wip: add admin abac

src/server/api/admin/general.get.ts

@@ -1,4 +1,4 @@
-export default definePermissionEventHandler(actions.ADMIN, async () => {
+export default definePermissionEventHandler('admin', 'any', async () => {
   const generalConfig = await Database.general.getConfig();
   return generalConfig;
 });

src/server/api/admin/general.post.ts

@@ -1,7 +1,8 @@
 import { GeneralUpdateSchema } from '#db/repositories/general/types';
 
 export default definePermissionEventHandler(
-  actions.ADMIN,
+  'admin',
+  'any',
   async ({ event }) => {
     const data = await readValidatedBody(
       event,

src/server/api/admin/hooks.get.ts

@@ -1,4 +1,4 @@
-export default definePermissionEventHandler(actions.ADMIN, async () => {
+export default definePermissionEventHandler('admin', 'any', async () => {
   const hooks = await Database.hooks.get();
   return hooks;
 });

src/server/api/admin/hooks.post.ts

@@ -1,7 +1,8 @@
 import { HooksUpdateSchema } from '#db/repositories/hooks/types';
 
 export default definePermissionEventHandler(
-  actions.ADMIN,
+  'admin',
+  'any',
   async ({ event }) => {
     const data = await readValidatedBody(
       event,

src/server/api/admin/interface/cidr.post.ts

@@ -1,7 +1,8 @@
 import { InterfaceCidrUpdateSchema } from '#db/repositories/interface/types';
 
 export default definePermissionEventHandler(
-  actions.ADMIN,
+  'admin',
+  'any',
   async ({ event }) => {
     const data = await readValidatedBody(
       event,

src/server/api/admin/interface/index.get.ts

@@ -1,4 +1,4 @@
-export default definePermissionEventHandler(actions.ADMIN, async () => {
+export default definePermissionEventHandler('admin', 'any', async () => {
   const wgInterface = await Database.interfaces.get();
 
   return {

src/server/api/admin/interface/index.post.ts

@@ -1,7 +1,8 @@
 import { InterfaceUpdateSchema } from '#db/repositories/interface/types';
 
 export default definePermissionEventHandler(
-  actions.ADMIN,
+  'admin',
+  'any',
   async ({ event }) => {
     const data = await readValidatedBody(
       event,

src/server/api/admin/userconfig.get.ts

@@ -1,4 +1,4 @@
-export default definePermissionEventHandler(actions.ADMIN, async () => {
+export default definePermissionEventHandler('admin', 'any', async () => {
   const userConfig = await Database.userConfigs.get();
   return userConfig;
 });

src/server/api/admin/userconfig.post.ts

@@ -1,7 +1,8 @@
 import { UserConfigUpdateSchema } from '#db/repositories/userConfig/types';
 
 export default definePermissionEventHandler(
-  actions.ADMIN,
+  'admin',
+  'any',
   async ({ event }) => {
     const data = await readValidatedBody(
       event,

src/server/api/wireguard/backup.get.ts

@@ -1,9 +0,0 @@
-export default definePermissionEventHandler(
-  actions.ADMIN,
-  async (/*{ event }*/) => {
-    /*const config = await WireGuard.backupConfiguration();
-    setHeader(event, 'Content-Disposition', 'attachment; filename="wg0.json"');
-    setHeader(event, 'Content-Type', 'text/json');
-    return config;*/
-  }
-);

src/server/api/wireguard/restore.put.ts

@@ -1,8 +0,0 @@
-export default definePermissionEventHandler(
-  actions.ADMIN,
-  async (/*{ event }*/) => {
-    /*const { file } = await readValidatedBody(event, validateZod(fileType));
-    await WireGuard.restoreConfiguration(file);
-    return { success: true };*/
-  }
-);

src/server/database/repositories/client/service.ts

@@ -19,7 +19,10 @@ function createPreparedStatement(db: DBType) {
       .findFirst({ where: eq(client.id, sql.placeholder('id')) })
       .prepare(),
     findByUserId: db.query.client
-      .findMany({ where: eq(client.userId, sql.placeholder('userId')) })
+      .findMany({
+        where: eq(client.userId, sql.placeholder('userId')),
+        with: { oneTimeLink: true },
+      })
       .prepare(),
     toggle: db
       .update(client)

src/server/routes/cnf/[oneTimeLink].ts

@@ -5,7 +5,7 @@ export default defineEventHandler(async (event) => {
     event,
     validateZod(OneTimeLinkGetSchema)
   );
-  const clients = await WireGuard.getClients();
+  const clients = await WireGuard.getAllClients();
   const client = clients.find(
     (client) => client.oneTimeLink?.oneTimeLink === oneTimeLink
   );

src/server/routes/metrics/json.get.ts

@@ -3,7 +3,7 @@ export default defineMetricsHandler('json', async () => {
 });
 
 async function getMetricsJSON() {
-  const clients = await WireGuard.getClients();
+  const clients = await WireGuard.getAllClients();
   let wireguardPeerCount = 0;
   let wireguardEnabledPeersCount = 0;
   let wireguardConnectedPeersCount = 0;

src/server/routes/metrics/prometheus.get.ts

@@ -5,7 +5,7 @@ export default defineMetricsHandler('prometheus', async ({ event }) => {
 
 async function getPrometheusResponse() {
   const wgInterface = await Database.interfaces.get();
-  const clients = await WireGuard.getClients();
+  const clients = await WireGuard.getAllClients();
   let wireguardPeerCount = 0;
   let wireguardEnabledPeersCount = 0;
   let wireguardConnectedPeersCount = 0;

src/shared/utils/permissions.ts

@@ -43,6 +43,10 @@ export type Permissions = {
     dataType: ClientType;
     action: 'view' | 'create' | 'update' | 'delete' | 'custom';
   };
+  admin: {
+    dataType: never;
+    action: 'any';
+  };
 };
 
 export const ROLES = {
@@ -54,6 +58,9 @@ export const ROLES = {
       delete: true,
       custom: true,
     },
+    admin: {
+      any: true,
+    },
   },
   CLIENT: {
     clients: {
@@ -63,6 +70,9 @@ export const ROLES = {
       delete: (user, client) => user.id === client.userId,
       custom: true,
     },
+    admin: {
+      any: false,
+    },
   },
 } as const satisfies RolesWithPermissions;