Merge branch 'dev' into clients-pops

2026-02-21 12:26:40 +00:00 · 2025-06-19 16:34:06 -04:00
parent a0ac757982 f300838f8e
commit acf25e8ad7
20 changed files with 14219 additions and 14178 deletions
--- a/server/routers/auth/login.ts
+++ b/server/routers/auth/login.ts
@@ -23,8 +23,8 @@ export const loginBodySchema = z
    .object({
        email: z
            .string()
-            .email()
-            .transform((v) => v.toLowerCase()),
+            .toLowerCase()
+            .email(),
        password: z.string(),
        code: z.string().optional()
    })
--- a/server/routers/auth/requestPasswordReset.ts
+++ b/server/routers/auth/requestPasswordReset.ts
@@ -20,8 +20,8 @@ export const requestPasswordResetBody = z
    .object({
        email: z
            .string()
-            .email()
-            .transform((v) => v.toLowerCase())
+            .toLowerCase()
+            .email(),
    })
    .strict();

--- a/server/routers/auth/resetPassword.ts
+++ b/server/routers/auth/resetPassword.ts
@@ -21,8 +21,8 @@ export const resetPasswordBody = z
    .object({
        email: z
            .string()
-            .email()
-            .transform((v) => v.toLowerCase()),
+            .toLowerCase()
+            .email(),
        token: z.string(), // reset secret code
        newPassword: passwordSchema,
        code: z.string().optional() // 2fa code
--- a/server/routers/auth/signup.ts
+++ b/server/routers/auth/signup.ts
@@ -26,8 +26,8 @@ import { UserType } from "@server/types/UserTypes";
 export const signupBodySchema = z.object({
    email: z
        .string()
-        .email()
-        .transform((v) => v.toLowerCase()),
+        .toLowerCase()
+        .email(),
    password: passwordSchema,
    inviteToken: z.string().optional(),
    inviteId: z.string().optional()
--- a/server/routers/idp/validateOidcCallback.ts
+++ b/server/routers/idp/validateOidcCallback.ts
@@ -172,10 +172,10 @@ export async function validateOidcCallback(
        const claims = arctic.decodeIdToken(idToken);
        logger.debug("ID token claims", { claims });

-        const userIdentifier = jmespath.search(
+        let userIdentifier = jmespath.search(
            claims,
            existingIdp.idpOidcConfig.identifierPath
-        );
+        ) as string | null;

        if (!userIdentifier) {
            return next(
@@ -186,6 +186,8 @@ export async function validateOidcCallback(
            );
        }

+        userIdentifier = userIdentifier.toLowerCase();
+
        logger.debug("User identifier", { userIdentifier });

        let email = null;
@@ -209,6 +211,10 @@ export async function validateOidcCallback(
        logger.debug("User email", { email });
        logger.debug("User name", { name });

+        if (email) {
+            email = email.toLowerCase();
+        }
+
        const [existingUser] = await db
            .select()
            .from(users)
--- a/server/routers/resource/authWithWhitelist.ts
+++ b/server/routers/resource/authWithWhitelist.ts
@@ -22,8 +22,8 @@ const authWithWhitelistBodySchema = z
    .object({
        email: z
            .string()
-            .email()
-            .transform((v) => v.toLowerCase()),
+            .toLowerCase()
+            .email(),
        otp: z.string().optional()
    })
    .strict();
--- a/server/routers/resource/createResource.ts
+++ b/server/routers/resource/createResource.ts
@@ -39,7 +39,7 @@ const createHttpResourceSchema = z
        isBaseDomain: z.boolean().optional(),
        siteId: z.number(),
        http: z.boolean(),
-        protocol: z.string(),
+        protocol: z.enum(["tcp", "udp"]),
        domainId: z.string()
    })
    .strict()
@@ -71,7 +71,7 @@ const createRawResourceSchema = z
        name: z.string().min(1).max(255),
        siteId: z.number(),
        http: z.boolean(),
-        protocol: z.string(),
+        protocol: z.enum(["tcp", "udp"]),
        proxyPort: z.number().int().min(1).max(65535)
    })
    .strict()
@@ -85,7 +85,7 @@ const createRawResourceSchema = z
            return true;
        },
        {
-            message: "Proxy port cannot be set"
+            message: "Raw resources are not allowed"
        }
    );

@@ -400,7 +400,7 @@ async function createRawResource(
            resourceId: newResource[0].resourceId
        });

-        if (req.userOrgRoleId != adminRole[0].roleId) {
+        if (req.user && req.userOrgRoleId != adminRole[0].roleId) {
            // make sure the user can access the resource
            await trx.insert(userResources).values({
                userId: req.user?.userId!,
--- a/server/routers/user/createOrgUser.ts
+++ b/server/routers/user/createOrgUser.ts
@@ -21,6 +21,7 @@ const bodySchema = z
    .object({
        email: z
            .string()
+            .toLowerCase()
            .optional()
            .refine((data) => {
                if (data) {
@@ -28,7 +29,7 @@ const bodySchema = z
                }
                return true;
            }),
-        username: z.string().nonempty(),
+        username: z.string().nonempty().toLowerCase(),
        name: z.string().optional(),
        type: z.enum(["internal", "oidc"]).optional(),
        idpId: z.number().optional(),
--- a/server/routers/user/inviteUser.ts
+++ b/server/routers/user/inviteUser.ts
@@ -30,8 +30,8 @@ const inviteUserBodySchema = z
    .object({
        email: z
            .string()
-            .email()
-            .transform((v) => v.toLowerCase()),
+            .toLowerCase()
+            .email(),
        roleId: z.number(),
        validHours: z.number().gt(0).lte(168),
        sendEmail: z.boolean().optional(),