mirror of
https://github.com/fosrl/pangolin.git
synced 2026-02-02 08:09:10 +00:00
move re-key API routes to private api
This commit is contained in:
Pallavi Kumari
@@ -2111,7 +2111,7 @@
|
||||
"confirm": "Confirm",
|
||||
"regenerateCredentialsConfirmation": "Are you sure you want to regenerate the credentials?",
|
||||
"endpoint": "Endpoint",
|
||||
"id": "Id",
|
||||
"Id": "Id",
|
||||
"SecretKey": "Secret Key",
|
||||
"featureDisabledTooltip": "This feature is only available in the enterprise plan and require a license to use it."
|
||||
}
|
||||
|
||||
@@ -23,11 +23,15 @@ import * as license from "#private/routers/license";
|
||||
import * as generateLicense from "./generatedLicense";
|
||||
import * as logs from "#private/routers/auditLogs";
|
||||
import * as misc from "#private/routers/misc";
|
||||
import * as reKey from "#private/routers/re-key";
|
||||
|
||||
import {
|
||||
verifyOrgAccess,
|
||||
verifyUserHasAction,
|
||||
verifyUserIsServerAdmin
|
||||
verifyUserIsServerAdmin,
|
||||
verifySiteAccess,
|
||||
verifyClientAccess,
|
||||
verifyClientsEnabled,
|
||||
} from "@server/middlewares";
|
||||
import { ActionsEnum } from "@server/auth/actions";
|
||||
import {
|
||||
@@ -236,14 +240,6 @@ authenticated.put(
|
||||
remoteExitNode.createRemoteExitNode
|
||||
);
|
||||
|
||||
authenticated.put(
|
||||
"/org/:orgId/reGenerate-remote-exit-node-secret",
|
||||
verifyValidLicense,
|
||||
verifyOrgAccess,
|
||||
verifyUserHasAction(ActionsEnum.updateRemoteExitNode),
|
||||
remoteExitNode.reGenerateExitNodeSecret
|
||||
);
|
||||
|
||||
authenticated.get(
|
||||
"/org/:orgId/remote-exit-nodes",
|
||||
verifyValidLicense,
|
||||
@@ -411,3 +407,26 @@ authenticated.get(
|
||||
logActionAudit(ActionsEnum.exportLogs),
|
||||
logs.exportAccessAuditLogs
|
||||
);
|
||||
|
||||
authenticated.post(
|
||||
"/re-key/:clientId/regenerate-client-secret",
|
||||
verifyClientsEnabled,
|
||||
verifyClientAccess,
|
||||
verifyUserHasAction(ActionsEnum.reGenerateSecret),
|
||||
reKey.reGenerateClientSecret
|
||||
);
|
||||
|
||||
authenticated.post(
|
||||
"/re-key/:siteId/regenerate-site-secret",
|
||||
verifySiteAccess,
|
||||
verifyUserHasAction(ActionsEnum.reGenerateSecret),
|
||||
reKey.reGenerateSiteSecret
|
||||
);
|
||||
|
||||
authenticated.put(
|
||||
"/re-key/:orgId/reGenerate-remote-exit-node-secret",
|
||||
verifyValidLicense,
|
||||
verifyOrgAccess,
|
||||
verifyUserHasAction(ActionsEnum.updateRemoteExitNode),
|
||||
reKey.reGenerateExitNodeSecret
|
||||
);
|
||||
|
||||
3
server/private/routers/re-key/index.ts
Normal file
3
server/private/routers/re-key/index.ts
Normal file
@@ -0,0 +1,3 @@
|
||||
export * from "./reGenerateClientSecret";
|
||||
export * from "./reGenerateSiteSecret";
|
||||
export * from "./reGenerateExitNodeSecret";
|
||||
@@ -29,7 +29,7 @@ export type ReGenerateSecretBody = z.infer<typeof reGenerateSecretBodySchema>;
|
||||
|
||||
registry.registerPath({
|
||||
method: "post",
|
||||
path: "/client/{clientId}/regenerate-secret",
|
||||
path: "/re-key/{clientId}/regenerate-client-secret",
|
||||
description: "Regenerate a client's OLM credentials by its client ID.",
|
||||
tags: [OpenAPITags.Client],
|
||||
request: {
|
||||
@@ -23,7 +23,11 @@ import { hashPassword } from "@server/auth/password";
|
||||
import logger from "@server/logger";
|
||||
import { and, eq } from "drizzle-orm";
|
||||
import { UpdateRemoteExitNodeResponse } from "@server/routers/remoteExitNode/types";
|
||||
import { paramsSchema } from "./createRemoteExitNode";
|
||||
import { OpenAPITags, registry } from "@server/openApi";
|
||||
|
||||
export const paramsSchema = z.object({
|
||||
orgId: z.string()
|
||||
});
|
||||
|
||||
const bodySchema = z
|
||||
.object({
|
||||
@@ -32,6 +36,25 @@ const bodySchema = z
|
||||
})
|
||||
.strict();
|
||||
|
||||
|
||||
registry.registerPath({
|
||||
method: "post",
|
||||
path: "/re-key/{orgId}/regenerate-secret",
|
||||
description: "Regenerate a exit node credentials by its org ID.",
|
||||
tags: [OpenAPITags.Org],
|
||||
request: {
|
||||
params: paramsSchema,
|
||||
body: {
|
||||
content: {
|
||||
"application/json": {
|
||||
schema: bodySchema
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
responses: {}
|
||||
});
|
||||
|
||||
export async function reGenerateExitNodeSecret(
|
||||
req: Request,
|
||||
res: Response,
|
||||
@@ -9,7 +9,7 @@ import logger from "@server/logger";
|
||||
import { fromError } from "zod-validation-error";
|
||||
import { OpenAPITags, registry } from "@server/openApi";
|
||||
import { hashPassword } from "@server/auth/password";
|
||||
import { addPeer } from "../gerbil/peers";
|
||||
import { addPeer } from "@server/routers/gerbil/peers";
|
||||
|
||||
|
||||
const updateSiteParamsSchema = z
|
||||
@@ -31,7 +31,7 @@ const updateSiteBodySchema = z
|
||||
|
||||
registry.registerPath({
|
||||
method: "post",
|
||||
path: "/site/{siteId}/regenerate-secret",
|
||||
path: "/re-key/{siteId}/regenerate-site-secret",
|
||||
description: "Regenerate a site's Newt or WireGuard credentials by its site ID.",
|
||||
tags: [OpenAPITags.Site],
|
||||
request: {
|
||||
@@ -21,4 +21,3 @@ export * from "./deleteRemoteExitNode";
|
||||
export * from "./listRemoteExitNodes";
|
||||
export * from "./pickRemoteExitNodeDefaults";
|
||||
export * from "./quickStartRemoteExitNode";
|
||||
export * from "./reGenerateExitNodeSecret";
|
||||
|
||||
@@ -3,5 +3,4 @@ export * from "./createClient";
|
||||
export * from "./deleteClient";
|
||||
export * from "./listClients";
|
||||
export * from "./updateClient";
|
||||
export * from "./getClient";
|
||||
export * from "./reGenerateClientSecret";
|
||||
export * from "./getClient";
|
||||
@@ -178,13 +178,6 @@ authenticated.post(
|
||||
client.updateClient,
|
||||
);
|
||||
|
||||
authenticated.post(
|
||||
"/client/:clientId/regenerate-secret",
|
||||
verifyClientsEnabled,
|
||||
verifyClientAccess,
|
||||
verifyUserHasAction(ActionsEnum.reGenerateSecret),
|
||||
client.reGenerateClientSecret
|
||||
);
|
||||
|
||||
// authenticated.get(
|
||||
// "/site/:siteId/roles",
|
||||
@@ -200,12 +193,6 @@ authenticated.post(
|
||||
site.updateSite,
|
||||
);
|
||||
|
||||
authenticated.post(
|
||||
"/site/:siteId/regenerate-secret",
|
||||
verifySiteAccess,
|
||||
verifyUserHasAction(ActionsEnum.reGenerateSecret),
|
||||
site.reGenerateSiteSecret
|
||||
);
|
||||
authenticated.delete(
|
||||
"/site/:siteId",
|
||||
verifySiteAccess,
|
||||
|
||||
@@ -5,5 +5,4 @@ export * from "./updateSite";
|
||||
export * from "./listSites";
|
||||
export * from "./listSiteRoles";
|
||||
export * from "./pickSiteDefaults";
|
||||
export * from "./socketIntegration";
|
||||
export * from "./reGenerateSiteSecret";
|
||||
export * from "./socketIntegration";
|
||||
@@ -59,7 +59,7 @@ export default function CredentialsPage() {
|
||||
setCredentials(data);
|
||||
|
||||
await api.put<AxiosResponse<QuickStartRemoteExitNodeResponse>>(
|
||||
`/org/${orgId}/reGenerate-remote-exit-node-secret`,
|
||||
`/re-key/${orgId}/reGenerate-remote-exit-node-secret`,
|
||||
{
|
||||
remoteExitNodeId: remoteExitNode.remoteExitNodeId,
|
||||
secret: data.secret,
|
||||
|
||||
@@ -52,7 +52,7 @@ export default function CredentialsPage() {
|
||||
const data = res.data.data;
|
||||
setClientDefaults(data);
|
||||
|
||||
await api.post(`/client/${client?.clientId}/regenerate-secret`, {
|
||||
await api.post(`/re-key/${client?.clientId}/regenerate-client-secret`, {
|
||||
olmId: data.olmId,
|
||||
secret: data.olmSecret,
|
||||
});
|
||||
|
||||
@@ -8,6 +8,7 @@ import ClientProvider from "@app/providers/ClientProvider";
|
||||
import { redirect } from "next/navigation";
|
||||
import { HorizontalTabs } from "@app/components/HorizontalTabs";
|
||||
import { getTranslations } from "next-intl/server";
|
||||
import { build } from "@server/build";
|
||||
|
||||
type SettingsLayoutProps = {
|
||||
children: React.ReactNode;
|
||||
@@ -38,10 +39,13 @@ export default async function SettingsLayout(props: SettingsLayoutProps) {
|
||||
title: t('general'),
|
||||
href: `/{orgId}/settings/clients/{clientId}/general`
|
||||
},
|
||||
{
|
||||
title: t('credentials'),
|
||||
href: `/{orgId}/settings/clients/{clientId}/credentials`
|
||||
}
|
||||
...(build === 'enterprise'
|
||||
? [{
|
||||
title: t('credentials'),
|
||||
href: `/{orgId}/settings/clients/{clientId}/credentials`
|
||||
},
|
||||
]
|
||||
: []),
|
||||
];
|
||||
|
||||
return (
|
||||
|
||||
@@ -95,7 +95,7 @@ PersistentKeepalive = 5`;
|
||||
);
|
||||
}
|
||||
|
||||
await api.post(`/site/${site?.siteId}/regenerate-secret`, {
|
||||
await api.post(`/re-key/${site?.siteId}/regenerate-site-secret`, {
|
||||
type: "wireguard",
|
||||
subnet: res.data.data.subnet,
|
||||
exitNodeId: res.data.data.exitNodeId,
|
||||
@@ -109,7 +109,7 @@ PersistentKeepalive = 5`;
|
||||
const data = res.data.data;
|
||||
setSiteDefaults(data);
|
||||
|
||||
await api.post(`/site/${site?.siteId}/regenerate-secret`, {
|
||||
await api.post(`/re-key/${site?.siteId}/regenerate-site-secret`, {
|
||||
type: "newt",
|
||||
newtId: data.newtId,
|
||||
newtSecret: data.newtSecret
|
||||
|
||||
@@ -8,6 +8,7 @@ import { HorizontalTabs } from "@app/components/HorizontalTabs";
|
||||
import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
|
||||
import SiteInfoCard from "../../../../../components/SiteInfoCard";
|
||||
import { getTranslations } from "next-intl/server";
|
||||
import { build } from "@server/build";
|
||||
|
||||
interface SettingsLayoutProps {
|
||||
children: React.ReactNode;
|
||||
@@ -37,7 +38,7 @@ export default async function SettingsLayout(props: SettingsLayoutProps) {
|
||||
title: t('general'),
|
||||
href: `/${params.orgId}/settings/sites/${params.niceId}/general`,
|
||||
},
|
||||
...(site.type !== 'local'
|
||||
...(site.type !== 'local' && build === 'enterprise'
|
||||
? [
|
||||
{
|
||||
title: t('credentials'),
|
||||
|
||||
Reference in New Issue
Block a user