jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Filter internal oidc clients for rest api

Browse Source
This commit is contained in:
Johannes Zellner
2023-04-24 17:16:57 +02:00
parent f4e4bb97b1
commit 90b5d240a8
2 changed files with 19 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/routes/oidc.js
+18 -4
View File
@@ -29,6 +29,9 @@ async function add(req, res, next) {
if (req.body.tokenSignatureAlgorithm !== 'EdDSA' && req.body.tokenSignatureAlgorithm !== 'RS256') return next(new HttpError(400, 'tokenSignatureAlgorithm must be either EdDSA or RS256'));
if ('logoutRedirectUri' in req.body && (typeof req.body.logoutRedirectUri !== 'string' || !req.body.logoutRedirectUri)) return next(new HttpError(400, 'logoutRedirectUri must be non-empty string if provided'));
// clients with appId are internal only
if (req.body.appId) return next(new HttpError(400, 'appId cannot be specified'));
const data = {
secret: req.body.secret,
name: req.body.name,
@@ -50,6 +53,7 @@ async function get(req, res, next) {
const [error, client] = await safe(oidc.clients.get(req.params.clientId));
if (error) return next(BoxError.toHttpError(error));
if (!client) return next(new HttpError(404, 'OpenID connect client not found'));
if (client.appId) return next(new HttpError(422, 'OpenID connect client from an internal app'));
next(new HttpSuccess(200, client));
}
@@ -64,6 +68,11 @@ async function update(req, res, next) {
if (req.body.tokenSignatureAlgorithm !== 'EdDSA' && req.body.tokenSignatureAlgorithm !== 'RS256') return next(new HttpError(400, 'tokenSignatureAlgorithm must be either EdDSA or RS256'));
if ('logoutRedirectUri' in req.body && (typeof req.body.logoutRedirectUri !== 'string' || !req.body.logoutRedirectUri)) return next(new HttpError(400, 'logoutRedirectUri must be non-empty string if provided'));
const [error, client] = await safe(oidc.clients.get(req.params.clientId));
if (error) return next(BoxError.toHttpError(error));
if (!client) return next(new HttpError(404, 'OpenID connect client not found'));
if (client.appId) return next(new HttpError(422, 'OpenID connect client from an internal app'));
const data = {
secret: req.body.secret,
name: req.body.name,
@@ -73,8 +82,8 @@ async function update(req, res, next) {
logoutRedirectUri: req.body.logoutRedirectUri || ''
};
const [error] = await safe(oidc.clients.update(req.params.clientId, data));
if (error) return next(BoxError.toHttpError(error));
const [updateError] = await safe(oidc.clients.update(req.params.clientId, data));
if (updateError) return next(BoxError.toHttpError(updateError));
next(new HttpSuccess(201, {}));
}
@@ -83,14 +92,19 @@ async function list(req, res, next) {
const [error, result] = await safe(oidc.clients.list());
if (error) return next(BoxError.toHttpError(error));
next(new HttpSuccess(200, { clients: result }));
next(new HttpSuccess(200, { clients: result.filter(client => !client.appId) }));
}
async function del(req, res, next) {
assert.strictEqual(typeof req.params.clientId, 'string');
const [error] = await safe(oidc.clients.del(req.params.clientId));
const [error, client] = await safe(oidc.clients.get(req.params.clientId));
if (error) return next(BoxError.toHttpError(error));
if (!client) return next(new HttpError(404, 'OpenID connect client not found'));
if (client.appId) return next(new HttpError(422, 'OpenID connect client from an internal app'));
const [delError] = await safe(oidc.clients.del(req.params.clientId));
if (delError) return next(BoxError.toHttpError(delError));
next(new HttpSuccess(204));
}