mirror
/
wg-easy
mirror of https://github.com/wg-easy/wg-easy
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

wip: add admin abac

pull/1660/head
Bernd Storath 6 months ago
parent
40368b5b06
commit
8787855913
16 changed files with 31 additions and 30 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      src/server/api/admin/general.get.ts
  2. 3
      src/server/api/admin/general.post.ts
  3. 2
      src/server/api/admin/hooks.get.ts
  4. 3
      src/server/api/admin/hooks.post.ts
  5. 3
      src/server/api/admin/interface/cidr.post.ts
  6. 2
      src/server/api/admin/interface/index.get.ts
  7. 3
      src/server/api/admin/interface/index.post.ts
  8. 2
      src/server/api/admin/userconfig.get.ts
  9. 3
      src/server/api/admin/userconfig.post.ts
  10. 9
      src/server/api/wireguard/backup.get.ts
  11. 8
      src/server/api/wireguard/restore.put.ts
  12. 5
      src/server/database/repositories/client/service.ts
  13. 2
      src/server/routes/cnf/[oneTimeLink].ts
  14. 2
      src/server/routes/metrics/json.get.ts
  15. 2
      src/server/routes/metrics/prometheus.get.ts
  16. 10
      src/shared/utils/permissions.ts

2
src/server/api/admin/general.get.ts
View File

@ -1,4 +1,4 @@
export default definePermissionEventHandler(actions.ADMIN, async () => { export default definePermissionEventHandler('admin', 'any', async () => {
const generalConfig = await Database.general.getConfig(); const generalConfig = await Database.general.getConfig();
return generalConfig; return generalConfig;
}); });

3
src/server/api/admin/general.post.ts
View File

@ -1,7 +1,8 @@
import { GeneralUpdateSchema } from '#db/repositories/general/types'; import { GeneralUpdateSchema } from '#db/repositories/general/types';
export default definePermissionEventHandler( export default definePermissionEventHandler(
actions.ADMIN, 'admin',
'any',
async ({ event }) => { async ({ event }) => {
const data = await readValidatedBody( const data = await readValidatedBody(
event, event,

2
src/server/api/admin/hooks.get.ts
View File

@ -1,4 +1,4 @@
export default definePermissionEventHandler(actions.ADMIN, async () => { export default definePermissionEventHandler('admin', 'any', async () => {
const hooks = await Database.hooks.get(); const hooks = await Database.hooks.get();
return hooks; return hooks;
}); });

3
src/server/api/admin/hooks.post.ts
View File

@ -1,7 +1,8 @@
import { HooksUpdateSchema } from '#db/repositories/hooks/types'; import { HooksUpdateSchema } from '#db/repositories/hooks/types';
export default definePermissionEventHandler( export default definePermissionEventHandler(
actions.ADMIN, 'admin',
'any',
async ({ event }) => { async ({ event }) => {
const data = await readValidatedBody( const data = await readValidatedBody(
event, event,

3
src/server/api/admin/interface/cidr.post.ts
View File

@ -1,7 +1,8 @@
import { InterfaceCidrUpdateSchema } from '#db/repositories/interface/types'; import { InterfaceCidrUpdateSchema } from '#db/repositories/interface/types';
export default definePermissionEventHandler( export default definePermissionEventHandler(
actions.ADMIN, 'admin',
'any',
async ({ event }) => { async ({ event }) => {
const data = await readValidatedBody( const data = await readValidatedBody(
event, event,

2
src/server/api/admin/interface/index.get.ts
View File

@ -1,4 +1,4 @@
export default definePermissionEventHandler(actions.ADMIN, async () => { export default definePermissionEventHandler('admin', 'any', async () => {
const wgInterface = await Database.interfaces.get(); const wgInterface = await Database.interfaces.get();
return { return {

3
src/server/api/admin/interface/index.post.ts
View File

@ -1,7 +1,8 @@
import { InterfaceUpdateSchema } from '#db/repositories/interface/types'; import { InterfaceUpdateSchema } from '#db/repositories/interface/types';
export default definePermissionEventHandler( export default definePermissionEventHandler(
actions.ADMIN, 'admin',
'any',
async ({ event }) => { async ({ event }) => {
const data = await readValidatedBody( const data = await readValidatedBody(
event, event,

2
src/server/api/admin/userconfig.get.ts
View File

@ -1,4 +1,4 @@
export default definePermissionEventHandler(actions.ADMIN, async () => { export default definePermissionEventHandler('admin', 'any', async () => {
const userConfig = await Database.userConfigs.get(); const userConfig = await Database.userConfigs.get();
return userConfig; return userConfig;
}); });

3
src/server/api/admin/userconfig.post.ts
View File

@ -1,7 +1,8 @@
import { UserConfigUpdateSchema } from '#db/repositories/userConfig/types'; import { UserConfigUpdateSchema } from '#db/repositories/userConfig/types';
export default definePermissionEventHandler( export default definePermissionEventHandler(
actions.ADMIN, 'admin',
'any',
async ({ event }) => { async ({ event }) => {
const data = await readValidatedBody( const data = await readValidatedBody(
event, event,

9
src/server/api/wireguard/backup.get.ts
View File

@ -1,9 +0,0 @@
export default definePermissionEventHandler(
actions.ADMIN,
async (/*{ event }*/) => {
/*const config = await WireGuard.backupConfiguration();
setHeader(event, 'Content-Disposition', 'attachment; filename="wg0.json"');
setHeader(event, 'Content-Type', 'text/json');
return config;*/
}
);

8
src/server/api/wireguard/restore.put.ts
View File

@ -1,8 +0,0 @@
export default definePermissionEventHandler(
actions.ADMIN,
async (/*{ event }*/) => {
/*const { file } = await readValidatedBody(event, validateZod(fileType));
await WireGuard.restoreConfiguration(file);
return { success: true };*/
}
);

5
src/server/database/repositories/client/service.ts
View File

@ -19,7 +19,10 @@ function createPreparedStatement(db: DBType) {
.findFirst({ where: eq(client.id, sql.placeholder('id')) }) .findFirst({ where: eq(client.id, sql.placeholder('id')) })
.prepare(), .prepare(),
findByUserId: db.query.client findByUserId: db.query.client
.findMany({ where: eq(client.userId, sql.placeholder('userId')) }) .findMany({
where: eq(client.userId, sql.placeholder('userId')),
with: { oneTimeLink: true },
})
.prepare(), .prepare(),
toggle: db toggle: db
.update(client) .update(client)

2
src/server/routes/cnf/[oneTimeLink].ts
View File

@ -5,7 +5,7 @@ export default defineEventHandler(async (event) => {
event, event,
validateZod(OneTimeLinkGetSchema) validateZod(OneTimeLinkGetSchema)
); );
const clients = await WireGuard.getClients(); const clients = await WireGuard.getAllClients();
const client = clients.find( const client = clients.find(
(client) => client.oneTimeLink?.oneTimeLink === oneTimeLink (client) => client.oneTimeLink?.oneTimeLink === oneTimeLink
); );

2
src/server/routes/metrics/json.get.ts
View File

@ -3,7 +3,7 @@ export default defineMetricsHandler('json', async () => {
}); });
async function getMetricsJSON() { async function getMetricsJSON() {
const clients = await WireGuard.getClients(); const clients = await WireGuard.getAllClients();
let wireguardPeerCount = 0; let wireguardPeerCount = 0;
let wireguardEnabledPeersCount = 0; let wireguardEnabledPeersCount = 0;
let wireguardConnectedPeersCount = 0; let wireguardConnectedPeersCount = 0;

2
src/server/routes/metrics/prometheus.get.ts
View File

@ -5,7 +5,7 @@ export default defineMetricsHandler('prometheus', async ({ event }) => {
async function getPrometheusResponse() { async function getPrometheusResponse() {
const wgInterface = await Database.interfaces.get(); const wgInterface = await Database.interfaces.get();
const clients = await WireGuard.getClients(); const clients = await WireGuard.getAllClients();
let wireguardPeerCount = 0; let wireguardPeerCount = 0;
let wireguardEnabledPeersCount = 0; let wireguardEnabledPeersCount = 0;
let wireguardConnectedPeersCount = 0; let wireguardConnectedPeersCount = 0;

10
src/shared/utils/permissions.ts
View File

@ -43,6 +43,10 @@ export type Permissions = {
dataType: ClientType; dataType: ClientType;
action: 'view' | 'create' | 'update' | 'delete' | 'custom'; action: 'view' | 'create' | 'update' | 'delete' | 'custom';
}; };
admin: {
dataType: never;
action: 'any';
};
}; };
export const ROLES = { export const ROLES = {
@ -54,6 +58,9 @@ export const ROLES = {
delete: true, delete: true,
custom: true, custom: true,
}, },
admin: {
any: true,
},
}, },
CLIENT: { CLIENT: {
clients: { clients: {
@ -63,6 +70,9 @@ export const ROLES = {
delete: (user, client) => user.id === client.userId, delete: (user, client) => user.id === client.userId,
custom: true, custom: true,
}, },
admin: {
any: false,
},
}, },
} as const satisfies RolesWithPermissions; } as const satisfies RolesWithPermissions;

Write Preview
Loading…
Cancel
Save