Dont enable admin routes

This commit is contained in:
Owen
2026-06-29 20:45:38 -04:00
parent 7c2ea153c5
commit e5652cdb8a
3 changed files with 125 additions and 109 deletions
+22 -20
View File
@@ -495,29 +495,31 @@ authRouter.post(
auth.transferSession auth.transferSession
); );
authenticated.post( if (build !== "saas") {
"/license/activate", authenticated.post(
verifyUserIsServerAdmin, "/license/activate",
license.activateLicense verifyUserIsServerAdmin,
); license.activateLicense
);
authenticated.get( authenticated.get(
"/license/keys", "/license/keys",
verifyUserIsServerAdmin, verifyUserIsServerAdmin,
license.listLicenseKeys license.listLicenseKeys
); );
authenticated.delete( authenticated.delete(
"/license/:licenseKey", "/license/:licenseKey",
verifyUserIsServerAdmin, verifyUserIsServerAdmin,
license.deleteLicenseKey license.deleteLicenseKey
); );
authenticated.post( authenticated.post(
"/license/recheck", "/license/recheck",
verifyUserIsServerAdmin, verifyUserIsServerAdmin,
license.recheckStatus license.recheckStatus
); );
}
authenticated.get( authenticated.get(
"/org/:orgId/logs/action", "/org/:orgId/logs/action",
+97 -89
View File
@@ -910,19 +910,6 @@ unauthenticated.post(
); );
unauthenticated.get("/my-device", verifySessionMiddleware, user.myDevice); unauthenticated.get("/my-device", verifySessionMiddleware, user.myDevice);
authenticated.get("/users", verifyUserIsServerAdmin, user.adminListUsers);
authenticated.get("/user/:userId", verifyUserIsServerAdmin, user.adminGetUser);
authenticated.post(
"/user/:userId/generate-password-reset-code",
verifyUserIsServerAdmin,
user.adminGeneratePasswordResetCode
);
authenticated.delete(
"/user/:userId",
verifyUserIsServerAdmin,
user.adminRemoveUser
);
authenticated.put( authenticated.put(
"/org/:orgId/user", "/org/:orgId/user",
verifyOrgAccess, verifyOrgAccess,
@@ -945,12 +932,6 @@ authenticated.post(
authenticated.get("/org/:orgId/user/:userId", verifyOrgAccess, user.getOrgUser); authenticated.get("/org/:orgId/user/:userId", verifyOrgAccess, user.getOrgUser);
authenticated.get("/org/:orgId/user/:userId/check", org.checkOrgUserAccess); authenticated.get("/org/:orgId/user/:userId/check", org.checkOrgUserAccess);
authenticated.post(
"/user/:userId/2fa",
verifyUserIsServerAdmin,
user.updateUser2FA
);
authenticated.get( authenticated.get(
"/org/:orgId/users", "/org/:orgId/users",
verifyOrgAccess, verifyOrgAccess,
@@ -1033,85 +1014,112 @@ authenticated.post(
olm.recoverOlmWithFingerprint olm.recoverOlmWithFingerprint
); );
authenticated.put( if (build !== "saas") {
"/idp/oidc", authenticated.put(
verifyUserIsServerAdmin, "/idp/oidc",
// verifyUserHasAction(ActionsEnum.createIdp), verifyUserIsServerAdmin,
idp.createOidcIdp // verifyUserHasAction(ActionsEnum.createIdp),
); idp.createOidcIdp
);
authenticated.post( authenticated.post(
"/idp/:idpId/oidc", "/idp/:idpId/oidc",
verifyUserIsServerAdmin, verifyUserIsServerAdmin,
idp.updateOidcIdp idp.updateOidcIdp
); );
authenticated.delete("/idp/:idpId", verifyUserIsServerAdmin, idp.deleteIdp); authenticated.delete("/idp/:idpId", verifyUserIsServerAdmin, idp.deleteIdp);
authenticated.get("/idp/:idpId", verifyUserIsServerAdmin, idp.getIdp); authenticated.get("/idp/:idpId", verifyUserIsServerAdmin, idp.getIdp);
authenticated.put( authenticated.put(
"/idp/:idpId/org/:orgId", "/idp/:idpId/org/:orgId",
verifyUserIsServerAdmin, verifyUserIsServerAdmin,
idp.createIdpOrgPolicy idp.createIdpOrgPolicy
); );
authenticated.post( authenticated.post(
"/idp/:idpId/org/:orgId", "/idp/:idpId/org/:orgId",
verifyUserIsServerAdmin, verifyUserIsServerAdmin,
idp.updateIdpOrgPolicy idp.updateIdpOrgPolicy
); );
authenticated.delete( authenticated.delete(
"/idp/:idpId/org/:orgId", "/idp/:idpId/org/:orgId",
verifyUserIsServerAdmin, verifyUserIsServerAdmin,
idp.deleteIdpOrgPolicy idp.deleteIdpOrgPolicy
); );
authenticated.get( authenticated.get(
"/idp/:idpId/org", "/idp/:idpId/org",
verifyUserIsServerAdmin, verifyUserIsServerAdmin,
idp.listIdpOrgPolicies idp.listIdpOrgPolicies
); );
authenticated.get(
`/api-key/:apiKeyId`,
verifyUserIsServerAdmin,
apiKeys.getApiKey
);
authenticated.put(
`/api-key`,
verifyUserIsServerAdmin,
apiKeys.createRootApiKey
);
authenticated.delete(
`/api-key/:apiKeyId`,
verifyUserIsServerAdmin,
apiKeys.deleteApiKey
);
authenticated.get(
`/api-keys`,
verifyUserIsServerAdmin,
apiKeys.listRootApiKeys
);
authenticated.get(
`/api-key/:apiKeyId/actions`,
verifyUserIsServerAdmin,
apiKeys.listApiKeyActions
);
authenticated.post(
`/api-key/:apiKeyId/actions`,
verifyUserIsServerAdmin,
apiKeys.setApiKeyActions
);
authenticated.get("/users", verifyUserIsServerAdmin, user.adminListUsers);
authenticated.get(
"/user/:userId",
verifyUserIsServerAdmin,
user.adminGetUser
);
authenticated.post(
"/user/:userId/generate-password-reset-code",
verifyUserIsServerAdmin,
user.adminGeneratePasswordResetCode
);
authenticated.delete(
"/user/:userId",
verifyUserIsServerAdmin,
user.adminRemoveUser
);
authenticated.post(
"/user/:userId/2fa",
verifyUserIsServerAdmin,
user.updateUser2FA
);
}
authenticated.get("/idp", idp.listIdps); // anyone can see this; it's just a list of idp names and ids authenticated.get("/idp", idp.listIdps); // anyone can see this; it's just a list of idp names and ids
authenticated.get("/idp/:idpId", verifyUserIsServerAdmin, idp.getIdp);
authenticated.get(
`/api-key/:apiKeyId`,
verifyUserIsServerAdmin,
apiKeys.getApiKey
);
authenticated.put(
`/api-key`,
verifyUserIsServerAdmin,
apiKeys.createRootApiKey
);
authenticated.delete(
`/api-key/:apiKeyId`,
verifyUserIsServerAdmin,
apiKeys.deleteApiKey
);
authenticated.get(
`/api-keys`,
verifyUserIsServerAdmin,
apiKeys.listRootApiKeys
);
authenticated.get(
`/api-key/:apiKeyId/actions`,
verifyUserIsServerAdmin,
apiKeys.listApiKeyActions
);
authenticated.post(
`/api-key/:apiKeyId/actions`,
verifyUserIsServerAdmin,
apiKeys.setApiKeyActions
);
authenticated.get( authenticated.get(
`/org/:orgId/api-keys`, `/org/:orgId/api-keys`,
+6
View File
@@ -13,6 +13,7 @@ import { Layout } from "@app/components/Layout";
import { adminNavSections } from "../navigation"; import { adminNavSections } from "../navigation";
import { pullEnv } from "@app/lib/pullEnv"; import { pullEnv } from "@app/lib/pullEnv";
import SubscriptionStatusProvider from "@app/providers/SubscriptionStatusProvider"; import SubscriptionStatusProvider from "@app/providers/SubscriptionStatusProvider";
import { build } from "@server/build";
export const dynamic = "force-dynamic"; export const dynamic = "force-dynamic";
@@ -29,6 +30,11 @@ export default async function AdminLayout(props: LayoutProps) {
const getUser = cache(verifySession); const getUser = cache(verifySession);
const user = await getUser(); const user = await getUser();
// Disable the admin page on saas
if (build == "saas") {
redirect(`/`);
}
const env = pullEnv(); const env = pullEnv();
if (!user || !user.serverAdmin) { if (!user || !user.serverAdmin) {