Compare commits

..

8 Commits

Author SHA1 Message Date
Owen b726f3be3c Move to legacy 2026-07-10 17:46:03 -04:00
Owen 78a3d84f69 Add missing endpoints to api 2026-07-10 17:13:47 -04:00
Owen 35960f94fc Update tags 2026-07-10 17:09:56 -04:00
Owen f03d1d3793 More route cleanup 2026-07-10 16:54:00 -04:00
Owen 5b47c21347 Order more api routes 2026-07-10 16:46:16 -04:00
Owen 1af486ac48 Just add ordering 2026-07-10 16:01:22 -04:00
Owen 0149984e85 Recategorize 2026-07-10 15:52:37 -04:00
Owen a2c96ea2f7 Add aliaes for public/private resources 2026-07-09 20:23:19 -04:00
88 changed files with 2077 additions and 310 deletions
-1
View File
@@ -1517,7 +1517,6 @@
"otpAuthDescription": "Enter the code from your authenticator app or one of your single-use backup codes.", "otpAuthDescription": "Enter the code from your authenticator app or one of your single-use backup codes.",
"otpAuthSubmit": "Submit Code", "otpAuthSubmit": "Submit Code",
"idpContinue": "Or continue with", "idpContinue": "Or continue with",
"idpLastUsed": "Last Used",
"otpAuthBack": "Back to Password", "otpAuthBack": "Back to Password",
"navbar": "Navigation Menu", "navbar": "Navigation Menu",
"navbarDescription": "Main navigation menu for the application", "navbarDescription": "Main navigation menu for the application",
+3 -2
View File
@@ -12,7 +12,7 @@ import { logIncomingMiddleware } from "./middlewares/logIncoming";
import helmet from "helmet"; import helmet from "helmet";
import swaggerUi from "swagger-ui-express"; import swaggerUi from "swagger-ui-express";
import { OpenApiGeneratorV3 } from "@asteasolutions/zod-to-openapi"; import { OpenApiGeneratorV3 } from "@asteasolutions/zod-to-openapi";
import { registry } from "./openApi"; import { registry, openApiTags } from "./openApi";
import fs from "fs"; import fs from "fs";
import path from "path"; import path from "path";
import { APP_PATH } from "./lib/consts"; import { APP_PATH } from "./lib/consts";
@@ -181,7 +181,8 @@ function getOpenApiDocumentation() {
version: "v1", version: "v1",
title: "Pangolin Integration API" title: "Pangolin Integration API"
}, },
servers: [{ url: "/v1" }] servers: [{ url: "/v1" }],
tags: openApiTags
}); });
if (!process.env.DISABLE_GEN_OPENAPI) { if (!process.env.DISABLE_GEN_OPENAPI) {
+18 -7
View File
@@ -4,22 +4,33 @@ export const registry = new OpenAPIRegistry();
export enum OpenAPITags { export enum OpenAPITags {
Site = "Site", Site = "Site",
Org = "Organization",
PublicResource = "Public Resource", PublicResource = "Public Resource",
Target = "Resource Target",
PrivateResource = "Private Resource", PrivateResource = "Private Resource",
Policy = "Policy", Client = "Client",
Org = "Organization",
Domain = "Domain",
PublicResourcePolicy = "Public Resource Policy",
Role = "Role", Role = "Role",
User = "User", User = "User",
Invitation = "User Invitation",
Target = "Resource Target",
Rule = "Rule", Rule = "Rule",
Invitation = "User Invitation",
AccessToken = "Access Token", AccessToken = "Access Token",
GlobalIdp = "Identity Provider (Global)", GlobalIdp = "Identity Provider (Global)",
OrgIdp = "Identity Provider (Organization Only)", OrgIdp = "Identity Provider (Organization Only)",
Client = "Client",
ApiKey = "API Key", ApiKey = "API Key",
Domain = "Domain",
Blueprint = "Blueprint", Blueprint = "Blueprint",
Ssh = "SSH", Ssh = "SSH",
Logs = "Logs" Logs = "Logs",
EventStreamingDestination = "Event Streaming Destination",
AlertRule = "Alert Rule",
HealthCheck = "Health Check",
PublicResourcePolicyLegacy = "Public Resource Policy (Legacy)",
PublicResourceLegacy = "Public Resource (Legacy)",
PrivateResourceLegacy = "Private Resource (Legacy)"
} }
// Order here controls the order tags are displayed in Swagger UI
export const openApiTags = Object.values(OpenAPITags).map((name) => ({
name
}));
@@ -191,7 +191,7 @@ registry.registerPath({
method: "put", method: "put",
path: "/org/{orgId}/alert-rule", path: "/org/{orgId}/alert-rule",
description: "Create an alert rule for a specific organization.", description: "Create an alert rule for a specific organization.",
tags: [OpenAPITags.Org], tags: [OpenAPITags.AlertRule],
request: { request: {
params: paramsSchema, params: paramsSchema,
body: { body: {
@@ -34,7 +34,7 @@ registry.registerPath({
method: "delete", method: "delete",
path: "/org/{orgId}/alert-rule/{alertRuleId}", path: "/org/{orgId}/alert-rule/{alertRuleId}",
description: "Delete an alert rule for a specific organization.", description: "Delete an alert rule for a specific organization.",
tags: [OpenAPITags.Org], tags: [OpenAPITags.AlertRule],
request: { request: {
params: paramsSchema params: paramsSchema
}, },
@@ -48,7 +48,7 @@ registry.registerPath({
method: "get", method: "get",
path: "/org/{orgId}/alert-rule/{alertRuleId}", path: "/org/{orgId}/alert-rule/{alertRuleId}",
description: "Get a specific alert rule for an organization.", description: "Get a specific alert rule for an organization.",
tags: [OpenAPITags.Org], tags: [OpenAPITags.AlertRule],
request: { request: {
params: paramsSchema params: paramsSchema
}, },
@@ -90,7 +90,7 @@ registry.registerPath({
method: "get", method: "get",
path: "/org/{orgId}/alert-rules", path: "/org/{orgId}/alert-rules",
description: "List all alert rules for a specific organization.", description: "List all alert rules for a specific organization.",
tags: [OpenAPITags.Org], tags: [OpenAPITags.AlertRule],
request: { request: {
query: querySchema, query: querySchema,
params: paramsSchema params: paramsSchema
@@ -158,7 +158,7 @@ registry.registerPath({
method: "post", method: "post",
path: "/org/{orgId}/alert-rule/{alertRuleId}", path: "/org/{orgId}/alert-rule/{alertRuleId}",
description: "Update an alert rule for a specific organization.", description: "Update an alert rule for a specific organization.",
tags: [OpenAPITags.Org], tags: [OpenAPITags.AlertRule],
request: { request: {
params: paramsSchema, params: paramsSchema,
body: { body: {
@@ -52,7 +52,7 @@ registry.registerPath({
method: "put", method: "put",
path: "/org/{orgId}/event-streaming-destination", path: "/org/{orgId}/event-streaming-destination",
description: "Create an event streaming destination for a specific organization.", description: "Create an event streaming destination for a specific organization.",
tags: [OpenAPITags.Org], tags: [OpenAPITags.EventStreamingDestination],
request: { request: {
params: paramsSchema, params: paramsSchema,
body: { body: {
@@ -35,7 +35,7 @@ registry.registerPath({
path: "/org/{orgId}/event-streaming-destination/{destinationId}", path: "/org/{orgId}/event-streaming-destination/{destinationId}",
description: description:
"Delete an event streaming destination for a specific organization.", "Delete an event streaming destination for a specific organization.",
tags: [OpenAPITags.Org], tags: [OpenAPITags.EventStreamingDestination],
request: { request: {
params: paramsSchema params: paramsSchema
}, },
@@ -109,7 +109,7 @@ registry.registerPath({
path: "/org/{orgId}/event-streaming-destination", path: "/org/{orgId}/event-streaming-destination",
description: description:
"List all event streaming destinations for a specific organization.", "List all event streaming destinations for a specific organization.",
tags: [OpenAPITags.Org], tags: [OpenAPITags.EventStreamingDestination],
request: { request: {
query: querySchema, query: querySchema,
params: paramsSchema params: paramsSchema
@@ -55,7 +55,7 @@ registry.registerPath({
method: "post", method: "post",
path: "/org/{orgId}/event-streaming-destination/{destinationId}", path: "/org/{orgId}/event-streaming-destination/{destinationId}",
description: "Update an event streaming destination for a specific organization.", description: "Update an event streaming destination for a specific organization.",
tags: [OpenAPITags.Org], tags: [OpenAPITags.EventStreamingDestination],
request: { request: {
params: paramsSchema, params: paramsSchema,
body: { body: {
@@ -75,7 +75,7 @@ registry.registerPath({
method: "put", method: "put",
path: "/org/{orgId}/health-check", path: "/org/{orgId}/health-check",
description: "Create a health check for a specific organization.", description: "Create a health check for a specific organization.",
tags: [OpenAPITags.Org], tags: [OpenAPITags.HealthCheck],
request: { request: {
params: paramsSchema, params: paramsSchema,
body: { body: {
@@ -37,7 +37,7 @@ registry.registerPath({
method: "delete", method: "delete",
path: "/org/{orgId}/health-check/{healthCheckId}", path: "/org/{orgId}/health-check/{healthCheckId}",
description: "Delete a health check for a specific organization.", description: "Delete a health check for a specific organization.",
tags: [OpenAPITags.Org], tags: [OpenAPITags.HealthCheck],
request: { request: {
params: paramsSchema params: paramsSchema
}, },
@@ -63,7 +63,7 @@ registry.registerPath({
method: "get", method: "get",
path: "/org/{orgId}/health-checks", path: "/org/{orgId}/health-checks",
description: "List health checks for an organization.", description: "List health checks for an organization.",
tags: [OpenAPITags.Org], tags: [OpenAPITags.HealthCheck],
request: { request: {
params: paramsSchema, params: paramsSchema,
query: querySchema query: querySchema
@@ -109,7 +109,7 @@ registry.registerPath({
method: "post", method: "post",
path: "/org/{orgId}/health-check/{healthCheckId}", path: "/org/{orgId}/health-check/{healthCheckId}",
description: "Update a health check for a specific organization.", description: "Update a health check for a specific organization.",
tags: [OpenAPITags.Org], tags: [OpenAPITags.HealthCheck],
request: { request: {
params: paramsSchema, params: paramsSchema,
body: { body: {
+149
View File
@@ -16,6 +16,10 @@ import * as org from "#private/routers/org";
import * as logs from "#private/routers/auditLogs"; import * as logs from "#private/routers/auditLogs";
import * as alertEvents from "#private/routers/alertEvents"; import * as alertEvents from "#private/routers/alertEvents";
import * as certificates from "#private/routers/certificates"; import * as certificates from "#private/routers/certificates";
import * as policy from "#private/routers/policy";
import * as eventStreamingDestination from "#private/routers/eventStreamingDestination";
import * as alertRule from "#private/routers/alertRule";
import * as healthChecks from "#private/routers/healthChecks";
import { import {
verifyApiKeyHasAction, verifyApiKeyHasAction,
@@ -24,6 +28,7 @@ import {
verifyApiKeyIdpAccess, verifyApiKeyIdpAccess,
verifyApiKeyRoleAccess, verifyApiKeyRoleAccess,
verifyApiKeyUserAccess, verifyApiKeyUserAccess,
verifyApiKeyResourcePolicyAccess,
verifyLimits verifyLimits
} from "@server/middlewares"; } from "@server/middlewares";
import * as user from "#private/routers/user"; import * as user from "#private/routers/user";
@@ -215,3 +220,147 @@ authenticated.delete(
logActionAudit(ActionsEnum.removeUserRole), logActionAudit(ActionsEnum.removeUserRole),
user.removeUserRole user.removeUserRole
); );
authenticated.get(
["/org/:orgId/resource-policies", "/org/:orgId/public-resource-policies"],
verifyValidLicense,
verifyValidSubscription(tierMatrix.resourcePolicies),
verifyApiKeyOrgAccess,
verifyLimits,
verifyApiKeyHasAction(ActionsEnum.listResourcePolicies),
logActionAudit(ActionsEnum.listResourcePolicies),
policy.listResourcePolicies
);
authenticated.post(
["/org/:orgId/resource-policy", "/org/:orgId/public-resource-policy"],
verifyValidLicense,
verifyValidSubscription(tierMatrix.resourcePolicies),
verifyApiKeyOrgAccess,
verifyLimits,
verifyApiKeyHasAction(ActionsEnum.createResourcePolicy),
logActionAudit(ActionsEnum.createResourcePolicy),
policy.createResourcePolicy
);
authenticated.delete(
["/resource-policy/:resourcePolicyId", "/public-resource-policy/:resourcePolicyId"],
verifyApiKeyResourcePolicyAccess,
verifyValidLicense,
verifyValidSubscription(tierMatrix.resourcePolicies),
verifyLimits,
verifyApiKeyHasAction(ActionsEnum.deleteResourcePolicy),
logActionAudit(ActionsEnum.deleteResourcePolicy),
policy.deleteResourcePolicy
);
authenticated.put(
"/org/:orgId/event-streaming-destination",
verifyApiKeyOrgAccess,
verifyLimits,
verifyApiKeyHasAction(ActionsEnum.createEventStreamingDestination),
logActionAudit(ActionsEnum.createEventStreamingDestination),
eventStreamingDestination.createEventStreamingDestination
);
authenticated.post(
"/org/:orgId/event-streaming-destination/:destinationId",
verifyApiKeyOrgAccess,
verifyLimits,
verifyApiKeyHasAction(ActionsEnum.updateEventStreamingDestination),
logActionAudit(ActionsEnum.updateEventStreamingDestination),
eventStreamingDestination.updateEventStreamingDestination
);
authenticated.delete(
"/org/:orgId/event-streaming-destination/:destinationId",
verifyApiKeyOrgAccess,
verifyApiKeyHasAction(ActionsEnum.deleteEventStreamingDestination),
logActionAudit(ActionsEnum.deleteEventStreamingDestination),
eventStreamingDestination.deleteEventStreamingDestination
);
authenticated.get(
"/org/:orgId/event-streaming-destinations",
verifyApiKeyOrgAccess,
verifyApiKeyHasAction(ActionsEnum.listEventStreamingDestinations),
eventStreamingDestination.listEventStreamingDestinations
);
authenticated.put(
"/org/:orgId/alert-rule",
verifyApiKeyOrgAccess,
verifyLimits,
verifyApiKeyHasAction(ActionsEnum.createAlertRule),
logActionAudit(ActionsEnum.createAlertRule),
alertRule.createAlertRule
);
authenticated.post(
"/org/:orgId/alert-rule/:alertRuleId",
verifyApiKeyOrgAccess,
verifyApiKeyHasAction(ActionsEnum.updateAlertRule),
logActionAudit(ActionsEnum.updateAlertRule),
alertRule.updateAlertRule
);
authenticated.delete(
"/org/:orgId/alert-rule/:alertRuleId",
verifyApiKeyOrgAccess,
verifyApiKeyHasAction(ActionsEnum.deleteAlertRule),
logActionAudit(ActionsEnum.deleteAlertRule),
alertRule.deleteAlertRule
);
authenticated.get(
"/org/:orgId/alert-rules",
verifyApiKeyOrgAccess,
verifyApiKeyHasAction(ActionsEnum.listAlertRules),
alertRule.listAlertRules
);
authenticated.get(
"/org/:orgId/alert-rule/:alertRuleId",
verifyApiKeyOrgAccess,
verifyApiKeyHasAction(ActionsEnum.getAlertRule),
alertRule.getAlertRule
);
authenticated.get(
"/org/:orgId/health-checks",
verifyApiKeyOrgAccess,
verifyApiKeyHasAction(ActionsEnum.listHealthChecks),
healthChecks.listHealthChecks
);
authenticated.put(
"/org/:orgId/health-check",
verifyApiKeyOrgAccess,
verifyLimits,
verifyApiKeyHasAction(ActionsEnum.createHealthCheck),
logActionAudit(ActionsEnum.createHealthCheck),
healthChecks.createHealthCheck
);
authenticated.post(
"/org/:orgId/health-check/:healthCheckId",
verifyApiKeyOrgAccess,
verifyApiKeyHasAction(ActionsEnum.updateHealthCheck),
logActionAudit(ActionsEnum.updateHealthCheck),
healthChecks.updateHealthCheck
);
authenticated.delete(
"/org/:orgId/health-check/:healthCheckId",
verifyApiKeyOrgAccess,
verifyApiKeyHasAction(ActionsEnum.deleteHealthCheck),
logActionAudit(ActionsEnum.deleteHealthCheck),
healthChecks.deleteHealthCheck
);
authenticated.get(
"/org/:orgId/health-check/:healthCheckId/status-history",
verifyApiKeyOrgAccess,
verifyApiKeyHasAction(ActionsEnum.getTarget),
healthChecks.getHealthCheckStatusHistory
);
@@ -121,7 +121,7 @@ registry.registerPath({
method: "post", method: "post",
path: "/org/{orgId}/resource-policy", path: "/org/{orgId}/resource-policy",
description: "Create a resource policy.", description: "Create a resource policy.",
tags: [OpenAPITags.Org, OpenAPITags.Policy], tags: [OpenAPITags.PublicResourcePolicy],
request: { request: {
params: createResourcePolicyParamsSchema, params: createResourcePolicyParamsSchema,
body: { body: {
@@ -31,7 +31,7 @@ registry.registerPath({
method: "delete", method: "delete",
path: "/resource-policy/{resourcePolicyId}", path: "/resource-policy/{resourcePolicyId}",
description: "Delete a resource policy.", description: "Delete a resource policy.",
tags: [OpenAPITags.Policy], tags: [OpenAPITags.PublicResourcePolicy],
request: { request: {
params: deleteResourcePolicySchema params: deleteResourcePolicySchema
}, },
@@ -79,7 +79,7 @@ registry.registerPath({
method: "get", method: "get",
path: "/org/{orgId}/resource-policies", path: "/org/{orgId}/resource-policies",
description: "List resource policies for an organization.", description: "List resource policies for an organization.",
tags: [OpenAPITags.Org, OpenAPITags.Policy], tags: [OpenAPITags.PublicResourcePolicy],
request: { request: {
params: z.object({ params: z.object({
orgId: z.string() orgId: z.string()
@@ -44,6 +44,39 @@ registry.registerPath({
method: "post", method: "post",
path: "/resource/{resourceId}/access-token", path: "/resource/{resourceId}/access-token",
description: "Generate a new access token for a resource.", description: "Generate a new access token for a resource.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: generateAccssTokenParamsSchema,
body: {
content: {
"application/json": {
schema: generateAccessTokenBodySchema
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "post",
path: "/public-resource/{resourceId}/access-token",
description: "Generate a new access token for a resource.",
tags: [OpenAPITags.PublicResource, OpenAPITags.AccessToken], tags: [OpenAPITags.PublicResource, OpenAPITags.AccessToken],
request: { request: {
params: generateAccssTokenParamsSchema, params: generateAccssTokenParamsSchema,
@@ -151,6 +151,35 @@ registry.registerPath({
method: "get", method: "get",
path: "/resource/{resourceId}/access-tokens", path: "/resource/{resourceId}/access-tokens",
description: "List all access tokens for a resource.", description: "List all access tokens for a resource.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: z.object({
resourceId: z.number()
}),
query: listAccessTokensSchema
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "get",
path: "/public-resource/{resourceId}/access-tokens",
description: "List all access tokens for a resource.",
tags: [OpenAPITags.PublicResource, OpenAPITags.AccessToken], tags: [OpenAPITags.PublicResource, OpenAPITags.AccessToken],
request: { request: {
params: z.object({ params: z.object({
+168 -60
View File
@@ -162,7 +162,7 @@ authenticated.get(
// Site Resource endpoints // Site Resource endpoints
authenticated.put( authenticated.put(
"/org/:orgId/site-resource", ["/org/:orgId/site-resource", "/org/:orgId/private-resource"],
verifyApiKeyOrgAccess, verifyApiKeyOrgAccess,
verifyLimits, verifyLimits,
verifyApiKeyHasAction(ActionsEnum.createSiteResource), verifyApiKeyHasAction(ActionsEnum.createSiteResource),
@@ -171,7 +171,10 @@ authenticated.put(
); );
authenticated.get( authenticated.get(
"/org/:orgId/site/:siteId/resources", [
"/org/:orgId/site/:siteId/resources",
"/org/:orgId/site/:siteId/private-resources"
],
verifyApiKeyOrgAccess, verifyApiKeyOrgAccess,
verifyApiKeySiteAccess, verifyApiKeySiteAccess,
verifyApiKeyHasAction(ActionsEnum.listSiteResources), verifyApiKeyHasAction(ActionsEnum.listSiteResources),
@@ -179,21 +182,21 @@ authenticated.get(
); );
authenticated.get( authenticated.get(
"/org/:orgId/site-resources", ["/org/:orgId/site-resources", "/org/:orgId/private-resources"],
verifyApiKeyOrgAccess, verifyApiKeyOrgAccess,
verifyApiKeyHasAction(ActionsEnum.listSiteResources), verifyApiKeyHasAction(ActionsEnum.listSiteResources),
siteResource.listAllSiteResourcesByOrg siteResource.listAllSiteResourcesByOrg
); );
authenticated.get( authenticated.get(
"/site-resource/:siteResourceId", ["/site-resource/:siteResourceId", "/private-resource/:siteResourceId"],
verifyApiKeySiteResourceAccess, verifyApiKeySiteResourceAccess,
verifyApiKeyHasAction(ActionsEnum.getSiteResource), verifyApiKeyHasAction(ActionsEnum.getSiteResource),
siteResource.getSiteResource siteResource.getSiteResource
); );
authenticated.post( authenticated.post(
"/site-resource/:siteResourceId", ["/site-resource/:siteResourceId", "/private-resource/:siteResourceId"],
verifyApiKeySiteResourceAccess, verifyApiKeySiteResourceAccess,
verifyLimits, verifyLimits,
verifyApiKeyHasAction(ActionsEnum.updateSiteResource), verifyApiKeyHasAction(ActionsEnum.updateSiteResource),
@@ -202,7 +205,7 @@ authenticated.post(
); );
authenticated.delete( authenticated.delete(
"/site-resource/:siteResourceId", ["/site-resource/:siteResourceId", "/private-resource/:siteResourceId"],
verifyApiKeySiteResourceAccess, verifyApiKeySiteResourceAccess,
verifyApiKeyHasAction(ActionsEnum.deleteSiteResource), verifyApiKeyHasAction(ActionsEnum.deleteSiteResource),
logActionAudit(ActionsEnum.deleteSiteResource), logActionAudit(ActionsEnum.deleteSiteResource),
@@ -210,28 +213,40 @@ authenticated.delete(
); );
authenticated.get( authenticated.get(
"/site-resource/:siteResourceId/roles", [
"/site-resource/:siteResourceId/roles",
"/private-resource/:siteResourceId/roles"
],
verifyApiKeySiteResourceAccess, verifyApiKeySiteResourceAccess,
verifyApiKeyHasAction(ActionsEnum.listResourceRoles), verifyApiKeyHasAction(ActionsEnum.listResourceRoles),
siteResource.listSiteResourceRoles siteResource.listSiteResourceRoles
); );
authenticated.get( authenticated.get(
"/site-resource/:siteResourceId/users", [
"/site-resource/:siteResourceId/users",
"/private-resource/:siteResourceId/users"
],
verifyApiKeySiteResourceAccess, verifyApiKeySiteResourceAccess,
verifyApiKeyHasAction(ActionsEnum.listResourceUsers), verifyApiKeyHasAction(ActionsEnum.listResourceUsers),
siteResource.listSiteResourceUsers siteResource.listSiteResourceUsers
); );
authenticated.get( authenticated.get(
"/site-resource/:siteResourceId/clients", [
"/site-resource/:siteResourceId/clients",
"/private-resource/:siteResourceId/clients"
],
verifyApiKeySiteResourceAccess, verifyApiKeySiteResourceAccess,
verifyApiKeyHasAction(ActionsEnum.listResourceUsers), verifyApiKeyHasAction(ActionsEnum.listResourceUsers),
siteResource.listSiteResourceClients siteResource.listSiteResourceClients
); );
authenticated.post( authenticated.post(
"/site-resource/:siteResourceId/roles", [
"/site-resource/:siteResourceId/roles",
"/private-resource/:siteResourceId/roles"
],
verifyApiKeySiteResourceAccess, verifyApiKeySiteResourceAccess,
verifyApiKeyRoleAccess, verifyApiKeyRoleAccess,
verifyLimits, verifyLimits,
@@ -241,7 +256,10 @@ authenticated.post(
); );
authenticated.post( authenticated.post(
"/site-resource/:siteResourceId/users", [
"/site-resource/:siteResourceId/users",
"/private-resource/:siteResourceId/users"
],
verifyApiKeySiteResourceAccess, verifyApiKeySiteResourceAccess,
verifyApiKeySetResourceUsers, verifyApiKeySetResourceUsers,
verifyLimits, verifyLimits,
@@ -251,7 +269,10 @@ authenticated.post(
); );
authenticated.post( authenticated.post(
"/site-resource/:siteResourceId/roles/add", [
"/site-resource/:siteResourceId/roles/add",
"/private-resource/:siteResourceId/roles/add"
],
verifyApiKeySiteResourceAccess, verifyApiKeySiteResourceAccess,
verifyApiKeyRoleAccess, verifyApiKeyRoleAccess,
verifyLimits, verifyLimits,
@@ -261,7 +282,10 @@ authenticated.post(
); );
authenticated.post( authenticated.post(
"/site-resource/:siteResourceId/roles/remove", [
"/site-resource/:siteResourceId/roles/remove",
"/private-resource/:siteResourceId/roles/remove"
],
verifyApiKeySiteResourceAccess, verifyApiKeySiteResourceAccess,
verifyApiKeyRoleAccess, verifyApiKeyRoleAccess,
verifyLimits, verifyLimits,
@@ -271,7 +295,10 @@ authenticated.post(
); );
authenticated.post( authenticated.post(
"/site-resource/:siteResourceId/users/add", [
"/site-resource/:siteResourceId/users/add",
"/private-resource/:siteResourceId/users/add"
],
verifyApiKeySiteResourceAccess, verifyApiKeySiteResourceAccess,
verifyApiKeySetResourceUsers, verifyApiKeySetResourceUsers,
verifyLimits, verifyLimits,
@@ -281,7 +308,10 @@ authenticated.post(
); );
authenticated.post( authenticated.post(
"/site-resource/:siteResourceId/users/remove", [
"/site-resource/:siteResourceId/users/remove",
"/private-resource/:siteResourceId/users/remove"
],
verifyApiKeySiteResourceAccess, verifyApiKeySiteResourceAccess,
verifyApiKeySetResourceUsers, verifyApiKeySetResourceUsers,
verifyLimits, verifyLimits,
@@ -291,7 +321,10 @@ authenticated.post(
); );
authenticated.post( authenticated.post(
"/site-resource/:siteResourceId/clients", [
"/site-resource/:siteResourceId/clients",
"/private-resource/:siteResourceId/clients"
],
verifyApiKeySiteResourceAccess, verifyApiKeySiteResourceAccess,
verifyApiKeySetResourceClients, verifyApiKeySetResourceClients,
verifyLimits, verifyLimits,
@@ -301,7 +334,10 @@ authenticated.post(
); );
authenticated.post( authenticated.post(
"/site-resource/:siteResourceId/clients/add", [
"/site-resource/:siteResourceId/clients/add",
"/private-resource/:siteResourceId/clients/add"
],
verifyApiKeySiteResourceAccess, verifyApiKeySiteResourceAccess,
verifyApiKeySetResourceClients, verifyApiKeySetResourceClients,
verifyLimits, verifyLimits,
@@ -311,7 +347,10 @@ authenticated.post(
); );
authenticated.post( authenticated.post(
"/site-resource/:siteResourceId/clients/remove", [
"/site-resource/:siteResourceId/clients/remove",
"/private-resource/:siteResourceId/clients/remove"
],
verifyApiKeySiteResourceAccess, verifyApiKeySiteResourceAccess,
verifyApiKeySetResourceClients, verifyApiKeySetResourceClients,
verifyLimits, verifyLimits,
@@ -321,7 +360,7 @@ authenticated.post(
); );
authenticated.post( authenticated.post(
"/client/:clientId/site-resources", ["/client/:clientId/site-resources", "/client/:clientId/private-resources"],
verifyLimits, verifyLimits,
verifyApiKeyHasAction(ActionsEnum.setResourceUsers), verifyApiKeyHasAction(ActionsEnum.setResourceUsers),
logActionAudit(ActionsEnum.setResourceUsers), logActionAudit(ActionsEnum.setResourceUsers),
@@ -329,7 +368,7 @@ authenticated.post(
); );
authenticated.put( authenticated.put(
"/org/:orgId/resource", ["/org/:orgId/resource", "/org/:orgId/public-resource"],
verifyApiKeyOrgAccess, verifyApiKeyOrgAccess,
verifyLimits, verifyLimits,
verifyApiKeyHasAction(ActionsEnum.createResource), verifyApiKeyHasAction(ActionsEnum.createResource),
@@ -338,7 +377,10 @@ authenticated.put(
); );
authenticated.put( authenticated.put(
"/org/:orgId/site/:siteId/resource", [
"/org/:orgId/site/:siteId/resource",
"/org/:orgId/site/:siteId/public-resource"
],
verifyApiKeyOrgAccess, verifyApiKeyOrgAccess,
verifyLimits, verifyLimits,
verifyApiKeyHasAction(ActionsEnum.createResource), verifyApiKeyHasAction(ActionsEnum.createResource),
@@ -347,14 +389,14 @@ authenticated.put(
); );
authenticated.get( authenticated.get(
"/site/:siteId/resources", ["/site/:siteId/resources", "/site/:siteId/public-resources"],
verifyApiKeySiteAccess, verifyApiKeySiteAccess,
verifyApiKeyHasAction(ActionsEnum.listResources), verifyApiKeyHasAction(ActionsEnum.listResources),
resource.listResources resource.listResources
); );
authenticated.get( authenticated.get(
"/org/:orgId/resources", ["/org/:orgId/resources", "/org/:orgId/public-resources"],
verifyApiKeyOrgAccess, verifyApiKeyOrgAccess,
verifyApiKeyHasAction(ActionsEnum.listResources), verifyApiKeyHasAction(ActionsEnum.listResources),
resource.listResources resource.listResources
@@ -442,42 +484,45 @@ authenticated.delete(
); );
authenticated.get( authenticated.get(
"/resource/:resourceId/roles", ["/resource/:resourceId/roles", "/public-resource/:resourceId/roles"],
verifyApiKeyResourceAccess, verifyApiKeyResourceAccess,
verifyApiKeyHasAction(ActionsEnum.listResourceRoles), verifyApiKeyHasAction(ActionsEnum.listResourceRoles),
resource.listResourceRoles resource.listResourceRoles
); );
authenticated.get( authenticated.get(
"/resource/:resourceId/users", ["/resource/:resourceId/users", "/public-resource/:resourceId/users"],
verifyApiKeyResourceAccess, verifyApiKeyResourceAccess,
verifyApiKeyHasAction(ActionsEnum.listResourceUsers), verifyApiKeyHasAction(ActionsEnum.listResourceUsers),
resource.listResourceUsers resource.listResourceUsers
); );
authenticated.get( authenticated.get(
"/resource/:resourceId", ["/resource/:resourceId", "/public-resource/:resourceId"],
verifyApiKeyResourceAccess, verifyApiKeyResourceAccess,
verifyApiKeyHasAction(ActionsEnum.getResource), verifyApiKeyHasAction(ActionsEnum.getResource),
resource.getResource resource.getResource
); );
authenticated.get( authenticated.get(
"/resource-policy/:resourcePolicyId", [
"/resource-policy/:resourcePolicyId",
"/public-resource-policy/:resourcePolicyId"
],
verifyApiKeyResourcePolicyAccess, verifyApiKeyResourcePolicyAccess,
verifyApiKeyHasAction(ActionsEnum.getResourcePolicy), verifyApiKeyHasAction(ActionsEnum.getResourcePolicy),
policy.getResourcePolicy policy.getResourcePolicy
); );
authenticated.get( authenticated.get(
"/resource/:resourceId/policies", ["/resource/:resourceId/policies", "/public-resource/:resourceId/policies"],
verifyApiKeyResourceAccess, verifyApiKeyResourceAccess,
verifyApiKeyHasAction(ActionsEnum.getResourcePolicy), verifyApiKeyHasAction(ActionsEnum.getResourcePolicy),
resource.getResourcePolicies resource.getResourcePolicies
); );
authenticated.post( authenticated.post(
"/resource/:resourceId", ["/resource/:resourceId", "/public-resource/:resourceId"],
verifyApiKeyResourceAccess, verifyApiKeyResourceAccess,
verifyLimits, verifyLimits,
verifyApiKeyHasAction(ActionsEnum.updateResource), verifyApiKeyHasAction(ActionsEnum.updateResource),
@@ -486,14 +531,17 @@ authenticated.post(
); );
authenticated.put( authenticated.put(
"/resource-policy/:resourcePolicyId", [
"/resource-policy/:resourcePolicyId",
"/public-resource-policy/:resourcePolicyId"
],
verifyApiKeyResourcePolicyAccess, verifyApiKeyResourcePolicyAccess,
verifyApiKeyHasAction(ActionsEnum.updateResourcePolicy), verifyApiKeyHasAction(ActionsEnum.updateResourcePolicy),
policy.updateResourcePolicy policy.updateResourcePolicy
); );
authenticated.delete( authenticated.delete(
"/resource/:resourceId", ["/resource/:resourceId", "/public-resource/:resourceId"],
verifyApiKeyResourceAccess, verifyApiKeyResourceAccess,
verifyApiKeyHasAction(ActionsEnum.deleteResource), verifyApiKeyHasAction(ActionsEnum.deleteResource),
logActionAudit(ActionsEnum.deleteResource), logActionAudit(ActionsEnum.deleteResource),
@@ -501,7 +549,7 @@ authenticated.delete(
); );
authenticated.put( authenticated.put(
"/resource/:resourceId/target", ["/resource/:resourceId/target", "/public-resource/:resourceId/target"],
verifyApiKeyResourceAccess, verifyApiKeyResourceAccess,
verifyLimits, verifyLimits,
verifyApiKeyHasAction(ActionsEnum.createTarget), verifyApiKeyHasAction(ActionsEnum.createTarget),
@@ -510,14 +558,14 @@ authenticated.put(
); );
authenticated.get( authenticated.get(
"/resource/:resourceId/targets", ["/resource/:resourceId/targets", "/public-resource/:resourceId/targets"],
verifyApiKeyResourceAccess, verifyApiKeyResourceAccess,
verifyApiKeyHasAction(ActionsEnum.listTargets), verifyApiKeyHasAction(ActionsEnum.listTargets),
target.listTargets target.listTargets
); );
authenticated.put( authenticated.put(
"/resource/:resourceId/rule", ["/resource/:resourceId/rule", "/public-resource/:resourceId/rule"],
verifyApiKeyResourceAccess, verifyApiKeyResourceAccess,
verifyLimits, verifyLimits,
verifyApiKeyHasAction(ActionsEnum.createResourceRule), verifyApiKeyHasAction(ActionsEnum.createResourceRule),
@@ -526,14 +574,17 @@ authenticated.put(
); );
authenticated.get( authenticated.get(
"/resource/:resourceId/rules", ["/resource/:resourceId/rules", "/public-resource/:resourceId/rules"],
verifyApiKeyResourceAccess, verifyApiKeyResourceAccess,
verifyApiKeyHasAction(ActionsEnum.listResourceRules), verifyApiKeyHasAction(ActionsEnum.listResourceRules),
resource.listResourceRules resource.listResourceRules
); );
authenticated.post( authenticated.post(
"/resource/:resourceId/rule/:ruleId", [
"/resource/:resourceId/rule/:ruleId",
"/public-resource/:resourceId/rule/:ruleId"
],
verifyApiKeyResourceAccess, verifyApiKeyResourceAccess,
verifyLimits, verifyLimits,
verifyApiKeyHasAction(ActionsEnum.updateResourceRule), verifyApiKeyHasAction(ActionsEnum.updateResourceRule),
@@ -542,7 +593,10 @@ authenticated.post(
); );
authenticated.delete( authenticated.delete(
"/resource/:resourceId/rule/:ruleId", [
"/resource/:resourceId/rule/:ruleId",
"/public-resource/:resourceId/rule/:ruleId"
],
verifyApiKeyResourceAccess, verifyApiKeyResourceAccess,
verifyApiKeyHasAction(ActionsEnum.deleteResourceRule), verifyApiKeyHasAction(ActionsEnum.deleteResourceRule),
logActionAudit(ActionsEnum.deleteResourceRule), logActionAudit(ActionsEnum.deleteResourceRule),
@@ -624,7 +678,7 @@ authenticated.post(
); );
authenticated.post( authenticated.post(
"/resource/:resourceId/roles", ["/resource/:resourceId/roles", "/public-resource/:resourceId/roles"],
verifyApiKeyResourceAccess, verifyApiKeyResourceAccess,
verifyApiKeyRoleAccess, verifyApiKeyRoleAccess,
verifyLimits, verifyLimits,
@@ -634,7 +688,7 @@ authenticated.post(
); );
authenticated.post( authenticated.post(
"/resource/:resourceId/users", ["/resource/:resourceId/users", "/public-resource/:resourceId/users"],
verifyApiKeyResourceAccess, verifyApiKeyResourceAccess,
verifyApiKeySetResourceUsers, verifyApiKeySetResourceUsers,
verifyLimits, verifyLimits,
@@ -644,7 +698,10 @@ authenticated.post(
); );
authenticated.put( authenticated.put(
"/resource-policy/:resourcePolicyId/access-control", [
"/resource-policy/:resourcePolicyId/access-control",
"/public-resource-policy/:resourcePolicyId/access-control"
],
verifyApiKeyResourcePolicyAccess, verifyApiKeyResourcePolicyAccess,
verifyApiKeyRoleAccess, verifyApiKeyRoleAccess,
verifyLimits, verifyLimits,
@@ -656,7 +713,10 @@ authenticated.put(
); );
authenticated.put( authenticated.put(
"/resource-policy/:resourcePolicyId/password", [
"/resource-policy/:resourcePolicyId/password",
"/public-resource-policy/:resourcePolicyId/password"
],
verifyApiKeyResourcePolicyAccess, verifyApiKeyResourcePolicyAccess,
verifyLimits, verifyLimits,
verifyApiKeyHasAction(ActionsEnum.setResourcePolicyPassword), verifyApiKeyHasAction(ActionsEnum.setResourcePolicyPassword),
@@ -665,7 +725,10 @@ authenticated.put(
); );
authenticated.put( authenticated.put(
"/resource-policy/:resourcePolicyId/pincode", [
"/resource-policy/:resourcePolicyId/pincode",
"/public-resource-policy/:resourcePolicyId/pincode"
],
verifyApiKeyResourcePolicyAccess, verifyApiKeyResourcePolicyAccess,
verifyLimits, verifyLimits,
verifyApiKeyHasAction(ActionsEnum.setResourcePolicyPincode), verifyApiKeyHasAction(ActionsEnum.setResourcePolicyPincode),
@@ -674,7 +737,10 @@ authenticated.put(
); );
authenticated.put( authenticated.put(
"/resource-policy/:resourcePolicyId/header-auth", [
"/resource-policy/:resourcePolicyId/header-auth",
"/public-resource-policy/:resourcePolicyId/header-auth"
],
verifyApiKeyResourcePolicyAccess, verifyApiKeyResourcePolicyAccess,
verifyLimits, verifyLimits,
verifyApiKeyHasAction(ActionsEnum.setResourcePolicyHeaderAuth), verifyApiKeyHasAction(ActionsEnum.setResourcePolicyHeaderAuth),
@@ -683,7 +749,10 @@ authenticated.put(
); );
authenticated.put( authenticated.put(
"/resource-policy/:resourcePolicyId/whitelist", [
"/resource-policy/:resourcePolicyId/whitelist",
"/public-resource-policy/:resourcePolicyId/whitelist"
],
verifyApiKeyResourcePolicyAccess, verifyApiKeyResourcePolicyAccess,
verifyLimits, verifyLimits,
verifyApiKeyHasAction(ActionsEnum.setResourcePolicyWhitelist), verifyApiKeyHasAction(ActionsEnum.setResourcePolicyWhitelist),
@@ -692,7 +761,10 @@ authenticated.put(
); );
authenticated.put( authenticated.put(
"/resource-policy/:resourcePolicyId/rules", [
"/resource-policy/:resourcePolicyId/rules",
"/public-resource-policy/:resourcePolicyId/rules"
],
verifyApiKeyResourcePolicyAccess, verifyApiKeyResourcePolicyAccess,
verifyLimits, verifyLimits,
verifyApiKeyHasAction(ActionsEnum.setResourcePolicyRules), verifyApiKeyHasAction(ActionsEnum.setResourcePolicyRules),
@@ -701,7 +773,10 @@ authenticated.put(
); );
authenticated.post( authenticated.post(
"/resource/:resourceId/roles/add", [
"/resource/:resourceId/roles/add",
"/public-resource/:resourceId/roles/add"
],
verifyApiKeyResourceAccess, verifyApiKeyResourceAccess,
verifyApiKeyRoleAccess, verifyApiKeyRoleAccess,
verifyLimits, verifyLimits,
@@ -711,7 +786,10 @@ authenticated.post(
); );
authenticated.post( authenticated.post(
"/resource/:resourceId/roles/remove", [
"/resource/:resourceId/roles/remove",
"/public-resource/:resourceId/roles/remove"
],
verifyApiKeyResourceAccess, verifyApiKeyResourceAccess,
verifyApiKeyRoleAccess, verifyApiKeyRoleAccess,
verifyLimits, verifyLimits,
@@ -721,7 +799,10 @@ authenticated.post(
); );
authenticated.post( authenticated.post(
"/resource/:resourceId/users/add", [
"/resource/:resourceId/users/add",
"/public-resource/:resourceId/users/add"
],
verifyApiKeyResourceAccess, verifyApiKeyResourceAccess,
verifyApiKeySetResourceUsers, verifyApiKeySetResourceUsers,
verifyLimits, verifyLimits,
@@ -731,7 +812,10 @@ authenticated.post(
); );
authenticated.post( authenticated.post(
"/resource/:resourceId/users/remove", [
"/resource/:resourceId/users/remove",
"/public-resource/:resourceId/users/remove"
],
verifyApiKeyResourceAccess, verifyApiKeyResourceAccess,
verifyApiKeySetResourceUsers, verifyApiKeySetResourceUsers,
verifyLimits, verifyLimits,
@@ -741,7 +825,7 @@ authenticated.post(
); );
authenticated.post( authenticated.post(
`/resource/:resourceId/password`, [`/resource/:resourceId/password`, `/public-resource/:resourceId/password`],
verifyApiKeyResourceAccess, verifyApiKeyResourceAccess,
verifyLimits, verifyLimits,
verifyApiKeyHasAction(ActionsEnum.setResourcePassword), verifyApiKeyHasAction(ActionsEnum.setResourcePassword),
@@ -750,7 +834,7 @@ authenticated.post(
); );
authenticated.post( authenticated.post(
`/resource/:resourceId/pincode`, [`/resource/:resourceId/pincode`, `/public-resource/:resourceId/pincode`],
verifyApiKeyResourceAccess, verifyApiKeyResourceAccess,
verifyLimits, verifyLimits,
verifyApiKeyHasAction(ActionsEnum.setResourcePincode), verifyApiKeyHasAction(ActionsEnum.setResourcePincode),
@@ -759,7 +843,10 @@ authenticated.post(
); );
authenticated.post( authenticated.post(
`/resource/:resourceId/header-auth`, [
`/resource/:resourceId/header-auth`,
`/public-resource/:resourceId/header-auth`
],
verifyApiKeyResourceAccess, verifyApiKeyResourceAccess,
verifyLimits, verifyLimits,
verifyApiKeyHasAction(ActionsEnum.setResourceHeaderAuth), verifyApiKeyHasAction(ActionsEnum.setResourceHeaderAuth),
@@ -768,7 +855,10 @@ authenticated.post(
); );
authenticated.post( authenticated.post(
`/resource/:resourceId/whitelist`, [
`/resource/:resourceId/whitelist`,
`/public-resource/:resourceId/whitelist`
],
verifyApiKeyResourceAccess, verifyApiKeyResourceAccess,
verifyLimits, verifyLimits,
verifyApiKeyHasAction(ActionsEnum.setResourceWhitelist), verifyApiKeyHasAction(ActionsEnum.setResourceWhitelist),
@@ -777,7 +867,10 @@ authenticated.post(
); );
authenticated.post( authenticated.post(
`/resource/:resourceId/whitelist/add`, [
`/resource/:resourceId/whitelist/add`,
`/public-resource/:resourceId/whitelist/add`
],
verifyApiKeyResourceAccess, verifyApiKeyResourceAccess,
verifyLimits, verifyLimits,
verifyApiKeyHasAction(ActionsEnum.setResourceWhitelist), verifyApiKeyHasAction(ActionsEnum.setResourceWhitelist),
@@ -785,7 +878,10 @@ authenticated.post(
); );
authenticated.post( authenticated.post(
`/resource/:resourceId/whitelist/remove`, [
`/resource/:resourceId/whitelist/remove`,
`/public-resource/:resourceId/whitelist/remove`
],
verifyApiKeyResourceAccess, verifyApiKeyResourceAccess,
verifyLimits, verifyLimits,
verifyApiKeyHasAction(ActionsEnum.setResourceWhitelist), verifyApiKeyHasAction(ActionsEnum.setResourceWhitelist),
@@ -793,14 +889,20 @@ authenticated.post(
); );
authenticated.get( authenticated.get(
`/resource/:resourceId/whitelist`, [
`/resource/:resourceId/whitelist`,
`/public-resource/:resourceId/whitelist`
],
verifyApiKeyResourceAccess, verifyApiKeyResourceAccess,
verifyApiKeyHasAction(ActionsEnum.getResourceWhitelist), verifyApiKeyHasAction(ActionsEnum.getResourceWhitelist),
resource.getResourceWhitelist resource.getResourceWhitelist
); );
authenticated.post( authenticated.post(
`/resource/:resourceId/access-token`, [
`/resource/:resourceId/access-token`,
`/public-resource/:resourceId/access-token`
],
verifyApiKeyResourceAccess, verifyApiKeyResourceAccess,
verifyLimits, verifyLimits,
verifyApiKeyHasAction(ActionsEnum.generateAccessToken), verifyApiKeyHasAction(ActionsEnum.generateAccessToken),
@@ -809,7 +911,10 @@ authenticated.post(
); );
authenticated.post( authenticated.post(
`/resource/:resourceId/session-token`, [
`/resource/:resourceId/session-token`,
`/public-resource/:resourceId/session-token`
],
verifyApiKeyResourceAccess, verifyApiKeyResourceAccess,
verifyApiKeyUserAccess, verifyApiKeyUserAccess,
verifyLimits, verifyLimits,
@@ -834,7 +939,10 @@ authenticated.get(
); );
authenticated.get( authenticated.get(
`/resource/:resourceId/access-tokens`, [
`/resource/:resourceId/access-tokens`,
`/public-resource/:resourceId/access-tokens`
],
verifyApiKeyResourceAccess, verifyApiKeyResourceAccess,
verifyApiKeyHasAction(ActionsEnum.listAccessTokens), verifyApiKeyHasAction(ActionsEnum.listAccessTokens),
accessToken.listAccessTokens accessToken.listAccessTokens
@@ -1164,7 +1272,7 @@ authenticated.get(
); );
authenticated.get( authenticated.get(
"/org/:orgId/resource-names", ["/org/:orgId/resource-names", "/org/:orgId/public-resource-names"],
verifyApiKeyOrgAccess, verifyApiKeyOrgAccess,
verifyApiKeyHasAction(ActionsEnum.listResources), verifyApiKeyHasAction(ActionsEnum.listResources),
resource.listAllResourceNames resource.listAllResourceNames
+15 -2
View File
@@ -168,7 +168,7 @@ registry.registerPath({
path: "/org/{orgId}/resource-policy/{niceId}", path: "/org/{orgId}/resource-policy/{niceId}",
description: description:
"Get a resource policy by orgId and niceId. NiceId is a readable ID for the resource and unique on a per org basis.", "Get a resource policy by orgId and niceId. NiceId is a readable ID for the resource and unique on a per org basis.",
tags: [OpenAPITags.Org, OpenAPITags.Policy], tags: [OpenAPITags.PublicResourcePolicy],
request: { request: {
params: z.object({ params: z.object({
orgId: z.string(), orgId: z.string(),
@@ -182,7 +182,20 @@ registry.registerPath({
method: "get", method: "get",
path: "/resource-policy/{resourcePolicyId}", path: "/resource-policy/{resourcePolicyId}",
description: "Get a resource policy by its resourcePolicyId.", description: "Get a resource policy by its resourcePolicyId.",
tags: [OpenAPITags.Policy], tags: [OpenAPITags.PublicResourcePolicyLegacy],
request: {
params: z.object({
resourcePolicyId: z.number()
})
},
responses: {}
});
registry.registerPath({
method: "get",
path: "/public-resource-policy/{resourcePolicyId}",
description: "Get a resource policy by its resourcePolicyId.",
tags: [OpenAPITags.PublicResourcePolicy],
request: { request: {
params: z.object({ params: z.object({
resourcePolicyId: z.number() resourcePolicyId: z.number()
@@ -40,7 +40,26 @@ registry.registerPath({
path: "/resource-policy/{resourceId}/access-control", path: "/resource-policy/{resourceId}/access-control",
description: description:
"Set access control users for a resource policy, including SSO, users, roles, Identity provider.", "Set access control users for a resource policy, including SSO, users, roles, Identity provider.",
tags: [OpenAPITags.Policy, OpenAPITags.User], tags: [OpenAPITags.PublicResourcePolicyLegacy],
request: {
params: setResourcePolicyAccessControlParamsSchema,
body: {
content: {
"application/json": {
schema: setResourcePolicyAcccessControlBodySchema
}
}
}
},
responses: {}
});
registry.registerPath({
method: "post",
path: "/public-resource-policy/{resourceId}/access-control",
description:
"Set access control users for a resource policy, including SSO, users, roles, Identity provider.",
tags: [OpenAPITags.PublicResourcePolicy, OpenAPITags.User],
request: { request: {
params: setResourcePolicyAccessControlParamsSchema, params: setResourcePolicyAccessControlParamsSchema,
body: { body: {
@@ -29,7 +29,26 @@ registry.registerPath({
path: "/resource-policy/{resourcePolicyId}/header-auth", path: "/resource-policy/{resourcePolicyId}/header-auth",
description: description:
"Set or update the header authentication for a resource policy. If user and password is not provided, it will remove the header authentication.", "Set or update the header authentication for a resource policy. If user and password is not provided, it will remove the header authentication.",
tags: [OpenAPITags.Policy], tags: [OpenAPITags.PublicResourcePolicyLegacy],
request: {
params: setResourcePolicyHeaderAuthParamsSchema,
body: {
content: {
"application/json": {
schema: setResourcePolicyHeaderAuthBodySchema
}
}
}
},
responses: {}
});
registry.registerPath({
method: "put",
path: "/public-resource-policy/{resourcePolicyId}/header-auth",
description:
"Set or update the header authentication for a resource policy. If user and password is not provided, it will remove the header authentication.",
tags: [OpenAPITags.PublicResourcePolicy],
request: { request: {
params: setResourcePolicyHeaderAuthParamsSchema, params: setResourcePolicyHeaderAuthParamsSchema,
body: { body: {
@@ -24,7 +24,26 @@ registry.registerPath({
path: "/resource-policy/{resourcePolicyId}/password", path: "/resource-policy/{resourcePolicyId}/password",
description: description:
"Set the password for a resource policy. Setting the password to null will remove it.", "Set the password for a resource policy. Setting the password to null will remove it.",
tags: [OpenAPITags.Policy], tags: [OpenAPITags.PublicResourcePolicyLegacy],
request: {
params: setResourcePolicyPasswordParamsSchema,
body: {
content: {
"application/json": {
schema: setResourcePolicyPasswordBodySchema
}
}
}
},
responses: {}
});
registry.registerPath({
method: "put",
path: "/public-resource-policy/{resourcePolicyId}/password",
description:
"Set the password for a resource policy. Setting the password to null will remove it.",
tags: [OpenAPITags.PublicResourcePolicy],
request: { request: {
params: setResourcePolicyPasswordParamsSchema, params: setResourcePolicyPasswordParamsSchema,
body: { body: {
@@ -27,7 +27,26 @@ registry.registerPath({
path: "/resource-policy/{resourcePolicyId}/pincode", path: "/resource-policy/{resourcePolicyId}/pincode",
description: description:
"Set the PIN code for a resource policy. Setting the PIN code to null will remove it.", "Set the PIN code for a resource policy. Setting the PIN code to null will remove it.",
tags: [OpenAPITags.Policy], tags: [OpenAPITags.PublicResourcePolicyLegacy],
request: {
params: setResourcePolicyPincodeParamsSchema,
body: {
content: {
"application/json": {
schema: setResourcePolicyPincodeBodySchema
}
}
}
},
responses: {}
});
registry.registerPath({
method: "put",
path: "/public-resource-policy/{resourcePolicyId}/pincode",
description:
"Set the PIN code for a resource policy. Setting the PIN code to null will remove it.",
tags: [OpenAPITags.PublicResourcePolicy],
request: { request: {
params: setResourcePolicyPincodeParamsSchema, params: setResourcePolicyPincodeParamsSchema,
body: { body: {
@@ -47,7 +47,26 @@ registry.registerPath({
path: "/resource-policy/{resourcePolicyId}/rules", path: "/resource-policy/{resourcePolicyId}/rules",
description: description:
"Set all rules for a resource policy at once. This will replace all existing rules.", "Set all rules for a resource policy at once. This will replace all existing rules.",
tags: [OpenAPITags.Policy], tags: [OpenAPITags.PublicResourcePolicyLegacy],
request: {
params: setResourcePolicyRulesParamsSchema,
body: {
content: {
"application/json": {
schema: setResourcePolicyRulesBodySchema
}
}
}
},
responses: {}
});
registry.registerPath({
method: "put",
path: "/public-resource-policy/{resourcePolicyId}/rules",
description:
"Set all rules for a resource policy at once. This will replace all existing rules.",
tags: [OpenAPITags.PublicResourcePolicy],
request: { request: {
params: setResourcePolicyRulesParamsSchema, params: setResourcePolicyRulesParamsSchema,
body: { body: {
@@ -32,7 +32,26 @@ registry.registerPath({
path: "/resource-policy/{resourcePolicyId}/whitelist", path: "/resource-policy/{resourcePolicyId}/whitelist",
description: description:
"Set email whitelist for a resource policy. This will replace all existing emails.", "Set email whitelist for a resource policy. This will replace all existing emails.",
tags: [OpenAPITags.Policy], tags: [OpenAPITags.PublicResourcePolicyLegacy],
request: {
params: setResourcePolicyWhitelistParamsSchema,
body: {
content: {
"application/json": {
schema: setResourcePolicyWhitelistBodySchema
}
}
}
},
responses: {}
});
registry.registerPath({
method: "put",
path: "/public-resource-policy/{resourcePolicyId}/whitelist",
description:
"Set email whitelist for a resource policy. This will replace all existing emails.",
tags: [OpenAPITags.PublicResourcePolicy],
request: { request: {
params: setResourcePolicyWhitelistParamsSchema, params: setResourcePolicyWhitelistParamsSchema,
body: { body: {
+19 -1
View File
@@ -22,7 +22,25 @@ registry.registerPath({
method: "put", method: "put",
path: "/resource-policy/{resourcePolicyId}", path: "/resource-policy/{resourcePolicyId}",
description: "Update a resource policy.", description: "Update a resource policy.",
tags: [OpenAPITags.Org, OpenAPITags.Policy], tags: [OpenAPITags.PublicResourcePolicy],
request: {
params: updateResourcePolicyParamsSchema,
body: {
content: {
"application/json": {
schema: updateResourcePolicyBodySchema
}
}
}
},
responses: {}
});
registry.registerPath({
method: "put",
path: "/public-resource-policy/{resourcePolicyId}",
description: "Update a resource policy.",
tags: [OpenAPITags.PublicResourcePolicy],
request: { request: {
params: updateResourcePolicyParamsSchema, params: updateResourcePolicyParamsSchema,
body: { body: {
@@ -34,6 +34,39 @@ registry.registerPath({
method: "post", method: "post",
path: "/resource/{resourceId}/whitelist/add", path: "/resource/{resourceId}/whitelist/add",
description: "Add a single email to the resource whitelist.", description: "Add a single email to the resource whitelist.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: addEmailToResourceWhitelistParamsSchema,
body: {
content: {
"application/json": {
schema: addEmailToResourceWhitelistBodySchema
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "post",
path: "/public-resource/{resourceId}/whitelist/add",
description: "Add a single email to the resource whitelist.",
tags: [OpenAPITags.PublicResource], tags: [OpenAPITags.PublicResource],
request: { request: {
params: addEmailToResourceWhitelistParamsSchema, params: addEmailToResourceWhitelistParamsSchema,
@@ -144,10 +177,7 @@ export async function addEmailToResourceWhitelist(
.from(resourcePolicyWhiteList) .from(resourcePolicyWhiteList)
.where( .where(
and( and(
eq( eq(resourcePolicyWhiteList.resourcePolicyId, policyId),
resourcePolicyWhiteList.resourcePolicyId,
policyId
),
eq(resourcePolicyWhiteList.email, email) eq(resourcePolicyWhiteList.email, email)
) )
); );
@@ -28,6 +28,40 @@ const addRoleToResourceParamsSchema = z
registry.registerPath({ registry.registerPath({
method: "post", method: "post",
path: "/resource/{resourceId}/roles/add", path: "/resource/{resourceId}/roles/add",
description:
"Add a single role to a resource. When the resource has an inline policy defined (no shared resource policy assigned), the role is added to the inline policy instead of directly to the resource.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: addRoleToResourceParamsSchema,
body: {
content: {
"application/json": {
schema: addRoleToResourceBodySchema
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "post",
path: "/public-resource/{resourceId}/roles/add",
description: description:
"Add a single role to a resource. When the resource has an inline policy defined (no shared resource policy assigned), the role is added to the inline policy instead of directly to the resource.", "Add a single role to a resource. When the resource has an inline policy defined (no shared resource policy assigned), the role is added to the inline policy instead of directly to the resource.",
tags: [OpenAPITags.PublicResource, OpenAPITags.Role], tags: [OpenAPITags.PublicResource, OpenAPITags.Role],
@@ -28,6 +28,40 @@ const addUserToResourceParamsSchema = z
registry.registerPath({ registry.registerPath({
method: "post", method: "post",
path: "/resource/{resourceId}/users/add", path: "/resource/{resourceId}/users/add",
description:
"Add a single user to a resource. When the resource has an inline policy defined (no shared resource policy assigned), the user is added to the inline policy instead of directly to the resource.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: addUserToResourceParamsSchema,
body: {
content: {
"application/json": {
schema: addUserToResourceBodySchema
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "post",
path: "/public-resource/{resourceId}/users/add",
description: description:
"Add a single user to a resource. When the resource has an inline policy defined (no shared resource policy assigned), the user is added to the inline policy instead of directly to the resource.", "Add a single user to a resource. When the resource has an inline policy defined (no shared resource policy assigned), the user is added to the inline policy instead of directly to the resource.",
tags: [OpenAPITags.PublicResource, OpenAPITags.User], tags: [OpenAPITags.PublicResource, OpenAPITags.User],
+33
View File
@@ -153,6 +153,39 @@ registry.registerPath({
method: "put", method: "put",
path: "/org/{orgId}/resource", path: "/org/{orgId}/resource",
description: "Create a resource.", description: "Create a resource.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: createResourceParamsSchema,
body: {
content: {
"application/json": {
schema: createHttpResourceSchema.or(createRawResourceSchema)
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "put",
path: "/org/{orgId}/public-resource",
description: "Create a resource.",
tags: [OpenAPITags.PublicResource], tags: [OpenAPITags.PublicResource],
request: { request: {
params: createResourceParamsSchema, params: createResourceParamsSchema,
@@ -32,6 +32,39 @@ registry.registerPath({
method: "put", method: "put",
path: "/resource/{resourceId}/rule", path: "/resource/{resourceId}/rule",
description: "Create a resource rule.", description: "Create a resource rule.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: createResourceRuleParamsSchema,
body: {
content: {
"application/json": {
schema: createResourceRuleSchema
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "put",
path: "/public-resource/{resourceId}/rule",
description: "Create a resource rule.",
tags: [OpenAPITags.PublicResource, OpenAPITags.Rule], tags: [OpenAPITags.PublicResource, OpenAPITags.Rule],
request: { request: {
params: createResourceRuleParamsSchema, params: createResourceRuleParamsSchema,
+26
View File
@@ -22,6 +22,32 @@ registry.registerPath({
method: "delete", method: "delete",
path: "/resource/{resourceId}", path: "/resource/{resourceId}",
description: "Delete a resource.", description: "Delete a resource.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: deleteResourceSchema
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "delete",
path: "/public-resource/{resourceId}",
description: "Delete a resource.",
tags: [OpenAPITags.PublicResource], tags: [OpenAPITags.PublicResource],
request: { request: {
params: deleteResourceSchema params: deleteResourceSchema
@@ -19,6 +19,32 @@ registry.registerPath({
method: "delete", method: "delete",
path: "/resource/{resourceId}/rule/{ruleId}", path: "/resource/{resourceId}/rule/{ruleId}",
description: "Delete a resource rule.", description: "Delete a resource rule.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: deleteResourceRuleSchema
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "delete",
path: "/public-resource/{resourceId}/rule/{ruleId}",
description: "Delete a resource rule.",
tags: [OpenAPITags.PublicResource, OpenAPITags.Rule], tags: [OpenAPITags.PublicResource, OpenAPITags.Rule],
request: { request: {
params: deleteResourceRuleSchema params: deleteResourceRuleSchema
+29 -1
View File
@@ -63,7 +63,7 @@ registry.registerPath({
path: "/org/{orgId}/resource/{niceId}", path: "/org/{orgId}/resource/{niceId}",
description: description:
"Get a resource by orgId and niceId. NiceId is a readable ID for the resource and unique on a per org basis.", "Get a resource by orgId and niceId. NiceId is a readable ID for the resource and unique on a per org basis.",
tags: [OpenAPITags.PublicResource], tags: [OpenAPITags.PublicResourceLegacy],
request: { request: {
params: z.object({ params: z.object({
orgId: z.string(), orgId: z.string(),
@@ -92,6 +92,34 @@ registry.registerPath({
method: "get", method: "get",
path: "/resource/{resourceId}", path: "/resource/{resourceId}",
description: "Get a resource by resourceId.", description: "Get a resource by resourceId.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: z.object({
resourceId: z.number()
})
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "get",
path: "/public-resource/{resourceId}",
description: "Get a resource by resourceId.",
tags: [OpenAPITags.PublicResource], tags: [OpenAPITags.PublicResource],
request: { request: {
params: z.object({ params: z.object({
+15 -2
View File
@@ -25,8 +25,21 @@ export type GetResourcePoliciesResponse = {
registry.registerPath({ registry.registerPath({
method: "get", method: "get",
path: "/resource/{resourceId}/policies", path: "/resource/{resourceId}/policies",
description: "Get the inline and shared policies associated with a resource.", description:
tags: [OpenAPITags.PublicResource, OpenAPITags.Policy], "Get the inline and shared policies associated with a resource.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: getResourcePoliciesParamsSchema
},
responses: {}
});
registry.registerPath({
method: "get",
path: "/public-resource/{resourceId}/policies",
description:
"Get the inline and shared policies associated with a resource.",
tags: [OpenAPITags.PublicResource, OpenAPITags.PublicResourcePolicy],
request: { request: {
params: getResourcePoliciesParamsSchema params: getResourcePoliciesParamsSchema
}, },
@@ -44,6 +44,32 @@ registry.registerPath({
method: "get", method: "get",
path: "/resource/{resourceId}/whitelist", path: "/resource/{resourceId}/whitelist",
description: "Get the whitelist of emails for a specific resource.", description: "Get the whitelist of emails for a specific resource.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: getResourceWhitelistSchema
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "get",
path: "/public-resource/{resourceId}/whitelist",
description: "Get the whitelist of emails for a specific resource.",
tags: [OpenAPITags.PublicResource], tags: [OpenAPITags.PublicResource],
request: { request: {
params: getResourceWhitelistSchema params: getResourceWhitelistSchema
@@ -33,6 +33,34 @@ registry.registerPath({
method: "get", method: "get",
path: "/org/{orgId}/resources-names", path: "/org/{orgId}/resources-names",
description: "List all resource names for an organization.", description: "List all resource names for an organization.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: z.object({
orgId: z.string()
})
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "get",
path: "/org/{orgId}/public-resource-names",
description: "List all resource names for an organization.",
tags: [OpenAPITags.PublicResource], tags: [OpenAPITags.PublicResource],
request: { request: {
params: z.object({ params: z.object({
@@ -48,6 +48,32 @@ registry.registerPath({
method: "get", method: "get",
path: "/resource/{resourceId}/roles", path: "/resource/{resourceId}/roles",
description: "List all roles for a resource.", description: "List all roles for a resource.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: listResourceRolesSchema
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "get",
path: "/public-resource/{resourceId}/roles",
description: "List all roles for a resource.",
tags: [OpenAPITags.PublicResource, OpenAPITags.Role], tags: [OpenAPITags.PublicResource, OpenAPITags.Role],
request: { request: {
params: listResourceRolesSchema params: listResourceRolesSchema
@@ -71,6 +71,33 @@ registry.registerPath({
method: "get", method: "get",
path: "/resource/{resourceId}/rules", path: "/resource/{resourceId}/rules",
description: "List rules for a resource.", description: "List rules for a resource.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: listResourceRulesParamsSchema,
query: listResourceRulesSchema
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "get",
path: "/public-resource/{resourceId}/rules",
description: "List rules for a resource.",
tags: [OpenAPITags.PublicResource, OpenAPITags.Rule], tags: [OpenAPITags.PublicResource, OpenAPITags.Rule],
request: { request: {
params: listResourceRulesParamsSchema, params: listResourceRulesParamsSchema,
@@ -38,6 +38,32 @@ registry.registerPath({
method: "get", method: "get",
path: "/resource/{resourceId}/users", path: "/resource/{resourceId}/users",
description: "List all users for a resource.", description: "List all users for a resource.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: listResourceUsersSchema
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "get",
path: "/public-resource/{resourceId}/users",
description: "List all users for a resource.",
tags: [OpenAPITags.PublicResource, OpenAPITags.User], tags: [OpenAPITags.PublicResource, OpenAPITags.User],
request: { request: {
params: listResourceUsersSchema params: listResourceUsersSchema
+29
View File
@@ -400,6 +400,35 @@ registry.registerPath({
method: "get", method: "get",
path: "/org/{orgId}/resources", path: "/org/{orgId}/resources",
description: "List resources for an organization.", description: "List resources for an organization.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: z.object({
orgId: z.string()
}),
query: listResourcesSchema
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "get",
path: "/org/{orgId}/public-resources",
description: "List resources for an organization.",
tags: [OpenAPITags.PublicResource], tags: [OpenAPITags.PublicResource],
request: { request: {
params: z.object({ params: z.object({
@@ -34,6 +34,39 @@ registry.registerPath({
method: "post", method: "post",
path: "/resource/{resourceId}/whitelist/remove", path: "/resource/{resourceId}/whitelist/remove",
description: "Remove a single email from the resource whitelist.", description: "Remove a single email from the resource whitelist.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: removeEmailFromResourceWhitelistParamsSchema,
body: {
content: {
"application/json": {
schema: removeEmailFromResourceWhitelistBodySchema
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "post",
path: "/public-resource/{resourceId}/whitelist/remove",
description: "Remove a single email from the resource whitelist.",
tags: [OpenAPITags.PublicResource], tags: [OpenAPITags.PublicResource],
request: { request: {
params: removeEmailFromResourceWhitelistParamsSchema, params: removeEmailFromResourceWhitelistParamsSchema,
@@ -143,10 +176,7 @@ export async function removeEmailFromResourceWhitelist(
.from(resourcePolicyWhiteList) .from(resourcePolicyWhiteList)
.where( .where(
and( and(
eq( eq(resourcePolicyWhiteList.resourcePolicyId, policyId),
resourcePolicyWhiteList.resourcePolicyId,
policyId
),
eq(resourcePolicyWhiteList.email, email) eq(resourcePolicyWhiteList.email, email)
) )
); );
@@ -164,10 +194,7 @@ export async function removeEmailFromResourceWhitelist(
.delete(resourcePolicyWhiteList) .delete(resourcePolicyWhiteList)
.where( .where(
and( and(
eq( eq(resourcePolicyWhiteList.resourcePolicyId, policyId),
resourcePolicyWhiteList.resourcePolicyId,
policyId
),
eq(resourcePolicyWhiteList.email, email) eq(resourcePolicyWhiteList.email, email)
) )
); );
@@ -29,6 +29,39 @@ registry.registerPath({
method: "post", method: "post",
path: "/resource/{resourceId}/roles/remove", path: "/resource/{resourceId}/roles/remove",
description: "Remove a single role from a resource.", description: "Remove a single role from a resource.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: removeRoleFromResourceParamsSchema,
body: {
content: {
"application/json": {
schema: removeRoleFromResourceBodySchema
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "post",
path: "/public-resource/{resourceId}/roles/remove",
description: "Remove a single role from a resource.",
tags: [OpenAPITags.PublicResource, OpenAPITags.Role], tags: [OpenAPITags.PublicResource, OpenAPITags.Role],
request: { request: {
params: removeRoleFromResourceParamsSchema, params: removeRoleFromResourceParamsSchema,
@@ -29,6 +29,39 @@ registry.registerPath({
method: "post", method: "post",
path: "/resource/{resourceId}/users/remove", path: "/resource/{resourceId}/users/remove",
description: "Remove a single user from a resource.", description: "Remove a single user from a resource.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: removeUserFromResourceParamsSchema,
body: {
content: {
"application/json": {
schema: removeUserFromResourceBodySchema
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "post",
path: "/public-resource/{resourceId}/users/remove",
description: "Remove a single user from a resource.",
tags: [OpenAPITags.PublicResource, OpenAPITags.User], tags: [OpenAPITags.PublicResource, OpenAPITags.User],
request: { request: {
params: removeUserFromResourceParamsSchema, params: removeUserFromResourceParamsSchema,
@@ -29,6 +29,40 @@ const setResourceAuthMethodsBodySchema = z.strictObject({
registry.registerPath({ registry.registerPath({
method: "post", method: "post",
path: "/resource/{resourceId}/header-auth", path: "/resource/{resourceId}/header-auth",
description:
"Set or update the header authentication for a resource. If user and password is not provided, it will remove the header authentication.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: setResourceAuthMethodsParamsSchema,
body: {
content: {
"application/json": {
schema: setResourceAuthMethodsBodySchema
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "post",
path: "/public-resource/{resourceId}/header-auth",
description: description:
"Set or update the header authentication for a resource. If user and password is not provided, it will remove the header authentication.", "Set or update the header authentication for a resource. If user and password is not provided, it will remove the header authentication.",
tags: [OpenAPITags.PublicResource], tags: [OpenAPITags.PublicResource],
@@ -27,6 +27,40 @@ const setResourceAuthMethodsBodySchema = z.strictObject({
registry.registerPath({ registry.registerPath({
method: "post", method: "post",
path: "/resource/{resourceId}/password", path: "/resource/{resourceId}/password",
description:
"Set the password for a resource. Setting the password to null will remove it.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: setResourceAuthMethodsParamsSchema,
body: {
content: {
"application/json": {
schema: setResourceAuthMethodsBodySchema
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "post",
path: "/public-resource/{resourceId}/password",
description: description:
"Set the password for a resource. Setting the password to null will remove it.", "Set the password for a resource. Setting the password to null will remove it.",
tags: [OpenAPITags.PublicResource], tags: [OpenAPITags.PublicResource],
@@ -27,6 +27,40 @@ const setResourceAuthMethodsBodySchema = z.strictObject({
registry.registerPath({ registry.registerPath({
method: "post", method: "post",
path: "/resource/{resourceId}/pincode", path: "/resource/{resourceId}/pincode",
description:
"Set the PIN code for a resource. Setting the PIN code to null will remove it.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: setResourceAuthMethodsParamsSchema,
body: {
content: {
"application/json": {
schema: setResourceAuthMethodsBodySchema
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "post",
path: "/public-resource/{resourceId}/pincode",
description: description:
"Set the PIN code for a resource. Setting the PIN code to null will remove it.", "Set the PIN code for a resource. Setting the PIN code to null will remove it.",
tags: [OpenAPITags.PublicResource], tags: [OpenAPITags.PublicResource],
@@ -21,6 +21,40 @@ const setResourceRolesParamsSchema = z.strictObject({
registry.registerPath({ registry.registerPath({
method: "post", method: "post",
path: "/resource/{resourceId}/roles", path: "/resource/{resourceId}/roles",
description:
"Set roles for a resource. This will replace all existing roles. When the resource has an inline policy defined (no shared resource policy assigned), roles are set on the inline policy instead of directly on the resource.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: setResourceRolesParamsSchema,
body: {
content: {
"application/json": {
schema: setResourceRolesBodySchema
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "post",
path: "/public-resource/{resourceId}/roles",
description: description:
"Set roles for a resource. This will replace all existing roles. When the resource has an inline policy defined (no shared resource policy assigned), roles are set on the inline policy instead of directly on the resource.", "Set roles for a resource. This will replace all existing roles. When the resource has an inline policy defined (no shared resource policy assigned), roles are set on the inline policy instead of directly on the resource.",
tags: [OpenAPITags.PublicResource, OpenAPITags.Role], tags: [OpenAPITags.PublicResource, OpenAPITags.Role],
@@ -21,6 +21,40 @@ const setUserResourcesParamsSchema = z.strictObject({
registry.registerPath({ registry.registerPath({
method: "post", method: "post",
path: "/resource/{resourceId}/users", path: "/resource/{resourceId}/users",
description:
"Set users for a resource. This will replace all existing users. When the resource has an inline policy defined (no shared resource policy assigned), users are set on the inline policy instead of directly on the resource.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: setUserResourcesParamsSchema,
body: {
content: {
"application/json": {
schema: setUserResourcesBodySchema
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "post",
path: "/public-resource/{resourceId}/users",
description: description:
"Set users for a resource. This will replace all existing users. When the resource has an inline policy defined (no shared resource policy assigned), users are set on the inline policy instead of directly on the resource.", "Set users for a resource. This will replace all existing users. When the resource has an inline policy defined (no shared resource policy assigned), users are set on the inline policy instead of directly on the resource.",
tags: [OpenAPITags.PublicResource, OpenAPITags.User], tags: [OpenAPITags.PublicResource, OpenAPITags.User],
@@ -35,6 +35,40 @@ const setResourceWhitelistParamsSchema = z.strictObject({
registry.registerPath({ registry.registerPath({
method: "post", method: "post",
path: "/resource/{resourceId}/whitelist", path: "/resource/{resourceId}/whitelist",
description:
"Set email whitelist for a resource. This will replace all existing emails.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: setResourceWhitelistParamsSchema,
body: {
content: {
"application/json": {
schema: setResourceWhitelistBodySchema
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "post",
path: "/public-resource/{resourceId}/whitelist",
description: description:
"Set email whitelist for a resource. This will replace all existing emails.", "Set email whitelist for a resource. This will replace all existing emails.",
tags: [OpenAPITags.PublicResource], tags: [OpenAPITags.PublicResource],
+36
View File
@@ -240,6 +240,42 @@ const updateRawResourceBodySchema = z
registry.registerPath({ registry.registerPath({
method: "post", method: "post",
path: "/resource/{resourceId}", path: "/resource/{resourceId}",
description:
"Update a resource. Policy fields (sso, mfa, pincode, password, whitelist) update the inline policy when no shared resource policy is assigned; when a shared policy is assigned those fields override the shared policy for this resource only.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: updateResourceParamsSchema,
body: {
content: {
"application/json": {
schema: updateHttpResourceBodySchema.and(
updateRawResourceBodySchema
)
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "post",
path: "/public-resource/{resourceId}",
description: description:
"Update a resource. Policy fields (sso, mfa, pincode, password, whitelist) update the inline policy when no shared resource policy is assigned; when a shared policy is assigned those fields override the shared policy for this resource only.", "Update a resource. Policy fields (sso, mfa, pincode, password, whitelist) update the inline policy when no shared resource policy is assigned; when a shared policy is assigned those fields override the shared policy for this resource only.",
tags: [OpenAPITags.PublicResource], tags: [OpenAPITags.PublicResource],
@@ -49,6 +49,39 @@ registry.registerPath({
method: "post", method: "post",
path: "/resource/{resourceId}/rule/{ruleId}", path: "/resource/{resourceId}/rule/{ruleId}",
description: "Update a resource rule.", description: "Update a resource rule.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: updateResourceRuleParamsSchema,
body: {
content: {
"application/json": {
schema: updateResourceRuleSchema
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "post",
path: "/public-resource/{resourceId}/rule/{ruleId}",
description: "Update a resource rule.",
tags: [OpenAPITags.PublicResource, OpenAPITags.Rule], tags: [OpenAPITags.PublicResource, OpenAPITags.Rule],
request: { request: {
params: updateResourceRuleParamsSchema, params: updateResourceRuleParamsSchema,
+1 -1
View File
@@ -177,7 +177,7 @@ registry.registerPath({
method: "get", method: "get",
path: "/org/{orgId}/sites", path: "/org/{orgId}/sites",
description: "List all sites in an organization", description: "List all sites in an organization",
tags: [OpenAPITags.Org, OpenAPITags.Site], tags: [OpenAPITags.Site],
request: { request: {
params: listSitesParamsSchema, params: listSitesParamsSchema,
query: listSitesSchema query: listSitesSchema
@@ -31,6 +31,40 @@ const addClientToSiteResourceParamsSchema = z
registry.registerPath({ registry.registerPath({
method: "post", method: "post",
path: "/site-resource/{siteResourceId}/clients/add", path: "/site-resource/{siteResourceId}/clients/add",
description:
"Add a single client to a site resource. Clients with a userId cannot be added.",
tags: [OpenAPITags.PrivateResourceLegacy],
request: {
params: addClientToSiteResourceParamsSchema,
body: {
content: {
"application/json": {
schema: addClientToSiteResourceBodySchema
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "post",
path: "/private-resource/{siteResourceId}/clients/add",
description: description:
"Add a single client to a site resource. Clients with a userId cannot be added.", "Add a single client to a site resource. Clients with a userId cannot be added.",
tags: [OpenAPITags.PrivateResource, OpenAPITags.Client], tags: [OpenAPITags.PrivateResource, OpenAPITags.Client],
@@ -33,6 +33,39 @@ registry.registerPath({
method: "post", method: "post",
path: "/site-resource/{siteResourceId}/roles/add", path: "/site-resource/{siteResourceId}/roles/add",
description: "Add a single role to a site resource.", description: "Add a single role to a site resource.",
tags: [OpenAPITags.PrivateResourceLegacy],
request: {
params: addRoleToSiteResourceParamsSchema,
body: {
content: {
"application/json": {
schema: addRoleToSiteResourceBodySchema
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "post",
path: "/private-resource/{siteResourceId}/roles/add",
description: "Add a single role to a site resource.",
tags: [OpenAPITags.PrivateResource, OpenAPITags.Role], tags: [OpenAPITags.PrivateResource, OpenAPITags.Role],
request: { request: {
params: addRoleToSiteResourceParamsSchema, params: addRoleToSiteResourceParamsSchema,
@@ -33,6 +33,39 @@ registry.registerPath({
method: "post", method: "post",
path: "/site-resource/{siteResourceId}/users/add", path: "/site-resource/{siteResourceId}/users/add",
description: "Add a single user to a site resource.", description: "Add a single user to a site resource.",
tags: [OpenAPITags.PrivateResourceLegacy],
request: {
params: addUserToSiteResourceParamsSchema,
body: {
content: {
"application/json": {
schema: addUserToSiteResourceBodySchema
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "post",
path: "/private-resource/{siteResourceId}/users/add",
description: "Add a single user to a site resource.",
tags: [OpenAPITags.PrivateResource, OpenAPITags.User], tags: [OpenAPITags.PrivateResource, OpenAPITags.User],
request: { request: {
params: addUserToSiteResourceParamsSchema, params: addUserToSiteResourceParamsSchema,
@@ -38,6 +38,39 @@ registry.registerPath({
method: "post", method: "post",
path: "/client/{clientId}/site-resources", path: "/client/{clientId}/site-resources",
description: "Add a machine client to multiple site resources at once.", description: "Add a machine client to multiple site resources at once.",
tags: [OpenAPITags.PrivateResourceLegacy],
request: {
params: batchAddClientToSiteResourcesParamsSchema,
body: {
content: {
"application/json": {
schema: batchAddClientToSiteResourcesBodySchema
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "post",
path: "/client/{clientId}/private-resources",
description: "Add a machine client to multiple site resources at once.",
tags: [OpenAPITags.Client], tags: [OpenAPITags.Client],
request: { request: {
params: batchAddClientToSiteResourcesParamsSchema, params: batchAddClientToSiteResourcesParamsSchema,
@@ -208,6 +208,39 @@ registry.registerPath({
method: "put", method: "put",
path: "/org/{orgId}/site-resource", path: "/org/{orgId}/site-resource",
description: "Create a new site resource.", description: "Create a new site resource.",
tags: [OpenAPITags.PrivateResourceLegacy],
request: {
params: createSiteResourceParamsSchema,
body: {
content: {
"application/json": {
schema: createSiteResourceSchema
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "put",
path: "/org/{orgId}/private-resource",
description: "Create a new site resource.",
tags: [OpenAPITags.PrivateResource], tags: [OpenAPITags.PrivateResource],
request: { request: {
params: createSiteResourceParamsSchema, params: createSiteResourceParamsSchema,
@@ -27,6 +27,32 @@ registry.registerPath({
method: "delete", method: "delete",
path: "/site-resource/{siteResourceId}", path: "/site-resource/{siteResourceId}",
description: "Delete a site resource.", description: "Delete a site resource.",
tags: [OpenAPITags.PrivateResourceLegacy],
request: {
params: deleteSiteResourceParamsSchema
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "delete",
path: "/private-resource/{siteResourceId}",
description: "Delete a site resource.",
tags: [OpenAPITags.PrivateResource], tags: [OpenAPITags.PrivateResource],
request: { request: {
params: deleteSiteResourceParamsSchema params: deleteSiteResourceParamsSchema
@@ -57,6 +57,36 @@ registry.registerPath({
method: "get", method: "get",
path: "/site-resource/{siteResourceId}", path: "/site-resource/{siteResourceId}",
description: "Get a specific site resource by siteResourceId.", description: "Get a specific site resource by siteResourceId.",
tags: [OpenAPITags.PrivateResourceLegacy],
request: {
params: z.object({
siteResourceId: z.number(),
siteId: z.number(),
orgId: z.string()
})
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "get",
path: "/private-resource/{siteResourceId}",
description: "Get a specific site resource by siteResourceId.",
tags: [OpenAPITags.PrivateResource], tags: [OpenAPITags.PrivateResource],
request: { request: {
params: z.object({ params: z.object({
@@ -221,6 +221,33 @@ registry.registerPath({
method: "get", method: "get",
path: "/org/{orgId}/site-resources", path: "/org/{orgId}/site-resources",
description: "List all site resources for an organization.", description: "List all site resources for an organization.",
tags: [OpenAPITags.PrivateResourceLegacy],
request: {
params: listAllSiteResourcesByOrgParamsSchema,
query: listAllSiteResourcesByOrgQuerySchema
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "get",
path: "/org/{orgId}/private-resources",
description: "List all site resources for an organization.",
tags: [OpenAPITags.PrivateResource], tags: [OpenAPITags.PrivateResource],
request: { request: {
params: listAllSiteResourcesByOrgParamsSchema, params: listAllSiteResourcesByOrgParamsSchema,
@@ -39,6 +39,32 @@ registry.registerPath({
method: "get", method: "get",
path: "/site-resource/{siteResourceId}/clients", path: "/site-resource/{siteResourceId}/clients",
description: "List all clients for a site resource.", description: "List all clients for a site resource.",
tags: [OpenAPITags.PrivateResourceLegacy],
request: {
params: listSiteResourceClientsSchema
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "get",
path: "/private-resource/{siteResourceId}/clients",
description: "List all clients for a site resource.",
tags: [OpenAPITags.PrivateResource, OpenAPITags.Client], tags: [OpenAPITags.PrivateResource, OpenAPITags.Client],
request: { request: {
params: listSiteResourceClientsSchema params: listSiteResourceClientsSchema
@@ -40,6 +40,32 @@ registry.registerPath({
method: "get", method: "get",
path: "/site-resource/{siteResourceId}/roles", path: "/site-resource/{siteResourceId}/roles",
description: "List all roles for a site resource.", description: "List all roles for a site resource.",
tags: [OpenAPITags.PrivateResourceLegacy],
request: {
params: listSiteResourceRolesSchema
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "get",
path: "/private-resource/{siteResourceId}/roles",
description: "List all roles for a site resource.",
tags: [OpenAPITags.PrivateResource, OpenAPITags.Role], tags: [OpenAPITags.PrivateResource, OpenAPITags.Role],
request: { request: {
params: listSiteResourceRolesSchema params: listSiteResourceRolesSchema
@@ -43,6 +43,32 @@ registry.registerPath({
method: "get", method: "get",
path: "/site-resource/{siteResourceId}/users", path: "/site-resource/{siteResourceId}/users",
description: "List all users for a site resource.", description: "List all users for a site resource.",
tags: [OpenAPITags.PrivateResourceLegacy],
request: {
params: listSiteResourceUsersSchema
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "get",
path: "/private-resource/{siteResourceId}/users",
description: "List all users for a site resource.",
tags: [OpenAPITags.PrivateResource, OpenAPITags.User], tags: [OpenAPITags.PrivateResource, OpenAPITags.User],
request: { request: {
params: listSiteResourceUsersSchema params: listSiteResourceUsersSchema
@@ -58,6 +58,33 @@ registry.registerPath({
method: "get", method: "get",
path: "/org/{orgId}/site/{siteId}/resources", path: "/org/{orgId}/site/{siteId}/resources",
description: "List site resources for a site.", description: "List site resources for a site.",
tags: [OpenAPITags.PrivateResourceLegacy],
request: {
params: listSiteResourcesParamsSchema,
query: listSiteResourcesQuerySchema
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "get",
path: "/org/{orgId}/site/{siteId}/private-resources",
description: "List site resources for a site.",
tags: [OpenAPITags.PrivateResource], tags: [OpenAPITags.PrivateResource],
request: { request: {
params: listSiteResourcesParamsSchema, params: listSiteResourcesParamsSchema,
@@ -31,6 +31,40 @@ const removeClientFromSiteResourceParamsSchema = z
registry.registerPath({ registry.registerPath({
method: "post", method: "post",
path: "/site-resource/{siteResourceId}/clients/remove", path: "/site-resource/{siteResourceId}/clients/remove",
description:
"Remove a single client from a site resource. Clients with a userId cannot be removed.",
tags: [OpenAPITags.PrivateResourceLegacy],
request: {
params: removeClientFromSiteResourceParamsSchema,
body: {
content: {
"application/json": {
schema: removeClientFromSiteResourceBodySchema
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "post",
path: "/private-resource/{siteResourceId}/clients/remove",
description: description:
"Remove a single client from a site resource. Clients with a userId cannot be removed.", "Remove a single client from a site resource. Clients with a userId cannot be removed.",
tags: [OpenAPITags.PrivateResource, OpenAPITags.Client], tags: [OpenAPITags.PrivateResource, OpenAPITags.Client],
@@ -33,6 +33,39 @@ registry.registerPath({
method: "post", method: "post",
path: "/site-resource/{siteResourceId}/roles/remove", path: "/site-resource/{siteResourceId}/roles/remove",
description: "Remove a single role from a site resource.", description: "Remove a single role from a site resource.",
tags: [OpenAPITags.PrivateResourceLegacy],
request: {
params: removeRoleFromSiteResourceParamsSchema,
body: {
content: {
"application/json": {
schema: removeRoleFromSiteResourceBodySchema
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "post",
path: "/private-resource/{siteResourceId}/roles/remove",
description: "Remove a single role from a site resource.",
tags: [OpenAPITags.PrivateResource, OpenAPITags.Role], tags: [OpenAPITags.PrivateResource, OpenAPITags.Role],
request: { request: {
params: removeRoleFromSiteResourceParamsSchema, params: removeRoleFromSiteResourceParamsSchema,
@@ -33,6 +33,39 @@ registry.registerPath({
method: "post", method: "post",
path: "/site-resource/{siteResourceId}/users/remove", path: "/site-resource/{siteResourceId}/users/remove",
description: "Remove a single user from a site resource.", description: "Remove a single user from a site resource.",
tags: [OpenAPITags.PrivateResourceLegacy],
request: {
params: removeUserFromSiteResourceParamsSchema,
body: {
content: {
"application/json": {
schema: removeUserFromSiteResourceBodySchema
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "post",
path: "/private-resource/{siteResourceId}/users/remove",
description: "Remove a single user from a site resource.",
tags: [OpenAPITags.PrivateResource, OpenAPITags.User], tags: [OpenAPITags.PrivateResource, OpenAPITags.User],
request: { request: {
params: removeUserFromSiteResourceParamsSchema, params: removeUserFromSiteResourceParamsSchema,
@@ -31,6 +31,40 @@ const setSiteResourceClientsParamsSchema = z
registry.registerPath({ registry.registerPath({
method: "post", method: "post",
path: "/site-resource/{siteResourceId}/clients", path: "/site-resource/{siteResourceId}/clients",
description:
"Set clients for a site resource. This will replace all existing clients. Clients with a userId cannot be added.",
tags: [OpenAPITags.PrivateResourceLegacy],
request: {
params: setSiteResourceClientsParamsSchema,
body: {
content: {
"application/json": {
schema: setSiteResourceClientsBodySchema
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "post",
path: "/private-resource/{siteResourceId}/clients",
description: description:
"Set clients for a site resource. This will replace all existing clients. Clients with a userId cannot be added.", "Set clients for a site resource. This will replace all existing clients. Clients with a userId cannot be added.",
tags: [OpenAPITags.PrivateResource, OpenAPITags.Client], tags: [OpenAPITags.PrivateResource, OpenAPITags.Client],
@@ -32,6 +32,40 @@ const setSiteResourceRolesParamsSchema = z
registry.registerPath({ registry.registerPath({
method: "post", method: "post",
path: "/site-resource/{siteResourceId}/roles", path: "/site-resource/{siteResourceId}/roles",
description:
"Set roles for a site resource. This will replace all existing roles.",
tags: [OpenAPITags.PrivateResourceLegacy],
request: {
params: setSiteResourceRolesParamsSchema,
body: {
content: {
"application/json": {
schema: setSiteResourceRolesBodySchema
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "post",
path: "/private-resource/{siteResourceId}/roles",
description: description:
"Set roles for a site resource. This will replace all existing roles.", "Set roles for a site resource. This will replace all existing roles.",
tags: [OpenAPITags.PrivateResource, OpenAPITags.Role], tags: [OpenAPITags.PrivateResource, OpenAPITags.Role],
@@ -33,6 +33,40 @@ const setSiteResourceUsersParamsSchema = z
registry.registerPath({ registry.registerPath({
method: "post", method: "post",
path: "/site-resource/{siteResourceId}/users", path: "/site-resource/{siteResourceId}/users",
description:
"Set users for a site resource. This will replace all existing users.",
tags: [OpenAPITags.PrivateResourceLegacy],
request: {
params: setSiteResourceUsersParamsSchema,
body: {
content: {
"application/json": {
schema: setSiteResourceUsersBodySchema
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "post",
path: "/private-resource/{siteResourceId}/users",
description: description:
"Set users for a site resource. This will replace all existing users.", "Set users for a site resource. This will replace all existing users.",
tags: [OpenAPITags.PrivateResource, OpenAPITags.User], tags: [OpenAPITags.PrivateResource, OpenAPITags.User],
@@ -208,6 +208,39 @@ registry.registerPath({
method: "post", method: "post",
path: "/site-resource/{siteResourceId}", path: "/site-resource/{siteResourceId}",
description: "Update a site resource.", description: "Update a site resource.",
tags: [OpenAPITags.PrivateResourceLegacy],
request: {
params: updateSiteResourceParamsSchema,
body: {
content: {
"application/json": {
schema: updateSiteResourceSchema
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "post",
path: "/private-resource/{siteResourceId}",
description: "Update a site resource.",
tags: [OpenAPITags.PrivateResource], tags: [OpenAPITags.PrivateResource],
request: { request: {
params: updateSiteResourceParamsSchema, params: updateSiteResourceParamsSchema,
+33
View File
@@ -93,6 +93,39 @@ registry.registerPath({
method: "put", method: "put",
path: "/resource/{resourceId}/target", path: "/resource/{resourceId}/target",
description: "Create a target for a resource.", description: "Create a target for a resource.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: createTargetParamsSchema,
body: {
content: {
"application/json": {
schema: createTargetSchema
}
}
}
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "put",
path: "/public-resource/{resourceId}/target",
description: "Create a target for a resource.",
tags: [OpenAPITags.PublicResource, OpenAPITags.Target], tags: [OpenAPITags.PublicResource, OpenAPITags.Target],
request: { request: {
params: createTargetParamsSchema, params: createTargetParamsSchema,
+27
View File
@@ -92,6 +92,33 @@ registry.registerPath({
method: "get", method: "get",
path: "/resource/{resourceId}/targets", path: "/resource/{resourceId}/targets",
description: "List targets for a resource.", description: "List targets for a resource.",
tags: [OpenAPITags.PublicResourceLegacy],
request: {
params: listTargetsParamsSchema,
query: listTargetsSchema
},
responses: {
200: {
description: "Successful response",
content: {
"application/json": {
schema: z.object({
data: z.record(z.string(), z.any()).nullable(),
success: z.boolean(),
error: z.boolean(),
message: z.string(),
status: z.number()
})
}
}
}
}
});
registry.registerPath({
method: "get",
path: "/public-resource/{resourceId}/targets",
description: "List targets for a resource.",
tags: [OpenAPITags.PublicResource, OpenAPITags.Target], tags: [OpenAPITags.PublicResource, OpenAPITags.Target],
request: { request: {
params: listTargetsParamsSchema, params: listTargetsParamsSchema,
+7 -40
View File
@@ -16,11 +16,8 @@ import LoginCardHeader from "@app/components/LoginCardHeader";
import { priv } from "@app/lib/api"; import { priv } from "@app/lib/api";
import { AxiosResponse } from "axios"; import { AxiosResponse } from "axios";
import { LoginFormIDP } from "@app/components/LoginForm"; import { LoginFormIDP } from "@app/components/LoginForm";
import { ListIdpsResponse, type GetIdpResponse } from "@server/routers/idp"; import { ListIdpsResponse } from "@server/routers/idp";
import type { Metadata } from "next"; import type { Metadata } from "next";
import { cookies } from "next/headers";
import { LAST_USED_IDP_COOKIE_NAME } from "@app/lib/consts";
import z from "zod";
export const metadata: Metadata = { export const metadata: Metadata = {
title: "Log In" title: "Log In"
@@ -32,9 +29,8 @@ export default async function Page(props: {
searchParams: Promise<{ [key: string]: string | string[] | undefined }>; searchParams: Promise<{ [key: string]: string | string[] | undefined }>;
}) { }) {
const searchParams = await props.searchParams; const searchParams = await props.searchParams;
const user = await verifySession({ skipCheckVerifyEmail: true }); const getUser = cache(verifySession);
const user = await getUser({ skipCheckVerifyEmail: true });
const lastUsedIdpCookie = (await cookies()).get(LAST_USED_IDP_COOKIE_NAME);
const isInvite = searchParams?.redirect?.includes("/invite"); const isInvite = searchParams?.redirect?.includes("/invite");
const forceLoginParam = searchParams?.forceLogin; const forceLoginParam = searchParams?.forceLogin;
@@ -89,47 +85,19 @@ export default async function Page(props: {
(build === "enterprise" && env.app.identityProviderMode === "org"); (build === "enterprise" && env.app.identityProviderMode === "org");
let loginIdps: LoginFormIDP[] = []; let loginIdps: LoginFormIDP[] = [];
let lastUsedIdpForSmartLogin: (LoginFormIDP & { orgId?: string }) | null =
null;
if (!useSmartLogin) { if (!useSmartLogin) {
// Load IdPs for DashboardLoginForm (OSS or org-only IdP mode) // Load IdPs for DashboardLoginForm (OSS or org-only IdP mode)
if (build === "oss" || env.app.identityProviderMode !== "org") { if (build === "oss" || env.app.identityProviderMode !== "org") {
const idpsRes = const idpsRes = await cache(
await priv.get<AxiosResponse<ListIdpsResponse>>("/idp"); async () =>
await priv.get<AxiosResponse<ListIdpsResponse>>("/idp")
)();
loginIdps = idpsRes.data.data.idps.map((idp) => ({ loginIdps = idpsRes.data.data.idps.map((idp) => ({
idpId: idp.idpId, idpId: idp.idpId,
name: idp.name, name: idp.name,
variant: idp.type variant: idp.type
})) as LoginFormIDP[]; })) as LoginFormIDP[];
} }
} else {
if (lastUsedIdpCookie) {
const lastUsedIdpSchema = z.object({
orgId: z.string().optional(),
idpId: z.number()
});
try {
const persistedData = lastUsedIdpSchema.parse(
JSON.parse(lastUsedIdpCookie.value)
);
const idpRes = await priv.get<AxiosResponse<GetIdpResponse>>(
`/idp/${persistedData.idpId}`
);
const idp = idpRes.data.data.idp;
lastUsedIdpForSmartLogin = {
idpId: idp.idpId,
name: idp.name,
variant: idp.type,
orgId: persistedData.orgId,
lastUsed: true
};
} catch (error) {
// the idp might not exist or the data is malformatted, skip this
}
}
} }
const t = await getTranslations(); const t = await getTranslations();
@@ -192,7 +160,6 @@ export default async function Page(props: {
redirect={redirectUrl} redirect={redirectUrl}
forceLogin={forceLogin} forceLogin={forceLogin}
defaultUser={defaultUser} defaultUser={defaultUser}
lastUsedIdp={lastUsedIdpForSmartLogin}
orgSignIn={ orgSignIn={
!isInvite && !isInvite &&
(build === "saas" || (build === "saas" ||
+4 -1
View File
@@ -5,6 +5,7 @@ import UserProvider from "@app/providers/UserProvider";
import { ListUserOrgsResponse } from "@server/routers/org"; import { ListUserOrgsResponse } from "@server/routers/org";
import { AxiosResponse } from "axios"; import { AxiosResponse } from "axios";
import { redirect } from "next/navigation"; import { redirect } from "next/navigation";
import { cache } from "react";
import OrganizationLanding from "@app/components/OrganizationLanding"; import OrganizationLanding from "@app/components/OrganizationLanding";
import { pullEnv } from "@app/lib/pullEnv"; import { pullEnv } from "@app/lib/pullEnv";
import { cleanRedirect } from "@app/lib/cleanRedirect"; import { cleanRedirect } from "@app/lib/cleanRedirect";
@@ -12,6 +13,7 @@ import { Layout } from "@app/components/Layout";
import RedirectToOrg from "@app/components/RedirectToOrg"; import RedirectToOrg from "@app/components/RedirectToOrg";
import { InitialSetupCompleteResponse } from "@server/routers/auth"; import { InitialSetupCompleteResponse } from "@server/routers/auth";
import { cookies } from "next/headers"; import { cookies } from "next/headers";
import { build } from "@server/build";
export const dynamic = "force-dynamic"; export const dynamic = "force-dynamic";
@@ -27,7 +29,8 @@ export default async function Page(props: {
const env = pullEnv(); const env = pullEnv();
const user = await verifySession({ skipCheckVerifyEmail: true }); const getUser = cache(verifySession);
const user = await getUser({ skipCheckVerifyEmail: true });
let complete = false; let complete = false;
try { try {
+26 -52
View File
@@ -1,25 +1,26 @@
"use client"; "use client";
import { generateOidcUrlProxy } from "@app/actions/server"; import { useEffect, useState } from "react";
import IdpTypeIcon from "@app/components/IdpTypeIcon";
import { Alert, AlertDescription } from "@app/components/ui/alert";
import { Button } from "@app/components/ui/button"; import { Button } from "@app/components/ui/button";
import { cleanRedirect } from "@app/lib/cleanRedirect"; import { Alert, AlertDescription } from "@app/components/ui/alert";
import { LAST_USED_IDP_COOKIE_NAME } from "@app/lib/consts";
import { setClientCookie } from "@app/lib/setClientCookie";
import { useTranslations } from "next-intl"; import { useTranslations } from "next-intl";
import IdpTypeIcon from "@app/components/IdpTypeIcon";
import {
generateOidcUrlProxy,
type GenerateOidcUrlResponse
} from "@app/actions/server";
import { import {
redirect as redirectTo, redirect as redirectTo,
useRouter, useParams,
useSearchParams useSearchParams
} from "next/navigation"; } from "next/navigation";
import { useEffect, useState, useTransition } from "react"; import { useRouter } from "next/navigation";
import { cleanRedirect } from "@app/lib/cleanRedirect";
export type LoginFormIDP = { export type LoginFormIDP = {
idpId: number; idpId: number;
name: string; name: string;
variant?: string; variant?: string;
lastUsed?: boolean;
}; };
type IdpLoginButtonsProps = { type IdpLoginButtonsProps = {
@@ -34,6 +35,7 @@ export default function IdpLoginButtons({
orgId orgId
}: IdpLoginButtonsProps) { }: IdpLoginButtonsProps) {
const [error, setError] = useState<string | null>(null); const [error, setError] = useState<string | null>(null);
const [loading, setLoading] = useState(false);
const t = useTranslations(); const t = useTranslations();
const params = useSearchParams(); const params = useSearchParams();
@@ -50,22 +52,10 @@ export default function IdpLoginButtons({
} }
}, []); }, []);
const [loading, startTransition] = useTransition();
async function loginWithIdp(idpId: number) { async function loginWithIdp(idpId: number) {
setLoading(true);
setError(null); setError(null);
setClientCookie(
LAST_USED_IDP_COOKIE_NAME,
JSON.stringify({
orgId,
idpId
}),
{
sameSite: "Lax"
}
);
let redirectToUrl: string | undefined; let redirectToUrl: string | undefined;
try { try {
console.log("generating", idpId, redirect || "/", orgId); console.log("generating", idpId, redirect || "/", orgId);
@@ -78,6 +68,7 @@ export default function IdpLoginButtons({
if (response.error) { if (response.error) {
setError(response.message); setError(response.message);
setLoading(false);
return; return;
} }
@@ -93,6 +84,7 @@ export default function IdpLoginButtons({
"An unexpected error occurred. Please try again." "An unexpected error occurred. Please try again."
}) })
); );
setLoading(false);
} }
if (redirectToUrl) { if (redirectToUrl) {
@@ -132,38 +124,20 @@ export default function IdpLoginButtons({
idp.variant || idp.name.toLowerCase(); idp.variant || idp.name.toLowerCase();
return ( return (
<div <Button
className="w-full relative"
key={idp.idpId} key={idp.idpId}
type="button"
variant="outline"
className="w-full inline-flex items-center space-x-2"
onClick={() => {
loginWithIdp(idp.idpId);
}}
disabled={loading}
loading={loading}
> >
<Button <IdpTypeIcon type={effectiveType} size={16} />
key={idp.idpId} <span>{idp.name}</span>
type="button" </Button>
variant="outline"
className="w-full inline-flex items-center space-x-2 after:absolute after:inset-0 after:z-10"
onClick={() => {
startTransition(() =>
loginWithIdp(idp.idpId)
);
}}
disabled={loading}
loading={loading}
>
<IdpTypeIcon
type={effectiveType}
size={16}
/>
<span>{idp.name}</span>
</Button>
{idp.lastUsed && (
<div className="absolute inset-0">
<span className="absolute top-0 right-0 text-xs bg-primary text-primary-foreground rounded-bl-sm rounded-tr-sm px-2 py-0.5">
{t("idpLastUsed")}
</span>
</div>
)}
</div>
); );
})} })}
</> </>
+19 -38
View File
@@ -30,7 +30,10 @@ import Link from "next/link";
import { GenerateOidcUrlResponse } from "@server/routers/idp"; import { GenerateOidcUrlResponse } from "@server/routers/idp";
import { Separator } from "./ui/separator"; import { Separator } from "./ui/separator";
import { useTranslations } from "next-intl"; import { useTranslations } from "next-intl";
import { generateOidcUrlProxy, loginProxy } from "@app/actions/server"; import {
generateOidcUrlProxy,
loginProxy
} from "@app/actions/server";
import { redirect as redirectTo } from "next/navigation"; import { redirect as redirectTo } from "next/navigation";
import { useEnvContext } from "@app/hooks/useEnvContext"; import { useEnvContext } from "@app/hooks/useEnvContext";
import IdpTypeIcon from "@app/components/IdpTypeIcon"; import IdpTypeIcon from "@app/components/IdpTypeIcon";
@@ -38,13 +41,11 @@ import IdpTypeIcon from "@app/components/IdpTypeIcon";
import { loadReoScript } from "reodotdev"; import { loadReoScript } from "reodotdev";
import { build } from "@server/build"; import { build } from "@server/build";
import MfaInputForm from "@app/components/MfaInputForm"; import MfaInputForm from "@app/components/MfaInputForm";
import { useLocalStorage } from "@app/hooks/useLocalStorage";
export type LoginFormIDP = { export type LoginFormIDP = {
idpId: number; idpId: number;
name: string; name: string;
variant?: string; variant?: string;
lastUsed?: boolean;
}; };
type LoginFormProps = { type LoginFormProps = {
@@ -104,6 +105,7 @@ export default function LoginForm({
} }
}, []); }, []);
const formSchema = z.object({ const formSchema = z.object({
email: z.string().email({ message: t("emailInvalid") }), email: z.string().email({ message: t("emailInvalid") }),
password: z.string().min(8, { message: t("passwordRequirementsChars") }) password: z.string().min(8, { message: t("passwordRequirementsChars") })
@@ -128,16 +130,11 @@ export default function LoginForm({
} }
}); });
const [lastUsedIdpId, setLastUsedIdpId] = useLocalStorage<string | null>(
"login:last-used-idp",
null
);
async function onSubmit(values: any) { async function onSubmit(values: any) {
const { email, password } = form.getValues(); const { email, password } = form.getValues();
const { code } = mfaForm.getValues(); const { code } = mfaForm.getValues();
setLastUsedIdpId(null);
setLoading(true); setLoading(true);
setError(null); setError(null);
@@ -182,7 +179,8 @@ export default function LoginForm({
if (data.useSecurityKey) { if (data.useSecurityKey) {
setError( setError(
t("securityKeyRequired", { t("securityKeyRequired", {
defaultValue: "Please use your security key to sign in." defaultValue:
"Please use your security key to sign in."
}) })
); );
return; return;
@@ -244,8 +242,6 @@ export default function LoginForm({
async function loginWithIdp(idpId: number) { async function loginWithIdp(idpId: number) {
let redirectUrl: string | undefined; let redirectUrl: string | undefined;
setLastUsedIdpId(idpId.toString());
try { try {
const data = await generateOidcUrlProxy( const data = await generateOidcUrlProxy(
idpId, idpId,
@@ -360,6 +356,7 @@ export default function LoginForm({
)} )}
<div className="space-y-4"> <div className="space-y-4">
{!mfaRequested && ( {!mfaRequested && (
<> <>
<SecurityKeyAuthButton <SecurityKeyAuthButton
@@ -388,41 +385,25 @@ export default function LoginForm({
idp.variant || idp.name.toLowerCase(); idp.variant || idp.name.toLowerCase();
return ( return (
<div <Button
className="w-full relative"
key={idp.idpId} key={idp.idpId}
type="button"
variant="outline"
className="w-full inline-flex items-center space-x-2"
onClick={() => {
loginWithIdp(idp.idpId);
}}
> >
<Button <IdpTypeIcon type={effectiveType} size={16} />
key={idp.idpId} <span>{idp.name}</span>
type="button" </Button>
variant="outline"
className="w-full inline-flex items-center space-x-2 after:absolute after:inset-0 after:z-10"
onClick={() => {
loginWithIdp(idp.idpId);
}}
>
<IdpTypeIcon
type={effectiveType}
size={16}
/>
<span>{idp.name}</span>
</Button>
{lastUsedIdpId ===
idp.idpId.toString() && (
<div className="absolute inset-0">
<span className="absolute top-0 right-0 text-xs bg-primary text-primary-foreground rounded-bl-sm rounded-tr-sm px-2 py-0.5">
{t("idpLastUsed")}
</span>
</div>
)}
</div>
); );
})} })}
</> </>
)} )}
</> </>
)} )}
</div> </div>
</div> </div>
); );
-8
View File
@@ -22,8 +22,6 @@ import Link from "next/link";
import { useEnvContext } from "@app/hooks/useEnvContext"; import { useEnvContext } from "@app/hooks/useEnvContext";
import { cleanRedirect } from "@app/lib/cleanRedirect"; import { cleanRedirect } from "@app/lib/cleanRedirect";
import MfaInputForm from "@app/components/MfaInputForm"; import MfaInputForm from "@app/components/MfaInputForm";
import { LAST_USED_IDP_COOKIE_NAME } from "@app/lib/consts";
import { setClientCookie } from "@app/lib/setClientCookie";
type LoginPasswordFormProps = { type LoginPasswordFormProps = {
identifier: string; identifier: string;
@@ -84,12 +82,6 @@ export default function LoginPasswordForm({
const { password } = values; const { password } = values;
const { code } = mfaForm.getValues(); const { code } = mfaForm.getValues();
// delete last used auth cookie by setting it in the past
setClientCookie(LAST_USED_IDP_COOKIE_NAME, JSON.stringify(null), {
sameSite: "Lax",
days: -1
});
setLoading(true); setLoading(true);
setError(null); setError(null);
+1 -14
View File
@@ -27,8 +27,6 @@ import UserProfileCard from "@app/components/UserProfileCard";
import SecurityKeyAuthButton from "@app/components/SecurityKeyAuthButton"; import SecurityKeyAuthButton from "@app/components/SecurityKeyAuthButton";
import { Separator } from "@app/components/ui/separator"; import { Separator } from "@app/components/ui/separator";
import OrgSignInLink from "@app/components/OrgSignInLink"; import OrgSignInLink from "@app/components/OrgSignInLink";
import type { LoginFormIDP } from "./LoginForm";
import IdpLoginButtons from "./IdpLoginButtons";
const identifierSchema = z.object({ const identifierSchema = z.object({
identifier: z.string().min(1, "Username or email is required") identifier: z.string().min(1, "Username or email is required")
@@ -55,7 +53,6 @@ type SmartLoginFormProps = {
forceLogin?: boolean; forceLogin?: boolean;
defaultUser?: string; defaultUser?: string;
orgSignIn?: OrgSignInConfig; orgSignIn?: OrgSignInConfig;
lastUsedIdp?: (LoginFormIDP & { orgId?: string }) | null;
}; };
type ViewState = type ViewState =
@@ -92,8 +89,7 @@ export default function SmartLoginForm({
redirect, redirect,
forceLogin, forceLogin,
defaultUser, defaultUser,
orgSignIn, orgSignIn
lastUsedIdp
}: SmartLoginFormProps) { }: SmartLoginFormProps) {
const router = useRouter(); const router = useRouter();
const { env } = useEnvContext(); const { env } = useEnvContext();
@@ -298,15 +294,6 @@ export default function SmartLoginForm({
</span> </span>
</div> </div>
</div> </div>
{lastUsedIdp && (
<IdpLoginButtons
idps={[lastUsedIdp]}
orgId={lastUsedIdp.orgId}
redirect={redirect}
/>
)}
<OrgSignInLink <OrgSignInLink
href={orgSignIn.href} href={orgSignIn.href}
linkText={orgSignIn.linkText} linkText={orgSignIn.linkText}
-13
View File
@@ -17,8 +17,6 @@ import {
} from "next/navigation"; } from "next/navigation";
import { cleanRedirect } from "@app/lib/cleanRedirect"; import { cleanRedirect } from "@app/lib/cleanRedirect";
import { Separator } from "@app/components/ui/separator"; import { Separator } from "@app/components/ui/separator";
import { setClientCookie } from "@app/lib/setClientCookie";
import { LAST_USED_IDP_COOKIE_NAME } from "@app/lib/consts";
type SmartLoginOrgSelectorProps = { type SmartLoginOrgSelectorProps = {
identifier: string; identifier: string;
@@ -143,17 +141,6 @@ export default function SmartLoginOrgSelector({
setPendingIdpId(idpId); setPendingIdpId(idpId);
setError(null); setError(null);
setClientCookie(
LAST_USED_IDP_COOKIE_NAME,
JSON.stringify({
orgId,
idpId
}),
{
sameSite: "Lax"
}
);
let redirectToUrl: string | undefined; let redirectToUrl: string | undefined;
try { try {
const safeRedirect = cleanRedirect(redirect || "/"); const safeRedirect = cleanRedirect(redirect || "/");
-1
View File
@@ -1 +0,0 @@
export const LAST_USED_IDP_COOKIE_NAME = "p__last_used_idp";
-32
View File
@@ -1,32 +0,0 @@
/**
* Set a cookie on the client side in javascript code, not on the server
* @param name
* @param value
* @param days
* @param options
*/
export function setClientCookie(
name: string,
value: string,
options: {
days?: number;
path?: string;
secure?: boolean;
sameSite?: "Strict" | "Lax" | "None";
} = {}
): void {
let cookie = `${encodeURIComponent(name)}=${encodeURIComponent(value)}`;
if (options.days) {
const date = new Date();
date.setTime(date.getTime() + options.days * 864e5);
cookie += `; expires=${date.toUTCString()}`;
}
cookie += `; path=${options.path ?? "/"}`;
if (options.secure) cookie += "; Secure";
if (options.sameSite) cookie += `; SameSite=${options.sameSite}`;
document.cookie = cookie;
}