mirror of
https://github.com/fosrl/pangolin.git
synced 2026-07-09 15:39:47 +02:00
Compare commits
12 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| eb74ff7240 | |||
| 09d5d9082e | |||
| 5cb316f4e9 | |||
| 6b6c9cf4d8 | |||
| 05617c63c0 | |||
| d4c52bbf2f | |||
| 87f50bf0cc | |||
| 2c66da1b19 | |||
| ab19955502 | |||
| 1db9dcec81 | |||
| 49c2d3163e | |||
| 45b9e13a13 |
@@ -41,7 +41,7 @@ services:
|
||||
- 80:80 # Port for traefik because of the network_mode
|
||||
|
||||
traefik:
|
||||
image: traefik:v3.6
|
||||
image: traefik:v3.7
|
||||
container_name: traefik
|
||||
restart: unless-stopped
|
||||
network_mode: service:gerbil # Ports appear on the gerbil service
|
||||
|
||||
@@ -50,7 +50,7 @@ services:
|
||||
- 80:80{{end}}
|
||||
|
||||
traefik:
|
||||
image: docker.io/traefik:v3.6
|
||||
image: docker.io/traefik:v3.7
|
||||
container_name: traefik
|
||||
restart: unless-stopped
|
||||
{{if .InstallGerbil}}network_mode: service:gerbil # Ports appear on the gerbil service{{end}}{{if not .InstallGerbil}}
|
||||
|
||||
@@ -1462,7 +1462,6 @@
|
||||
"actionGenerateAccessToken": "Генериране на токен за достъп",
|
||||
"actionDeleteAccessToken": "Изтриване на токен за достъп",
|
||||
"actionListAccessTokens": "Изброяване на токени за достъп",
|
||||
"actionCreateResourceSessionToken": "Създаване на токен за сесия на ресурс",
|
||||
"actionCreateResourceRule": "Създаване на правило за ресурс",
|
||||
"actionDeleteResourceRule": "Изтрийте правило за ресурс",
|
||||
"actionListResourceRules": "Изброяване на правила за ресурс",
|
||||
|
||||
@@ -1462,7 +1462,6 @@
|
||||
"actionGenerateAccessToken": "Generovat přístupový token",
|
||||
"actionDeleteAccessToken": "Odstranit přístupový token",
|
||||
"actionListAccessTokens": "Seznam přístupových tokenů",
|
||||
"actionCreateResourceSessionToken": "Vytvořit token relace prostředku",
|
||||
"actionCreateResourceRule": "Vytvořit pravidlo pro zdroj",
|
||||
"actionDeleteResourceRule": "Odstranit pravidlo pro dokument",
|
||||
"actionListResourceRules": "Seznam pravidel zdrojů",
|
||||
|
||||
@@ -1462,7 +1462,6 @@
|
||||
"actionGenerateAccessToken": "Generer adgangstoken",
|
||||
"actionDeleteAccessToken": "Slet adgangstoken",
|
||||
"actionListAccessTokens": "Vis adgangstokens",
|
||||
"actionCreateResourceSessionToken": "Opret ressourcesessionstoken",
|
||||
"actionCreateResourceRule": "Opret ressourceregel",
|
||||
"actionDeleteResourceRule": "Slet ressourceregel",
|
||||
"actionListResourceRules": "Vis ressourceregler",
|
||||
|
||||
@@ -1462,7 +1462,6 @@
|
||||
"actionGenerateAccessToken": "Zugriffstoken generieren",
|
||||
"actionDeleteAccessToken": "Zugriffstoken löschen",
|
||||
"actionListAccessTokens": "Zugriffstoken auflisten",
|
||||
"actionCreateResourceSessionToken": "Ressourcensitzungstoken erstellen",
|
||||
"actionCreateResourceRule": "Ressourcenregel erstellen",
|
||||
"actionDeleteResourceRule": "Ressourcenregel löschen",
|
||||
"actionListResourceRules": "Ressourcenregeln auflisten",
|
||||
|
||||
@@ -1462,7 +1462,6 @@
|
||||
"actionGenerateAccessToken": "Generate Access Token",
|
||||
"actionDeleteAccessToken": "Delete Access Token",
|
||||
"actionListAccessTokens": "List Access Tokens",
|
||||
"actionCreateResourceSessionToken": "Create Resource Session Token",
|
||||
"actionCreateResourceRule": "Create Resource Rule",
|
||||
"actionDeleteResourceRule": "Delete Resource Rule",
|
||||
"actionListResourceRules": "List Resource Rules",
|
||||
|
||||
@@ -1462,7 +1462,6 @@
|
||||
"actionGenerateAccessToken": "Generar token de acceso",
|
||||
"actionDeleteAccessToken": "Eliminar token de acceso",
|
||||
"actionListAccessTokens": "Lista de Tokens de Acceso",
|
||||
"actionCreateResourceSessionToken": "Crear token de sesión de recurso",
|
||||
"actionCreateResourceRule": "Crear Regla de Recursos",
|
||||
"actionDeleteResourceRule": "Eliminar Regla de Recurso",
|
||||
"actionListResourceRules": "Lista de Reglas de Recursos",
|
||||
|
||||
@@ -1462,7 +1462,6 @@
|
||||
"actionGenerateAccessToken": "Générer un jeton d'accès",
|
||||
"actionDeleteAccessToken": "Supprimer un jeton d'accès",
|
||||
"actionListAccessTokens": "Lister les jetons d'accès",
|
||||
"actionCreateResourceSessionToken": "Créer un jeton de session de ressource",
|
||||
"actionCreateResourceRule": "Créer une règle de ressource",
|
||||
"actionDeleteResourceRule": "Supprimer une règle de ressource",
|
||||
"actionListResourceRules": "Lister les règles de ressource",
|
||||
|
||||
@@ -1462,7 +1462,6 @@
|
||||
"actionGenerateAccessToken": "Genera Token di Accesso",
|
||||
"actionDeleteAccessToken": "Elimina Token di Accesso",
|
||||
"actionListAccessTokens": "Elenca Token di Accesso",
|
||||
"actionCreateResourceSessionToken": "Crea token di sessione risorsa",
|
||||
"actionCreateResourceRule": "Crea Regola Risorsa",
|
||||
"actionDeleteResourceRule": "Elimina Regola Risorsa",
|
||||
"actionListResourceRules": "Elenca Regole Risorsa",
|
||||
|
||||
@@ -1462,7 +1462,6 @@
|
||||
"actionGenerateAccessToken": "액세스 토큰 생성",
|
||||
"actionDeleteAccessToken": "액세스 토큰 삭제",
|
||||
"actionListAccessTokens": "액세스 토큰 목록",
|
||||
"actionCreateResourceSessionToken": "리소스 세션 토큰 생성",
|
||||
"actionCreateResourceRule": "리소스 규칙 생성",
|
||||
"actionDeleteResourceRule": "리소스 규칙 삭제",
|
||||
"actionListResourceRules": "리소스 규칙 목록",
|
||||
|
||||
@@ -1462,7 +1462,6 @@
|
||||
"actionGenerateAccessToken": "Generer tilgangstoken",
|
||||
"actionDeleteAccessToken": "Slett tilgangstoken",
|
||||
"actionListAccessTokens": "List opp tilgangstokener",
|
||||
"actionCreateResourceSessionToken": "Opprett ressurssesjonstoken",
|
||||
"actionCreateResourceRule": "Opprett ressursregel",
|
||||
"actionDeleteResourceRule": "Slett ressursregel",
|
||||
"actionListResourceRules": "List opp ressursregler",
|
||||
|
||||
@@ -1462,7 +1462,6 @@
|
||||
"actionGenerateAccessToken": "Genereer Toegangstoken",
|
||||
"actionDeleteAccessToken": "Verwijder toegangstoken",
|
||||
"actionListAccessTokens": "Lijst toegangstokens",
|
||||
"actionCreateResourceSessionToken": "Resourcesessietoken maken",
|
||||
"actionCreateResourceRule": "Bronregel aanmaken",
|
||||
"actionDeleteResourceRule": "Verwijder Resource Regel",
|
||||
"actionListResourceRules": "Bron regels weergeven",
|
||||
|
||||
@@ -1462,7 +1462,6 @@
|
||||
"actionGenerateAccessToken": "Wygeneruj token dostępu",
|
||||
"actionDeleteAccessToken": "Usuń token dostępu",
|
||||
"actionListAccessTokens": "Lista tokenów dostępu",
|
||||
"actionCreateResourceSessionToken": "Utwórz token sesji zasobu",
|
||||
"actionCreateResourceRule": "Utwórz regułę zasobu",
|
||||
"actionDeleteResourceRule": "Usuń regułę zasobu",
|
||||
"actionListResourceRules": "Lista reguł zasobu",
|
||||
|
||||
@@ -1462,7 +1462,6 @@
|
||||
"actionGenerateAccessToken": "Gerar Token de Acesso",
|
||||
"actionDeleteAccessToken": "Eliminar Token de Acesso",
|
||||
"actionListAccessTokens": "Listar Tokens de Acesso",
|
||||
"actionCreateResourceSessionToken": "Criar token de sessão de recurso",
|
||||
"actionCreateResourceRule": "Criar Regra de Recurso",
|
||||
"actionDeleteResourceRule": "Eliminar Regra de Recurso",
|
||||
"actionListResourceRules": "Listar Regras de Recurso",
|
||||
|
||||
@@ -1462,7 +1462,6 @@
|
||||
"actionGenerateAccessToken": "Сгенерировать токен доступа",
|
||||
"actionDeleteAccessToken": "Удалить токен доступа",
|
||||
"actionListAccessTokens": "Список токенов доступа",
|
||||
"actionCreateResourceSessionToken": "Создать токен сеанса ресурса",
|
||||
"actionCreateResourceRule": "Создать правило ресурса",
|
||||
"actionDeleteResourceRule": "Удалить правило ресурса",
|
||||
"actionListResourceRules": "Список правил ресурса",
|
||||
|
||||
@@ -1462,7 +1462,6 @@
|
||||
"actionGenerateAccessToken": "Erişim Jetonu Oluştur",
|
||||
"actionDeleteAccessToken": "Erişim Jetonunu Sil",
|
||||
"actionListAccessTokens": "Erişim Jetonlarını Listele",
|
||||
"actionCreateResourceSessionToken": "Kaynak Oturum Belirteci Oluştur",
|
||||
"actionCreateResourceRule": "Kaynak Kuralı Oluştur",
|
||||
"actionDeleteResourceRule": "Kaynak Kuralını Sil",
|
||||
"actionListResourceRules": "Kaynak Kurallarını Listele",
|
||||
|
||||
@@ -1462,7 +1462,6 @@
|
||||
"actionGenerateAccessToken": "生成访问令牌",
|
||||
"actionDeleteAccessToken": "删除访问令牌",
|
||||
"actionListAccessTokens": "访问令牌",
|
||||
"actionCreateResourceSessionToken": "创建资源会话令牌",
|
||||
"actionCreateResourceRule": "创建资源规则",
|
||||
"actionDeleteResourceRule": "删除资源规则",
|
||||
"actionListResourceRules": "列出资源规则",
|
||||
|
||||
@@ -1099,7 +1099,6 @@
|
||||
"actionGenerateAccessToken": "生成訪問令牌",
|
||||
"actionDeleteAccessToken": "刪除訪問令牌",
|
||||
"actionListAccessTokens": "訪問令牌",
|
||||
"actionCreateResourceSessionToken": "建立資源工作階段權杖",
|
||||
"actionCreateResourceRule": "創建資源規則",
|
||||
"actionDeleteResourceRule": "刪除資源規則",
|
||||
"actionListResourceRules": "列出資源規則",
|
||||
|
||||
Generated
+2099
-2625
File diff suppressed because it is too large
Load Diff
+60
-60
@@ -34,8 +34,8 @@
|
||||
"dependencies": {
|
||||
"@asteasolutions/zod-to-openapi": "8.5.0",
|
||||
"@devolutions/iron-remote-desktop": "https://static.pangolin.net/packages/devolutions-iron-remote-desktop-0.0.0.tgz",
|
||||
"@devolutions/iron-remote-desktop-rdp": "https://static.pangolin.net/packages/devolutions-iron-remote-desktop-rdp-0.0.1.tgz",
|
||||
"@aws-sdk/client-s3": "3.1056.0",
|
||||
"@devolutions/iron-remote-desktop-rdp": "https://static.pangolin.net/packages/devolutions-iron-remote-desktop-rdp-0.0.0.tgz",
|
||||
"@aws-sdk/client-s3": "3.1083.0",
|
||||
"@headlessui/react": "2.2.10",
|
||||
"@hookform/resolvers": "5.4.0",
|
||||
"@monaco-editor/react": "4.7.0",
|
||||
@@ -43,38 +43,38 @@
|
||||
"@novnc/novnc": "^1.7.0",
|
||||
"@oslojs/crypto": "1.0.1",
|
||||
"@oslojs/encoding": "1.1.0",
|
||||
"@radix-ui/react-avatar": "1.1.11",
|
||||
"@radix-ui/react-checkbox": "1.3.3",
|
||||
"@radix-ui/react-collapsible": "1.1.12",
|
||||
"@radix-ui/react-dialog": "1.1.15",
|
||||
"@radix-ui/react-dropdown-menu": "2.1.16",
|
||||
"@radix-ui/react-avatar": "1.2.2",
|
||||
"@radix-ui/react-checkbox": "1.3.7",
|
||||
"@radix-ui/react-collapsible": "1.1.16",
|
||||
"@radix-ui/react-dialog": "1.1.19",
|
||||
"@radix-ui/react-dropdown-menu": "2.1.20",
|
||||
"@radix-ui/react-icons": "1.3.2",
|
||||
"@radix-ui/react-label": "2.1.8",
|
||||
"@radix-ui/react-popover": "1.1.15",
|
||||
"@radix-ui/react-progress": "1.1.8",
|
||||
"@radix-ui/react-radio-group": "1.3.8",
|
||||
"@radix-ui/react-scroll-area": "1.2.10",
|
||||
"@radix-ui/react-select": "2.2.6",
|
||||
"@radix-ui/react-separator": "1.1.8",
|
||||
"@radix-ui/react-slot": "1.2.4",
|
||||
"@radix-ui/react-switch": "1.2.6",
|
||||
"@radix-ui/react-tabs": "1.1.13",
|
||||
"@radix-ui/react-toast": "1.2.15",
|
||||
"@radix-ui/react-tooltip": "1.2.8",
|
||||
"@radix-ui/react-label": "2.1.11",
|
||||
"@radix-ui/react-popover": "1.1.19",
|
||||
"@radix-ui/react-progress": "1.1.12",
|
||||
"@radix-ui/react-radio-group": "1.4.3",
|
||||
"@radix-ui/react-scroll-area": "1.2.14",
|
||||
"@radix-ui/react-select": "2.3.3",
|
||||
"@radix-ui/react-separator": "1.1.11",
|
||||
"@radix-ui/react-slot": "1.3.0",
|
||||
"@radix-ui/react-switch": "1.3.3",
|
||||
"@radix-ui/react-tabs": "1.1.17",
|
||||
"@radix-ui/react-toast": "1.2.19",
|
||||
"@radix-ui/react-tooltip": "1.2.12",
|
||||
"@react-email/body": "0.3.0",
|
||||
"@react-email/components": "1.0.12",
|
||||
"@react-email/render": "2.0.8",
|
||||
"@react-email/render": "2.0.10",
|
||||
"@react-email/tailwind": "2.0.7",
|
||||
"@simplewebauthn/browser": "13.3.0",
|
||||
"@simplewebauthn/server": "13.3.1",
|
||||
"@simplewebauthn/server": "13.3.2",
|
||||
"@tailwindcss/forms": "0.5.11",
|
||||
"@tanstack/react-query": "5.100.14",
|
||||
"@tanstack/react-query": "5.101.2",
|
||||
"@tanstack/react-table": "8.21.3",
|
||||
"@xterm/addon-fit": "^0.11.0",
|
||||
"@xterm/addon-web-links": "^0.12.0",
|
||||
"@xterm/xterm": "^6.0.0",
|
||||
"arctic": "3.7.0",
|
||||
"axios": "1.16.1",
|
||||
"axios": "1.18.1",
|
||||
"better-sqlite3": "11.9.1",
|
||||
"canvas-confetti": "1.9.4",
|
||||
"class-variance-authority": "0.7.1",
|
||||
@@ -91,40 +91,40 @@
|
||||
"helmet": "8.2.0",
|
||||
"http-errors": "2.0.1",
|
||||
"input-otp": "1.4.2",
|
||||
"ioredis": "5.11.0",
|
||||
"ioredis": "5.11.1",
|
||||
"jmespath": "0.16.0",
|
||||
"js-yaml": "4.2.0",
|
||||
"js-yaml": "5.2.1",
|
||||
"jsonwebtoken": "9.0.3",
|
||||
"lucide-react": "1.17.0",
|
||||
"lucide-react": "1.23.0",
|
||||
"maxmind": "5.0.6",
|
||||
"moment": "2.30.1",
|
||||
"next": "16.2.6",
|
||||
"next-intl": "4.13.0",
|
||||
"next": "16.2.10",
|
||||
"next-intl": "4.13.1",
|
||||
"next-themes": "0.4.6",
|
||||
"nextjs-toploader": "3.9.17",
|
||||
"node-cache": "5.1.2",
|
||||
"nodemailer": "9.0.1",
|
||||
"nodemailer": "9.0.3",
|
||||
"oslo": "1.2.1",
|
||||
"pg": "8.21.0",
|
||||
"posthog-node": "5.35.6",
|
||||
"pg": "8.22.0",
|
||||
"posthog-node": "5.40.0",
|
||||
"qrcode.react": "4.2.0",
|
||||
"react": "19.2.6",
|
||||
"react-day-picker": "9.14.0",
|
||||
"react-dom": "19.2.6",
|
||||
"react": "19.2.7",
|
||||
"react-day-picker": "10.0.1",
|
||||
"react-dom": "19.2.7",
|
||||
"react-easy-sort": "1.8.0",
|
||||
"react-hook-form": "7.76.1",
|
||||
"react-icons": "5.6.0",
|
||||
"recharts": "3.8.1",
|
||||
"react-hook-form": "7.81.0",
|
||||
"react-icons": "5.7.0",
|
||||
"recharts": "3.9.2",
|
||||
"reodotdev": "1.1.0",
|
||||
"semver": "7.8.1",
|
||||
"semver": "7.8.5",
|
||||
"sshpk": "1.18.0",
|
||||
"stripe": "22.2.0",
|
||||
"stripe": "22.3.0",
|
||||
"swagger-ui-express": "5.0.1",
|
||||
"tailwind-merge": "3.6.0",
|
||||
"topojson-client": "3.1.0",
|
||||
"tw-animate-css": "1.4.0",
|
||||
"use-debounce": "10.1.1",
|
||||
"uuid": "14.0.0",
|
||||
"uuid": "14.0.1",
|
||||
"vaul": "1.1.2",
|
||||
"visionscarto-world-atlas": "1.0.0",
|
||||
"winston": "3.19.0",
|
||||
@@ -136,11 +136,11 @@
|
||||
"zod-validation-error": "5.0.0"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@dotenvx/dotenvx": "1.69.1",
|
||||
"@dotenvx/dotenvx": "2.3.0",
|
||||
"@esbuild-plugins/tsconfig-paths": "0.1.2",
|
||||
"@react-email/ui": "^6.5.0",
|
||||
"@tailwindcss/postcss": "4.3.0",
|
||||
"@tanstack/react-query-devtools": "5.100.14",
|
||||
"@react-email/ui": "^6.6.8",
|
||||
"@tailwindcss/postcss": "4.3.2",
|
||||
"@tanstack/react-query-devtools": "5.101.2",
|
||||
"@types/better-sqlite3": "7.6.13",
|
||||
"@types/cookie-parser": "1.4.10",
|
||||
"@types/cors": "2.8.19",
|
||||
@@ -151,14 +151,14 @@
|
||||
"@types/jmespath": "0.15.2",
|
||||
"@types/js-yaml": "4.0.9",
|
||||
"@types/jsonwebtoken": "9.0.10",
|
||||
"@types/node": "25.9.1",
|
||||
"@types/nodemailer": "8.0.0",
|
||||
"@types/node": "26.1.1",
|
||||
"@types/nodemailer": "8.0.1",
|
||||
"@types/nprogress": "0.2.3",
|
||||
"@types/pg": "8.20.0",
|
||||
"@types/react": "19.2.15",
|
||||
"@types/react": "19.2.17",
|
||||
"@types/react-dom": "19.2.3",
|
||||
"@types/semver": "7.7.1",
|
||||
"@types/sshpk": "1.17.4",
|
||||
"@types/sshpk": "1.17.5",
|
||||
"@types/swagger-ui-express": "4.1.8",
|
||||
"@types/topojson-client": "3.1.5",
|
||||
"@types/ws": "8.18.1",
|
||||
@@ -166,21 +166,21 @@
|
||||
"babel-plugin-react-compiler": "1.0.0",
|
||||
"drizzle-kit": "0.31.10",
|
||||
"esbuild": "0.28.1",
|
||||
"esbuild-node-externals": "1.22.0",
|
||||
"eslint": "10.4.0",
|
||||
"eslint-config-next": "16.2.6",
|
||||
"postcss": "8.5.15",
|
||||
"prettier": "3.8.3",
|
||||
"react-email": "6.5.0",
|
||||
"tailwindcss": "4.3.0",
|
||||
"tsc-alias": "1.8.17",
|
||||
"tsx": "4.22.3",
|
||||
"typescript": "6.0.3",
|
||||
"typescript-eslint": "8.60.0"
|
||||
"esbuild-node-externals": "1.23.1",
|
||||
"eslint": "10.6.0",
|
||||
"eslint-config-next": "16.2.10",
|
||||
"postcss": "8.5.16",
|
||||
"prettier": "3.9.4",
|
||||
"react-email": "6.6.8",
|
||||
"tailwindcss": "4.3.2",
|
||||
"tsc-alias": "1.9.0",
|
||||
"tsx": "4.23.0",
|
||||
"typescript": "7.0.2",
|
||||
"typescript-eslint": "8.63.0"
|
||||
},
|
||||
"overrides": {
|
||||
"esbuild": "0.28.1",
|
||||
"dompurify": "3.4.0",
|
||||
"postcss": "8.5.15"
|
||||
"postcss": "8.5.16"
|
||||
}
|
||||
}
|
||||
|
||||
@@ -71,7 +71,6 @@ export enum ActionsEnum {
|
||||
setResourceWhitelist = "setResourceWhitelist",
|
||||
getResourceWhitelist = "getResourceWhitelist",
|
||||
generateAccessToken = "generateAccessToken",
|
||||
createResourceSessionToken = "createResourceSessionToken",
|
||||
deleteAcessToken = "deleteAcessToken",
|
||||
listAccessTokens = "listAccessTokens",
|
||||
createResourceRule = "createResourceRule",
|
||||
|
||||
@@ -736,14 +736,11 @@ export async function verifyResourceSession(
|
||||
}
|
||||
}
|
||||
|
||||
// If headerAuthExtendedCompatibility is activated but no clientHeaderAuth provided, force client to challenge.
|
||||
// Skip the challenge when SSO is also enabled so browsers get the SSO redirect instead of a native Basic
|
||||
// Auth dialog; clients that proactively send Authorization: Basic are still accepted above.
|
||||
// If headerAuthExtendedCompatibility is activated but no clientHeaderAuth provided, force client to challenge
|
||||
if (
|
||||
headerAuthExtendedCompatibility &&
|
||||
headerAuthExtendedCompatibility.extendedCompatibilityIsActivated &&
|
||||
!clientHeaderAuth &&
|
||||
!sso
|
||||
!clientHeaderAuth
|
||||
) {
|
||||
return headerAuthChallenged(res, redirectPath, resource.orgId);
|
||||
}
|
||||
|
||||
@@ -808,16 +808,6 @@ authenticated.post(
|
||||
accessToken.generateAccessToken
|
||||
);
|
||||
|
||||
authenticated.post(
|
||||
`/resource/:resourceId/session-token`,
|
||||
verifyApiKeyResourceAccess,
|
||||
verifyApiKeyUserAccess,
|
||||
verifyLimits,
|
||||
verifyApiKeyHasAction(ActionsEnum.createResourceSessionToken),
|
||||
logActionAudit(ActionsEnum.createResourceSessionToken),
|
||||
resource.createResourceSessionToken
|
||||
);
|
||||
|
||||
authenticated.delete(
|
||||
`/access-token/:accessTokenId`,
|
||||
verifyApiKeyAccessTokenAccess,
|
||||
|
||||
@@ -1,133 +0,0 @@
|
||||
import { Request, Response, NextFunction } from "express";
|
||||
import { z } from "zod";
|
||||
import { db } from "@server/db";
|
||||
import { resources, users, userOrgs } from "@server/db";
|
||||
import { eq, and } from "drizzle-orm";
|
||||
import { createResourceSession } from "@server/auth/sessions/resource";
|
||||
import HttpCode from "@server/types/HttpCode";
|
||||
import createHttpError from "http-errors";
|
||||
import { fromError } from "zod-validation-error";
|
||||
import logger from "@server/logger";
|
||||
import { createSession, generateSessionToken } from "@server/auth/sessions/app";
|
||||
import { response } from "@server/lib/response";
|
||||
|
||||
const createResourceSessionTokenParams = z.strictObject({
|
||||
resourceId: z.coerce.number().int().positive()
|
||||
});
|
||||
|
||||
const createResourceSessionTokenBody = z.strictObject({
|
||||
userId: z.string().nonempty(),
|
||||
idpId: z.coerce.number().int().positive().optional()
|
||||
});
|
||||
|
||||
export type CreateResourceSessionTokenResponse = {
|
||||
requestToken: string;
|
||||
};
|
||||
|
||||
export async function createResourceSessionToken(
|
||||
req: Request,
|
||||
res: Response,
|
||||
next: NextFunction
|
||||
): Promise<any> {
|
||||
try {
|
||||
const parsedParams = createResourceSessionTokenParams.safeParse(
|
||||
req.params
|
||||
);
|
||||
if (!parsedParams.success) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.BAD_REQUEST,
|
||||
fromError(parsedParams.error).toString()
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
const parsedBody = createResourceSessionTokenBody.safeParse(req.body);
|
||||
if (!parsedBody.success) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.BAD_REQUEST,
|
||||
fromError(parsedBody.error).toString()
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
const { resourceId } = parsedParams.data;
|
||||
const { userId, idpId } = parsedBody.data;
|
||||
|
||||
const [resource] = await db
|
||||
.select()
|
||||
.from(resources)
|
||||
.where(eq(resources.resourceId, resourceId))
|
||||
.limit(1);
|
||||
|
||||
if (!resource) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.NOT_FOUND,
|
||||
`Resource with ID ${resourceId} not found`
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
const candidates = await db
|
||||
.select({ userId: users.userId })
|
||||
.from(userOrgs)
|
||||
.innerJoin(users, eq(userOrgs.userId, users.userId))
|
||||
.where(
|
||||
and(
|
||||
eq(users.userId, userId),
|
||||
eq(userOrgs.orgId, resource.orgId)
|
||||
)
|
||||
);
|
||||
|
||||
if (candidates.length === 0) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.NOT_FOUND,
|
||||
`User not found in the organization that owns this resource`
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
if (candidates.length > 1) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.BAD_REQUEST,
|
||||
"Multiple users match this username (external users from different identity providers). Specify idpId to disambiguate."
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
const targetUserId = candidates[0].userId;
|
||||
|
||||
const appSessionToken = generateSessionToken();
|
||||
const appSession = await createSession(appSessionToken, targetUserId);
|
||||
|
||||
const requestToken = generateSessionToken();
|
||||
await createResourceSession({
|
||||
resourceId,
|
||||
token: requestToken,
|
||||
userSessionId: appSession.sessionId,
|
||||
isRequestToken: true,
|
||||
expiresAt: Date.now() + 1000 * 30, // 30 seconds
|
||||
sessionLength: 1000 * 30,
|
||||
doNotExtend: true
|
||||
});
|
||||
|
||||
logger.debug("Resource session token created successfully");
|
||||
|
||||
return response<CreateResourceSessionTokenResponse>(res, {
|
||||
data: { requestToken },
|
||||
success: true,
|
||||
error: false,
|
||||
message: "Resource session token created successfully",
|
||||
status: HttpCode.OK
|
||||
});
|
||||
} catch (error) {
|
||||
logger.error(error);
|
||||
return next(
|
||||
createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -17,7 +17,6 @@ export * from "./getResourceWhitelist";
|
||||
export * from "./authWithWhitelist";
|
||||
export * from "./authWithAccessToken";
|
||||
export * from "./getExchangeToken";
|
||||
export * from "./createResourceSessionToken";
|
||||
export * from "./createResourceRule";
|
||||
export * from "./deleteResourceRule";
|
||||
export * from "./listResourceRules";
|
||||
|
||||
@@ -77,8 +77,7 @@ function getActionsCategories(root: boolean) {
|
||||
[t("actionDeleteSiteResource")]: "deleteSiteResource",
|
||||
[t("actionGetSiteResource")]: "getSiteResource",
|
||||
[t("actionListSiteResources")]: "listSiteResources",
|
||||
[t("actionUpdateSiteResource")]: "updateSiteResource",
|
||||
[t("actionCreateResourceSessionToken")]: "createResourceSessionToken"
|
||||
[t("actionUpdateSiteResource")]: "updateSiteResource"
|
||||
},
|
||||
|
||||
Target: {
|
||||
|
||||
Reference in New Issue
Block a user