pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-03-10 04:36:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add actions check to all endpoints

Browse Source
This commit is contained in:
Owen Schwartz
2024-10-06 16:43:59 -04:00
parent 20db6d450c
commit 81017139c5
25 changed files with 232 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
server/routers/site/createSite.ts
View File

@@ -6,6 +6,7 @@ import response from "@server/utils/response";
import HttpCode from '@server/types/HttpCode';
import createHttpError from 'http-errors';
import fetch from 'node-fetch';
import { ActionsEnum, checkUserActionPermission } from '@server/auth/actions';
const API_BASE_URL = "http://localhost:3000";
@@ -33,7 +34,7 @@ export async function createSite(req: Request, res: Response, next: NextFunction
)
);
}
const { name, subdomain, pubKey, subnet } = parsedBody.data;
// Validate request params
@@ -49,6 +50,12 @@ export async function createSite(req: Request, res: Response, next: NextFunction
const { orgId } = parsedParams.data;
// Check if the user has permission to list sites
const hasPermission = await checkUserActionPermission(ActionsEnum.createSite, req);
if (!hasPermission) {
return next(createHttpError(HttpCode.FORBIDDEN, 'User does not have permission to list sites'));
}
// Create new site in the database
const newSite = await db.insert(sites).values({
orgId,