added support for pin code auth

2025-08-01 08:34:53 +02:00 · 2024-11-23 20:08:56 -05:00 · 2024-11-23 20:08:56 -05:00 · ad5ea3564b
commit ad5ea3564b
parent 78b23a8956
14 changed files with 653 additions and 88 deletions
--- a/server/routers/external.ts
+++ b/server/routers/external.ts
@ -43,51 +43,51 @@ authenticated.get(
    "/org/:orgId",
    verifyOrgAccess,
    verifyUserHasAction(ActionsEnum.getOrg),
-    org.getOrg
+    org.getOrg,
 );
 authenticated.post(
    "/org/:orgId",
    verifyOrgAccess,
    verifyUserHasAction(ActionsEnum.updateOrg),
-    org.updateOrg
+    org.updateOrg,
 );
 authenticated.delete(
    "/org/:orgId",
    verifyOrgAccess,
    verifyUserIsOrgOwner,
-    org.deleteOrg
+    org.deleteOrg,
 );

 authenticated.put(
    "/org/:orgId/site",
    verifyOrgAccess,
    verifyUserHasAction(ActionsEnum.createSite),
-    site.createSite
+    site.createSite,
 );
 authenticated.get(
    "/org/:orgId/sites",
    verifyOrgAccess,
    verifyUserHasAction(ActionsEnum.listSites),
-    site.listSites
+    site.listSites,
 );
 authenticated.get(
    "/org/:orgId/site/:niceId",
    verifyOrgAccess,
    verifyUserHasAction(ActionsEnum.getSite),
-    site.getSite
+    site.getSite,
 );

 authenticated.get(
    "/org/:orgId/pick-site-defaults",
    verifyOrgAccess,
    verifyUserHasAction(ActionsEnum.createSite),
-    site.pickSiteDefaults
+    site.pickSiteDefaults,
 );
 authenticated.get(
    "/site/:siteId",
    verifySiteAccess,
    verifyUserHasAction(ActionsEnum.getSite),
-    site.getSite
+    site.getSite,
 );
 // authenticated.get(
 //     "/site/:siteId/roles",
@ -99,38 +99,38 @@ authenticated.post(
    "/site/:siteId",
    verifySiteAccess,
    verifyUserHasAction(ActionsEnum.updateSite),
-    site.updateSite
+    site.updateSite,
 );
 authenticated.delete(
    "/site/:siteId",
    verifySiteAccess,
    verifyUserHasAction(ActionsEnum.deleteSite),
-    site.deleteSite
+    site.deleteSite,
 );

 authenticated.put(
    "/org/:orgId/site/:siteId/resource",
    verifyOrgAccess,
    verifyUserHasAction(ActionsEnum.createResource),
-    resource.createResource
+    resource.createResource,
 );
 authenticated.get(
    "/site/:siteId/resources",
    verifyUserHasAction(ActionsEnum.listResources),
-    resource.listResources
+    resource.listResources,
 );
 authenticated.get(
    "/org/:orgId/resources",
    verifyOrgAccess,
    verifyUserHasAction(ActionsEnum.listResources),
-    resource.listResources
+    resource.listResources,
 );

 authenticated.post(
    "/org/:orgId/create-invite",
    verifyOrgAccess,
    verifyUserHasAction(ActionsEnum.inviteUser),
-    user.inviteUser
+    user.inviteUser,
 ); // maybe make this /invite/create instead
 authenticated.post("/invite/accept", user.acceptInvite);

@ -138,77 +138,77 @@ authenticated.get(
    "/resource/:resourceId/roles",
    verifyResourceAccess,
    verifyUserHasAction(ActionsEnum.listResourceRoles),
-    resource.listResourceRoles
+    resource.listResourceRoles,
 );

 authenticated.get(
    "/resource/:resourceId/users",
    verifyResourceAccess,
    verifyUserHasAction(ActionsEnum.listResourceUsers),
-    resource.listResourceUsers
+    resource.listResourceUsers,
 );

 authenticated.get(
    "/resource/:resourceId",
    verifyResourceAccess,
    verifyUserHasAction(ActionsEnum.getResource),
-    resource.getResource
+    resource.getResource,
 );
 authenticated.post(
    "/resource/:resourceId",
    verifyResourceAccess,
    verifyUserHasAction(ActionsEnum.updateResource),
-    resource.updateResource
+    resource.updateResource,
 );
 authenticated.delete(
    "/resource/:resourceId",
    verifyResourceAccess,
    verifyUserHasAction(ActionsEnum.deleteResource),
-    resource.deleteResource
+    resource.deleteResource,
 );

 authenticated.put(
    "/resource/:resourceId/target",
    verifyResourceAccess,
    verifyUserHasAction(ActionsEnum.createTarget),
-    target.createTarget
+    target.createTarget,
 );
 authenticated.get(
    "/resource/:resourceId/targets",
    verifyResourceAccess,
    verifyUserHasAction(ActionsEnum.listTargets),
-    target.listTargets
+    target.listTargets,
 );
 authenticated.get(
    "/target/:targetId",
    verifyTargetAccess,
    verifyUserHasAction(ActionsEnum.getTarget),
-    target.getTarget
+    target.getTarget,
 );
 authenticated.post(
    "/target/:targetId",
    verifyTargetAccess,
    verifyUserHasAction(ActionsEnum.updateTarget),
-    target.updateTarget
+    target.updateTarget,
 );
 authenticated.delete(
    "/target/:targetId",
    verifyTargetAccess,
    verifyUserHasAction(ActionsEnum.deleteTarget),
-    target.deleteTarget
+    target.deleteTarget,
 );

 authenticated.put(
    "/org/:orgId/role",
    verifyOrgAccess,
    verifyUserHasAction(ActionsEnum.createRole),
-    role.createRole
+    role.createRole,
 );
 authenticated.get(
    "/org/:orgId/roles",
    verifyOrgAccess,
    verifyUserHasAction(ActionsEnum.listRoles),
-    role.listRoles
+    role.listRoles,
 );
 // authenticated.get(
 //     "/role/:roleId",
@ -227,14 +227,14 @@ authenticated.delete(
    "/role/:roleId",
    verifyRoleAccess,
    verifyUserHasAction(ActionsEnum.deleteRole),
-    role.deleteRole
+    role.deleteRole,
 );
 authenticated.post(
    "/role/:roleId/add/:userId",
    verifyRoleAccess,
    verifyUserAccess,
    verifyUserHasAction(ActionsEnum.addUserRole),
-    user.addUserRole
+    user.addUserRole,
 );

 // authenticated.put(
@ -264,7 +264,7 @@ authenticated.post(
    verifyResourceAccess,
    verifyRoleAccess,
    verifyUserHasAction(ActionsEnum.setResourceRoles),
-    resource.setResourceRoles
+    resource.setResourceRoles,
 );

 authenticated.post(
@ -272,19 +272,29 @@ authenticated.post(
    verifyResourceAccess,
    verifySetResourceUsers,
    verifyUserHasAction(ActionsEnum.setResourceUsers),
-    resource.setResourceUsers
+    resource.setResourceUsers,
 );

 authenticated.post(
    `/resource/:resourceId/password`,
    verifyResourceAccess,
    verifyUserHasAction(ActionsEnum.setResourceAuthMethods),
-    resource.setResourcePassword
+    resource.setResourcePassword,
 );
-
 unauthenticated.post(
    "/resource/:resourceId/auth/password",
-    resource.authWithPassword
+    resource.authWithPassword,
+);
+
+authenticated.post(
+    `/resource/:resourceId/pincode`,
+    verifyResourceAccess,
+    verifyUserHasAction(ActionsEnum.setResourceAuthMethods),
+    resource.setResourcePincode,
+);
+unauthenticated.post(
+    "/resource/:resourceId/auth/pincode",
+    resource.authWithPincode,
 );

 unauthenticated.get("/resource/:resourceId/auth", resource.getResourceAuthInfo);
@ -325,14 +335,14 @@ authenticated.get(
    "/org/:orgId/users",
    verifyOrgAccess,
    verifyUserHasAction(ActionsEnum.listUsers),
-    user.listUsers
+    user.listUsers,
 );
 authenticated.delete(
    "/org/:orgId/user/:userId",
    verifyOrgAccess,
    verifyUserAccess,
    verifyUserHasAction(ActionsEnum.removeUser),
-    user.removeUserOrg
+    user.removeUserOrg,
 );

 // authenticated.put(
@ -374,7 +384,7 @@ authRouter.use(
        windowMin: 10,
        max: 15,
        type: "IP_AND_PATH",
-    })
+    }),
 );

 authRouter.put("/signup", auth.signup);
@ -386,19 +396,19 @@ authRouter.post("/2fa/enable", verifySessionUserMiddleware, auth.verifyTotp);
 authRouter.post(
    "/2fa/request",
    verifySessionUserMiddleware,
-    auth.requestTotpSecret
+    auth.requestTotpSecret,
 );
 authRouter.post("/2fa/disable", verifySessionUserMiddleware, auth.disable2fa);
 authRouter.post("/verify-email", verifySessionMiddleware, auth.verifyEmail);
 authRouter.post(
    "/verify-email/request",
    verifySessionMiddleware,
-    auth.requestEmailVerificationCode
+    auth.requestEmailVerificationCode,
 );
 authRouter.post(
    "/change-password",
    verifySessionUserMiddleware,
-    auth.changePassword
+    auth.changePassword,
 );
 authRouter.post("/reset-password/request", auth.requestPasswordReset);
 authRouter.post("/reset-password/", auth.resetPassword);