mirror of
https://github.com/fosrl/pangolin.git
synced 2026-07-11 00:12:09 +02:00
367 lines
10 KiB
TypeScript
367 lines
10 KiB
TypeScript
/*
|
|
* This file is part of a proprietary work.
|
|
*
|
|
* Copyright (c) 2025-2026 Fossorial, Inc.
|
|
* All rights reserved.
|
|
*
|
|
* This file is licensed under the Fossorial Commercial License.
|
|
* You may not use this file except in compliance with the License.
|
|
* Unauthorized use, copying, modification, or distribution is strictly prohibited.
|
|
*
|
|
* This file is not licensed under the AGPLv3.
|
|
*/
|
|
|
|
import * as orgIdp from "#private/routers/orgIdp";
|
|
import * as org from "#private/routers/org";
|
|
import * as logs from "#private/routers/auditLogs";
|
|
import * as alertEvents from "#private/routers/alertEvents";
|
|
import * as certificates from "#private/routers/certificates";
|
|
import * as policy from "#private/routers/policy";
|
|
import * as eventStreamingDestination from "#private/routers/eventStreamingDestination";
|
|
import * as alertRule from "#private/routers/alertRule";
|
|
import * as healthChecks from "#private/routers/healthChecks";
|
|
|
|
import {
|
|
verifyApiKeyHasAction,
|
|
verifyApiKeyIsRoot,
|
|
verifyApiKeyOrgAccess,
|
|
verifyApiKeyIdpAccess,
|
|
verifyApiKeyRoleAccess,
|
|
verifyApiKeyUserAccess,
|
|
verifyApiKeyResourcePolicyAccess,
|
|
verifyLimits
|
|
} from "@server/middlewares";
|
|
import * as user from "#private/routers/user";
|
|
import {
|
|
verifyValidSubscription,
|
|
verifyValidLicense
|
|
} from "#private/middlewares";
|
|
import { ActionsEnum } from "@server/auth/actions";
|
|
import {
|
|
unauthenticated as ua,
|
|
authenticated as a
|
|
} from "@server/routers/integration";
|
|
import { logActionAudit } from "#private/middlewares";
|
|
import { tierMatrix } from "@server/lib/billing/tierMatrix";
|
|
import { build } from "@server/build";
|
|
|
|
export const unauthenticated = ua;
|
|
export const authenticated = a;
|
|
|
|
if (build == "saas") {
|
|
authenticated.post(
|
|
"/org/:orgId/site/:siteId/trigger-alert",
|
|
verifyApiKeyIsRoot,
|
|
alertEvents.triggerSiteAlert
|
|
);
|
|
|
|
authenticated.post(
|
|
"/org/:orgId/resource/:resourceId/trigger-alert",
|
|
verifyApiKeyIsRoot,
|
|
alertEvents.triggerResourceAlert
|
|
);
|
|
|
|
authenticated.post(
|
|
"/org/:orgId/health-check/:healthCheckId/trigger-alert",
|
|
verifyApiKeyIsRoot,
|
|
alertEvents.triggerHealthCheckAlert
|
|
);
|
|
|
|
authenticated.post(
|
|
"/cert/sync-to-newts",
|
|
verifyApiKeyIsRoot,
|
|
certificates.syncCertToNewts
|
|
);
|
|
|
|
authenticated.post(
|
|
`/org/:orgId/send-usage-notification`,
|
|
verifyApiKeyIsRoot, // We are the only ones who can use root key so its fine
|
|
org.sendUsageNotification
|
|
);
|
|
|
|
authenticated.post(
|
|
`/org/:orgId/send-trial-notification`,
|
|
verifyApiKeyIsRoot,
|
|
org.sendTrialNotification
|
|
);
|
|
}
|
|
|
|
authenticated.delete(
|
|
"/idp/:idpId",
|
|
verifyApiKeyIsRoot,
|
|
verifyApiKeyHasAction(ActionsEnum.deleteIdp),
|
|
logActionAudit(ActionsEnum.deleteIdp),
|
|
orgIdp.deleteOrgIdp
|
|
);
|
|
|
|
authenticated.get(
|
|
"/org/:orgId/logs/action",
|
|
verifyValidLicense,
|
|
verifyValidSubscription(tierMatrix.actionLogs),
|
|
verifyApiKeyOrgAccess,
|
|
verifyApiKeyHasAction(ActionsEnum.exportLogs),
|
|
logs.queryActionAuditLogs
|
|
);
|
|
|
|
authenticated.get(
|
|
"/org/:orgId/logs/action/export",
|
|
verifyValidLicense,
|
|
verifyValidSubscription(tierMatrix.logExport),
|
|
verifyApiKeyOrgAccess,
|
|
verifyApiKeyHasAction(ActionsEnum.exportLogs),
|
|
logActionAudit(ActionsEnum.exportLogs),
|
|
logs.exportActionAuditLogs
|
|
);
|
|
|
|
authenticated.get(
|
|
"/org/:orgId/logs/access",
|
|
verifyValidLicense,
|
|
verifyValidSubscription(tierMatrix.accessLogs),
|
|
verifyApiKeyOrgAccess,
|
|
verifyApiKeyHasAction(ActionsEnum.exportLogs),
|
|
logs.queryAccessAuditLogs
|
|
);
|
|
|
|
authenticated.get(
|
|
"/org/:orgId/logs/access/export",
|
|
verifyValidLicense,
|
|
verifyValidSubscription(tierMatrix.logExport),
|
|
verifyApiKeyOrgAccess,
|
|
verifyApiKeyHasAction(ActionsEnum.exportLogs),
|
|
logActionAudit(ActionsEnum.exportLogs),
|
|
logs.exportAccessAuditLogs
|
|
);
|
|
|
|
authenticated.get(
|
|
"/org/:orgId/logs/connection",
|
|
verifyValidLicense,
|
|
verifyValidSubscription(tierMatrix.connectionLogs),
|
|
verifyApiKeyOrgAccess,
|
|
verifyApiKeyHasAction(ActionsEnum.exportLogs),
|
|
logs.queryConnectionAuditLogs
|
|
);
|
|
|
|
authenticated.get(
|
|
"/org/:orgId/logs/connection/export",
|
|
verifyValidLicense,
|
|
verifyValidSubscription(tierMatrix.logExport),
|
|
verifyApiKeyOrgAccess,
|
|
verifyApiKeyHasAction(ActionsEnum.exportLogs),
|
|
logActionAudit(ActionsEnum.exportLogs),
|
|
logs.exportConnectionAuditLogs
|
|
);
|
|
|
|
authenticated.put(
|
|
"/org/:orgId/idp/oidc",
|
|
verifyValidLicense,
|
|
verifyValidSubscription(tierMatrix.orgOidc),
|
|
verifyApiKeyOrgAccess,
|
|
verifyLimits,
|
|
verifyApiKeyHasAction(ActionsEnum.createIdp),
|
|
logActionAudit(ActionsEnum.createIdp),
|
|
orgIdp.createOrgOidcIdp
|
|
);
|
|
|
|
authenticated.post(
|
|
"/org/:orgId/idp/:idpId/oidc",
|
|
verifyValidLicense,
|
|
verifyValidSubscription(tierMatrix.orgOidc),
|
|
verifyApiKeyOrgAccess,
|
|
verifyApiKeyIdpAccess,
|
|
verifyLimits,
|
|
verifyApiKeyHasAction(ActionsEnum.updateIdp),
|
|
logActionAudit(ActionsEnum.updateIdp),
|
|
orgIdp.updateOrgOidcIdp
|
|
);
|
|
|
|
authenticated.delete(
|
|
"/org/:orgId/idp/:idpId",
|
|
verifyValidLicense,
|
|
verifyApiKeyOrgAccess,
|
|
verifyApiKeyIdpAccess,
|
|
verifyApiKeyHasAction(ActionsEnum.deleteIdp),
|
|
logActionAudit(ActionsEnum.deleteIdp),
|
|
orgIdp.deleteOrgIdp
|
|
);
|
|
|
|
authenticated.get(
|
|
"/org/:orgId/idp/:idpId",
|
|
verifyValidLicense,
|
|
verifyApiKeyOrgAccess,
|
|
verifyApiKeyIdpAccess,
|
|
verifyApiKeyHasAction(ActionsEnum.getIdp),
|
|
orgIdp.getOrgIdp
|
|
);
|
|
|
|
authenticated.get(
|
|
"/org/:orgId/idp",
|
|
verifyValidLicense,
|
|
verifyApiKeyOrgAccess,
|
|
verifyApiKeyHasAction(ActionsEnum.listIdps),
|
|
orgIdp.listOrgIdps
|
|
);
|
|
|
|
authenticated.post(
|
|
"/user/:userId/add-role/:roleId",
|
|
verifyApiKeyRoleAccess,
|
|
verifyApiKeyUserAccess,
|
|
verifyLimits,
|
|
verifyApiKeyHasAction(ActionsEnum.addUserRole),
|
|
logActionAudit(ActionsEnum.addUserRole),
|
|
user.addUserRole
|
|
);
|
|
|
|
authenticated.delete(
|
|
"/user/:userId/remove-role/:roleId",
|
|
verifyApiKeyRoleAccess,
|
|
verifyApiKeyUserAccess,
|
|
verifyLimits,
|
|
verifyApiKeyHasAction(ActionsEnum.removeUserRole),
|
|
logActionAudit(ActionsEnum.removeUserRole),
|
|
user.removeUserRole
|
|
);
|
|
|
|
authenticated.get(
|
|
["/org/:orgId/resource-policies", "/org/:orgId/public-resource-policies"],
|
|
verifyValidLicense,
|
|
verifyValidSubscription(tierMatrix.resourcePolicies),
|
|
verifyApiKeyOrgAccess,
|
|
verifyLimits,
|
|
verifyApiKeyHasAction(ActionsEnum.listResourcePolicies),
|
|
logActionAudit(ActionsEnum.listResourcePolicies),
|
|
policy.listResourcePolicies
|
|
);
|
|
|
|
authenticated.post(
|
|
["/org/:orgId/resource-policy", "/org/:orgId/public-resource-policy"],
|
|
verifyValidLicense,
|
|
verifyValidSubscription(tierMatrix.resourcePolicies),
|
|
verifyApiKeyOrgAccess,
|
|
verifyLimits,
|
|
verifyApiKeyHasAction(ActionsEnum.createResourcePolicy),
|
|
logActionAudit(ActionsEnum.createResourcePolicy),
|
|
policy.createResourcePolicy
|
|
);
|
|
|
|
authenticated.delete(
|
|
["/resource-policy/:resourcePolicyId", "/public-resource-policy/:resourcePolicyId"],
|
|
verifyApiKeyResourcePolicyAccess,
|
|
verifyValidLicense,
|
|
verifyValidSubscription(tierMatrix.resourcePolicies),
|
|
verifyLimits,
|
|
verifyApiKeyHasAction(ActionsEnum.deleteResourcePolicy),
|
|
logActionAudit(ActionsEnum.deleteResourcePolicy),
|
|
policy.deleteResourcePolicy
|
|
);
|
|
|
|
authenticated.put(
|
|
"/org/:orgId/event-streaming-destination",
|
|
verifyApiKeyOrgAccess,
|
|
verifyLimits,
|
|
verifyApiKeyHasAction(ActionsEnum.createEventStreamingDestination),
|
|
logActionAudit(ActionsEnum.createEventStreamingDestination),
|
|
eventStreamingDestination.createEventStreamingDestination
|
|
);
|
|
|
|
authenticated.post(
|
|
"/org/:orgId/event-streaming-destination/:destinationId",
|
|
verifyApiKeyOrgAccess,
|
|
verifyLimits,
|
|
verifyApiKeyHasAction(ActionsEnum.updateEventStreamingDestination),
|
|
logActionAudit(ActionsEnum.updateEventStreamingDestination),
|
|
eventStreamingDestination.updateEventStreamingDestination
|
|
);
|
|
|
|
authenticated.delete(
|
|
"/org/:orgId/event-streaming-destination/:destinationId",
|
|
verifyApiKeyOrgAccess,
|
|
verifyApiKeyHasAction(ActionsEnum.deleteEventStreamingDestination),
|
|
logActionAudit(ActionsEnum.deleteEventStreamingDestination),
|
|
eventStreamingDestination.deleteEventStreamingDestination
|
|
);
|
|
|
|
authenticated.get(
|
|
"/org/:orgId/event-streaming-destinations",
|
|
verifyApiKeyOrgAccess,
|
|
verifyApiKeyHasAction(ActionsEnum.listEventStreamingDestinations),
|
|
eventStreamingDestination.listEventStreamingDestinations
|
|
);
|
|
|
|
authenticated.put(
|
|
"/org/:orgId/alert-rule",
|
|
verifyApiKeyOrgAccess,
|
|
verifyLimits,
|
|
verifyApiKeyHasAction(ActionsEnum.createAlertRule),
|
|
logActionAudit(ActionsEnum.createAlertRule),
|
|
alertRule.createAlertRule
|
|
);
|
|
|
|
authenticated.post(
|
|
"/org/:orgId/alert-rule/:alertRuleId",
|
|
verifyApiKeyOrgAccess,
|
|
verifyApiKeyHasAction(ActionsEnum.updateAlertRule),
|
|
logActionAudit(ActionsEnum.updateAlertRule),
|
|
alertRule.updateAlertRule
|
|
);
|
|
|
|
authenticated.delete(
|
|
"/org/:orgId/alert-rule/:alertRuleId",
|
|
verifyApiKeyOrgAccess,
|
|
verifyApiKeyHasAction(ActionsEnum.deleteAlertRule),
|
|
logActionAudit(ActionsEnum.deleteAlertRule),
|
|
alertRule.deleteAlertRule
|
|
);
|
|
|
|
authenticated.get(
|
|
"/org/:orgId/alert-rules",
|
|
verifyApiKeyOrgAccess,
|
|
verifyApiKeyHasAction(ActionsEnum.listAlertRules),
|
|
alertRule.listAlertRules
|
|
);
|
|
|
|
authenticated.get(
|
|
"/org/:orgId/alert-rule/:alertRuleId",
|
|
verifyApiKeyOrgAccess,
|
|
verifyApiKeyHasAction(ActionsEnum.getAlertRule),
|
|
alertRule.getAlertRule
|
|
);
|
|
|
|
authenticated.get(
|
|
"/org/:orgId/health-checks",
|
|
verifyApiKeyOrgAccess,
|
|
verifyApiKeyHasAction(ActionsEnum.listHealthChecks),
|
|
healthChecks.listHealthChecks
|
|
);
|
|
|
|
authenticated.put(
|
|
"/org/:orgId/health-check",
|
|
verifyApiKeyOrgAccess,
|
|
verifyLimits,
|
|
verifyApiKeyHasAction(ActionsEnum.createHealthCheck),
|
|
logActionAudit(ActionsEnum.createHealthCheck),
|
|
healthChecks.createHealthCheck
|
|
);
|
|
|
|
authenticated.post(
|
|
"/org/:orgId/health-check/:healthCheckId",
|
|
verifyApiKeyOrgAccess,
|
|
verifyApiKeyHasAction(ActionsEnum.updateHealthCheck),
|
|
logActionAudit(ActionsEnum.updateHealthCheck),
|
|
healthChecks.updateHealthCheck
|
|
);
|
|
|
|
authenticated.delete(
|
|
"/org/:orgId/health-check/:healthCheckId",
|
|
verifyApiKeyOrgAccess,
|
|
verifyApiKeyHasAction(ActionsEnum.deleteHealthCheck),
|
|
logActionAudit(ActionsEnum.deleteHealthCheck),
|
|
healthChecks.deleteHealthCheck
|
|
);
|
|
|
|
authenticated.get(
|
|
"/org/:orgId/health-check/:healthCheckId/status-history",
|
|
verifyApiKeyOrgAccess,
|
|
verifyApiKeyHasAction(ActionsEnum.getTarget),
|
|
healthChecks.getHealthCheckStatusHistory
|
|
);
|