Remove redundant requireAdmin
We already hand out scopes based on the user's access control
This commit is contained in:
Girish Ramakrishnan
172
src/server.js
172
src/server.js
@@ -116,18 +116,18 @@ function initializeExpressSync() {
|
||||
|
||||
// cloudron routes
|
||||
router.get ('/api/v1/cloudron/config', cloudronScope, routes.cloudron.getConfig);
|
||||
router.post('/api/v1/cloudron/update', cloudronScope, routes.users.requireAdmin, routes.cloudron.update);
|
||||
router.post('/api/v1/cloudron/check_for_updates', cloudronScope, routes.users.requireAdmin, routes.cloudron.checkForUpdates);
|
||||
router.post('/api/v1/cloudron/reboot', cloudronScope, routes.users.requireAdmin, routes.cloudron.reboot);
|
||||
router.get ('/api/v1/cloudron/graphs', cloudronScope, routes.users.requireAdmin, routes.graphs.getGraphs);
|
||||
router.get ('/api/v1/cloudron/disks', cloudronScope, routes.users.requireAdmin, routes.cloudron.getDisks);
|
||||
router.get ('/api/v1/cloudron/logs', cloudronScope, routes.users.requireAdmin, routes.cloudron.getLogs);
|
||||
router.get ('/api/v1/cloudron/logstream', cloudronScope, routes.users.requireAdmin, routes.cloudron.getLogStream);
|
||||
router.get ('/api/v1/cloudron/ssh/authorized_keys', cloudronScope, routes.users.requireAdmin, routes.ssh.getAuthorizedKeys);
|
||||
router.put ('/api/v1/cloudron/ssh/authorized_keys', cloudronScope, routes.users.requireAdmin, routes.ssh.addAuthorizedKey);
|
||||
router.get ('/api/v1/cloudron/ssh/authorized_keys/:identifier', cloudronScope, routes.users.requireAdmin, routes.ssh.getAuthorizedKey);
|
||||
router.del ('/api/v1/cloudron/ssh/authorized_keys/:identifier', cloudronScope, routes.users.requireAdmin, routes.ssh.delAuthorizedKey);
|
||||
router.get ('/api/v1/cloudron/eventlog', cloudronScope, routes.users.requireAdmin, routes.eventlog.get);
|
||||
router.post('/api/v1/cloudron/update', cloudronScope, routes.cloudron.update);
|
||||
router.post('/api/v1/cloudron/check_for_updates', cloudronScope, routes.cloudron.checkForUpdates);
|
||||
router.post('/api/v1/cloudron/reboot', cloudronScope, routes.cloudron.reboot);
|
||||
router.get ('/api/v1/cloudron/graphs', cloudronScope, routes.graphs.getGraphs);
|
||||
router.get ('/api/v1/cloudron/disks', cloudronScope, routes.cloudron.getDisks);
|
||||
router.get ('/api/v1/cloudron/logs', cloudronScope, routes.cloudron.getLogs);
|
||||
router.get ('/api/v1/cloudron/logstream', cloudronScope, routes.cloudron.getLogStream);
|
||||
router.get ('/api/v1/cloudron/ssh/authorized_keys', cloudronScope, routes.ssh.getAuthorizedKeys);
|
||||
router.put ('/api/v1/cloudron/ssh/authorized_keys', cloudronScope, routes.ssh.addAuthorizedKey);
|
||||
router.get ('/api/v1/cloudron/ssh/authorized_keys/:identifier', cloudronScope, routes.ssh.getAuthorizedKey);
|
||||
router.del ('/api/v1/cloudron/ssh/authorized_keys/:identifier', cloudronScope, routes.ssh.delAuthorizedKey);
|
||||
router.get ('/api/v1/cloudron/eventlog', cloudronScope, routes.eventlog.get);
|
||||
|
||||
// working off the user behind the provided token
|
||||
router.get ('/api/v1/user/apps', profileScope, routes.apps.getAllByUser);
|
||||
@@ -139,20 +139,20 @@ function initializeExpressSync() {
|
||||
router.post('/api/v1/user/profile/twofactorauthentication/disable', profileScope, routes.users.verifyPassword, routes.profile.disableTwoFactorAuthentication);
|
||||
|
||||
// user routes
|
||||
router.get ('/api/v1/users', usersScope, routes.users.requireAdmin, routes.users.list);
|
||||
router.post('/api/v1/users', usersScope, routes.users.requireAdmin, routes.users.create);
|
||||
router.get ('/api/v1/users/:userId', usersScope, routes.users.requireAdmin, routes.users.get);
|
||||
router.del ('/api/v1/users/:userId', usersScope, routes.users.requireAdmin, routes.users.verifyPassword, routes.users.remove);
|
||||
router.post('/api/v1/users/:userId', usersScope, routes.users.requireAdmin, routes.users.update);
|
||||
router.put ('/api/v1/users/:userId/groups', usersScope, routes.users.requireAdmin, routes.users.setGroups);
|
||||
router.post('/api/v1/users/:userId/invite', usersScope, routes.users.requireAdmin, routes.users.sendInvite);
|
||||
router.get ('/api/v1/users', usersScope, routes.users.list);
|
||||
router.post('/api/v1/users', usersScope, routes.users.create);
|
||||
router.get ('/api/v1/users/:userId', usersScope, routes.users.get);
|
||||
router.del ('/api/v1/users/:userId', usersScope, routes.users.verifyPassword, routes.users.remove);
|
||||
router.post('/api/v1/users/:userId', usersScope, routes.users.update);
|
||||
router.put ('/api/v1/users/:userId/groups', usersScope, routes.users.setGroups);
|
||||
router.post('/api/v1/users/:userId/invite', usersScope, routes.users.sendInvite);
|
||||
|
||||
// Group management
|
||||
router.get ('/api/v1/groups', usersScope, routes.users.requireAdmin, routes.groups.list);
|
||||
router.post('/api/v1/groups', usersScope, routes.users.requireAdmin, routes.groups.create);
|
||||
router.get ('/api/v1/groups/:groupId', usersScope, routes.users.requireAdmin, routes.groups.get);
|
||||
router.put ('/api/v1/groups/:groupId/members', usersScope, routes.users.requireAdmin, routes.groups.updateMembers);
|
||||
router.del ('/api/v1/groups/:groupId', usersScope, routes.users.requireAdmin, routes.users.verifyPassword, routes.groups.remove);
|
||||
router.get ('/api/v1/groups', usersScope, routes.groups.list);
|
||||
router.post('/api/v1/groups', usersScope, routes.groups.create);
|
||||
router.get ('/api/v1/groups/:groupId', usersScope, routes.groups.get);
|
||||
router.put ('/api/v1/groups/:groupId/members', usersScope, routes.groups.updateMembers);
|
||||
router.del ('/api/v1/groups/:groupId', usersScope, routes.users.verifyPassword, routes.groups.remove);
|
||||
|
||||
// form based login routes used by oauth2 frame
|
||||
router.get ('/api/v1/session/login', csrf, routes.oauth2.loginForm);
|
||||
@@ -186,83 +186,83 @@ function initializeExpressSync() {
|
||||
router.get ('/api/v1/apps/:id', appsScope, routes.apps.getApp);
|
||||
router.get ('/api/v1/apps/:id/icon', routes.apps.getAppIcon);
|
||||
|
||||
router.post('/api/v1/apps/install', appsScope, routes.users.requireAdmin, routes.apps.installApp);
|
||||
router.post('/api/v1/apps/:id/uninstall', appsScope, routes.users.requireAdmin, routes.users.verifyPassword, routes.apps.uninstallApp);
|
||||
router.post('/api/v1/apps/:id/configure', appsScope, routes.users.requireAdmin, routes.apps.configureApp);
|
||||
router.post('/api/v1/apps/:id/update', appsScope, routes.users.requireAdmin, routes.apps.updateApp);
|
||||
router.post('/api/v1/apps/:id/restore', appsScope, routes.users.requireAdmin, routes.users.verifyPassword, routes.apps.restoreApp);
|
||||
router.post('/api/v1/apps/:id/backup', appsScope, routes.users.requireAdmin, routes.apps.backupApp);
|
||||
router.get ('/api/v1/apps/:id/backups', appsScope, routes.users.requireAdmin, routes.apps.listBackups);
|
||||
router.post('/api/v1/apps/:id/stop', appsScope, routes.users.requireAdmin, routes.apps.stopApp);
|
||||
router.post('/api/v1/apps/:id/start', appsScope, routes.users.requireAdmin, routes.apps.startApp);
|
||||
router.get ('/api/v1/apps/:id/logstream', appsScope, routes.users.requireAdmin, routes.apps.getLogStream);
|
||||
router.get ('/api/v1/apps/:id/logs', appsScope, routes.users.requireAdmin, routes.apps.getLogs);
|
||||
router.get ('/api/v1/apps/:id/exec', appsScope, routes.users.requireAdmin, routes.apps.exec);
|
||||
router.post('/api/v1/apps/install', appsScope, routes.apps.installApp);
|
||||
router.post('/api/v1/apps/:id/uninstall', appsScope, routes.users.verifyPassword, routes.apps.uninstallApp);
|
||||
router.post('/api/v1/apps/:id/configure', appsScope, routes.apps.configureApp);
|
||||
router.post('/api/v1/apps/:id/update', appsScope, routes.apps.updateApp);
|
||||
router.post('/api/v1/apps/:id/restore', appsScope, routes.users.verifyPassword, routes.apps.restoreApp);
|
||||
router.post('/api/v1/apps/:id/backup', appsScope, routes.apps.backupApp);
|
||||
router.get ('/api/v1/apps/:id/backups', appsScope, routes.apps.listBackups);
|
||||
router.post('/api/v1/apps/:id/stop', appsScope, routes.apps.stopApp);
|
||||
router.post('/api/v1/apps/:id/start', appsScope, routes.apps.startApp);
|
||||
router.get ('/api/v1/apps/:id/logstream', appsScope, routes.apps.getLogStream);
|
||||
router.get ('/api/v1/apps/:id/logs', appsScope, routes.apps.getLogs);
|
||||
router.get ('/api/v1/apps/:id/exec', appsScope, routes.apps.exec);
|
||||
// websocket cannot do bearer authentication
|
||||
router.get ('/api/v1/apps/:id/execws', routes.accesscontrol.websocketAuth.bind(null, [ accesscontrol.SCOPE_APPS ]), routes.users.requireAdmin, routes.apps.execWebSocket);
|
||||
router.post('/api/v1/apps/:id/clone', appsScope, routes.users.requireAdmin, routes.apps.cloneApp);
|
||||
router.get ('/api/v1/apps/:id/download', appsScope, routes.users.requireAdmin, routes.apps.downloadFile);
|
||||
router.post('/api/v1/apps/:id/upload', appsScope, routes.users.requireAdmin, multipart, routes.apps.uploadFile);
|
||||
router.get ('/api/v1/apps/:id/execws', routes.accesscontrol.websocketAuth.bind(null, [ accesscontrol.SCOPE_APPS ]), routes.apps.execWebSocket);
|
||||
router.post('/api/v1/apps/:id/clone', appsScope, routes.apps.cloneApp);
|
||||
router.get ('/api/v1/apps/:id/download', appsScope, routes.apps.downloadFile);
|
||||
router.post('/api/v1/apps/:id/upload', appsScope, multipart, routes.apps.uploadFile);
|
||||
|
||||
// settings routes (these are for the settings tab - avatar & name have public routes for normal users. see above)
|
||||
router.get ('/api/v1/settings/app_autoupdate_pattern', settingsScope, routes.users.requireAdmin, routes.settings.getAppAutoupdatePattern);
|
||||
router.post('/api/v1/settings/app_autoupdate_pattern', settingsScope, routes.users.requireAdmin, routes.settings.setAppAutoupdatePattern);
|
||||
router.get ('/api/v1/settings/box_autoupdate_pattern', settingsScope, routes.users.requireAdmin, routes.settings.getBoxAutoupdatePattern);
|
||||
router.post('/api/v1/settings/box_autoupdate_pattern', settingsScope, routes.users.requireAdmin, routes.settings.setBoxAutoupdatePattern);
|
||||
router.get ('/api/v1/settings/cloudron_name', settingsScope, routes.users.requireAdmin, routes.settings.getCloudronName);
|
||||
router.post('/api/v1/settings/cloudron_name', settingsScope, routes.users.requireAdmin, routes.settings.setCloudronName);
|
||||
router.get ('/api/v1/settings/cloudron_avatar', settingsScope, routes.users.requireAdmin, routes.settings.getCloudronAvatar);
|
||||
router.post('/api/v1/settings/cloudron_avatar', settingsScope, routes.users.requireAdmin, multipart, routes.settings.setCloudronAvatar);
|
||||
router.get ('/api/v1/settings/backup_config', settingsScope, routes.users.requireAdmin, routes.settings.getBackupConfig);
|
||||
router.post('/api/v1/settings/backup_config', settingsScope, routes.users.requireAdmin, routes.settings.setBackupConfig);
|
||||
router.get ('/api/v1/settings/app_autoupdate_pattern', settingsScope, routes.settings.getAppAutoupdatePattern);
|
||||
router.post('/api/v1/settings/app_autoupdate_pattern', settingsScope, routes.settings.setAppAutoupdatePattern);
|
||||
router.get ('/api/v1/settings/box_autoupdate_pattern', settingsScope, routes.settings.getBoxAutoupdatePattern);
|
||||
router.post('/api/v1/settings/box_autoupdate_pattern', settingsScope, routes.settings.setBoxAutoupdatePattern);
|
||||
router.get ('/api/v1/settings/cloudron_name', settingsScope, routes.settings.getCloudronName);
|
||||
router.post('/api/v1/settings/cloudron_name', settingsScope, routes.settings.setCloudronName);
|
||||
router.get ('/api/v1/settings/cloudron_avatar', settingsScope, routes.settings.getCloudronAvatar);
|
||||
router.post('/api/v1/settings/cloudron_avatar', settingsScope, multipart, routes.settings.setCloudronAvatar);
|
||||
router.get ('/api/v1/settings/backup_config', settingsScope, routes.settings.getBackupConfig);
|
||||
router.post('/api/v1/settings/backup_config', settingsScope, routes.settings.setBackupConfig);
|
||||
|
||||
router.get ('/api/v1/settings/time_zone', settingsScope, routes.users.requireAdmin, routes.settings.getTimeZone);
|
||||
router.post('/api/v1/settings/time_zone', settingsScope, routes.users.requireAdmin, routes.settings.setTimeZone);
|
||||
router.get ('/api/v1/settings/appstore_config', settingsScope, routes.users.requireAdmin, routes.settings.getAppstoreConfig);
|
||||
router.post('/api/v1/settings/appstore_config', settingsScope, routes.users.requireAdmin, routes.settings.setAppstoreConfig);
|
||||
router.get ('/api/v1/settings/time_zone', settingsScope, routes.settings.getTimeZone);
|
||||
router.post('/api/v1/settings/time_zone', settingsScope, routes.settings.setTimeZone);
|
||||
router.get ('/api/v1/settings/appstore_config', settingsScope, routes.settings.getAppstoreConfig);
|
||||
router.post('/api/v1/settings/appstore_config', settingsScope, routes.settings.setAppstoreConfig);
|
||||
|
||||
// email routes
|
||||
router.get ('/api/v1/mail/:domain', mailScope, routes.users.requireAdmin, routes.mail.getDomain);
|
||||
router.post('/api/v1/mail/:domain', mailScope, routes.users.requireAdmin, routes.mail.updateDomain);
|
||||
router.post('/api/v1/mail', mailScope, routes.users.requireAdmin, routes.mail.addDomain);
|
||||
router.get ('/api/v1/mail/:domain/stats', mailScope, routes.users.requireAdmin, routes.users.verifyPassword, routes.mail.getDomainStats);
|
||||
router.del ('/api/v1/mail/:domain', mailScope, routes.users.requireAdmin, routes.users.verifyPassword, routes.mail.removeDomain);
|
||||
router.get ('/api/v1/mail/:domain/status', mailScope, routes.users.requireAdmin, routes.mail.getStatus);
|
||||
router.post('/api/v1/mail/:domain/mail_from_validation', mailScope, routes.users.requireAdmin, routes.mail.setMailFromValidation);
|
||||
router.post('/api/v1/mail/:domain/catch_all', mailScope, routes.users.requireAdmin, routes.mail.setCatchAllAddress);
|
||||
router.post('/api/v1/mail/:domain/relay', mailScope, routes.users.requireAdmin, routes.mail.setMailRelay);
|
||||
router.post('/api/v1/mail/:domain/enable', mailScope, routes.users.requireAdmin, routes.mail.setMailEnabled);
|
||||
router.post('/api/v1/mail/:domain/send_test_mail', mailScope, routes.users.requireAdmin, routes.mail.sendTestMail);
|
||||
router.get ('/api/v1/mail/:domain/mailboxes', mailScope, routes.users.requireAdmin, routes.mail.getMailboxes);
|
||||
router.get ('/api/v1/mail/:domain/mailboxes/:name', mailScope, routes.users.requireAdmin, routes.mail.getMailbox);
|
||||
router.post('/api/v1/mail/:domain/mailboxes', mailScope, routes.users.requireAdmin, routes.mail.addMailbox);
|
||||
router.post('/api/v1/mail/:domain/mailboxes/:name', mailScope, routes.users.requireAdmin, routes.mail.updateMailbox);
|
||||
router.del ('/api/v1/mail/:domain/mailboxes/:name', mailScope, routes.users.requireAdmin, routes.mail.removeMailbox);
|
||||
router.get ('/api/v1/mail/:domain/aliases', mailScope, routes.users.requireAdmin, routes.mail.listAliases);
|
||||
router.get ('/api/v1/mail/:domain/aliases/:name', mailScope, routes.users.requireAdmin, routes.mail.getAliases);
|
||||
router.put ('/api/v1/mail/:domain/aliases/:name', mailScope, routes.users.requireAdmin, routes.mail.setAliases);
|
||||
router.get ('/api/v1/mail/:domain/lists', mailScope, routes.users.requireAdmin, routes.mail.getLists);
|
||||
router.post('/api/v1/mail/:domain/lists', mailScope, routes.users.requireAdmin, routes.mail.addList);
|
||||
router.get ('/api/v1/mail/:domain/lists/:name', mailScope, routes.users.requireAdmin, routes.mail.getList);
|
||||
router.post('/api/v1/mail/:domain/lists/:name', mailScope, routes.users.requireAdmin, routes.mail.updateList);
|
||||
router.del ('/api/v1/mail/:domain/lists/:name', mailScope, routes.users.requireAdmin, routes.mail.removeList);
|
||||
router.get ('/api/v1/mail/:domain', mailScope, routes.mail.getDomain);
|
||||
router.post('/api/v1/mail/:domain', mailScope, routes.mail.updateDomain);
|
||||
router.post('/api/v1/mail', mailScope, routes.mail.addDomain);
|
||||
router.get ('/api/v1/mail/:domain/stats', mailScope, routes.users.verifyPassword, routes.mail.getDomainStats);
|
||||
router.del ('/api/v1/mail/:domain', mailScope, routes.users.verifyPassword, routes.mail.removeDomain);
|
||||
router.get ('/api/v1/mail/:domain/status', mailScope, routes.mail.getStatus);
|
||||
router.post('/api/v1/mail/:domain/mail_from_validation', mailScope, routes.mail.setMailFromValidation);
|
||||
router.post('/api/v1/mail/:domain/catch_all', mailScope, routes.mail.setCatchAllAddress);
|
||||
router.post('/api/v1/mail/:domain/relay', mailScope, routes.mail.setMailRelay);
|
||||
router.post('/api/v1/mail/:domain/enable', mailScope, routes.mail.setMailEnabled);
|
||||
router.post('/api/v1/mail/:domain/send_test_mail', mailScope, routes.mail.sendTestMail);
|
||||
router.get ('/api/v1/mail/:domain/mailboxes', mailScope, routes.mail.getMailboxes);
|
||||
router.get ('/api/v1/mail/:domain/mailboxes/:name', mailScope, routes.mail.getMailbox);
|
||||
router.post('/api/v1/mail/:domain/mailboxes', mailScope, routes.mail.addMailbox);
|
||||
router.post('/api/v1/mail/:domain/mailboxes/:name', mailScope, routes.mail.updateMailbox);
|
||||
router.del ('/api/v1/mail/:domain/mailboxes/:name', mailScope, routes.mail.removeMailbox);
|
||||
router.get ('/api/v1/mail/:domain/aliases', mailScope, routes.mail.listAliases);
|
||||
router.get ('/api/v1/mail/:domain/aliases/:name', mailScope, routes.mail.getAliases);
|
||||
router.put ('/api/v1/mail/:domain/aliases/:name', mailScope, routes.mail.setAliases);
|
||||
router.get ('/api/v1/mail/:domain/lists', mailScope, routes.mail.getLists);
|
||||
router.post('/api/v1/mail/:domain/lists', mailScope, routes.mail.addList);
|
||||
router.get ('/api/v1/mail/:domain/lists/:name', mailScope, routes.mail.getList);
|
||||
router.post('/api/v1/mail/:domain/lists/:name', mailScope, routes.mail.updateList);
|
||||
router.del ('/api/v1/mail/:domain/lists/:name', mailScope, routes.mail.removeList);
|
||||
|
||||
// feedback
|
||||
router.post('/api/v1/feedback', usersScope, routes.cloudron.feedback);
|
||||
|
||||
// backup routes
|
||||
router.get ('/api/v1/backups', settingsScope, routes.users.requireAdmin, routes.backups.get);
|
||||
router.post('/api/v1/backups', settingsScope, routes.users.requireAdmin, routes.backups.create);
|
||||
router.get ('/api/v1/backups', settingsScope, routes.backups.get);
|
||||
router.post('/api/v1/backups', settingsScope, routes.backups.create);
|
||||
|
||||
// domain routes
|
||||
router.post('/api/v1/domains', domainsScope, routes.users.requireAdmin, routes.domains.add);
|
||||
router.get ('/api/v1/domains', domainsScope, routes.users.requireAdmin, routes.domains.getAll);
|
||||
router.get ('/api/v1/domains/:domain', domainsScope, routes.users.requireAdmin, routes.domains.get);
|
||||
router.put ('/api/v1/domains/:domain', domainsScope, routes.users.requireAdmin, routes.domains.update);
|
||||
router.del ('/api/v1/domains/:domain', domainsScope, routes.users.requireAdmin, routes.users.verifyPassword, routes.domains.del);
|
||||
router.post('/api/v1/domains', domainsScope, routes.domains.add);
|
||||
router.get ('/api/v1/domains', domainsScope, routes.domains.getAll);
|
||||
router.get ('/api/v1/domains/:domain', domainsScope, routes.domains.get);
|
||||
router.put ('/api/v1/domains/:domain', domainsScope, routes.domains.update);
|
||||
router.del ('/api/v1/domains/:domain', domainsScope, routes.users.verifyPassword, routes.domains.del);
|
||||
|
||||
// caas routes
|
||||
router.post('/api/v1/caas/change_plan', cloudronScope, routes.users.requireAdmin, routes.users.verifyPassword, routes.caas.changePlan);
|
||||
router.post('/api/v1/caas/change_plan', cloudronScope, routes.users.verifyPassword, routes.caas.changePlan);
|
||||
|
||||
// disable server socket "idle" timeout. we use the timeout middleware to handle timeouts on a route level
|
||||
// we rely on nginx for timeouts on the TCP level (see client_header_timeout)
|
||||
|
||||
Reference in New Issue
Block a user