calvin.erfmann/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-05-18 06:51:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

♻️ refactor auth info to use resource policies

Browse Source
This commit is contained in:
Fred KISSIE
2026-03-07 03:45:10 +01:00
parent 4de4bf9625
commit c5f6d822ca
1 changed files with 57 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

126
server/routers/resource/getResourceAuthInfo.ts
View File

@@ -2,13 +2,13 @@ import { Request, Response, NextFunction } from "express";
import { z } from "zod"; import { z } from "zod";
import { import {
db, db,
resourceHeaderAuth, resourcePolicies,
resourceHeaderAuthExtendedCompatibility, resourcePolicyHeaderAuth,
resourcePassword, resourcePolicyPassword,
resourcePincode, resourcePolicyPincode,
resources resources
} from "@server/db"; } from "@server/db";
import { eq } from "drizzle-orm"; import { eq, or } from "drizzle-orm";
import response from "@server/lib/response"; import response from "@server/lib/response";
import HttpCode from "@server/types/HttpCode"; import HttpCode from "@server/types/HttpCode";
import createHttpError from "http-errors"; import createHttpError from "http-errors";
@@ -58,64 +58,53 @@ export async function getResourceAuthInfo(
const isGuidInteger = /^\d+$/.test(resourceGuid); const isGuidInteger = /^\d+$/.test(resourceGuid);
const buildQuery = (whereClause: ReturnType<typeof eq>) =>
db
.select()
.from(resources)
.leftJoin(
resourcePolicies,
or(
eq(
resourcePolicies.resourcePolicyId,
resources.resourcePolicyId
),
eq(
resourcePolicies.resourcePolicyId,
resources.defaultResourcePolicyId
)
)
)
.leftJoin(
resourcePolicyPincode,
eq(
resourcePolicyPincode.resourcePolicyId,
resourcePolicies.resourcePolicyId
)
)
.leftJoin(
resourcePolicyPassword,
eq(
resourcePolicyPassword.resourcePolicyId,
resourcePolicies.resourcePolicyId
)
)
.leftJoin(
resourcePolicyHeaderAuth,
eq(
resourcePolicyHeaderAuth.resourcePolicyId,
resourcePolicies.resourcePolicyId
)
)
.where(whereClause)
.limit(1);
const [result] = const [result] =
isGuidInteger && build === "saas" isGuidInteger && build === "saas"
? await db ? await buildQuery(
.select() eq(resources.resourceId, Number(resourceGuid))
.from(resources) )
.leftJoin( : await buildQuery(eq(resources.resourceGuid, resourceGuid));
resourcePincode,
eq(resourcePincode.resourceId, resources.resourceId)
)
.leftJoin(
resourcePassword,
eq(resourcePassword.resourceId, resources.resourceId)
)
.leftJoin(
resourceHeaderAuth,
eq(
resourceHeaderAuth.resourceId,
resources.resourceId
)
)
.leftJoin(
resourceHeaderAuthExtendedCompatibility,
eq(
resourceHeaderAuthExtendedCompatibility.resourceId,
resources.resourceId
)
)
.where(eq(resources.resourceId, Number(resourceGuid)))
.limit(1)
: await db
.select()
.from(resources)
.leftJoin(
resourcePincode,
eq(resourcePincode.resourceId, resources.resourceId)
)
.leftJoin(
resourcePassword,
eq(resourcePassword.resourceId, resources.resourceId)
)
.leftJoin(
resourceHeaderAuth,
eq(
resourceHeaderAuth.resourceId,
resources.resourceId
)
)
.leftJoin(
resourceHeaderAuthExtendedCompatibility,
eq(
resourceHeaderAuthExtendedCompatibility.resourceId,
resources.resourceId
)
)
.where(eq(resources.resourceGuid, resourceGuid))
.limit(1);
const resource = result?.resources; const resource = result?.resources;
if (!resource) { if (!resource) {
@@ -124,11 +113,10 @@ export async function getResourceAuthInfo(
); );
} }
const pincode = result?.resourcePincode; const policy = result?.resourcePolicies;
const password = result?.resourcePassword; const pincode = result?.resourcePolicyPincode;
const headerAuth = result?.resourceHeaderAuth; const password = result?.resourcePolicyPassword;
const headerAuthExtendedCompatibility = const headerAuth = result?.resourcePolicyHeaderAuth;
result?.resourceHeaderAuthExtendedCompatibility;
const url = `${resource.ssl ? "https" : "http"}://${resource.fullDomain}`; const url = `${resource.ssl ? "https" : "http"}://${resource.fullDomain}`;
@@ -142,11 +130,11 @@ export async function getResourceAuthInfo(
pincode: pincode !== null, pincode: pincode !== null,
headerAuth: headerAuth !== null, headerAuth: headerAuth !== null,
headerAuthExtendedCompatibility: headerAuthExtendedCompatibility:
headerAuthExtendedCompatibility !== null, headerAuth?.extendedCompatibility ?? false,
sso: resource.sso, sso: policy?.sso ?? false,
blockAccess: resource.blockAccess, blockAccess: resource.blockAccess,
url, url,
whitelist: resource.emailWhitelistEnabled, whitelist: policy?.emailWhitelistEnabled ?? false,
skipToIdpId: resource.skipToIdpId, skipToIdpId: resource.skipToIdpId,
orgId: resource.orgId, orgId: resource.orgId,
postAuthPath: resource.postAuthPath ?? null postAuthPath: resource.postAuthPath ?? null