move re-key API routes to private api

messages/en-US.json

@@ -2111,7 +2111,7 @@
     "confirm": "Confirm",
     "regenerateCredentialsConfirmation": "Are you sure you want to regenerate the credentials?",
     "endpoint": "Endpoint",
-    "id": "Id",
+    "Id": "Id",
     "SecretKey": "Secret Key",
     "featureDisabledTooltip": "This feature is only available in the enterprise plan and require a license to use it."
 }

server/private/routers/external.ts

@@ -23,11 +23,15 @@ import * as license from "#private/routers/license";
 import * as generateLicense from "./generatedLicense";
 import * as logs from "#private/routers/auditLogs";
 import * as misc from "#private/routers/misc";
+import * as reKey from "#private/routers/re-key";
 
 import {
     verifyOrgAccess,
     verifyUserHasAction,
-    verifyUserIsServerAdmin
+    verifyUserIsServerAdmin,
+    verifySiteAccess,
+    verifyClientAccess,
+    verifyClientsEnabled,
 } from "@server/middlewares";
 import { ActionsEnum } from "@server/auth/actions";
 import {
@@ -236,14 +240,6 @@ authenticated.put(
     remoteExitNode.createRemoteExitNode
 );
 
-authenticated.put(
-    "/org/:orgId/reGenerate-remote-exit-node-secret",
-    verifyValidLicense,
-    verifyOrgAccess,
-    verifyUserHasAction(ActionsEnum.updateRemoteExitNode),
-    remoteExitNode.reGenerateExitNodeSecret
-);
-
 authenticated.get(
     "/org/:orgId/remote-exit-nodes",
     verifyValidLicense,
@@ -411,3 +407,26 @@ authenticated.get(
     logActionAudit(ActionsEnum.exportLogs),
     logs.exportAccessAuditLogs
 );
+
+authenticated.post(
+    "/re-key/:clientId/regenerate-client-secret",
+    verifyClientsEnabled,
+    verifyClientAccess,
+    verifyUserHasAction(ActionsEnum.reGenerateSecret),
+    reKey.reGenerateClientSecret
+);
+
+authenticated.post(
+    "/re-key/:siteId/regenerate-site-secret",
+    verifySiteAccess,
+    verifyUserHasAction(ActionsEnum.reGenerateSecret),
+    reKey.reGenerateSiteSecret
+);
+
+authenticated.put(
+    "/re-key/:orgId/reGenerate-remote-exit-node-secret",
+    verifyValidLicense,
+    verifyOrgAccess,
+    verifyUserHasAction(ActionsEnum.updateRemoteExitNode),
+    reKey.reGenerateExitNodeSecret
+);

server/private/routers/re-key/index.ts

@@ -0,0 +1,3 @@
+export * from "./reGenerateClientSecret";
+export * from "./reGenerateSiteSecret";
+export * from "./reGenerateExitNodeSecret";

server/private/routers/re-key/reGenerateClientSecret.ts

@@ -29,7 +29,7 @@ export type ReGenerateSecretBody = z.infer<typeof reGenerateSecretBodySchema>;
 
 registry.registerPath({
     method: "post",
-    path: "/client/{clientId}/regenerate-secret",
+    path: "/re-key/{clientId}/regenerate-client-secret",
     description: "Regenerate a client's OLM credentials by its client ID.",
     tags: [OpenAPITags.Client],
     request: {

server/private/routers/re-key/reGenerateExitNodeSecret.ts

@@ -23,7 +23,11 @@ import { hashPassword } from "@server/auth/password";
 import logger from "@server/logger";
 import { and, eq } from "drizzle-orm";
 import { UpdateRemoteExitNodeResponse } from "@server/routers/remoteExitNode/types";
-import { paramsSchema } from "./createRemoteExitNode";
+import { OpenAPITags, registry } from "@server/openApi";
+
+export const paramsSchema = z.object({
+    orgId: z.string()
+});
 
 const bodySchema = z
     .object({
@@ -32,6 +36,25 @@ const bodySchema = z
     })
     .strict();
 
+
+registry.registerPath({
+    method: "post",
+    path: "/re-key/{orgId}/regenerate-secret",
+    description: "Regenerate a exit node credentials by its org ID.",
+    tags: [OpenAPITags.Org],
+    request: {
+        params: paramsSchema,
+        body: {
+            content: {
+                "application/json": {
+                    schema: bodySchema
+                }
+            }
+        }
+    },
+    responses: {}
+});
+
 export async function reGenerateExitNodeSecret(
     req: Request,
     res: Response,

server/private/routers/re-key/reGenerateSiteSecret.ts

@@ -9,7 +9,7 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 import { hashPassword } from "@server/auth/password";
-import { addPeer } from "../gerbil/peers";
+import { addPeer } from "@server/routers/gerbil/peers";
 
 
 const updateSiteParamsSchema = z
@@ -31,7 +31,7 @@ const updateSiteBodySchema = z
 
 registry.registerPath({
     method: "post",
-    path: "/site/{siteId}/regenerate-secret",
+    path: "/re-key/{siteId}/regenerate-site-secret",
     description: "Regenerate a site's Newt or WireGuard credentials by its site ID.",
     tags: [OpenAPITags.Site],
     request: {

server/private/routers/remoteExitNode/index.ts

@@ -21,4 +21,3 @@ export * from "./deleteRemoteExitNode";
 export * from "./listRemoteExitNodes";
 export * from "./pickRemoteExitNodeDefaults";
 export * from "./quickStartRemoteExitNode";
-export * from "./reGenerateExitNodeSecret";

server/routers/client/index.ts

@@ -4,4 +4,3 @@ export * from "./deleteClient";
 export * from "./listClients";
 export * from "./updateClient";
 export * from "./getClient";
-export * from "./reGenerateClientSecret";

server/routers/external.ts

@@ -178,13 +178,6 @@ authenticated.post(
     client.updateClient,
 );
 
-authenticated.post(
-    "/client/:clientId/regenerate-secret",
-    verifyClientsEnabled,
-    verifyClientAccess,
-    verifyUserHasAction(ActionsEnum.reGenerateSecret),
-    client.reGenerateClientSecret
-);
 
 // authenticated.get(
 //     "/site/:siteId/roles",
@@ -200,12 +193,6 @@ authenticated.post(
     site.updateSite,
 );
 
-authenticated.post(
-    "/site/:siteId/regenerate-secret",
-    verifySiteAccess,
-    verifyUserHasAction(ActionsEnum.reGenerateSecret),
-    site.reGenerateSiteSecret
-);
 authenticated.delete(
     "/site/:siteId",
     verifySiteAccess,

server/routers/site/index.ts

@@ -6,4 +6,3 @@ export * from "./listSites";
 export * from "./listSiteRoles";
 export * from "./pickSiteDefaults";
 export * from "./socketIntegration";
-export * from "./reGenerateSiteSecret";

src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx

@@ -59,7 +59,7 @@ export default function CredentialsPage() {
         setCredentials(data);
 
         await api.put<AxiosResponse<QuickStartRemoteExitNodeResponse>>(
-            `/org/${orgId}/reGenerate-remote-exit-node-secret`,
+            `/re-key/${orgId}/reGenerate-remote-exit-node-secret`,
             {
                 remoteExitNodeId: remoteExitNode.remoteExitNodeId,
                 secret: data.secret,

src/app/[orgId]/settings/clients/[clientId]/credentials/page.tsx

@@ -52,7 +52,7 @@ export default function CredentialsPage() {
             const data = res.data.data;
             setClientDefaults(data);
 
-            await api.post(`/client/${client?.clientId}/regenerate-secret`, {
+            await api.post(`/re-key/${client?.clientId}/regenerate-client-secret`, {
                 olmId: data.olmId,
                 secret: data.olmSecret,
             });

src/app/[orgId]/settings/clients/[clientId]/layout.tsx

@@ -8,6 +8,7 @@ import ClientProvider from "@app/providers/ClientProvider";
 import { redirect } from "next/navigation";
 import { HorizontalTabs } from "@app/components/HorizontalTabs";
 import { getTranslations } from "next-intl/server";
+import { build } from "@server/build";
 
 type SettingsLayoutProps = {
     children: React.ReactNode;
@@ -38,10 +39,13 @@ export default async function SettingsLayout(props: SettingsLayoutProps) {
             title: t('general'),
             href: `/{orgId}/settings/clients/{clientId}/general`
         },
-        {
+        ...(build === 'enterprise'
-            title: t('credentials'),
+            ? [{
-            href: `/{orgId}/settings/clients/{clientId}/credentials`
+                title: t('credentials'),
-        }
+                href: `/{orgId}/settings/clients/{clientId}/credentials`
+            },
+            ]
+            : []),
     ];
 
     return (

src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx

@@ -95,7 +95,7 @@ PersistentKeepalive = 5`;
                 );
             }
 
-            await api.post(`/site/${site?.siteId}/regenerate-secret`, {
+            await api.post(`/re-key/${site?.siteId}/regenerate-site-secret`, {
                 type: "wireguard",
                 subnet: res.data.data.subnet,
                 exitNodeId: res.data.data.exitNodeId,
@@ -109,7 +109,7 @@ PersistentKeepalive = 5`;
                 const data = res.data.data;
                 setSiteDefaults(data);
 
-                await api.post(`/site/${site?.siteId}/regenerate-secret`, {
+                await api.post(`/re-key/${site?.siteId}/regenerate-site-secret`, {
                     type: "newt",
                     newtId: data.newtId,
                     newtSecret: data.newtSecret

src/app/[orgId]/settings/sites/[niceId]/layout.tsx

@@ -8,6 +8,7 @@ import { HorizontalTabs } from "@app/components/HorizontalTabs";
 import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
 import SiteInfoCard from "../../../../../components/SiteInfoCard";
 import { getTranslations } from "next-intl/server";
+import { build } from "@server/build";
 
 interface SettingsLayoutProps {
     children: React.ReactNode;
@@ -37,7 +38,7 @@ export default async function SettingsLayout(props: SettingsLayoutProps) {
             title: t('general'),
             href: `/${params.orgId}/settings/sites/${params.niceId}/general`,
         },
-        ...(site.type !== 'local'
+        ...(site.type !== 'local' && build === 'enterprise'
             ? [
                 {
                     title: t('credentials'),