:46:33 -05:00
|
|
|
rateLimit({
|
|
|
|
|
windowMs: 15 * 60 * 1000,
|
|
|
|
|
max: 3,
|
|
|
|
|
keyGenerator: (req) => `requestEmailVerificationCode:${req.body.email}`,
|
|
|
|
|
handler: (req, res, next) => {
|
|
|
|
|
const message = `You can only request an email verification code ${3} times every ${15} minutes. Please try again later.`;
|
|
|
|
|
return next(createHttpError(HttpCode.TOO_MANY_REQUESTS, message));
|
|
|
|
|
}
|
|
|
|
|
}),
|
2024-12-16 22:40:42 -05:00
|
|
|
auth.requestEmailVerificationCode
|
2024-10-04 23:14:40 -04:00
|
|
|
);
|
2025-02-05 22:46:33 -05:00
|
|
|
|
2024-12-22 20:16:52 -05:00
|
|
|
// authRouter.post(
|
|
|
|
|
// "/change-password",
|
|
|
|
|
// verifySessionUserMiddleware,
|
|
|
|
|
// auth.changePassword
|
|
|
|
|
// );
|
2025-02-05 22:46:33 -05:00
|
|
|
|
|
|
|
|
authRouter.post(
|
|
|
|
|
"/reset-password/request",
|
|
|
|
|
rateLimit({
|
|
|
|
|
windowMs: 15 * 60 * 1000,
|
|
|
|
|
max: 3,
|
|
|
|
|
keyGenerator: (req) => `requestPasswordReset:${req.body.email}`,
|
|
|
|
|
handler: (req, res, next) => {
|
|
|
|
|
const message = `You can only request a password reset ${3} times every ${15} minutes. Please try again later.`;
|
|
|
|
|
return next(createHttpError(HttpCode.TOO_MANY_REQUESTS, message));
|
|
|
|
|
}
|
|
|
|
|
}),
|
|
|
|
|
auth.requestPasswordReset
|
|
|
|
|
);
|
|
|
|
|
|
2024-10-05 17:01:49 -04:00
|
|
|
authRouter.post("/reset-password/", auth.resetPassword);
|
2024-11-24 11:27:43 -05:00
|
|
|
|
|
|
|
|
authRouter.post("/resource/:resourceId/password", resource.authWithPassword);
|
|
|
|
|
authRouter.post("/resource/:resourceId/pincode", resource.authWithPincode);
|
2025-02-05 22:46:33 -05:00
|
|
|
|
|
|
|
|
authRouter.post(
|
|
|
|
|
"/resource/:resourceId/whitelist",
|
|
|
|
|
rateLimit({
|
|
|
|
|
windowMs: 15 * 60 * 1000,
|
|
|
|
|
max: 10,
|
|
|
|
|
keyGenerator: (req) => `authWithWhitelist:${req.body.email}`,
|
|
|
|
|
handler: (req, res, next) => {
|
|
|
|
|
const message = `You can only request an email OTP ${10} times every ${15} minutes. Please try again later.`;
|
|
|
|
|
return next(createHttpError(HttpCode.TOO_MANY_REQUESTS, message));
|
|
|
|
|
}
|
|
|
|
|
}),
|
|
|
|
|
resource.authWithWhitelist
|
|
|
|
|
);
|
|
|
|
|
|
2024-12-18 23:14:26 -05:00
|
|
|
authRouter.post(
|
|
|
|
|
"/resource/:resourceId/access-token",
|
|
|
|
|
resource.authWithAccessToken
|
|
|
|
|
);
|
