mirror of
https://github.com/fosrl/pangolin.git
synced 2026-03-01 16:26:39 +00:00
move re-key API routes to private api
This commit is contained in:
Pallavi Kumari
@@ -2111,7 +2111,7 @@
|
|||||||
"confirm": "Confirm",
|
"confirm": "Confirm",
|
||||||
"regenerateCredentialsConfirmation": "Are you sure you want to regenerate the credentials?",
|
"regenerateCredentialsConfirmation": "Are you sure you want to regenerate the credentials?",
|
||||||
"endpoint": "Endpoint",
|
"endpoint": "Endpoint",
|
||||||
"id": "Id",
|
"Id": "Id",
|
||||||
"SecretKey": "Secret Key",
|
"SecretKey": "Secret Key",
|
||||||
"featureDisabledTooltip": "This feature is only available in the enterprise plan and require a license to use it."
|
"featureDisabledTooltip": "This feature is only available in the enterprise plan and require a license to use it."
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -23,11 +23,15 @@ import * as license from "#private/routers/license";
|
|||||||
import * as generateLicense from "./generatedLicense";
|
import * as generateLicense from "./generatedLicense";
|
||||||
import * as logs from "#private/routers/auditLogs";
|
import * as logs from "#private/routers/auditLogs";
|
||||||
import * as misc from "#private/routers/misc";
|
import * as misc from "#private/routers/misc";
|
||||||
|
import * as reKey from "#private/routers/re-key";
|
||||||
|
|
||||||
import {
|
import {
|
||||||
verifyOrgAccess,
|
verifyOrgAccess,
|
||||||
verifyUserHasAction,
|
verifyUserHasAction,
|
||||||
verifyUserIsServerAdmin
|
verifyUserIsServerAdmin,
|
||||||
|
verifySiteAccess,
|
||||||
|
verifyClientAccess,
|
||||||
|
verifyClientsEnabled,
|
||||||
} from "@server/middlewares";
|
} from "@server/middlewares";
|
||||||
import { ActionsEnum } from "@server/auth/actions";
|
import { ActionsEnum } from "@server/auth/actions";
|
||||||
import {
|
import {
|
||||||
@@ -236,14 +240,6 @@ authenticated.put(
|
|||||||
remoteExitNode.createRemoteExitNode
|
remoteExitNode.createRemoteExitNode
|
||||||
);
|
);
|
||||||
|
|
||||||
authenticated.put(
|
|
||||||
"/org/:orgId/reGenerate-remote-exit-node-secret",
|
|
||||||
verifyValidLicense,
|
|
||||||
verifyOrgAccess,
|
|
||||||
verifyUserHasAction(ActionsEnum.updateRemoteExitNode),
|
|
||||||
remoteExitNode.reGenerateExitNodeSecret
|
|
||||||
);
|
|
||||||
|
|
||||||
authenticated.get(
|
authenticated.get(
|
||||||
"/org/:orgId/remote-exit-nodes",
|
"/org/:orgId/remote-exit-nodes",
|
||||||
verifyValidLicense,
|
verifyValidLicense,
|
||||||
@@ -411,3 +407,26 @@ authenticated.get(
|
|||||||
logActionAudit(ActionsEnum.exportLogs),
|
logActionAudit(ActionsEnum.exportLogs),
|
||||||
logs.exportAccessAuditLogs
|
logs.exportAccessAuditLogs
|
||||||
);
|
);
|
||||||
|
|
||||||
|
authenticated.post(
|
||||||
|
"/re-key/:clientId/regenerate-client-secret",
|
||||||
|
verifyClientsEnabled,
|
||||||
|
verifyClientAccess,
|
||||||
|
verifyUserHasAction(ActionsEnum.reGenerateSecret),
|
||||||
|
reKey.reGenerateClientSecret
|
||||||
|
);
|
||||||
|
|
||||||
|
authenticated.post(
|
||||||
|
"/re-key/:siteId/regenerate-site-secret",
|
||||||
|
verifySiteAccess,
|
||||||
|
verifyUserHasAction(ActionsEnum.reGenerateSecret),
|
||||||
|
reKey.reGenerateSiteSecret
|
||||||
|
);
|
||||||
|
|
||||||
|
authenticated.put(
|
||||||
|
"/re-key/:orgId/reGenerate-remote-exit-node-secret",
|
||||||
|
verifyValidLicense,
|
||||||
|
verifyOrgAccess,
|
||||||
|
verifyUserHasAction(ActionsEnum.updateRemoteExitNode),
|
||||||
|
reKey.reGenerateExitNodeSecret
|
||||||
|
);
|
||||||
|
|||||||
3
server/private/routers/re-key/index.ts
Normal file
3
server/private/routers/re-key/index.ts
Normal file
@@ -0,0 +1,3 @@
|
|||||||
|
export * from "./reGenerateClientSecret";
|
||||||
|
export * from "./reGenerateSiteSecret";
|
||||||
|
export * from "./reGenerateExitNodeSecret";
|
||||||
@@ -29,7 +29,7 @@ export type ReGenerateSecretBody = z.infer<typeof reGenerateSecretBodySchema>;
|
|||||||
|
|
||||||
registry.registerPath({
|
registry.registerPath({
|
||||||
method: "post",
|
method: "post",
|
||||||
path: "/client/{clientId}/regenerate-secret",
|
path: "/re-key/{clientId}/regenerate-client-secret",
|
||||||
description: "Regenerate a client's OLM credentials by its client ID.",
|
description: "Regenerate a client's OLM credentials by its client ID.",
|
||||||
tags: [OpenAPITags.Client],
|
tags: [OpenAPITags.Client],
|
||||||
request: {
|
request: {
|
||||||
@@ -23,7 +23,11 @@ import { hashPassword } from "@server/auth/password";
|
|||||||
import logger from "@server/logger";
|
import logger from "@server/logger";
|
||||||
import { and, eq } from "drizzle-orm";
|
import { and, eq } from "drizzle-orm";
|
||||||
import { UpdateRemoteExitNodeResponse } from "@server/routers/remoteExitNode/types";
|
import { UpdateRemoteExitNodeResponse } from "@server/routers/remoteExitNode/types";
|
||||||
import { paramsSchema } from "./createRemoteExitNode";
|
import { OpenAPITags, registry } from "@server/openApi";
|
||||||
|
|
||||||
|
export const paramsSchema = z.object({
|
||||||
|
orgId: z.string()
|
||||||
|
});
|
||||||
|
|
||||||
const bodySchema = z
|
const bodySchema = z
|
||||||
.object({
|
.object({
|
||||||
@@ -32,6 +36,25 @@ const bodySchema = z
|
|||||||
})
|
})
|
||||||
.strict();
|
.strict();
|
||||||
|
|
||||||
|
|
||||||
|
registry.registerPath({
|
||||||
|
method: "post",
|
||||||
|
path: "/re-key/{orgId}/regenerate-secret",
|
||||||
|
description: "Regenerate a exit node credentials by its org ID.",
|
||||||
|
tags: [OpenAPITags.Org],
|
||||||
|
request: {
|
||||||
|
params: paramsSchema,
|
||||||
|
body: {
|
||||||
|
content: {
|
||||||
|
"application/json": {
|
||||||
|
schema: bodySchema
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
responses: {}
|
||||||
|
});
|
||||||
|
|
||||||
export async function reGenerateExitNodeSecret(
|
export async function reGenerateExitNodeSecret(
|
||||||
req: Request,
|
req: Request,
|
||||||
res: Response,
|
res: Response,
|
||||||
@@ -9,7 +9,7 @@ import logger from "@server/logger";
|
|||||||
import { fromError } from "zod-validation-error";
|
import { fromError } from "zod-validation-error";
|
||||||
import { OpenAPITags, registry } from "@server/openApi";
|
import { OpenAPITags, registry } from "@server/openApi";
|
||||||
import { hashPassword } from "@server/auth/password";
|
import { hashPassword } from "@server/auth/password";
|
||||||
import { addPeer } from "../gerbil/peers";
|
import { addPeer } from "@server/routers/gerbil/peers";
|
||||||
|
|
||||||
|
|
||||||
const updateSiteParamsSchema = z
|
const updateSiteParamsSchema = z
|
||||||
@@ -31,7 +31,7 @@ const updateSiteBodySchema = z
|
|||||||
|
|
||||||
registry.registerPath({
|
registry.registerPath({
|
||||||
method: "post",
|
method: "post",
|
||||||
path: "/site/{siteId}/regenerate-secret",
|
path: "/re-key/{siteId}/regenerate-site-secret",
|
||||||
description: "Regenerate a site's Newt or WireGuard credentials by its site ID.",
|
description: "Regenerate a site's Newt or WireGuard credentials by its site ID.",
|
||||||
tags: [OpenAPITags.Site],
|
tags: [OpenAPITags.Site],
|
||||||
request: {
|
request: {
|
||||||
@@ -21,4 +21,3 @@ export * from "./deleteRemoteExitNode";
|
|||||||
export * from "./listRemoteExitNodes";
|
export * from "./listRemoteExitNodes";
|
||||||
export * from "./pickRemoteExitNodeDefaults";
|
export * from "./pickRemoteExitNodeDefaults";
|
||||||
export * from "./quickStartRemoteExitNode";
|
export * from "./quickStartRemoteExitNode";
|
||||||
export * from "./reGenerateExitNodeSecret";
|
|
||||||
|
|||||||
@@ -3,5 +3,4 @@ export * from "./createClient";
|
|||||||
export * from "./deleteClient";
|
export * from "./deleteClient";
|
||||||
export * from "./listClients";
|
export * from "./listClients";
|
||||||
export * from "./updateClient";
|
export * from "./updateClient";
|
||||||
export * from "./getClient";
|
export * from "./getClient";
|
||||||
export * from "./reGenerateClientSecret";
|
|
||||||
@@ -178,13 +178,6 @@ authenticated.post(
|
|||||||
client.updateClient,
|
client.updateClient,
|
||||||
);
|
);
|
||||||
|
|
||||||
authenticated.post(
|
|
||||||
"/client/:clientId/regenerate-secret",
|
|
||||||
verifyClientsEnabled,
|
|
||||||
verifyClientAccess,
|
|
||||||
verifyUserHasAction(ActionsEnum.reGenerateSecret),
|
|
||||||
client.reGenerateClientSecret
|
|
||||||
);
|
|
||||||
|
|
||||||
// authenticated.get(
|
// authenticated.get(
|
||||||
// "/site/:siteId/roles",
|
// "/site/:siteId/roles",
|
||||||
@@ -200,12 +193,6 @@ authenticated.post(
|
|||||||
site.updateSite,
|
site.updateSite,
|
||||||
);
|
);
|
||||||
|
|
||||||
authenticated.post(
|
|
||||||
"/site/:siteId/regenerate-secret",
|
|
||||||
verifySiteAccess,
|
|
||||||
verifyUserHasAction(ActionsEnum.reGenerateSecret),
|
|
||||||
site.reGenerateSiteSecret
|
|
||||||
);
|
|
||||||
authenticated.delete(
|
authenticated.delete(
|
||||||
"/site/:siteId",
|
"/site/:siteId",
|
||||||
verifySiteAccess,
|
verifySiteAccess,
|
||||||
|
|||||||
@@ -5,5 +5,4 @@ export * from "./updateSite";
|
|||||||
export * from "./listSites";
|
export * from "./listSites";
|
||||||
export * from "./listSiteRoles";
|
export * from "./listSiteRoles";
|
||||||
export * from "./pickSiteDefaults";
|
export * from "./pickSiteDefaults";
|
||||||
export * from "./socketIntegration";
|
export * from "./socketIntegration";
|
||||||
export * from "./reGenerateSiteSecret";
|
|
||||||
@@ -59,7 +59,7 @@ export default function CredentialsPage() {
|
|||||||
setCredentials(data);
|
setCredentials(data);
|
||||||
|
|
||||||
await api.put<AxiosResponse<QuickStartRemoteExitNodeResponse>>(
|
await api.put<AxiosResponse<QuickStartRemoteExitNodeResponse>>(
|
||||||
`/org/${orgId}/reGenerate-remote-exit-node-secret`,
|
`/re-key/${orgId}/reGenerate-remote-exit-node-secret`,
|
||||||
{
|
{
|
||||||
remoteExitNodeId: remoteExitNode.remoteExitNodeId,
|
remoteExitNodeId: remoteExitNode.remoteExitNodeId,
|
||||||
secret: data.secret,
|
secret: data.secret,
|
||||||
|
|||||||
@@ -52,7 +52,7 @@ export default function CredentialsPage() {
|
|||||||
const data = res.data.data;
|
const data = res.data.data;
|
||||||
setClientDefaults(data);
|
setClientDefaults(data);
|
||||||
|
|
||||||
await api.post(`/client/${client?.clientId}/regenerate-secret`, {
|
await api.post(`/re-key/${client?.clientId}/regenerate-client-secret`, {
|
||||||
olmId: data.olmId,
|
olmId: data.olmId,
|
||||||
secret: data.olmSecret,
|
secret: data.olmSecret,
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -8,6 +8,7 @@ import ClientProvider from "@app/providers/ClientProvider";
|
|||||||
import { redirect } from "next/navigation";
|
import { redirect } from "next/navigation";
|
||||||
import { HorizontalTabs } from "@app/components/HorizontalTabs";
|
import { HorizontalTabs } from "@app/components/HorizontalTabs";
|
||||||
import { getTranslations } from "next-intl/server";
|
import { getTranslations } from "next-intl/server";
|
||||||
|
import { build } from "@server/build";
|
||||||
|
|
||||||
type SettingsLayoutProps = {
|
type SettingsLayoutProps = {
|
||||||
children: React.ReactNode;
|
children: React.ReactNode;
|
||||||
@@ -38,10 +39,13 @@ export default async function SettingsLayout(props: SettingsLayoutProps) {
|
|||||||
title: t('general'),
|
title: t('general'),
|
||||||
href: `/{orgId}/settings/clients/{clientId}/general`
|
href: `/{orgId}/settings/clients/{clientId}/general`
|
||||||
},
|
},
|
||||||
{
|
...(build === 'enterprise'
|
||||||
title: t('credentials'),
|
? [{
|
||||||
href: `/{orgId}/settings/clients/{clientId}/credentials`
|
title: t('credentials'),
|
||||||
}
|
href: `/{orgId}/settings/clients/{clientId}/credentials`
|
||||||
|
},
|
||||||
|
]
|
||||||
|
: []),
|
||||||
];
|
];
|
||||||
|
|
||||||
return (
|
return (
|
||||||
|
|||||||
@@ -95,7 +95,7 @@ PersistentKeepalive = 5`;
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
await api.post(`/site/${site?.siteId}/regenerate-secret`, {
|
await api.post(`/re-key/${site?.siteId}/regenerate-site-secret`, {
|
||||||
type: "wireguard",
|
type: "wireguard",
|
||||||
subnet: res.data.data.subnet,
|
subnet: res.data.data.subnet,
|
||||||
exitNodeId: res.data.data.exitNodeId,
|
exitNodeId: res.data.data.exitNodeId,
|
||||||
@@ -109,7 +109,7 @@ PersistentKeepalive = 5`;
|
|||||||
const data = res.data.data;
|
const data = res.data.data;
|
||||||
setSiteDefaults(data);
|
setSiteDefaults(data);
|
||||||
|
|
||||||
await api.post(`/site/${site?.siteId}/regenerate-secret`, {
|
await api.post(`/re-key/${site?.siteId}/regenerate-site-secret`, {
|
||||||
type: "newt",
|
type: "newt",
|
||||||
newtId: data.newtId,
|
newtId: data.newtId,
|
||||||
newtSecret: data.newtSecret
|
newtSecret: data.newtSecret
|
||||||
|
|||||||
@@ -8,6 +8,7 @@ import { HorizontalTabs } from "@app/components/HorizontalTabs";
|
|||||||
import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
|
import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
|
||||||
import SiteInfoCard from "../../../../../components/SiteInfoCard";
|
import SiteInfoCard from "../../../../../components/SiteInfoCard";
|
||||||
import { getTranslations } from "next-intl/server";
|
import { getTranslations } from "next-intl/server";
|
||||||
|
import { build } from "@server/build";
|
||||||
|
|
||||||
interface SettingsLayoutProps {
|
interface SettingsLayoutProps {
|
||||||
children: React.ReactNode;
|
children: React.ReactNode;
|
||||||
@@ -37,7 +38,7 @@ export default async function SettingsLayout(props: SettingsLayoutProps) {
|
|||||||
title: t('general'),
|
title: t('general'),
|
||||||
href: `/${params.orgId}/settings/sites/${params.niceId}/general`,
|
href: `/${params.orgId}/settings/sites/${params.niceId}/general`,
|
||||||
},
|
},
|
||||||
...(site.type !== 'local'
|
...(site.type !== 'local' && build === 'enterprise'
|
||||||
? [
|
? [
|
||||||
{
|
{
|
||||||
title: t('credentials'),
|
title: t('credentials'),
|
||||||
|
|||||||
Reference in New Issue
Block a user