mirror of
https://github.com/fosrl/pangolin.git
synced 2026-05-17 14:34:42 +00:00
✨ use resource policies for auth check
This commit is contained in:
Fred KISSIE
@@ -1,9 +1,9 @@
|
|||||||
import {
|
import {
|
||||||
db,
|
db,
|
||||||
resourceHeaderAuth,
|
resourcePolicies,
|
||||||
resourceHeaderAuthExtendedCompatibility,
|
resourcePolicyHeaderAuth,
|
||||||
resourcePassword,
|
resourcePolicyPassword,
|
||||||
resourcePincode,
|
resourcePolicyPincode,
|
||||||
resources,
|
resources,
|
||||||
roleResources,
|
roleResources,
|
||||||
targetHealthCheck,
|
targetHealthCheck,
|
||||||
@@ -169,38 +169,54 @@ function queryResourcesBase() {
|
|||||||
name: resources.name,
|
name: resources.name,
|
||||||
ssl: resources.ssl,
|
ssl: resources.ssl,
|
||||||
fullDomain: resources.fullDomain,
|
fullDomain: resources.fullDomain,
|
||||||
passwordId: resourcePassword.passwordId,
|
passwordId: resourcePolicyPassword.passwordId,
|
||||||
sso: resources.sso,
|
sso: resourcePolicies.sso,
|
||||||
pincodeId: resourcePincode.pincodeId,
|
pincodeId: resourcePolicyPincode.pincodeId,
|
||||||
whitelist: resources.emailWhitelistEnabled,
|
whitelist: resourcePolicies.emailWhitelistEnabled,
|
||||||
http: resources.http,
|
http: resources.http,
|
||||||
protocol: resources.protocol,
|
protocol: resources.protocol,
|
||||||
proxyPort: resources.proxyPort,
|
proxyPort: resources.proxyPort,
|
||||||
enabled: resources.enabled,
|
enabled: resources.enabled,
|
||||||
domainId: resources.domainId,
|
domainId: resources.domainId,
|
||||||
niceId: resources.niceId,
|
niceId: resources.niceId,
|
||||||
headerAuthId: resourceHeaderAuth.headerAuthId,
|
headerAuthId: resourcePolicyHeaderAuth.headerAuthId,
|
||||||
headerAuthExtendedCompatibilityId:
|
headerAuthExtendedCompatibility:
|
||||||
resourceHeaderAuthExtendedCompatibility.headerAuthExtendedCompatibilityId
|
resourcePolicyHeaderAuth.extendedCompatibility
|
||||||
})
|
})
|
||||||
.from(resources)
|
.from(resources)
|
||||||
.leftJoin(
|
.leftJoin(
|
||||||
resourcePassword,
|
resourcePolicies,
|
||||||
eq(resourcePassword.resourceId, resources.resourceId)
|
or(
|
||||||
|
eq(
|
||||||
|
resourcePolicies.resourcePolicyId,
|
||||||
|
resources.resourcePolicyId
|
||||||
|
),
|
||||||
|
eq(
|
||||||
|
resourcePolicies.resourcePolicyId,
|
||||||
|
resources.defaultResourcePolicyId
|
||||||
|
)
|
||||||
|
)
|
||||||
)
|
)
|
||||||
|
|
||||||
.leftJoin(
|
.leftJoin(
|
||||||
resourcePincode,
|
resourcePolicyPassword,
|
||||||
eq(resourcePincode.resourceId, resources.resourceId)
|
|
||||||
)
|
|
||||||
.leftJoin(
|
|
||||||
resourceHeaderAuth,
|
|
||||||
eq(resourceHeaderAuth.resourceId, resources.resourceId)
|
|
||||||
)
|
|
||||||
.leftJoin(
|
|
||||||
resourceHeaderAuthExtendedCompatibility,
|
|
||||||
eq(
|
eq(
|
||||||
resourceHeaderAuthExtendedCompatibility.resourceId,
|
resourcePolicyPassword.resourcePolicyId,
|
||||||
resources.resourceId
|
resourcePolicies.resourcePolicyId
|
||||||
|
)
|
||||||
|
)
|
||||||
|
.leftJoin(
|
||||||
|
resourcePolicyPincode,
|
||||||
|
eq(
|
||||||
|
resourcePolicyPincode.resourcePolicyId,
|
||||||
|
resourcePolicies.resourcePolicyId
|
||||||
|
)
|
||||||
|
)
|
||||||
|
.leftJoin(
|
||||||
|
resourcePolicyHeaderAuth,
|
||||||
|
eq(
|
||||||
|
resourcePolicyHeaderAuth.resourcePolicyId,
|
||||||
|
resourcePolicies.resourcePolicyId
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
.leftJoin(targets, eq(targets.resourceId, resources.resourceId))
|
.leftJoin(targets, eq(targets.resourceId, resources.resourceId))
|
||||||
@@ -210,10 +226,10 @@ function queryResourcesBase() {
|
|||||||
)
|
)
|
||||||
.groupBy(
|
.groupBy(
|
||||||
resources.resourceId,
|
resources.resourceId,
|
||||||
resourcePassword.passwordId,
|
resourcePolicies.resourcePolicyId,
|
||||||
resourcePincode.pincodeId,
|
resourcePolicyPassword.passwordId,
|
||||||
resourceHeaderAuth.headerAuthId,
|
resourcePolicyPincode.pincodeId,
|
||||||
resourceHeaderAuthExtendedCompatibility.headerAuthExtendedCompatibilityId
|
resourcePolicyHeaderAuth.headerAuthId
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -358,21 +374,21 @@ export async function listResources(
|
|||||||
case "protected":
|
case "protected":
|
||||||
conditions.push(
|
conditions.push(
|
||||||
or(
|
or(
|
||||||
eq(resources.sso, true),
|
eq(resourcePolicies.sso, true),
|
||||||
eq(resources.emailWhitelistEnabled, true),
|
eq(resourcePolicies.emailWhitelistEnabled, true),
|
||||||
not(isNull(resourceHeaderAuth.headerAuthId)),
|
not(isNull(resourcePolicyHeaderAuth.headerAuthId)),
|
||||||
not(isNull(resourcePincode.pincodeId)),
|
not(isNull(resourcePolicyPincode.pincodeId)),
|
||||||
not(isNull(resourcePassword.passwordId))
|
not(isNull(resourcePolicyPassword.passwordId))
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
break;
|
break;
|
||||||
case "not_protected":
|
case "not_protected":
|
||||||
conditions.push(
|
conditions.push(
|
||||||
not(eq(resources.sso, true)),
|
not(eq(resourcePolicies.sso, true)),
|
||||||
not(eq(resources.emailWhitelistEnabled, true)),
|
not(eq(resourcePolicies.emailWhitelistEnabled, true)),
|
||||||
isNull(resourceHeaderAuth.headerAuthId),
|
isNull(resourcePolicyHeaderAuth.headerAuthId),
|
||||||
isNull(resourcePincode.pincodeId),
|
isNull(resourcePolicyPincode.pincodeId),
|
||||||
isNull(resourcePassword.passwordId)
|
isNull(resourcePolicyPassword.passwordId)
|
||||||
);
|
);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@@ -468,9 +484,9 @@ export async function listResources(
|
|||||||
ssl: row.ssl,
|
ssl: row.ssl,
|
||||||
fullDomain: row.fullDomain,
|
fullDomain: row.fullDomain,
|
||||||
passwordId: row.passwordId,
|
passwordId: row.passwordId,
|
||||||
sso: row.sso,
|
sso: row.sso ?? false,
|
||||||
pincodeId: row.pincodeId,
|
pincodeId: row.pincodeId,
|
||||||
whitelist: row.whitelist,
|
whitelist: row.whitelist ?? false,
|
||||||
http: row.http,
|
http: row.http,
|
||||||
protocol: row.protocol,
|
protocol: row.protocol,
|
||||||
proxyPort: row.proxyPort,
|
proxyPort: row.proxyPort,
|
||||||
|
|||||||
Reference in New Issue
Block a user