Merge remote-tracking branch 'origin' into activity-logs

2025-03-25 14:05:03 +00:00 · 2023-01-01 10:36:31 +07:00
parent 6fa84bf0cb 6f054d8f2c
commit 3c349b1e28
7 changed files with 80 additions and 17 deletions
--- a/backend/src/ee/routes/v1/secret.ts
+++ b/backend/src/ee/routes/v1/secret.ts
@ -2,7 +2,7 @@ import express from 'express';
 const router = express.Router();
 import {
    requireAuth,
-    requireWorkspaceAuth,
+	requireSecretAuth,
    validateRequest
 } from '../../../middleware';
 import { body, query, param } from 'express-validator';
@ -12,7 +12,7 @@ import { ADMIN, MEMBER, COMPLETED, GRANTED } from '../../../variables';
 router.get(
 	'/:secretId/secret-versions',
 	requireAuth,
-	requireWorkspaceAuth({
+	requireSecretAuth({
 		acceptedRoles: [ADMIN, MEMBER],
 		acceptedStatuses: [COMPLETED, GRANTED]
 	}),
--- a/backend/src/middleware/index.ts
+++ b/backend/src/middleware/index.ts
@ -6,6 +6,7 @@ import requireOrganizationAuth from './requireOrganizationAuth';
 import requireIntegrationAuth from './requireIntegrationAuth';
 import requireIntegrationAuthorizationAuth from './requireIntegrationAuthorizationAuth';
 import requireServiceTokenAuth from './requireServiceTokenAuth';
+import requireSecretAuth from './requireSecretAuth';
 import validateRequest from './validateRequest';

 export {
@ -17,5 +18,6 @@ export {
 	requireIntegrationAuth,
 	requireIntegrationAuthorizationAuth,
 	requireServiceTokenAuth,
+	requireSecretAuth,
 	validateRequest
 };
--- a/backend/src/middleware/requireBotAuth.ts
+++ b/backend/src/middleware/requireBotAuth.ts
@ -15,7 +15,7 @@ const requireBotAuth = ({
    location?: req;
 }) => {
    return async (req: Request, res: Response, next: NextFunction) => {
-        const bot = await Bot.findOne({ _id: req[location].botId });
+        const bot = await Bot.findById(req[location].botId);
        
        if (!bot) {
            return next(AccountNotFoundError({message: 'Failed to locate Bot account'}))
--- a/backend/src/middleware/requireSecretAuth.ts
+++ b/backend/src/middleware/requireSecretAuth.ts
@ -0,0 +1,50 @@
+import { Request, Response, NextFunction } from 'express';
+import { UnauthorizedRequestError, SecretNotFoundError } from '../utils/errors';
+import { Secret } from '../models';
+import {
+    validateMembership
+} from '../helpers/membership';
+
+/**
+ * Validate if user on request has proper membership to modify secret.
+ * @param {Object} obj
+ * @param {String[]} obj.acceptedRoles - accepted workspace roles
+ * @param {String[]} obj.acceptedStatuses - accepted workspace statuses
+ * @param {String[]} obj.location - location of [workspaceId] on request (e.g. params, body) for parsing
+ */
+const requireSecretAuth = ({
+    acceptedRoles,
+    acceptedStatuses
+}: {
+    acceptedRoles: string[];
+    acceptedStatuses: string[];
+}) => {
+    return async (req: Request, res: Response, next: NextFunction) => {
+        try {
+            const { secretId } = req.params;
+            
+            const secret = await Secret.findById(secretId);
+            
+            if (!secret) {
+                return next(SecretNotFoundError({
+                    message: 'Failed to find secret'
+                }));
+            }
+            
+            await validateMembership({
+                userId: req.user._id.toString(),
+                workspaceId: secret.workspace.toString(),
+                acceptedRoles,
+                acceptedStatuses
+            });
+            
+            req.secret = secret as any;
+
+            next();
+        } catch (err) {
+            return next(UnauthorizedRequestError({ message: 'Unable to authenticate secret' }));
+        }
+    }
+}
+
+export default requireSecretAuth;
--- a/backend/src/types/express/index.d.ts
+++ b/backend/src/types/express/index.d.ts
@ -1,6 +1,5 @@
 import * as express from 'express';

-
 // TODO: fix (any) types
 declare global {
 	namespace Express {
@ -8,11 +7,12 @@ declare global {
 			user: any;
 			workspace: any;
 			membership: any;
-			organizationt: any;
+			organization: any;
 			membershipOrg: any;
 			integration: any;
 			integrationAuth: any;
 			bot: any;
+			secret: any;
 			serviceToken: any;
 			accessToken: any;
 			query?: any;
--- a/backend/src/utils/errors.ts
+++ b/backend/src/utils/errors.ts
@ -8,7 +8,7 @@ export const RouteNotFoundError = (error?: Partial<RequestErrorContext>) => new
    message: error?.message ?? 'The requested source was not found',
    context: error?.context,
    stack: error?.stack
-})
+});

 export const MethodNotAllowedError = (error?: Partial<RequestErrorContext>) => new RequestError({
    logLevel: error?.logLevel ?? LogLevel.INFO,
@ -17,7 +17,7 @@ export const MethodNotAllowedError = (error?: Partial<RequestErrorContext>) => n
    message: error?.message ?? 'The requested method is not allowed for the resource',
    context: error?.context,
    stack: error?.stack
-})
+});

 export const UnauthorizedRequestError = (error?: Partial<RequestErrorContext>) => new RequestError({
    logLevel: error?.logLevel ?? LogLevel.INFO,
@ -26,7 +26,7 @@ export const UnauthorizedRequestError = (error?: Partial<RequestErrorContext>) =
    message: error?.message ?? 'You are not authorized to access this resource',
    context: error?.context,
    stack: error?.stack
-})
+});
  
 export const ForbiddenRequestError = (error?: Partial<RequestErrorContext>) => new RequestError({
    logLevel: error?.logLevel ?? LogLevel.INFO,
@ -35,7 +35,7 @@ export const ForbiddenRequestError = (error?: Partial<RequestErrorContext>) => n
    message: error?.message ?? 'You are not allowed to access this resource',
    context: error?.context,
    stack: error?.stack
-})
+});

 export const BadRequestError = (error?: Partial<RequestErrorContext>) => new RequestError({
    logLevel: error?.logLevel ?? LogLevel.INFO,
@ -44,7 +44,7 @@ export const BadRequestError = (error?: Partial<RequestErrorContext>) => new Req
    message: error?.message ?? 'The request is invalid or cannot be served',
    context: error?.context,
    stack: error?.stack
-})
+});

 export const InternalServerError = (error?: Partial<RequestErrorContext>) => new RequestError({
    logLevel: error?.logLevel ?? LogLevel.ERROR,
@ -53,7 +53,7 @@ export const InternalServerError = (error?: Partial<RequestErrorContext>) => new
    message: error?.message ?? 'The server encountered an error while processing the request',
    context: error?.context,
    stack: error?.stack
-})
+});

 export const ServiceUnavailableError = (error?: Partial<RequestErrorContext>) => new RequestError({
    logLevel: error?.logLevel ?? LogLevel.ERROR,
@ -62,7 +62,7 @@ export const ServiceUnavailableError = (error?: Partial<RequestErrorContext>) =>
    message: error?.message ?? 'The service is currently unavailable. Please try again later.',
    context: error?.context,
    stack: error?.stack
-})
+});

 export const ValidationError = (error?: Partial<RequestErrorContext>) => new RequestError({
    logLevel: error?.logLevel ?? LogLevel.ERROR,
@ -71,7 +71,7 @@ export const ValidationError = (error?: Partial<RequestErrorContext>) => new Req
    message: error?.message ?? 'The request failed validation',
    context: error?.context,
    stack: error?.stack
-})
+});

 //* ----->[INTEGRATION ERRORS]<-----
 export const IntegrationNotFoundError = (error?: Partial<RequestErrorContext>) => new RequestError({
@ -81,7 +81,7 @@ export const IntegrationNotFoundError = (error?: Partial<RequestErrorContext>) =
    message: error?.message ?? 'The requested integration was not found',
    context: error?.context,
    stack: error?.stack
-})
+});

 //* ----->[WORKSPACE ERRORS]<-----
 export const WorkspaceNotFoundError = (error?: Partial<RequestErrorContext>) => new RequestError({
@ -91,7 +91,7 @@ export const WorkspaceNotFoundError = (error?: Partial<RequestErrorContext>) =>
    message: error?.message ?? 'The requested workspace was not found',
    context: error?.context,
    stack: error?.stack
-})
+});

 //* ----->[ORGANIZATION ERRORS]<-----
 export const OrganizationNotFoundError = (error?: Partial<RequestErrorContext>) => new RequestError({
@ -101,7 +101,7 @@ export const OrganizationNotFoundError = (error?: Partial<RequestErrorContext>)
    message: error?.message ?? 'The requested organization was not found',
    context: error?.context,
    stack: error?.stack
-})
+});

 //* ----->[ACCOUNT ERRORS]<-----
 export const AccountNotFoundError = (error?: Partial<RequestErrorContext>) => new RequestError({
@ -111,6 +111,16 @@ export const AccountNotFoundError = (error?: Partial<RequestErrorContext>) => ne
    message: error?.message ?? 'The requested account was not found',
    context: error?.context,
    stack: error?.stack
-})
+});
+
+//* ----->[SECRET ERRORS]<-----
+export const SecretNotFoundError = (error?: Partial<RequestErrorContext>) => new RequestError({
+    logLevel: error?.logLevel ?? LogLevel.ERROR,
+    statusCode: error?.statusCode ?? 404,
+    type: error?.type ?? 'secret_not_found_error',
+    message: error?.message ?? 'The requested secret was not found',
+    context: error?.context,
+    stack: error?.stack
+});

 //* ----->[MISC ERRORS]<-----
--- a/frontend/components/utilities/attemptLogin.js
+++ b/frontend/components/utilities/attemptLogin.js
@ -52,6 +52,7 @@ const attemptLogin = async (
          // if everything works, go the main dashboard page.
          const { token, publicKey, encryptedPrivateKey, iv, tag } =
            await login2(email, clientProof);
+          
          SecurityClient.setToken(token);

          const privateKey = Aes256Gcm.decrypt({