Skip to content

Commit

Permalink
add auth checks to all endpoints
Browse files Browse the repository at this point in the history
  • Loading branch information
@jsbroks
jsbroks committed Sep 7, 2024
1 parent 2c9cdde commit e822b2f
Show file tree
Hide file tree
Showing 14 changed files with 3,133 additions and 156 deletions.
53 changes: 49 additions & 4 deletions packages/api/src/router/deployment-variable.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,21 +22,36 @@ import {
variableDeploymentValueTarget,
variableDeploymentValueTargetFilter,
} from "@ctrlplane/db/schema";
import { Permission } from "@ctrlplane/validators/auth";

import { createTRPCRouter, protectedProcedure } from "../trpc";

const valueRouter = createTRPCRouter({
byId: protectedProcedure.query(async () => {
// return ctx.db.value.findMany();
}),

create: protectedProcedure
.meta({
authorizationCheck: async ({ canUser, ctx, input }) => {
const variable = await ctx.db
.select()
.from(deploymentVariable)
.where(eq(deploymentVariable.id, input.variableId))
.then(takeFirst);
return canUser
.perform(Permission.DeploymentUpdate)
.on({ type: "deployment", id: variable.deploymentId });
},
})
.input(createDeploymentVariableValue)
.mutation(async ({ ctx, input }) =>
ctx.db.insert(deploymentVariableValue).values(input).returning(),
),

setTarget: protectedProcedure
.meta({
authorizationCheck: ({ canUser, input }) =>
canUser
.perform(Permission.DeploymentUpdate)
.on({ type: "target", id: input.targetId }),
})
.input(
z.object({
targetId: z.string().uuid(),
Expand Down Expand Up @@ -173,6 +188,12 @@ export const deploymentVariableRouter = createTRPCRouter({
value: valueRouter,

byTargetId: protectedProcedure
.meta({
authorizationCheck: ({ canUser, input }) =>
canUser
.perform(Permission.DeploymentGet)
.on({ type: "target", id: input }),
})
.input(z.string().uuid())
.query(({ ctx, input }) => {
return ctx.db
Expand Down Expand Up @@ -208,6 +229,12 @@ export const deploymentVariableRouter = createTRPCRouter({
}),

byDeploymentId: protectedProcedure
.meta({
authorizationCheck: ({ canUser, input }) =>
canUser
.perform(Permission.DeploymentGet)
.on({ type: "deployment", id: input }),
})
.input(z.string().uuid())
.query(async ({ ctx, input }) =>
ctx.db
Expand Down Expand Up @@ -243,12 +270,30 @@ export const deploymentVariableRouter = createTRPCRouter({
),

create: protectedProcedure
.meta({
authorizationCheck: ({ canUser, input }) =>
canUser
.perform(Permission.DeploymentUpdate)
.on({ type: "deployment", id: input.deploymentId }),
})
.input(createDeploymentVariable)
.mutation(async ({ ctx, input }) =>
ctx.db.insert(deploymentVariable).values(input).returning(),
),

update: protectedProcedure
.meta({
authorizationCheck: async ({ canUser, ctx, input }) => {
const variable = await ctx.db
.select()
.from(deploymentVariable)
.where(eq(deploymentVariable.id, input.id))
.then(takeFirst);
return canUser
.perform(Permission.DeploymentUpdate)
.on({ type: "deployment", id: variable.deploymentId });
},
})
.input(z.object({ id: z.string().uuid(), data: updateDeploymentVariable }))
.mutation(async ({ ctx, input }) =>
ctx.db
Expand Down
134 changes: 107 additions & 27 deletions packages/api/src/router/environment.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,12 @@ import { createTRPCRouter, protectedProcedure } from "../trpc";
const policyRouter = createTRPCRouter({
deployment: createTRPCRouter({
bySystemId: protectedProcedure
.meta({
authorizationCheck: ({ canUser, input }) =>
canUser
.perform(Permission.SystemGet)
.on({ type: "system", id: input }),
})
.input(z.string().uuid())
.query(({ ctx, input }) =>
ctx.db
Expand All @@ -59,6 +65,12 @@ const policyRouter = createTRPCRouter({
),

create: protectedProcedure
.meta({
authorizationCheck: ({ canUser, input }) =>
canUser
.perform(Permission.SystemUpdate)
.on({ type: "environment", id: input.environmentId }),
})
.input(createEnvironmentPolicyDeployment)
.mutation(({ ctx, input }) =>
ctx.db
Expand All @@ -69,6 +81,12 @@ const policyRouter = createTRPCRouter({
),

delete: protectedProcedure
.meta({
authorizationCheck: ({ canUser, input }) =>
canUser
.perform(Permission.SystemUpdate)
.on({ type: "environment", id: input.environmentId }),
})
.input(
z.object({
policyId: z.string().uuid(),
Expand All @@ -94,6 +112,12 @@ const policyRouter = createTRPCRouter({

approval: createTRPCRouter({
byReleaseId: protectedProcedure
.meta({
authorizationCheck: ({ canUser, input }) =>
canUser
.perform(Permission.DeploymentGet)
.on({ type: "release", id: input.releaseId }),
})
.input(
z.object({
releaseId: z.string(),
Expand Down Expand Up @@ -123,6 +147,12 @@ const policyRouter = createTRPCRouter({
),

approve: protectedProcedure
.meta({
authorizationCheck: ({ canUser, input }) =>
canUser
.perform(Permission.DeploymentUpdate)
.on({ type: "release", id: input.releaseId }),
})
.input(
z.object({ policyId: z.string().uuid(), releaseId: z.string().uuid() }),
)
Expand Down Expand Up @@ -166,6 +196,12 @@ const policyRouter = createTRPCRouter({
}),

reject: protectedProcedure
.meta({
authorizationCheck: ({ canUser, input }) =>
canUser
.perform(Permission.DeploymentUpdate)
.on({ type: "release", id: input.releaseId }),
})
.input(
z.object({ releaseId: z.string().uuid(), policyId: z.string().uuid() }),
)
Expand All @@ -184,6 +220,12 @@ const policyRouter = createTRPCRouter({
}),

statusByReleasePolicyId: protectedProcedure
.meta({
authorizationCheck: ({ canUser, input }) =>
canUser
.perform(Permission.DeploymentGet)
.on({ type: "release", id: input.releaseId }),
})
.input(
z.object({ releaseId: z.string().uuid(), policyId: z.string().uuid() }),
)
Expand All @@ -201,36 +243,56 @@ const policyRouter = createTRPCRouter({
),
}),

bySystemId: protectedProcedure.input(z.string()).query(({ ctx, input }) =>
ctx.db
.select()
.from(environmentPolicy)
.leftJoin(
environmentPolicyReleaseWindow,
eq(environmentPolicyReleaseWindow.policyId, environmentPolicy.id),
)
.where(eq(environmentPolicy.systemId, input))
.then((policies) =>
_.chain(policies)
.groupBy("environment_policy.id")
.map((p) => ({
...p[0]!.environment_policy,
releaseWindows: p
.map((t) => t.environment_policy_release_window)
.filter(isPresent),
}))
.value(),
),
),
bySystemId: protectedProcedure
.meta({
authorizationCheck: ({ canUser, input }) =>
canUser.perform(Permission.SystemGet).on({ type: "system", id: input }),
})
.input(z.string().uuid())
.query(({ ctx, input }) =>
ctx.db
.select()
.from(environmentPolicy)
.leftJoin(
environmentPolicyReleaseWindow,
eq(environmentPolicyReleaseWindow.policyId, environmentPolicy.id),
)
.where(eq(environmentPolicy.systemId, input))
.then((policies) =>
_.chain(policies)
.groupBy("environment_policy.id")
.map((p) => ({
...p[0]!.environment_policy,
releaseWindows: p
.map((t) => t.environment_policy_release_window)
.filter(isPresent),
}))
.value(),
),
),

byId: protectedProcedure.input(z.string()).query(({ ctx, input }) =>
ctx.db.query.environmentPolicy.findMany({
where: eq(system.id, input),
with: {},
}),
),
byId: protectedProcedure
.meta({
authorizationCheck: ({ canUser, input }) =>
canUser
.perform(Permission.SystemGet)
.on({ type: "environmentPolicy", id: input }),
})
.input(z.string())
.query(({ ctx, input }) =>
ctx.db.query.environmentPolicy.findMany({
where: eq(system.id, input),
with: {},
}),
),

create: protectedProcedure
.meta({
authorizationCheck: ({ canUser, input }) =>
canUser
.perform(Permission.SystemUpdate)
.on({ type: "system", id: input.systemId }),
})
.input(createEnvironmentPolicy)
.mutation(async ({ ctx, input }) =>
ctx.db.transaction(async (db) =>
Expand All @@ -239,6 +301,12 @@ const policyRouter = createTRPCRouter({
),

update: protectedProcedure
.meta({
authorizationCheck: ({ canUser, input }) =>
canUser
.perform(Permission.SystemUpdate)
.on({ type: "environmentPolicy", id: input.id }),
})
.input(z.object({ id: z.string().uuid(), data: updateEnvironmentPolicy }))
.mutation(({ ctx, input }) =>
ctx.db
Expand All @@ -250,6 +318,12 @@ const policyRouter = createTRPCRouter({
),

delete: protectedProcedure
.meta({
authorizationCheck: ({ canUser, input }) =>
canUser
.perform(Permission.SystemUpdate)
.on({ type: "environmentPolicy", id: input }),
})
.input(z.string().uuid())
.mutation(({ ctx, input }) =>
ctx.db
Expand All @@ -260,6 +334,12 @@ const policyRouter = createTRPCRouter({
),

setWindows: protectedProcedure
.meta({
authorizationCheck: ({ canUser, input }) =>
canUser
.perform(Permission.SystemUpdate)
.on({ type: "environmentPolicy", id: input.policyId }),
})
.input(
z.object({
policyId: z.string().uuid(),
Expand Down
Loading

0 comments on commit e822b2f

Please sign in to comment.