Merge branch 'dev' into msg-opt

2026-03-24 19:46:38 +00:00 · 2026-03-23 16:00:50 -07:00
parent b01fcc70fe 7c8b865379
commit c660df55cd
203 changed files with 4955 additions and 4932 deletions
--- a/server/routers/siteResource/addClientToSiteResource.ts
+++ b/server/routers/siteResource/addClientToSiteResource.ts
@@ -30,7 +30,7 @@ registry.registerPath({
    path: "/site-resource/{siteResourceId}/clients/add",
    description:
        "Add a single client to a site resource. Clients with a userId cannot be added.",
-    tags: [OpenAPITags.Resource, OpenAPITags.Client],
+    tags: [OpenAPITags.PrivateResource, OpenAPITags.Client],
    request: {
        params: addClientToSiteResourceParamsSchema,
        body: {
--- a/server/routers/siteResource/addRoleToSiteResource.ts
+++ b/server/routers/siteResource/addRoleToSiteResource.ts
@@ -30,7 +30,7 @@ registry.registerPath({
    method: "post",
    path: "/site-resource/{siteResourceId}/roles/add",
    description: "Add a single role to a site resource.",
-    tags: [OpenAPITags.Resource, OpenAPITags.Role],
+    tags: [OpenAPITags.PrivateResource, OpenAPITags.Role],
    request: {
        params: addRoleToSiteResourceParamsSchema,
        body: {
--- a/server/routers/siteResource/addUserToSiteResource.ts
+++ b/server/routers/siteResource/addUserToSiteResource.ts
@@ -30,7 +30,7 @@ registry.registerPath({
    method: "post",
    path: "/site-resource/{siteResourceId}/users/add",
    description: "Add a single user to a site resource.",
-    tags: [OpenAPITags.Resource, OpenAPITags.User],
+    tags: [OpenAPITags.PrivateResource, OpenAPITags.User],
    request: {
        params: addUserToSiteResourceParamsSchema,
        body: {
--- a/server/routers/siteResource/batchAddClientToSiteResources.ts
+++ b/server/routers/siteResource/batchAddClientToSiteResources.ts
@@ -0,0 +1,247 @@
+import { Request, Response, NextFunction } from "express";
+import { z } from "zod";
+import {
+    db,
+    clients,
+    clientSiteResources,
+    siteResources,
+    apiKeyOrg
+} from "@server/db";
+import response from "@server/lib/response";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import logger from "@server/logger";
+import { fromError } from "zod-validation-error";
+import { eq, and, inArray } from "drizzle-orm";
+import { OpenAPITags, registry } from "@server/openApi";
+import {
+    rebuildClientAssociationsFromClient,
+    rebuildClientAssociationsFromSiteResource
+} from "@server/lib/rebuildClientAssociations";
+
+const batchAddClientToSiteResourcesParamsSchema = z
+    .object({
+        clientId: z.string().transform(Number).pipe(z.number().int().positive())
+    })
+    .strict();
+
+const batchAddClientToSiteResourcesBodySchema = z
+    .object({
+        siteResourceIds: z
+            .array(z.number().int().positive())
+            .min(1, "At least one siteResourceId is required")
+    })
+    .strict();
+
+registry.registerPath({
+    method: "post",
+    path: "/client/{clientId}/site-resources",
+    description: "Add a machine client to multiple site resources at once.",
+    tags: [OpenAPITags.Client],
+    request: {
+        params: batchAddClientToSiteResourcesParamsSchema,
+        body: {
+            content: {
+                "application/json": {
+                    schema: batchAddClientToSiteResourcesBodySchema
+                }
+            }
+        }
+    },
+    responses: {}
+});
+
+export async function batchAddClientToSiteResources(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const apiKey = req.apiKey;
+        if (!apiKey) {
+            return next(
+                createHttpError(HttpCode.UNAUTHORIZED, "Key not authenticated")
+            );
+        }
+
+        const parsedParams =
+            batchAddClientToSiteResourcesParamsSchema.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error).toString()
+                )
+            );
+        }
+
+        const parsedBody = batchAddClientToSiteResourcesBodySchema.safeParse(
+            req.body
+        );
+        if (!parsedBody.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedBody.error).toString()
+                )
+            );
+        }
+
+        const { clientId } = parsedParams.data;
+        const { siteResourceIds } = parsedBody.data;
+        const uniqueSiteResourceIds = [...new Set(siteResourceIds)];
+
+        const batchSiteResources = await db
+            .select()
+            .from(siteResources)
+            .where(
+                inArray(siteResources.siteResourceId, uniqueSiteResourceIds)
+            );
+
+        if (batchSiteResources.length !== uniqueSiteResourceIds.length) {
+            return next(
+                createHttpError(
+                    HttpCode.NOT_FOUND,
+                    "One or more site resources not found"
+                )
+            );
+        }
+
+        if (!apiKey.isRoot) {
+            const orgIds = [
+                ...new Set(batchSiteResources.map((sr) => sr.orgId))
+            ];
+            if (orgIds.length > 1) {
+                return next(
+                    createHttpError(
+                        HttpCode.BAD_REQUEST,
+                        "All site resources must belong to the same organization"
+                    )
+                );
+            }
+            const orgId = orgIds[0];
+            const [apiKeyOrgRow] = await db
+                .select()
+                .from(apiKeyOrg)
+                .where(
+                    and(
+                        eq(apiKeyOrg.apiKeyId, apiKey.apiKeyId),
+                        eq(apiKeyOrg.orgId, orgId)
+                    )
+                )
+                .limit(1);
+
+            if (!apiKeyOrgRow) {
+                return next(
+                    createHttpError(
+                        HttpCode.FORBIDDEN,
+                        "Key does not have access to the organization of the specified site resources"
+                    )
+                );
+            }
+
+            const [clientInOrg] = await db
+                .select()
+                .from(clients)
+                .where(
+                    and(
+                        eq(clients.clientId, clientId),
+                        eq(clients.orgId, orgId)
+                    )
+                )
+                .limit(1);
+
+            if (!clientInOrg) {
+                return next(
+                    createHttpError(
+                        HttpCode.FORBIDDEN,
+                        "Key does not have access to the specified client"
+                    )
+                );
+            }
+        }
+
+        const [client] = await db
+            .select()
+            .from(clients)
+            .where(eq(clients.clientId, clientId))
+            .limit(1);
+
+        if (!client) {
+            return next(
+                createHttpError(HttpCode.NOT_FOUND, "Client not found")
+            );
+        }
+
+        if (client.userId !== null) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    "This endpoint only supports machine (non-user) clients; the specified client is associated with a user"
+                )
+            );
+        }
+
+        const existingEntries = await db
+            .select({
+                siteResourceId: clientSiteResources.siteResourceId
+            })
+            .from(clientSiteResources)
+            .where(
+                and(
+                    eq(clientSiteResources.clientId, clientId),
+                    inArray(
+                        clientSiteResources.siteResourceId,
+                        batchSiteResources.map((sr) => sr.siteResourceId)
+                    )
+                )
+            );
+
+        const existingSiteResourceIds = new Set(
+            existingEntries.map((e) => e.siteResourceId)
+        );
+        const siteResourcesToAdd = batchSiteResources.filter(
+            (sr) => !existingSiteResourceIds.has(sr.siteResourceId)
+        );
+
+        if (siteResourcesToAdd.length === 0) {
+            return next(
+                createHttpError(
+                    HttpCode.CONFLICT,
+                    "Client is already assigned to all specified site resources"
+                )
+            );
+        }
+
+        await db.transaction(async (trx) => {
+            for (const siteResource of siteResourcesToAdd) {
+                await trx.insert(clientSiteResources).values({
+                    clientId,
+                    siteResourceId: siteResource.siteResourceId
+                });
+            }
+
+            await rebuildClientAssociationsFromClient(client, trx);
+        });
+
+        return response(res, {
+            data: {
+                addedCount: siteResourcesToAdd.length,
+                skippedCount:
+                    batchSiteResources.length - siteResourcesToAdd.length,
+                siteResourceIds: siteResourcesToAdd.map(
+                    (sr) => sr.siteResourceId
+                )
+            },
+            success: true,
+            error: false,
+            message: `Client added to ${siteResourcesToAdd.length} site resource(s) successfully`,
+            status: HttpCode.CREATED
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
--- a/server/routers/siteResource/createSiteResource.ts
+++ b/server/routers/siteResource/createSiteResource.ts
@@ -114,7 +114,7 @@ registry.registerPath({
    method: "put",
    path: "/org/{orgId}/site-resource",
    description: "Create a new site resource.",
-    tags: [OpenAPITags.Client, OpenAPITags.Org],
+    tags: [OpenAPITags.PrivateResource],
    request: {
        params: createSiteResourceParamsSchema,
        body: {
--- a/server/routers/siteResource/deleteSiteResource.ts
+++ b/server/routers/siteResource/deleteSiteResource.ts
@@ -23,7 +23,7 @@ registry.registerPath({
    method: "delete",
    path: "/site-resource/{siteResourceId}",
    description: "Delete a site resource.",
-    tags: [OpenAPITags.Client, OpenAPITags.Org],
+    tags: [OpenAPITags.PrivateResource],
    request: {
        params: deleteSiteResourceParamsSchema
    },
--- a/server/routers/siteResource/getSiteResource.ts
+++ b/server/routers/siteResource/getSiteResource.ts
@@ -65,7 +65,7 @@ registry.registerPath({
    method: "get",
    path: "/site-resource/{siteResourceId}",
    description: "Get a specific site resource by siteResourceId.",
-    tags: [OpenAPITags.Client, OpenAPITags.Org],
+    tags: [OpenAPITags.PrivateResource],
    request: {
        params: z.object({
            siteResourceId: z.number(),
@@ -80,7 +80,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/site/{siteId}/resource/nice/{niceId}",
    description: "Get a specific site resource by niceId.",
-    tags: [OpenAPITags.Client, OpenAPITags.Org],
+    tags: [OpenAPITags.PrivateResource],
    request: {
        params: z.object({
            niceId: z.string(),
--- a/server/routers/siteResource/index.ts
+++ b/server/routers/siteResource/index.ts
@@ -15,4 +15,5 @@ export * from "./addUserToSiteResource";
 export * from "./removeUserFromSiteResource";
 export * from "./setSiteResourceClients";
 export * from "./addClientToSiteResource";
+export * from "./batchAddClientToSiteResources";
 export * from "./removeClientFromSiteResource";
--- a/server/routers/siteResource/listAllSiteResourcesByOrg.ts
+++ b/server/routers/siteResource/listAllSiteResourcesByOrg.ts
@@ -112,7 +112,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/site-resources",
    description: "List all site resources for an organization.",
-    tags: [OpenAPITags.Client, OpenAPITags.Org],
+    tags: [OpenAPITags.PrivateResource],
    request: {
        params: listAllSiteResourcesByOrgParamsSchema,
        query: listAllSiteResourcesByOrgQuerySchema
--- a/server/routers/siteResource/listSiteResourceClients.ts
+++ b/server/routers/siteResource/listSiteResourceClients.ts
@@ -39,7 +39,7 @@ registry.registerPath({
    method: "get",
    path: "/site-resource/{siteResourceId}/clients",
    description: "List all clients for a site resource.",
-    tags: [OpenAPITags.Resource, OpenAPITags.Client],
+    tags: [OpenAPITags.PrivateResource, OpenAPITags.Client],
    request: {
        params: listSiteResourceClientsSchema
    },
--- a/server/routers/siteResource/listSiteResourceRoles.ts
+++ b/server/routers/siteResource/listSiteResourceRoles.ts
@@ -40,7 +40,7 @@ registry.registerPath({
    method: "get",
    path: "/site-resource/{siteResourceId}/roles",
    description: "List all roles for a site resource.",
-    tags: [OpenAPITags.Resource, OpenAPITags.Role],
+    tags: [OpenAPITags.PrivateResource, OpenAPITags.Role],
    request: {
        params: listSiteResourceRolesSchema
    },
--- a/server/routers/siteResource/listSiteResourceUsers.ts
+++ b/server/routers/siteResource/listSiteResourceUsers.ts
@@ -43,7 +43,7 @@ registry.registerPath({
    method: "get",
    path: "/site-resource/{siteResourceId}/users",
    description: "List all users for a site resource.",
-    tags: [OpenAPITags.Resource, OpenAPITags.User],
+    tags: [OpenAPITags.PrivateResource, OpenAPITags.User],
    request: {
        params: listSiteResourceUsersSchema
    },
--- a/server/routers/siteResource/listSiteResources.ts
+++ b/server/routers/siteResource/listSiteResources.ts
@@ -58,7 +58,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/site/{siteId}/resources",
    description: "List site resources for a site.",
-    tags: [OpenAPITags.Client, OpenAPITags.Org],
+    tags: [OpenAPITags.PrivateResource],
    request: {
        params: listSiteResourcesParamsSchema,
        query: listSiteResourcesQuerySchema
--- a/server/routers/siteResource/removeClientFromSiteResource.ts
+++ b/server/routers/siteResource/removeClientFromSiteResource.ts
@@ -30,7 +30,7 @@ registry.registerPath({
    path: "/site-resource/{siteResourceId}/clients/remove",
    description:
        "Remove a single client from a site resource. Clients with a userId cannot be removed.",
-    tags: [OpenAPITags.Resource, OpenAPITags.Client],
+    tags: [OpenAPITags.PrivateResource, OpenAPITags.Client],
    request: {
        params: removeClientFromSiteResourceParamsSchema,
        body: {
--- a/server/routers/siteResource/removeRoleFromSiteResource.ts
+++ b/server/routers/siteResource/removeRoleFromSiteResource.ts
@@ -30,7 +30,7 @@ registry.registerPath({
    method: "post",
    path: "/site-resource/{siteResourceId}/roles/remove",
    description: "Remove a single role from a site resource.",
-    tags: [OpenAPITags.Resource, OpenAPITags.Role],
+    tags: [OpenAPITags.PrivateResource, OpenAPITags.Role],
    request: {
        params: removeRoleFromSiteResourceParamsSchema,
        body: {
--- a/server/routers/siteResource/removeUserFromSiteResource.ts
+++ b/server/routers/siteResource/removeUserFromSiteResource.ts
@@ -30,7 +30,7 @@ registry.registerPath({
    method: "post",
    path: "/site-resource/{siteResourceId}/users/remove",
    description: "Remove a single user from a site resource.",
-    tags: [OpenAPITags.Resource, OpenAPITags.User],
+    tags: [OpenAPITags.PrivateResource, OpenAPITags.User],
    request: {
        params: removeUserFromSiteResourceParamsSchema,
        body: {
--- a/server/routers/siteResource/setSiteResourceClients.ts
+++ b/server/routers/siteResource/setSiteResourceClients.ts
@@ -30,7 +30,7 @@ registry.registerPath({
    path: "/site-resource/{siteResourceId}/clients",
    description:
        "Set clients for a site resource. This will replace all existing clients. Clients with a userId cannot be added.",
-    tags: [OpenAPITags.Resource, OpenAPITags.Client],
+    tags: [OpenAPITags.PrivateResource, OpenAPITags.Client],
    request: {
        params: setSiteResourceClientsParamsSchema,
        body: {
--- a/server/routers/siteResource/setSiteResourceRoles.ts
+++ b/server/routers/siteResource/setSiteResourceRoles.ts
@@ -31,7 +31,7 @@ registry.registerPath({
    path: "/site-resource/{siteResourceId}/roles",
    description:
        "Set roles for a site resource. This will replace all existing roles.",
-    tags: [OpenAPITags.Resource, OpenAPITags.Role],
+    tags: [OpenAPITags.PrivateResource, OpenAPITags.Role],
    request: {
        params: setSiteResourceRolesParamsSchema,
        body: {
--- a/server/routers/siteResource/setSiteResourceUsers.ts
+++ b/server/routers/siteResource/setSiteResourceUsers.ts
@@ -31,7 +31,7 @@ registry.registerPath({
    path: "/site-resource/{siteResourceId}/users",
    description:
        "Set users for a site resource. This will replace all existing users.",
-    tags: [OpenAPITags.Resource, OpenAPITags.User],
+    tags: [OpenAPITags.PrivateResource, OpenAPITags.User],
    request: {
        params: setSiteResourceUsersParamsSchema,
        body: {
--- a/server/routers/siteResource/updateSiteResource.ts
+++ b/server/routers/siteResource/updateSiteResource.ts
@@ -121,7 +121,7 @@ registry.registerPath({
    method: "post",
    path: "/site-resource/{siteResourceId}",
    description: "Update a site resource.",
-    tags: [OpenAPITags.Client, OpenAPITags.Org],
+    tags: [OpenAPITags.PrivateResource],
    request: {
        params: updateSiteResourceParamsSchema,
        body: {
@@ -620,7 +620,7 @@ export async function handleMessagingForUpdatedSiteResource(
            await updateTargets(newt.newtId, {
                oldTargets: oldTarget ? [oldTarget] : [],
                newTargets: newTarget ? [newTarget] : []
-            });
+            }, newt.version);
        }

        const olmJobs: Promise<void>[] = [];