From 9b43948fa4882d07ad63b4c9a896882bf9e2dadd Mon Sep 17 00:00:00 2001
From: Fred KISSIE <fredkiss3@gmail.com>
Date: Fri, 6 Mar 2026 22:39:44 +0100
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20=20delete=20resource=20policy=20end?=
 =?UTF-8?q?point?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/db/pg/schema/schema.ts                 |  2 +-
 server/private/routers/external.ts            | 15 +++-
 .../routers/policy/deleteResourcePolicy.ts    | 86 +++++++++++++++++++
 server/private/routers/policy/index.ts        |  1 +
 server/routers/resource/deleteResource.ts     | 18 ++--
 5 files changed, 109 insertions(+), 13 deletions(-)

diff --git a/server/db/pg/schema/schema.ts b/server/db/pg/schema/schema.ts
index 934dbb6da..c20ec303a 100644
--- a/server/db/pg/schema/schema.ts
+++ b/server/db/pg/schema/schema.ts
@@ -100,7 +100,7 @@ export const resources = pgTable("resources", {
     resourceId: serial("resourceId").primaryKey(),
     resourcePolicyId: integer("resourcePolicyId").references(
         () => resourcePolicies.resourcePolicyId,
-        { onDelete: "cascade" }
+        { onDelete: "set null" }
     ),
     resourceGuid: varchar("resourceGuid", { length: 36 })
         .unique()
diff --git a/server/private/routers/external.ts b/server/private/routers/external.ts
index e0d8f240f..688f565d4 100644
--- a/server/private/routers/external.ts
+++ b/server/private/routers/external.ts
@@ -35,7 +35,8 @@ import {
     verifyUserIsServerAdmin,
     verifySiteAccess,
     verifyClientAccess,
-    verifyLimits
+    verifyLimits,
+    verifyResourcePolicyAccess
 } from "@server/middlewares";
 import { ActionsEnum } from "@server/auth/actions";
 import {
@@ -354,6 +355,18 @@ authenticated.get(
     policy.listResourcePolicies
 );
 
+authenticated.delete(
+    "/resource-policy/:resourcePolicyId",
+    verifyResourcePolicyAccess,
+    verifyValidLicense,
+    // verifyValidSubscription(tierMatrix.loginPageDomain), // todo: use the correct subscription ?
+    verifyOrgAccess,
+    verifyLimits,
+    verifyUserHasAction(ActionsEnum.deleteResourcePolicy),
+    logActionAudit(ActionsEnum.deleteResourcePolicy),
+    policy.deleteResourcePolicy
+);
+
 authenticated.post(
     "/org/:orgId/resource-policy",
     verifyValidLicense,
diff --git a/server/private/routers/policy/deleteResourcePolicy.ts b/server/private/routers/policy/deleteResourcePolicy.ts
index e69de29bb..bb5efb1f3 100644
--- a/server/private/routers/policy/deleteResourcePolicy.ts
+++ b/server/private/routers/policy/deleteResourcePolicy.ts
@@ -0,0 +1,86 @@
+/*
+ * This file is part of a proprietary work.
+ *
+ * Copyright (c) 2025 Fossorial, Inc.
+ * All rights reserved.
+ *
+ * This file is licensed under the Fossorial Commercial License.
+ * You may not use this file except in compliance with the License.
+ * Unauthorized use, copying, modification, or distribution is strictly prohibited.
+ *
+ * This file is not licensed under the AGPLv3.
+ */
+
+import { db, resourcePolicies } from "@server/db";
+import response from "@server/lib/response";
+import logger from "@server/logger";
+import { OpenAPITags, registry } from "@server/openApi";
+import HttpCode from "@server/types/HttpCode";
+import { eq } from "drizzle-orm";
+import type { NextFunction, Request, Response } from "express";
+import createHttpError from "http-errors";
+import z from "zod";
+import { fromError } from "zod-validation-error";
+
+// Define Zod schema for request parameters validation
+const deleteResourcePolicySchema = z.strictObject({
+    resourcePolicyId: z.string().transform(Number).pipe(z.int().positive())
+});
+
+registry.registerPath({
+    method: "delete",
+    path: "/resource/{resourceId}",
+    description: "Delete a resource.",
+    tags: [OpenAPITags.PublicResource],
+    request: {
+        params: deleteResourcePolicySchema
+    },
+    responses: {}
+});
+
+export async function deleteResourcePolicy(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedParams = deleteResourcePolicySchema.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error).toString()
+                )
+            );
+        }
+
+        const { resourcePolicyId } = parsedParams.data;
+
+        const [deletedResource] = await db
+            .delete(resourcePolicies)
+            .where(eq(resourcePolicies.resourcePolicyId, resourcePolicyId))
+            .returning();
+
+        if (!deletedResource) {
+            return next(
+                createHttpError(
+                    HttpCode.NOT_FOUND,
+                    `Resource Policy with ID ${resourcePolicyId} not found`
+                )
+            );
+        }
+
+        return response(res, {
+            data: null,
+            success: true,
+            error: false,
+            message: "Resource Policy deleted successfully",
+            status: HttpCode.OK
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
diff --git a/server/private/routers/policy/index.ts b/server/private/routers/policy/index.ts
index 88302bcac..1fb73a58c 100644
--- a/server/private/routers/policy/index.ts
+++ b/server/private/routers/policy/index.ts
@@ -13,3 +13,4 @@
 
 export * from "./createResourcePolicy";
 export * from "./listResourcePolicies";
+export * from "./deleteResourcePolicy";
diff --git a/server/routers/resource/deleteResource.ts b/server/routers/resource/deleteResource.ts
index e63301867..f69853a90 100644
--- a/server/routers/resource/deleteResource.ts
+++ b/server/routers/resource/deleteResource.ts
@@ -1,17 +1,13 @@
-import { Request, Response, NextFunction } from "express";
-import { z } from "zod";
-import { db } from "@server/db";
-import { newts, resources, sites, targets } from "@server/db";
-import { eq } from "drizzle-orm";
+import { db, resources, targets } from "@server/db";
 import response from "@server/lib/response";
-import HttpCode from "@server/types/HttpCode";
-import createHttpError from "http-errors";
 import logger from "@server/logger";
-import { fromError } from "zod-validation-error";
-import { addPeer } from "../gerbil/peers";
-import { removeTargets } from "../newt/targets";
-import { getAllowedIps } from "../target/helpers";
 import { OpenAPITags, registry } from "@server/openApi";
+import HttpCode from "@server/types/HttpCode";
+import { eq } from "drizzle-orm";
+import { NextFunction, Request, Response } from "express";
+import createHttpError from "http-errors";
+import { z } from "zod";
+import { fromError } from "zod-validation-error";
 
 // Define Zod schema for request parameters validation
 const deleteResourceSchema = z.strictObject({