diff --git a/server/routers/auth/verifyUserHasAction.ts b/server/routers/auth/verifyUserHasAction.ts new file mode 100644 index 00000000..5698d5f7 --- /dev/null +++ b/server/routers/auth/verifyUserHasAction.ts @@ -0,0 +1,36 @@ +import { Request, Response, NextFunction } from "express"; +import createHttpError from "http-errors"; +import HttpCode from "@server/types/HttpCode"; +import logger from "@server/logger"; +import { checkUserActionPermission } from "@server/auth/actions"; +import { ActionsEnum } from "@server/auth/actions"; + +export function verifyUserHasAction(action: ActionsEnum) { + return async function ( + req: Request, + res: Response, + next: NextFunction + ): Promise { + try { + const hasPermission = await checkUserActionPermission(action, req); + if (!hasPermission) { + return next( + createHttpError( + HttpCode.FORBIDDEN, + "User does not have permission perform this action" + ) + ); + } + + return next(); + } catch (error) { + logger.error("Error verifying role access:", error); + return next( + createHttpError( + HttpCode.INTERNAL_SERVER_ERROR, + "Error verifying role access" + ) + ); + } + }; +} diff --git a/server/routers/external.ts b/server/routers/external.ts index 4ccab1fa..0d5df100 100644 --- a/server/routers/external.ts +++ b/server/routers/external.ts @@ -23,6 +23,8 @@ import { verifyUserInRole, verifyUserAccess, } from "./auth"; +import { verifyUserHasAction } from "./auth/verifyUserHasAction"; +import { ActionsEnum } from "@server/auth/actions"; // Root routes export const unauthenticated = Router(); @@ -38,39 +40,92 @@ authenticated.use(verifySessionUserMiddleware); authenticated.get("/org/checkId", org.checkId); authenticated.put("/org", getUserOrgs, org.createOrg); authenticated.get("/orgs", getUserOrgs, org.listOrgs); // TODO we need to check the orgs here -authenticated.get("/org/:orgId", verifyOrgAccess, org.getOrg); -authenticated.post("/org/:orgId", verifyOrgAccess, org.updateOrg); +authenticated.get( + "/org/:orgId", + verifyOrgAccess, + verifyUserHasAction(ActionsEnum.getOrg), + org.getOrg +); +authenticated.post( + "/org/:orgId", + verifyOrgAccess, + verifyUserHasAction(ActionsEnum.updateOrg), + org.updateOrg +); // authenticated.delete("/org/:orgId", verifyOrgAccess, org.deleteOrg); -authenticated.put("/org/:orgId/site", verifyOrgAccess, site.createSite); -authenticated.get("/org/:orgId/sites", verifyOrgAccess, site.listSites); -authenticated.get("/org/:orgId/site/:niceId", verifyOrgAccess, site.getSite); +authenticated.put( + "/org/:orgId/site", + verifyOrgAccess, + verifyUserHasAction(ActionsEnum.createSite), + site.createSite +); +authenticated.get( + "/org/:orgId/sites", + verifyOrgAccess, + verifyUserHasAction(ActionsEnum.listSites), + site.listSites +); +authenticated.get( + "/org/:orgId/site/:niceId", + verifyOrgAccess, + verifyUserHasAction(ActionsEnum.getSite), + site.getSite +); authenticated.get( "/org/:orgId/pick-site-defaults", verifyOrgAccess, + verifyUserHasAction(ActionsEnum.createSite), site.pickSiteDefaults ); -authenticated.get("/site/:siteId", verifySiteAccess, site.getSite); -// authenticated.get("/site/:siteId/roles", verifySiteAccess, site.listSiteRoles); -authenticated.post("/site/:siteId", verifySiteAccess, site.updateSite); -authenticated.delete("/site/:siteId", verifySiteAccess, site.deleteSite); +authenticated.get( + "/site/:siteId", + verifySiteAccess, + verifyUserHasAction(ActionsEnum.getSite), + site.getSite +); +// authenticated.get( +// "/site/:siteId/roles", +// verifySiteAccess, +// verifyUserHasAction(ActionsEnum.listSiteRoles), +// site.listSiteRoles +// ); +authenticated.post( + "/site/:siteId", + verifySiteAccess, + verifyUserHasAction(ActionsEnum.updateSite), + site.updateSite +); +authenticated.delete( + "/site/:siteId", + verifySiteAccess, + verifyUserHasAction(ActionsEnum.deleteSite), + site.deleteSite +); authenticated.put( "/org/:orgId/site/:siteId/resource", verifyOrgAccess, + verifyUserHasAction(ActionsEnum.createResource), resource.createResource ); -authenticated.get("/site/:siteId/resources", resource.listResources); +authenticated.get( + "/site/:siteId/resources", + verifyUserHasAction(ActionsEnum.listResources), + resource.listResources +); authenticated.get( "/org/:orgId/resources", verifyOrgAccess, + verifyUserHasAction(ActionsEnum.listResources), resource.listResources ); authenticated.post( "/org/:orgId/create-invite", verifyOrgAccess, + verifyUserHasAction(ActionsEnum.inviteUser), user.inviteUser ); // maybe make this /invite/create instead authenticated.post("/invite/accept", user.acceptInvite); @@ -78,43 +133,56 @@ authenticated.post("/invite/accept", user.acceptInvite); // authenticated.get( // "/resource/:resourceId/roles", // verifyResourceAccess, +// verifyUserHasAction(ActionsEnum.listResourceRoles), // resource.listResourceRoles // ); authenticated.get( "/resource/:resourceId", verifyResourceAccess, + verifyUserHasAction(ActionsEnum.getResource), resource.getResource ); authenticated.post( "/resource/:resourceId", verifyResourceAccess, + verifyUserHasAction(ActionsEnum.updateResource), resource.updateResource ); authenticated.delete( "/resource/:resourceId", verifyResourceAccess, + verifyUserHasAction(ActionsEnum.deleteResource), resource.deleteResource ); authenticated.put( "/resource/:resourceId/target", verifyResourceAccess, + verifyUserHasAction(ActionsEnum.createTarget), target.createTarget ); authenticated.get( "/resource/:resourceId/targets", verifyResourceAccess, + verifyUserHasAction(ActionsEnum.listTargets), target.listTargets ); -authenticated.get("/target/:targetId", verifyTargetAccess, target.getTarget); +authenticated.get( + "/target/:targetId", + verifyTargetAccess, + verifyUserHasAction(ActionsEnum.getTarget), + target.getTarget +); authenticated.post( "/target/:targetId", verifyTargetAccess, + verifyUserHasAction(ActionsEnum.updateTarget), target.updateTarget ); authenticated.delete( "/target/:targetId", verifyTargetAccess, + verifyUserHasAction(ActionsEnum.deleteTarget), target.deleteTarget ); @@ -122,25 +190,34 @@ authenticated.delete( // "/org/:orgId/role", // verifyOrgAccess, // verifyAdmin, +// verifyUserHasAction(ActionsEnum.createRole), // role.createRole // ); -// authenticated.get("/org/:orgId/roles", verifyOrgAccess, role.listRoles); +// authenticated.get( +// "/org/:orgId/roles", +// verifyOrgAccess, +// verifyUserHasAction(ActionsEnum.listRoles), +// role.listRoles +// ); // authenticated.get( // "/role/:roleId", // verifyRoleAccess, // verifyUserInRole, +// verifyUserHasAction(ActionsEnum.getRole), // role.getRole // ); // authenticated.post( // "/role/:roleId", // verifyRoleAccess, // verifyAdmin, +// verifyUserHasAction(ActionsEnum.updateRole), // role.updateRole // ); // authenticated.delete( // "/role/:roleId", // verifyRoleAccess, // verifyAdmin, +// verifyUserHasAction(ActionsEnum.deleteRole), // role.deleteRole // ); @@ -148,42 +225,49 @@ authenticated.delete( // "/role/:roleId/site", // verifyRoleAccess, // verifyUserInRole, +// verifyUserHasAction(ActionsEnum.addRoleSite), // role.addRoleSite // ); // authenticated.delete( // "/role/:roleId/site", // verifyRoleAccess, // verifyUserInRole, +// verifyUserHasAction(ActionsEnum.removeRoleSite), // role.removeRoleSite // ); // authenticated.get( // "/role/:roleId/sites", // verifyRoleAccess, // verifyUserInRole, +// verifyUserHasAction(ActionsEnum.listRoleSites), // role.listRoleSites // ); // authenticated.put( // "/role/:roleId/resource", // verifyRoleAccess, // verifyUserInRole, +// verifyUserHasAction(ActionsEnum.addRoleResource), // role.addRoleResource // ); // authenticated.delete( // "/role/:roleId/resource", // verifyRoleAccess, // verifyUserInRole, +// verifyUserHasAction(ActionsEnum.removeRoleResource), // role.removeRoleResource // ); // authenticated.get( // "/role/:roleId/resources", // verifyRoleAccess, // verifyUserInRole, +// verifyUserHasAction(ActionsEnum.listRoleResources), // role.listRoleResources // ); // authenticated.put( // "/role/:roleId/action", // verifyRoleAccess, // verifyUserInRole, +// verifyUserHasAction(ActionsEnum.addRoleAction), // role.addRoleAction // ); // authenticated.delete( @@ -191,6 +275,7 @@ authenticated.delete( // verifyRoleAccess, // verifyUserInRole, // verifyAdmin, +// verifyUserHasAction(ActionsEnum.removeRoleAction), // role.removeRoleAction // ); // authenticated.get( @@ -198,16 +283,23 @@ authenticated.delete( // verifyRoleAccess, // verifyUserInRole, // verifyAdmin, +// verifyUserHasAction(ActionsEnum.listRoleActions), // role.listRoleActions // ); unauthenticated.get("/user", verifySessionMiddleware, user.getUser); -authenticated.get("/org/:orgId/users", verifyOrgAccess, user.listUsers); +authenticated.get( + "/org/:orgId/users", + verifyOrgAccess, + verifyUserHasAction(ActionsEnum.listUsers), + user.listUsers +); authenticated.delete( "/org/:orgId/user/:userId", verifyOrgAccess, verifyUserAccess, + verifyUserHasAction(ActionsEnum.removeUser), user.removeUserOrg ); @@ -215,24 +307,28 @@ authenticated.delete( // "/user/:userId/site", // verifySiteAccess, // verifyUserAccess, +// verifyUserHasAction(ActionsEnum.addRoleSite), // role.addRoleSite // ); // authenticated.delete( // "/user/:userId/site", // verifySiteAccess, // verifyUserAccess, +// verifyUserHasAction(ActionsEnum.removeRoleSite), // role.removeRoleSite // ); // authenticated.put( // "/user/:userId/resource", // verifyResourceAccess, // verifyUserAccess, +// verifyUserHasAction(ActionsEnum.addRoleResource), // role.addRoleResource // ); // authenticated.delete( // "/user/:userId/resource", // verifyResourceAccess, // verifyUserAccess, +// verifyUserHasAction(ActionsEnum.removeRoleResource), // role.removeRoleResource // ); // authenticated.put( @@ -240,6 +336,7 @@ authenticated.delete( // verifyOrgAccess, // verifyUserAccess, // verifyAdmin, +// verifyUserHasAction(ActionsEnum.addRoleAction), // role.addRoleAction // ); // authenticated.delete( @@ -247,6 +344,7 @@ authenticated.delete( // verifyOrgAccess, // verifyUserAccess, // verifyAdmin, +// verifyUserHasAction(ActionsEnum.removeRoleAction), // role.removeRoleAction // ); diff --git a/server/routers/org/createOrg.ts b/server/routers/org/createOrg.ts index 090818d0..e03244ec 100644 --- a/server/routers/org/createOrg.ts +++ b/server/routers/org/createOrg.ts @@ -6,10 +6,9 @@ import { orgs, userOrgs } from "@server/db/schema"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { createAdminRole } from "@server/db/ensureActions"; -import config, { APP_PATH } from "@server/config"; +import config from "@server/config"; import { fromError } from "zod-validation-error"; const createOrgSchema = z.object({ diff --git a/server/routers/org/getOrg.ts b/server/routers/org/getOrg.ts index 71fd0b9d..97ace608 100644 --- a/server/routers/org/getOrg.ts +++ b/server/routers/org/getOrg.ts @@ -6,7 +6,6 @@ import { eq } from "drizzle-orm"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; const getOrgSchema = z.object({ @@ -15,12 +14,12 @@ const getOrgSchema = z.object({ export type GetOrgResponse = { org: Org; -} +}; export async function getOrg( req: Request, res: Response, - next: NextFunction, + next: NextFunction ): Promise { try { const parsedParams = getOrgSchema.safeParse(req.params); @@ -28,27 +27,13 @@ export async function getOrg( return next( createHttpError( HttpCode.BAD_REQUEST, - parsedParams.error.errors.map((e) => e.message).join(", "), - ), + parsedParams.error.errors.map((e) => e.message).join(", ") + ) ); } const { orgId } = parsedParams.data; - // Check if the user has permission to list sites - const hasPermission = await checkUserActionPermission( - ActionsEnum.getOrg, - req, - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action", - ), - ); - } - const org = await db .select() .from(orgs) @@ -59,8 +44,8 @@ export async function getOrg( return next( createHttpError( HttpCode.NOT_FOUND, - `Organization with ID ${orgId} not found`, - ), + `Organization with ID ${orgId} not found` + ) ); } @@ -76,10 +61,7 @@ export async function getOrg( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred...", - ), + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/org/updateOrg.ts b/server/routers/org/updateOrg.ts index e721f641..e3dfe2b8 100644 --- a/server/routers/org/updateOrg.ts +++ b/server/routers/org/updateOrg.ts @@ -1,27 +1,32 @@ -import { Request, Response, NextFunction } from 'express'; -import { z } from 'zod'; -import { db } from '@server/db'; -import { orgs } from '@server/db/schema'; -import { eq } from 'drizzle-orm'; +import { Request, Response, NextFunction } from "express"; +import { z } from "zod"; +import { db } from "@server/db"; +import { orgs } from "@server/db/schema"; +import { eq } from "drizzle-orm"; import response from "@server/utils/response"; -import HttpCode from '@server/types/HttpCode'; -import createHttpError from 'http-errors'; -import { ActionsEnum, checkUserActionPermission } from '@server/auth/actions'; -import logger from '@server/logger'; -import { fromError } from 'zod-validation-error'; +import HttpCode from "@server/types/HttpCode"; +import createHttpError from "http-errors"; +import logger from "@server/logger"; +import { fromError } from "zod-validation-error"; const updateOrgParamsSchema = z.object({ - orgId: z.string() + orgId: z.string(), }); -const updateOrgBodySchema = z.object({ - name: z.string().min(1).max(255).optional(), - domain: z.string().min(1).max(255).optional(), -}).refine(data => Object.keys(data).length > 0, { - message: "At least one field must be provided for update" -}); +const updateOrgBodySchema = z + .object({ + name: z.string().min(1).max(255).optional(), + domain: z.string().min(1).max(255).optional(), + }) + .refine((data) => Object.keys(data).length > 0, { + message: "At least one field must be provided for update", + }); -export async function updateOrg(req: Request, res: Response, next: NextFunction): Promise { +export async function updateOrg( + req: Request, + res: Response, + next: NextFunction +): Promise { try { const parsedParams = updateOrgParamsSchema.safeParse(req.params); if (!parsedParams.success) { @@ -46,14 +51,8 @@ export async function updateOrg(req: Request, res: Response, next: NextFunction) const { orgId } = parsedParams.data; const updateData = parsedBody.data; - - // Check if the user has permission to list sites - const hasPermission = await checkUserActionPermission(ActionsEnum.updateOrg, req); - if (!hasPermission) { - return next(createHttpError(HttpCode.FORBIDDEN, 'User does not have permission to perform this action')); - } - - const updatedOrg = await db.update(orgs) + const updatedOrg = await db + .update(orgs) .set(updateData) .where(eq(orgs.orgId, orgId)) .returning(); @@ -76,6 +75,8 @@ export async function updateOrg(req: Request, res: Response, next: NextFunction) }); } catch (error) { logger.error(error); - return next(createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred...")); + return next( + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") + ); } } diff --git a/server/routers/resource/createResource.ts b/server/routers/resource/createResource.ts index 79b936c2..76bc9a2b 100644 --- a/server/routers/resource/createResource.ts +++ b/server/routers/resource/createResource.ts @@ -11,8 +11,6 @@ import { import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; -import logger from "@server/logger"; import { eq, and } from "drizzle-orm"; import stoi from "@server/utils/stoi"; import { fromError } from "zod-validation-error"; @@ -26,7 +24,6 @@ const createResourceParamsSchema = z.object({ orgId: z.string(), }); -// Define Zod schema for request body validation const createResourceSchema = z.object({ name: z.string().min(1).max(255), subdomain: z.string().min(1).max(255).optional(), @@ -38,7 +35,6 @@ export async function createResource( next: NextFunction ): Promise { try { - // Validate request body const parsedBody = createResourceSchema.safeParse(req.body); if (!parsedBody.success) { return next( @@ -64,20 +60,6 @@ export async function createResource( const { siteId, orgId } = parsedParams.data; - // Check if the user has permission to list sites - const hasPermission = await checkUserActionPermission( - ActionsEnum.createResource, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - if (!req.userOrgRoleId) { return next( createHttpError(HttpCode.FORBIDDEN, "User does not have a role") diff --git a/server/routers/resource/deleteResource.ts b/server/routers/resource/deleteResource.ts index 5fb70e17..8759e61f 100644 --- a/server/routers/resource/deleteResource.ts +++ b/server/routers/resource/deleteResource.ts @@ -6,7 +6,6 @@ import { eq } from "drizzle-orm"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { fromError } from "zod-validation-error"; @@ -21,7 +20,6 @@ export async function deleteResource( next: NextFunction ): Promise { try { - // Validate request parameters const parsedParams = deleteResourceSchema.safeParse(req.params); if (!parsedParams.success) { return next( @@ -34,21 +32,6 @@ export async function deleteResource( const { resourceId } = parsedParams.data; - // Check if the user has permission to list sites - const hasPermission = await checkUserActionPermission( - ActionsEnum.deleteResource, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - - // Delete the resource from the database const deletedResource = await db .delete(resources) .where(eq(resources.resourceId, resourceId)) @@ -73,10 +56,7 @@ export async function deleteResource( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/resource/getResource.ts b/server/routers/resource/getResource.ts index 122e9dbb..f1b7121d 100644 --- a/server/routers/resource/getResource.ts +++ b/server/routers/resource/getResource.ts @@ -6,11 +6,8 @@ import { eq } from "drizzle-orm"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; -import logger from "@server/logger"; import { fromError } from "zod-validation-error"; -// Define Zod schema for request parameters validation const getResourceSchema = z.object({ resourceId: z.string().transform(Number).pipe(z.number().int().positive()), }); @@ -28,7 +25,6 @@ export async function getResource( next: NextFunction ): Promise { try { - // Validate request parameters const parsedParams = getResourceSchema.safeParse(req.params); if (!parsedParams.success) { return next( @@ -41,21 +37,6 @@ export async function getResource( const { resourceId } = parsedParams.data; - // Check if the user has permission to list sites - const hasPermission = await checkUserActionPermission( - ActionsEnum.getResource, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - - // Fetch the resource from the database const resource = await db .select() .from(resources) @@ -84,12 +65,8 @@ export async function getResource( status: HttpCode.OK, }); } catch (error) { - throw error; return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/resource/listResourceRoles.ts b/server/routers/resource/listResourceRoles.ts index 83c565ce..df8e41c6 100644 --- a/server/routers/resource/listResourceRoles.ts +++ b/server/routers/resource/listResourceRoles.ts @@ -6,7 +6,6 @@ import { eq } from "drizzle-orm"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { fromError } from "zod-validation-error"; @@ -32,20 +31,6 @@ export async function listResourceRoles( const { resourceId } = parsedParams.data; - // Check if the user has permission to list resource roles - const hasPermission = await checkUserActionPermission( - ActionsEnum.listResourceRoles, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - const resourceRolesList = await db .select({ roleId: roles.roleId, @@ -67,10 +52,7 @@ export async function listResourceRoles( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/resource/listResources.ts b/server/routers/resource/listResources.ts index 9711327c..10f19a8e 100644 --- a/server/routers/resource/listResources.ts +++ b/server/routers/resource/listResources.ts @@ -11,13 +11,16 @@ import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; import { sql, eq, or, inArray, and, count } from "drizzle-orm"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import stoi from "@server/utils/stoi"; const listResourcesParamsSchema = z .object({ - siteId: z.string().optional().transform(stoi).pipe(z.number().int().positive().optional()), + siteId: z + .string() + .optional() + .transform(stoi) + .pipe(z.number().int().positive().optional()), orgId: z.string().optional(), }) .refine((data) => !!data.siteId !== !!data.orgId, { @@ -43,7 +46,7 @@ const listResourcesSchema = z.object({ function queryResources( accessibleResourceIds: number[], siteId?: number, - orgId?: string, + orgId?: string ) { if (siteId) { return db @@ -58,8 +61,8 @@ function queryResources( .where( and( inArray(resources.resourceId, accessibleResourceIds), - eq(resources.siteId, siteId), - ), + eq(resources.siteId, siteId) + ) ); } else if (orgId) { return db @@ -74,8 +77,8 @@ function queryResources( .where( and( inArray(resources.resourceId, accessibleResourceIds), - eq(resources.orgId, orgId), - ), + eq(resources.orgId, orgId) + ) ); } } @@ -88,7 +91,7 @@ export type ListResourcesResponse = { export async function listResources( req: Request, res: Response, - next: NextFunction, + next: NextFunction ): Promise { try { const parsedQuery = listResourcesSchema.safeParse(req.query); @@ -96,8 +99,8 @@ export async function listResources( return next( createHttpError( HttpCode.BAD_REQUEST, - parsedQuery.error.errors.map((e) => e.message).join(", "), - ), + parsedQuery.error.errors.map((e) => e.message).join(", ") + ) ); } const { limit, offset } = parsedQuery.data; @@ -107,36 +110,21 @@ export async function listResources( return next( createHttpError( HttpCode.BAD_REQUEST, - parsedParams.error.errors.map((e) => e.message).join(", "), - ), + parsedParams.error.errors.map((e) => e.message).join(", ") + ) ); } const { siteId, orgId } = parsedParams.data; - // Check if the user has permission to list sites - const hasPermission = await checkUserActionPermission( - ActionsEnum.listResources, - req, - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action", - ), - ); - } - if (orgId && orgId !== req.userOrgId) { return next( createHttpError( HttpCode.FORBIDDEN, - "User does not have access to this organization", - ), + "User does not have access to this organization" + ) ); } - // Get the list of resources the user has access to const accessibleResources = await db .select({ resourceId: sql`COALESCE(${userResources.resourceId}, ${roleResources.resourceId})`, @@ -144,17 +132,17 @@ export async function listResources( .from(userResources) .fullJoin( roleResources, - eq(userResources.resourceId, roleResources.resourceId), + eq(userResources.resourceId, roleResources.resourceId) ) .where( or( eq(userResources.userId, req.user!.userId), - eq(roleResources.roleId, req.userOrgRoleId!), - ), + eq(roleResources.roleId, req.userOrgRoleId!) + ) ); const accessibleResourceIds = accessibleResources.map( - (resource) => resource.resourceId, + (resource) => resource.resourceId ); let countQuery: any = db @@ -185,10 +173,7 @@ export async function listResources( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred...", - ), + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/resource/updateResource.ts b/server/routers/resource/updateResource.ts index 5b208f9a..1964e257 100644 --- a/server/routers/resource/updateResource.ts +++ b/server/routers/resource/updateResource.ts @@ -6,16 +6,13 @@ import { eq } from "drizzle-orm"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { fromError } from "zod-validation-error"; -// Define Zod schema for request parameters validation const updateResourceParamsSchema = z.object({ resourceId: z.string().transform(Number).pipe(z.number().int().positive()), }); -// Define Zod schema for request body validation const updateResourceBodySchema = z .object({ name: z.string().min(1).max(255).optional(), @@ -31,7 +28,6 @@ export async function updateResource( next: NextFunction ): Promise { try { - // Validate request parameters const parsedParams = updateResourceParamsSchema.safeParse(req.params); if (!parsedParams.success) { return next( @@ -42,7 +38,6 @@ export async function updateResource( ); } - // Validate request body const parsedBody = updateResourceBodySchema.safeParse(req.body); if (!parsedBody.success) { return next( @@ -56,21 +51,6 @@ export async function updateResource( const { resourceId } = parsedParams.data; const updateData = parsedBody.data; - // Check if the user has permission to list sites - const hasPermission = await checkUserActionPermission( - ActionsEnum.updateResource, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - - // Update the resource in the database const updatedResource = await db .update(resources) .set(updateData) @@ -96,10 +76,7 @@ export async function updateResource( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/role/addRoleAction.ts b/server/routers/role/addRoleAction.ts index 99944b89..5f82522c 100644 --- a/server/routers/role/addRoleAction.ts +++ b/server/routers/role/addRoleAction.ts @@ -5,7 +5,6 @@ import { roleActions, roles } from "@server/db/schema"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { eq } from "drizzle-orm"; import { fromError } from "zod-validation-error"; @@ -48,21 +47,6 @@ export async function addRoleAction( const { roleId } = parsedParams.data; - // Check if the user has permission to add role actions - const hasPermission = await checkUserActionPermission( - ActionsEnum.addRoleAction, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - - // Get the orgId for the role const role = await db .select({ orgId: roles.orgId }) .from(roles) @@ -96,10 +80,7 @@ export async function addRoleAction( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/role/addRoleResource.ts b/server/routers/role/addRoleResource.ts index 59091050..dc7cb6f5 100644 --- a/server/routers/role/addRoleResource.ts +++ b/server/routers/role/addRoleResource.ts @@ -5,7 +5,6 @@ import { roleResources } from "@server/db/schema"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { fromError } from "zod-validation-error"; @@ -47,20 +46,6 @@ export async function addRoleResource( const { roleId } = parsedParams.data; - // Check if the user has permission to add role resources - const hasPermission = await checkUserActionPermission( - ActionsEnum.addRoleResource, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - const newRoleResource = await db .insert(roleResources) .values({ @@ -79,10 +64,7 @@ export async function addRoleResource( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/role/addRoleSite.ts b/server/routers/role/addRoleSite.ts index 3d21149e..a326cb43 100644 --- a/server/routers/role/addRoleSite.ts +++ b/server/routers/role/addRoleSite.ts @@ -5,7 +5,6 @@ import { resources, roleResources, roleSites } from "@server/db/schema"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { eq } from "drizzle-orm"; import { fromError } from "zod-validation-error"; @@ -48,20 +47,6 @@ export async function addRoleSite( const { roleId } = parsedParams.data; - // Check if the user has permission to add role sites - const hasPermission = await checkUserActionPermission( - ActionsEnum.addRoleSite, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - const newRoleSite = await db .insert(roleSites) .values({ @@ -92,10 +77,7 @@ export async function addRoleSite( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/role/createRole.ts b/server/routers/role/createRole.ts index f61e8c07..25f5656b 100644 --- a/server/routers/role/createRole.ts +++ b/server/routers/role/createRole.ts @@ -5,7 +5,6 @@ import { roles } from "@server/db/schema"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { fromError } from "zod-validation-error"; @@ -48,20 +47,6 @@ export async function createRole( const { orgId } = parsedParams.data; - // Check if the user has permission to create roles - const hasPermission = await checkUserActionPermission( - ActionsEnum.createRole, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - const newRole = await db .insert(roles) .values({ @@ -80,10 +65,7 @@ export async function createRole( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/role/deleteRole.ts b/server/routers/role/deleteRole.ts index 4700ccc1..20cb98fe 100644 --- a/server/routers/role/deleteRole.ts +++ b/server/routers/role/deleteRole.ts @@ -6,7 +6,6 @@ import { eq } from "drizzle-orm"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { fromError } from "zod-validation-error"; @@ -32,20 +31,6 @@ export async function deleteRole( const { roleId } = parsedParams.data; - // Check if the user has permission to delete roles - const hasPermission = await checkUserActionPermission( - ActionsEnum.deleteRole, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - const role = await db .select() .from(roles) @@ -94,10 +79,7 @@ export async function deleteRole( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/role/getRole.ts b/server/routers/role/getRole.ts index 964661c7..7561708e 100644 --- a/server/routers/role/getRole.ts +++ b/server/routers/role/getRole.ts @@ -6,7 +6,6 @@ import { eq } from "drizzle-orm"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { fromError } from "zod-validation-error"; @@ -32,20 +31,6 @@ export async function getRole( const { roleId } = parsedParams.data; - // Check if the user has permission to get roles - const hasPermission = await checkUserActionPermission( - ActionsEnum.getRole, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - const role = await db .select() .from(roles) @@ -71,10 +56,7 @@ export async function getRole( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/role/listRoleActions.ts b/server/routers/role/listRoleActions.ts index 0a61070f..b368a127 100644 --- a/server/routers/role/listRoleActions.ts +++ b/server/routers/role/listRoleActions.ts @@ -6,7 +6,6 @@ import { eq } from "drizzle-orm"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { fromError } from "zod-validation-error"; @@ -32,20 +31,6 @@ export async function listRoleActions( const { roleId } = parsedParams.data; - // Check if the user has permission to list role actions - const hasPermission = await checkUserActionPermission( - ActionsEnum.listRoleActions, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - const roleActionsList = await db .select({ actionId: actions.actionId, @@ -68,10 +53,7 @@ export async function listRoleActions( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/role/listRoleResources.ts b/server/routers/role/listRoleResources.ts index 18075e44..5d1f13a9 100644 --- a/server/routers/role/listRoleResources.ts +++ b/server/routers/role/listRoleResources.ts @@ -6,7 +6,6 @@ import { eq } from "drizzle-orm"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { fromError } from "zod-validation-error"; @@ -32,20 +31,6 @@ export async function listRoleResources( const { roleId } = parsedParams.data; - // Check if the user has permission to list role resources - const hasPermission = await checkUserActionPermission( - ActionsEnum.listRoleResources, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - const roleResourcesList = await db .select({ resourceId: resources.resourceId, @@ -71,10 +56,7 @@ export async function listRoleResources( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/role/listRoleSites.ts b/server/routers/role/listRoleSites.ts index e74a50f9..878304c7 100644 --- a/server/routers/role/listRoleSites.ts +++ b/server/routers/role/listRoleSites.ts @@ -6,7 +6,6 @@ import { eq } from "drizzle-orm"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { fromError } from "zod-validation-error"; @@ -32,20 +31,6 @@ export async function listRoleSites( const { roleId } = parsedParams.data; - // Check if the user has permission to list role sites - const hasPermission = await checkUserActionPermission( - ActionsEnum.listRoleSites, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - const roleSitesList = await db .select({ siteId: sites.siteId, @@ -67,10 +52,7 @@ export async function listRoleSites( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/role/listRoles.ts b/server/routers/role/listRoles.ts index 7ffc9dcf..6b9181b5 100644 --- a/server/routers/role/listRoles.ts +++ b/server/routers/role/listRoles.ts @@ -6,7 +6,6 @@ import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; import { sql, eq } from "drizzle-orm"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { fromError } from "zod-validation-error"; @@ -62,20 +61,6 @@ export async function listRoles( const { orgId } = parsedParams.data; - // Check if the user has permission to list roles - const hasPermission = await checkUserActionPermission( - ActionsEnum.listRoles, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - let baseQuery: any = db .select({ roleId: roles.roleId, @@ -115,10 +100,7 @@ export async function listRoles( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/role/removeRoleAction.ts b/server/routers/role/removeRoleAction.ts index a9f071b5..ecf57a50 100644 --- a/server/routers/role/removeRoleAction.ts +++ b/server/routers/role/removeRoleAction.ts @@ -6,7 +6,6 @@ import { and, eq } from "drizzle-orm"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { fromError } from "zod-validation-error"; @@ -48,20 +47,6 @@ export async function removeRoleAction( const { roleId } = parsedBody.data; - // Check if the user has permission to remove role actions - const hasPermission = await checkUserActionPermission( - ActionsEnum.removeRoleAction, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - const deletedRoleAction = await db .delete(roleActions) .where( @@ -91,10 +76,7 @@ export async function removeRoleAction( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/role/removeRoleResource.ts b/server/routers/role/removeRoleResource.ts index bf2582c3..055c3013 100644 --- a/server/routers/role/removeRoleResource.ts +++ b/server/routers/role/removeRoleResource.ts @@ -6,7 +6,6 @@ import { and, eq } from "drizzle-orm"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { fromError } from "zod-validation-error"; @@ -48,20 +47,6 @@ export async function removeRoleResource( const { roleId } = parsedBody.data; - // Check if the user has permission to remove role resources - const hasPermission = await checkUserActionPermission( - ActionsEnum.removeRoleResource, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - const deletedRoleResource = await db .delete(roleResources) .where( @@ -91,10 +76,7 @@ export async function removeRoleResource( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/role/removeRoleSite.ts b/server/routers/role/removeRoleSite.ts index dd1f2d57..bebbbd93 100644 --- a/server/routers/role/removeRoleSite.ts +++ b/server/routers/role/removeRoleSite.ts @@ -6,7 +6,6 @@ import { and, eq } from "drizzle-orm"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { fromError } from "zod-validation-error"; @@ -48,20 +47,6 @@ export async function removeRoleSite( const { roleId } = parsedBody.data; - // Check if the user has permission to remove role sites - const hasPermission = await checkUserActionPermission( - ActionsEnum.removeRoleSite, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - const deletedRoleSite = await db .delete(roleSites) .where( @@ -105,10 +90,7 @@ export async function removeRoleSite( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/role/updateRole.ts b/server/routers/role/updateRole.ts index 740c8fcc..796678b4 100644 --- a/server/routers/role/updateRole.ts +++ b/server/routers/role/updateRole.ts @@ -6,7 +6,6 @@ import { eq } from "drizzle-orm"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { fromError } from "zod-validation-error"; @@ -52,20 +51,6 @@ export async function updateRole( const { roleId } = parsedParams.data; const updateData = parsedBody.data; - // Check if the user has permission to update roles - const hasPermission = await checkUserActionPermission( - ActionsEnum.updateRole, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - const role = await db .select() .from(roles) @@ -115,10 +100,7 @@ export async function updateRole( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/site/createSite.ts b/server/routers/site/createSite.ts index c5bf7641..14f543f8 100644 --- a/server/routers/site/createSite.ts +++ b/server/routers/site/createSite.ts @@ -1,17 +1,10 @@ import { Request, Response, NextFunction } from "express"; import { z } from "zod"; import { db } from "@server/db"; -import { - roles, - userSites, - sites, - roleSites, - exitNodes, -} from "@server/db/schema"; +import { roles, userSites, sites, roleSites } from "@server/db/schema"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { eq, and } from "drizzle-orm"; import { getUniqueSiteName } from "@server/db/names"; @@ -22,7 +15,6 @@ const createSiteParamsSchema = z.object({ orgId: z.string(), }); -// Define Zod schema for request body validation const createSiteSchema = z.object({ name: z.string().min(1).max(255), exitNodeId: z.number().int().positive(), @@ -36,9 +28,6 @@ export type CreateSiteResponse = { siteId: number; orgId: string; niceId: string; - // niceId: string; - // subdomain: string; - // subnet: string; }; export async function createSite( @@ -47,7 +36,6 @@ export async function createSite( next: NextFunction ): Promise { try { - // Validate request body const parsedBody = createSiteSchema.safeParse(req.body); if (!parsedBody.success) { return next( @@ -60,7 +48,6 @@ export async function createSite( const { name, subdomain, exitNodeId, pubKey, subnet } = parsedBody.data; - // Validate request params const parsedParams = createSiteParamsSchema.safeParse(req.params); if (!parsedParams.success) { return next( @@ -73,20 +60,6 @@ export async function createSite( const { orgId } = parsedParams.data; - // Check if the user has permission to list sites - const hasPermission = await checkUserActionPermission( - ActionsEnum.createSite, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission perform this action" - ) - ); - } - if (!req.userOrgRoleId) { return next( createHttpError(HttpCode.FORBIDDEN, "User does not have a role") @@ -95,7 +68,6 @@ export async function createSite( const niceId = await getUniqueSiteName(orgId); - // Create new site in the database const [newSite] = await db .insert(sites) .values({ @@ -144,8 +116,6 @@ export async function createSite( niceId: newSite.niceId, siteId: newSite.siteId, orgId: newSite.orgId, - // subdomain: newSite.subdomain, - // subnet: newSite.subnet, }, success: true, error: false, @@ -155,10 +125,7 @@ export async function createSite( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/site/deleteSite.ts b/server/routers/site/deleteSite.ts index aa69ef44..a01083c6 100644 --- a/server/routers/site/deleteSite.ts +++ b/server/routers/site/deleteSite.ts @@ -6,14 +6,12 @@ import { eq } from "drizzle-orm"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { deletePeer } from "../gerbil/peers"; import { fromError } from "zod-validation-error"; const API_BASE_URL = "http://localhost:3000"; -// Define Zod schema for request parameters validation const deleteSiteSchema = z.object({ siteId: z.string().transform(Number).pipe(z.number().int().positive()), }); @@ -24,7 +22,6 @@ export async function deleteSite( next: NextFunction ): Promise { try { - // Validate request parameters const parsedParams = deleteSiteSchema.safeParse(req.params); if (!parsedParams.success) { return next( @@ -37,21 +34,6 @@ export async function deleteSite( const { siteId } = parsedParams.data; - // Check if the user has permission to list sites - const hasPermission = await checkUserActionPermission( - ActionsEnum.deleteSite, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - - // Delete the site from the database const [deletedSite] = await db .delete(sites) .where(eq(sites.siteId, siteId)) @@ -78,10 +60,7 @@ export async function deleteSite( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/site/getSite.ts b/server/routers/site/getSite.ts index 4791970b..d49ff637 100644 --- a/server/routers/site/getSite.ts +++ b/server/routers/site/getSite.ts @@ -6,12 +6,10 @@ import { eq, and } from "drizzle-orm"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import stoi from "@server/utils/stoi"; import { fromError } from "zod-validation-error"; -// Define Zod schema for request parameters validation const getSiteSchema = z.object({ siteId: z .string() @@ -36,7 +34,6 @@ export async function getSite( next: NextFunction ): Promise { try { - // Validate request parameters const parsedParams = getSiteSchema.safeParse(req.params); if (!parsedParams.success) { return next( @@ -49,22 +46,7 @@ export async function getSite( const { siteId, niceId, orgId } = parsedParams.data; - // Check if the user has permission to list sites - const hasPermission = await checkUserActionPermission( - ActionsEnum.updateSite, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - let site; - // Fetch the site from the database if (siteId) { site = await db .select() @@ -107,10 +89,7 @@ export async function getSite( } catch (error) { logger.error("Error from getSite: ", error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/site/listSiteRoles.ts b/server/routers/site/listSiteRoles.ts index 7e5c5fb6..b1011792 100644 --- a/server/routers/site/listSiteRoles.ts +++ b/server/routers/site/listSiteRoles.ts @@ -6,7 +6,6 @@ import { eq } from "drizzle-orm"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { fromError } from "zod-validation-error"; @@ -32,20 +31,6 @@ export async function listSiteRoles( const { siteId } = parsedParams.data; - // Check if the user has permission to list site roles - const hasPermission = await checkUserActionPermission( - ActionsEnum.listSiteRoles, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - const siteRolesList = await db .select({ roleId: roles.roleId, @@ -67,10 +52,7 @@ export async function listSiteRoles( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/site/listSites.ts b/server/routers/site/listSites.ts index 65dcd715..f449b7c4 100644 --- a/server/routers/site/listSites.ts +++ b/server/routers/site/listSites.ts @@ -1,4 +1,3 @@ -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import { db } from "@server/db"; import { orgs, roleSites, sites, userSites } from "@server/db/schema"; import HttpCode from "@server/types/HttpCode"; @@ -45,8 +44,8 @@ function querySites(orgId: string, accessibleSiteIds: number[]) { .where( and( inArray(sites.siteId, accessibleSiteIds), - eq(sites.orgId, orgId), - ), + eq(sites.orgId, orgId) + ) ); } @@ -58,7 +57,7 @@ export type ListSitesResponse = { export async function listSites( req: Request, res: Response, - next: NextFunction, + next: NextFunction ): Promise { try { const parsedQuery = listSitesSchema.safeParse(req.query); @@ -66,8 +65,8 @@ export async function listSites( return next( createHttpError( HttpCode.BAD_REQUEST, - fromError(parsedQuery.error), - ), + fromError(parsedQuery.error) + ) ); } const { limit, offset } = parsedQuery.data; @@ -77,32 +76,18 @@ export async function listSites( return next( createHttpError( HttpCode.BAD_REQUEST, - parsedParams.error.errors.map((e) => e.message).join(", "), - ), + parsedParams.error.errors.map((e) => e.message).join(", ") + ) ); } const { orgId } = parsedParams.data; - // Check if the user has permission to list sites - const hasPermission = await checkUserActionPermission( - ActionsEnum.listSites, - req, - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action", - ), - ); - } - if (orgId && orgId !== req.userOrgId) { return next( createHttpError( HttpCode.FORBIDDEN, - "User does not have access to this organization", - ), + "User does not have access to this organization" + ) ); } @@ -115,8 +100,8 @@ export async function listSites( .where( or( eq(userSites.userId, req.user!.userId), - eq(roleSites.roleId, req.userOrgRoleId!), - ), + eq(roleSites.roleId, req.userOrgRoleId!) + ) ); const accessibleSiteIds = accessibleSites.map((site) => site.siteId); @@ -128,8 +113,8 @@ export async function listSites( .where( and( inArray(sites.siteId, accessibleSiteIds), - eq(sites.orgId, orgId), - ), + eq(sites.orgId, orgId) + ) ); const sitesList = await baseQuery.limit(limit).offset(offset); @@ -152,10 +137,7 @@ export async function listSites( }); } catch (error) { return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred...", - ), + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/site/pickSiteDefaults.ts b/server/routers/site/pickSiteDefaults.ts index ad369536..3e12ad61 100644 --- a/server/routers/site/pickSiteDefaults.ts +++ b/server/routers/site/pickSiteDefaults.ts @@ -1,12 +1,10 @@ import { Request, Response, NextFunction } from "express"; -import { z } from "zod"; import { db } from "@server/db"; -import { exitNodes, Org, orgs, sites } from "@server/db/schema"; +import { exitNodes, sites } from "@server/db/schema"; import { eq } from "drizzle-orm"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { findNextAvailableCidr } from "@server/utils/ip"; @@ -26,20 +24,6 @@ export async function pickSiteDefaults( next: NextFunction ): Promise { try { - // Check if the user has permission to list sites - const hasPermission = await checkUserActionPermission( - ActionsEnum.createSite, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - // TODO: more intelligent way to pick the exit node // make sure there is an exit node by counting the exit nodes table diff --git a/server/routers/site/updateSite.ts b/server/routers/site/updateSite.ts index 52a39911..c436b07f 100644 --- a/server/routers/site/updateSite.ts +++ b/server/routers/site/updateSite.ts @@ -6,16 +6,13 @@ import { eq } from "drizzle-orm"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { fromError } from "zod-validation-error"; -// Define Zod schema for request parameters validation const updateSiteParamsSchema = z.object({ siteId: z.string().transform(Number).pipe(z.number().int().positive()), }); -// Define Zod schema for request body validation const updateSiteBodySchema = z .object({ name: z.string().min(1).max(255).optional(), @@ -36,7 +33,6 @@ export async function updateSite( next: NextFunction ): Promise { try { - // Validate request parameters const parsedParams = updateSiteParamsSchema.safeParse(req.params); if (!parsedParams.success) { return next( @@ -47,7 +43,6 @@ export async function updateSite( ); } - // Validate request body const parsedBody = updateSiteBodySchema.safeParse(req.body); if (!parsedBody.success) { return next( @@ -61,21 +56,6 @@ export async function updateSite( const { siteId } = parsedParams.data; const updateData = parsedBody.data; - // Check if the user has permission to list sites - const hasPermission = await checkUserActionPermission( - ActionsEnum.updateSite, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - - // Update the site in the database const updatedSite = await db .update(sites) .set(updateData) @@ -101,10 +81,7 @@ export async function updateSite( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/target/createTarget.ts b/server/routers/target/createTarget.ts index 84f45f0e..e44e6774 100644 --- a/server/routers/target/createTarget.ts +++ b/server/routers/target/createTarget.ts @@ -5,7 +5,6 @@ import { resources, sites, targets } from "@server/db/schema"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { addPeer } from "../gerbil/peers"; import { eq, and } from "drizzle-orm"; @@ -54,20 +53,6 @@ export async function createTarget( const { resourceId } = parsedParams.data; - // Check if the user has permission to list sites - const hasPermission = await checkUserActionPermission( - ActionsEnum.createTarget, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - // get the resource const [resource] = await db .select({ @@ -151,10 +136,7 @@ export async function createTarget( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/target/deleteTarget.ts b/server/routers/target/deleteTarget.ts index e5e50ffd..b79b2847 100644 --- a/server/routers/target/deleteTarget.ts +++ b/server/routers/target/deleteTarget.ts @@ -6,7 +6,6 @@ import { eq } from "drizzle-orm"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { addPeer } from "../gerbil/peers"; import { fromError } from "zod-validation-error"; @@ -33,20 +32,6 @@ export async function deleteTarget( const { targetId } = parsedParams.data; - // Check if the user has permission to list sites - const hasPermission = await checkUserActionPermission( - ActionsEnum.deleteTarget, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - const [deletedTarget] = await db .delete(targets) .where(eq(targets.targetId, targetId)) @@ -125,10 +110,7 @@ export async function deleteTarget( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/target/getTarget.ts b/server/routers/target/getTarget.ts index 665c534b..745892ad 100644 --- a/server/routers/target/getTarget.ts +++ b/server/routers/target/getTarget.ts @@ -6,7 +6,6 @@ import { eq } from "drizzle-orm"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { fromError } from "zod-validation-error"; @@ -32,20 +31,6 @@ export async function getTarget( const { targetId } = parsedParams.data; - // Check if the user has permission to list sites - const hasPermission = await checkUserActionPermission( - ActionsEnum.getTarget, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - const target = await db .select() .from(targets) @@ -71,10 +56,7 @@ export async function getTarget( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/target/listTargets.ts b/server/routers/target/listTargets.ts index 82421983..b4d63179 100644 --- a/server/routers/target/listTargets.ts +++ b/server/routers/target/listTargets.ts @@ -1,6 +1,5 @@ -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import { db } from "@server/db"; -import { targets, resources } from "@server/db/schema"; +import { targets } from "@server/db/schema"; import HttpCode from "@server/types/HttpCode"; import response from "@server/utils/response"; import { eq, sql } from "drizzle-orm"; @@ -81,20 +80,6 @@ export async function listTargets( } const { resourceId } = parsedParams.data; - // Check if the user has permission to list targets - const hasPermission = await checkUserActionPermission( - ActionsEnum.listTargets, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - const baseQuery = queryTargets(resourceId); let countQuery = db @@ -123,10 +108,7 @@ export async function listTargets( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } -} \ No newline at end of file +} diff --git a/server/routers/target/updateTarget.ts b/server/routers/target/updateTarget.ts index 8adcd9ff..52e033b1 100644 --- a/server/routers/target/updateTarget.ts +++ b/server/routers/target/updateTarget.ts @@ -6,7 +6,6 @@ import { eq } from "drizzle-orm"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { fromError } from "zod-validation-error"; @@ -55,20 +54,6 @@ export async function updateTarget( const { targetId } = parsedParams.data; const updateData = parsedBody.data; - // Check if the user has permission to list sites - const hasPermission = await checkUserActionPermission( - ActionsEnum.updateTarget, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - const updatedTarget = await db .update(targets) .set(updateData) @@ -94,10 +79,7 @@ export async function updateTarget( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/user/addUserAction.ts b/server/routers/user/addUserAction.ts index 764f52fe..4e638359 100644 --- a/server/routers/user/addUserAction.ts +++ b/server/routers/user/addUserAction.ts @@ -5,7 +5,6 @@ import { userActions, users } from "@server/db/schema"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { eq } from "drizzle-orm"; import { fromError } from "zod-validation-error"; @@ -34,21 +33,6 @@ export async function addUserAction( const { userId, actionId, orgId } = parsedBody.data; - // Check if the user has permission to add user actions - const hasPermission = await checkUserActionPermission( - ActionsEnum.addUserAction, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - - // Check if the user exists const user = await db .select() .from(users) @@ -82,10 +66,7 @@ export async function addUserAction( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/user/addUserResource.ts b/server/routers/user/addUserResource.ts index aaa6e097..da745ae2 100644 --- a/server/routers/user/addUserResource.ts +++ b/server/routers/user/addUserResource.ts @@ -5,7 +5,6 @@ import { userResources } from "@server/db/schema"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { fromError } from "zod-validation-error"; @@ -32,20 +31,6 @@ export async function addUserResource( const { userId, resourceId } = parsedBody.data; - // Check if the user has permission to add user resources - const hasPermission = await checkUserActionPermission( - ActionsEnum.addUserResource, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - const newUserResource = await db .insert(userResources) .values({ @@ -64,10 +49,7 @@ export async function addUserResource( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/user/addUserSite.ts b/server/routers/user/addUserSite.ts index 4691b571..27d90e9d 100644 --- a/server/routers/user/addUserSite.ts +++ b/server/routers/user/addUserSite.ts @@ -5,7 +5,6 @@ import { resources, userResources, userSites } from "@server/db/schema"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { eq } from "drizzle-orm"; import { fromError } from "zod-validation-error"; @@ -33,20 +32,6 @@ export async function addUserSite( const { userId, siteId } = parsedBody.data; - // Check if the user has permission to add user sites - const hasPermission = await checkUserActionPermission( - ActionsEnum.addUserSite, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - const newUserSite = await db .insert(userSites) .values({ @@ -55,7 +40,6 @@ export async function addUserSite( }) .returning(); - // Add all resources associated with the site to the user const siteResources = await db .select() .from(resources) @@ -78,10 +62,7 @@ export async function addUserSite( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/user/getUser.ts b/server/routers/user/getUser.ts index 4cbd37f8..43aa6c87 100644 --- a/server/routers/user/getUser.ts +++ b/server/routers/user/getUser.ts @@ -6,7 +6,6 @@ import { eq } from "drizzle-orm"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; export type GetUserResponse = { @@ -18,14 +17,14 @@ export type GetUserResponse = { export async function getUser( req: Request, res: Response, - next: NextFunction, + next: NextFunction ): Promise { try { const userId = req.user?.userId; if (!userId) { return next( - createHttpError(HttpCode.UNAUTHORIZED, "User not found"), + createHttpError(HttpCode.UNAUTHORIZED, "User not found") ); } @@ -39,8 +38,8 @@ export async function getUser( return next( createHttpError( HttpCode.NOT_FOUND, - `User with ID ${userId} not found`, - ), + `User with ID ${userId} not found` + ) ); } @@ -60,8 +59,8 @@ export async function getUser( return next( createHttpError( HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred...", - ), + "An error occurred..." + ) ); } } diff --git a/server/routers/user/inviteUser.ts b/server/routers/user/inviteUser.ts index a4d69772..71a16a40 100644 --- a/server/routers/user/inviteUser.ts +++ b/server/routers/user/inviteUser.ts @@ -64,19 +64,6 @@ export async function inviteUser( const { orgId } = parsedParams.data; const { email, validHours, roleId } = parsedBody.data; - const hasPermission = await checkUserActionPermission( - ActionsEnum.inviteUser, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - const currentTime = Date.now(); const oneHourAgo = currentTime - 3600000; @@ -86,7 +73,7 @@ export async function inviteUser( inviteTracker[email].timestamps = inviteTracker[ email - ].timestamps.filter((timestamp) => timestamp > oneHourAgo); + ].timestamps.filter((timestamp) => timestamp > oneHourAgo); // TODO: this could cause memory increase over time if the object is never deleted if (inviteTracker[email].timestamps.length >= 3) { return next( diff --git a/server/routers/user/listUsers.ts b/server/routers/user/listUsers.ts index b83b5546..f801dc40 100644 --- a/server/routers/user/listUsers.ts +++ b/server/routers/user/listUsers.ts @@ -6,7 +6,6 @@ import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; import { sql } from "drizzle-orm"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; const listUsersParamsSchema = z.object({ @@ -81,27 +80,12 @@ export async function listUsers( const { orgId } = parsedParams.data; - // Check if the user has permission to list users - const hasPermission = await checkUserActionPermission( - ActionsEnum.listUsers, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - const usersWithRoles = await queryUsers( orgId.toString(), limit, offset ); - // Count total users const [{ count }] = await db .select({ count: sql`count(*)` }) .from(users); diff --git a/server/routers/user/removeUserAction.ts b/server/routers/user/removeUserAction.ts index 3a36ddec..838e099b 100644 --- a/server/routers/user/removeUserAction.ts +++ b/server/routers/user/removeUserAction.ts @@ -6,7 +6,6 @@ import { and, eq } from "drizzle-orm"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { fromError } from "zod-validation-error"; @@ -49,20 +48,6 @@ export async function removeUserAction( const { actionId, orgId } = parsedBody.data; - // Check if the user has permission to remove user actions - const hasPermission = await checkUserActionPermission( - ActionsEnum.removeUserAction, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - const deletedUserAction = await db .delete(userActions) .where( @@ -93,10 +78,7 @@ export async function removeUserAction( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/user/removeUserOrg.ts b/server/routers/user/removeUserOrg.ts index 652acc95..805089c3 100644 --- a/server/routers/user/removeUserOrg.ts +++ b/server/routers/user/removeUserOrg.ts @@ -6,7 +6,6 @@ import { and, eq } from "drizzle-orm"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { fromError } from "zod-validation-error"; @@ -33,19 +32,6 @@ export async function removeUserOrg( const { userId, orgId } = parsedParams.data; - const hasPermission = await checkUserActionPermission( - ActionsEnum.removeUser, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - // remove the user from the userOrgs table await db .delete(userOrgs) @@ -61,10 +47,7 @@ export async function removeUserOrg( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/user/removeUserResource.ts b/server/routers/user/removeUserResource.ts index 3eecdf3f..d62fcf90 100644 --- a/server/routers/user/removeUserResource.ts +++ b/server/routers/user/removeUserResource.ts @@ -6,7 +6,6 @@ import { and, eq } from "drizzle-orm"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { fromError } from "zod-validation-error"; @@ -33,20 +32,6 @@ export async function removeUserResource( const { userId, resourceId } = parsedParams.data; - // Check if the user has permission to remove user resources - const hasPermission = await checkUserActionPermission( - ActionsEnum.removeUserResource, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - const deletedUserResource = await db .delete(userResources) .where( @@ -76,10 +61,7 @@ export async function removeUserResource( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/user/removeUserSite.ts b/server/routers/user/removeUserSite.ts index bdd29134..748f54ca 100644 --- a/server/routers/user/removeUserSite.ts +++ b/server/routers/user/removeUserSite.ts @@ -6,7 +6,6 @@ import { and, eq } from "drizzle-orm"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { fromError } from "zod-validation-error"; @@ -48,20 +47,6 @@ export async function removeUserSite( const { siteId } = parsedBody.data; - // Check if the user has permission to remove user sites - const hasPermission = await checkUserActionPermission( - ActionsEnum.removeUserSite, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - const deletedUserSite = await db .delete(userSites) .where( @@ -105,10 +90,7 @@ export async function removeUserSite( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } } diff --git a/server/routers/user/setUserRole.ts b/server/routers/user/setUserRole.ts index a95f7dc0..da4ab3e6 100644 --- a/server/routers/user/setUserRole.ts +++ b/server/routers/user/setUserRole.ts @@ -6,7 +6,6 @@ import { eq, and } from "drizzle-orm"; import response from "@server/utils/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; -import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions"; import logger from "@server/logger"; import { fromError } from "zod-validation-error"; @@ -34,21 +33,6 @@ export async function addUserRole( const { userId, roleId, orgId } = parsedBody.data; - // Check if the user has permission to add user roles - const hasPermission = await checkUserActionPermission( - ActionsEnum.addUserRole, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } - - // Check if the role exists and belongs to the specified org const roleExists = await db .select() .from(roles) @@ -80,10 +64,7 @@ export async function addUserRole( } catch (error) { logger.error(error); return next( - createHttpError( - HttpCode.INTERNAL_SERVER_ERROR, - "An error occurred..." - ) + createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } }