diff --git a/messages/en-US.json b/messages/en-US.json index c9d55062..e7efb66b 100644 --- a/messages/en-US.json +++ b/messages/en-US.json @@ -2111,7 +2111,7 @@ "confirm": "Confirm", "regenerateCredentialsConfirmation": "Are you sure you want to regenerate the credentials?", "endpoint": "Endpoint", - "id": "Id", + "Id": "Id", "SecretKey": "Secret Key", "featureDisabledTooltip": "This feature is only available in the enterprise plan and require a license to use it." } diff --git a/server/private/routers/external.ts b/server/private/routers/external.ts index 493e9646..eefd175c 100644 --- a/server/private/routers/external.ts +++ b/server/private/routers/external.ts @@ -23,11 +23,15 @@ import * as license from "#private/routers/license"; import * as generateLicense from "./generatedLicense"; import * as logs from "#private/routers/auditLogs"; import * as misc from "#private/routers/misc"; +import * as reKey from "#private/routers/re-key"; import { verifyOrgAccess, verifyUserHasAction, - verifyUserIsServerAdmin + verifyUserIsServerAdmin, + verifySiteAccess, + verifyClientAccess, + verifyClientsEnabled, } from "@server/middlewares"; import { ActionsEnum } from "@server/auth/actions"; import { @@ -236,14 +240,6 @@ authenticated.put( remoteExitNode.createRemoteExitNode ); -authenticated.put( - "/org/:orgId/reGenerate-remote-exit-node-secret", - verifyValidLicense, - verifyOrgAccess, - verifyUserHasAction(ActionsEnum.updateRemoteExitNode), - remoteExitNode.reGenerateExitNodeSecret -); - authenticated.get( "/org/:orgId/remote-exit-nodes", verifyValidLicense, @@ -411,3 +407,26 @@ authenticated.get( logActionAudit(ActionsEnum.exportLogs), logs.exportAccessAuditLogs ); + +authenticated.post( + "/re-key/:clientId/regenerate-client-secret", + verifyClientsEnabled, + verifyClientAccess, + verifyUserHasAction(ActionsEnum.reGenerateSecret), + reKey.reGenerateClientSecret +); + +authenticated.post( + "/re-key/:siteId/regenerate-site-secret", + verifySiteAccess, + verifyUserHasAction(ActionsEnum.reGenerateSecret), + reKey.reGenerateSiteSecret +); + +authenticated.put( + "/re-key/:orgId/reGenerate-remote-exit-node-secret", + verifyValidLicense, + verifyOrgAccess, + verifyUserHasAction(ActionsEnum.updateRemoteExitNode), + reKey.reGenerateExitNodeSecret +); diff --git a/server/private/routers/re-key/index.ts b/server/private/routers/re-key/index.ts new file mode 100644 index 00000000..7e04d9e4 --- /dev/null +++ b/server/private/routers/re-key/index.ts @@ -0,0 +1,3 @@ +export * from "./reGenerateClientSecret"; +export * from "./reGenerateSiteSecret"; +export * from "./reGenerateExitNodeSecret"; \ No newline at end of file diff --git a/server/routers/client/reGenerateClientSecret.ts b/server/private/routers/re-key/reGenerateClientSecret.ts similarity index 98% rename from server/routers/client/reGenerateClientSecret.ts rename to server/private/routers/re-key/reGenerateClientSecret.ts index 2bce396a..d16d433b 100644 --- a/server/routers/client/reGenerateClientSecret.ts +++ b/server/private/routers/re-key/reGenerateClientSecret.ts @@ -29,7 +29,7 @@ export type ReGenerateSecretBody = z.infer; registry.registerPath({ method: "post", - path: "/client/{clientId}/regenerate-secret", + path: "/re-key/{clientId}/regenerate-client-secret", description: "Regenerate a client's OLM credentials by its client ID.", tags: [OpenAPITags.Client], request: { diff --git a/server/private/routers/remoteExitNode/reGenerateExitNodeSecret.ts b/server/private/routers/re-key/reGenerateExitNodeSecret.ts similarity index 85% rename from server/private/routers/remoteExitNode/reGenerateExitNodeSecret.ts rename to server/private/routers/re-key/reGenerateExitNodeSecret.ts index b3785d2e..1503e75a 100644 --- a/server/private/routers/remoteExitNode/reGenerateExitNodeSecret.ts +++ b/server/private/routers/re-key/reGenerateExitNodeSecret.ts @@ -23,7 +23,11 @@ import { hashPassword } from "@server/auth/password"; import logger from "@server/logger"; import { and, eq } from "drizzle-orm"; import { UpdateRemoteExitNodeResponse } from "@server/routers/remoteExitNode/types"; -import { paramsSchema } from "./createRemoteExitNode"; +import { OpenAPITags, registry } from "@server/openApi"; + +export const paramsSchema = z.object({ + orgId: z.string() +}); const bodySchema = z .object({ @@ -32,6 +36,25 @@ const bodySchema = z }) .strict(); + +registry.registerPath({ + method: "post", + path: "/re-key/{orgId}/regenerate-secret", + description: "Regenerate a exit node credentials by its org ID.", + tags: [OpenAPITags.Org], + request: { + params: paramsSchema, + body: { + content: { + "application/json": { + schema: bodySchema + } + } + } + }, + responses: {} +}); + export async function reGenerateExitNodeSecret( req: Request, res: Response, diff --git a/server/routers/site/reGenerateSiteSecret.ts b/server/private/routers/re-key/reGenerateSiteSecret.ts similarity index 97% rename from server/routers/site/reGenerateSiteSecret.ts rename to server/private/routers/re-key/reGenerateSiteSecret.ts index 7965b6f8..1d046933 100644 --- a/server/routers/site/reGenerateSiteSecret.ts +++ b/server/private/routers/re-key/reGenerateSiteSecret.ts @@ -9,7 +9,7 @@ import logger from "@server/logger"; import { fromError } from "zod-validation-error"; import { OpenAPITags, registry } from "@server/openApi"; import { hashPassword } from "@server/auth/password"; -import { addPeer } from "../gerbil/peers"; +import { addPeer } from "@server/routers/gerbil/peers"; const updateSiteParamsSchema = z @@ -31,7 +31,7 @@ const updateSiteBodySchema = z registry.registerPath({ method: "post", - path: "/site/{siteId}/regenerate-secret", + path: "/re-key/{siteId}/regenerate-site-secret", description: "Regenerate a site's Newt or WireGuard credentials by its site ID.", tags: [OpenAPITags.Site], request: { diff --git a/server/private/routers/remoteExitNode/index.ts b/server/private/routers/remoteExitNode/index.ts index 7c001098..2a04f9d9 100644 --- a/server/private/routers/remoteExitNode/index.ts +++ b/server/private/routers/remoteExitNode/index.ts @@ -21,4 +21,3 @@ export * from "./deleteRemoteExitNode"; export * from "./listRemoteExitNodes"; export * from "./pickRemoteExitNodeDefaults"; export * from "./quickStartRemoteExitNode"; -export * from "./reGenerateExitNodeSecret"; diff --git a/server/routers/client/index.ts b/server/routers/client/index.ts index 9f97446e..385c7bed 100644 --- a/server/routers/client/index.ts +++ b/server/routers/client/index.ts @@ -3,5 +3,4 @@ export * from "./createClient"; export * from "./deleteClient"; export * from "./listClients"; export * from "./updateClient"; -export * from "./getClient"; -export * from "./reGenerateClientSecret"; \ No newline at end of file +export * from "./getClient"; \ No newline at end of file diff --git a/server/routers/external.ts b/server/routers/external.ts index c2c518fa..f500f483 100644 --- a/server/routers/external.ts +++ b/server/routers/external.ts @@ -178,13 +178,6 @@ authenticated.post( client.updateClient, ); -authenticated.post( - "/client/:clientId/regenerate-secret", - verifyClientsEnabled, - verifyClientAccess, - verifyUserHasAction(ActionsEnum.reGenerateSecret), - client.reGenerateClientSecret -); // authenticated.get( // "/site/:siteId/roles", @@ -200,12 +193,6 @@ authenticated.post( site.updateSite, ); -authenticated.post( - "/site/:siteId/regenerate-secret", - verifySiteAccess, - verifyUserHasAction(ActionsEnum.reGenerateSecret), - site.reGenerateSiteSecret -); authenticated.delete( "/site/:siteId", verifySiteAccess, diff --git a/server/routers/site/index.ts b/server/routers/site/index.ts index 9b8b89cb..b97557a8 100644 --- a/server/routers/site/index.ts +++ b/server/routers/site/index.ts @@ -5,5 +5,4 @@ export * from "./updateSite"; export * from "./listSites"; export * from "./listSiteRoles"; export * from "./pickSiteDefaults"; -export * from "./socketIntegration"; -export * from "./reGenerateSiteSecret"; \ No newline at end of file +export * from "./socketIntegration"; \ No newline at end of file diff --git a/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx b/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx index 0fcdcbbb..115b1bd3 100644 --- a/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx +++ b/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx @@ -59,7 +59,7 @@ export default function CredentialsPage() { setCredentials(data); await api.put>( - `/org/${orgId}/reGenerate-remote-exit-node-secret`, + `/re-key/${orgId}/reGenerate-remote-exit-node-secret`, { remoteExitNodeId: remoteExitNode.remoteExitNodeId, secret: data.secret, diff --git a/src/app/[orgId]/settings/clients/[clientId]/credentials/page.tsx b/src/app/[orgId]/settings/clients/[clientId]/credentials/page.tsx index 024c539a..f14d49e4 100644 --- a/src/app/[orgId]/settings/clients/[clientId]/credentials/page.tsx +++ b/src/app/[orgId]/settings/clients/[clientId]/credentials/page.tsx @@ -52,7 +52,7 @@ export default function CredentialsPage() { const data = res.data.data; setClientDefaults(data); - await api.post(`/client/${client?.clientId}/regenerate-secret`, { + await api.post(`/re-key/${client?.clientId}/regenerate-client-secret`, { olmId: data.olmId, secret: data.olmSecret, }); diff --git a/src/app/[orgId]/settings/clients/[clientId]/layout.tsx b/src/app/[orgId]/settings/clients/[clientId]/layout.tsx index dc4ef0b4..257cb20f 100644 --- a/src/app/[orgId]/settings/clients/[clientId]/layout.tsx +++ b/src/app/[orgId]/settings/clients/[clientId]/layout.tsx @@ -8,6 +8,7 @@ import ClientProvider from "@app/providers/ClientProvider"; import { redirect } from "next/navigation"; import { HorizontalTabs } from "@app/components/HorizontalTabs"; import { getTranslations } from "next-intl/server"; +import { build } from "@server/build"; type SettingsLayoutProps = { children: React.ReactNode; @@ -38,10 +39,13 @@ export default async function SettingsLayout(props: SettingsLayoutProps) { title: t('general'), href: `/{orgId}/settings/clients/{clientId}/general` }, - { - title: t('credentials'), - href: `/{orgId}/settings/clients/{clientId}/credentials` - } + ...(build === 'enterprise' + ? [{ + title: t('credentials'), + href: `/{orgId}/settings/clients/{clientId}/credentials` + }, + ] + : []), ]; return ( diff --git a/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx b/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx index 8351c730..6dcee413 100644 --- a/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx +++ b/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx @@ -95,7 +95,7 @@ PersistentKeepalive = 5`; ); } - await api.post(`/site/${site?.siteId}/regenerate-secret`, { + await api.post(`/re-key/${site?.siteId}/regenerate-site-secret`, { type: "wireguard", subnet: res.data.data.subnet, exitNodeId: res.data.data.exitNodeId, @@ -109,7 +109,7 @@ PersistentKeepalive = 5`; const data = res.data.data; setSiteDefaults(data); - await api.post(`/site/${site?.siteId}/regenerate-secret`, { + await api.post(`/re-key/${site?.siteId}/regenerate-site-secret`, { type: "newt", newtId: data.newtId, newtSecret: data.newtSecret diff --git a/src/app/[orgId]/settings/sites/[niceId]/layout.tsx b/src/app/[orgId]/settings/sites/[niceId]/layout.tsx index 01008dab..8ef00410 100644 --- a/src/app/[orgId]/settings/sites/[niceId]/layout.tsx +++ b/src/app/[orgId]/settings/sites/[niceId]/layout.tsx @@ -8,6 +8,7 @@ import { HorizontalTabs } from "@app/components/HorizontalTabs"; import SettingsSectionTitle from "@app/components/SettingsSectionTitle"; import SiteInfoCard from "../../../../../components/SiteInfoCard"; import { getTranslations } from "next-intl/server"; +import { build } from "@server/build"; interface SettingsLayoutProps { children: React.ReactNode; @@ -37,7 +38,7 @@ export default async function SettingsLayout(props: SettingsLayoutProps) { title: t('general'), href: `/${params.orgId}/settings/sites/${params.niceId}/general`, }, - ...(site.type !== 'local' + ...(site.type !== 'local' && build === 'enterprise' ? [ { title: t('credentials'),