Add pass rule

server/routers/badger/verifySession.ts

@@ -178,6 +178,9 @@ export async function verifyResourceSession(
             } else if (action == "DROP") {
                 logger.debug("Resource denied by rule");
                 return notAllowed(res);
+            } else if (action == "PASS") {
+                logger.debug("Resource passed by rule, continuing to auth checks");
+                // Continue to authentication checks below
             }
 
             // otherwise its undefined and we pass
@@ -581,7 +584,7 @@ async function checkRules(
     resourceId: number,
     clientIp: string | undefined,
     path: string | undefined
-): Promise<"ACCEPT" | "DROP" | undefined> {
+): Promise<"ACCEPT" | "DROP" | "PASS" | undefined> {
     const ruleCacheKey = `rules:${resourceId}`;
 
     let rules: ResourceRule[] | undefined = cache.get(ruleCacheKey);

server/routers/resource/createResourceRule.ts

@@ -17,7 +17,7 @@ import { OpenAPITags, registry } from "@server/openApi";
 
 const createResourceRuleSchema = z
     .object({
-        action: z.enum(["ACCEPT", "DROP"]),
+        action: z.enum(["ACCEPT", "DROP", "PASS"]),
         match: z.enum(["CIDR", "IP", "PATH"]),
         value: z.string().min(1),
         priority: z.number().int(),

server/routers/resource/updateResourceRule.ts

@@ -29,7 +29,7 @@ const updateResourceRuleParamsSchema = z
 // Define Zod schema for request body validation
 const updateResourceRuleSchema = z
     .object({
-        action: z.enum(["ACCEPT", "DROP"]).optional(),
+        action: z.enum(["ACCEPT", "DROP", "PASS"]).optional(),
         match: z.enum(["CIDR", "IP", "PATH"]).optional(),
         value: z.string().min(1).optional(),
         priority: z.number().int(),