mirror of
https://github.com/fosrl/pangolin.git
synced 2026-07-09 23:49:47 +02:00
Dont enable admin routes
This commit is contained in:
@@ -495,29 +495,31 @@ authRouter.post(
|
|||||||
auth.transferSession
|
auth.transferSession
|
||||||
);
|
);
|
||||||
|
|
||||||
authenticated.post(
|
if (build !== "saas") {
|
||||||
"/license/activate",
|
authenticated.post(
|
||||||
verifyUserIsServerAdmin,
|
"/license/activate",
|
||||||
license.activateLicense
|
verifyUserIsServerAdmin,
|
||||||
);
|
license.activateLicense
|
||||||
|
);
|
||||||
|
|
||||||
authenticated.get(
|
authenticated.get(
|
||||||
"/license/keys",
|
"/license/keys",
|
||||||
verifyUserIsServerAdmin,
|
verifyUserIsServerAdmin,
|
||||||
license.listLicenseKeys
|
license.listLicenseKeys
|
||||||
);
|
);
|
||||||
|
|
||||||
authenticated.delete(
|
authenticated.delete(
|
||||||
"/license/:licenseKey",
|
"/license/:licenseKey",
|
||||||
verifyUserIsServerAdmin,
|
verifyUserIsServerAdmin,
|
||||||
license.deleteLicenseKey
|
license.deleteLicenseKey
|
||||||
);
|
);
|
||||||
|
|
||||||
authenticated.post(
|
authenticated.post(
|
||||||
"/license/recheck",
|
"/license/recheck",
|
||||||
verifyUserIsServerAdmin,
|
verifyUserIsServerAdmin,
|
||||||
license.recheckStatus
|
license.recheckStatus
|
||||||
);
|
);
|
||||||
|
}
|
||||||
|
|
||||||
authenticated.get(
|
authenticated.get(
|
||||||
"/org/:orgId/logs/action",
|
"/org/:orgId/logs/action",
|
||||||
|
|||||||
+97
-89
@@ -910,19 +910,6 @@ unauthenticated.post(
|
|||||||
);
|
);
|
||||||
unauthenticated.get("/my-device", verifySessionMiddleware, user.myDevice);
|
unauthenticated.get("/my-device", verifySessionMiddleware, user.myDevice);
|
||||||
|
|
||||||
authenticated.get("/users", verifyUserIsServerAdmin, user.adminListUsers);
|
|
||||||
authenticated.get("/user/:userId", verifyUserIsServerAdmin, user.adminGetUser);
|
|
||||||
authenticated.post(
|
|
||||||
"/user/:userId/generate-password-reset-code",
|
|
||||||
verifyUserIsServerAdmin,
|
|
||||||
user.adminGeneratePasswordResetCode
|
|
||||||
);
|
|
||||||
authenticated.delete(
|
|
||||||
"/user/:userId",
|
|
||||||
verifyUserIsServerAdmin,
|
|
||||||
user.adminRemoveUser
|
|
||||||
);
|
|
||||||
|
|
||||||
authenticated.put(
|
authenticated.put(
|
||||||
"/org/:orgId/user",
|
"/org/:orgId/user",
|
||||||
verifyOrgAccess,
|
verifyOrgAccess,
|
||||||
@@ -945,12 +932,6 @@ authenticated.post(
|
|||||||
authenticated.get("/org/:orgId/user/:userId", verifyOrgAccess, user.getOrgUser);
|
authenticated.get("/org/:orgId/user/:userId", verifyOrgAccess, user.getOrgUser);
|
||||||
authenticated.get("/org/:orgId/user/:userId/check", org.checkOrgUserAccess);
|
authenticated.get("/org/:orgId/user/:userId/check", org.checkOrgUserAccess);
|
||||||
|
|
||||||
authenticated.post(
|
|
||||||
"/user/:userId/2fa",
|
|
||||||
verifyUserIsServerAdmin,
|
|
||||||
user.updateUser2FA
|
|
||||||
);
|
|
||||||
|
|
||||||
authenticated.get(
|
authenticated.get(
|
||||||
"/org/:orgId/users",
|
"/org/:orgId/users",
|
||||||
verifyOrgAccess,
|
verifyOrgAccess,
|
||||||
@@ -1033,85 +1014,112 @@ authenticated.post(
|
|||||||
olm.recoverOlmWithFingerprint
|
olm.recoverOlmWithFingerprint
|
||||||
);
|
);
|
||||||
|
|
||||||
authenticated.put(
|
if (build !== "saas") {
|
||||||
"/idp/oidc",
|
authenticated.put(
|
||||||
verifyUserIsServerAdmin,
|
"/idp/oidc",
|
||||||
// verifyUserHasAction(ActionsEnum.createIdp),
|
verifyUserIsServerAdmin,
|
||||||
idp.createOidcIdp
|
// verifyUserHasAction(ActionsEnum.createIdp),
|
||||||
);
|
idp.createOidcIdp
|
||||||
|
);
|
||||||
|
|
||||||
authenticated.post(
|
authenticated.post(
|
||||||
"/idp/:idpId/oidc",
|
"/idp/:idpId/oidc",
|
||||||
verifyUserIsServerAdmin,
|
verifyUserIsServerAdmin,
|
||||||
idp.updateOidcIdp
|
idp.updateOidcIdp
|
||||||
);
|
);
|
||||||
|
|
||||||
authenticated.delete("/idp/:idpId", verifyUserIsServerAdmin, idp.deleteIdp);
|
authenticated.delete("/idp/:idpId", verifyUserIsServerAdmin, idp.deleteIdp);
|
||||||
|
|
||||||
authenticated.get("/idp/:idpId", verifyUserIsServerAdmin, idp.getIdp);
|
authenticated.get("/idp/:idpId", verifyUserIsServerAdmin, idp.getIdp);
|
||||||
|
|
||||||
authenticated.put(
|
authenticated.put(
|
||||||
"/idp/:idpId/org/:orgId",
|
"/idp/:idpId/org/:orgId",
|
||||||
verifyUserIsServerAdmin,
|
verifyUserIsServerAdmin,
|
||||||
idp.createIdpOrgPolicy
|
idp.createIdpOrgPolicy
|
||||||
);
|
);
|
||||||
|
|
||||||
authenticated.post(
|
authenticated.post(
|
||||||
"/idp/:idpId/org/:orgId",
|
"/idp/:idpId/org/:orgId",
|
||||||
verifyUserIsServerAdmin,
|
verifyUserIsServerAdmin,
|
||||||
idp.updateIdpOrgPolicy
|
idp.updateIdpOrgPolicy
|
||||||
);
|
);
|
||||||
|
|
||||||
authenticated.delete(
|
authenticated.delete(
|
||||||
"/idp/:idpId/org/:orgId",
|
"/idp/:idpId/org/:orgId",
|
||||||
verifyUserIsServerAdmin,
|
verifyUserIsServerAdmin,
|
||||||
idp.deleteIdpOrgPolicy
|
idp.deleteIdpOrgPolicy
|
||||||
);
|
);
|
||||||
|
|
||||||
authenticated.get(
|
authenticated.get(
|
||||||
"/idp/:idpId/org",
|
"/idp/:idpId/org",
|
||||||
verifyUserIsServerAdmin,
|
verifyUserIsServerAdmin,
|
||||||
idp.listIdpOrgPolicies
|
idp.listIdpOrgPolicies
|
||||||
);
|
);
|
||||||
|
|
||||||
|
authenticated.get(
|
||||||
|
`/api-key/:apiKeyId`,
|
||||||
|
verifyUserIsServerAdmin,
|
||||||
|
apiKeys.getApiKey
|
||||||
|
);
|
||||||
|
|
||||||
|
authenticated.put(
|
||||||
|
`/api-key`,
|
||||||
|
verifyUserIsServerAdmin,
|
||||||
|
apiKeys.createRootApiKey
|
||||||
|
);
|
||||||
|
|
||||||
|
authenticated.delete(
|
||||||
|
`/api-key/:apiKeyId`,
|
||||||
|
verifyUserIsServerAdmin,
|
||||||
|
apiKeys.deleteApiKey
|
||||||
|
);
|
||||||
|
|
||||||
|
authenticated.get(
|
||||||
|
`/api-keys`,
|
||||||
|
verifyUserIsServerAdmin,
|
||||||
|
apiKeys.listRootApiKeys
|
||||||
|
);
|
||||||
|
|
||||||
|
authenticated.get(
|
||||||
|
`/api-key/:apiKeyId/actions`,
|
||||||
|
verifyUserIsServerAdmin,
|
||||||
|
apiKeys.listApiKeyActions
|
||||||
|
);
|
||||||
|
|
||||||
|
authenticated.post(
|
||||||
|
`/api-key/:apiKeyId/actions`,
|
||||||
|
verifyUserIsServerAdmin,
|
||||||
|
apiKeys.setApiKeyActions
|
||||||
|
);
|
||||||
|
|
||||||
|
authenticated.get("/users", verifyUserIsServerAdmin, user.adminListUsers);
|
||||||
|
|
||||||
|
authenticated.get(
|
||||||
|
"/user/:userId",
|
||||||
|
verifyUserIsServerAdmin,
|
||||||
|
user.adminGetUser
|
||||||
|
);
|
||||||
|
|
||||||
|
authenticated.post(
|
||||||
|
"/user/:userId/generate-password-reset-code",
|
||||||
|
verifyUserIsServerAdmin,
|
||||||
|
user.adminGeneratePasswordResetCode
|
||||||
|
);
|
||||||
|
|
||||||
|
authenticated.delete(
|
||||||
|
"/user/:userId",
|
||||||
|
verifyUserIsServerAdmin,
|
||||||
|
user.adminRemoveUser
|
||||||
|
);
|
||||||
|
|
||||||
|
authenticated.post(
|
||||||
|
"/user/:userId/2fa",
|
||||||
|
verifyUserIsServerAdmin,
|
||||||
|
user.updateUser2FA
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
authenticated.get("/idp", idp.listIdps); // anyone can see this; it's just a list of idp names and ids
|
authenticated.get("/idp", idp.listIdps); // anyone can see this; it's just a list of idp names and ids
|
||||||
authenticated.get("/idp/:idpId", verifyUserIsServerAdmin, idp.getIdp);
|
|
||||||
|
|
||||||
authenticated.get(
|
|
||||||
`/api-key/:apiKeyId`,
|
|
||||||
verifyUserIsServerAdmin,
|
|
||||||
apiKeys.getApiKey
|
|
||||||
);
|
|
||||||
|
|
||||||
authenticated.put(
|
|
||||||
`/api-key`,
|
|
||||||
verifyUserIsServerAdmin,
|
|
||||||
apiKeys.createRootApiKey
|
|
||||||
);
|
|
||||||
|
|
||||||
authenticated.delete(
|
|
||||||
`/api-key/:apiKeyId`,
|
|
||||||
verifyUserIsServerAdmin,
|
|
||||||
apiKeys.deleteApiKey
|
|
||||||
);
|
|
||||||
|
|
||||||
authenticated.get(
|
|
||||||
`/api-keys`,
|
|
||||||
verifyUserIsServerAdmin,
|
|
||||||
apiKeys.listRootApiKeys
|
|
||||||
);
|
|
||||||
|
|
||||||
authenticated.get(
|
|
||||||
`/api-key/:apiKeyId/actions`,
|
|
||||||
verifyUserIsServerAdmin,
|
|
||||||
apiKeys.listApiKeyActions
|
|
||||||
);
|
|
||||||
|
|
||||||
authenticated.post(
|
|
||||||
`/api-key/:apiKeyId/actions`,
|
|
||||||
verifyUserIsServerAdmin,
|
|
||||||
apiKeys.setApiKeyActions
|
|
||||||
);
|
|
||||||
|
|
||||||
authenticated.get(
|
authenticated.get(
|
||||||
`/org/:orgId/api-keys`,
|
`/org/:orgId/api-keys`,
|
||||||
|
|||||||
@@ -13,6 +13,7 @@ import { Layout } from "@app/components/Layout";
|
|||||||
import { adminNavSections } from "../navigation";
|
import { adminNavSections } from "../navigation";
|
||||||
import { pullEnv } from "@app/lib/pullEnv";
|
import { pullEnv } from "@app/lib/pullEnv";
|
||||||
import SubscriptionStatusProvider from "@app/providers/SubscriptionStatusProvider";
|
import SubscriptionStatusProvider from "@app/providers/SubscriptionStatusProvider";
|
||||||
|
import { build } from "@server/build";
|
||||||
|
|
||||||
export const dynamic = "force-dynamic";
|
export const dynamic = "force-dynamic";
|
||||||
|
|
||||||
@@ -29,6 +30,11 @@ export default async function AdminLayout(props: LayoutProps) {
|
|||||||
const getUser = cache(verifySession);
|
const getUser = cache(verifySession);
|
||||||
const user = await getUser();
|
const user = await getUser();
|
||||||
|
|
||||||
|
// Disable the admin page on saas
|
||||||
|
if (build == "saas") {
|
||||||
|
redirect(`/`);
|
||||||
|
}
|
||||||
|
|
||||||
const env = pullEnv();
|
const env = pullEnv();
|
||||||
|
|
||||||
if (!user || !user.serverAdmin) {
|
if (!user || !user.serverAdmin) {
|
||||||
|
|||||||
Reference in New Issue
Block a user