diff --git a/messages/bg-BG.json b/messages/bg-BG.json index 0332e4f33..f2ad95be2 100644 --- a/messages/bg-BG.json +++ b/messages/bg-BG.json @@ -175,6 +175,7 @@ "resourceHTTPDescription": "Прокси заявки чрез HTTPS, използвайки напълно квалифицирано име на домейн.", "resourceRaw": "Суров TCP/UDP ресурс", "resourceRawDescription": "Прокси заявки чрез сурови TCP/UDP, използвайки порт номер.", + "resourceRawDescriptionCloud": "Прокси заявките през суров TCP/UDP, използвайки номер на порт. ИЗИСКВА ИЗПОЛЗВАНЕ НА ОТДАЛЕЧЕН УЗЕЛ.", "resourceCreate": "Създайте ресурс", "resourceCreateDescription": "Следвайте стъпките по-долу, за да създадете нов ресурс", "resourceSeeAll": "Вижте всички ресурси", @@ -1101,6 +1102,12 @@ "actionGetUser": "Получаване на потребител", "actionGetOrgUser": "Вземете потребител на организация", "actionListOrgDomains": "Изброяване на домейни на организация", + "actionGetDomain": "Вземи домейн", + "actionCreateOrgDomain": "Създай домейн", + "actionUpdateOrgDomain": "Актуализирай домейн", + "actionDeleteOrgDomain": "Изтрий домейн", + "actionGetDNSRecords": "Вземи DNS записи", + "actionRestartOrgDomain": "Рестартирай домейн", "actionCreateSite": "Създаване на сайт", "actionDeleteSite": "Изтриване на сайта", "actionGetSite": "Вземете сайт", @@ -1669,10 +1676,10 @@ "sshSudoModeCommandsDescription": "Потребителят може да изпълнява само определени команди с sudo.", "sshSudo": "Разреши sudo", "sshSudoCommands": "Sudo команди", - "sshSudoCommandsDescription": "Списък с команди, които потребителят е разрешено да изпълнява с sudo.", + "sshSudoCommandsDescription": "Списък, разделен със запетаи, с команди, които потребителят е позволено да изпълнява с sudo.", "sshCreateHomeDir": "Създай начална директория", "sshUnixGroups": "Unix групи", - "sshUnixGroupsDescription": "Unix групи, в които да добавите потребителя на целевия хост.", + "sshUnixGroupsDescription": "Списък, разделен със запетаи, с Unix групи, към които да се добави потребителят на целевия хост.", "retryAttempts": "Опити за повторно", "expectedResponseCodes": "Очаквани кодове за отговор", "expectedResponseCodesDescription": "HTTP статус код, указващ здравословно състояние. Ако бъде оставено празно, между 200-300 се счита за здравословно.", diff --git a/messages/cs-CZ.json b/messages/cs-CZ.json index 0c1c3a98e..2112d5e42 100644 --- a/messages/cs-CZ.json +++ b/messages/cs-CZ.json @@ -175,6 +175,7 @@ "resourceHTTPDescription": "Proxy požadavky přes HTTPS pomocí plně kvalifikovaného názvu domény.", "resourceRaw": "Surový TCP/UDP zdroj", "resourceRawDescription": "Proxy požadavky přes nezpracovaný TCP/UDP pomocí čísla portu.", + "resourceRawDescriptionCloud": "Požadavky na proxy přes syrové TCP/UDP pomocí portového čísla. ŽÁDOSTI POUŽÍVAT POUŽITÍ Z REMOTE NODE.", "resourceCreate": "Vytvořit zdroj", "resourceCreateDescription": "Postupujte podle níže uvedených kroků, abyste vytvořili a připojili nový zdroj", "resourceSeeAll": "Zobrazit všechny zdroje", @@ -1101,6 +1102,12 @@ "actionGetUser": "Získat uživatele", "actionGetOrgUser": "Získat uživatele organizace", "actionListOrgDomains": "Seznam domén organizace", + "actionGetDomain": "Získat doménu", + "actionCreateOrgDomain": "Vytvořit doménu", + "actionUpdateOrgDomain": "Aktualizovat doménu", + "actionDeleteOrgDomain": "Odstranit doménu", + "actionGetDNSRecords": "Získat záznamy DNS", + "actionRestartOrgDomain": "Restartovat doménu", "actionCreateSite": "Vytvořit lokalitu", "actionDeleteSite": "Odstranění lokality", "actionGetSite": "Získat web", @@ -1669,10 +1676,10 @@ "sshSudoModeCommandsDescription": "Uživatel může spustit pouze zadané příkazy s sudo.", "sshSudo": "Povolit sudo", "sshSudoCommands": "Sudo příkazy", - "sshSudoCommandsDescription": "Seznam příkazů, které může uživatel spouštět s sudo.", + "sshSudoCommandsDescription": "Čárkami oddělený seznam příkazů, které může uživatel spouštět s sudo.", "sshCreateHomeDir": "Vytvořit domovský adresář", "sshUnixGroups": "Unixové skupiny", - "sshUnixGroupsDescription": "Unix skupiny přidají uživatele do cílového hostitele.", + "sshUnixGroupsDescription": "Čárkou oddělené skupiny Unix přidají uživatele do cílového hostitele.", "retryAttempts": "Opakovat pokusy", "expectedResponseCodes": "Očekávané kódy odezvy", "expectedResponseCodesDescription": "HTTP kód stavu, který označuje zdravý stav. Ponecháte-li prázdné, 200-300 je považováno za zdravé.", diff --git a/messages/de-DE.json b/messages/de-DE.json index 678e6881d..e85ab9401 100644 --- a/messages/de-DE.json +++ b/messages/de-DE.json @@ -175,6 +175,7 @@ "resourceHTTPDescription": "Proxy-Anfragen über HTTPS mit einem voll qualifizierten Domain-Namen.", "resourceRaw": "Direkte TCP/UDP Ressource (raw)", "resourceRawDescription": "Proxy-Anfragen über rohes TCP/UDP mit einer Portnummer.", + "resourceRawDescriptionCloud": "Proxy-Anfragen über rohe TCP/UDP mit einer Portnummer. Erfordert die NUTZUNG eines REMOTE Knotens.", "resourceCreate": "Ressource erstellen", "resourceCreateDescription": "Folgen Sie den Schritten unten, um eine neue Ressource zu erstellen", "resourceSeeAll": "Alle Ressourcen anzeigen", @@ -1101,6 +1102,12 @@ "actionGetUser": "Benutzer abrufen", "actionGetOrgUser": "Organisationsbenutzer abrufen", "actionListOrgDomains": "Organisationsdomains auflisten", + "actionGetDomain": "Domain abrufen", + "actionCreateOrgDomain": "Domain erstellen", + "actionUpdateOrgDomain": "Domain aktualisieren", + "actionDeleteOrgDomain": "Domain löschen", + "actionGetDNSRecords": "DNS-Einträge abrufen", + "actionRestartOrgDomain": "Domain neu starten", "actionCreateSite": "Standort erstellen", "actionDeleteSite": "Standort löschen", "actionGetSite": "Standort abrufen", @@ -1669,10 +1676,10 @@ "sshSudoModeCommandsDescription": "Benutzer kann nur die angegebenen Befehle mit sudo ausführen.", "sshSudo": "sudo erlauben", "sshSudoCommands": "Sudo-Befehle", - "sshSudoCommandsDescription": "Liste der Befehle, die der Benutzer mit sudo ausführen darf.", + "sshSudoCommandsDescription": "Kommagetrennte Liste von Befehlen, die der Benutzer mit sudo ausführen darf.", "sshCreateHomeDir": "Home-Verzeichnis erstellen", "sshUnixGroups": "Unix-Gruppen", - "sshUnixGroupsDescription": "Unix-Gruppen, zu denen der Benutzer auf dem Ziel-Host hinzugefügt wird.", + "sshUnixGroupsDescription": "Durch Komma getrennte Unix-Gruppen, um den Benutzer auf dem Zielhost hinzuzufügen.", "retryAttempts": "Wiederholungsversuche", "expectedResponseCodes": "Erwartete Antwortcodes", "expectedResponseCodesDescription": "HTTP-Statuscode, der einen gesunden Zustand anzeigt. Wenn leer gelassen, wird 200-300 als gesund angesehen.", diff --git a/messages/en-US.json b/messages/en-US.json index dd833751a..9fa9748cc 100644 --- a/messages/en-US.json +++ b/messages/en-US.json @@ -192,6 +192,7 @@ "resourceHTTPDescription": "Proxy requests over HTTPS using a fully qualified domain name.", "resourceRaw": "Raw TCP/UDP Resource", "resourceRawDescription": "Proxy requests over raw TCP/UDP using a port number.", + "resourceRawDescriptionCloud": "Proxy requests over raw TCP/UDP using a port number. REQUIRES THE USE OF A REMOTE NODE.", "resourceCreate": "Create Resource", "resourceCreateDescription": "Follow the steps below to create a new resource", "resourceSeeAll": "See All Resources", diff --git a/messages/es-ES.json b/messages/es-ES.json index 619c7596c..70e22e524 100644 --- a/messages/es-ES.json +++ b/messages/es-ES.json @@ -175,6 +175,7 @@ "resourceHTTPDescription": "Proxy proporciona solicitudes sobre HTTPS usando un nombre de dominio completamente calificado.", "resourceRaw": "Recurso TCP/UDP sin procesar", "resourceRawDescription": "Proxy proporciona solicitudes sobre TCP/UDP usando un número de puerto.", + "resourceRawDescriptionCloud": "Las peticiones de proxy sobre TCP/UDP crudas usando un número de puerto. REQUIERE EL USO DE UN NODO REMOTE.", "resourceCreate": "Crear Recurso", "resourceCreateDescription": "Siga los siguientes pasos para crear un nuevo recurso", "resourceSeeAll": "Ver todos los recursos", @@ -1101,6 +1102,12 @@ "actionGetUser": "Obtener usuario", "actionGetOrgUser": "Obtener usuario de la organización", "actionListOrgDomains": "Listar dominios de la organización", + "actionGetDomain": "Obtener dominio", + "actionCreateOrgDomain": "Crear dominio", + "actionUpdateOrgDomain": "Actualizar dominio", + "actionDeleteOrgDomain": "Eliminar dominio", + "actionGetDNSRecords": "Obtener registros DNS", + "actionRestartOrgDomain": "Reiniciar dominio", "actionCreateSite": "Crear sitio", "actionDeleteSite": "Eliminar sitio", "actionGetSite": "Obtener sitio", @@ -1669,10 +1676,10 @@ "sshSudoModeCommandsDescription": "El usuario sólo puede ejecutar los comandos especificados con sudo.", "sshSudo": "Permitir sudo", "sshSudoCommands": "Comandos Sudo", - "sshSudoCommandsDescription": "Lista de comandos que el usuario puede ejecutar con sudo.", + "sshSudoCommandsDescription": "Lista separada por comas de comandos que el usuario puede ejecutar con sudo.", "sshCreateHomeDir": "Crear directorio principal", "sshUnixGroups": "Grupos Unix", - "sshUnixGroupsDescription": "Grupos Unix para agregar el usuario en el host de destino.", + "sshUnixGroupsDescription": "Grupos Unix separados por comas para agregar el usuario en el host de destino.", "retryAttempts": "Intentos de Reintento", "expectedResponseCodes": "Códigos de respuesta esperados", "expectedResponseCodesDescription": "Código de estado HTTP que indica un estado saludable. Si se deja en blanco, se considera saludable de 200 a 300.", diff --git a/messages/fr-FR.json b/messages/fr-FR.json index f053ac3f0..d78a0a5af 100644 --- a/messages/fr-FR.json +++ b/messages/fr-FR.json @@ -175,6 +175,7 @@ "resourceHTTPDescription": "Proxy les demandes sur HTTPS en utilisant un nom de domaine entièrement qualifié.", "resourceRaw": "Ressource TCP/UDP brute", "resourceRawDescription": "Proxy les demandes sur TCP/UDP brut en utilisant un numéro de port.", + "resourceRawDescriptionCloud": "Requêtes de proxy sur TCP/UDP brute en utilisant un numéro de port. REQUISE L'UTILISATION D'UN Nœud DE REMOTE.", "resourceCreate": "Créer une ressource", "resourceCreateDescription": "Suivez les étapes ci-dessous pour créer une nouvelle ressource", "resourceSeeAll": "Voir toutes les ressources", @@ -1101,6 +1102,12 @@ "actionGetUser": "Obtenir l'utilisateur", "actionGetOrgUser": "Obtenir l'utilisateur de l'organisation", "actionListOrgDomains": "Lister les domaines de l'organisation", + "actionGetDomain": "Obtenir un domaine", + "actionCreateOrgDomain": "Créer un domaine", + "actionUpdateOrgDomain": "Mettre à jour le domaine", + "actionDeleteOrgDomain": "Supprimer le domaine", + "actionGetDNSRecords": "Récupérer les enregistrements DNS", + "actionRestartOrgDomain": "Redémarrer le domaine", "actionCreateSite": "Créer un site", "actionDeleteSite": "Supprimer un site", "actionGetSite": "Obtenir un site", @@ -1669,10 +1676,10 @@ "sshSudoModeCommandsDescription": "L'utilisateur ne peut exécuter que les commandes spécifiées avec sudo.", "sshSudo": "Autoriser sudo", "sshSudoCommands": "Commandes Sudo", - "sshSudoCommandsDescription": "Liste des commandes que l'utilisateur est autorisé à exécuter avec sudo.", + "sshSudoCommandsDescription": "Liste des commandes séparées par des virgules que l'utilisateur est autorisé à exécuter avec sudo.", "sshCreateHomeDir": "Créer un répertoire personnel", "sshUnixGroups": "Groupes Unix", - "sshUnixGroupsDescription": "Groupes Unix à ajouter à l'utilisateur sur l'hôte cible.", + "sshUnixGroupsDescription": "Groupes Unix séparés par des virgules pour ajouter l'utilisateur sur l'hôte cible.", "retryAttempts": "Tentatives de réessai", "expectedResponseCodes": "Codes de réponse attendus", "expectedResponseCodesDescription": "Code de statut HTTP indiquant un état de santé satisfaisant. Si non renseigné, 200-300 est considéré comme satisfaisant.", diff --git a/messages/it-IT.json b/messages/it-IT.json index 69185abc7..4b6c9bf68 100644 --- a/messages/it-IT.json +++ b/messages/it-IT.json @@ -175,6 +175,7 @@ "resourceHTTPDescription": "Richieste proxy su HTTPS usando un nome di dominio completo.", "resourceRaw": "Risorsa Raw TCP/UDP", "resourceRawDescription": "Richieste proxy su TCP/UDP grezzo utilizzando un numero di porta.", + "resourceRawDescriptionCloud": "Richieste proxy su TCP/UDP grezzo utilizzando un numero di porta. RICHIEDE L'USO DI UN NODO REMOTO.", "resourceCreate": "Crea Risorsa", "resourceCreateDescription": "Segui i passaggi seguenti per creare una nuova risorsa", "resourceSeeAll": "Vedi Tutte Le Risorse", @@ -1101,6 +1102,12 @@ "actionGetUser": "Ottieni Utente", "actionGetOrgUser": "Ottieni Utente Organizzazione", "actionListOrgDomains": "Elenca Domini Organizzazione", + "actionGetDomain": "Ottieni Dominio", + "actionCreateOrgDomain": "Crea Dominio", + "actionUpdateOrgDomain": "Aggiorna Dominio", + "actionDeleteOrgDomain": "Elimina Dominio", + "actionGetDNSRecords": "Ottieni Record DNS", + "actionRestartOrgDomain": "Riavvia Dominio", "actionCreateSite": "Crea Sito", "actionDeleteSite": "Elimina Sito", "actionGetSite": "Ottieni Sito", @@ -1669,10 +1676,10 @@ "sshSudoModeCommandsDescription": "L'utente può eseguire solo i comandi specificati con sudo.", "sshSudo": "Consenti sudo", "sshSudoCommands": "Comandi Sudo", - "sshSudoCommandsDescription": "Elenco di comandi che l'utente può eseguire con sudo.", + "sshSudoCommandsDescription": "Elenco di comandi separati da virgole che l'utente può eseguire con sudo.", "sshCreateHomeDir": "Crea Cartella Home", "sshUnixGroups": "Gruppi Unix", - "sshUnixGroupsDescription": "Gruppi Unix su cui aggiungere l'utente sull'host di destinazione.", + "sshUnixGroupsDescription": "Gruppi Unix separati da virgole per aggiungere l'utente sull'host di destinazione.", "retryAttempts": "Tentativi di Riprova", "expectedResponseCodes": "Codici di Risposta Attesi", "expectedResponseCodesDescription": "Codice di stato HTTP che indica lo stato di salute. Se lasciato vuoto, considerato sano è compreso tra 200-300.", diff --git a/messages/ko-KR.json b/messages/ko-KR.json index bc2b26dad..bf59dd870 100644 --- a/messages/ko-KR.json +++ b/messages/ko-KR.json @@ -175,6 +175,7 @@ "resourceHTTPDescription": "완전한 도메인 이름을 사용해 RAW 또는 HTTPS로 프록시 요청을 수행합니다.", "resourceRaw": "원시 TCP/UDP 리소스", "resourceRawDescription": "포트 번호를 사용하여 RAW TCP/UDP로 요청을 프록시합니다.", + "resourceRawDescriptionCloud": "원시 TCP/UDP를 포트 번호를 사용하여 프록시 요청합니다. 원격 노드 사용이 필요합니다.", "resourceCreate": "리소스 생성", "resourceCreateDescription": "아래 단계를 따라 새 리소스를 생성하세요.", "resourceSeeAll": "모든 리소스 보기", @@ -1101,6 +1102,12 @@ "actionGetUser": "사용자 조회", "actionGetOrgUser": "조직 사용자 가져오기", "actionListOrgDomains": "조직 도메인 목록", + "actionGetDomain": "도메인 가져오기", + "actionCreateOrgDomain": "도메인 생성", + "actionUpdateOrgDomain": "도메인 업데이트", + "actionDeleteOrgDomain": "도메인 삭제", + "actionGetDNSRecords": "DNS 레코드 가져오기", + "actionRestartOrgDomain": "도메인 재시작", "actionCreateSite": "사이트 생성", "actionDeleteSite": "사이트 삭제", "actionGetSite": "사이트 가져오기", @@ -1669,10 +1676,10 @@ "sshSudoModeCommandsDescription": "사용자는 sudo로 지정된 명령만 실행할 수 있습니다.", "sshSudo": "Sudo 허용", "sshSudoCommands": "Sudo 명령", - "sshSudoCommandsDescription": "사용자가 sudo로 실행할 수 있도록 허용된 명령 목록입니다.", + "sshSudoCommandsDescription": "사용자가 sudo로 실행할 수 있는 명령어의 쉼표로 구분된 목록입니다.", "sshCreateHomeDir": "홈 디렉터리 생성", "sshUnixGroups": "유닉스 그룹", - "sshUnixGroupsDescription": "대상 호스트에서 사용자를 추가할 유닉스 그룹입니다.", + "sshUnixGroupsDescription": "대상 호스트에서 사용자에게 추가할 유닉스 그룹의 쉼표로 구분된 목록입니다.", "retryAttempts": "재시도 횟수", "expectedResponseCodes": "예상 응답 코드", "expectedResponseCodesDescription": "정상 상태를 나타내는 HTTP 상태 코드입니다. 비워 두면 200-300이 정상으로 간주됩니다.", diff --git a/messages/nb-NO.json b/messages/nb-NO.json index 9e1ad1b04..2feca1027 100644 --- a/messages/nb-NO.json +++ b/messages/nb-NO.json @@ -175,6 +175,7 @@ "resourceHTTPDescription": "Proxy forespørsler over HTTPS ved å bruke et fullstendig kvalifisert domenenavn.", "resourceRaw": "Rå TCP/UDP-ressurs", "resourceRawDescription": "Proxy forespørsler over rå TCP/UDP ved å bruke et portnummer.", + "resourceRawDescriptionCloud": "Proxy ber om et portnummer. Om du vil bruke et sportsnummer.", "resourceCreate": "Opprett ressurs", "resourceCreateDescription": "Følg trinnene nedenfor for å opprette en ny ressurs", "resourceSeeAll": "Se alle ressurser", @@ -1101,6 +1102,12 @@ "actionGetUser": "Hent bruker", "actionGetOrgUser": "Hent organisasjonsbruker", "actionListOrgDomains": "List opp organisasjonsdomener", + "actionGetDomain": "Få Domene", + "actionCreateOrgDomain": "Opprett domene", + "actionUpdateOrgDomain": "Oppdater domene", + "actionDeleteOrgDomain": "Slett domene", + "actionGetDNSRecords": "Hent DNS-oppføringer", + "actionRestartOrgDomain": "Omstart Domene", "actionCreateSite": "Opprett område", "actionDeleteSite": "Slett område", "actionGetSite": "Hent område", @@ -1669,10 +1676,10 @@ "sshSudoModeCommandsDescription": "Brukeren kan bare kjøre de angitte kommandoene med sudo.", "sshSudo": "Tillat sudo", "sshSudoCommands": "Sudo kommandoer", - "sshSudoCommandsDescription": "Liste av kommandoer brukeren har lov til å kjøre med sudo.", + "sshSudoCommandsDescription": "Kommaseparert liste med kommandoer brukeren kan kjøre med sudo.", "sshCreateHomeDir": "Opprett hjemmappe", "sshUnixGroups": "Unix grupper", - "sshUnixGroupsDescription": "Unix grupper for å legge til brukeren til målverten.", + "sshUnixGroupsDescription": "Kommaseparerte Unix grupper for å legge brukeren til på mål-verten.", "retryAttempts": "Forsøk på nytt", "expectedResponseCodes": "Forventede svarkoder", "expectedResponseCodesDescription": "HTTP-statuskode som indikerer sunn status. Hvis den blir stående tom, regnes 200-300 som sunn.", diff --git a/messages/nl-NL.json b/messages/nl-NL.json index 8ecfcc212..4c2d5d4e7 100644 --- a/messages/nl-NL.json +++ b/messages/nl-NL.json @@ -175,6 +175,7 @@ "resourceHTTPDescription": "Proxyverzoeken via HTTPS met een volledig gekwalificeerde domeinnaam.", "resourceRaw": "TCP/UDP bron", "resourceRawDescription": "Proxyverzoeken via ruwe TCP/UDP met een poortnummer.", + "resourceRawDescriptionCloud": "Proxy vraagt om onbewerkte TCP/UDP met behulp van een poortnummer. VEREIST HET GEBRUIK VAN EEN AFSTANDSBEDIENING NODE.", "resourceCreate": "Bron maken", "resourceCreateDescription": "Volg de onderstaande stappen om een nieuwe bron te maken", "resourceSeeAll": "Alle bronnen bekijken", @@ -1101,6 +1102,12 @@ "actionGetUser": "Gebruiker ophalen", "actionGetOrgUser": "Krijg organisatie-gebruiker", "actionListOrgDomains": "Lijst organisatie domeinen", + "actionGetDomain": "Domein verkrijgen", + "actionCreateOrgDomain": "Domein aanmaken", + "actionUpdateOrgDomain": "Domein bijwerken", + "actionDeleteOrgDomain": "Domein verwijderen", + "actionGetDNSRecords": "Krijg DNS Records", + "actionRestartOrgDomain": "Domein opnieuw starten", "actionCreateSite": "Site aanmaken", "actionDeleteSite": "Site verwijderen", "actionGetSite": "Site ophalen", @@ -1669,10 +1676,10 @@ "sshSudoModeCommandsDescription": "Gebruiker kan alleen de opgegeven commando's uitvoeren met de sudo.", "sshSudo": "sudo toestaan", "sshSudoCommands": "Sudo Commando's", - "sshSudoCommandsDescription": "Lijst van commando's die de gebruiker mag uitvoeren met een sudo.", + "sshSudoCommandsDescription": "Komma's gescheiden lijst van commando's waar de gebruiker een sudo mee mag uitvoeren.", "sshCreateHomeDir": "Maak Home Directory", "sshUnixGroups": "Unix groepen", - "sshUnixGroupsDescription": "Unix groepen om de gebruiker toe te voegen aan de doel host.", + "sshUnixGroupsDescription": "Door komma's gescheiden Unix-groepen om de gebruiker toe te voegen aan de doelhost.", "retryAttempts": "Herhaal Pogingen", "expectedResponseCodes": "Verwachte Reactiecodes", "expectedResponseCodesDescription": "HTTP-statuscode die gezonde status aangeeft. Indien leeg wordt 200-300 als gezond beschouwd.", diff --git a/messages/pl-PL.json b/messages/pl-PL.json index 9b8889f39..049c99b70 100644 --- a/messages/pl-PL.json +++ b/messages/pl-PL.json @@ -175,6 +175,7 @@ "resourceHTTPDescription": "Proxy zapytań przez HTTPS przy użyciu w pełni kwalifikowanej nazwy domeny.", "resourceRaw": "Surowy zasób TCP/UDP", "resourceRawDescription": "Proxy zapytań przez surowe TCP/UDP przy użyciu numeru portu.", + "resourceRawDescriptionCloud": "Proxy żądania przesyłania danych nad surowym TCP/UDP przy użyciu numeru portu. Wymaga UŻYTKOWANIA PALIWA węzła.", "resourceCreate": "Utwórz zasób", "resourceCreateDescription": "Wykonaj poniższe kroki, aby utworzyć nowy zasób", "resourceSeeAll": "Zobacz wszystkie zasoby", @@ -1101,6 +1102,12 @@ "actionGetUser": "Pobierz użytkownika", "actionGetOrgUser": "Pobierz użytkownika organizacji", "actionListOrgDomains": "Lista domen organizacji", + "actionGetDomain": "Pobierz domenę", + "actionCreateOrgDomain": "Utwórz domenę", + "actionUpdateOrgDomain": "Aktualizuj domenę", + "actionDeleteOrgDomain": "Usuń domenę", + "actionGetDNSRecords": "Pobierz rekordy DNS", + "actionRestartOrgDomain": "Zrestartuj domenę", "actionCreateSite": "Utwórz witrynę", "actionDeleteSite": "Usuń witrynę", "actionGetSite": "Pobierz witrynę", @@ -1669,10 +1676,10 @@ "sshSudoModeCommandsDescription": "Użytkownik może uruchamiać tylko określone polecenia z sudo.", "sshSudo": "Zezwól na sudo", "sshSudoCommands": "Komendy Sudo", - "sshSudoCommandsDescription": "Lista poleceń, które użytkownik może uruchamiać z sudo.", + "sshSudoCommandsDescription": "Lista poleceń oddzielonych przecinkami, które użytkownik może uruchamiać z sudo.", "sshCreateHomeDir": "Utwórz katalog domowy", "sshUnixGroups": "Grupy Unix", - "sshUnixGroupsDescription": "Grupy Unix do dodania użytkownika do docelowego hosta.", + "sshUnixGroupsDescription": "Oddzielone przecinkami grupy Unix, aby dodać użytkownika do docelowego hosta.", "retryAttempts": "Próby Ponowienia", "expectedResponseCodes": "Oczekiwane Kody Odpowiedzi", "expectedResponseCodesDescription": "Kod statusu HTTP, który wskazuje zdrowy status. Jeśli pozostanie pusty, uznaje się 200-300 za zdrowy.", diff --git a/messages/pt-PT.json b/messages/pt-PT.json index 89f5f41ed..732b33aa2 100644 --- a/messages/pt-PT.json +++ b/messages/pt-PT.json @@ -175,6 +175,7 @@ "resourceHTTPDescription": "Proxies requests sobre HTTPS usando um nome de domínio totalmente qualificado.", "resourceRaw": "Recurso TCP/UDP bruto", "resourceRawDescription": "Proxies solicitações sobre TCP/UDP bruto usando um número de porta.", + "resourceRawDescriptionCloud": "Proxy solicita sobre TCP/UDP bruto usando um número de porta. OBRIGATÓRIO O USO DE UMA NOTA REMOTA.", "resourceCreate": "Criar Recurso", "resourceCreateDescription": "Siga os passos abaixo para criar um novo recurso", "resourceSeeAll": "Ver todos os recursos", @@ -1101,6 +1102,12 @@ "actionGetUser": "Obter Usuário", "actionGetOrgUser": "Obter Utilizador da Organização", "actionListOrgDomains": "Listar Domínios da Organização", + "actionGetDomain": "Obter domínio", + "actionCreateOrgDomain": "Criar domínio", + "actionUpdateOrgDomain": "Atualizar domínio", + "actionDeleteOrgDomain": "Excluir domínio", + "actionGetDNSRecords": "Obter registros de DNS", + "actionRestartOrgDomain": "Reiniciar domínio", "actionCreateSite": "Criar Site", "actionDeleteSite": "Eliminar Site", "actionGetSite": "Obter Site", @@ -1669,10 +1676,10 @@ "sshSudoModeCommandsDescription": "Usuário só pode executar os comandos especificados com sudo.", "sshSudo": "Permitir sudo", "sshSudoCommands": "Comandos Sudo", - "sshSudoCommandsDescription": "Lista de comandos com permissão de executar com o sudo.", + "sshSudoCommandsDescription": "Lista separada por vírgulas de comandos que o usuário pode executar com sudo.", "sshCreateHomeDir": "Criar Diretório Inicial", "sshUnixGroups": "Grupos Unix", - "sshUnixGroupsDescription": "Grupos Unix para adicionar o usuário no host de destino.", + "sshUnixGroupsDescription": "Grupos Unix separados por vírgulas para adicionar o usuário no host alvo.", "retryAttempts": "Tentativas de Repetição", "expectedResponseCodes": "Códigos de Resposta Esperados", "expectedResponseCodesDescription": "Código de status HTTP que indica estado saudável. Se deixado em branco, 200-300 é considerado saudável.", diff --git a/messages/ru-RU.json b/messages/ru-RU.json index 5d6fdc0c3..15804f523 100644 --- a/messages/ru-RU.json +++ b/messages/ru-RU.json @@ -175,6 +175,7 @@ "resourceHTTPDescription": "Проксировать запросы через HTTPS с использованием полного доменного имени.", "resourceRaw": "Сырой TCP/UDP-ресурс", "resourceRawDescription": "Проксировать запросы по сырому TCP/UDP с использованием номера порта.", + "resourceRawDescriptionCloud": "Прокси-запросы через необработанный TCP/UDP с использованием номера порта. ТРЕБУЕТЕСЬ ИСПОЛЬЗОВАТЬ НЕОБХОДИМЫ.", "resourceCreate": "Создание ресурса", "resourceCreateDescription": "Следуйте инструкциям ниже для создания нового ресурса", "resourceSeeAll": "Посмотреть все ресурсы", @@ -1101,6 +1102,12 @@ "actionGetUser": "Получить пользователя", "actionGetOrgUser": "Получить пользователя организации", "actionListOrgDomains": "Список доменов организации", + "actionGetDomain": "Получить домен", + "actionCreateOrgDomain": "Создать домен", + "actionUpdateOrgDomain": "Обновить домен", + "actionDeleteOrgDomain": "Удалить домен", + "actionGetDNSRecords": "Получить записи DNS", + "actionRestartOrgDomain": "Перезапустить домен", "actionCreateSite": "Создать сайт", "actionDeleteSite": "Удалить сайт", "actionGetSite": "Получить сайт", @@ -1669,10 +1676,10 @@ "sshSudoModeCommandsDescription": "Пользователь может запускать только указанные команды с помощью sudo.", "sshSudo": "Разрешить sudo", "sshSudoCommands": "Sudo Команды", - "sshSudoCommandsDescription": "Список команд, которые пользователю разрешено запускать с помощью sudo.", + "sshSudoCommandsDescription": "Список команд, разделенных запятыми, которые пользователю разрешено запускать с помощью sudo.", "sshCreateHomeDir": "Создать домашний каталог", "sshUnixGroups": "Unix группы", - "sshUnixGroupsDescription": "Unix группы для добавления пользователя на целевой хост.", + "sshUnixGroupsDescription": "Группы Unix через запятую, чтобы добавить пользователя на целевой хост.", "retryAttempts": "Количество попыток повторного запроса", "expectedResponseCodes": "Ожидаемые коды ответов", "expectedResponseCodesDescription": "HTTP-код состояния, указывающий на здоровое состояние. Если оставить пустым, 200-300 считается здоровым.", diff --git a/messages/tr-TR.json b/messages/tr-TR.json index b17813464..f93470e95 100644 --- a/messages/tr-TR.json +++ b/messages/tr-TR.json @@ -175,6 +175,7 @@ "resourceHTTPDescription": "Tam nitelikli bir etki alanı adı kullanarak HTTPS üzerinden proxy isteklerini yönlendirin.", "resourceRaw": "Ham TCP/UDP Kaynağı", "resourceRawDescription": "Port numarası kullanarak ham TCP/UDP üzerinden proxy isteklerini yönlendirin.", + "resourceRawDescriptionCloud": "Bir port numarası kullanarak ham TCP/UDP üzerinden istekleri proxy ile yönlendirin. UZAKTAN BİR DÜĞÜM KULLANIMINI GEREKTİRİR.", "resourceCreate": "Kaynak Oluştur", "resourceCreateDescription": "Yeni bir kaynak oluşturmak için aşağıdaki adımları izleyin", "resourceSeeAll": "Tüm Kaynakları Gör", @@ -1101,6 +1102,12 @@ "actionGetUser": "Kullanıcıyı Getir", "actionGetOrgUser": "Kuruluş Kullanıcısını Al", "actionListOrgDomains": "Kuruluş Alan Adlarını Listele", + "actionGetDomain": "Alan Adını Al", + "actionCreateOrgDomain": "Alan Adı Oluştur", + "actionUpdateOrgDomain": "Alan Adını Güncelle", + "actionDeleteOrgDomain": "Alan Adını Sil", + "actionGetDNSRecords": "DNS Kayıtlarını Al", + "actionRestartOrgDomain": "Alanı Yeniden Başlat", "actionCreateSite": "Site Oluştur", "actionDeleteSite": "Siteyi Sil", "actionGetSite": "Siteyi Al", @@ -1669,10 +1676,10 @@ "sshSudoModeCommandsDescription": "Kullanıcı sadece belirtilen komutları sudo ile çalıştırabilir.", "sshSudo": "Sudo'ya izin ver", "sshSudoCommands": "Sudo Komutları", - "sshSudoCommandsDescription": "Kullanıcının sudo ile çalıştırmasına izin verilen komutların listesi.", + "sshSudoCommandsDescription": "Kullanıcının sudo ile çalıştırmasına izin verilen komutların virgülle ayrılmış listesi.", "sshCreateHomeDir": "Ev Dizini Oluştur", "sshUnixGroups": "Unix Grupları", - "sshUnixGroupsDescription": "Hedef ana bilgisayarda kullanıcıya eklemek için Unix grupları.", + "sshUnixGroupsDescription": "Hedef konakta kullanıcıya eklenecek Unix gruplarının virgülle ayrılmış listesi.", "retryAttempts": "Tekrar Deneme Girişimleri", "expectedResponseCodes": "Beklenen Yanıt Kodları", "expectedResponseCodesDescription": "Sağlıklı durumu gösteren HTTP durum kodu. Boş bırakılırsa, 200-300 arası sağlıklı kabul edilir.", diff --git a/messages/zh-CN.json b/messages/zh-CN.json index e2ee77b6f..3f06385f0 100644 --- a/messages/zh-CN.json +++ b/messages/zh-CN.json @@ -175,6 +175,7 @@ "resourceHTTPDescription": "通过使用完全限定的域名的HTTPS代理请求。", "resourceRaw": "TCP/UDP 资源", "resourceRawDescription": "通过使用端口号的原始TCP/UDP代理请求。", + "resourceRawDescriptionCloud": "正在使用端口号的 TCP/UDP 代理请求。请使用一个REMOTE", "resourceCreate": "创建资源", "resourceCreateDescription": "按照下面的步骤创建新资源", "resourceSeeAll": "查看所有资源", @@ -1101,6 +1102,12 @@ "actionGetUser": "获取用户", "actionGetOrgUser": "获取组织用户", "actionListOrgDomains": "列出组织域", + "actionGetDomain": "获取域", + "actionCreateOrgDomain": "创建域", + "actionUpdateOrgDomain": "更新域", + "actionDeleteOrgDomain": "删除域", + "actionGetDNSRecords": "获取 DNS 记录", + "actionRestartOrgDomain": "重新启动域", "actionCreateSite": "创建站点", "actionDeleteSite": "删除站点", "actionGetSite": "获取站点", @@ -1669,10 +1676,10 @@ "sshSudoModeCommandsDescription": "用户只能用 sudo 运行指定的命令。", "sshSudo": "允许Sudo", "sshSudoCommands": "Sudo 命令", - "sshSudoCommandsDescription": "允许用户使用 sudo 运行的命令列表。", + "sshSudoCommandsDescription": "逗号分隔的用户允许使用 sudo 运行的命令列表。", "sshCreateHomeDir": "创建主目录", "sshUnixGroups": "Unix 组", - "sshUnixGroupsDescription": "将用户添加到目标主机的Unix组。", + "sshUnixGroupsDescription": "用逗号分隔了Unix组,将用户添加到目标主机上。", "retryAttempts": "重试次数", "expectedResponseCodes": "期望响应代码", "expectedResponseCodesDescription": "HTTP 状态码表示健康状态。如留空,200-300 被视为健康。", diff --git a/server/db/pg/schema/schema.ts b/server/db/pg/schema/schema.ts index 80fa24ac9..e4388b502 100644 --- a/server/db/pg/schema/schema.ts +++ b/server/db/pg/schema/schema.ts @@ -654,11 +654,6 @@ export const resourceRules = pgTable("resourceRules", { resourceId: integer("resourceId") .notNull() .references(() => resources.resourceId, { onDelete: "cascade" }), - resourcePolicyId: integer("resourcePolicyId") - .notNull() - .references(() => resourcePolicies.resourcePolicyId, { - onDelete: "cascade" - }), enabled: boolean("enabled").notNull().default(true), priority: integer("priority").notNull(), action: varchar("action").notNull(), // ACCEPT, DROP, PASS diff --git a/server/integrationApiServer.ts b/server/integrationApiServer.ts index 6d513cf6b..ce029d9b5 100644 --- a/server/integrationApiServer.ts +++ b/server/integrationApiServer.ts @@ -17,6 +17,7 @@ import fs from "fs"; import path from "path"; import { APP_PATH } from "./lib/consts"; import yaml from "js-yaml"; +import { z } from "zod"; const dev = process.env.ENVIRONMENT !== "prod"; const externalPort = config.getRawConfig().server.integration_port; @@ -38,12 +39,24 @@ export function createIntegrationApiServer() { apiServer.use(cookieParser()); apiServer.use(express.json()); + const openApiDocumentation = getOpenApiDocumentation(); + apiServer.use( "/v1/docs", swaggerUi.serve, - swaggerUi.setup(getOpenApiDocumentation()) + swaggerUi.setup(openApiDocumentation) ); + // Unauthenticated OpenAPI spec endpoints + apiServer.get("/v1/openapi.json", (_req, res) => { + res.json(openApiDocumentation); + }); + + apiServer.get("/v1/openapi.yaml", (_req, res) => { + const yamlOutput = yaml.dump(openApiDocumentation); + res.type("application/yaml").send(yamlOutput); + }); + // API routes const prefix = `/v1`; apiServer.use(logIncomingMiddleware); @@ -75,16 +88,6 @@ function getOpenApiDocumentation() { } ); - for (const def of registry.definitions) { - if (def.type === "route") { - def.route.security = [ - { - [bearerAuth.name]: [] - } - ]; - } - } - registry.registerPath({ method: "get", path: "/", @@ -94,6 +97,74 @@ function getOpenApiDocumentation() { responses: {} }); + registry.registerPath({ + method: "get", + path: "/openapi.json", + description: "Get OpenAPI specification as JSON", + tags: [], + request: {}, + responses: { + "200": { + description: "OpenAPI specification as JSON", + content: { + "application/json": { + schema: { + type: "object" + } + } + } + } + } + }); + + registry.registerPath({ + method: "get", + path: "/openapi.yaml", + description: "Get OpenAPI specification as YAML", + tags: [], + request: {}, + responses: { + "200": { + description: "OpenAPI specification as YAML", + content: { + "application/yaml": { + schema: { + type: "string" + } + } + } + } + } + }); + + for (const def of registry.definitions) { + if (def.type === "route") { + def.route.security = [ + { + [bearerAuth.name]: [] + } + ]; + + // Ensure every route has a generic JSON response schema so Swagger UI can render responses + const existingResponses = def.route.responses; + const hasExistingResponses = + existingResponses && Object.keys(existingResponses).length > 0; + + if (!hasExistingResponses) { + def.route.responses = { + "*": { + description: "", + content: { + "application/json": { + schema: z.object({}) + } + } + } + }; + } + } + } + const generator = new OpenApiGeneratorV3(registry.definitions); const generated = generator.generateDocument({ diff --git a/server/lib/traefik/getTraefikConfig.ts b/server/lib/traefik/getTraefikConfig.ts index 06754ffa2..1ce594dc8 100644 --- a/server/lib/traefik/getTraefikConfig.ts +++ b/server/lib/traefik/getTraefikConfig.ts @@ -477,7 +477,10 @@ export async function getTraefikConfig( // TODO: HOW TO HANDLE ^^^^^^ BETTER const anySitesOnline = targets.some( - (target) => target.site.online + (target) => + target.site.online || + target.site.type === "local" || + target.site.type === "wireguard" ); return ( @@ -490,7 +493,7 @@ export async function getTraefikConfig( if (target.health == "unhealthy") { return false; } - + // If any sites are online, exclude offline sites if (anySitesOnline && !target.site.online) { return false; @@ -605,7 +608,10 @@ export async function getTraefikConfig( servers: (() => { // Check if any sites are online const anySitesOnline = targets.some( - (target) => target.site.online + (target) => + target.site.online || + target.site.type === "local" || + target.site.type === "wireguard" ); return targets @@ -613,7 +619,7 @@ export async function getTraefikConfig( if (!target.enabled) { return false; } - + // If any sites are online, exclude offline sites if (anySitesOnline && !target.site.online) { return false; diff --git a/server/openApi.ts b/server/openApi.ts index 13cf53bf8..7132a0327 100644 --- a/server/openApi.ts +++ b/server/openApi.ts @@ -5,18 +5,21 @@ export const registry = new OpenAPIRegistry(); export enum OpenAPITags { Site = "Site", Org = "Organization", - Resource = "Resource", + PublicResource = "Public Resource", + PrivateResource = "Private Resource", Policy = "Policy", Role = "Role", User = "User", - Invitation = "Invitation", - Target = "Target", + Invitation = "User Invitation", + Target = "Resource Target", Rule = "Rule", AccessToken = "Access Token", - Idp = "Identity Provider", + GlobalIdp = "Identity Provider (Global)", + OrgIdp = "Identity Provider (Organization Only)", Client = "Client", ApiKey = "API Key", Domain = "Domain", Blueprint = "Blueprint", - Ssh = "SSH" + Ssh = "SSH", + Logs = "Logs" } diff --git a/server/private/lib/traefik/getTraefikConfig.ts b/server/private/lib/traefik/getTraefikConfig.ts index f0343c5d4..3f6c5fdc2 100644 --- a/server/private/lib/traefik/getTraefikConfig.ts +++ b/server/private/lib/traefik/getTraefikConfig.ts @@ -665,7 +665,10 @@ export async function getTraefikConfig( // TODO: HOW TO HANDLE ^^^^^^ BETTER const anySitesOnline = targets.some( - (target) => target.site.online + (target) => + target.site.online || + target.site.type === "local" || + target.site.type === "wireguard" ); return ( @@ -793,7 +796,10 @@ export async function getTraefikConfig( servers: (() => { // Check if any sites are online const anySitesOnline = targets.some( - (target) => target.site.online + (target) => + target.site.online || + target.site.type === "local" || + target.site.type === "wireguard" ); return targets diff --git a/server/private/routers/auditLogs/exportAccessAuditLog.ts b/server/private/routers/auditLogs/exportAccessAuditLog.ts index 7e912f8c8..68a78ff6e 100644 --- a/server/private/routers/auditLogs/exportAccessAuditLog.ts +++ b/server/private/routers/auditLogs/exportAccessAuditLog.ts @@ -32,7 +32,7 @@ registry.registerPath({ method: "get", path: "/org/{orgId}/logs/access/export", description: "Export the access audit log for an organization as CSV", - tags: [OpenAPITags.Org], + tags: [OpenAPITags.Logs], request: { query: queryAccessAuditLogsQuery, params: queryAccessAuditLogsParams diff --git a/server/private/routers/auditLogs/exportActionAuditLog.ts b/server/private/routers/auditLogs/exportActionAuditLog.ts index d8987916b..853183b92 100644 --- a/server/private/routers/auditLogs/exportActionAuditLog.ts +++ b/server/private/routers/auditLogs/exportActionAuditLog.ts @@ -32,7 +32,7 @@ registry.registerPath({ method: "get", path: "/org/{orgId}/logs/action/export", description: "Export the action audit log for an organization as CSV", - tags: [OpenAPITags.Org], + tags: [OpenAPITags.Logs], request: { query: queryActionAuditLogsQuery, params: queryActionAuditLogsParams diff --git a/server/private/routers/auditLogs/queryAccessAuditLog.ts b/server/private/routers/auditLogs/queryAccessAuditLog.ts index 7830dd9dc..f0f45a826 100644 --- a/server/private/routers/auditLogs/queryAccessAuditLog.ts +++ b/server/private/routers/auditLogs/queryAccessAuditLog.ts @@ -249,7 +249,7 @@ registry.registerPath({ method: "get", path: "/org/{orgId}/logs/access", description: "Query the access audit log for an organization", - tags: [OpenAPITags.Org], + tags: [OpenAPITags.Logs], request: { query: queryAccessAuditLogsQuery, params: queryAccessAuditLogsParams diff --git a/server/private/routers/auditLogs/queryActionAuditLog.ts b/server/private/routers/auditLogs/queryActionAuditLog.ts index bd636dee2..8bbe73ee1 100644 --- a/server/private/routers/auditLogs/queryActionAuditLog.ts +++ b/server/private/routers/auditLogs/queryActionAuditLog.ts @@ -160,7 +160,7 @@ registry.registerPath({ method: "get", path: "/org/{orgId}/logs/action", description: "Query the action audit log for an organization", - tags: [OpenAPITags.Org], + tags: [OpenAPITags.Logs], request: { query: queryActionAuditLogsQuery, params: queryActionAuditLogsParams diff --git a/server/private/routers/billing/getOrgUsage.ts b/server/private/routers/billing/getOrgUsage.ts index 4c9f22f3d..cc722cec8 100644 --- a/server/private/routers/billing/getOrgUsage.ts +++ b/server/private/routers/billing/getOrgUsage.ts @@ -31,16 +31,16 @@ const getOrgSchema = z.strictObject({ orgId: z.string() }); -registry.registerPath({ - method: "get", - path: "/org/{orgId}/billing/usage", - description: "Get an organization's billing usage", - tags: [OpenAPITags.Org], - request: { - params: getOrgSchema - }, - responses: {} -}); +// registry.registerPath({ +// method: "get", +// path: "/org/{orgId}/billing/usage", +// description: "Get an organization's billing usage", +// tags: [OpenAPITags.Org], +// request: { +// params: getOrgSchema +// }, +// responses: {} +// }); export async function getOrgUsage( req: Request, diff --git a/server/private/routers/external.ts b/server/private/routers/external.ts index ae89caeb0..e0d8f240f 100644 --- a/server/private/routers/external.ts +++ b/server/private/routers/external.ts @@ -35,7 +35,6 @@ import { verifyUserIsServerAdmin, verifySiteAccess, verifyClientAccess, - verifyLimits, verifyLimits } from "@server/middlewares"; import { ActionsEnum } from "@server/auth/actions"; diff --git a/server/private/routers/orgIdp/createOrgOidcIdp.ts b/server/private/routers/orgIdp/createOrgOidcIdp.ts index 725e93c72..cc17d7cfc 100644 --- a/server/private/routers/orgIdp/createOrgOidcIdp.ts +++ b/server/private/routers/orgIdp/createOrgOidcIdp.ts @@ -52,7 +52,7 @@ registry.registerPath({ method: "put", path: "/org/{orgId}/idp/oidc", description: "Create an OIDC IdP for a specific organization.", - tags: [OpenAPITags.Idp, OpenAPITags.Org], + tags: [OpenAPITags.OrgIdp], request: { params: paramsSchema, body: { diff --git a/server/private/routers/orgIdp/deleteOrgIdp.ts b/server/private/routers/orgIdp/deleteOrgIdp.ts index 2d6b0899b..7d201dd17 100644 --- a/server/private/routers/orgIdp/deleteOrgIdp.ts +++ b/server/private/routers/orgIdp/deleteOrgIdp.ts @@ -35,7 +35,7 @@ registry.registerPath({ method: "delete", path: "/org/{orgId}/idp/{idpId}", description: "Delete IDP for a specific organization.", - tags: [OpenAPITags.Idp, OpenAPITags.Org], + tags: [OpenAPITags.OrgIdp], request: { params: paramsSchema }, diff --git a/server/private/routers/orgIdp/getOrgIdp.ts b/server/private/routers/orgIdp/getOrgIdp.ts index dd987c443..6941fc0fc 100644 --- a/server/private/routers/orgIdp/getOrgIdp.ts +++ b/server/private/routers/orgIdp/getOrgIdp.ts @@ -50,9 +50,9 @@ async function query(idpId: number, orgId: string) { registry.registerPath({ method: "get", - path: "/org/:orgId/idp/:idpId", + path: "/org/{orgId}/idp/{idpId}", description: "Get an IDP by its IDP ID for a specific organization.", - tags: [OpenAPITags.Idp, OpenAPITags.Org], + tags: [OpenAPITags.OrgIdp], request: { params: paramsSchema }, diff --git a/server/private/routers/orgIdp/listOrgIdps.ts b/server/private/routers/orgIdp/listOrgIdps.ts index b6cf48ac0..fed8a0aab 100644 --- a/server/private/routers/orgIdp/listOrgIdps.ts +++ b/server/private/routers/orgIdp/listOrgIdps.ts @@ -67,7 +67,7 @@ registry.registerPath({ method: "get", path: "/org/{orgId}/idp", description: "List all IDP for a specific organization.", - tags: [OpenAPITags.Idp, OpenAPITags.Org], + tags: [OpenAPITags.OrgIdp], request: { query: querySchema, params: paramsSchema diff --git a/server/private/routers/orgIdp/updateOrgOidcIdp.ts b/server/private/routers/orgIdp/updateOrgOidcIdp.ts index b8ee4dcb0..191f49068 100644 --- a/server/private/routers/orgIdp/updateOrgOidcIdp.ts +++ b/server/private/routers/orgIdp/updateOrgOidcIdp.ts @@ -59,7 +59,7 @@ registry.registerPath({ method: "post", path: "/org/{orgId}/idp/{idpId}/oidc", description: "Update an OIDC IdP for a specific organization.", - tags: [OpenAPITags.Idp, OpenAPITags.Org], + tags: [OpenAPITags.OrgIdp], request: { params: paramsSchema, body: { diff --git a/server/private/routers/policy/listResourcePolicies.ts b/server/private/routers/policy/listResourcePolicies.ts index 14b74729e..72d4ff39d 100644 --- a/server/private/routers/policy/listResourcePolicies.ts +++ b/server/private/routers/policy/listResourcePolicies.ts @@ -60,7 +60,7 @@ registry.registerPath({ method: "get", path: "/org/{orgId}/resource-policies", description: "List resource policies for an organization.", - tags: [OpenAPITags.Org, OpenAPITags.Resource], + tags: [OpenAPITags.Org, OpenAPITags.Policy], request: { params: z.object({ orgId: z.string() diff --git a/server/private/routers/resource/getMaintenanceInfo.ts b/server/private/routers/resource/getMaintenanceInfo.ts index cbba25194..e3e739c6e 100644 --- a/server/private/routers/resource/getMaintenanceInfo.ts +++ b/server/private/routers/resource/getMaintenanceInfo.ts @@ -52,7 +52,7 @@ registry.registerPath({ method: "get", path: "/maintenance/info", description: "Get maintenance information for a resource by domain.", - tags: [OpenAPITags.Resource], + tags: [OpenAPITags.PublicResource], request: { query: z.object({ fullDomain: z.string() diff --git a/server/routers/accessToken/generateAccessToken.ts b/server/routers/accessToken/generateAccessToken.ts index 35da6add3..9d0a7a7df 100644 --- a/server/routers/accessToken/generateAccessToken.ts +++ b/server/routers/accessToken/generateAccessToken.ts @@ -43,7 +43,7 @@ registry.registerPath({ method: "post", path: "/resource/{resourceId}/access-token", description: "Generate a new access token for a resource.", - tags: [OpenAPITags.Resource, OpenAPITags.AccessToken], + tags: [OpenAPITags.PublicResource, OpenAPITags.AccessToken], request: { params: generateAccssTokenParamsSchema, body: { diff --git a/server/routers/accessToken/listAccessTokens.ts b/server/routers/accessToken/listAccessTokens.ts index 2f929fc62..9f8747190 100644 --- a/server/routers/accessToken/listAccessTokens.ts +++ b/server/routers/accessToken/listAccessTokens.ts @@ -122,7 +122,7 @@ registry.registerPath({ method: "get", path: "/org/{orgId}/access-tokens", description: "List all access tokens in an organization.", - tags: [OpenAPITags.Org, OpenAPITags.AccessToken], + tags: [OpenAPITags.AccessToken], request: { params: z.object({ orgId: z.string() @@ -135,8 +135,8 @@ registry.registerPath({ registry.registerPath({ method: "get", path: "/resource/{resourceId}/access-tokens", - description: "List all access tokens in an organization.", - tags: [OpenAPITags.Resource, OpenAPITags.AccessToken], + description: "List all access tokens for a resource.", + tags: [OpenAPITags.PublicResource, OpenAPITags.AccessToken], request: { params: z.object({ resourceId: z.number() diff --git a/server/routers/apiKeys/createOrgApiKey.ts b/server/routers/apiKeys/createOrgApiKey.ts index d61a364b1..91ef72bc8 100644 --- a/server/routers/apiKeys/createOrgApiKey.ts +++ b/server/routers/apiKeys/createOrgApiKey.ts @@ -37,7 +37,7 @@ registry.registerPath({ method: "put", path: "/org/{orgId}/api-key", description: "Create a new API key scoped to the organization.", - tags: [OpenAPITags.Org, OpenAPITags.ApiKey], + tags: [OpenAPITags.ApiKey], request: { params: paramsSchema, body: { diff --git a/server/routers/apiKeys/deleteApiKey.ts b/server/routers/apiKeys/deleteApiKey.ts index 4b97b3530..2627fd636 100644 --- a/server/routers/apiKeys/deleteApiKey.ts +++ b/server/routers/apiKeys/deleteApiKey.ts @@ -18,7 +18,7 @@ registry.registerPath({ method: "delete", path: "/org/{orgId}/api-key/{apiKeyId}", description: "Delete an API key.", - tags: [OpenAPITags.Org, OpenAPITags.ApiKey], + tags: [OpenAPITags.ApiKey], request: { params: paramsSchema }, diff --git a/server/routers/apiKeys/listApiKeyActions.ts b/server/routers/apiKeys/listApiKeyActions.ts index 073a75831..d816d4b38 100644 --- a/server/routers/apiKeys/listApiKeyActions.ts +++ b/server/routers/apiKeys/listApiKeyActions.ts @@ -48,7 +48,7 @@ registry.registerPath({ method: "get", path: "/org/{orgId}/api-key/{apiKeyId}/actions", description: "List all actions set for an API key.", - tags: [OpenAPITags.Org, OpenAPITags.ApiKey], + tags: [OpenAPITags.ApiKey], request: { params: paramsSchema, query: querySchema diff --git a/server/routers/apiKeys/listOrgApiKeys.ts b/server/routers/apiKeys/listOrgApiKeys.ts index 53191ba63..24370665d 100644 --- a/server/routers/apiKeys/listOrgApiKeys.ts +++ b/server/routers/apiKeys/listOrgApiKeys.ts @@ -52,7 +52,7 @@ registry.registerPath({ method: "get", path: "/org/{orgId}/api-keys", description: "List all API keys for an organization", - tags: [OpenAPITags.Org, OpenAPITags.ApiKey], + tags: [OpenAPITags.ApiKey], request: { params: paramsSchema, query: querySchema diff --git a/server/routers/apiKeys/setApiKeyActions.ts b/server/routers/apiKeys/setApiKeyActions.ts index 629673886..55b3670ac 100644 --- a/server/routers/apiKeys/setApiKeyActions.ts +++ b/server/routers/apiKeys/setApiKeyActions.ts @@ -25,7 +25,7 @@ registry.registerPath({ path: "/org/{orgId}/api-key/{apiKeyId}/actions", description: "Set actions for an API key. This will replace any existing actions.", - tags: [OpenAPITags.Org, OpenAPITags.ApiKey], + tags: [OpenAPITags.ApiKey], request: { params: paramsSchema, body: { diff --git a/server/routers/auditLogs/exportRequestAuditLog.ts b/server/routers/auditLogs/exportRequestAuditLog.ts index 8b70ec5e1..14054a5c3 100644 --- a/server/routers/auditLogs/exportRequestAuditLog.ts +++ b/server/routers/auditLogs/exportRequestAuditLog.ts @@ -20,7 +20,7 @@ registry.registerPath({ method: "get", path: "/org/{orgId}/logs/request", description: "Query the request audit log for an organization", - tags: [OpenAPITags.Org], + tags: [OpenAPITags.Logs], request: { query: queryAccessAuditLogsQuery.omit({ limit: true, diff --git a/server/routers/auditLogs/queryRequestAnalytics.ts b/server/routers/auditLogs/queryRequestAnalytics.ts index e838c5f56..1e0f1f401 100644 --- a/server/routers/auditLogs/queryRequestAnalytics.ts +++ b/server/routers/auditLogs/queryRequestAnalytics.ts @@ -151,7 +151,7 @@ registry.registerPath({ method: "get", path: "/org/{orgId}/logs/analytics", description: "Query the request audit analytics for an organization", - tags: [OpenAPITags.Org], + tags: [OpenAPITags.Logs], request: { query: queryAccessAuditLogsQuery, params: queryRequestAuditLogsParams diff --git a/server/routers/auditLogs/queryRequestAuditLog.ts b/server/routers/auditLogs/queryRequestAuditLog.ts index 3b598e030..176a9e5d3 100644 --- a/server/routers/auditLogs/queryRequestAuditLog.ts +++ b/server/routers/auditLogs/queryRequestAuditLog.ts @@ -182,7 +182,7 @@ registry.registerPath({ method: "get", path: "/org/{orgId}/logs/request", description: "Query the request audit log for an organization", - tags: [OpenAPITags.Org], + tags: [OpenAPITags.Logs], request: { query: queryAccessAuditLogsQuery, params: queryRequestAuditLogsParams diff --git a/server/routers/blueprints/applyJSONBlueprint.ts b/server/routers/blueprints/applyJSONBlueprint.ts index 7eee15bf1..fa7ed46ae 100644 --- a/server/routers/blueprints/applyJSONBlueprint.ts +++ b/server/routers/blueprints/applyJSONBlueprint.ts @@ -20,7 +20,7 @@ registry.registerPath({ method: "put", path: "/org/{orgId}/blueprint", description: "Apply a base64 encoded JSON blueprint to an organization", - tags: [OpenAPITags.Org, OpenAPITags.Blueprint], + tags: [OpenAPITags.Blueprint], request: { params: applyBlueprintParamsSchema, body: { diff --git a/server/routers/blueprints/applyYAMLBlueprint.ts b/server/routers/blueprints/applyYAMLBlueprint.ts index 19751e469..665943edd 100644 --- a/server/routers/blueprints/applyYAMLBlueprint.ts +++ b/server/routers/blueprints/applyYAMLBlueprint.ts @@ -43,7 +43,7 @@ registry.registerPath({ method: "put", path: "/org/{orgId}/blueprint", description: "Create and apply a YAML blueprint to an organization", - tags: [OpenAPITags.Org, OpenAPITags.Blueprint], + tags: [OpenAPITags.Blueprint], request: { params: applyBlueprintParamsSchema, body: { diff --git a/server/routers/blueprints/getBlueprint.ts b/server/routers/blueprints/getBlueprint.ts index 915e04814..ea2ac2d05 100644 --- a/server/routers/blueprints/getBlueprint.ts +++ b/server/routers/blueprints/getBlueprint.ts @@ -53,7 +53,7 @@ registry.registerPath({ method: "get", path: "/org/{orgId}/blueprint/{blueprintId}", description: "Get a blueprint by its blueprint ID.", - tags: [OpenAPITags.Org, OpenAPITags.Blueprint], + tags: [OpenAPITags.Blueprint], request: { params: getBlueprintSchema }, diff --git a/server/routers/blueprints/listBlueprints.ts b/server/routers/blueprints/listBlueprints.ts index 2ece9e53d..0235e7a18 100644 --- a/server/routers/blueprints/listBlueprints.ts +++ b/server/routers/blueprints/listBlueprints.ts @@ -67,7 +67,7 @@ registry.registerPath({ method: "get", path: "/org/{orgId}/blueprints", description: "List all blueprints for a organization.", - tags: [OpenAPITags.Org, OpenAPITags.Blueprint], + tags: [OpenAPITags.Blueprint], request: { params: z.object({ orgId: z.string() diff --git a/server/routers/client/createClient.ts b/server/routers/client/createClient.ts index 4eafb0616..6f26d8cf3 100644 --- a/server/routers/client/createClient.ts +++ b/server/routers/client/createClient.ts @@ -48,7 +48,7 @@ registry.registerPath({ method: "put", path: "/org/{orgId}/client", description: "Create a new client for an organization.", - tags: [OpenAPITags.Client, OpenAPITags.Org], + tags: [OpenAPITags.Client], request: { params: createClientParamsSchema, body: { diff --git a/server/routers/client/createUserClient.ts b/server/routers/client/createUserClient.ts index 5e9840f9d..d61eab15f 100644 --- a/server/routers/client/createUserClient.ts +++ b/server/routers/client/createUserClient.ts @@ -49,7 +49,7 @@ registry.registerPath({ path: "/org/{orgId}/user/{userId}/client", description: "Create a new client for a user and associate it with an existing olm.", - tags: [OpenAPITags.Client, OpenAPITags.Org, OpenAPITags.User], + tags: [OpenAPITags.Client], request: { params: paramsSchema, body: { diff --git a/server/routers/client/getClient.ts b/server/routers/client/getClient.ts index bb2ff8fda..375c027a7 100644 --- a/server/routers/client/getClient.ts +++ b/server/routers/client/getClient.ts @@ -243,7 +243,7 @@ registry.registerPath({ path: "/org/{orgId}/client/{niceId}", description: "Get a client by orgId and niceId. NiceId is a readable ID for the site and unique on a per org basis.", - tags: [OpenAPITags.Org, OpenAPITags.Site], + tags: [OpenAPITags.Site], request: { params: z.object({ orgId: z.string(), diff --git a/server/routers/client/listClients.ts b/server/routers/client/listClients.ts index 59f9137d2..84226a6dc 100644 --- a/server/routers/client/listClients.ts +++ b/server/routers/client/listClients.ts @@ -237,7 +237,7 @@ registry.registerPath({ method: "get", path: "/org/{orgId}/clients", description: "List all clients for an organization.", - tags: [OpenAPITags.Client, OpenAPITags.Org], + tags: [OpenAPITags.Client], request: { query: listClientsSchema, params: listClientsParamsSchema diff --git a/server/routers/client/listUserDevices.ts b/server/routers/client/listUserDevices.ts index 54fffe43b..eb63812c6 100644 --- a/server/routers/client/listUserDevices.ts +++ b/server/routers/client/listUserDevices.ts @@ -256,7 +256,7 @@ registry.registerPath({ method: "get", path: "/org/{orgId}/user-devices", description: "List all user devices for an organization.", - tags: [OpenAPITags.Client, OpenAPITags.Org], + tags: [OpenAPITags.Client], request: { query: listUserDevicesSchema, params: listUserDevicesParamsSchema diff --git a/server/routers/client/pickClientDefaults.ts b/server/routers/client/pickClientDefaults.ts index fd31da127..5dffd77d7 100644 --- a/server/routers/client/pickClientDefaults.ts +++ b/server/routers/client/pickClientDefaults.ts @@ -23,7 +23,7 @@ registry.registerPath({ method: "get", path: "/org/{orgId}/pick-client-defaults", description: "Return pre-requisite data for creating a client.", - tags: [OpenAPITags.Client, OpenAPITags.Site], + tags: [OpenAPITags.Client], request: { params: pickClientDefaultsSchema }, diff --git a/server/routers/domain/listDomains.ts b/server/routers/domain/listDomains.ts index 20b236346..88cd5d7c7 100644 --- a/server/routers/domain/listDomains.ts +++ b/server/routers/domain/listDomains.ts @@ -59,7 +59,7 @@ registry.registerPath({ method: "get", path: "/org/{orgId}/domains", description: "List all domains for a organization.", - tags: [OpenAPITags.Org], + tags: [OpenAPITags.Domain], request: { params: z.object({ orgId: z.string() diff --git a/server/routers/external.ts b/server/routers/external.ts index faee76486..6e74e44a9 100644 --- a/server/routers/external.ts +++ b/server/routers/external.ts @@ -693,13 +693,6 @@ authenticated.post( resource.setResourceUsers ); -authenticated.get( - "/resource-policy/:resourcePolicyId/roles", - verifyResourcePolicyAccess, - verifyUserHasAction(ActionsEnum.listResourcePolicyRoles), - resource.listResourcePolicyRoles -); - authenticated.put( "/resource-policy/:resourcePolicyId/access-control", verifyResourcePolicyAccess, @@ -708,32 +701,6 @@ authenticated.put( policy.setResourcePolicyAccessControl ); -authenticated.get( - "/resource-policy/:resourcePolicyId/users", - verifyResourcePolicyAccess, - verifyUserHasAction(ActionsEnum.listResourcePolicyUsers), - resource.listResourcePolicyUsers -); - -authenticated.post( - "/resource-policy/:resourcePolicyId/roles", - verifyResourcePolicyAccess, - verifyRoleAccess, - verifyLimits, - verifyUserHasAction(ActionsEnum.setResourcePolicyRoles), - logActionAudit(ActionsEnum.setResourcePolicyRoles), - resource.setResourcePolicyRoles -); - -authenticated.post( - "/resource-policy/:resourcePolicyId/users", - verifyResourcePolicyAccess, - verifyLimits, - verifyUserHasAction(ActionsEnum.setResourcePolicyUsers), - logActionAudit(ActionsEnum.setResourcePolicyUsers), - resource.setResourcePolicyUsers -); - authenticated.put( "/resource-policy/:resourcePolicyId/password", verifyResourcePolicyAccess, diff --git a/server/routers/idp/createIdpOrgPolicy.ts b/server/routers/idp/createIdpOrgPolicy.ts index dc7af5377..da12bc12a 100644 --- a/server/routers/idp/createIdpOrgPolicy.ts +++ b/server/routers/idp/createIdpOrgPolicy.ts @@ -27,7 +27,7 @@ registry.registerPath({ method: "put", path: "/idp/{idpId}/org/{orgId}", description: "Create an IDP policy for an existing IDP on an organization.", - tags: [OpenAPITags.Idp], + tags: [OpenAPITags.GlobalIdp], request: { params: paramsSchema, body: { diff --git a/server/routers/idp/createOidcIdp.ts b/server/routers/idp/createOidcIdp.ts index 03626bfde..5b53f6820 100644 --- a/server/routers/idp/createOidcIdp.ts +++ b/server/routers/idp/createOidcIdp.ts @@ -37,7 +37,7 @@ registry.registerPath({ method: "put", path: "/idp/oidc", description: "Create an OIDC IdP.", - tags: [OpenAPITags.Idp], + tags: [OpenAPITags.GlobalIdp], request: { body: { content: { diff --git a/server/routers/idp/deleteIdp.ts b/server/routers/idp/deleteIdp.ts index f2b550993..8c15eada1 100644 --- a/server/routers/idp/deleteIdp.ts +++ b/server/routers/idp/deleteIdp.ts @@ -21,7 +21,7 @@ registry.registerPath({ method: "delete", path: "/idp/{idpId}", description: "Delete IDP.", - tags: [OpenAPITags.Idp], + tags: [OpenAPITags.GlobalIdp], request: { params: paramsSchema }, diff --git a/server/routers/idp/deleteIdpOrgPolicy.ts b/server/routers/idp/deleteIdpOrgPolicy.ts index b52a37df2..6793474a8 100644 --- a/server/routers/idp/deleteIdpOrgPolicy.ts +++ b/server/routers/idp/deleteIdpOrgPolicy.ts @@ -19,7 +19,7 @@ registry.registerPath({ method: "delete", path: "/idp/{idpId}/org/{orgId}", description: "Create an OIDC IdP for an organization.", - tags: [OpenAPITags.Idp], + tags: [OpenAPITags.GlobalIdp], request: { params: paramsSchema }, diff --git a/server/routers/idp/getIdp.ts b/server/routers/idp/getIdp.ts index 072537513..db199f2d6 100644 --- a/server/routers/idp/getIdp.ts +++ b/server/routers/idp/getIdp.ts @@ -34,7 +34,7 @@ registry.registerPath({ method: "get", path: "/idp/{idpId}", description: "Get an IDP by its IDP ID.", - tags: [OpenAPITags.Idp], + tags: [OpenAPITags.GlobalIdp], request: { params: paramsSchema }, diff --git a/server/routers/idp/listIdpOrgPolicies.ts b/server/routers/idp/listIdpOrgPolicies.ts index 9f7cdb42b..ecfd6f33a 100644 --- a/server/routers/idp/listIdpOrgPolicies.ts +++ b/server/routers/idp/listIdpOrgPolicies.ts @@ -48,7 +48,7 @@ registry.registerPath({ method: "get", path: "/idp/{idpId}/org", description: "List all org policies on an IDP.", - tags: [OpenAPITags.Idp], + tags: [OpenAPITags.GlobalIdp], request: { params: paramsSchema, query: querySchema diff --git a/server/routers/idp/listIdps.ts b/server/routers/idp/listIdps.ts index 9dda11bbf..ca0fd5fbf 100644 --- a/server/routers/idp/listIdps.ts +++ b/server/routers/idp/listIdps.ts @@ -58,7 +58,7 @@ registry.registerPath({ method: "get", path: "/idp", description: "List all IDP in the system.", - tags: [OpenAPITags.Idp], + tags: [OpenAPITags.GlobalIdp], request: { query: querySchema }, diff --git a/server/routers/idp/updateIdpOrgPolicy.ts b/server/routers/idp/updateIdpOrgPolicy.ts index ea08de420..5a9f882d4 100644 --- a/server/routers/idp/updateIdpOrgPolicy.ts +++ b/server/routers/idp/updateIdpOrgPolicy.ts @@ -26,7 +26,7 @@ registry.registerPath({ method: "post", path: "/idp/{idpId}/org/{orgId}", description: "Update an IDP org policy.", - tags: [OpenAPITags.Idp], + tags: [OpenAPITags.GlobalIdp], request: { params: paramsSchema, body: { diff --git a/server/routers/idp/updateOidcIdp.ts b/server/routers/idp/updateOidcIdp.ts index 82aed75ce..fe32a8b08 100644 --- a/server/routers/idp/updateOidcIdp.ts +++ b/server/routers/idp/updateOidcIdp.ts @@ -42,7 +42,7 @@ registry.registerPath({ method: "post", path: "/idp/{idpId}/oidc", description: "Update an OIDC IdP.", - tags: [OpenAPITags.Idp], + tags: [OpenAPITags.GlobalIdp], request: { params: paramsSchema, body: { diff --git a/server/routers/newt/buildConfiguration.ts b/server/routers/newt/buildConfiguration.ts index e349f24e8..65cb18a21 100644 --- a/server/routers/newt/buildConfiguration.ts +++ b/server/routers/newt/buildConfiguration.ts @@ -230,7 +230,7 @@ export async function buildTargetConfigurationForNewtClient(siteId: number) { !target.hcMethod ) { logger.debug( - `Skipping target ${target.targetId} due to missing health check fields` + `Skipping adding target health check ${target.targetId} due to missing health check fields` ); return null; // Skip targets with missing health check fields } diff --git a/server/routers/policy/setResourcePolicyAccessControl.ts b/server/routers/policy/setResourcePolicyAccessControl.ts index 7bbbe8a38..1f91d8ccc 100644 --- a/server/routers/policy/setResourcePolicyAccessControl.ts +++ b/server/routers/policy/setResourcePolicyAccessControl.ts @@ -35,7 +35,7 @@ registry.registerPath({ path: "/resource-policy/{resourceId}/access-control", description: "Set access control users for a resource policy, including SSO, users, roles, Identity provider.", - tags: [OpenAPITags.Resource, OpenAPITags.User], + tags: [OpenAPITags.Policy, OpenAPITags.User], request: { params: setResourcePolicyAccessControlParamsSchema, body: { diff --git a/server/routers/policy/setResourcePolicyHeaderAuth.ts b/server/routers/policy/setResourcePolicyHeaderAuth.ts index 6291ee24e..368f9b05e 100644 --- a/server/routers/policy/setResourcePolicyHeaderAuth.ts +++ b/server/routers/policy/setResourcePolicyHeaderAuth.ts @@ -29,7 +29,7 @@ registry.registerPath({ path: "/resource-policy/{resourcePolicyId}/header-auth", description: "Set or update the header authentication for a resource policy. If user and password is not provided, it will remove the header authentication.", - tags: [OpenAPITags.Resource], + tags: [OpenAPITags.Policy], request: { params: setResourcePolicyHeaderAuthParamsSchema, body: { diff --git a/server/routers/policy/setResourcePolicyPassword.ts b/server/routers/policy/setResourcePolicyPassword.ts index d3072d7d9..dd436a7bf 100644 --- a/server/routers/policy/setResourcePolicyPassword.ts +++ b/server/routers/policy/setResourcePolicyPassword.ts @@ -24,7 +24,7 @@ registry.registerPath({ path: "/resource-policy/{resourcePolicyId}/password", description: "Set the password for a resource policy. Setting the password to null will remove it.", - tags: [OpenAPITags.Resource], + tags: [OpenAPITags.Policy], request: { params: setResourcePolicyPasswordParamsSchema, body: { diff --git a/server/routers/policy/setResourcePolicyPincode.ts b/server/routers/policy/setResourcePolicyPincode.ts index 08f195ff3..f99691275 100644 --- a/server/routers/policy/setResourcePolicyPincode.ts +++ b/server/routers/policy/setResourcePolicyPincode.ts @@ -27,7 +27,7 @@ registry.registerPath({ path: "/resource-policy/{resourcePolicyId}/pincode", description: "Set the PIN code for a resource policy. Setting the PIN code to null will remove it.", - tags: [OpenAPITags.Resource], + tags: [OpenAPITags.Policy], request: { params: setResourcePolicyPincodeParamsSchema, body: { @@ -78,10 +78,7 @@ export async function setResourcePolicyPincode( await trx .delete(resourcePolicyPincode) .where( - eq( - resourcePolicyPincode.resourcePolicyId, - resourcePolicyId - ) + eq(resourcePolicyPincode.resourcePolicyId, resourcePolicyId) ); if (pincode) { diff --git a/server/routers/policy/setResourcePolicyWhitelist.ts b/server/routers/policy/setResourcePolicyWhitelist.ts index 63fabeaa0..0bffacec2 100644 --- a/server/routers/policy/setResourcePolicyWhitelist.ts +++ b/server/routers/policy/setResourcePolicyWhitelist.ts @@ -32,7 +32,7 @@ registry.registerPath({ path: "/resource-policy/{resourcePolicyId}/whitelist", description: "Set email whitelist for a resource policy. This will replace all existing emails.", - tags: [OpenAPITags.Resource], + tags: [OpenAPITags.Policy], request: { params: setResourcePolicyWhitelistParamsSchema, body: { diff --git a/server/routers/resource/addEmailToResourceWhitelist.ts b/server/routers/resource/addEmailToResourceWhitelist.ts index 53828b44c..27ba34699 100644 --- a/server/routers/resource/addEmailToResourceWhitelist.ts +++ b/server/routers/resource/addEmailToResourceWhitelist.ts @@ -29,7 +29,7 @@ registry.registerPath({ method: "post", path: "/resource/{resourceId}/whitelist/add", description: "Add a single email to the resource whitelist.", - tags: [OpenAPITags.Resource], + tags: [OpenAPITags.PublicResource], request: { params: addEmailToResourceWhitelistParamsSchema, body: { diff --git a/server/routers/resource/addRoleToResource.ts b/server/routers/resource/addRoleToResource.ts index ba344c6c0..7a5c8fb63 100644 --- a/server/routers/resource/addRoleToResource.ts +++ b/server/routers/resource/addRoleToResource.ts @@ -29,7 +29,7 @@ registry.registerPath({ method: "post", path: "/resource/{resourceId}/roles/add", description: "Add a single role to a resource.", - tags: [OpenAPITags.Resource, OpenAPITags.Role], + tags: [OpenAPITags.PublicResource, OpenAPITags.Role], request: { params: addRoleToResourceParamsSchema, body: { diff --git a/server/routers/resource/addUserToResource.ts b/server/routers/resource/addUserToResource.ts index ee6081ff8..9880d9c27 100644 --- a/server/routers/resource/addUserToResource.ts +++ b/server/routers/resource/addUserToResource.ts @@ -29,7 +29,7 @@ registry.registerPath({ method: "post", path: "/resource/{resourceId}/users/add", description: "Add a single user to a resource.", - tags: [OpenAPITags.Resource, OpenAPITags.User], + tags: [OpenAPITags.PublicResource, OpenAPITags.User], request: { params: addUserToResourceParamsSchema, body: { diff --git a/server/routers/resource/createResource.ts b/server/routers/resource/createResource.ts index 8795b188d..3ff059a28 100644 --- a/server/routers/resource/createResource.ts +++ b/server/routers/resource/createResource.ts @@ -78,7 +78,7 @@ registry.registerPath({ method: "put", path: "/org/{orgId}/resource", description: "Create a resource.", - tags: [OpenAPITags.Org, OpenAPITags.Resource], + tags: [OpenAPITags.PublicResource], request: { params: createResourceParamsSchema, body: { diff --git a/server/routers/resource/createResourceRule.ts b/server/routers/resource/createResourceRule.ts index a516d14af..b2ce2ee7c 100644 --- a/server/routers/resource/createResourceRule.ts +++ b/server/routers/resource/createResourceRule.ts @@ -31,7 +31,7 @@ registry.registerPath({ method: "put", path: "/resource/{resourceId}/rule", description: "Create a resource rule.", - tags: [OpenAPITags.Resource, OpenAPITags.Rule], + tags: [OpenAPITags.PublicResource, OpenAPITags.Rule], request: { params: createResourceRuleParamsSchema, body: { diff --git a/server/routers/resource/deleteResource.ts b/server/routers/resource/deleteResource.ts index d8891d75d..e63301867 100644 --- a/server/routers/resource/deleteResource.ts +++ b/server/routers/resource/deleteResource.ts @@ -22,7 +22,7 @@ registry.registerPath({ method: "delete", path: "/resource/{resourceId}", description: "Delete a resource.", - tags: [OpenAPITags.Resource], + tags: [OpenAPITags.PublicResource], request: { params: deleteResourceSchema }, diff --git a/server/routers/resource/deleteResourceRule.ts b/server/routers/resource/deleteResourceRule.ts index 638f2e1de..0fe9007f8 100644 --- a/server/routers/resource/deleteResourceRule.ts +++ b/server/routers/resource/deleteResourceRule.ts @@ -19,7 +19,7 @@ registry.registerPath({ method: "delete", path: "/resource/{resourceId}/rule/{ruleId}", description: "Delete a resource rule.", - tags: [OpenAPITags.Resource, OpenAPITags.Rule], + tags: [OpenAPITags.PublicResource, OpenAPITags.Rule], request: { params: deleteResourceRuleSchema }, diff --git a/server/routers/resource/getResource.ts b/server/routers/resource/getResource.ts index 7f3e8a0ea..cd870dcbf 100644 --- a/server/routers/resource/getResource.ts +++ b/server/routers/resource/getResource.ts @@ -54,7 +54,7 @@ registry.registerPath({ path: "/org/{orgId}/resource/{niceId}", description: "Get a resource by orgId and niceId. NiceId is a readable ID for the resource and unique on a per org basis.", - tags: [OpenAPITags.Org, OpenAPITags.Resource], + tags: [OpenAPITags.PublicResource], request: { params: z.object({ orgId: z.string(), @@ -68,7 +68,7 @@ registry.registerPath({ method: "get", path: "/resource/{resourceId}", description: "Get a resource by resourceId.", - tags: [OpenAPITags.Resource], + tags: [OpenAPITags.PublicResource], request: { params: z.object({ resourceId: z.number() diff --git a/server/routers/resource/getResourceWhitelist.ts b/server/routers/resource/getResourceWhitelist.ts index 52cff0c72..5eb05184f 100644 --- a/server/routers/resource/getResourceWhitelist.ts +++ b/server/routers/resource/getResourceWhitelist.ts @@ -31,7 +31,7 @@ registry.registerPath({ method: "get", path: "/resource/{resourceId}/whitelist", description: "Get the whitelist of emails for a specific resource.", - tags: [OpenAPITags.Resource], + tags: [OpenAPITags.PublicResource], request: { params: getResourceWhitelistSchema }, diff --git a/server/routers/resource/index.ts b/server/routers/resource/index.ts index 3a6ff49f6..3ada13d85 100644 --- a/server/routers/resource/index.ts +++ b/server/routers/resource/index.ts @@ -31,7 +31,3 @@ export * from "./addUserToResource"; export * from "./removeUserFromResource"; export * from "./listAllResourceNames"; export * from "./removeEmailFromResourceWhitelist"; -export * from "./listResourcePolicyRoles"; -export * from "./listResourcePolicyUsers"; -export * from "./setResourcePolicyRoles"; -export * from "./setResourcePolicyUsers"; diff --git a/server/routers/resource/listAllResourceNames.ts b/server/routers/resource/listAllResourceNames.ts index df78e2640..37ae945fd 100644 --- a/server/routers/resource/listAllResourceNames.ts +++ b/server/routers/resource/listAllResourceNames.ts @@ -33,7 +33,7 @@ registry.registerPath({ method: "get", path: "/org/{orgId}/resources-names", description: "List all resource names for an organization.", - tags: [OpenAPITags.Org, OpenAPITags.Resource], + tags: [OpenAPITags.PublicResource], request: { params: z.object({ orgId: z.string() diff --git a/server/routers/resource/listResourcePolicyRoles.ts b/server/routers/resource/listResourcePolicyRoles.ts deleted file mode 100644 index 187e46d6b..000000000 --- a/server/routers/resource/listResourcePolicyRoles.ts +++ /dev/null @@ -1,80 +0,0 @@ -import { Request, Response, NextFunction } from "express"; -import { z } from "zod"; -import { db } from "@server/db"; -import { roleResources, roles } from "@server/db"; -import { eq } from "drizzle-orm"; -import response from "@server/lib/response"; -import HttpCode from "@server/types/HttpCode"; -import createHttpError from "http-errors"; -import logger from "@server/logger"; -import { fromError } from "zod-validation-error"; -import { OpenAPITags, registry } from "@server/openApi"; - -const listResourcePolicyRolesSchema = z.strictObject({ - resourcePolicyId: z.string().transform(Number).pipe(z.int().positive()) -}); - -async function query(resourcePolicyId: number) { - return await db - .selectDistinct({ - roleId: roles.roleId, - name: roles.name, - description: roles.description, - isAdmin: roles.isAdmin - }) - .from(roleResources) - .innerJoin(roles, eq(roleResources.roleId, roles.roleId)) - .where(eq(roleResources.resourcePolicyId, resourcePolicyId)); -} - -export type ListResourcePolicyRolesResponse = { - roles: NonNullable>>; -}; - -registry.registerPath({ - method: "get", - path: "/resource-policy/{resourcePolicyId}/roles", - description: "List all roles for a resource policy.", - tags: [OpenAPITags.Resource, OpenAPITags.Role], - request: { - params: listResourcePolicyRolesSchema - }, - responses: {} -}); - -export async function listResourcePolicyRoles( - req: Request, - res: Response, - next: NextFunction -): Promise { - try { - const parsedParams = listResourcePolicyRolesSchema.safeParse(req.params); - if (!parsedParams.success) { - return next( - createHttpError( - HttpCode.BAD_REQUEST, - fromError(parsedParams.error).toString() - ) - ); - } - - const { resourcePolicyId } = parsedParams.data; - - const policyRolesList = await query(resourcePolicyId); - - return response(res, { - data: { - roles: policyRolesList - }, - success: true, - error: false, - message: "Resource policy roles retrieved successfully", - status: HttpCode.OK - }); - } catch (error) { - logger.error(error); - return next( - createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") - ); - } -} diff --git a/server/routers/resource/listResourcePolicyUsers.ts b/server/routers/resource/listResourcePolicyUsers.ts deleted file mode 100644 index a67366bb8..000000000 --- a/server/routers/resource/listResourcePolicyUsers.ts +++ /dev/null @@ -1,85 +0,0 @@ -import { Request, Response, NextFunction } from "express"; -import { z } from "zod"; -import { db } from "@server/db"; -import { idp, userResources, users } from "@server/db"; -import { eq } from "drizzle-orm"; -import response from "@server/lib/response"; -import HttpCode from "@server/types/HttpCode"; -import createHttpError from "http-errors"; -import logger from "@server/logger"; -import { fromError } from "zod-validation-error"; -import { OpenAPITags, registry } from "@server/openApi"; - -const listResourcePolicyUsersSchema = z.strictObject({ - resourcePolicyId: z.string().transform(Number).pipe(z.int().positive()) -}); - -async function queryUsers(resourcePolicyId: number) { - return await db - .selectDistinct({ - userId: userResources.userId, - username: users.username, - type: users.type, - idpName: idp.name, - idpId: users.idpId, - email: users.email - }) - .from(userResources) - .innerJoin(users, eq(userResources.userId, users.userId)) - .leftJoin(idp, eq(users.idpId, idp.idpId)) - .where(eq(userResources.resourcePolicyId, resourcePolicyId)); -} - -export type ListResourcePolicyUsersResponse = { - users: NonNullable>>; -}; - -registry.registerPath({ - method: "get", - path: "/resource-policy/{resourcePolicyId}/users", - description: "List all users for a resource policy.", - tags: [OpenAPITags.Resource, OpenAPITags.User], - request: { - params: listResourcePolicyUsersSchema - }, - responses: {} -}); - -export async function listResourcePolicyUsers( - req: Request, - res: Response, - next: NextFunction -): Promise { - try { - const parsedParams = listResourcePolicyUsersSchema.safeParse( - req.params - ); - if (!parsedParams.success) { - return next( - createHttpError( - HttpCode.BAD_REQUEST, - fromError(parsedParams.error).toString() - ) - ); - } - - const { resourcePolicyId } = parsedParams.data; - - const policyUsersList = await queryUsers(resourcePolicyId); - - return response(res, { - data: { - users: policyUsersList - }, - success: true, - error: false, - message: "Resource policy users retrieved successfully", - status: HttpCode.OK - }); - } catch (error) { - logger.error(error); - return next( - createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") - ); - } -} diff --git a/server/routers/resource/listResourceRoles.ts b/server/routers/resource/listResourceRoles.ts index 68dc58a21..4af631191 100644 --- a/server/routers/resource/listResourceRoles.ts +++ b/server/routers/resource/listResourceRoles.ts @@ -35,7 +35,7 @@ registry.registerPath({ method: "get", path: "/resource/{resourceId}/roles", description: "List all roles for a resource.", - tags: [OpenAPITags.Resource, OpenAPITags.Role], + tags: [OpenAPITags.PublicResource, OpenAPITags.Role], request: { params: listResourceRolesSchema }, diff --git a/server/routers/resource/listResourceRules.ts b/server/routers/resource/listResourceRules.ts index dae7922d9..92d738cbb 100644 --- a/server/routers/resource/listResourceRules.ts +++ b/server/routers/resource/listResourceRules.ts @@ -56,7 +56,7 @@ registry.registerPath({ method: "get", path: "/resource/{resourceId}/rules", description: "List rules for a resource.", - tags: [OpenAPITags.Resource, OpenAPITags.Rule], + tags: [OpenAPITags.PublicResource, OpenAPITags.Rule], request: { params: listResourceRulesParamsSchema, query: listResourceRulesSchema diff --git a/server/routers/resource/listResourceUsers.ts b/server/routers/resource/listResourceUsers.ts index e7f73287e..2802ac827 100644 --- a/server/routers/resource/listResourceUsers.ts +++ b/server/routers/resource/listResourceUsers.ts @@ -38,7 +38,7 @@ registry.registerPath({ method: "get", path: "/resource/{resourceId}/users", description: "List all users for a resource.", - tags: [OpenAPITags.Resource, OpenAPITags.User], + tags: [OpenAPITags.PublicResource, OpenAPITags.User], request: { params: listResourceUsersSchema }, diff --git a/server/routers/resource/listResources.ts b/server/routers/resource/listResources.ts index f00b0294c..f9dd14e98 100644 --- a/server/routers/resource/listResources.ts +++ b/server/routers/resource/listResources.ts @@ -225,7 +225,7 @@ registry.registerPath({ method: "get", path: "/org/{orgId}/resources", description: "List resources for an organization.", - tags: [OpenAPITags.Org, OpenAPITags.Resource], + tags: [OpenAPITags.PublicResource], request: { params: z.object({ orgId: z.string() diff --git a/server/routers/resource/removeEmailFromResourceWhitelist.ts b/server/routers/resource/removeEmailFromResourceWhitelist.ts index d60133b85..f419c4136 100644 --- a/server/routers/resource/removeEmailFromResourceWhitelist.ts +++ b/server/routers/resource/removeEmailFromResourceWhitelist.ts @@ -29,7 +29,7 @@ registry.registerPath({ method: "post", path: "/resource/{resourceId}/whitelist/remove", description: "Remove a single email from the resource whitelist.", - tags: [OpenAPITags.Resource], + tags: [OpenAPITags.PublicResource], request: { params: removeEmailFromResourceWhitelistParamsSchema, body: { diff --git a/server/routers/resource/removeRoleFromResource.ts b/server/routers/resource/removeRoleFromResource.ts index eab7660c3..eef55277b 100644 --- a/server/routers/resource/removeRoleFromResource.ts +++ b/server/routers/resource/removeRoleFromResource.ts @@ -29,7 +29,7 @@ registry.registerPath({ method: "post", path: "/resource/{resourceId}/roles/remove", description: "Remove a single role from a resource.", - tags: [OpenAPITags.Resource, OpenAPITags.Role], + tags: [OpenAPITags.PublicResource, OpenAPITags.Role], request: { params: removeRoleFromResourceParamsSchema, body: { diff --git a/server/routers/resource/removeUserFromResource.ts b/server/routers/resource/removeUserFromResource.ts index 9da96d3c8..152316e62 100644 --- a/server/routers/resource/removeUserFromResource.ts +++ b/server/routers/resource/removeUserFromResource.ts @@ -29,7 +29,7 @@ registry.registerPath({ method: "post", path: "/resource/{resourceId}/users/remove", description: "Remove a single user from a resource.", - tags: [OpenAPITags.Resource, OpenAPITags.User], + tags: [OpenAPITags.PublicResource, OpenAPITags.User], request: { params: removeUserFromResourceParamsSchema, body: { diff --git a/server/routers/resource/setResourceHeaderAuth.ts b/server/routers/resource/setResourceHeaderAuth.ts index edd911cb8..9c28bf9f0 100644 --- a/server/routers/resource/setResourceHeaderAuth.ts +++ b/server/routers/resource/setResourceHeaderAuth.ts @@ -29,7 +29,7 @@ registry.registerPath({ path: "/resource/{resourceId}/header-auth", description: "Set or update the header authentication for a resource. If user and password is not provided, it will remove the header authentication.", - tags: [OpenAPITags.Resource], + tags: [OpenAPITags.PublicResource], request: { params: setResourceAuthMethodsParamsSchema, body: { diff --git a/server/routers/resource/setResourcePassword.ts b/server/routers/resource/setResourcePassword.ts index 9bd845a4e..d9fcb5f0b 100644 --- a/server/routers/resource/setResourcePassword.ts +++ b/server/routers/resource/setResourcePassword.ts @@ -25,7 +25,7 @@ registry.registerPath({ path: "/resource/{resourceId}/password", description: "Set the password for a resource. Setting the password to null will remove it.", - tags: [OpenAPITags.Resource], + tags: [OpenAPITags.PublicResource], request: { params: setResourceAuthMethodsParamsSchema, body: { diff --git a/server/routers/resource/setResourcePincode.ts b/server/routers/resource/setResourcePincode.ts index 0d5272731..54057ba08 100644 --- a/server/routers/resource/setResourcePincode.ts +++ b/server/routers/resource/setResourcePincode.ts @@ -29,7 +29,7 @@ registry.registerPath({ path: "/resource/{resourceId}/pincode", description: "Set the PIN code for a resource. Setting the PIN code to null will remove it.", - tags: [OpenAPITags.Resource], + tags: [OpenAPITags.PublicResource], request: { params: setResourceAuthMethodsParamsSchema, body: { diff --git a/server/routers/resource/setResourcePolicyRoles.ts b/server/routers/resource/setResourcePolicyRoles.ts deleted file mode 100644 index 2a5134f4e..000000000 --- a/server/routers/resource/setResourcePolicyRoles.ts +++ /dev/null @@ -1,165 +0,0 @@ -import { Request, Response, NextFunction } from "express"; -import { z } from "zod"; -import { db } from "@server/db"; -import { resourcePolicies, resources, roleResources, roles } from "@server/db"; -import response from "@server/lib/response"; -import HttpCode from "@server/types/HttpCode"; -import createHttpError from "http-errors"; -import logger from "@server/logger"; -import { fromError } from "zod-validation-error"; -import { eq, and, ne, inArray } from "drizzle-orm"; -import { OpenAPITags, registry } from "@server/openApi"; - -const setResourcePolicyRolesBodySchema = z.strictObject({ - roleIds: z.array(z.int().positive()) -}); - -const setResourcePolicyRolesParamsSchema = z.strictObject({ - resourcePolicyId: z.string().transform(Number).pipe(z.int().positive()) -}); - -registry.registerPath({ - method: "post", - path: "/resource-policy/{resourcePolicyId}/roles", - description: - "Set roles for a resource policy. This will replace all existing roles across all resources under this policy.", - tags: [OpenAPITags.Resource, OpenAPITags.Role], - request: { - params: setResourcePolicyRolesParamsSchema, - body: { - content: { - "application/json": { - schema: setResourcePolicyRolesBodySchema - } - } - } - }, - responses: {} -}); - -export async function setResourcePolicyRoles( - req: Request, - res: Response, - next: NextFunction -): Promise { - try { - const parsedBody = setResourcePolicyRolesBodySchema.safeParse(req.body); - if (!parsedBody.success) { - return next( - createHttpError( - HttpCode.BAD_REQUEST, - fromError(parsedBody.error).toString() - ) - ); - } - - const { roleIds } = parsedBody.data; - - const parsedParams = setResourcePolicyRolesParamsSchema.safeParse( - req.params - ); - if (!parsedParams.success) { - return next( - createHttpError( - HttpCode.BAD_REQUEST, - fromError(parsedParams.error).toString() - ) - ); - } - - const { resourcePolicyId } = parsedParams.data; - - const [policy] = await db - .select() - .from(resourcePolicies) - .where(eq(resourcePolicies.resourcePolicyId, resourcePolicyId)) - .limit(1); - - if (!policy) { - return next( - createHttpError(HttpCode.NOT_FOUND, "Resource policy not found") - ); - } - - // Check if any of the roleIds are admin roles - const rolesToCheck = await db - .select() - .from(roles) - .where( - and( - inArray(roles.roleId, roleIds), - eq(roles.orgId, policy.orgId) - ) - ); - - const hasAdminRole = rolesToCheck.some((role) => role.isAdmin); - if (hasAdminRole) { - return next( - createHttpError( - HttpCode.BAD_REQUEST, - "Admin role cannot be assigned to resource policies" - ) - ); - } - - // Get admin role IDs for this org to exclude from deletion - const adminRoles = await db - .select() - .from(roles) - .where( - and(eq(roles.isAdmin, true), eq(roles.orgId, policy.orgId)) - ); - const adminRoleIds = adminRoles.map((role) => role.roleId); - - // Get all resources under this policy - const policyResources = await db - .select({ resourceId: resources.resourceId }) - .from(resources) - .where(eq(resources.resourcePolicyId, resourcePolicyId)); - - await db.transaction(async (trx) => { - // Delete existing role associations for this policy (excluding admin roles) - if (adminRoleIds.length > 0) { - await trx.delete(roleResources).where( - and( - eq(roleResources.resourcePolicyId, resourcePolicyId), - ne(roleResources.roleId, adminRoleIds[0]) - ) - ); - } else { - await trx - .delete(roleResources) - .where( - eq(roleResources.resourcePolicyId, resourcePolicyId) - ); - } - - // Insert new role associations for each resource under the policy - if (roleIds.length > 0 && policyResources.length > 0) { - await Promise.all( - policyResources.flatMap(({ resourceId }) => - roleIds.map((roleId) => - trx - .insert(roleResources) - .values({ roleId, resourceId, resourcePolicyId }) - .returning() - ) - ) - ); - } - - return response(res, { - data: {}, - success: true, - error: false, - message: "Roles set for resource policy successfully", - status: HttpCode.CREATED - }); - }); - } catch (error) { - logger.error(error); - return next( - createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") - ); - } -} diff --git a/server/routers/resource/setResourcePolicyUsers.ts b/server/routers/resource/setResourcePolicyUsers.ts deleted file mode 100644 index 8f18d93c8..000000000 --- a/server/routers/resource/setResourcePolicyUsers.ts +++ /dev/null @@ -1,124 +0,0 @@ -import { Request, Response, NextFunction } from "express"; -import { z } from "zod"; -import { db } from "@server/db"; -import { resourcePolicies, resources, userResources } from "@server/db"; -import response from "@server/lib/response"; -import HttpCode from "@server/types/HttpCode"; -import createHttpError from "http-errors"; -import logger from "@server/logger"; -import { fromError } from "zod-validation-error"; -import { eq } from "drizzle-orm"; -import { OpenAPITags, registry } from "@server/openApi"; - -const setResourcePolicyUsersBodySchema = z.strictObject({ - userIds: z.array(z.string()) -}); - -const setResourcePolicyUsersParamsSchema = z.strictObject({ - resourcePolicyId: z.string().transform(Number).pipe(z.int().positive()) -}); - -registry.registerPath({ - method: "post", - path: "/resource-policy/{resourcePolicyId}/users", - description: - "Set users for a resource policy. This will replace all existing users across all resources under this policy.", - tags: [OpenAPITags.Resource, OpenAPITags.User], - request: { - params: setResourcePolicyUsersParamsSchema, - body: { - content: { - "application/json": { - schema: setResourcePolicyUsersBodySchema - } - } - } - }, - responses: {} -}); - -export async function setResourcePolicyUsers( - req: Request, - res: Response, - next: NextFunction -): Promise { - try { - const parsedBody = setResourcePolicyUsersBodySchema.safeParse(req.body); - if (!parsedBody.success) { - return next( - createHttpError( - HttpCode.BAD_REQUEST, - fromError(parsedBody.error).toString() - ) - ); - } - - const { userIds } = parsedBody.data; - - const parsedParams = setResourcePolicyUsersParamsSchema.safeParse( - req.params - ); - if (!parsedParams.success) { - return next( - createHttpError( - HttpCode.BAD_REQUEST, - fromError(parsedParams.error).toString() - ) - ); - } - - const { resourcePolicyId } = parsedParams.data; - - const [policy] = await db - .select() - .from(resourcePolicies) - .where(eq(resourcePolicies.resourcePolicyId, resourcePolicyId)) - .limit(1); - - if (!policy) { - return next( - createHttpError(HttpCode.NOT_FOUND, "Resource policy not found") - ); - } - - // Get all resources under this policy - const policyResources = await db - .select({ resourceId: resources.resourceId }) - .from(resources) - .where(eq(resources.resourcePolicyId, resourcePolicyId)); - - await db.transaction(async (trx) => { - // Delete existing user associations for this policy - await trx - .delete(userResources) - .where(eq(userResources.resourcePolicyId, resourcePolicyId)); - - // Insert new user associations for each resource under the policy - if (userIds.length > 0 && policyResources.length > 0) { - await Promise.all( - policyResources.flatMap(({ resourceId }) => - userIds.map((userId) => - trx - .insert(userResources) - .values({ userId, resourceId, resourcePolicyId }) - .returning() - ) - ) - ); - } - - return response(res, { - data: {}, - success: true, - error: false, - message: "Users set for resource policy successfully", - status: HttpCode.CREATED - }); - }); - } catch (error) { - logger.error(error); - return next( - createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") - ); - } -} diff --git a/server/routers/resource/setResourceRoles.ts b/server/routers/resource/setResourceRoles.ts index 751fe4f91..ff3cd7377 100644 --- a/server/routers/resource/setResourceRoles.ts +++ b/server/routers/resource/setResourceRoles.ts @@ -23,7 +23,7 @@ registry.registerPath({ path: "/resource/{resourceId}/roles", description: "Set roles for a resource. This will replace all existing roles.", - tags: [OpenAPITags.Resource, OpenAPITags.Role], + tags: [OpenAPITags.PublicResource, OpenAPITags.Role], request: { params: setResourceRolesParamsSchema, body: { diff --git a/server/routers/resource/setResourceUsers.ts b/server/routers/resource/setResourceUsers.ts index 5ddceb8f0..46b5d1523 100644 --- a/server/routers/resource/setResourceUsers.ts +++ b/server/routers/resource/setResourceUsers.ts @@ -23,7 +23,7 @@ registry.registerPath({ path: "/resource/{resourceId}/users", description: "Set users for a resource. This will replace all existing users.", - tags: [OpenAPITags.Resource, OpenAPITags.User], + tags: [OpenAPITags.PublicResource, OpenAPITags.User], request: { params: setUserResourcesParamsSchema, body: { diff --git a/server/routers/resource/setResourceWhitelist.ts b/server/routers/resource/setResourceWhitelist.ts index 18f612f24..aa5dc8cdb 100644 --- a/server/routers/resource/setResourceWhitelist.ts +++ b/server/routers/resource/setResourceWhitelist.ts @@ -32,7 +32,7 @@ registry.registerPath({ path: "/resource/{resourceId}/whitelist", description: "Set email whitelist for a resource. This will replace all existing emails.", - tags: [OpenAPITags.Resource], + tags: [OpenAPITags.PublicResource], request: { params: setResourceWhitelistParamsSchema, body: { diff --git a/server/routers/resource/updateResource.ts b/server/routers/resource/updateResource.ts index 4a3e65fa1..42e2849f6 100644 --- a/server/routers/resource/updateResource.ts +++ b/server/routers/resource/updateResource.ts @@ -101,6 +101,49 @@ const updateHttpResourceBodySchema = z { error: "Invalid custom Host Header value. Use domain name format, or save empty to unset custom Host Header." } + ) + .refine( + (data) => { + if (data.headers) { + // HTTP header names must be valid token characters (RFC 7230) + const validHeaderName = /^[a-zA-Z0-9!#$%&'*+\-.^_`|~]+$/; + return data.headers.every((h) => validHeaderName.test(h.name)); + } + return true; + }, + { + error: "Header names may only contain valid HTTP token characters (letters, digits, and !#$%&'*+-.^_`|~)." + } + ) + .refine( + (data) => { + if (data.headers) { + // HTTP header values must be visible ASCII or horizontal whitespace, no control chars (RFC 7230) + const validHeaderValue = /^[\t\x20-\x7E]*$/; + return data.headers.every((h) => validHeaderValue.test(h.value)); + } + return true; + }, + { + error: "Header values may only contain printable ASCII characters and horizontal whitespace." + } + ) + .refine( + (data) => { + if (data.headers) { + // Reject Traefik template syntax {{word}} in names or values + const templatePattern = /\{\{[^}]+\}\}/; + return data.headers.every( + (h) => + !templatePattern.test(h.name) && + !templatePattern.test(h.value) + ); + } + return true; + }, + { + error: "Header names and values must not contain template expressions such as {{value}}." + } ); export type UpdateResourceResponse = Resource; @@ -136,7 +179,7 @@ registry.registerPath({ method: "post", path: "/resource/{resourceId}", description: "Update a resource.", - tags: [OpenAPITags.Resource], + tags: [OpenAPITags.PublicResource], request: { params: updateResourceParamsSchema, body: { diff --git a/server/routers/resource/updateResourceRule.ts b/server/routers/resource/updateResourceRule.ts index b443bd1c2..3e8f395dd 100644 --- a/server/routers/resource/updateResourceRule.ts +++ b/server/routers/resource/updateResourceRule.ts @@ -38,7 +38,7 @@ registry.registerPath({ method: "post", path: "/resource/{resourceId}/rule/{ruleId}", description: "Update a resource rule.", - tags: [OpenAPITags.Resource, OpenAPITags.Rule], + tags: [OpenAPITags.PublicResource, OpenAPITags.Rule], request: { params: updateResourceRuleParamsSchema, body: { diff --git a/server/routers/role/createRole.ts b/server/routers/role/createRole.ts index e732b4054..1fad18d72 100644 --- a/server/routers/role/createRole.ts +++ b/server/routers/role/createRole.ts @@ -45,7 +45,7 @@ registry.registerPath({ method: "put", path: "/org/{orgId}/role", description: "Create a role.", - tags: [OpenAPITags.Org, OpenAPITags.Role], + tags: [OpenAPITags.Role], request: { params: createRoleParamsSchema, body: { diff --git a/server/routers/role/listRoles.ts b/server/routers/role/listRoles.ts index d4cb580f2..f1b057a11 100644 --- a/server/routers/role/listRoles.ts +++ b/server/routers/role/listRoles.ts @@ -7,7 +7,7 @@ import { and, eq, inArray, sql } from "drizzle-orm"; import { ActionsEnum } from "@server/auth/actions"; import { NextFunction, Request, Response } from "express"; import createHttpError from "http-errors"; -import { z } from "zod"; +import { object, z } from "zod"; import { fromError } from "zod-validation-error"; const listRolesParamsSchema = z.strictObject({ @@ -64,7 +64,7 @@ registry.registerPath({ method: "get", path: "/org/{orgId}/roles", description: "List roles.", - tags: [OpenAPITags.Org, OpenAPITags.Role], + tags: [OpenAPITags.Role], request: { params: listRolesParamsSchema, query: listRolesSchema diff --git a/server/routers/site/createSite.ts b/server/routers/site/createSite.ts index ea4bc3e85..cc63a2e9b 100644 --- a/server/routers/site/createSite.ts +++ b/server/routers/site/createSite.ts @@ -58,7 +58,7 @@ registry.registerPath({ method: "put", path: "/org/{orgId}/site", description: "Create a new site.", - tags: [OpenAPITags.Site, OpenAPITags.Org], + tags: [OpenAPITags.Site], request: { params: createSiteParamsSchema, body: { @@ -292,7 +292,7 @@ export async function createSite( if (type == "newt") { [newSite] = await trx .insert(sites) - .values({ + .values({ // NOTE: NO SUBNET OR EXIT NODE ID PASSED IN HERE BECAUSE ITS NOW CHOSEN ON CONNECT orgId, name, niceId, diff --git a/server/routers/site/getSite.ts b/server/routers/site/getSite.ts index c82bf1999..45d49abe6 100644 --- a/server/routers/site/getSite.ts +++ b/server/routers/site/getSite.ts @@ -51,7 +51,7 @@ registry.registerPath({ path: "/org/{orgId}/site/{niceId}", description: "Get a site by orgId and niceId. NiceId is a readable ID for the site and unique on a per org basis.", - tags: [OpenAPITags.Org, OpenAPITags.Site], + tags: [OpenAPITags.Site], request: { params: z.object({ orgId: z.string(), diff --git a/server/routers/site/listSites.ts b/server/routers/site/listSites.ts index 103187b7a..9ff7a6933 100644 --- a/server/routers/site/listSites.ts +++ b/server/routers/site/listSites.ts @@ -180,7 +180,7 @@ registry.registerPath({ method: "get", path: "/org/{orgId}/sites", description: "List all sites in an organization", - tags: [OpenAPITags.Org, OpenAPITags.Site], + tags: [OpenAPITags.Site], request: { params: listSitesParamsSchema, query: listSitesSchema diff --git a/server/routers/site/pickSiteDefaults.ts b/server/routers/site/pickSiteDefaults.ts index 69ed76886..f5e95ca10 100644 --- a/server/routers/site/pickSiteDefaults.ts +++ b/server/routers/site/pickSiteDefaults.ts @@ -35,7 +35,7 @@ registry.registerPath({ path: "/org/{orgId}/pick-site-defaults", description: "Return pre-requisite data for creating a site, such as the exit node, subnet, Newt credentials, etc.", - tags: [OpenAPITags.Org, OpenAPITags.Site], + tags: [OpenAPITags.Site], request: { params: z.object({ orgId: z.string() diff --git a/server/routers/siteResource/addClientToSiteResource.ts b/server/routers/siteResource/addClientToSiteResource.ts index 27d7f0573..4a67df94f 100644 --- a/server/routers/siteResource/addClientToSiteResource.ts +++ b/server/routers/siteResource/addClientToSiteResource.ts @@ -30,7 +30,7 @@ registry.registerPath({ path: "/site-resource/{siteResourceId}/clients/add", description: "Add a single client to a site resource. Clients with a userId cannot be added.", - tags: [OpenAPITags.Resource, OpenAPITags.Client], + tags: [OpenAPITags.PrivateResource, OpenAPITags.Client], request: { params: addClientToSiteResourceParamsSchema, body: { diff --git a/server/routers/siteResource/addRoleToSiteResource.ts b/server/routers/siteResource/addRoleToSiteResource.ts index abc2d221e..f6501463b 100644 --- a/server/routers/siteResource/addRoleToSiteResource.ts +++ b/server/routers/siteResource/addRoleToSiteResource.ts @@ -30,7 +30,7 @@ registry.registerPath({ method: "post", path: "/site-resource/{siteResourceId}/roles/add", description: "Add a single role to a site resource.", - tags: [OpenAPITags.Resource, OpenAPITags.Role], + tags: [OpenAPITags.PrivateResource, OpenAPITags.Role], request: { params: addRoleToSiteResourceParamsSchema, body: { diff --git a/server/routers/siteResource/addUserToSiteResource.ts b/server/routers/siteResource/addUserToSiteResource.ts index 4edf741cd..68151077c 100644 --- a/server/routers/siteResource/addUserToSiteResource.ts +++ b/server/routers/siteResource/addUserToSiteResource.ts @@ -30,7 +30,7 @@ registry.registerPath({ method: "post", path: "/site-resource/{siteResourceId}/users/add", description: "Add a single user to a site resource.", - tags: [OpenAPITags.Resource, OpenAPITags.User], + tags: [OpenAPITags.PrivateResource, OpenAPITags.User], request: { params: addUserToSiteResourceParamsSchema, body: { diff --git a/server/routers/siteResource/createSiteResource.ts b/server/routers/siteResource/createSiteResource.ts index bbdc3638d..b9494776e 100644 --- a/server/routers/siteResource/createSiteResource.ts +++ b/server/routers/siteResource/createSiteResource.ts @@ -114,7 +114,7 @@ registry.registerPath({ method: "put", path: "/org/{orgId}/site-resource", description: "Create a new site resource.", - tags: [OpenAPITags.Client, OpenAPITags.Org], + tags: [OpenAPITags.PrivateResource], request: { params: createSiteResourceParamsSchema, body: { diff --git a/server/routers/siteResource/deleteSiteResource.ts b/server/routers/siteResource/deleteSiteResource.ts index 336c5080d..5b50b0ea3 100644 --- a/server/routers/siteResource/deleteSiteResource.ts +++ b/server/routers/siteResource/deleteSiteResource.ts @@ -23,7 +23,7 @@ registry.registerPath({ method: "delete", path: "/site-resource/{siteResourceId}", description: "Delete a site resource.", - tags: [OpenAPITags.Client, OpenAPITags.Org], + tags: [OpenAPITags.PrivateResource], request: { params: deleteSiteResourceParamsSchema }, diff --git a/server/routers/siteResource/getSiteResource.ts b/server/routers/siteResource/getSiteResource.ts index f97a5e22f..be28d36e4 100644 --- a/server/routers/siteResource/getSiteResource.ts +++ b/server/routers/siteResource/getSiteResource.ts @@ -65,7 +65,7 @@ registry.registerPath({ method: "get", path: "/site-resource/{siteResourceId}", description: "Get a specific site resource by siteResourceId.", - tags: [OpenAPITags.Client, OpenAPITags.Org], + tags: [OpenAPITags.PrivateResource], request: { params: z.object({ siteResourceId: z.number(), @@ -80,7 +80,7 @@ registry.registerPath({ method: "get", path: "/org/{orgId}/site/{siteId}/resource/nice/{niceId}", description: "Get a specific site resource by niceId.", - tags: [OpenAPITags.Client, OpenAPITags.Org], + tags: [OpenAPITags.PrivateResource], request: { params: z.object({ niceId: z.string(), diff --git a/server/routers/siteResource/listAllSiteResourcesByOrg.ts b/server/routers/siteResource/listAllSiteResourcesByOrg.ts index 110bf2234..3320aa3b7 100644 --- a/server/routers/siteResource/listAllSiteResourcesByOrg.ts +++ b/server/routers/siteResource/listAllSiteResourcesByOrg.ts @@ -112,7 +112,7 @@ registry.registerPath({ method: "get", path: "/org/{orgId}/site-resources", description: "List all site resources for an organization.", - tags: [OpenAPITags.Client, OpenAPITags.Org], + tags: [OpenAPITags.PrivateResource], request: { params: listAllSiteResourcesByOrgParamsSchema, query: listAllSiteResourcesByOrgQuerySchema diff --git a/server/routers/siteResource/listSiteResourceClients.ts b/server/routers/siteResource/listSiteResourceClients.ts index 772750d16..867e66b49 100644 --- a/server/routers/siteResource/listSiteResourceClients.ts +++ b/server/routers/siteResource/listSiteResourceClients.ts @@ -39,7 +39,7 @@ registry.registerPath({ method: "get", path: "/site-resource/{siteResourceId}/clients", description: "List all clients for a site resource.", - tags: [OpenAPITags.Resource, OpenAPITags.Client], + tags: [OpenAPITags.PrivateResource, OpenAPITags.Client], request: { params: listSiteResourceClientsSchema }, diff --git a/server/routers/siteResource/listSiteResourceRoles.ts b/server/routers/siteResource/listSiteResourceRoles.ts index 0dc5913b6..679a93f7e 100644 --- a/server/routers/siteResource/listSiteResourceRoles.ts +++ b/server/routers/siteResource/listSiteResourceRoles.ts @@ -40,7 +40,7 @@ registry.registerPath({ method: "get", path: "/site-resource/{siteResourceId}/roles", description: "List all roles for a site resource.", - tags: [OpenAPITags.Resource, OpenAPITags.Role], + tags: [OpenAPITags.PrivateResource, OpenAPITags.Role], request: { params: listSiteResourceRolesSchema }, diff --git a/server/routers/siteResource/listSiteResourceUsers.ts b/server/routers/siteResource/listSiteResourceUsers.ts index daf754801..e50d8684e 100644 --- a/server/routers/siteResource/listSiteResourceUsers.ts +++ b/server/routers/siteResource/listSiteResourceUsers.ts @@ -43,7 +43,7 @@ registry.registerPath({ method: "get", path: "/site-resource/{siteResourceId}/users", description: "List all users for a site resource.", - tags: [OpenAPITags.Resource, OpenAPITags.User], + tags: [OpenAPITags.PrivateResource, OpenAPITags.User], request: { params: listSiteResourceUsersSchema }, diff --git a/server/routers/siteResource/listSiteResources.ts b/server/routers/siteResource/listSiteResources.ts index 648931647..358aa0497 100644 --- a/server/routers/siteResource/listSiteResources.ts +++ b/server/routers/siteResource/listSiteResources.ts @@ -58,7 +58,7 @@ registry.registerPath({ method: "get", path: "/org/{orgId}/site/{siteId}/resources", description: "List site resources for a site.", - tags: [OpenAPITags.Client, OpenAPITags.Org], + tags: [OpenAPITags.PrivateResource], request: { params: listSiteResourcesParamsSchema, query: listSiteResourcesQuerySchema diff --git a/server/routers/siteResource/removeClientFromSiteResource.ts b/server/routers/siteResource/removeClientFromSiteResource.ts index 351128d18..51e54dd92 100644 --- a/server/routers/siteResource/removeClientFromSiteResource.ts +++ b/server/routers/siteResource/removeClientFromSiteResource.ts @@ -30,7 +30,7 @@ registry.registerPath({ path: "/site-resource/{siteResourceId}/clients/remove", description: "Remove a single client from a site resource. Clients with a userId cannot be removed.", - tags: [OpenAPITags.Resource, OpenAPITags.Client], + tags: [OpenAPITags.PrivateResource, OpenAPITags.Client], request: { params: removeClientFromSiteResourceParamsSchema, body: { diff --git a/server/routers/siteResource/removeRoleFromSiteResource.ts b/server/routers/siteResource/removeRoleFromSiteResource.ts index c9857e841..19478ed0f 100644 --- a/server/routers/siteResource/removeRoleFromSiteResource.ts +++ b/server/routers/siteResource/removeRoleFromSiteResource.ts @@ -30,7 +30,7 @@ registry.registerPath({ method: "post", path: "/site-resource/{siteResourceId}/roles/remove", description: "Remove a single role from a site resource.", - tags: [OpenAPITags.Resource, OpenAPITags.Role], + tags: [OpenAPITags.PrivateResource, OpenAPITags.Role], request: { params: removeRoleFromSiteResourceParamsSchema, body: { diff --git a/server/routers/siteResource/removeUserFromSiteResource.ts b/server/routers/siteResource/removeUserFromSiteResource.ts index 84347b2f6..70bb5e22e 100644 --- a/server/routers/siteResource/removeUserFromSiteResource.ts +++ b/server/routers/siteResource/removeUserFromSiteResource.ts @@ -30,7 +30,7 @@ registry.registerPath({ method: "post", path: "/site-resource/{siteResourceId}/users/remove", description: "Remove a single user from a site resource.", - tags: [OpenAPITags.Resource, OpenAPITags.User], + tags: [OpenAPITags.PrivateResource, OpenAPITags.User], request: { params: removeUserFromSiteResourceParamsSchema, body: { diff --git a/server/routers/siteResource/setSiteResourceClients.ts b/server/routers/siteResource/setSiteResourceClients.ts index 5a8acbcf5..7aff3875f 100644 --- a/server/routers/siteResource/setSiteResourceClients.ts +++ b/server/routers/siteResource/setSiteResourceClients.ts @@ -30,7 +30,7 @@ registry.registerPath({ path: "/site-resource/{siteResourceId}/clients", description: "Set clients for a site resource. This will replace all existing clients. Clients with a userId cannot be added.", - tags: [OpenAPITags.Resource, OpenAPITags.Client], + tags: [OpenAPITags.PrivateResource, OpenAPITags.Client], request: { params: setSiteResourceClientsParamsSchema, body: { diff --git a/server/routers/siteResource/setSiteResourceRoles.ts b/server/routers/siteResource/setSiteResourceRoles.ts index bb71a16b6..a1ee80b40 100644 --- a/server/routers/siteResource/setSiteResourceRoles.ts +++ b/server/routers/siteResource/setSiteResourceRoles.ts @@ -31,7 +31,7 @@ registry.registerPath({ path: "/site-resource/{siteResourceId}/roles", description: "Set roles for a site resource. This will replace all existing roles.", - tags: [OpenAPITags.Resource, OpenAPITags.Role], + tags: [OpenAPITags.PrivateResource, OpenAPITags.Role], request: { params: setSiteResourceRolesParamsSchema, body: { diff --git a/server/routers/siteResource/setSiteResourceUsers.ts b/server/routers/siteResource/setSiteResourceUsers.ts index eacd826cc..109e8c429 100644 --- a/server/routers/siteResource/setSiteResourceUsers.ts +++ b/server/routers/siteResource/setSiteResourceUsers.ts @@ -31,7 +31,7 @@ registry.registerPath({ path: "/site-resource/{siteResourceId}/users", description: "Set users for a site resource. This will replace all existing users.", - tags: [OpenAPITags.Resource, OpenAPITags.User], + tags: [OpenAPITags.PrivateResource, OpenAPITags.User], request: { params: setSiteResourceUsersParamsSchema, body: { diff --git a/server/routers/siteResource/updateSiteResource.ts b/server/routers/siteResource/updateSiteResource.ts index 242b92265..b748e26d3 100644 --- a/server/routers/siteResource/updateSiteResource.ts +++ b/server/routers/siteResource/updateSiteResource.ts @@ -121,7 +121,7 @@ registry.registerPath({ method: "post", path: "/site-resource/{siteResourceId}", description: "Update a site resource.", - tags: [OpenAPITags.Client, OpenAPITags.Org], + tags: [OpenAPITags.PrivateResource], request: { params: updateSiteResourceParamsSchema, body: { diff --git a/server/routers/target/createTarget.ts b/server/routers/target/createTarget.ts index 5d37f6173..47495cbbc 100644 --- a/server/routers/target/createTarget.ts +++ b/server/routers/target/createTarget.ts @@ -58,7 +58,7 @@ registry.registerPath({ method: "put", path: "/resource/{resourceId}/target", description: "Create a target for a resource.", - tags: [OpenAPITags.Resource, OpenAPITags.Target], + tags: [OpenAPITags.PublicResource, OpenAPITags.Target], request: { params: createTargetParamsSchema, body: { diff --git a/server/routers/target/listTargets.ts b/server/routers/target/listTargets.ts index 11a23f025..e4ef45f3b 100644 --- a/server/routers/target/listTargets.ts +++ b/server/routers/target/listTargets.ts @@ -88,7 +88,7 @@ registry.registerPath({ method: "get", path: "/resource/{resourceId}/targets", description: "List targets for a resource.", - tags: [OpenAPITags.Resource, OpenAPITags.Target], + tags: [OpenAPITags.PublicResource, OpenAPITags.Target], request: { params: listTargetsParamsSchema, query: listTargetsSchema diff --git a/server/routers/user/createOrgUser.ts b/server/routers/user/createOrgUser.ts index b39ea22e2..3b8e70f7a 100644 --- a/server/routers/user/createOrgUser.ts +++ b/server/routers/user/createOrgUser.ts @@ -37,7 +37,7 @@ registry.registerPath({ method: "put", path: "/org/{orgId}/user", description: "Create an organization user.", - tags: [OpenAPITags.User, OpenAPITags.Org], + tags: [OpenAPITags.User], request: { params: paramsSchema, body: { diff --git a/server/routers/user/getOrgUser.ts b/server/routers/user/getOrgUser.ts index c0a990eeb..b117ca569 100644 --- a/server/routers/user/getOrgUser.ts +++ b/server/routers/user/getOrgUser.ts @@ -55,7 +55,7 @@ registry.registerPath({ method: "get", path: "/org/{orgId}/user/{userId}", description: "Get a user in an organization.", - tags: [OpenAPITags.Org, OpenAPITags.User], + tags: [OpenAPITags.User], request: { params: getOrgUserParamsSchema }, diff --git a/server/routers/user/getOrgUserByUsername.ts b/server/routers/user/getOrgUserByUsername.ts index b047fdc06..a6a764a54 100644 --- a/server/routers/user/getOrgUserByUsername.ts +++ b/server/routers/user/getOrgUserByUsername.ts @@ -35,7 +35,7 @@ registry.registerPath({ path: "/org/{orgId}/user-by-username", description: "Get a user in an organization by username. When idpId is not passed, only internal users are searched (username is globally unique for them). For external (OIDC) users, pass idpId to search by username within that identity provider.", - tags: [OpenAPITags.Org, OpenAPITags.User], + tags: [OpenAPITags.User], request: { params: getOrgUserByUsernameParamsSchema, query: getOrgUserByUsernameQuerySchema diff --git a/server/routers/user/inviteUser.ts b/server/routers/user/inviteUser.ts index b7fe615a9..06d9512fb 100644 --- a/server/routers/user/inviteUser.ts +++ b/server/routers/user/inviteUser.ts @@ -44,7 +44,7 @@ registry.registerPath({ method: "post", path: "/org/{orgId}/create-invite", description: "Invite a user to join an organization.", - tags: [OpenAPITags.Org], + tags: [OpenAPITags.Invitation], request: { params: inviteUserParamsSchema, body: { diff --git a/server/routers/user/listInvitations.ts b/server/routers/user/listInvitations.ts index 4289b877f..2733c8395 100644 --- a/server/routers/user/listInvitations.ts +++ b/server/routers/user/listInvitations.ts @@ -54,7 +54,7 @@ registry.registerPath({ method: "get", path: "/org/{orgId}/invitations", description: "List invitations in an organization.", - tags: [OpenAPITags.Org, OpenAPITags.Invitation], + tags: [OpenAPITags.Invitation], request: { params: listInvitationsParamsSchema, query: listInvitationsQuerySchema diff --git a/server/routers/user/listUsers.ts b/server/routers/user/listUsers.ts index 401dcf58b..40ca7ef2f 100644 --- a/server/routers/user/listUsers.ts +++ b/server/routers/user/listUsers.ts @@ -69,7 +69,7 @@ registry.registerPath({ method: "get", path: "/org/{orgId}/users", description: "List users in an organization.", - tags: [OpenAPITags.Org, OpenAPITags.User], + tags: [OpenAPITags.User], request: { params: listUsersParamsSchema, query: listUsersSchema diff --git a/server/routers/user/removeInvitation.ts b/server/routers/user/removeInvitation.ts index ab6a96d20..0f76fd30c 100644 --- a/server/routers/user/removeInvitation.ts +++ b/server/routers/user/removeInvitation.ts @@ -19,7 +19,7 @@ registry.registerPath({ method: "delete", path: "/org/{orgId}/invitations/{inviteId}", description: "Remove an open invitation from an organization", - tags: [OpenAPITags.Org], + tags: [OpenAPITags.Invitation], request: { params: removeInvitationParamsSchema }, diff --git a/server/routers/user/removeUserOrg.ts b/server/routers/user/removeUserOrg.ts index 4c321ad38..3c86a03c5 100644 --- a/server/routers/user/removeUserOrg.ts +++ b/server/routers/user/removeUserOrg.ts @@ -33,7 +33,7 @@ registry.registerPath({ method: "delete", path: "/org/{orgId}/user/{userId}", description: "Remove a user from an organization.", - tags: [OpenAPITags.Org, OpenAPITags.User], + tags: [OpenAPITags.User], request: { params: removeUserSchema }, diff --git a/server/routers/user/updateOrgUser.ts b/server/routers/user/updateOrgUser.ts index 97bedb5f9..a95c3fb5e 100644 --- a/server/routers/user/updateOrgUser.ts +++ b/server/routers/user/updateOrgUser.ts @@ -26,7 +26,7 @@ registry.registerPath({ method: "post", path: "/org/{orgId}/user/{userId}", description: "Update a user in an org.", - tags: [OpenAPITags.Org, OpenAPITags.User], + tags: [OpenAPITags.Org], request: { params: paramsSchema, body: { diff --git a/src/app/[orgId]/settings/resources/proxy/create/page.tsx b/src/app/[orgId]/settings/resources/proxy/create/page.tsx index 47f24cd9b..ff51a311b 100644 --- a/src/app/[orgId]/settings/resources/proxy/create/page.tsx +++ b/src/app/[orgId]/settings/resources/proxy/create/page.tsx @@ -61,6 +61,7 @@ import { DockerManager, DockerState } from "@app/lib/docker"; import { orgQueries } from "@app/lib/queries"; import { finalizeSubdomainSanitize } from "@app/lib/subdomain-utils"; import { zodResolver } from "@hookform/resolvers/zod"; +import { build } from "@server/build"; import { Resource } from "@server/db"; import { isTargetValid } from "@server/lib/validators"; import { ListTargetsResponse } from "@server/routers/target"; @@ -292,7 +293,7 @@ export default function Page() { { id: "raw" as ResourceType, title: t("resourceRaw"), - description: t("resourceRawDescription") + description: build == "saas" ? t("resourceRawDescriptionCloud") : t("resourceRawDescription") } ]) ]; diff --git a/src/components/ContainersSelector.tsx b/src/components/ContainersSelector.tsx index 5a0f49f99..d4ba6c437 100644 --- a/src/components/ContainersSelector.tsx +++ b/src/components/ContainersSelector.tsx @@ -171,8 +171,7 @@ const DockerContainersTable: FC<{ ...Object.values(container.networks) .map((n) => n.ipAddress) .filter(Boolean), - ...getExposedPorts(container).map((p) => p.toString()), - ...Object.entries(container.labels).flat() + ...getExposedPorts(container).map((p) => p.toString()) ]; return searchableFields.some((field) => diff --git a/src/components/newt-install-commands.tsx b/src/components/newt-install-commands.tsx index 5a252f0d5..ba0363e3b 100644 --- a/src/components/newt-install-commands.tsx +++ b/src/components/newt-install-commands.tsx @@ -101,6 +101,7 @@ export function NewtSiteInstallCommands({ `helm install newt fossorial/newt \\ --create-namespace \\ --set newtInstances[0].name="main-tunnel" \\ + --set newtInstances[0].enabled=true \\ --set-string newtInstances[0].auth.keys.endpointKey="${endpoint}" \\ --set-string newtInstances[0].auth.keys.idKey="${id}" \\ --set-string newtInstances[0].auth.keys.secretKey="${secret}"` @@ -185,59 +186,72 @@ WantedBy=default.target` className="mt-4" /> -
-

- {t("siteConfiguration")} -

-
- { - const value = checked as boolean; - setAcceptClients(value); - }} - label={t("siteAcceptClientConnections")} - /> -
-

- {t("siteAcceptClientConnectionsDescription")} -

+
+

{t("siteConfiguration")}

+
+ { + const value = checked as boolean; + setAcceptClients(value); + }} + label={t("siteAcceptClientConnections")} + />
+

+ {t("siteAcceptClientConnectionsDescription")} +

+
-
-

{t("commands")}

-
- {commands.map((item, index) => { - const commandText = - typeof item === "string" - ? item - : item.command; - const title = - typeof item === "string" - ? undefined - : item.title; +
+

{t("commands")}

+ {platform === "kubernetes" && ( +

+ For more and up to date Kubernetes installation + information, see{" "} + + docs.pangolin.net/manage/sites/install-kubernetes + + . +

+ )} +
+ {commands.map((item, index) => { + const commandText = + typeof item === "string" ? item : item.command; + const title = + typeof item === "string" + ? undefined + : item.title; - return ( -
- {title && ( -

- {title} -

- )} - -
- ); - })} -
+ const key = `${title ?? ""}::${commandText}`; + + return ( +
+ {title && ( +

+ {title} +

+ )} + +
+ ); + })}
+
);