pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-02-08 05:56:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

set users on resource working

Browse Source
This commit is contained in:
Milo Schwartz
2024-11-15 23:38:08 -05:00
parent 9f87b8d271
commit b1e53ed8d7
16 changed files with 414 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
server/auth/actions.ts
View File

@@ -35,21 +35,20 @@ export enum ActionsEnum {
listUsers = "listUsers",
listSiteRoles = "listSiteRoles",
listResourceRoles = "listResourceRoles",
setResourceUsers = "setResourceUsers",
setResourceRoles = "setResourceRoles",
removeRoleResource = "removeRoleResource",
removeRoleSite = "removeRoleSite",
listResourceUsers = "listResourceUsers",
// removeRoleSite = "removeRoleSite",
// addRoleAction = "addRoleAction",
// removeRoleAction = "removeRoleAction",
listRoleSites = "listRoleSites",
// listRoleSites = "listRoleSites",
listRoleResources = "listRoleResources",
listRoleActions = "listRoleActions",
// listRoleActions = "listRoleActions",
addUserRole = "addUserRole",
addUserResource = "addUserResource",
addUserSite = "addUserSite",
// addUserSite = "addUserSite",
// addUserAction = "addUserAction",
// removeUserAction = "removeUserAction",
removeUserResource = "removeUserResource",
removeUserSite = "removeUserSite",
// removeUserSite = "removeUserSite",
getOrgUser = "getOrgUser",
}

12
server/db/schema.ts
View File

@@ -11,7 +11,7 @@ export const sites = sqliteTable("sites", {
siteId: integer("siteId").primaryKey({ autoIncrement: true }),
orgId: text("orgId").references(() => orgs.orgId, {
onDelete: "cascade",
}),
}).notNull(),
niceId: text("niceId").notNull(),
exitNodeId: integer("exitNode").references(() => exitNodes.exitNodeId, {
onDelete: "set null",
@@ -27,10 +27,10 @@ export const resources = sqliteTable("resources", {
resourceId: integer("resourceId").primaryKey({ autoIncrement: true }),
siteId: integer("siteId").references(() => sites.siteId, {
onDelete: "cascade",
}),
}).notNull(),
orgId: text("orgId").references(() => orgs.orgId, {
onDelete: "cascade",
}),
}).notNull(),
name: text("name").notNull(),
subdomain: text("subdomain").notNull(),
ssl: integer("ssl", { mode: "boolean" }).notNull().default(false),
@@ -40,7 +40,7 @@ export const targets = sqliteTable("targets", {
targetId: integer("targetId").primaryKey({ autoIncrement: true }),
resourceId: integer("resourceId").references(() => resources.resourceId, {
onDelete: "cascade",
}),
}).notNull(),
ip: text("ip").notNull(),
method: text("method").notNull(),
port: integer("port").notNull(),
@@ -144,7 +144,7 @@ export const roles = sqliteTable("roles", {
roleId: integer("roleId").primaryKey({ autoIncrement: true }),
orgId: text("orgId").references(() => orgs.orgId, {
onDelete: "cascade",
}),
}).notNull(),
isAdmin: integer("isAdmin", { mode: "boolean" }),
name: text("name").notNull(),
description: text("description"),
@@ -214,7 +214,7 @@ export const limitsTable = sqliteTable("limits", {
limitId: integer("limitId").primaryKey({ autoIncrement: true }),
orgId: text("orgId").references(() => orgs.orgId, {
onDelete: "cascade",
}),
}).notNull(),
name: text("name").notNull(),
value: integer("value").notNull(),
description: text("description"),

3
server/routers/auth/index.ts
View File

@@ -18,4 +18,5 @@ export * from "./requestEmailVerificationCode";
export * from "./changePassword";
export * from "./requestPasswordReset";
export * from "./resetPassword";
export * from "./verifyUserInRole";
export * from "./verifyUserInRole";
export * from "./verifySetResourceUsers";

45
server/routers/auth/verifyRoleAccess.ts
View File

@@ -5,12 +5,6 @@ import { and, eq, inArray } from "drizzle-orm";
import createHttpError from "http-errors";
import HttpCode from "@server/types/HttpCode";
import logger from "@server/logger";
import { z } from "zod";
import { fromError } from "zod-validation-error";
const verifyRoleAccessSchema = z.object({
roleIds: z.array(z.number().int().positive()).optional(),
});
export async function verifyRoleAccess(
req: Request,
@@ -28,17 +22,7 @@ export async function verifyRoleAccess(
);
}
const parsedBody = verifyRoleAccessSchema.safeParse(req.body);
if (!parsedBody.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedBody.error).toString()
)
);
}
const { roleIds } = parsedBody.data;
const { roleIds } = req.body;
const allRoleIds = roleIds || (isNaN(singleRoleId) ? [] : [singleRoleId]);
if (allRoleIds.length === 0) {
@@ -81,6 +65,33 @@ export async function verifyRoleAccess(
)
);
}
req.userOrgId = role.orgId;
}
const orgId = req.userOrgId;
if (!orgId) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"Organization ID not found"
)
);
}
if (!req.userOrg) {
// get the userORg
const userOrg = await db
.select()
.from(userOrgs)
.where(
and(eq(userOrgs.userId, userId), eq(userOrgs.orgId, orgId!))
)
.limit(1);
req.userOrg = userOrg[0];
req.userOrgRoleId = userOrg[0].roleId;
}
return next();

70
server/routers/auth/verifySetResourceUsers.ts Normal file
View File

@@ -0,0 +1,70 @@
import { Request, Response, NextFunction } from "express";
import { db } from "@server/db";
import { userOrgs } from "@server/db/schema";
import { and, eq, inArray, or } from "drizzle-orm";
import createHttpError from "http-errors";
import HttpCode from "@server/types/HttpCode";
export async function verifySetResourceUsers(
req: Request,
res: Response,
next: NextFunction
) {
const userId = req.user!.userId;
const userIds = req.body.userIds;
if (!userId) {
return next(
createHttpError(HttpCode.UNAUTHORIZED, "User not authenticated")
);
}
if (!req.userOrg) {
return next(
createHttpError(
HttpCode.FORBIDDEN,
"User does not have access to this user"
)
);
}
if (!userIds) {
return next(createHttpError(HttpCode.BAD_REQUEST, "Invalid user IDs"));
}
if (userIds.length === 0) {
return next();
}
try {
const orgId = req.userOrg.orgId;
// get all userOrgs for the users
const userOrgsData = await db
.select()
.from(userOrgs)
.where(
and(
inArray(userOrgs.userId, userIds),
eq(userOrgs.orgId, orgId)
)
);
if (userOrgsData.length !== userIds.length) {
return next(
createHttpError(
HttpCode.FORBIDDEN,
"User does not have access to this user"
)
);
}
return next();
} catch (error) {
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
"Error checking if user has access to this user"
)
);
}
}

32
server/routers/external.ts
View File

@@ -21,6 +21,7 @@ import {
verifyRoleAccess,
verifyUserAccess,
verifyUserInRole,
verifySetResourceUsers
} from "./auth";
import { verifyUserHasAction } from "./auth/verifyUserHasAction";
import { ActionsEnum } from "@server/auth/actions";
@@ -143,6 +144,13 @@ authenticated.get(
resource.listResourceRoles
);
authenticated.get(
"/resource/:resourceId/users",
verifyResourceAccess,
verifyUserHasAction(ActionsEnum.listResourceUsers),
resource.listResourceUsers
);
authenticated.get(
"/resource/:resourceId",
verifyResourceAccess,
@@ -259,7 +267,15 @@ authenticated.post(
verifyResourceAccess,
verifyRoleAccess,
verifyUserHasAction(ActionsEnum.setResourceRoles),
role.addRoleResource
resource.setResourceRoles
);
authenticated.post(
"/resource/:resourceId/users",
verifyResourceAccess,
verifySetResourceUsers,
verifyUserHasAction(ActionsEnum.setResourceUsers),
resource.setResourceUsers
);
// authenticated.get(
@@ -323,20 +339,6 @@ authenticated.delete(
// role.removeRoleSite
// );
// authenticated.put(
// "/user/:userId/resource",
// verifyResourceAccess,
// verifyUserAccess,
// verifyUserHasAction(ActionsEnum.addRoleResource),
// role.addRoleResource
// );
// authenticated.delete(
// "/user/:userId/resource",
// verifyResourceAccess,
// verifyUserAccess,
// verifyUserHasAction(ActionsEnum.removeRoleResource),
// role.removeRoleResource
// );
// authenticated.put(
// "/org/:orgId/user/:userId/action",
// verifyOrgAccess,
// verifyUserAccess,

5
server/routers/resource/index.ts
View File

@@ -3,4 +3,7 @@ export * from "./createResource";
export * from "./deleteResource";
export * from "./updateResource";
export * from "./listResources";
export * from "./listResourceRoles";
export * from "./listResourceRoles";
export * from "./setResourceUsers";
export * from "./setResourceRoles";
export * from "./listResourceUsers"

66
server/routers/resource/listResourceUsers.ts Normal file
View File

@@ -0,0 +1,66 @@
import { Request, Response, NextFunction } from "express";
import { z } from "zod";
import { db } from "@server/db";
import { userResources, users } from "@server/db/schema"; // Assuming these are the correct tables
import { eq } from "drizzle-orm";
import response from "@server/utils/response";
import HttpCode from "@server/types/HttpCode";
import createHttpError from "http-errors";
import logger from "@server/logger";
import { fromError } from "zod-validation-error";
const listResourceUsersSchema = z.object({
resourceId: z.string().transform(Number).pipe(z.number().int().positive()),
});
async function queryUsers(resourceId: number) {
return await db
.select({
userId: userResources.userId,
email: users.email,
})
.from(userResources)
.innerJoin(users, eq(userResources.userId, users.userId))
.where(eq(userResources.resourceId, resourceId));
}
export type ListResourceUsersResponse = {
users: NonNullable<Awaited<ReturnType<typeof queryUsers>>>;
};
export async function listResourceUsers(
req: Request,
res: Response,
next: NextFunction
): Promise<any> {
try {
const parsedParams = listResourceUsersSchema.safeParse(req.params);
if (!parsedParams.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedParams.error).toString()
)
);
}
const { resourceId } = parsedParams.data;
const resourceUsersList = await queryUsers(resourceId);
return response<ListResourceUsersResponse>(res, {
data: {
users: resourceUsersList,
},
success: true,
error: false,
message: "Resource users retrieved successfully",
status: HttpCode.OK,
});
} catch (error) {
logger.error(error);
return next(
createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
);
}
}

2
server/routers/resource/setResourceRoles.ts
View File

@@ -17,7 +17,7 @@ const setResourceRolesParamsSchema = z.object({
resourceId: z.string().transform(Number).pipe(z.number().int().positive()),
});
export async function addRoleResource(
export async function setResourceRoles(
req: Request,
res: Response,
next: NextFunction

78
server/routers/resource/setResourceUsers.ts Normal file
View File

@@ -0,0 +1,78 @@
import { Request, Response, NextFunction } from "express";
import { z } from "zod";
import { db } from "@server/db";
import { userResources } from "@server/db/schema";
import response from "@server/utils/response";
import HttpCode from "@server/types/HttpCode";
import createHttpError from "http-errors";
import logger from "@server/logger";
import { fromError } from "zod-validation-error";
import { eq } from "drizzle-orm";
const setUserResourcesBodySchema = z.object({
userIds: z.array(z.string()),
});
const setUserResourcesParamsSchema = z.object({
resourceId: z.string().transform(Number).pipe(z.number().int().positive()),
});
export async function setResourceUsers(
req: Request,
res: Response,
next: NextFunction
): Promise<any> {
try {
const parsedBody = setUserResourcesBodySchema.safeParse(req.body);
if (!parsedBody.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedBody.error).toString()
)
);
}
const { userIds } = parsedBody.data;
const parsedParams = setUserResourcesParamsSchema.safeParse(req.params);
if (!parsedParams.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedParams.error).toString()
)
);
}
const { resourceId } = parsedParams.data;
await db.transaction(async (trx) => {
await trx
.delete(userResources)
.where(eq(userResources.resourceId, resourceId));
const newUserResources = await Promise.all(
userIds.map((userId) =>
trx
.insert(userResources)
.values({ userId, resourceId })
.returning()
)
);
return response(res, {
data: {},
success: true,
error: false,
message: "Users set for resource successfully",
status: HttpCode.CREATED,
});
});
} catch (error) {
logger.error(error);
return next(
createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
);
}
}

55
server/routers/user/addUserResource.ts
View File

@@ -1,55 +0,0 @@
import { Request, Response, NextFunction } from "express";
import { z } from "zod";
import { db } from "@server/db";
import { userResources } from "@server/db/schema";
import response from "@server/utils/response";
import HttpCode from "@server/types/HttpCode";
import createHttpError from "http-errors";
import logger from "@server/logger";
import { fromError } from "zod-validation-error";
const addUserResourceSchema = z.object({
userId: z.string(),
resourceId: z.string().transform(Number).pipe(z.number().int().positive()),
});
export async function addUserResource(
req: Request,
res: Response,
next: NextFunction
): Promise<any> {
try {
const parsedBody = addUserResourceSchema.safeParse(req.body);
if (!parsedBody.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedBody.error).toString()
)
);
}
const { userId, resourceId } = parsedBody.data;
const newUserResource = await db
.insert(userResources)
.values({
userId,
resourceId,
})
.returning();
return response(res, {
data: newUserResource[0],
success: true,
error: false,
message: "Resource added to user successfully",
status: HttpCode.CREATED,
});
} catch (error) {
logger.error(error);
return next(
createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
);
}
}