From 4de4bf9625c8110abbc3a108e305ac0bbd1bd531 Mon Sep 17 00:00:00 2001 From: Fred KISSIE Date: Sat, 7 Mar 2026 03:35:26 +0100 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20use=20resource=20policies=20for=20a?= =?UTF-8?q?uth=20check?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- server/routers/resource/listResources.ts | 96 ++++++++++++++---------- 1 file changed, 56 insertions(+), 40 deletions(-) diff --git a/server/routers/resource/listResources.ts b/server/routers/resource/listResources.ts index f9dd14e98..4becfb579 100644 --- a/server/routers/resource/listResources.ts +++ b/server/routers/resource/listResources.ts @@ -1,9 +1,9 @@ import { db, - resourceHeaderAuth, - resourceHeaderAuthExtendedCompatibility, - resourcePassword, - resourcePincode, + resourcePolicies, + resourcePolicyHeaderAuth, + resourcePolicyPassword, + resourcePolicyPincode, resources, roleResources, targetHealthCheck, @@ -169,38 +169,54 @@ function queryResourcesBase() { name: resources.name, ssl: resources.ssl, fullDomain: resources.fullDomain, - passwordId: resourcePassword.passwordId, - sso: resources.sso, - pincodeId: resourcePincode.pincodeId, - whitelist: resources.emailWhitelistEnabled, + passwordId: resourcePolicyPassword.passwordId, + sso: resourcePolicies.sso, + pincodeId: resourcePolicyPincode.pincodeId, + whitelist: resourcePolicies.emailWhitelistEnabled, http: resources.http, protocol: resources.protocol, proxyPort: resources.proxyPort, enabled: resources.enabled, domainId: resources.domainId, niceId: resources.niceId, - headerAuthId: resourceHeaderAuth.headerAuthId, - headerAuthExtendedCompatibilityId: - resourceHeaderAuthExtendedCompatibility.headerAuthExtendedCompatibilityId + headerAuthId: resourcePolicyHeaderAuth.headerAuthId, + headerAuthExtendedCompatibility: + resourcePolicyHeaderAuth.extendedCompatibility }) .from(resources) .leftJoin( - resourcePassword, - eq(resourcePassword.resourceId, resources.resourceId) + resourcePolicies, + or( + eq( + resourcePolicies.resourcePolicyId, + resources.resourcePolicyId + ), + eq( + resourcePolicies.resourcePolicyId, + resources.defaultResourcePolicyId + ) + ) ) + .leftJoin( - resourcePincode, - eq(resourcePincode.resourceId, resources.resourceId) - ) - .leftJoin( - resourceHeaderAuth, - eq(resourceHeaderAuth.resourceId, resources.resourceId) - ) - .leftJoin( - resourceHeaderAuthExtendedCompatibility, + resourcePolicyPassword, eq( - resourceHeaderAuthExtendedCompatibility.resourceId, - resources.resourceId + resourcePolicyPassword.resourcePolicyId, + resourcePolicies.resourcePolicyId + ) + ) + .leftJoin( + resourcePolicyPincode, + eq( + resourcePolicyPincode.resourcePolicyId, + resourcePolicies.resourcePolicyId + ) + ) + .leftJoin( + resourcePolicyHeaderAuth, + eq( + resourcePolicyHeaderAuth.resourcePolicyId, + resourcePolicies.resourcePolicyId ) ) .leftJoin(targets, eq(targets.resourceId, resources.resourceId)) @@ -210,10 +226,10 @@ function queryResourcesBase() { ) .groupBy( resources.resourceId, - resourcePassword.passwordId, - resourcePincode.pincodeId, - resourceHeaderAuth.headerAuthId, - resourceHeaderAuthExtendedCompatibility.headerAuthExtendedCompatibilityId + resourcePolicies.resourcePolicyId, + resourcePolicyPassword.passwordId, + resourcePolicyPincode.pincodeId, + resourcePolicyHeaderAuth.headerAuthId ); } @@ -358,21 +374,21 @@ export async function listResources( case "protected": conditions.push( or( - eq(resources.sso, true), - eq(resources.emailWhitelistEnabled, true), - not(isNull(resourceHeaderAuth.headerAuthId)), - not(isNull(resourcePincode.pincodeId)), - not(isNull(resourcePassword.passwordId)) + eq(resourcePolicies.sso, true), + eq(resourcePolicies.emailWhitelistEnabled, true), + not(isNull(resourcePolicyHeaderAuth.headerAuthId)), + not(isNull(resourcePolicyPincode.pincodeId)), + not(isNull(resourcePolicyPassword.passwordId)) ) ); break; case "not_protected": conditions.push( - not(eq(resources.sso, true)), - not(eq(resources.emailWhitelistEnabled, true)), - isNull(resourceHeaderAuth.headerAuthId), - isNull(resourcePincode.pincodeId), - isNull(resourcePassword.passwordId) + not(eq(resourcePolicies.sso, true)), + not(eq(resourcePolicies.emailWhitelistEnabled, true)), + isNull(resourcePolicyHeaderAuth.headerAuthId), + isNull(resourcePolicyPincode.pincodeId), + isNull(resourcePolicyPassword.passwordId) ); break; } @@ -468,9 +484,9 @@ export async function listResources( ssl: row.ssl, fullDomain: row.fullDomain, passwordId: row.passwordId, - sso: row.sso, + sso: row.sso ?? false, pincodeId: row.pincodeId, - whitelist: row.whitelist, + whitelist: row.whitelist ?? false, http: row.http, protocol: row.protocol, proxyPort: row.proxyPort,