diff --git a/server/private/routers/external.ts b/server/private/routers/external.ts index a7c927f2..36a29788 100644 --- a/server/private/routers/external.ts +++ b/server/private/routers/external.ts @@ -26,7 +26,6 @@ import { Router } from "express"; import { verifyOrgAccess, verifyUserHasAction, - verifyUserIsOrgOwner, verifyUserIsServerAdmin } from "@server/middlewares"; import { ActionsEnum } from "@server/auth/actions"; @@ -73,8 +72,8 @@ authenticated.put( verifyValidLicense, verifyOrgAccess, verifyUserHasAction(ActionsEnum.createIdp), + logActionAudit(ActionsEnum.createIdp), orgIdp.createOrgOidcIdp, - logActionAudit(ActionsEnum.createIdp) ); authenticated.post( @@ -83,8 +82,8 @@ authenticated.post( verifyOrgAccess, verifyIdpAccess, verifyUserHasAction(ActionsEnum.updateIdp), + logActionAudit(ActionsEnum.updateIdp), orgIdp.updateOrgOidcIdp, - logActionAudit(ActionsEnum.updateIdp) ); authenticated.delete( @@ -93,8 +92,8 @@ authenticated.delete( verifyOrgAccess, verifyIdpAccess, verifyUserHasAction(ActionsEnum.deleteIdp), + logActionAudit(ActionsEnum.deleteIdp), orgIdp.deleteOrgIdp, - logActionAudit(ActionsEnum.deleteIdp) ); authenticated.get( @@ -131,8 +130,8 @@ authenticated.post( verifyOrgAccess, verifyCertificateAccess, verifyUserHasAction(ActionsEnum.restartCertificate), + logActionAudit(ActionsEnum.restartCertificate), certificates.restartCertificate, - logActionAudit(ActionsEnum.restartCertificate) ); if (build === "saas") { @@ -157,16 +156,16 @@ if (build === "saas") { "/org/:orgId/billing/create-checkout-session", verifyOrgAccess, verifyUserHasAction(ActionsEnum.billing), + logActionAudit(ActionsEnum.billing), billing.createCheckoutSession, - logActionAudit(ActionsEnum.billing) ); authenticated.post( "/org/:orgId/billing/create-portal-session", verifyOrgAccess, verifyUserHasAction(ActionsEnum.billing), + logActionAudit(ActionsEnum.billing), billing.createPortalSession, - logActionAudit(ActionsEnum.billing) ); authenticated.get( @@ -213,8 +212,8 @@ authenticated.put( verifyValidLicense, verifyOrgAccess, verifyUserHasAction(ActionsEnum.createRemoteExitNode), + logActionAudit(ActionsEnum.createRemoteExitNode), remoteExitNode.createRemoteExitNode, - logActionAudit(ActionsEnum.createRemoteExitNode) ); authenticated.get( @@ -248,8 +247,8 @@ authenticated.delete( verifyOrgAccess, verifyRemoteExitNodeAccess, verifyUserHasAction(ActionsEnum.deleteRemoteExitNode), + logActionAudit(ActionsEnum.deleteRemoteExitNode), remoteExitNode.deleteRemoteExitNode, - logActionAudit(ActionsEnum.deleteRemoteExitNode) ); authenticated.put( @@ -257,8 +256,8 @@ authenticated.put( verifyValidLicense, verifyOrgAccess, verifyUserHasAction(ActionsEnum.createLoginPage), + logActionAudit(ActionsEnum.createLoginPage), loginPage.createLoginPage, - logActionAudit(ActionsEnum.createLoginPage) ); authenticated.post( @@ -267,8 +266,8 @@ authenticated.post( verifyOrgAccess, verifyLoginPageAccess, verifyUserHasAction(ActionsEnum.updateLoginPage), + logActionAudit(ActionsEnum.updateLoginPage), loginPage.updateLoginPage, - logActionAudit(ActionsEnum.updateLoginPage) ); authenticated.delete( @@ -277,8 +276,8 @@ authenticated.delete( verifyOrgAccess, verifyLoginPageAccess, verifyUserHasAction(ActionsEnum.deleteLoginPage), + logActionAudit(ActionsEnum.deleteLoginPage), loginPage.deleteLoginPage, - logActionAudit(ActionsEnum.deleteLoginPage) ); authenticated.get( diff --git a/server/private/routers/integration.ts b/server/private/routers/integration.ts index 00bc167a..21c74624 100644 --- a/server/private/routers/integration.ts +++ b/server/private/routers/integration.ts @@ -32,14 +32,14 @@ authenticated.post( `/org/:orgId/send-usage-notification`, verifyApiKeyIsRoot, // We are the only ones who can use root key so its fine verifyApiKeyHasAction(ActionsEnum.sendUsageNotification), + logActionAudit(ActionsEnum.sendUsageNotification), org.sendUsageNotification, - logActionAudit(ActionsEnum.sendUsageNotification) ); authenticated.delete( "/idp/:idpId", verifyApiKeyIsRoot, verifyApiKeyHasAction(ActionsEnum.deleteIdp), + logActionAudit(ActionsEnum.deleteIdp), orgIdp.deleteOrgIdp, - logActionAudit(ActionsEnum.deleteIdp) ); \ No newline at end of file diff --git a/server/routers/external.ts b/server/routers/external.ts index 55b98242..ecdfe352 100644 --- a/server/routers/external.ts +++ b/server/routers/external.ts @@ -76,8 +76,8 @@ authenticated.post( "/org/:orgId", verifyOrgAccess, verifyUserHasAction(ActionsEnum.updateOrg), + logActionAudit(ActionsEnum.updateOrg), org.updateOrg, - logActionAudit(ActionsEnum.updateOrg) ); if (build !== "saas") { @@ -86,8 +86,8 @@ if (build !== "saas") { verifyOrgAccess, verifyUserIsOrgOwner, verifyUserHasAction(ActionsEnum.deleteOrg), + logActionAudit(ActionsEnum.deleteOrg), org.deleteOrg, - logActionAudit(ActionsEnum.deleteOrg) ); } @@ -95,8 +95,8 @@ authenticated.put( "/org/:orgId/site", verifyOrgAccess, verifyUserHasAction(ActionsEnum.createSite), - site.createSite, - logActionAudit(ActionsEnum.createSite) + logActionAudit(ActionsEnum.createSite), + site.createSite ); authenticated.get( "/org/:orgId/sites", @@ -153,8 +153,8 @@ authenticated.put( verifyClientsEnabled, verifyOrgAccess, verifyUserHasAction(ActionsEnum.createClient), + logActionAudit(ActionsEnum.createClient), client.createClient, - logActionAudit(ActionsEnum.createClient) ); authenticated.delete( @@ -162,8 +162,8 @@ authenticated.delete( verifyClientsEnabled, verifyClientAccess, verifyUserHasAction(ActionsEnum.deleteClient), + logActionAudit(ActionsEnum.deleteClient), client.deleteClient, - logActionAudit(ActionsEnum.deleteClient) ); authenticated.post( @@ -171,8 +171,8 @@ authenticated.post( verifyClientsEnabled, verifyClientAccess, // this will check if the user has access to the client verifyUserHasAction(ActionsEnum.updateClient), // this will check if the user has permission to update the client + logActionAudit(ActionsEnum.updateClient), client.updateClient, - logActionAudit(ActionsEnum.updateClient) ); // authenticated.get( @@ -185,15 +185,15 @@ authenticated.post( "/site/:siteId", verifySiteAccess, verifyUserHasAction(ActionsEnum.updateSite), + logActionAudit(ActionsEnum.updateSite), site.updateSite, - logActionAudit(ActionsEnum.updateSite) ); authenticated.delete( "/site/:siteId", verifySiteAccess, verifyUserHasAction(ActionsEnum.deleteSite), + logActionAudit(ActionsEnum.deleteSite), site.deleteSite, - logActionAudit(ActionsEnum.deleteSite) ); // TODO: BREAK OUT THESE ACTIONS SO THEY ARE NOT ALL "getSite" @@ -214,14 +214,12 @@ authenticated.post( verifySiteAccess, verifyUserHasAction(ActionsEnum.getSite), site.checkDockerSocket, - // logActionAudit(ActionsEnum.getSite) ); authenticated.post( "/site/:siteId/docker/trigger", verifySiteAccess, verifyUserHasAction(ActionsEnum.getSite), site.triggerFetchContainers, - // logActionAudit(ActionsEnum.getSite) ); authenticated.get( "/site/:siteId/docker/containers", @@ -236,8 +234,8 @@ authenticated.put( verifyOrgAccess, verifySiteAccess, verifyUserHasAction(ActionsEnum.createSiteResource), + logActionAudit(ActionsEnum.createSiteResource), siteResource.createSiteResource, - logActionAudit(ActionsEnum.createSiteResource) ); authenticated.get( @@ -270,8 +268,8 @@ authenticated.post( verifySiteAccess, verifySiteResourceAccess, verifyUserHasAction(ActionsEnum.updateSiteResource), + logActionAudit(ActionsEnum.updateSiteResource), siteResource.updateSiteResource, - logActionAudit(ActionsEnum.updateSiteResource) ); authenticated.delete( @@ -280,16 +278,16 @@ authenticated.delete( verifySiteAccess, verifySiteResourceAccess, verifyUserHasAction(ActionsEnum.deleteSiteResource), + logActionAudit(ActionsEnum.deleteSiteResource), siteResource.deleteSiteResource, - logActionAudit(ActionsEnum.deleteSiteResource) ); authenticated.put( "/org/:orgId/resource", verifyOrgAccess, verifyUserHasAction(ActionsEnum.createResource), + logActionAudit(ActionsEnum.createResource), resource.createResource, - logActionAudit(ActionsEnum.createResource) ); authenticated.get( @@ -329,16 +327,16 @@ authenticated.delete( "/org/:orgId/invitations/:inviteId", verifyOrgAccess, verifyUserHasAction(ActionsEnum.removeInvitation), + logActionAudit(ActionsEnum.removeInvitation), user.removeInvitation, - logActionAudit(ActionsEnum.removeInvitation) ); authenticated.post( "/org/:orgId/create-invite", verifyOrgAccess, verifyUserHasAction(ActionsEnum.inviteUser), + logActionAudit(ActionsEnum.inviteUser), user.inviteUser, - logActionAudit(ActionsEnum.inviteUser) ); // maybe make this /invite/create instead unauthenticated.post("/invite/accept", user.acceptInvite); // this is supposed to be unauthenticated @@ -373,23 +371,23 @@ authenticated.post( "/resource/:resourceId", verifyResourceAccess, verifyUserHasAction(ActionsEnum.updateResource), + logActionAudit(ActionsEnum.updateResource), resource.updateResource, - logActionAudit(ActionsEnum.updateResource) ); authenticated.delete( "/resource/:resourceId", verifyResourceAccess, verifyUserHasAction(ActionsEnum.deleteResource), + logActionAudit(ActionsEnum.deleteResource), resource.deleteResource, - logActionAudit(ActionsEnum.deleteResource) ); authenticated.put( "/resource/:resourceId/target", verifyResourceAccess, verifyUserHasAction(ActionsEnum.createTarget), + logActionAudit(ActionsEnum.createTarget), target.createTarget, - logActionAudit(ActionsEnum.createTarget) ); authenticated.get( "/resource/:resourceId/targets", @@ -402,8 +400,8 @@ authenticated.put( "/resource/:resourceId/rule", verifyResourceAccess, verifyUserHasAction(ActionsEnum.createResourceRule), + logActionAudit(ActionsEnum.createResourceRule), resource.createResourceRule, - logActionAudit(ActionsEnum.createResourceRule) ); authenticated.get( "/resource/:resourceId/rules", @@ -415,15 +413,15 @@ authenticated.post( "/resource/:resourceId/rule/:ruleId", verifyResourceAccess, verifyUserHasAction(ActionsEnum.updateResourceRule), + logActionAudit(ActionsEnum.updateResourceRule), resource.updateResourceRule, - logActionAudit(ActionsEnum.updateResourceRule) ); authenticated.delete( "/resource/:resourceId/rule/:ruleId", verifyResourceAccess, verifyUserHasAction(ActionsEnum.deleteResourceRule), + logActionAudit(ActionsEnum.deleteResourceRule), resource.deleteResourceRule, - logActionAudit(ActionsEnum.deleteResourceRule) ); authenticated.get( @@ -436,23 +434,23 @@ authenticated.post( "/target/:targetId", verifyTargetAccess, verifyUserHasAction(ActionsEnum.updateTarget), + logActionAudit(ActionsEnum.updateTarget), target.updateTarget, - logActionAudit(ActionsEnum.updateTarget) ); authenticated.delete( "/target/:targetId", verifyTargetAccess, verifyUserHasAction(ActionsEnum.deleteTarget), + logActionAudit(ActionsEnum.deleteTarget), target.deleteTarget, - logActionAudit(ActionsEnum.deleteTarget) ); authenticated.put( "/org/:orgId/role", verifyOrgAccess, verifyUserHasAction(ActionsEnum.createRole), + logActionAudit(ActionsEnum.createRole), role.createRole, - logActionAudit(ActionsEnum.createRole) ); authenticated.get( "/org/:orgId/roles", @@ -477,16 +475,16 @@ authenticated.delete( "/role/:roleId", verifyRoleAccess, verifyUserHasAction(ActionsEnum.deleteRole), + logActionAudit(ActionsEnum.deleteRole), role.deleteRole, - logActionAudit(ActionsEnum.deleteRole) ); authenticated.post( "/role/:roleId/add/:userId", verifyRoleAccess, verifyUserAccess, verifyUserHasAction(ActionsEnum.addUserRole), + logActionAudit(ActionsEnum.addUserRole), user.addUserRole, - logActionAudit(ActionsEnum.addUserRole) ); authenticated.post( @@ -494,8 +492,8 @@ authenticated.post( verifyResourceAccess, verifyRoleAccess, verifyUserHasAction(ActionsEnum.setResourceRoles), + logActionAudit(ActionsEnum.setResourceRoles), resource.setResourceRoles, - logActionAudit(ActionsEnum.setResourceRoles) ); authenticated.post( @@ -503,40 +501,40 @@ authenticated.post( verifyResourceAccess, verifySetResourceUsers, verifyUserHasAction(ActionsEnum.setResourceUsers), + logActionAudit(ActionsEnum.setResourceUsers), resource.setResourceUsers, - logActionAudit(ActionsEnum.setResourceUsers) ); authenticated.post( `/resource/:resourceId/password`, verifyResourceAccess, verifyUserHasAction(ActionsEnum.setResourcePassword), + logActionAudit(ActionsEnum.setResourcePassword), resource.setResourcePassword, - logActionAudit(ActionsEnum.setResourcePassword) ); authenticated.post( `/resource/:resourceId/pincode`, verifyResourceAccess, verifyUserHasAction(ActionsEnum.setResourcePincode), + logActionAudit(ActionsEnum.setResourcePincode), resource.setResourcePincode, - logActionAudit(ActionsEnum.setResourcePincode) ); authenticated.post( `/resource/:resourceId/header-auth`, verifyResourceAccess, verifyUserHasAction(ActionsEnum.setResourceHeaderAuth), + logActionAudit(ActionsEnum.setResourceHeaderAuth), resource.setResourceHeaderAuth, - logActionAudit(ActionsEnum.setResourceHeaderAuth) ); authenticated.post( `/resource/:resourceId/whitelist`, verifyResourceAccess, verifyUserHasAction(ActionsEnum.setResourceWhitelist), + logActionAudit(ActionsEnum.setResourceWhitelist), resource.setResourceWhitelist, - logActionAudit(ActionsEnum.setResourceWhitelist) ); authenticated.get( @@ -550,16 +548,16 @@ authenticated.post( `/resource/:resourceId/access-token`, verifyResourceAccess, verifyUserHasAction(ActionsEnum.generateAccessToken), + logActionAudit(ActionsEnum.generateAccessToken), accessToken.generateAccessToken, - logActionAudit(ActionsEnum.generateAccessToken) ); authenticated.delete( `/access-token/:accessTokenId`, verifyAccessTokenAccess, verifyUserHasAction(ActionsEnum.deleteAcessToken), + logActionAudit(ActionsEnum.deleteAcessToken), accessToken.deleteAccessToken, - logActionAudit(ActionsEnum.deleteAcessToken) ); authenticated.get( @@ -632,8 +630,8 @@ authenticated.put( "/org/:orgId/user", verifyOrgAccess, verifyUserHasAction(ActionsEnum.createOrgUser), + logActionAudit(ActionsEnum.createOrgUser), user.createOrgUser, - logActionAudit(ActionsEnum.createOrgUser) ); authenticated.post( @@ -641,8 +639,8 @@ authenticated.post( verifyOrgAccess, verifyUserAccess, verifyUserHasAction(ActionsEnum.updateOrgUser), + logActionAudit(ActionsEnum.updateOrgUser), user.updateOrgUser, - logActionAudit(ActionsEnum.updateOrgUser) ); authenticated.get("/org/:orgId/user/:userId", verifyOrgAccess, user.getOrgUser); @@ -664,8 +662,8 @@ authenticated.delete( verifyOrgAccess, verifyUserAccess, verifyUserHasAction(ActionsEnum.removeUser), + logActionAudit(ActionsEnum.removeUser), user.removeUserOrg, - logActionAudit(ActionsEnum.removeUser) ); // authenticated.put( @@ -798,8 +796,8 @@ authenticated.post( verifyOrgAccess, verifyApiKeyAccess, verifyUserHasAction(ActionsEnum.setApiKeyActions), + logActionAudit(ActionsEnum.setApiKeyActions), apiKeys.setApiKeyActions, - logActionAudit(ActionsEnum.setApiKeyActions) ); authenticated.get( @@ -814,8 +812,8 @@ authenticated.put( `/org/:orgId/api-key`, verifyOrgAccess, verifyUserHasAction(ActionsEnum.createApiKey), + logActionAudit(ActionsEnum.createApiKey), apiKeys.createOrgApiKey, - logActionAudit(ActionsEnum.createApiKey) ); authenticated.delete( @@ -823,8 +821,8 @@ authenticated.delete( verifyOrgAccess, verifyApiKeyAccess, verifyUserHasAction(ActionsEnum.deleteApiKey), + logActionAudit(ActionsEnum.deleteApiKey), apiKeys.deleteOrgApiKey, - logActionAudit(ActionsEnum.deleteApiKey) ); authenticated.get( @@ -839,8 +837,8 @@ authenticated.put( `/org/:orgId/domain`, verifyOrgAccess, verifyUserHasAction(ActionsEnum.createOrgDomain), + logActionAudit(ActionsEnum.createOrgDomain), domain.createOrgDomain, - logActionAudit(ActionsEnum.createOrgDomain) ); authenticated.post( @@ -848,8 +846,8 @@ authenticated.post( verifyOrgAccess, verifyDomainAccess, verifyUserHasAction(ActionsEnum.restartOrgDomain), + logActionAudit(ActionsEnum.restartOrgDomain), domain.restartOrgDomain, - logActionAudit(ActionsEnum.restartOrgDomain) ); authenticated.delete( @@ -857,8 +855,8 @@ authenticated.delete( verifyOrgAccess, verifyDomainAccess, verifyUserHasAction(ActionsEnum.deleteOrgDomain), + logActionAudit(ActionsEnum.deleteOrgDomain), domain.deleteAccountDomain, - logActionAudit(ActionsEnum.deleteOrgDomain) ); // Auth routes diff --git a/server/routers/integration.ts b/server/routers/integration.ts index f54189e6..1359ea5e 100644 --- a/server/routers/integration.ts +++ b/server/routers/integration.ts @@ -51,8 +51,8 @@ authenticated.put( "/org", verifyApiKeyIsRoot, verifyApiKeyHasAction(ActionsEnum.createOrg), + logActionAudit(ActionsEnum.createOrg), org.createOrg, - logActionAudit(ActionsEnum.createOrg) ); authenticated.get( @@ -73,24 +73,24 @@ authenticated.post( "/org/:orgId", verifyApiKeyOrgAccess, verifyApiKeyHasAction(ActionsEnum.updateOrg), + logActionAudit(ActionsEnum.updateOrg), org.updateOrg, - logActionAudit(ActionsEnum.updateOrg) ); authenticated.delete( "/org/:orgId", verifyApiKeyIsRoot, verifyApiKeyHasAction(ActionsEnum.deleteOrg), + logActionAudit(ActionsEnum.deleteOrg), org.deleteOrg, - logActionAudit(ActionsEnum.deleteOrg) ); authenticated.put( "/org/:orgId/site", verifyApiKeyOrgAccess, verifyApiKeyHasAction(ActionsEnum.createSite), + logActionAudit(ActionsEnum.createSite), site.createSite, - logActionAudit(ActionsEnum.createSite) ); authenticated.get( @@ -125,16 +125,16 @@ authenticated.post( "/site/:siteId", verifyApiKeySiteAccess, verifyApiKeyHasAction(ActionsEnum.updateSite), + logActionAudit(ActionsEnum.updateSite), site.updateSite, - logActionAudit(ActionsEnum.updateSite) ); authenticated.delete( "/site/:siteId", verifyApiKeySiteAccess, verifyApiKeyHasAction(ActionsEnum.deleteSite), + logActionAudit(ActionsEnum.deleteSite), site.deleteSite, - logActionAudit(ActionsEnum.deleteSite) ); authenticated.get( @@ -148,8 +148,8 @@ authenticated.put( verifyApiKeyOrgAccess, verifyApiKeySiteAccess, verifyApiKeyHasAction(ActionsEnum.createSiteResource), + logActionAudit(ActionsEnum.createSiteResource), siteResource.createSiteResource, - logActionAudit(ActionsEnum.createSiteResource) ); authenticated.get( @@ -182,8 +182,8 @@ authenticated.post( verifyApiKeySiteAccess, verifyApiKeySiteResourceAccess, verifyApiKeyHasAction(ActionsEnum.updateSiteResource), + logActionAudit(ActionsEnum.updateSiteResource), siteResource.updateSiteResource, - logActionAudit(ActionsEnum.updateSiteResource) ); authenticated.delete( @@ -192,24 +192,24 @@ authenticated.delete( verifyApiKeySiteAccess, verifyApiKeySiteResourceAccess, verifyApiKeyHasAction(ActionsEnum.deleteSiteResource), + logActionAudit(ActionsEnum.deleteSiteResource), siteResource.deleteSiteResource, - logActionAudit(ActionsEnum.deleteSiteResource) ); authenticated.put( "/org/:orgId/resource", verifyApiKeyOrgAccess, verifyApiKeyHasAction(ActionsEnum.createResource), + logActionAudit(ActionsEnum.createResource), resource.createResource, - logActionAudit(ActionsEnum.createResource) ); authenticated.put( "/org/:orgId/site/:siteId/resource", verifyApiKeyOrgAccess, verifyApiKeyHasAction(ActionsEnum.createResource), + logActionAudit(ActionsEnum.createResource), resource.createResource, - logActionAudit(ActionsEnum.createResource) ); authenticated.get( @@ -244,8 +244,8 @@ authenticated.post( "/org/:orgId/create-invite", verifyApiKeyOrgAccess, verifyApiKeyHasAction(ActionsEnum.inviteUser), + logActionAudit(ActionsEnum.inviteUser), user.inviteUser, - logActionAudit(ActionsEnum.inviteUser) ); authenticated.get( @@ -273,24 +273,24 @@ authenticated.post( "/resource/:resourceId", verifyApiKeyResourceAccess, verifyApiKeyHasAction(ActionsEnum.updateResource), + logActionAudit(ActionsEnum.updateResource), resource.updateResource, - logActionAudit(ActionsEnum.updateResource) ); authenticated.delete( "/resource/:resourceId", verifyApiKeyResourceAccess, verifyApiKeyHasAction(ActionsEnum.deleteResource), + logActionAudit(ActionsEnum.deleteResource), resource.deleteResource, - logActionAudit(ActionsEnum.deleteResource) ); authenticated.put( "/resource/:resourceId/target", verifyApiKeyResourceAccess, verifyApiKeyHasAction(ActionsEnum.createTarget), + logActionAudit(ActionsEnum.createTarget), target.createTarget, - logActionAudit(ActionsEnum.createTarget) ); authenticated.get( @@ -304,8 +304,8 @@ authenticated.put( "/resource/:resourceId/rule", verifyApiKeyResourceAccess, verifyApiKeyHasAction(ActionsEnum.createResourceRule), + logActionAudit(ActionsEnum.createResourceRule), resource.createResourceRule, - logActionAudit(ActionsEnum.createResourceRule) ); authenticated.get( @@ -319,16 +319,16 @@ authenticated.post( "/resource/:resourceId/rule/:ruleId", verifyApiKeyResourceAccess, verifyApiKeyHasAction(ActionsEnum.updateResourceRule), + logActionAudit(ActionsEnum.updateResourceRule), resource.updateResourceRule, - logActionAudit(ActionsEnum.updateResourceRule) ); authenticated.delete( "/resource/:resourceId/rule/:ruleId", verifyApiKeyResourceAccess, verifyApiKeyHasAction(ActionsEnum.deleteResourceRule), + logActionAudit(ActionsEnum.deleteResourceRule), resource.deleteResourceRule, - logActionAudit(ActionsEnum.deleteResourceRule) ); authenticated.get( @@ -342,24 +342,24 @@ authenticated.post( "/target/:targetId", verifyApiKeyTargetAccess, verifyApiKeyHasAction(ActionsEnum.updateTarget), + logActionAudit(ActionsEnum.updateTarget), target.updateTarget, - logActionAudit(ActionsEnum.updateTarget) ); authenticated.delete( "/target/:targetId", verifyApiKeyTargetAccess, verifyApiKeyHasAction(ActionsEnum.deleteTarget), + logActionAudit(ActionsEnum.deleteTarget), target.deleteTarget, - logActionAudit(ActionsEnum.deleteTarget) ); authenticated.put( "/org/:orgId/role", verifyApiKeyOrgAccess, verifyApiKeyHasAction(ActionsEnum.createRole), + logActionAudit(ActionsEnum.createRole), role.createRole, - logActionAudit(ActionsEnum.createRole) ); authenticated.get( @@ -373,8 +373,8 @@ authenticated.delete( "/role/:roleId", verifyApiKeyRoleAccess, verifyApiKeyHasAction(ActionsEnum.deleteRole), + logActionAudit(ActionsEnum.deleteRole), role.deleteRole, - logActionAudit(ActionsEnum.deleteRole) ); authenticated.get( @@ -389,8 +389,8 @@ authenticated.post( verifyApiKeyRoleAccess, verifyApiKeyUserAccess, verifyApiKeyHasAction(ActionsEnum.addUserRole), + logActionAudit(ActionsEnum.addUserRole), user.addUserRole, - logActionAudit(ActionsEnum.addUserRole) ); authenticated.post( @@ -398,8 +398,8 @@ authenticated.post( verifyApiKeyResourceAccess, verifyApiKeyRoleAccess, verifyApiKeyHasAction(ActionsEnum.setResourceRoles), + logActionAudit(ActionsEnum.setResourceRoles), resource.setResourceRoles, - logActionAudit(ActionsEnum.setResourceRoles) ); authenticated.post( @@ -407,40 +407,40 @@ authenticated.post( verifyApiKeyResourceAccess, verifyApiKeySetResourceUsers, verifyApiKeyHasAction(ActionsEnum.setResourceUsers), + logActionAudit(ActionsEnum.setResourceUsers), resource.setResourceUsers, - logActionAudit(ActionsEnum.setResourceUsers) ); authenticated.post( `/resource/:resourceId/password`, verifyApiKeyResourceAccess, verifyApiKeyHasAction(ActionsEnum.setResourcePassword), + logActionAudit(ActionsEnum.setResourcePassword), resource.setResourcePassword, - logActionAudit(ActionsEnum.setResourcePassword) ); authenticated.post( `/resource/:resourceId/pincode`, verifyApiKeyResourceAccess, verifyApiKeyHasAction(ActionsEnum.setResourcePincode), + logActionAudit(ActionsEnum.setResourcePincode), resource.setResourcePincode, - logActionAudit(ActionsEnum.setResourcePincode) ); authenticated.post( `/resource/:resourceId/header-auth`, verifyApiKeyResourceAccess, verifyApiKeyHasAction(ActionsEnum.setResourceHeaderAuth), + logActionAudit(ActionsEnum.setResourceHeaderAuth), resource.setResourceHeaderAuth, - logActionAudit(ActionsEnum.setResourceHeaderAuth) ); authenticated.post( `/resource/:resourceId/whitelist`, verifyApiKeyResourceAccess, verifyApiKeyHasAction(ActionsEnum.setResourceWhitelist), + logActionAudit(ActionsEnum.setResourceWhitelist), resource.setResourceWhitelist, - logActionAudit(ActionsEnum.setResourceWhitelist) ); authenticated.get( @@ -468,16 +468,16 @@ authenticated.post( `/resource/:resourceId/access-token`, verifyApiKeyResourceAccess, verifyApiKeyHasAction(ActionsEnum.generateAccessToken), + logActionAudit(ActionsEnum.generateAccessToken), accessToken.generateAccessToken, - logActionAudit(ActionsEnum.generateAccessToken) ); authenticated.delete( `/access-token/:accessTokenId`, verifyApiKeyAccessTokenAccess, verifyApiKeyHasAction(ActionsEnum.deleteAcessToken), + logActionAudit(ActionsEnum.deleteAcessToken), accessToken.deleteAccessToken, - logActionAudit(ActionsEnum.deleteAcessToken) ); authenticated.get( @@ -505,8 +505,8 @@ authenticated.post( "/user/:userId/2fa", verifyApiKeyIsRoot, verifyApiKeyHasAction(ActionsEnum.updateUser), + logActionAudit(ActionsEnum.updateUser), user.updateUser2FA, - logActionAudit(ActionsEnum.updateUser) ); authenticated.get( @@ -527,8 +527,8 @@ authenticated.put( "/org/:orgId/user", verifyApiKeyOrgAccess, verifyApiKeyHasAction(ActionsEnum.createOrgUser), + logActionAudit(ActionsEnum.createOrgUser), user.createOrgUser, - logActionAudit(ActionsEnum.createOrgUser) ); authenticated.post( @@ -536,8 +536,8 @@ authenticated.post( verifyApiKeyOrgAccess, verifyApiKeyUserAccess, verifyApiKeyHasAction(ActionsEnum.updateOrgUser), + logActionAudit(ActionsEnum.updateOrgUser), user.updateOrgUser, - logActionAudit(ActionsEnum.updateOrgUser) ); authenticated.delete( @@ -545,8 +545,8 @@ authenticated.delete( verifyApiKeyOrgAccess, verifyApiKeyUserAccess, verifyApiKeyHasAction(ActionsEnum.removeUser), + logActionAudit(ActionsEnum.removeUser), user.removeUserOrg, - logActionAudit(ActionsEnum.removeUser) ); // authenticated.put( @@ -566,8 +566,8 @@ authenticated.post( `/org/:orgId/api-key/:apiKeyId/actions`, verifyApiKeyIsRoot, verifyApiKeyHasAction(ActionsEnum.setApiKeyActions), + logActionAudit(ActionsEnum.setApiKeyActions), apiKeys.setApiKeyActions, - logActionAudit(ActionsEnum.setApiKeyActions) ); authenticated.get( @@ -581,32 +581,32 @@ authenticated.put( `/org/:orgId/api-key`, verifyApiKeyIsRoot, verifyApiKeyHasAction(ActionsEnum.createApiKey), + logActionAudit(ActionsEnum.createApiKey), apiKeys.createOrgApiKey, - logActionAudit(ActionsEnum.createApiKey) ); authenticated.delete( `/org/:orgId/api-key/:apiKeyId`, verifyApiKeyIsRoot, verifyApiKeyHasAction(ActionsEnum.deleteApiKey), + logActionAudit(ActionsEnum.deleteApiKey), apiKeys.deleteApiKey, - logActionAudit(ActionsEnum.deleteApiKey) ); authenticated.put( "/idp/oidc", verifyApiKeyIsRoot, verifyApiKeyHasAction(ActionsEnum.createIdp), + logActionAudit(ActionsEnum.createIdp), idp.createOidcIdp, - logActionAudit(ActionsEnum.createIdp) ); authenticated.post( "/idp/:idpId/oidc", verifyApiKeyIsRoot, verifyApiKeyHasAction(ActionsEnum.updateIdp), + logActionAudit(ActionsEnum.updateIdp), idp.updateOidcIdp, - logActionAudit(ActionsEnum.updateIdp) ); authenticated.get( @@ -627,24 +627,24 @@ authenticated.put( "/idp/:idpId/org/:orgId", verifyApiKeyIsRoot, verifyApiKeyHasAction(ActionsEnum.createIdpOrg), + logActionAudit(ActionsEnum.createIdpOrg), idp.createIdpOrgPolicy, - logActionAudit(ActionsEnum.createIdpOrg) ); authenticated.post( "/idp/:idpId/org/:orgId", verifyApiKeyIsRoot, verifyApiKeyHasAction(ActionsEnum.updateIdpOrg), + logActionAudit(ActionsEnum.updateIdpOrg), idp.updateIdpOrgPolicy, - logActionAudit(ActionsEnum.updateIdpOrg) ); authenticated.delete( "/idp/:idpId/org/:orgId", verifyApiKeyIsRoot, verifyApiKeyHasAction(ActionsEnum.deleteIdpOrg), + logActionAudit(ActionsEnum.deleteIdpOrg), idp.deleteIdpOrgPolicy, - logActionAudit(ActionsEnum.deleteIdpOrg) ); authenticated.get( @@ -683,8 +683,8 @@ authenticated.put( verifyClientsEnabled, verifyApiKeyOrgAccess, verifyApiKeyHasAction(ActionsEnum.createClient), + logActionAudit(ActionsEnum.createClient), client.createClient, - logActionAudit(ActionsEnum.createClient) ); authenticated.delete( @@ -692,8 +692,8 @@ authenticated.delete( verifyClientsEnabled, verifyApiKeyClientAccess, verifyApiKeyHasAction(ActionsEnum.deleteClient), + logActionAudit(ActionsEnum.deleteClient), client.deleteClient, - logActionAudit(ActionsEnum.deleteClient) ); authenticated.post( @@ -701,14 +701,14 @@ authenticated.post( verifyClientsEnabled, verifyApiKeyClientAccess, verifyApiKeyHasAction(ActionsEnum.updateClient), + logActionAudit(ActionsEnum.updateClient), client.updateClient, - logActionAudit(ActionsEnum.updateClient) ); authenticated.put( "/org/:orgId/blueprint", verifyApiKeyOrgAccess, verifyApiKeyHasAction(ActionsEnum.applyBlueprint), + logActionAudit(ActionsEnum.applyBlueprint), org.applyBlueprint, - logActionAudit(ActionsEnum.applyBlueprint) );