mirror of
https://github.com/fosrl/pangolin.git
synced 2026-02-27 15:26:41 +00:00
Finish adding limits checks to all put and post
This commit is contained in:
Owen
@@ -17,7 +17,7 @@ export async function verifyLimits(
|
|||||||
return next();
|
return next();
|
||||||
}
|
}
|
||||||
|
|
||||||
const orgId = req.userOrgId || req.params.orgId;
|
const orgId = req.userOrgId || req.apiKeyOrg?.orgId || req.params.orgId;
|
||||||
|
|
||||||
if (!orgId) {
|
if (!orgId) {
|
||||||
return next(); // its fine if we silently fail here because this is not critical to operation or security and its better user experience if we dont fail
|
return next(); // its fine if we silently fail here because this is not critical to operation or security and its better user experience if we dont fail
|
||||||
|
|||||||
@@ -31,7 +31,8 @@ import {
|
|||||||
verifyUserHasAction,
|
verifyUserHasAction,
|
||||||
verifyUserIsServerAdmin,
|
verifyUserIsServerAdmin,
|
||||||
verifySiteAccess,
|
verifySiteAccess,
|
||||||
verifyClientAccess
|
verifyClientAccess,
|
||||||
|
verifyLimits
|
||||||
} from "@server/middlewares";
|
} from "@server/middlewares";
|
||||||
import { ActionsEnum } from "@server/auth/actions";
|
import { ActionsEnum } from "@server/auth/actions";
|
||||||
import {
|
import {
|
||||||
@@ -79,6 +80,7 @@ authenticated.put(
|
|||||||
verifyValidLicense,
|
verifyValidLicense,
|
||||||
verifyValidSubscription(tierMatrix.orgOidc),
|
verifyValidSubscription(tierMatrix.orgOidc),
|
||||||
verifyOrgAccess,
|
verifyOrgAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyUserHasAction(ActionsEnum.createIdp),
|
verifyUserHasAction(ActionsEnum.createIdp),
|
||||||
logActionAudit(ActionsEnum.createIdp),
|
logActionAudit(ActionsEnum.createIdp),
|
||||||
orgIdp.createOrgOidcIdp
|
orgIdp.createOrgOidcIdp
|
||||||
@@ -90,6 +92,7 @@ authenticated.post(
|
|||||||
verifyValidSubscription(tierMatrix.orgOidc),
|
verifyValidSubscription(tierMatrix.orgOidc),
|
||||||
verifyOrgAccess,
|
verifyOrgAccess,
|
||||||
verifyIdpAccess,
|
verifyIdpAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyUserHasAction(ActionsEnum.updateIdp),
|
verifyUserHasAction(ActionsEnum.updateIdp),
|
||||||
logActionAudit(ActionsEnum.updateIdp),
|
logActionAudit(ActionsEnum.updateIdp),
|
||||||
orgIdp.updateOrgOidcIdp
|
orgIdp.updateOrgOidcIdp
|
||||||
@@ -138,6 +141,7 @@ authenticated.post(
|
|||||||
verifyValidLicense,
|
verifyValidLicense,
|
||||||
verifyOrgAccess,
|
verifyOrgAccess,
|
||||||
verifyCertificateAccess,
|
verifyCertificateAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyUserHasAction(ActionsEnum.restartCertificate),
|
verifyUserHasAction(ActionsEnum.restartCertificate),
|
||||||
logActionAudit(ActionsEnum.restartCertificate),
|
logActionAudit(ActionsEnum.restartCertificate),
|
||||||
certificates.restartCertificate
|
certificates.restartCertificate
|
||||||
@@ -237,6 +241,7 @@ authenticated.put(
|
|||||||
"/org/:orgId/remote-exit-node",
|
"/org/:orgId/remote-exit-node",
|
||||||
verifyValidLicense,
|
verifyValidLicense,
|
||||||
verifyOrgAccess,
|
verifyOrgAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyUserHasAction(ActionsEnum.createRemoteExitNode),
|
verifyUserHasAction(ActionsEnum.createRemoteExitNode),
|
||||||
logActionAudit(ActionsEnum.createRemoteExitNode),
|
logActionAudit(ActionsEnum.createRemoteExitNode),
|
||||||
remoteExitNode.createRemoteExitNode
|
remoteExitNode.createRemoteExitNode
|
||||||
@@ -282,6 +287,7 @@ authenticated.put(
|
|||||||
verifyValidLicense,
|
verifyValidLicense,
|
||||||
verifyValidSubscription(tierMatrix.loginPageDomain),
|
verifyValidSubscription(tierMatrix.loginPageDomain),
|
||||||
verifyOrgAccess,
|
verifyOrgAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyUserHasAction(ActionsEnum.createLoginPage),
|
verifyUserHasAction(ActionsEnum.createLoginPage),
|
||||||
logActionAudit(ActionsEnum.createLoginPage),
|
logActionAudit(ActionsEnum.createLoginPage),
|
||||||
loginPage.createLoginPage
|
loginPage.createLoginPage
|
||||||
@@ -293,6 +299,7 @@ authenticated.post(
|
|||||||
verifyValidSubscription(tierMatrix.loginPageDomain),
|
verifyValidSubscription(tierMatrix.loginPageDomain),
|
||||||
verifyOrgAccess,
|
verifyOrgAccess,
|
||||||
verifyLoginPageAccess,
|
verifyLoginPageAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyUserHasAction(ActionsEnum.updateLoginPage),
|
verifyUserHasAction(ActionsEnum.updateLoginPage),
|
||||||
logActionAudit(ActionsEnum.updateLoginPage),
|
logActionAudit(ActionsEnum.updateLoginPage),
|
||||||
loginPage.updateLoginPage
|
loginPage.updateLoginPage
|
||||||
@@ -338,6 +345,7 @@ authenticated.put(
|
|||||||
verifyValidLicense,
|
verifyValidLicense,
|
||||||
verifyValidSubscription(tierMatrix.deviceApprovals),
|
verifyValidSubscription(tierMatrix.deviceApprovals),
|
||||||
verifyOrgAccess,
|
verifyOrgAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyUserHasAction(ActionsEnum.updateApprovals),
|
verifyUserHasAction(ActionsEnum.updateApprovals),
|
||||||
logActionAudit(ActionsEnum.updateApprovals),
|
logActionAudit(ActionsEnum.updateApprovals),
|
||||||
approval.processPendingApproval
|
approval.processPendingApproval
|
||||||
@@ -358,6 +366,7 @@ authenticated.put(
|
|||||||
verifyValidLicense,
|
verifyValidLicense,
|
||||||
verifyValidSubscription(tierMatrix.loginPageBranding),
|
verifyValidSubscription(tierMatrix.loginPageBranding),
|
||||||
verifyOrgAccess,
|
verifyOrgAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyUserHasAction(ActionsEnum.updateLoginPage),
|
verifyUserHasAction(ActionsEnum.updateLoginPage),
|
||||||
logActionAudit(ActionsEnum.updateLoginPage),
|
logActionAudit(ActionsEnum.updateLoginPage),
|
||||||
loginPage.upsertLoginPageBranding
|
loginPage.upsertLoginPageBranding
|
||||||
@@ -470,18 +479,20 @@ authenticated.get(
|
|||||||
|
|
||||||
authenticated.post(
|
authenticated.post(
|
||||||
"/re-key/:clientId/regenerate-client-secret",
|
"/re-key/:clientId/regenerate-client-secret",
|
||||||
verifyClientAccess, // this is first to set the org id
|
|
||||||
verifyValidLicense,
|
verifyValidLicense,
|
||||||
verifyValidSubscription(tierMatrix.rotateCredentials),
|
verifyValidSubscription(tierMatrix.rotateCredentials),
|
||||||
|
verifyClientAccess, // this is first to set the org id
|
||||||
|
verifyLimits,
|
||||||
verifyUserHasAction(ActionsEnum.reGenerateSecret),
|
verifyUserHasAction(ActionsEnum.reGenerateSecret),
|
||||||
reKey.reGenerateClientSecret
|
reKey.reGenerateClientSecret
|
||||||
);
|
);
|
||||||
|
|
||||||
authenticated.post(
|
authenticated.post(
|
||||||
"/re-key/:siteId/regenerate-site-secret",
|
"/re-key/:siteId/regenerate-site-secret",
|
||||||
verifySiteAccess, // this is first to set the org id
|
|
||||||
verifyValidLicense,
|
verifyValidLicense,
|
||||||
verifyValidSubscription(tierMatrix.rotateCredentials),
|
verifyValidSubscription(tierMatrix.rotateCredentials),
|
||||||
|
verifySiteAccess, // this is first to set the org id
|
||||||
|
verifyLimits,
|
||||||
verifyUserHasAction(ActionsEnum.reGenerateSecret),
|
verifyUserHasAction(ActionsEnum.reGenerateSecret),
|
||||||
reKey.reGenerateSiteSecret
|
reKey.reGenerateSiteSecret
|
||||||
);
|
);
|
||||||
@@ -491,6 +502,7 @@ authenticated.put(
|
|||||||
verifyValidLicense,
|
verifyValidLicense,
|
||||||
verifyValidSubscription(tierMatrix.rotateCredentials),
|
verifyValidSubscription(tierMatrix.rotateCredentials),
|
||||||
verifyOrgAccess,
|
verifyOrgAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyUserHasAction(ActionsEnum.reGenerateSecret),
|
verifyUserHasAction(ActionsEnum.reGenerateSecret),
|
||||||
reKey.reGenerateExitNodeSecret
|
reKey.reGenerateExitNodeSecret
|
||||||
);
|
);
|
||||||
|
|||||||
@@ -19,7 +19,8 @@ import {
|
|||||||
verifyApiKeyHasAction,
|
verifyApiKeyHasAction,
|
||||||
verifyApiKeyIsRoot,
|
verifyApiKeyIsRoot,
|
||||||
verifyApiKeyOrgAccess,
|
verifyApiKeyOrgAccess,
|
||||||
verifyApiKeyIdpAccess
|
verifyApiKeyIdpAccess,
|
||||||
|
verifyLimits
|
||||||
} from "@server/middlewares";
|
} from "@server/middlewares";
|
||||||
import {
|
import {
|
||||||
verifyValidSubscription,
|
verifyValidSubscription,
|
||||||
@@ -95,6 +96,7 @@ authenticated.put(
|
|||||||
verifyValidLicense,
|
verifyValidLicense,
|
||||||
verifyValidSubscription(tierMatrix.orgOidc),
|
verifyValidSubscription(tierMatrix.orgOidc),
|
||||||
verifyApiKeyOrgAccess,
|
verifyApiKeyOrgAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.createIdp),
|
verifyApiKeyHasAction(ActionsEnum.createIdp),
|
||||||
logActionAudit(ActionsEnum.createIdp),
|
logActionAudit(ActionsEnum.createIdp),
|
||||||
orgIdp.createOrgOidcIdp
|
orgIdp.createOrgOidcIdp
|
||||||
@@ -106,6 +108,7 @@ authenticated.post(
|
|||||||
verifyValidSubscription(tierMatrix.orgOidc),
|
verifyValidSubscription(tierMatrix.orgOidc),
|
||||||
verifyApiKeyOrgAccess,
|
verifyApiKeyOrgAccess,
|
||||||
verifyApiKeyIdpAccess,
|
verifyApiKeyIdpAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.updateIdp),
|
verifyApiKeyHasAction(ActionsEnum.updateIdp),
|
||||||
logActionAudit(ActionsEnum.updateIdp),
|
logActionAudit(ActionsEnum.updateIdp),
|
||||||
orgIdp.updateOrgOidcIdp
|
orgIdp.updateOrgOidcIdp
|
||||||
|
|||||||
@@ -561,6 +561,7 @@ authenticated.get(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
"/resource/:resourceId/rule/:ruleId",
|
"/resource/:resourceId/rule/:ruleId",
|
||||||
verifyResourceAccess,
|
verifyResourceAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyUserHasAction(ActionsEnum.updateResourceRule),
|
verifyUserHasAction(ActionsEnum.updateResourceRule),
|
||||||
logActionAudit(ActionsEnum.updateResourceRule),
|
logActionAudit(ActionsEnum.updateResourceRule),
|
||||||
resource.updateResourceRule
|
resource.updateResourceRule
|
||||||
@@ -582,6 +583,7 @@ authenticated.get(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
"/target/:targetId",
|
"/target/:targetId",
|
||||||
verifyTargetAccess,
|
verifyTargetAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyUserHasAction(ActionsEnum.updateTarget),
|
verifyUserHasAction(ActionsEnum.updateTarget),
|
||||||
logActionAudit(ActionsEnum.updateTarget),
|
logActionAudit(ActionsEnum.updateTarget),
|
||||||
target.updateTarget
|
target.updateTarget
|
||||||
@@ -612,6 +614,7 @@ authenticated.get(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
"/role/:roleId",
|
"/role/:roleId",
|
||||||
verifyRoleAccess,
|
verifyRoleAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyUserHasAction(ActionsEnum.updateRole),
|
verifyUserHasAction(ActionsEnum.updateRole),
|
||||||
logActionAudit(ActionsEnum.updateRole),
|
logActionAudit(ActionsEnum.updateRole),
|
||||||
role.updateRole
|
role.updateRole
|
||||||
@@ -640,6 +643,7 @@ authenticated.post(
|
|||||||
"/role/:roleId/add/:userId",
|
"/role/:roleId/add/:userId",
|
||||||
verifyRoleAccess,
|
verifyRoleAccess,
|
||||||
verifyUserAccess,
|
verifyUserAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyUserHasAction(ActionsEnum.addUserRole),
|
verifyUserHasAction(ActionsEnum.addUserRole),
|
||||||
logActionAudit(ActionsEnum.addUserRole),
|
logActionAudit(ActionsEnum.addUserRole),
|
||||||
user.addUserRole
|
user.addUserRole
|
||||||
@@ -649,6 +653,7 @@ authenticated.post(
|
|||||||
"/resource/:resourceId/roles",
|
"/resource/:resourceId/roles",
|
||||||
verifyResourceAccess,
|
verifyResourceAccess,
|
||||||
verifyRoleAccess,
|
verifyRoleAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyUserHasAction(ActionsEnum.setResourceRoles),
|
verifyUserHasAction(ActionsEnum.setResourceRoles),
|
||||||
logActionAudit(ActionsEnum.setResourceRoles),
|
logActionAudit(ActionsEnum.setResourceRoles),
|
||||||
resource.setResourceRoles
|
resource.setResourceRoles
|
||||||
@@ -658,6 +663,7 @@ authenticated.post(
|
|||||||
"/resource/:resourceId/users",
|
"/resource/:resourceId/users",
|
||||||
verifyResourceAccess,
|
verifyResourceAccess,
|
||||||
verifySetResourceUsers,
|
verifySetResourceUsers,
|
||||||
|
verifyLimits,
|
||||||
verifyUserHasAction(ActionsEnum.setResourceUsers),
|
verifyUserHasAction(ActionsEnum.setResourceUsers),
|
||||||
logActionAudit(ActionsEnum.setResourceUsers),
|
logActionAudit(ActionsEnum.setResourceUsers),
|
||||||
resource.setResourceUsers
|
resource.setResourceUsers
|
||||||
@@ -666,6 +672,7 @@ authenticated.post(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
`/resource/:resourceId/password`,
|
`/resource/:resourceId/password`,
|
||||||
verifyResourceAccess,
|
verifyResourceAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyUserHasAction(ActionsEnum.setResourcePassword),
|
verifyUserHasAction(ActionsEnum.setResourcePassword),
|
||||||
logActionAudit(ActionsEnum.setResourcePassword),
|
logActionAudit(ActionsEnum.setResourcePassword),
|
||||||
resource.setResourcePassword
|
resource.setResourcePassword
|
||||||
@@ -674,6 +681,7 @@ authenticated.post(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
`/resource/:resourceId/pincode`,
|
`/resource/:resourceId/pincode`,
|
||||||
verifyResourceAccess,
|
verifyResourceAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyUserHasAction(ActionsEnum.setResourcePincode),
|
verifyUserHasAction(ActionsEnum.setResourcePincode),
|
||||||
logActionAudit(ActionsEnum.setResourcePincode),
|
logActionAudit(ActionsEnum.setResourcePincode),
|
||||||
resource.setResourcePincode
|
resource.setResourcePincode
|
||||||
@@ -682,6 +690,7 @@ authenticated.post(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
`/resource/:resourceId/header-auth`,
|
`/resource/:resourceId/header-auth`,
|
||||||
verifyResourceAccess,
|
verifyResourceAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyUserHasAction(ActionsEnum.setResourceHeaderAuth),
|
verifyUserHasAction(ActionsEnum.setResourceHeaderAuth),
|
||||||
logActionAudit(ActionsEnum.setResourceHeaderAuth),
|
logActionAudit(ActionsEnum.setResourceHeaderAuth),
|
||||||
resource.setResourceHeaderAuth
|
resource.setResourceHeaderAuth
|
||||||
@@ -690,6 +699,7 @@ authenticated.post(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
`/resource/:resourceId/whitelist`,
|
`/resource/:resourceId/whitelist`,
|
||||||
verifyResourceAccess,
|
verifyResourceAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyUserHasAction(ActionsEnum.setResourceWhitelist),
|
verifyUserHasAction(ActionsEnum.setResourceWhitelist),
|
||||||
logActionAudit(ActionsEnum.setResourceWhitelist),
|
logActionAudit(ActionsEnum.setResourceWhitelist),
|
||||||
resource.setResourceWhitelist
|
resource.setResourceWhitelist
|
||||||
@@ -705,6 +715,7 @@ authenticated.get(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
`/resource/:resourceId/access-token`,
|
`/resource/:resourceId/access-token`,
|
||||||
verifyResourceAccess,
|
verifyResourceAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyUserHasAction(ActionsEnum.generateAccessToken),
|
verifyUserHasAction(ActionsEnum.generateAccessToken),
|
||||||
logActionAudit(ActionsEnum.generateAccessToken),
|
logActionAudit(ActionsEnum.generateAccessToken),
|
||||||
accessToken.generateAccessToken
|
accessToken.generateAccessToken
|
||||||
@@ -805,6 +816,7 @@ authenticated.post(
|
|||||||
"/org/:orgId/user/:userId",
|
"/org/:orgId/user/:userId",
|
||||||
verifyOrgAccess,
|
verifyOrgAccess,
|
||||||
verifyUserAccess,
|
verifyUserAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyUserHasAction(ActionsEnum.updateOrgUser),
|
verifyUserHasAction(ActionsEnum.updateOrgUser),
|
||||||
logActionAudit(ActionsEnum.updateOrgUser),
|
logActionAudit(ActionsEnum.updateOrgUser),
|
||||||
user.updateOrgUser
|
user.updateOrgUser
|
||||||
@@ -877,6 +889,7 @@ authenticated.post(
|
|||||||
"/user/:userId/olm/:olmId/archive",
|
"/user/:userId/olm/:olmId/archive",
|
||||||
verifyIsLoggedInUser,
|
verifyIsLoggedInUser,
|
||||||
verifyOlmAccess,
|
verifyOlmAccess,
|
||||||
|
verifyLimits,
|
||||||
olm.archiveUserOlm
|
olm.archiveUserOlm
|
||||||
);
|
);
|
||||||
|
|
||||||
@@ -991,6 +1004,7 @@ authenticated.post(
|
|||||||
`/org/:orgId/api-key/:apiKeyId/actions`,
|
`/org/:orgId/api-key/:apiKeyId/actions`,
|
||||||
verifyOrgAccess,
|
verifyOrgAccess,
|
||||||
verifyApiKeyAccess,
|
verifyApiKeyAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyUserHasAction(ActionsEnum.setApiKeyActions),
|
verifyUserHasAction(ActionsEnum.setApiKeyActions),
|
||||||
logActionAudit(ActionsEnum.setApiKeyActions),
|
logActionAudit(ActionsEnum.setApiKeyActions),
|
||||||
apiKeys.setApiKeyActions
|
apiKeys.setApiKeyActions
|
||||||
@@ -1043,6 +1057,7 @@ authenticated.post(
|
|||||||
`/org/:orgId/domain/:domainId/restart`,
|
`/org/:orgId/domain/:domainId/restart`,
|
||||||
verifyOrgAccess,
|
verifyOrgAccess,
|
||||||
verifyDomainAccess,
|
verifyDomainAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyUserHasAction(ActionsEnum.restartOrgDomain),
|
verifyUserHasAction(ActionsEnum.restartOrgDomain),
|
||||||
logActionAudit(ActionsEnum.restartOrgDomain),
|
logActionAudit(ActionsEnum.restartOrgDomain),
|
||||||
domain.restartOrgDomain
|
domain.restartOrgDomain
|
||||||
|
|||||||
@@ -26,7 +26,8 @@ import {
|
|||||||
verifyApiKeyIsRoot,
|
verifyApiKeyIsRoot,
|
||||||
verifyApiKeyClientAccess,
|
verifyApiKeyClientAccess,
|
||||||
verifyApiKeySiteResourceAccess,
|
verifyApiKeySiteResourceAccess,
|
||||||
verifyApiKeySetResourceClients
|
verifyApiKeySetResourceClients,
|
||||||
|
verifyLimits
|
||||||
} from "@server/middlewares";
|
} from "@server/middlewares";
|
||||||
import HttpCode from "@server/types/HttpCode";
|
import HttpCode from "@server/types/HttpCode";
|
||||||
import { Router } from "express";
|
import { Router } from "express";
|
||||||
@@ -74,6 +75,7 @@ authenticated.get(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
"/org/:orgId",
|
"/org/:orgId",
|
||||||
verifyApiKeyOrgAccess,
|
verifyApiKeyOrgAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.updateOrg),
|
verifyApiKeyHasAction(ActionsEnum.updateOrg),
|
||||||
logActionAudit(ActionsEnum.updateOrg),
|
logActionAudit(ActionsEnum.updateOrg),
|
||||||
org.updateOrg
|
org.updateOrg
|
||||||
@@ -90,6 +92,7 @@ authenticated.delete(
|
|||||||
authenticated.put(
|
authenticated.put(
|
||||||
"/org/:orgId/site",
|
"/org/:orgId/site",
|
||||||
verifyApiKeyOrgAccess,
|
verifyApiKeyOrgAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.createSite),
|
verifyApiKeyHasAction(ActionsEnum.createSite),
|
||||||
logActionAudit(ActionsEnum.createSite),
|
logActionAudit(ActionsEnum.createSite),
|
||||||
site.createSite
|
site.createSite
|
||||||
@@ -126,6 +129,7 @@ authenticated.get(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
"/site/:siteId",
|
"/site/:siteId",
|
||||||
verifyApiKeySiteAccess,
|
verifyApiKeySiteAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.updateSite),
|
verifyApiKeyHasAction(ActionsEnum.updateSite),
|
||||||
logActionAudit(ActionsEnum.updateSite),
|
logActionAudit(ActionsEnum.updateSite),
|
||||||
site.updateSite
|
site.updateSite
|
||||||
@@ -148,6 +152,7 @@ authenticated.get(
|
|||||||
authenticated.put(
|
authenticated.put(
|
||||||
"/org/:orgId/site-resource",
|
"/org/:orgId/site-resource",
|
||||||
verifyApiKeyOrgAccess,
|
verifyApiKeyOrgAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.createSiteResource),
|
verifyApiKeyHasAction(ActionsEnum.createSiteResource),
|
||||||
logActionAudit(ActionsEnum.createSiteResource),
|
logActionAudit(ActionsEnum.createSiteResource),
|
||||||
siteResource.createSiteResource
|
siteResource.createSiteResource
|
||||||
@@ -178,6 +183,7 @@ authenticated.get(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
"/site-resource/:siteResourceId",
|
"/site-resource/:siteResourceId",
|
||||||
verifyApiKeySiteResourceAccess,
|
verifyApiKeySiteResourceAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.updateSiteResource),
|
verifyApiKeyHasAction(ActionsEnum.updateSiteResource),
|
||||||
logActionAudit(ActionsEnum.updateSiteResource),
|
logActionAudit(ActionsEnum.updateSiteResource),
|
||||||
siteResource.updateSiteResource
|
siteResource.updateSiteResource
|
||||||
@@ -216,6 +222,7 @@ authenticated.post(
|
|||||||
"/site-resource/:siteResourceId/roles",
|
"/site-resource/:siteResourceId/roles",
|
||||||
verifyApiKeySiteResourceAccess,
|
verifyApiKeySiteResourceAccess,
|
||||||
verifyApiKeyRoleAccess,
|
verifyApiKeyRoleAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.setResourceRoles),
|
verifyApiKeyHasAction(ActionsEnum.setResourceRoles),
|
||||||
logActionAudit(ActionsEnum.setResourceRoles),
|
logActionAudit(ActionsEnum.setResourceRoles),
|
||||||
siteResource.setSiteResourceRoles
|
siteResource.setSiteResourceRoles
|
||||||
@@ -225,6 +232,7 @@ authenticated.post(
|
|||||||
"/site-resource/:siteResourceId/users",
|
"/site-resource/:siteResourceId/users",
|
||||||
verifyApiKeySiteResourceAccess,
|
verifyApiKeySiteResourceAccess,
|
||||||
verifyApiKeySetResourceUsers,
|
verifyApiKeySetResourceUsers,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.setResourceUsers),
|
verifyApiKeyHasAction(ActionsEnum.setResourceUsers),
|
||||||
logActionAudit(ActionsEnum.setResourceUsers),
|
logActionAudit(ActionsEnum.setResourceUsers),
|
||||||
siteResource.setSiteResourceUsers
|
siteResource.setSiteResourceUsers
|
||||||
@@ -234,6 +242,7 @@ authenticated.post(
|
|||||||
"/site-resource/:siteResourceId/roles/add",
|
"/site-resource/:siteResourceId/roles/add",
|
||||||
verifyApiKeySiteResourceAccess,
|
verifyApiKeySiteResourceAccess,
|
||||||
verifyApiKeyRoleAccess,
|
verifyApiKeyRoleAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.setResourceRoles),
|
verifyApiKeyHasAction(ActionsEnum.setResourceRoles),
|
||||||
logActionAudit(ActionsEnum.setResourceRoles),
|
logActionAudit(ActionsEnum.setResourceRoles),
|
||||||
siteResource.addRoleToSiteResource
|
siteResource.addRoleToSiteResource
|
||||||
@@ -243,6 +252,7 @@ authenticated.post(
|
|||||||
"/site-resource/:siteResourceId/roles/remove",
|
"/site-resource/:siteResourceId/roles/remove",
|
||||||
verifyApiKeySiteResourceAccess,
|
verifyApiKeySiteResourceAccess,
|
||||||
verifyApiKeyRoleAccess,
|
verifyApiKeyRoleAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.setResourceRoles),
|
verifyApiKeyHasAction(ActionsEnum.setResourceRoles),
|
||||||
logActionAudit(ActionsEnum.setResourceRoles),
|
logActionAudit(ActionsEnum.setResourceRoles),
|
||||||
siteResource.removeRoleFromSiteResource
|
siteResource.removeRoleFromSiteResource
|
||||||
@@ -252,6 +262,7 @@ authenticated.post(
|
|||||||
"/site-resource/:siteResourceId/users/add",
|
"/site-resource/:siteResourceId/users/add",
|
||||||
verifyApiKeySiteResourceAccess,
|
verifyApiKeySiteResourceAccess,
|
||||||
verifyApiKeySetResourceUsers,
|
verifyApiKeySetResourceUsers,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.setResourceUsers),
|
verifyApiKeyHasAction(ActionsEnum.setResourceUsers),
|
||||||
logActionAudit(ActionsEnum.setResourceUsers),
|
logActionAudit(ActionsEnum.setResourceUsers),
|
||||||
siteResource.addUserToSiteResource
|
siteResource.addUserToSiteResource
|
||||||
@@ -261,6 +272,7 @@ authenticated.post(
|
|||||||
"/site-resource/:siteResourceId/users/remove",
|
"/site-resource/:siteResourceId/users/remove",
|
||||||
verifyApiKeySiteResourceAccess,
|
verifyApiKeySiteResourceAccess,
|
||||||
verifyApiKeySetResourceUsers,
|
verifyApiKeySetResourceUsers,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.setResourceUsers),
|
verifyApiKeyHasAction(ActionsEnum.setResourceUsers),
|
||||||
logActionAudit(ActionsEnum.setResourceUsers),
|
logActionAudit(ActionsEnum.setResourceUsers),
|
||||||
siteResource.removeUserFromSiteResource
|
siteResource.removeUserFromSiteResource
|
||||||
@@ -270,6 +282,7 @@ authenticated.post(
|
|||||||
"/site-resource/:siteResourceId/clients",
|
"/site-resource/:siteResourceId/clients",
|
||||||
verifyApiKeySiteResourceAccess,
|
verifyApiKeySiteResourceAccess,
|
||||||
verifyApiKeySetResourceClients,
|
verifyApiKeySetResourceClients,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.setResourceUsers),
|
verifyApiKeyHasAction(ActionsEnum.setResourceUsers),
|
||||||
logActionAudit(ActionsEnum.setResourceUsers),
|
logActionAudit(ActionsEnum.setResourceUsers),
|
||||||
siteResource.setSiteResourceClients
|
siteResource.setSiteResourceClients
|
||||||
@@ -279,6 +292,7 @@ authenticated.post(
|
|||||||
"/site-resource/:siteResourceId/clients/add",
|
"/site-resource/:siteResourceId/clients/add",
|
||||||
verifyApiKeySiteResourceAccess,
|
verifyApiKeySiteResourceAccess,
|
||||||
verifyApiKeySetResourceClients,
|
verifyApiKeySetResourceClients,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.setResourceUsers),
|
verifyApiKeyHasAction(ActionsEnum.setResourceUsers),
|
||||||
logActionAudit(ActionsEnum.setResourceUsers),
|
logActionAudit(ActionsEnum.setResourceUsers),
|
||||||
siteResource.addClientToSiteResource
|
siteResource.addClientToSiteResource
|
||||||
@@ -288,6 +302,7 @@ authenticated.post(
|
|||||||
"/site-resource/:siteResourceId/clients/remove",
|
"/site-resource/:siteResourceId/clients/remove",
|
||||||
verifyApiKeySiteResourceAccess,
|
verifyApiKeySiteResourceAccess,
|
||||||
verifyApiKeySetResourceClients,
|
verifyApiKeySetResourceClients,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.setResourceUsers),
|
verifyApiKeyHasAction(ActionsEnum.setResourceUsers),
|
||||||
logActionAudit(ActionsEnum.setResourceUsers),
|
logActionAudit(ActionsEnum.setResourceUsers),
|
||||||
siteResource.removeClientFromSiteResource
|
siteResource.removeClientFromSiteResource
|
||||||
@@ -296,6 +311,7 @@ authenticated.post(
|
|||||||
authenticated.put(
|
authenticated.put(
|
||||||
"/org/:orgId/resource",
|
"/org/:orgId/resource",
|
||||||
verifyApiKeyOrgAccess,
|
verifyApiKeyOrgAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.createResource),
|
verifyApiKeyHasAction(ActionsEnum.createResource),
|
||||||
logActionAudit(ActionsEnum.createResource),
|
logActionAudit(ActionsEnum.createResource),
|
||||||
resource.createResource
|
resource.createResource
|
||||||
@@ -304,6 +320,7 @@ authenticated.put(
|
|||||||
authenticated.put(
|
authenticated.put(
|
||||||
"/org/:orgId/site/:siteId/resource",
|
"/org/:orgId/site/:siteId/resource",
|
||||||
verifyApiKeyOrgAccess,
|
verifyApiKeyOrgAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.createResource),
|
verifyApiKeyHasAction(ActionsEnum.createResource),
|
||||||
logActionAudit(ActionsEnum.createResource),
|
logActionAudit(ActionsEnum.createResource),
|
||||||
resource.createResource
|
resource.createResource
|
||||||
@@ -340,6 +357,7 @@ authenticated.get(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
"/org/:orgId/create-invite",
|
"/org/:orgId/create-invite",
|
||||||
verifyApiKeyOrgAccess,
|
verifyApiKeyOrgAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.inviteUser),
|
verifyApiKeyHasAction(ActionsEnum.inviteUser),
|
||||||
logActionAudit(ActionsEnum.inviteUser),
|
logActionAudit(ActionsEnum.inviteUser),
|
||||||
user.inviteUser
|
user.inviteUser
|
||||||
@@ -377,6 +395,7 @@ authenticated.get(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
"/resource/:resourceId",
|
"/resource/:resourceId",
|
||||||
verifyApiKeyResourceAccess,
|
verifyApiKeyResourceAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.updateResource),
|
verifyApiKeyHasAction(ActionsEnum.updateResource),
|
||||||
logActionAudit(ActionsEnum.updateResource),
|
logActionAudit(ActionsEnum.updateResource),
|
||||||
resource.updateResource
|
resource.updateResource
|
||||||
@@ -393,6 +412,7 @@ authenticated.delete(
|
|||||||
authenticated.put(
|
authenticated.put(
|
||||||
"/resource/:resourceId/target",
|
"/resource/:resourceId/target",
|
||||||
verifyApiKeyResourceAccess,
|
verifyApiKeyResourceAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.createTarget),
|
verifyApiKeyHasAction(ActionsEnum.createTarget),
|
||||||
logActionAudit(ActionsEnum.createTarget),
|
logActionAudit(ActionsEnum.createTarget),
|
||||||
target.createTarget
|
target.createTarget
|
||||||
@@ -408,6 +428,7 @@ authenticated.get(
|
|||||||
authenticated.put(
|
authenticated.put(
|
||||||
"/resource/:resourceId/rule",
|
"/resource/:resourceId/rule",
|
||||||
verifyApiKeyResourceAccess,
|
verifyApiKeyResourceAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.createResourceRule),
|
verifyApiKeyHasAction(ActionsEnum.createResourceRule),
|
||||||
logActionAudit(ActionsEnum.createResourceRule),
|
logActionAudit(ActionsEnum.createResourceRule),
|
||||||
resource.createResourceRule
|
resource.createResourceRule
|
||||||
@@ -423,6 +444,7 @@ authenticated.get(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
"/resource/:resourceId/rule/:ruleId",
|
"/resource/:resourceId/rule/:ruleId",
|
||||||
verifyApiKeyResourceAccess,
|
verifyApiKeyResourceAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.updateResourceRule),
|
verifyApiKeyHasAction(ActionsEnum.updateResourceRule),
|
||||||
logActionAudit(ActionsEnum.updateResourceRule),
|
logActionAudit(ActionsEnum.updateResourceRule),
|
||||||
resource.updateResourceRule
|
resource.updateResourceRule
|
||||||
@@ -446,6 +468,7 @@ authenticated.get(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
"/target/:targetId",
|
"/target/:targetId",
|
||||||
verifyApiKeyTargetAccess,
|
verifyApiKeyTargetAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.updateTarget),
|
verifyApiKeyHasAction(ActionsEnum.updateTarget),
|
||||||
logActionAudit(ActionsEnum.updateTarget),
|
logActionAudit(ActionsEnum.updateTarget),
|
||||||
target.updateTarget
|
target.updateTarget
|
||||||
@@ -462,6 +485,7 @@ authenticated.delete(
|
|||||||
authenticated.put(
|
authenticated.put(
|
||||||
"/org/:orgId/role",
|
"/org/:orgId/role",
|
||||||
verifyApiKeyOrgAccess,
|
verifyApiKeyOrgAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.createRole),
|
verifyApiKeyHasAction(ActionsEnum.createRole),
|
||||||
logActionAudit(ActionsEnum.createRole),
|
logActionAudit(ActionsEnum.createRole),
|
||||||
role.createRole
|
role.createRole
|
||||||
@@ -470,6 +494,7 @@ authenticated.put(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
"/role/:roleId",
|
"/role/:roleId",
|
||||||
verifyApiKeyRoleAccess,
|
verifyApiKeyRoleAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.updateRole),
|
verifyApiKeyHasAction(ActionsEnum.updateRole),
|
||||||
logActionAudit(ActionsEnum.updateRole),
|
logActionAudit(ActionsEnum.updateRole),
|
||||||
role.updateRole
|
role.updateRole
|
||||||
@@ -501,6 +526,7 @@ authenticated.post(
|
|||||||
"/role/:roleId/add/:userId",
|
"/role/:roleId/add/:userId",
|
||||||
verifyApiKeyRoleAccess,
|
verifyApiKeyRoleAccess,
|
||||||
verifyApiKeyUserAccess,
|
verifyApiKeyUserAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.addUserRole),
|
verifyApiKeyHasAction(ActionsEnum.addUserRole),
|
||||||
logActionAudit(ActionsEnum.addUserRole),
|
logActionAudit(ActionsEnum.addUserRole),
|
||||||
user.addUserRole
|
user.addUserRole
|
||||||
@@ -510,6 +536,7 @@ authenticated.post(
|
|||||||
"/resource/:resourceId/roles",
|
"/resource/:resourceId/roles",
|
||||||
verifyApiKeyResourceAccess,
|
verifyApiKeyResourceAccess,
|
||||||
verifyApiKeyRoleAccess,
|
verifyApiKeyRoleAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.setResourceRoles),
|
verifyApiKeyHasAction(ActionsEnum.setResourceRoles),
|
||||||
logActionAudit(ActionsEnum.setResourceRoles),
|
logActionAudit(ActionsEnum.setResourceRoles),
|
||||||
resource.setResourceRoles
|
resource.setResourceRoles
|
||||||
@@ -519,6 +546,7 @@ authenticated.post(
|
|||||||
"/resource/:resourceId/users",
|
"/resource/:resourceId/users",
|
||||||
verifyApiKeyResourceAccess,
|
verifyApiKeyResourceAccess,
|
||||||
verifyApiKeySetResourceUsers,
|
verifyApiKeySetResourceUsers,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.setResourceUsers),
|
verifyApiKeyHasAction(ActionsEnum.setResourceUsers),
|
||||||
logActionAudit(ActionsEnum.setResourceUsers),
|
logActionAudit(ActionsEnum.setResourceUsers),
|
||||||
resource.setResourceUsers
|
resource.setResourceUsers
|
||||||
@@ -528,6 +556,7 @@ authenticated.post(
|
|||||||
"/resource/:resourceId/roles/add",
|
"/resource/:resourceId/roles/add",
|
||||||
verifyApiKeyResourceAccess,
|
verifyApiKeyResourceAccess,
|
||||||
verifyApiKeyRoleAccess,
|
verifyApiKeyRoleAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.setResourceRoles),
|
verifyApiKeyHasAction(ActionsEnum.setResourceRoles),
|
||||||
logActionAudit(ActionsEnum.setResourceRoles),
|
logActionAudit(ActionsEnum.setResourceRoles),
|
||||||
resource.addRoleToResource
|
resource.addRoleToResource
|
||||||
@@ -537,6 +566,7 @@ authenticated.post(
|
|||||||
"/resource/:resourceId/roles/remove",
|
"/resource/:resourceId/roles/remove",
|
||||||
verifyApiKeyResourceAccess,
|
verifyApiKeyResourceAccess,
|
||||||
verifyApiKeyRoleAccess,
|
verifyApiKeyRoleAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.setResourceRoles),
|
verifyApiKeyHasAction(ActionsEnum.setResourceRoles),
|
||||||
logActionAudit(ActionsEnum.setResourceRoles),
|
logActionAudit(ActionsEnum.setResourceRoles),
|
||||||
resource.removeRoleFromResource
|
resource.removeRoleFromResource
|
||||||
@@ -546,6 +576,7 @@ authenticated.post(
|
|||||||
"/resource/:resourceId/users/add",
|
"/resource/:resourceId/users/add",
|
||||||
verifyApiKeyResourceAccess,
|
verifyApiKeyResourceAccess,
|
||||||
verifyApiKeySetResourceUsers,
|
verifyApiKeySetResourceUsers,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.setResourceUsers),
|
verifyApiKeyHasAction(ActionsEnum.setResourceUsers),
|
||||||
logActionAudit(ActionsEnum.setResourceUsers),
|
logActionAudit(ActionsEnum.setResourceUsers),
|
||||||
resource.addUserToResource
|
resource.addUserToResource
|
||||||
@@ -555,6 +586,7 @@ authenticated.post(
|
|||||||
"/resource/:resourceId/users/remove",
|
"/resource/:resourceId/users/remove",
|
||||||
verifyApiKeyResourceAccess,
|
verifyApiKeyResourceAccess,
|
||||||
verifyApiKeySetResourceUsers,
|
verifyApiKeySetResourceUsers,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.setResourceUsers),
|
verifyApiKeyHasAction(ActionsEnum.setResourceUsers),
|
||||||
logActionAudit(ActionsEnum.setResourceUsers),
|
logActionAudit(ActionsEnum.setResourceUsers),
|
||||||
resource.removeUserFromResource
|
resource.removeUserFromResource
|
||||||
@@ -563,6 +595,7 @@ authenticated.post(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
`/resource/:resourceId/password`,
|
`/resource/:resourceId/password`,
|
||||||
verifyApiKeyResourceAccess,
|
verifyApiKeyResourceAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.setResourcePassword),
|
verifyApiKeyHasAction(ActionsEnum.setResourcePassword),
|
||||||
logActionAudit(ActionsEnum.setResourcePassword),
|
logActionAudit(ActionsEnum.setResourcePassword),
|
||||||
resource.setResourcePassword
|
resource.setResourcePassword
|
||||||
@@ -571,6 +604,7 @@ authenticated.post(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
`/resource/:resourceId/pincode`,
|
`/resource/:resourceId/pincode`,
|
||||||
verifyApiKeyResourceAccess,
|
verifyApiKeyResourceAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.setResourcePincode),
|
verifyApiKeyHasAction(ActionsEnum.setResourcePincode),
|
||||||
logActionAudit(ActionsEnum.setResourcePincode),
|
logActionAudit(ActionsEnum.setResourcePincode),
|
||||||
resource.setResourcePincode
|
resource.setResourcePincode
|
||||||
@@ -579,6 +613,7 @@ authenticated.post(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
`/resource/:resourceId/header-auth`,
|
`/resource/:resourceId/header-auth`,
|
||||||
verifyApiKeyResourceAccess,
|
verifyApiKeyResourceAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.setResourceHeaderAuth),
|
verifyApiKeyHasAction(ActionsEnum.setResourceHeaderAuth),
|
||||||
logActionAudit(ActionsEnum.setResourceHeaderAuth),
|
logActionAudit(ActionsEnum.setResourceHeaderAuth),
|
||||||
resource.setResourceHeaderAuth
|
resource.setResourceHeaderAuth
|
||||||
@@ -587,6 +622,7 @@ authenticated.post(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
`/resource/:resourceId/whitelist`,
|
`/resource/:resourceId/whitelist`,
|
||||||
verifyApiKeyResourceAccess,
|
verifyApiKeyResourceAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.setResourceWhitelist),
|
verifyApiKeyHasAction(ActionsEnum.setResourceWhitelist),
|
||||||
logActionAudit(ActionsEnum.setResourceWhitelist),
|
logActionAudit(ActionsEnum.setResourceWhitelist),
|
||||||
resource.setResourceWhitelist
|
resource.setResourceWhitelist
|
||||||
@@ -595,6 +631,7 @@ authenticated.post(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
`/resource/:resourceId/whitelist/add`,
|
`/resource/:resourceId/whitelist/add`,
|
||||||
verifyApiKeyResourceAccess,
|
verifyApiKeyResourceAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.setResourceWhitelist),
|
verifyApiKeyHasAction(ActionsEnum.setResourceWhitelist),
|
||||||
resource.addEmailToResourceWhitelist
|
resource.addEmailToResourceWhitelist
|
||||||
);
|
);
|
||||||
@@ -602,6 +639,7 @@ authenticated.post(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
`/resource/:resourceId/whitelist/remove`,
|
`/resource/:resourceId/whitelist/remove`,
|
||||||
verifyApiKeyResourceAccess,
|
verifyApiKeyResourceAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.setResourceWhitelist),
|
verifyApiKeyHasAction(ActionsEnum.setResourceWhitelist),
|
||||||
resource.removeEmailFromResourceWhitelist
|
resource.removeEmailFromResourceWhitelist
|
||||||
);
|
);
|
||||||
@@ -616,6 +654,7 @@ authenticated.get(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
`/resource/:resourceId/access-token`,
|
`/resource/:resourceId/access-token`,
|
||||||
verifyApiKeyResourceAccess,
|
verifyApiKeyResourceAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.generateAccessToken),
|
verifyApiKeyHasAction(ActionsEnum.generateAccessToken),
|
||||||
logActionAudit(ActionsEnum.generateAccessToken),
|
logActionAudit(ActionsEnum.generateAccessToken),
|
||||||
accessToken.generateAccessToken
|
accessToken.generateAccessToken
|
||||||
@@ -653,6 +692,7 @@ authenticated.get(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
"/user/:userId/2fa",
|
"/user/:userId/2fa",
|
||||||
verifyApiKeyIsRoot,
|
verifyApiKeyIsRoot,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.updateUser),
|
verifyApiKeyHasAction(ActionsEnum.updateUser),
|
||||||
logActionAudit(ActionsEnum.updateUser),
|
logActionAudit(ActionsEnum.updateUser),
|
||||||
user.updateUser2FA
|
user.updateUser2FA
|
||||||
@@ -675,6 +715,7 @@ authenticated.get(
|
|||||||
authenticated.put(
|
authenticated.put(
|
||||||
"/org/:orgId/user",
|
"/org/:orgId/user",
|
||||||
verifyApiKeyOrgAccess,
|
verifyApiKeyOrgAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.createOrgUser),
|
verifyApiKeyHasAction(ActionsEnum.createOrgUser),
|
||||||
logActionAudit(ActionsEnum.createOrgUser),
|
logActionAudit(ActionsEnum.createOrgUser),
|
||||||
user.createOrgUser
|
user.createOrgUser
|
||||||
@@ -684,6 +725,7 @@ authenticated.post(
|
|||||||
"/org/:orgId/user/:userId",
|
"/org/:orgId/user/:userId",
|
||||||
verifyApiKeyOrgAccess,
|
verifyApiKeyOrgAccess,
|
||||||
verifyApiKeyUserAccess,
|
verifyApiKeyUserAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.updateOrgUser),
|
verifyApiKeyHasAction(ActionsEnum.updateOrgUser),
|
||||||
logActionAudit(ActionsEnum.updateOrgUser),
|
logActionAudit(ActionsEnum.updateOrgUser),
|
||||||
user.updateOrgUser
|
user.updateOrgUser
|
||||||
@@ -714,6 +756,7 @@ authenticated.get(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
`/org/:orgId/api-key/:apiKeyId/actions`,
|
`/org/:orgId/api-key/:apiKeyId/actions`,
|
||||||
verifyApiKeyIsRoot,
|
verifyApiKeyIsRoot,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.setApiKeyActions),
|
verifyApiKeyHasAction(ActionsEnum.setApiKeyActions),
|
||||||
logActionAudit(ActionsEnum.setApiKeyActions),
|
logActionAudit(ActionsEnum.setApiKeyActions),
|
||||||
apiKeys.setApiKeyActions
|
apiKeys.setApiKeyActions
|
||||||
@@ -729,6 +772,7 @@ authenticated.get(
|
|||||||
authenticated.put(
|
authenticated.put(
|
||||||
`/org/:orgId/api-key`,
|
`/org/:orgId/api-key`,
|
||||||
verifyApiKeyIsRoot,
|
verifyApiKeyIsRoot,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.createApiKey),
|
verifyApiKeyHasAction(ActionsEnum.createApiKey),
|
||||||
logActionAudit(ActionsEnum.createApiKey),
|
logActionAudit(ActionsEnum.createApiKey),
|
||||||
apiKeys.createOrgApiKey
|
apiKeys.createOrgApiKey
|
||||||
@@ -745,6 +789,7 @@ authenticated.delete(
|
|||||||
authenticated.put(
|
authenticated.put(
|
||||||
"/idp/oidc",
|
"/idp/oidc",
|
||||||
verifyApiKeyIsRoot,
|
verifyApiKeyIsRoot,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.createIdp),
|
verifyApiKeyHasAction(ActionsEnum.createIdp),
|
||||||
logActionAudit(ActionsEnum.createIdp),
|
logActionAudit(ActionsEnum.createIdp),
|
||||||
idp.createOidcIdp
|
idp.createOidcIdp
|
||||||
@@ -753,6 +798,7 @@ authenticated.put(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
"/idp/:idpId/oidc",
|
"/idp/:idpId/oidc",
|
||||||
verifyApiKeyIsRoot,
|
verifyApiKeyIsRoot,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.updateIdp),
|
verifyApiKeyHasAction(ActionsEnum.updateIdp),
|
||||||
logActionAudit(ActionsEnum.updateIdp),
|
logActionAudit(ActionsEnum.updateIdp),
|
||||||
idp.updateOidcIdp
|
idp.updateOidcIdp
|
||||||
@@ -776,6 +822,7 @@ authenticated.get(
|
|||||||
authenticated.put(
|
authenticated.put(
|
||||||
"/idp/:idpId/org/:orgId",
|
"/idp/:idpId/org/:orgId",
|
||||||
verifyApiKeyIsRoot,
|
verifyApiKeyIsRoot,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.createIdpOrg),
|
verifyApiKeyHasAction(ActionsEnum.createIdpOrg),
|
||||||
logActionAudit(ActionsEnum.createIdpOrg),
|
logActionAudit(ActionsEnum.createIdpOrg),
|
||||||
idp.createIdpOrgPolicy
|
idp.createIdpOrgPolicy
|
||||||
@@ -784,6 +831,7 @@ authenticated.put(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
"/idp/:idpId/org/:orgId",
|
"/idp/:idpId/org/:orgId",
|
||||||
verifyApiKeyIsRoot,
|
verifyApiKeyIsRoot,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.updateIdpOrg),
|
verifyApiKeyHasAction(ActionsEnum.updateIdpOrg),
|
||||||
logActionAudit(ActionsEnum.updateIdpOrg),
|
logActionAudit(ActionsEnum.updateIdpOrg),
|
||||||
idp.updateIdpOrgPolicy
|
idp.updateIdpOrgPolicy
|
||||||
@@ -828,6 +876,7 @@ authenticated.get(
|
|||||||
authenticated.put(
|
authenticated.put(
|
||||||
"/org/:orgId/client",
|
"/org/:orgId/client",
|
||||||
verifyApiKeyOrgAccess,
|
verifyApiKeyOrgAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.createClient),
|
verifyApiKeyHasAction(ActionsEnum.createClient),
|
||||||
logActionAudit(ActionsEnum.createClient),
|
logActionAudit(ActionsEnum.createClient),
|
||||||
client.createClient
|
client.createClient
|
||||||
@@ -854,6 +903,7 @@ authenticated.delete(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
"/client/:clientId/archive",
|
"/client/:clientId/archive",
|
||||||
verifyApiKeyClientAccess,
|
verifyApiKeyClientAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.archiveClient),
|
verifyApiKeyHasAction(ActionsEnum.archiveClient),
|
||||||
logActionAudit(ActionsEnum.archiveClient),
|
logActionAudit(ActionsEnum.archiveClient),
|
||||||
client.archiveClient
|
client.archiveClient
|
||||||
@@ -862,6 +912,7 @@ authenticated.post(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
"/client/:clientId/unarchive",
|
"/client/:clientId/unarchive",
|
||||||
verifyApiKeyClientAccess,
|
verifyApiKeyClientAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.unarchiveClient),
|
verifyApiKeyHasAction(ActionsEnum.unarchiveClient),
|
||||||
logActionAudit(ActionsEnum.unarchiveClient),
|
logActionAudit(ActionsEnum.unarchiveClient),
|
||||||
client.unarchiveClient
|
client.unarchiveClient
|
||||||
@@ -870,6 +921,7 @@ authenticated.post(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
"/client/:clientId/block",
|
"/client/:clientId/block",
|
||||||
verifyApiKeyClientAccess,
|
verifyApiKeyClientAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.blockClient),
|
verifyApiKeyHasAction(ActionsEnum.blockClient),
|
||||||
logActionAudit(ActionsEnum.blockClient),
|
logActionAudit(ActionsEnum.blockClient),
|
||||||
client.blockClient
|
client.blockClient
|
||||||
@@ -878,6 +930,7 @@ authenticated.post(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
"/client/:clientId/unblock",
|
"/client/:clientId/unblock",
|
||||||
verifyApiKeyClientAccess,
|
verifyApiKeyClientAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.unblockClient),
|
verifyApiKeyHasAction(ActionsEnum.unblockClient),
|
||||||
logActionAudit(ActionsEnum.unblockClient),
|
logActionAudit(ActionsEnum.unblockClient),
|
||||||
client.unblockClient
|
client.unblockClient
|
||||||
@@ -886,6 +939,7 @@ authenticated.post(
|
|||||||
authenticated.post(
|
authenticated.post(
|
||||||
"/client/:clientId",
|
"/client/:clientId",
|
||||||
verifyApiKeyClientAccess,
|
verifyApiKeyClientAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.updateClient),
|
verifyApiKeyHasAction(ActionsEnum.updateClient),
|
||||||
logActionAudit(ActionsEnum.updateClient),
|
logActionAudit(ActionsEnum.updateClient),
|
||||||
client.updateClient
|
client.updateClient
|
||||||
@@ -894,6 +948,7 @@ authenticated.post(
|
|||||||
authenticated.put(
|
authenticated.put(
|
||||||
"/org/:orgId/blueprint",
|
"/org/:orgId/blueprint",
|
||||||
verifyApiKeyOrgAccess,
|
verifyApiKeyOrgAccess,
|
||||||
|
verifyLimits,
|
||||||
verifyApiKeyHasAction(ActionsEnum.applyBlueprint),
|
verifyApiKeyHasAction(ActionsEnum.applyBlueprint),
|
||||||
logActionAudit(ActionsEnum.applyBlueprint),
|
logActionAudit(ActionsEnum.applyBlueprint),
|
||||||
blueprints.applyJSONBlueprint
|
blueprints.applyJSONBlueprint
|
||||||
|
|||||||
Reference in New Issue
Block a user