mirror/fosrl.pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2025-08-06 19:04:41 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

added support for pin code auth

Browse source
This commit is contained in:
Milo Schwartz 2024-11-23 20:08:56 -05:00
parent 78b23a8956
commit ad5ea3564b
No known key found for this signature in database
14 changed files with 653 additions and 88 deletions
Download patch file Download diff file Expand all files Collapse all files

88
server/routers/external.ts
View file

@ -43,51 +43,51 @@ authenticated.get(
"/org/:orgId", "/org/:orgId",
verifyOrgAccess, verifyOrgAccess,
verifyUserHasAction(ActionsEnum.getOrg), verifyUserHasAction(ActionsEnum.getOrg),
org.getOrg org.getOrg,
); );
authenticated.post( authenticated.post(
"/org/:orgId", "/org/:orgId",
verifyOrgAccess, verifyOrgAccess,
verifyUserHasAction(ActionsEnum.updateOrg), verifyUserHasAction(ActionsEnum.updateOrg),
org.updateOrg org.updateOrg,
); );
authenticated.delete( authenticated.delete(
"/org/:orgId", "/org/:orgId",
verifyOrgAccess, verifyOrgAccess,
verifyUserIsOrgOwner, verifyUserIsOrgOwner,
org.deleteOrg org.deleteOrg,
); );
authenticated.put( authenticated.put(
"/org/:orgId/site", "/org/:orgId/site",
verifyOrgAccess, verifyOrgAccess,
verifyUserHasAction(ActionsEnum.createSite), verifyUserHasAction(ActionsEnum.createSite),
site.createSite site.createSite,
); );
authenticated.get( authenticated.get(
"/org/:orgId/sites", "/org/:orgId/sites",
verifyOrgAccess, verifyOrgAccess,
verifyUserHasAction(ActionsEnum.listSites), verifyUserHasAction(ActionsEnum.listSites),
site.listSites site.listSites,
); );
authenticated.get( authenticated.get(
"/org/:orgId/site/:niceId", "/org/:orgId/site/:niceId",
verifyOrgAccess, verifyOrgAccess,
verifyUserHasAction(ActionsEnum.getSite), verifyUserHasAction(ActionsEnum.getSite),
site.getSite site.getSite,
); );
authenticated.get( authenticated.get(
"/org/:orgId/pick-site-defaults", "/org/:orgId/pick-site-defaults",
verifyOrgAccess, verifyOrgAccess,
verifyUserHasAction(ActionsEnum.createSite), verifyUserHasAction(ActionsEnum.createSite),
site.pickSiteDefaults site.pickSiteDefaults,
); );
authenticated.get( authenticated.get(
"/site/:siteId", "/site/:siteId",
verifySiteAccess, verifySiteAccess,
verifyUserHasAction(ActionsEnum.getSite), verifyUserHasAction(ActionsEnum.getSite),
site.getSite site.getSite,
); );
// authenticated.get( // authenticated.get(
// "/site/:siteId/roles", // "/site/:siteId/roles",
@ -99,38 +99,38 @@ authenticated.post(
"/site/:siteId", "/site/:siteId",
verifySiteAccess, verifySiteAccess,
verifyUserHasAction(ActionsEnum.updateSite), verifyUserHasAction(ActionsEnum.updateSite),
site.updateSite site.updateSite,
); );
authenticated.delete( authenticated.delete(
"/site/:siteId", "/site/:siteId",
verifySiteAccess, verifySiteAccess,
verifyUserHasAction(ActionsEnum.deleteSite), verifyUserHasAction(ActionsEnum.deleteSite),
site.deleteSite site.deleteSite,
); );
authenticated.put( authenticated.put(
"/org/:orgId/site/:siteId/resource", "/org/:orgId/site/:siteId/resource",
verifyOrgAccess, verifyOrgAccess,
verifyUserHasAction(ActionsEnum.createResource), verifyUserHasAction(ActionsEnum.createResource),
resource.createResource resource.createResource,
); );
authenticated.get( authenticated.get(
"/site/:siteId/resources", "/site/:siteId/resources",
verifyUserHasAction(ActionsEnum.listResources), verifyUserHasAction(ActionsEnum.listResources),
resource.listResources resource.listResources,
); );
authenticated.get( authenticated.get(
"/org/:orgId/resources", "/org/:orgId/resources",
verifyOrgAccess, verifyOrgAccess,
verifyUserHasAction(ActionsEnum.listResources), verifyUserHasAction(ActionsEnum.listResources),
resource.listResources resource.listResources,
); );
authenticated.post( authenticated.post(
"/org/:orgId/create-invite", "/org/:orgId/create-invite",
verifyOrgAccess, verifyOrgAccess,
verifyUserHasAction(ActionsEnum.inviteUser), verifyUserHasAction(ActionsEnum.inviteUser),
user.inviteUser user.inviteUser,
); // maybe make this /invite/create instead ); // maybe make this /invite/create instead
authenticated.post("/invite/accept", user.acceptInvite); authenticated.post("/invite/accept", user.acceptInvite);
@ -138,77 +138,77 @@ authenticated.get(
"/resource/:resourceId/roles", "/resource/:resourceId/roles",
verifyResourceAccess, verifyResourceAccess,
verifyUserHasAction(ActionsEnum.listResourceRoles), verifyUserHasAction(ActionsEnum.listResourceRoles),
resource.listResourceRoles resource.listResourceRoles,
); );
authenticated.get( authenticated.get(
"/resource/:resourceId/users", "/resource/:resourceId/users",
verifyResourceAccess, verifyResourceAccess,
verifyUserHasAction(ActionsEnum.listResourceUsers), verifyUserHasAction(ActionsEnum.listResourceUsers),
resource.listResourceUsers resource.listResourceUsers,
); );
authenticated.get( authenticated.get(
"/resource/:resourceId", "/resource/:resourceId",
verifyResourceAccess, verifyResourceAccess,
verifyUserHasAction(ActionsEnum.getResource), verifyUserHasAction(ActionsEnum.getResource),
resource.getResource resource.getResource,
); );
authenticated.post( authenticated.post(
"/resource/:resourceId", "/resource/:resourceId",
verifyResourceAccess, verifyResourceAccess,
verifyUserHasAction(ActionsEnum.updateResource), verifyUserHasAction(ActionsEnum.updateResource),
resource.updateResource resource.updateResource,
); );
authenticated.delete( authenticated.delete(
"/resource/:resourceId", "/resource/:resourceId",
verifyResourceAccess, verifyResourceAccess,
verifyUserHasAction(ActionsEnum.deleteResource), verifyUserHasAction(ActionsEnum.deleteResource),
resource.deleteResource resource.deleteResource,
); );
authenticated.put( authenticated.put(
"/resource/:resourceId/target", "/resource/:resourceId/target",
verifyResourceAccess, verifyResourceAccess,
verifyUserHasAction(ActionsEnum.createTarget), verifyUserHasAction(ActionsEnum.createTarget),
target.createTarget target.createTarget,
); );
authenticated.get( authenticated.get(
"/resource/:resourceId/targets", "/resource/:resourceId/targets",
verifyResourceAccess, verifyResourceAccess,
verifyUserHasAction(ActionsEnum.listTargets), verifyUserHasAction(ActionsEnum.listTargets),
target.listTargets target.listTargets,
); );
authenticated.get( authenticated.get(
"/target/:targetId", "/target/:targetId",
verifyTargetAccess, verifyTargetAccess,
verifyUserHasAction(ActionsEnum.getTarget), verifyUserHasAction(ActionsEnum.getTarget),
target.getTarget target.getTarget,
); );
authenticated.post( authenticated.post(
"/target/:targetId", "/target/:targetId",
verifyTargetAccess, verifyTargetAccess,
verifyUserHasAction(ActionsEnum.updateTarget), verifyUserHasAction(ActionsEnum.updateTarget),
target.updateTarget target.updateTarget,
); );
authenticated.delete( authenticated.delete(
"/target/:targetId", "/target/:targetId",
verifyTargetAccess, verifyTargetAccess,
verifyUserHasAction(ActionsEnum.deleteTarget), verifyUserHasAction(ActionsEnum.deleteTarget),
target.deleteTarget target.deleteTarget,
); );
authenticated.put( authenticated.put(
"/org/:orgId/role", "/org/:orgId/role",
verifyOrgAccess, verifyOrgAccess,
verifyUserHasAction(ActionsEnum.createRole), verifyUserHasAction(ActionsEnum.createRole),
role.createRole role.createRole,
); );
authenticated.get( authenticated.get(
"/org/:orgId/roles", "/org/:orgId/roles",
verifyOrgAccess, verifyOrgAccess,
verifyUserHasAction(ActionsEnum.listRoles), verifyUserHasAction(ActionsEnum.listRoles),
role.listRoles role.listRoles,
); );
// authenticated.get( // authenticated.get(
// "/role/:roleId", // "/role/:roleId",
@ -227,14 +227,14 @@ authenticated.delete(
"/role/:roleId", "/role/:roleId",
verifyRoleAccess, verifyRoleAccess,
verifyUserHasAction(ActionsEnum.deleteRole), verifyUserHasAction(ActionsEnum.deleteRole),
role.deleteRole role.deleteRole,
); );
authenticated.post( authenticated.post(
"/role/:roleId/add/:userId", "/role/:roleId/add/:userId",
verifyRoleAccess, verifyRoleAccess,
verifyUserAccess, verifyUserAccess,
verifyUserHasAction(ActionsEnum.addUserRole), verifyUserHasAction(ActionsEnum.addUserRole),
user.addUserRole user.addUserRole,
); );
// authenticated.put( // authenticated.put(
@ -264,7 +264,7 @@ authenticated.post(
verifyResourceAccess, verifyResourceAccess,
verifyRoleAccess, verifyRoleAccess,
verifyUserHasAction(ActionsEnum.setResourceRoles), verifyUserHasAction(ActionsEnum.setResourceRoles),
resource.setResourceRoles resource.setResourceRoles,
); );
authenticated.post( authenticated.post(
@ -272,19 +272,29 @@ authenticated.post(
verifyResourceAccess, verifyResourceAccess,
verifySetResourceUsers, verifySetResourceUsers,
verifyUserHasAction(ActionsEnum.setResourceUsers), verifyUserHasAction(ActionsEnum.setResourceUsers),
resource.setResourceUsers resource.setResourceUsers,
); );
authenticated.post( authenticated.post(
`/resource/:resourceId/password`, `/resource/:resourceId/password`,
verifyResourceAccess, verifyResourceAccess,
verifyUserHasAction(ActionsEnum.setResourceAuthMethods), verifyUserHasAction(ActionsEnum.setResourceAuthMethods),
resource.setResourcePassword resource.setResourcePassword,
); );
unauthenticated.post( unauthenticated.post(
"/resource/:resourceId/auth/password", "/resource/:resourceId/auth/password",
resource.authWithPassword resource.authWithPassword,
);
authenticated.post(
`/resource/:resourceId/pincode`,
verifyResourceAccess,
verifyUserHasAction(ActionsEnum.setResourceAuthMethods),
resource.setResourcePincode,
);
unauthenticated.post(
"/resource/:resourceId/auth/pincode",
resource.authWithPincode,
); );
unauthenticated.get("/resource/:resourceId/auth", resource.getResourceAuthInfo); unauthenticated.get("/resource/:resourceId/auth", resource.getResourceAuthInfo);
@ -325,14 +335,14 @@ authenticated.get(
"/org/:orgId/users", "/org/:orgId/users",
verifyOrgAccess, verifyOrgAccess,
verifyUserHasAction(ActionsEnum.listUsers), verifyUserHasAction(ActionsEnum.listUsers),
user.listUsers user.listUsers,
); );
authenticated.delete( authenticated.delete(
"/org/:orgId/user/:userId", "/org/:orgId/user/:userId",
verifyOrgAccess, verifyOrgAccess,
verifyUserAccess, verifyUserAccess,
verifyUserHasAction(ActionsEnum.removeUser), verifyUserHasAction(ActionsEnum.removeUser),
user.removeUserOrg user.removeUserOrg,
); );
// authenticated.put( // authenticated.put(
@ -374,7 +384,7 @@ authRouter.use(
windowMin: 10, windowMin: 10,
max: 15, max: 15,
type: "IP_AND_PATH", type: "IP_AND_PATH",
}) }),
); );
authRouter.put("/signup", auth.signup); authRouter.put("/signup", auth.signup);
@ -386,19 +396,19 @@ authRouter.post("/2fa/enable", verifySessionUserMiddleware, auth.verifyTotp);
authRouter.post( authRouter.post(
"/2fa/request", "/2fa/request",
verifySessionUserMiddleware, verifySessionUserMiddleware,
auth.requestTotpSecret auth.requestTotpSecret,
); );
authRouter.post("/2fa/disable", verifySessionUserMiddleware, auth.disable2fa); authRouter.post("/2fa/disable", verifySessionUserMiddleware, auth.disable2fa);
authRouter.post("/verify-email", verifySessionMiddleware, auth.verifyEmail); authRouter.post("/verify-email", verifySessionMiddleware, auth.verifyEmail);
authRouter.post( authRouter.post(
"/verify-email/request", "/verify-email/request",
verifySessionMiddleware, verifySessionMiddleware,
auth.requestEmailVerificationCode auth.requestEmailVerificationCode,
); );
authRouter.post( authRouter.post(
"/change-password", "/change-password",
verifySessionUserMiddleware, verifySessionUserMiddleware,
auth.changePassword auth.changePassword,
); );
authRouter.post("/reset-password/request", auth.requestPasswordReset); authRouter.post("/reset-password/request", auth.requestPasswordReset);
authRouter.post("/reset-password/", auth.resetPassword); authRouter.post("/reset-password/", auth.resetPassword);

154
server/routers/resource/authWithPincode.ts Normal file
View file

@ -0,0 +1,154 @@
import { verify } from "@node-rs/argon2";
import { generateSessionToken } from "@server/auth";
import db from "@server/db";
import { resourcePincode, resources } from "@server/db/schema";
import HttpCode from "@server/types/HttpCode";
import response from "@server/utils/response";
import { eq } from "drizzle-orm";
import { NextFunction, Request, Response } from "express";
import createHttpError from "http-errors";
import { z } from "zod";
import { fromError } from "zod-validation-error";
import {
createResourceSession,
serializeResourceSessionCookie,
} from "@server/auth/resource";
import logger from "@server/logger";
export const authWithPincodeBodySchema = z.object({
pincode: z.string(),
email: z.string().email().optional(),
code: z.string().optional(),
});
export const authWithPincodeParamsSchema = z.object({
resourceId: z.string().transform(Number).pipe(z.number().int().positive()),
});
export type AuthWithPincodeResponse = {
codeRequested?: boolean;
};
export async function authWithPincode(
req: Request,
res: Response,
next: NextFunction,
): Promise<any> {
const parsedBody = authWithPincodeBodySchema.safeParse(req.body);
if (!parsedBody.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedBody.error).toString(),
),
);
}
const parsedParams = authWithPincodeParamsSchema.safeParse(req.params);
if (!parsedParams.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedParams.error).toString(),
),
);
}
const { resourceId } = parsedParams.data;
const { email, pincode, code } = parsedBody.data;
try {
const [result] = await db
.select()
.from(resources)
.leftJoin(
resourcePincode,
eq(resourcePincode.resourceId, resources.resourceId),
)
.where(eq(resources.resourceId, resourceId))
.limit(1);
const resource = result?.resources;
const definedPincode = result?.resourcePincode;
if (!resource) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"Resource does not exist",
),
);
}
if (!definedPincode) {
return next(
createHttpError(
HttpCode.UNAUTHORIZED,
createHttpError(
HttpCode.BAD_REQUEST,
"Resource has no pincode protection",
),
),
);
}
const validPincode = await verify(definedPincode.pincodeHash, pincode, {
memoryCost: 19456,
timeCost: 2,
outputLen: 32,
parallelism: 1,
});
if (!validPincode) {
return next(
createHttpError(HttpCode.UNAUTHORIZED, "Incorrect PIN code"),
);
}
if (resource.twoFactorEnabled) {
if (!code) {
return response<AuthWithPincodeResponse>(res, {
data: { codeRequested: true },
success: true,
error: false,
message: "Two-factor authentication required",
status: HttpCode.ACCEPTED,
});
}
// TODO: Implement email OTP for resource 2fa
}
const token = generateSessionToken();
await createResourceSession({
resourceId,
token,
pincodeId: definedPincode.pincodeId,
});
const secureCookie = resource.ssl;
const cookie = serializeResourceSessionCookie(
token,
resource.fullDomain,
secureCookie,
);
res.appendHeader("Set-Cookie", cookie);
logger.debug(cookie); // remove after testing
return response<null>(res, {
data: null,
success: true,
error: false,
message: "Authenticated with resource successfully",
status: HttpCode.OK,
});
} catch (e) {
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
"Failed to authenticate with resource",
),
);
}
}

2
server/routers/resource/index.ts
View file

@ -10,3 +10,5 @@ export * from "./listResourceUsers";
export * from "./setResourcePassword"; export * from "./setResourcePassword";
export * from "./authWithPassword"; export * from "./authWithPassword";
export * from "./getResourceAuthInfo"; export * from "./getResourceAuthInfo";
export * from "./setResourcePincode";
export * from "./authWithPincode";

91
server/routers/resource/setResourcePincode.ts Normal file
View file

@ -0,0 +1,91 @@
import { Request, Response, NextFunction } from "express";
import { z } from "zod";
import { db } from "@server/db";
import { resourcePincode } from "@server/db/schema";
import { eq } from "drizzle-orm";
import HttpCode from "@server/types/HttpCode";
import createHttpError from "http-errors";
import { fromError } from "zod-validation-error";
import { hash } from "@node-rs/argon2";
import { response } from "@server/utils";
import stoi from "@server/utils/stoi";
const setResourceAuthMethodsParamsSchema = z.object({
resourceId: z.string().transform(Number).pipe(z.number().int().positive()),
});
const setResourceAuthMethodsBodySchema = z
.object({
pincode: z
.string()
.regex(/^\d{6}$/)
.or(z.null()),
})
.strict();
export async function setResourcePincode(
req: Request,
res: Response,
next: NextFunction,
): Promise<any> {
try {
const parsedParams = setResourceAuthMethodsParamsSchema.safeParse(
req.params,
);
if (!parsedParams.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedParams.error).toString(),
),
);
}
const parsedBody = setResourceAuthMethodsBodySchema.safeParse(req.body);
if (!parsedBody.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedBody.error).toString(),
),
);
}
const { resourceId } = parsedParams.data;
const { pincode } = parsedBody.data;
await db.transaction(async (trx) => {
await trx
.delete(resourcePincode)
.where(eq(resourcePincode.resourceId, resourceId));
if (pincode) {
const pincodeHash = await hash(pincode, {
memoryCost: 19456,
timeCost: 2,
outputLen: 32,
parallelism: 1,
});
await trx
.insert(resourcePincode)
.values({ resourceId, pincodeHash, digitLength: 6 });
}
});
return response(res, {
data: {},
success: true,
error: false,
message: "Resource PIN code set successfully",
status: HttpCode.CREATED,
});
} catch (error) {
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
"An error occurred",
),
);
}
}

199
src/app/[orgId]/settings/resources/[resourceId]/authentication/components/SetResourcePincodeForm.tsx Normal file
View file

@ -0,0 +1,199 @@
"use client";
import api from "@app/api";
import { Button } from "@app/components/ui/button";
import {
Form,
FormControl,
FormDescription,
FormField,
FormItem,
FormLabel,
FormMessage,
} from "@app/components/ui/form";
import { Input } from "@app/components/ui/input";
import { useToast } from "@app/hooks/useToast";
import { zodResolver } from "@hookform/resolvers/zod";
import { useEffect, useState } from "react";
import { useForm } from "react-hook-form";
import { z } from "zod";
import {
Credenza,
CredenzaBody,
CredenzaClose,
CredenzaContent,
CredenzaDescription,
CredenzaFooter,
CredenzaHeader,
CredenzaTitle,
} from "@app/components/Credenza";
import { formatAxiosError } from "@app/lib/utils";
import { AxiosResponse } from "axios";
import { Resource } from "@server/db/schema";
import {
InputOTP,
InputOTPGroup,
InputOTPSlot,
} from "@app/components/ui/input-otp";
const setPincodeFormSchema = z.object({
pincode: z.string().length(6),
});
type SetPincodeFormValues = z.infer<typeof setPincodeFormSchema>;
const defaultValues: Partial<SetPincodeFormValues> = {
pincode: "",
};
type SetPincodeFormProps = {
open: boolean;
setOpen: (open: boolean) => void;
resourceId: number;
onSetPincode?: () => void;
};
export default function SetResourcePincodeForm({
open,
setOpen,
resourceId,
onSetPincode,
}: SetPincodeFormProps) {
const { toast } = useToast();
const [loading, setLoading] = useState(false);
const form = useForm<SetPincodeFormValues>({
resolver: zodResolver(setPincodeFormSchema),
defaultValues,
});
useEffect(() => {
if (!open) {
return;
}
form.reset();
}, [open]);
async function onSubmit(data: SetPincodeFormValues) {
setLoading(true);
api.post<AxiosResponse<Resource>>(`/resource/${resourceId}/pincode`, {
pincode: data.pincode,
})
.catch((e) => {
toast({
variant: "destructive",
title: "Error setting resource PIN code",
description: formatAxiosError(
e,
"An error occurred while setting the resource PIN code",
),
});
})
.then(() => {
toast({
title: "Resource PIN code set",
description:
"The resource pincode has been set successfully",
});
if (onSetPincode) {
onSetPincode();
}
})
.finally(() => setLoading(false));
}
return (
<>
<Credenza
open={open}
onOpenChange={(val) => {
setOpen(val);
setLoading(false);
form.reset();
}}
>
<CredenzaContent>
<CredenzaHeader>
<CredenzaTitle>Set Pincode</CredenzaTitle>
<CredenzaDescription>
Set a pincode to protect this resource
</CredenzaDescription>
</CredenzaHeader>
<CredenzaBody>
<Form {...form}>
<form
onSubmit={form.handleSubmit(onSubmit)}
className="space-y-4"
id="set-pincode-form"
>
<FormField
control={form.control}
name="pincode"
render={({ field }) => (
<FormItem>
<FormLabel>PIN Code</FormLabel>
<FormControl>
<div className="flex justify-center">
<InputOTP
autoComplete="false"
maxLength={6}
{...field}
>
<InputOTPGroup className="flex">
<InputOTPSlot
index={0}
/>
<InputOTPSlot
index={1}
/>
<InputOTPSlot
index={2}
/>
<InputOTPSlot
index={3}
/>
<InputOTPSlot
index={4}
/>
<InputOTPSlot
index={5}
/>
</InputOTPGroup>
</InputOTP>
</div>
</FormControl>
<FormDescription>
Users will be able to access
this resource by entering this
PIN code. It must be at least 6
digits long.
</FormDescription>
<FormMessage />
</FormItem>
)}
/>
</form>
</Form>
</CredenzaBody>
<CredenzaFooter>
<Button
type="submit"
form="set-pincode-form"
loading={loading}
disabled={loading}
>
Enable PIN Code Protection
</Button>
<CredenzaClose asChild>
<Button variant="outline">Close</Button>
</CredenzaClose>
</CredenzaFooter>
</CredenzaContent>
</Credenza>
</>
);
}

106
src/app/[orgId]/settings/resources/[resourceId]/authentication/page.tsx
View file

@ -32,9 +32,10 @@ import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
import { ListUsersResponse } from "@server/routers/user"; import { ListUsersResponse } from "@server/routers/user";
import { Switch } from "@app/components/ui/switch"; import { Switch } from "@app/components/ui/switch";
import { Label } from "@app/components/ui/label"; import { Label } from "@app/components/ui/label";
import { ShieldCheck } from "lucide-react"; import { Binary, Key, ShieldCheck } from "lucide-react";
import SetResourcePasswordForm from "./components/SetResourcePasswordForm"; import SetResourcePasswordForm from "./components/SetResourcePasswordForm";
import { Separator } from "@app/components/ui/separator"; import { Separator } from "@app/components/ui/separator";
import SetResourcePincodeForm from "./components/SetResourcePincodeForm";
const UsersRolesFormSchema = z.object({ const UsersRolesFormSchema = z.object({
roles: z.array( roles: z.array(
@ -78,8 +79,11 @@ export default function ResourceAuthenticationPage() {
const [loadingSaveUsersRoles, setLoadingSaveUsersRoles] = useState(false); const [loadingSaveUsersRoles, setLoadingSaveUsersRoles] = useState(false);
const [loadingRemoveResourcePassword, setLoadingRemoveResourcePassword] = const [loadingRemoveResourcePassword, setLoadingRemoveResourcePassword] =
useState(false); useState(false);
const [loadingRemoveResourcePincode, setLoadingRemoveResourcePincode] =
useState(false);
const [isSetPasswordOpen, setIsSetPasswordOpen] = useState(false); const [isSetPasswordOpen, setIsSetPasswordOpen] = useState(false);
const [isSetPincodeOpen, setIsSetPincodeOpen] = useState(false);
const usersRolesForm = useForm<z.infer<typeof UsersRolesFormSchema>>({ const usersRolesForm = useForm<z.infer<typeof UsersRolesFormSchema>>({
resolver: zodResolver(UsersRolesFormSchema), resolver: zodResolver(UsersRolesFormSchema),
@ -237,6 +241,36 @@ export default function ResourceAuthenticationPage() {
.finally(() => setLoadingRemoveResourcePassword(false)); .finally(() => setLoadingRemoveResourcePassword(false));
} }
function removeResourcePincode() {
setLoadingRemoveResourcePincode(true);
api.post(`/resource/${resource.resourceId}/pincode`, {
pincode: null,
})
.then(() => {
toast({
title: "Resource pincode removed",
description:
"The resource password has been removed successfully",
});
updateAuthInfo({
pincode: false,
});
})
.catch((e) => {
toast({
variant: "destructive",
title: "Error removing resource pincode",
description: formatAxiosError(
e,
"An error occurred while removing the resource pincode",
),
});
})
.finally(() => setLoadingRemoveResourcePincode(false));
}
if (pageLoading) { if (pageLoading) {
return <></>; return <></>;
} }
@ -257,6 +291,20 @@ export default function ResourceAuthenticationPage() {
/> />
)} )}
{isSetPincodeOpen && (
<SetResourcePincodeForm
open={isSetPincodeOpen}
setOpen={setIsSetPincodeOpen}
resourceId={resource.resourceId}
onSetPincode={() => {
setIsSetPincodeOpen(false);
updateAuthInfo({
pincode: true,
});
}}
/>
)}
<div className="space-y-12"> <div className="space-y-12">
<section className="space-y-8"> <section className="space-y-8">
<SettingsSectionTitle <SettingsSectionTitle
@ -412,19 +460,27 @@ export default function ResourceAuthenticationPage() {
<Separator /> <Separator />
<section className="space-y-8"> <section className="space-y-8 lg:max-w-2xl">
<SettingsSectionTitle <SettingsSectionTitle
title="Authentication Methods" title="Authentication Methods"
description="Allow anyone to access the resource via the below methods" description="Allow anyone to access the resource via the below methods"
size="1xl" size="1xl"
/> />
{authInfo?.password ? ( <div className="flex flex-col space-y-4">
<div className="flex items-center space-x-4"> <div className="flex items-center justify-between space-x-4">
<div className="flex items-center text-green-500 space-x-2"> <div
<ShieldCheck /> className={`flex items-center text-${!authInfo.password ? "red" : "green"}-500 space-x-2`}
<span>Password Protection Enabled</span> >
<Key />
<span>
Password Protection{" "}
{authInfo?.password
? "Enabled"
: "Disabled"}
</span>
</div> </div>
{authInfo?.password ? (
<Button <Button
variant="gray" variant="gray"
type="button" type="button"
@ -434,9 +490,7 @@ export default function ResourceAuthenticationPage() {
> >
Remove Password Remove Password
</Button> </Button>
</div>
) : ( ) : (
<div>
<Button <Button
variant="gray" variant="gray"
type="button" type="button"
@ -444,8 +498,40 @@ export default function ResourceAuthenticationPage() {
> >
Add Password Add Password
</Button> </Button>
</div>
)} )}
</div>
<div className="flex items-center justify-between space-x-4">
<div
className={`flex items-center text-${!authInfo.pincode ? "red" : "green"}-500 space-x-2`}
>
<Binary />
<span>
PIN Code Protection{" "}
{authInfo?.pincode ? "Enabled" : "Disabled"}
</span>
</div>
{authInfo?.pincode ? (
<Button
variant="gray"
type="button"
loading={loadingRemoveResourcePincode}
disabled={loadingRemoveResourcePincode}
onClick={removeResourcePincode}
>
Remove PIN Code
</Button>
) : (
<Button
variant="gray"
type="button"
onClick={() => setIsSetPincodeOpen(true)}
>
Add PIN Code
</Button>
)}
</div>
</div>
</section> </section>
</div> </div>
</> </>

4
src/app/auth/layout.tsx
View file

@ -12,7 +12,9 @@ type AuthLayoutProps = {
export default async function AuthLayout({ children }: AuthLayoutProps) { export default async function AuthLayout({ children }: AuthLayoutProps) {
return ( return (
<> <>
<div className="p-3 md:mt-32">{children}</div> <div className="w-full max-w-md mx-auto p-3 md:mt-32">
{children}
</div>
</> </>
); );
} }

2
src/app/auth/login/DashboardLoginForm.tsx
View file

@ -20,7 +20,7 @@ export default function DashboardLoginForm({
const router = useRouter(); const router = useRouter();
return ( return (
<Card className="w-full max-w-md mx-auto"> <Card className="w-full max-w-md">
<CardHeader> <CardHeader>
<CardTitle>Login</CardTitle> <CardTitle>Login</CardTitle>
<CardDescription> <CardDescription>

0
src/app/[orgId]/auth/resource/[resourceId]/components/ResourceAccessDenied.tsx → src/app/auth/resource/[resourceId]/components/ResourceAccessDenied.tsx
View file

36
src/app/[orgId]/auth/resource/[resourceId]/components/ResourceAuthPortal.tsx → src/app/auth/resource/[resourceId]/components/ResourceAuthPortal.tsx
View file

@ -68,7 +68,9 @@ export default function ResourceAuthPortal(props: ResourceAuthPortalProps) {
const router = useRouter(); const router = useRouter();
const [passwordError, setPasswordError] = useState<string | null>(null); const [passwordError, setPasswordError] = useState<string | null>(null);
const [pincodeError, setPincodeError] = useState<string | null>(null);
const [accessDenied, setAccessDenied] = useState<boolean>(false); const [accessDenied, setAccessDenied] = useState<boolean>(false);
const [loadingLogin, setLoadingLogin] = useState(false);
function getDefaultSelectedMethod() { function getDefaultSelectedMethod() {
if (props.methods.sso) { if (props.methods.sso) {
@ -111,11 +113,24 @@ export default function ResourceAuthPortal(props: ResourceAuthPortalProps) {
}); });
const onPinSubmit = (values: z.infer<typeof pinSchema>) => { const onPinSubmit = (values: z.infer<typeof pinSchema>) => {
console.log("PIN authentication", values); setLoadingLogin(true);
// Implement PIN authentication logic here api.post(`/resource/${props.resource.id}/auth/pincode`, {
pincode: values.pin,
})
.then((res) => {
window.location.href = props.redirect;
})
.catch((e) => {
console.error(e);
setPincodeError(
formatAxiosError(e, "Failed to authenticate with pincode"),
);
})
.then(() => setLoadingLogin(false));
}; };
const onPasswordSubmit = (values: z.infer<typeof passwordSchema>) => { const onPasswordSubmit = (values: z.infer<typeof passwordSchema>) => {
setLoadingLogin(true);
api.post(`/resource/${props.resource.id}/auth/password`, { api.post(`/resource/${props.resource.id}/auth/password`, {
password: values.password, password: values.password,
}) })
@ -127,7 +142,8 @@ export default function ResourceAuthPortal(props: ResourceAuthPortalProps) {
setPasswordError( setPasswordError(
formatAxiosError(e, "Failed to authenticate with password"), formatAxiosError(e, "Failed to authenticate with password"),
); );
}); })
.finally(() => setLoadingLogin(false));
}; };
async function handleSSOAuth() { async function handleSSOAuth() {
@ -202,8 +218,7 @@ export default function ResourceAuthPortal(props: ResourceAuthPortalProps) {
render={({ field }) => ( render={({ field }) => (
<FormItem> <FormItem>
<FormLabel> <FormLabel>
Enter 6-digit 6-digit PIN Code
PIN
</FormLabel> </FormLabel>
<FormControl> <FormControl>
<div className="flex justify-center"> <div className="flex justify-center">
@ -252,9 +267,18 @@ export default function ResourceAuthPortal(props: ResourceAuthPortalProps) {
</FormItem> </FormItem>
)} )}
/> />
{pincodeError && (
<Alert variant="destructive">
<AlertDescription>
{pincodeError}
</AlertDescription>
</Alert>
)}
<Button <Button
type="submit" type="submit"
className="w-full" className="w-full"
loading={loadingLogin}
disabled={loadingLogin}
> >
<LockIcon className="w-4 h-4 mr-2" /> <LockIcon className="w-4 h-4 mr-2" />
Login with PIN Login with PIN
@ -306,6 +330,8 @@ export default function ResourceAuthPortal(props: ResourceAuthPortalProps) {
<Button <Button
type="submit" type="submit"
className="w-full" className="w-full"
loading={loadingLogin}
disabled={loadingLogin}
> >
<LockIcon className="w-4 h-4 mr-2" /> <LockIcon className="w-4 h-4 mr-2" />
Login with Password Login with Password

0
src/app/[orgId]/auth/resource/[resourceId]/components/ResourceNotFound.tsx → src/app/auth/resource/[resourceId]/components/ResourceNotFound.tsx
View file

25
src/app/[orgId]/auth/resource/[resourceId]/page.tsx → src/app/auth/resource/[resourceId]/page.tsx
View file

@ -13,7 +13,7 @@ import ResourceNotFound from "./components/ResourceNotFound";
import ResourceAccessDenied from "./components/ResourceAccessDenied"; import ResourceAccessDenied from "./components/ResourceAccessDenied";
export default async function ResourceAuthPage(props: { export default async function ResourceAuthPage(props: {
params: Promise<{ resourceId: number; orgId: string }>; params: Promise<{ resourceId: number }>;
searchParams: Promise<{ r: string }>; searchParams: Promise<{ r: string }>;
}) { }) {
const params = await props.params; const params = await props.params;
@ -28,17 +28,14 @@ export default async function ResourceAuthPage(props: {
if (res && res.status === 200) { if (res && res.status === 200) {
authInfo = res.data.data; authInfo = res.data.data;
} }
} catch (e) { } catch (e) {}
console.error(e);
console.log("resource not found");
}
const getUser = cache(verifySession); const getUser = cache(verifySession);
const user = await getUser(); const user = await getUser();
if (!authInfo) { if (!authInfo) {
return ( return (
<div className="w-full max-w-md mx-auto p-3 md:mt-32"> <div className="w-full max-w-md">
<ResourceNotFound /> <ResourceNotFound />
</div> </div>
); );
@ -47,12 +44,10 @@ export default async function ResourceAuthPage(props: {
const hasAuth = authInfo.password || authInfo.pincode || authInfo.sso; const hasAuth = authInfo.password || authInfo.pincode || authInfo.sso;
const isSSOOnly = authInfo.sso && !authInfo.password && !authInfo.pincode; const isSSOOnly = authInfo.sso && !authInfo.password && !authInfo.pincode;
const redirectUrl = searchParams.r || authInfo.url;
if (!hasAuth) { if (!hasAuth) {
return ( redirect(redirectUrl);
<div className="w-full max-w-md mx-auto p-3 md:mt-32">
<ResourceAccessDenied />
</div>
);
} }
let userIsUnauthorized = false; let userIsUnauthorized = false;
@ -72,13 +67,13 @@ export default async function ResourceAuthPage(props: {
} }
if (doRedirect) { if (doRedirect) {
redirect(searchParams.r || authInfo.url); redirect(redirectUrl);
} }
} }
if (userIsUnauthorized && isSSOOnly) { if (userIsUnauthorized && isSSOOnly) {
return ( return (
<div className="w-full max-w-md mx-auto p-3 md:mt-32"> <div className="w-full max-w-md">
<ResourceAccessDenied /> <ResourceAccessDenied />
</div> </div>
); );
@ -86,7 +81,7 @@ export default async function ResourceAuthPage(props: {
return ( return (
<> <>
<div className="w-full max-w-md mx-auto p-3 md:mt-32"> <div className="w-full max-w-md">
<ResourceAuthPortal <ResourceAuthPortal
methods={{ methods={{
password: authInfo.password, password: authInfo.password,
@ -97,7 +92,7 @@ export default async function ResourceAuthPage(props: {
name: authInfo.resourceName, name: authInfo.resourceName,
id: authInfo.resourceId, id: authInfo.resourceId,
}} }}
redirect={searchParams.r || authInfo.url} redirect={redirectUrl}
/> />
</div> </div>
</> </>

2
src/app/auth/signup/SignupForm.tsx
View file

@ -100,7 +100,7 @@ export default function SignupForm({ redirect }: SignupFormProps) {
} }
return ( return (
<Card className="w-full max-w-md mx-auto"> <Card className="w-full max-w-md">
<CardHeader> <CardHeader>
<CardTitle>Create Account</CardTitle> <CardTitle>Create Account</CardTitle>
<CardDescription> <CardDescription>

2
src/app/auth/verify-email/VerifyEmailForm.tsx
View file

@ -123,7 +123,7 @@ export default function VerifyEmailForm({
return ( return (
<div> <div>
<Card className="w-full max-w-md mx-auto"> <Card className="w-full max-w-md">
<CardHeader> <CardHeader>
<CardTitle>Verify Your Email</CardTitle> <CardTitle>Verify Your Email</CardTitle>
<CardDescription> <CardDescription>