pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-02-23 05:16:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

used zod codemod

Browse Source
This commit is contained in:
Lokowitz
2025-11-16 14:18:17 +00:00
parent 000904eb31
commit 7db99a7dd5
191 changed files with 764 additions and 1232 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
server/routers/resource/addEmailToResourceWhitelist.ts
View File

@@ -10,29 +10,22 @@ import { fromError } from "zod-validation-error";
import { and, eq } from "drizzle-orm";
import { OpenAPITags, registry } from "@server/openApi";
const addEmailToResourceWhitelistBodySchema = z
.object({
email: z
.string()
.email()
const addEmailToResourceWhitelistBodySchema = z.strictObject({
email: z.email()
.or(
z.string().regex(/^\*@[\w.-]+\.[a-zA-Z]{2,}$/, {
message:
"Invalid email address. Wildcard (*) must be the entire local part."
error: "Invalid email address. Wildcard (*) must be the entire local part."
})
)
.transform((v) => v.toLowerCase())
})
.strict();
});
const addEmailToResourceWhitelistParamsSchema = z
.object({
const addEmailToResourceWhitelistParamsSchema = z.strictObject({
resourceId: z
.string()
.transform(Number)
.pipe(z.number().int().positive())
})
.strict();
.pipe(z.int().positive())
});
registry.registerPath({
method: "post",

14
server/routers/resource/authWithAccessToken.ts
View File

@@ -15,22 +15,18 @@ import config from "@server/lib/config";
import stoi from "@server/lib/stoi";
import { logAccessAudit } from "#dynamic/lib/logAccessAudit";
const authWithAccessTokenBodySchema = z
.object({
const authWithAccessTokenBodySchema = z.strictObject({
accessToken: z.string(),
accessTokenId: z.string().optional()
})
.strict();
});
const authWithAccessTokenParamsSchema = z
.object({
const authWithAccessTokenParamsSchema = z.strictObject({
resourceId: z
.string()
.optional()
.transform(stoi)
.pipe(z.number().int().positive().optional())
})
.strict();
.pipe(z.int().positive().optional())
});
export type AuthWithAccessTokenResponse = {
session?: string;

14
server/routers/resource/authWithPassword.ts
View File

@@ -15,20 +15,16 @@ import { verifyPassword } from "@server/auth/password";
import config from "@server/lib/config";
import { logAccessAudit } from "#dynamic/lib/logAccessAudit";
export const authWithPasswordBodySchema = z
.object({
export const authWithPasswordBodySchema = z.strictObject({
password: z.string()
})
.strict();
});
export const authWithPasswordParamsSchema = z
.object({
export const authWithPasswordParamsSchema = z.strictObject({
resourceId: z
.string()
.transform(Number)
.pipe(z.number().int().positive())
})
.strict();
.pipe(z.int().positive())
});
export type AuthWithPasswordResponse = {
session?: string;

14
server/routers/resource/authWithPincode.ts
View File

@@ -14,20 +14,16 @@ import { verifyPassword } from "@server/auth/password";
import config from "@server/lib/config";
import { logAccessAudit } from "#dynamic/lib/logAccessAudit";
export const authWithPincodeBodySchema = z
.object({
export const authWithPincodeBodySchema = z.strictObject({
pincode: z.string()
})
.strict();
});
export const authWithPincodeParamsSchema = z
.object({
export const authWithPincodeParamsSchema = z.strictObject({
resourceId: z
.string()
.transform(Number)
.pipe(z.number().int().positive())
})
.strict();
.pipe(z.int().positive())
});
export type AuthWithPincodeResponse = {
session?: string;

16
server/routers/resource/authWithWhitelist.ts
View File

@@ -14,21 +14,17 @@ import logger from "@server/logger";
import config from "@server/lib/config";
import { logAccessAudit } from "#dynamic/lib/logAccessAudit";
const authWithWhitelistBodySchema = z
.object({
email: z.string().toLowerCase().email(),
const authWithWhitelistBodySchema = z.strictObject({
email: z.email().toLowerCase(),
otp: z.string().optional()
})
.strict();
});
const authWithWhitelistParamsSchema = z
.object({
const authWithWhitelistParamsSchema = z.strictObject({
resourceId: z
.string()
.transform(Number)
.pipe(z.number().int().positive())
})
.strict();
.pipe(z.int().positive())
});
export type AuthWithWhitelistResponse = {
otpSent?: boolean;

22
server/routers/resource/createResource.ts
View File

@@ -25,14 +25,11 @@ import { createCertificate } from "#dynamic/routers/certificates/createCertifica
import { getUniqueResourceName } from "@server/db/names";
import { validateAndConstructDomain } from "@server/lib/domainUtils";
const createResourceParamsSchema = z
.object({
const createResourceParamsSchema = z.strictObject({
orgId: z.string()
})
.strict();
});
const createHttpResourceSchema = z
.object({
const createHttpResourceSchema = z.strictObject({
name: z.string().min(1).max(255),
subdomain: z.string().nullable().optional(),
http: z.boolean(),
@@ -40,7 +37,6 @@ const createHttpResourceSchema = z
domainId: z.string(),
stickySession: z.boolean().optional(),
})
.strict()
.refine(
(data) => {
if (data.subdomain) {
@@ -48,18 +44,18 @@ const createHttpResourceSchema = z
}
return true;
},
{ message: "Invalid subdomain" }
{
error: "Invalid subdomain"
}
);
const createRawResourceSchema = z
.object({
const createRawResourceSchema = z.strictObject({
name: z.string().min(1).max(255),
http: z.boolean(),
protocol: z.enum(["tcp", "udp"]),
proxyPort: z.number().int().min(1).max(65535)
proxyPort: z.int().min(1).max(65535)
// enableProxy: z.boolean().default(true) // always true now
})
.strict()
.refine(
(data) => {
if (!config.getRawConfig().flags?.allow_raw_resources) {
@@ -70,7 +66,7 @@ const createRawResourceSchema = z
return true;
},
{
message: "Raw resources are not allowed"
error: "Raw resources are not allowed"
}
);

16
server/routers/resource/createResourceRule.ts
View File

@@ -15,24 +15,20 @@ import {
} from "@server/lib/validators";
import { OpenAPITags, registry } from "@server/openApi";
const createResourceRuleSchema = z
.object({
const createResourceRuleSchema = z.strictObject({
action: z.enum(["ACCEPT", "DROP", "PASS"]),
match: z.enum(["CIDR", "IP", "PATH", "COUNTRY"]),
value: z.string().min(1),
priority: z.number().int(),
priority: z.int(),
enabled: z.boolean().optional()
})
.strict();
});
const createResourceRuleParamsSchema = z
.object({
const createResourceRuleParamsSchema = z.strictObject({
resourceId: z
.string()
.transform(Number)
.pipe(z.number().int().positive())
})
.strict();
.pipe(z.int().positive())
});
registry.registerPath({
method: "put",

8
server/routers/resource/deleteResource.ts
View File

@@ -14,14 +14,12 @@ import { getAllowedIps } from "../target/helpers";
import { OpenAPITags, registry } from "@server/openApi";
// Define Zod schema for request parameters validation
const deleteResourceSchema = z
.object({
const deleteResourceSchema = z.strictObject({
resourceId: z
.string()
.transform(Number)
.pipe(z.number().int().positive())
})
.strict();
.pipe(z.int().positive())
});
registry.registerPath({
method: "delete",

10
server/routers/resource/deleteResourceRule.ts
View File

@@ -10,15 +10,13 @@ import logger from "@server/logger";
import { fromError } from "zod-validation-error";
import { OpenAPITags, registry } from "@server/openApi";
const deleteResourceRuleSchema = z
.object({
ruleId: z.string().transform(Number).pipe(z.number().int().positive()),
const deleteResourceRuleSchema = z.strictObject({
ruleId: z.string().transform(Number).pipe(z.int().positive()),
resourceId: z
.string()
.transform(Number)
.pipe(z.number().int().positive())
})
.strict();
.pipe(z.int().positive())
});
registry.registerPath({
method: "delete",

8
server/routers/resource/getExchangeToken.ts
View File

@@ -16,14 +16,12 @@ import { response } from "@server/lib/response";
import { checkOrgAccessPolicy } from "#dynamic/lib/checkOrgAccessPolicy";
import { logAccessAudit } from "#dynamic/lib/logAccessAudit";
const getExchangeTokenParams = z
.object({
const getExchangeTokenParams = z.strictObject({
resourceId: z
.string()
.transform(Number)
.pipe(z.number().int().positive())
})
.strict();
.pipe(z.int().positive())
});
export type GetExchangeTokenResponse = {
requestToken: string;

8
server/routers/resource/getResource.ts
View File

@@ -11,18 +11,16 @@ import logger from "@server/logger";
import stoi from "@server/lib/stoi";
import { OpenAPITags, registry } from "@server/openApi";
const getResourceSchema = z
.object({
const getResourceSchema = z.strictObject({
resourceId: z
.string()
.optional()
.transform(stoi)
.pipe(z.number().int().positive().optional())
.pipe(z.int().positive().optional())
.optional(),
niceId: z.string().optional(),
orgId: z.string().optional()
})
.strict();
});
async function query(resourceId?: number, niceId?: string, orgId?: string) {
if (resourceId) {

6
server/routers/resource/getResourceAuthInfo.ts
View File

@@ -15,11 +15,9 @@ import { fromError } from "zod-validation-error";
import logger from "@server/logger";
import { build } from "@server/build";
const getResourceAuthInfoSchema = z
.object({
const getResourceAuthInfoSchema = z.strictObject({
resourceGuid: z.string()
})
.strict();
});
export type GetResourceAuthInfoResponse = {
resourceId: number;

8
server/routers/resource/getResourceWhitelist.ts
View File

@@ -10,14 +10,12 @@ import logger from "@server/logger";
import { fromError } from "zod-validation-error";
import { OpenAPITags, registry } from "@server/openApi";
const getResourceWhitelistSchema = z
.object({
const getResourceWhitelistSchema = z.strictObject({
resourceId: z
.string()
.transform(Number)
.pipe(z.number().int().positive())
})
.strict();
.pipe(z.int().positive())
});
async function queryWhitelist(resourceId: number) {
return await db

8
server/routers/resource/listResourceRoles.ts
View File

@@ -10,14 +10,12 @@ import logger from "@server/logger";
import { fromError } from "zod-validation-error";
import { OpenAPITags, registry } from "@server/openApi";
const listResourceRolesSchema = z
.object({
const listResourceRolesSchema = z.strictObject({
resourceId: z
.string()
.transform(Number)
.pipe(z.number().int().positive())
})
.strict();
.pipe(z.int().positive())
});
async function query(resourceId: number) {
return await db

12
server/routers/resource/listResourceRules.ts
View File

@@ -10,14 +10,12 @@ import { fromError } from "zod-validation-error";
import logger from "@server/logger";
import { OpenAPITags, registry } from "@server/openApi";
const listResourceRulesParamsSchema = z
.object({
const listResourceRulesParamsSchema = z.strictObject({
resourceId: z
.string()
.transform(Number)
.pipe(z.number().int().positive())
})
.strict();
.pipe(z.int().positive())
});
const listResourceRulesSchema = z.object({
limit: z
@@ -25,13 +23,13 @@ const listResourceRulesSchema = z.object({
.optional()
.default("1000")
.transform(Number)
.pipe(z.number().int().positive()),
.pipe(z.int().positive()),
offset: z
.string()
.optional()
.default("0")
.transform(Number)
.pipe(z.number().int().nonnegative())
.pipe(z.int().nonnegative())
});
function queryResourceRules(resourceId: number) {

8
server/routers/resource/listResourceUsers.ts
View File

@@ -10,14 +10,12 @@ import logger from "@server/logger";
import { fromError } from "zod-validation-error";
import { OpenAPITags, registry } from "@server/openApi";
const listResourceUsersSchema = z
.object({
const listResourceUsersSchema = z.strictObject({
resourceId: z
.string()
.transform(Number)
.pipe(z.number().int().positive())
})
.strict();
.pipe(z.int().positive())
});
async function queryUsers(resourceId: number) {
return await db

10
server/routers/resource/listResources.ts
View File

@@ -20,11 +20,9 @@ import { fromZodError } from "zod-validation-error";
import { OpenAPITags, registry } from "@server/openApi";
import { warn } from "console";
const listResourcesParamsSchema = z
.object({
const listResourcesParamsSchema = z.strictObject({
orgId: z.string()
})
.strict();
});
const listResourcesSchema = z.object({
limit: z
@@ -32,14 +30,14 @@ const listResourcesSchema = z.object({
.optional()
.default("1000")
.transform(Number)
.pipe(z.number().int().nonnegative()),
.pipe(z.int().nonnegative()),
offset: z
.string()
.optional()
.default("0")
.transform(Number)
.pipe(z.number().int().nonnegative())
.pipe(z.int().nonnegative())
});
// (resource fields + a single joined target)

21
server/routers/resource/removeEmailFromResourceWhitelist.ts
View File

@@ -10,29 +10,22 @@ import { fromError } from "zod-validation-error";
import { and, eq } from "drizzle-orm";
import { OpenAPITags, registry } from "@server/openApi";
const removeEmailFromResourceWhitelistBodySchema = z
.object({
email: z
.string()
.email()
const removeEmailFromResourceWhitelistBodySchema = z.strictObject({
email: z.email()
.or(
z.string().regex(/^\*@[\w.-]+\.[a-zA-Z]{2,}$/, {
message:
"Invalid email address. Wildcard (*) must be the entire local part."
error: "Invalid email address. Wildcard (*) must be the entire local part."
})
)
.transform((v) => v.toLowerCase())
})
.strict();
});
const removeEmailFromResourceWhitelistParamsSchema = z
.object({
const removeEmailFromResourceWhitelistParamsSchema = z.strictObject({
resourceId: z
.string()
.transform(Number)
.pipe(z.number().int().positive())
})
.strict();
.pipe(z.int().positive())
});
registry.registerPath({
method: "post",

8
server/routers/resource/setResourceHeaderAuth.ts
View File

@@ -11,15 +11,13 @@ import { hashPassword } from "@server/auth/password";
import { OpenAPITags, registry } from "@server/openApi";
const setResourceAuthMethodsParamsSchema = z.object({
resourceId: z.string().transform(Number).pipe(z.number().int().positive())
resourceId: z.string().transform(Number).pipe(z.int().positive())
});
const setResourceAuthMethodsBodySchema = z
.object({
const setResourceAuthMethodsBodySchema = z.strictObject({
user: z.string().min(4).max(100).nullable(),
password: z.string().min(4).max(100).nullable()
})
.strict();
});
registry.registerPath({
method: "post",

8
server/routers/resource/setResourcePassword.ts
View File

@@ -13,14 +13,12 @@ import { hashPassword } from "@server/auth/password";
import { OpenAPITags, registry } from "@server/openApi";
const setResourceAuthMethodsParamsSchema = z.object({
resourceId: z.string().transform(Number).pipe(z.number().int().positive())
resourceId: z.string().transform(Number).pipe(z.int().positive())
});
const setResourceAuthMethodsBodySchema = z
.object({
const setResourceAuthMethodsBodySchema = z.strictObject({
password: z.string().min(4).max(100).nullable()
})
.strict();
});
registry.registerPath({
method: "post",

8
server/routers/resource/setResourcePincode.ts
View File

@@ -14,17 +14,15 @@ import { hashPassword } from "@server/auth/password";
import { OpenAPITags, registry } from "@server/openApi";
const setResourceAuthMethodsParamsSchema = z.object({
resourceId: z.string().transform(Number).pipe(z.number().int().positive())
resourceId: z.string().transform(Number).pipe(z.int().positive())
});
const setResourceAuthMethodsBodySchema = z
.object({
const setResourceAuthMethodsBodySchema = z.strictObject({
pincode: z
.string()
.regex(/^\d{6}$/)
.or(z.null())
})
.strict();
});
registry.registerPath({
method: "post",

16
server/routers/resource/setResourceRoles.ts
View File

@@ -10,20 +10,16 @@ import { fromError } from "zod-validation-error";
import { eq, and, ne } from "drizzle-orm";
import { OpenAPITags, registry } from "@server/openApi";
const setResourceRolesBodySchema = z
.object({
roleIds: z.array(z.number().int().positive())
})
.strict();
const setResourceRolesBodySchema = z.strictObject({
roleIds: z.array(z.int().positive())
});
const setResourceRolesParamsSchema = z
.object({
const setResourceRolesParamsSchema = z.strictObject({
resourceId: z
.string()
.transform(Number)
.pipe(z.number().int().positive())
})
.strict();
.pipe(z.int().positive())
});
registry.registerPath({
method: "post",

14
server/routers/resource/setResourceUsers.ts
View File

@@ -10,20 +10,16 @@ import { fromError } from "zod-validation-error";
import { eq } from "drizzle-orm";
import { OpenAPITags, registry } from "@server/openApi";
const setUserResourcesBodySchema = z
.object({
const setUserResourcesBodySchema = z.strictObject({
userIds: z.array(z.string())
})
.strict();
});
const setUserResourcesParamsSchema = z
.object({
const setUserResourcesParamsSchema = z.strictObject({
resourceId: z
.string()
.transform(Number)
.pipe(z.number().int().positive())
})
.strict();
.pipe(z.int().positive())
});
registry.registerPath({
method: "post",

21
server/routers/resource/setResourceWhitelist.ts
View File

@@ -10,33 +10,26 @@ import { fromError } from "zod-validation-error";
import { and, eq } from "drizzle-orm";
import { OpenAPITags, registry } from "@server/openApi";
const setResourceWhitelistBodySchema = z
.object({
const setResourceWhitelistBodySchema = z.strictObject({
emails: z
.array(
z
.string()
.email()
z.email()
.or(
z.string().regex(/^\*@[\w.-]+\.[a-zA-Z]{2,}$/, {
message:
"Invalid email address. Wildcard (*) must be the entire local part."
error: "Invalid email address. Wildcard (*) must be the entire local part."
})
)
)
.max(50)
.transform((v) => v.map((e) => e.toLowerCase()))
})
.strict();
});
const setResourceWhitelistParamsSchema = z
.object({
const setResourceWhitelistParamsSchema = z.strictObject({
resourceId: z
.string()
.transform(Number)
.pipe(z.number().int().positive())
})
.strict();
.pipe(z.int().positive())
});
registry.registerPath({
method: "post",

42
server/routers/resource/updateResource.ts
View File

@@ -25,17 +25,14 @@ import { validateAndConstructDomain } from "@server/lib/domainUtils";
import { validateHeaders } from "@server/lib/validators";
import { build } from "@server/build";
const updateResourceParamsSchema = z
.object({
const updateResourceParamsSchema = z.strictObject({
resourceId: z
.string()
.transform(Number)
.pipe(z.number().int().positive())
})
.strict();
.pipe(z.int().positive())
});
const updateHttpResourceBodySchema = z
.object({
const updateHttpResourceBodySchema = z.strictObject({
name: z.string().min(1).max(255).optional(),
niceId: z.string().min(1).max(255).optional(),
subdomain: subdomainSchema.nullable().optional(),
@@ -49,15 +46,14 @@ const updateHttpResourceBodySchema = z
stickySession: z.boolean().optional(),
tlsServerName: z.string().nullable().optional(),
setHostHeader: z.string().nullable().optional(),
skipToIdpId: z.number().int().positive().nullable().optional(),
skipToIdpId: z.int().positive().nullable().optional(),
headers: z
.array(z.object({ name: z.string(), value: z.string() }))
.array(z.strictObject({ name: z.string(), value: z.string() }))
.nullable()
.optional()
})
.strict()
.refine((data) => Object.keys(data).length > 0, {
message: "At least one field must be provided for update"
error: "At least one field must be provided for update"
})
.refine(
(data) => {
@@ -66,7 +62,9 @@ const updateHttpResourceBodySchema = z
}
return true;
},
{ message: "Invalid subdomain" }
{
error: "Invalid subdomain"
}
)
.refine(
(data) => {
@@ -76,8 +74,7 @@ const updateHttpResourceBodySchema = z
return true;
},
{
message:
"Invalid TLS Server Name. Use domain name format, or save empty to remove the TLS Server Name."
error: "Invalid TLS Server Name. Use domain name format, or save empty to remove the TLS Server Name."
}
)
.refine(
@@ -88,26 +85,23 @@ const updateHttpResourceBodySchema = z
return true;
},
{
message:
"Invalid custom Host Header value. Use domain name format, or save empty to unset custom Host Header."
error: "Invalid custom Host Header value. Use domain name format, or save empty to unset custom Host Header."
}
);
export type UpdateResourceResponse = Resource;
const updateRawResourceBodySchema = z
.object({
const updateRawResourceBodySchema = z.strictObject({
name: z.string().min(1).max(255).optional(),
niceId: z.string().min(1).max(255).optional(),
proxyPort: z.number().int().min(1).max(65535).optional(),
proxyPort: z.int().min(1).max(65535).optional(),
stickySession: z.boolean().optional(),
enabled: z.boolean().optional(),
proxyProtocol: z.boolean().optional(),
proxyProtocolVersion: z.number().int().min(1).optional()
proxyProtocolVersion: z.int().min(1).optional()
})
.strict()
.refine((data) => Object.keys(data).length > 0, {
message: "At least one field must be provided for update"
error: "At least one field must be provided for update"
})
.refine(
(data) => {
@@ -118,7 +112,9 @@ const updateRawResourceBodySchema = z
}
return true;
},
{ message: "Cannot update proxyPort" }
{
error: "Cannot update proxyPort"
}
);
registry.registerPath({

18
server/routers/resource/updateResourceRule.ts
View File

@@ -16,28 +16,24 @@ import {
import { OpenAPITags, registry } from "@server/openApi";
// Define Zod schema for request parameters validation
const updateResourceRuleParamsSchema = z
.object({
ruleId: z.string().transform(Number).pipe(z.number().int().positive()),
const updateResourceRuleParamsSchema = z.strictObject({
ruleId: z.string().transform(Number).pipe(z.int().positive()),
resourceId: z
.string()
.transform(Number)
.pipe(z.number().int().positive())
})
.strict();
.pipe(z.int().positive())
});
// Define Zod schema for request body validation
const updateResourceRuleSchema = z
.object({
const updateResourceRuleSchema = z.strictObject({
action: z.enum(["ACCEPT", "DROP", "PASS"]).optional(),
match: z.enum(["CIDR", "IP", "PATH", "COUNTRY"]).optional(),
value: z.string().min(1).optional(),
priority: z.number().int(),
priority: z.int(),
enabled: z.boolean().optional()
})
.strict()
.refine((data) => Object.keys(data).length > 0, {
message: "At least one field must be provided for update"
error: "At least one field must be provided for update"
});
registry.registerPath({