mirror of
https://github.com/fosrl/pangolin.git
synced 2026-02-10 20:02:26 +00:00
Remove dangerous logging
This commit is contained in:
Owen Schwartz
@@ -10,6 +10,7 @@ export enum ActionsEnum {
|
||||
// deleteOrg = "deleteOrg",
|
||||
getOrg = "getOrg",
|
||||
updateOrg = "updateOrg",
|
||||
deleteOrg = "deleteOrg",
|
||||
createSite = "createSite",
|
||||
deleteSite = "deleteSite",
|
||||
getSite = "getSite",
|
||||
|
||||
@@ -29,7 +29,6 @@ export async function verifySiteAccess(
|
||||
}
|
||||
|
||||
if (isNaN(siteId)) {
|
||||
logger.debug(JSON.stringify(req.body));
|
||||
return next(createHttpError(HttpCode.BAD_REQUEST, "Invalid site ID"));
|
||||
}
|
||||
|
||||
|
||||
@@ -126,8 +126,6 @@ export async function login(
|
||||
await createSession(token, existingUser.userId);
|
||||
const cookie = serializeSessionCookie(token);
|
||||
|
||||
logger.debug(cookie);
|
||||
|
||||
res.appendHeader("Set-Cookie", cookie);
|
||||
|
||||
if (
|
||||
|
||||
@@ -75,8 +75,6 @@ export async function requestPasswordReset(
|
||||
// TODO: send email with link to reset password on dashboard
|
||||
// something like: https://example.com/auth/reset-password?email=${email}&?token=${token}
|
||||
// for now, just log the token
|
||||
logger.debug(`Password reset token: ${token}`);
|
||||
|
||||
return response<RequestPasswordResetResponse>(res, {
|
||||
data: {
|
||||
sentEmail: true,
|
||||
|
||||
@@ -1,7 +1,13 @@
|
||||
import { Request, Response, NextFunction } from "express";
|
||||
import { z } from "zod";
|
||||
import { db } from "@server/db";
|
||||
import { orgs, userActions } from "@server/db/schema";
|
||||
import {
|
||||
newts,
|
||||
newtSessions,
|
||||
orgs,
|
||||
sites,
|
||||
userActions
|
||||
} from "@server/db/schema";
|
||||
import { eq } from "drizzle-orm";
|
||||
import response from "@server/utils/response";
|
||||
import HttpCode from "@server/types/HttpCode";
|
||||
@@ -9,9 +15,11 @@ import createHttpError from "http-errors";
|
||||
import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions";
|
||||
import logger from "@server/logger";
|
||||
import { fromError } from "zod-validation-error";
|
||||
import { sendToClient } from "../ws";
|
||||
import { deletePeer } from "../gerbil/peers";
|
||||
|
||||
const deleteOrgSchema = z.object({
|
||||
orgId: z.string(),
|
||||
orgId: z.string()
|
||||
});
|
||||
|
||||
export async function deleteOrg(
|
||||
@@ -32,26 +40,27 @@ export async function deleteOrg(
|
||||
|
||||
const { orgId } = parsedParams.data;
|
||||
|
||||
// // Check if the user has permission to list sites
|
||||
// const hasPermission = await checkUserActionPermission(
|
||||
// ActionsEnum.deleteOrg,
|
||||
// req
|
||||
// );
|
||||
// if (!hasPermission) {
|
||||
// return next(
|
||||
// createHttpError(
|
||||
// HttpCode.FORBIDDEN,
|
||||
// "User does not have permission to perform this action"
|
||||
// )
|
||||
// );
|
||||
// }
|
||||
// Check if the user has permission to list sites
|
||||
const hasPermission = await checkUserActionPermission(
|
||||
ActionsEnum.deleteOrg,
|
||||
req
|
||||
);
|
||||
if (!hasPermission) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.FORBIDDEN,
|
||||
"User does not have permission to perform this action"
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
const deletedOrg = await db
|
||||
.delete(orgs)
|
||||
const [org] = await db
|
||||
.select()
|
||||
.from(orgs)
|
||||
.where(eq(orgs.orgId, orgId))
|
||||
.returning();
|
||||
.limit(1);
|
||||
|
||||
if (deletedOrg.length === 0) {
|
||||
if (!org) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.NOT_FOUND,
|
||||
@@ -60,12 +69,53 @@ export async function deleteOrg(
|
||||
);
|
||||
}
|
||||
|
||||
// we need to handle deleting each site
|
||||
const orgSites = await db
|
||||
.select()
|
||||
.from(sites)
|
||||
.where(eq(sites.orgId, orgId))
|
||||
.limit(1);
|
||||
|
||||
if (sites) {
|
||||
for (const site of orgSites) {
|
||||
if (site.pubKey) {
|
||||
if (site.type == "wireguard") {
|
||||
await deletePeer(site.exitNodeId!, site.pubKey);
|
||||
} else if (site.type == "newt") {
|
||||
// get the newt on the site by querying the newt table for siteId
|
||||
const [deletedNewt] = await db
|
||||
.delete(newts)
|
||||
.where(eq(newts.siteId, site.siteId))
|
||||
.returning();
|
||||
if (deletedNewt) {
|
||||
const payload = {
|
||||
type: `newt/terminate`,
|
||||
data: {}
|
||||
};
|
||||
sendToClient(deletedNewt.newtId, payload);
|
||||
|
||||
// delete all of the sessions for the newt
|
||||
db.delete(newtSessions)
|
||||
.where(
|
||||
eq(newtSessions.newtId, deletedNewt.newtId)
|
||||
)
|
||||
.run();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
db.delete(sites).where(eq(sites.siteId, site.siteId)).run();
|
||||
}
|
||||
}
|
||||
|
||||
await db.delete(orgs).where(eq(orgs.orgId, orgId)).returning();
|
||||
|
||||
return response(res, {
|
||||
data: null,
|
||||
success: true,
|
||||
error: false,
|
||||
message: "Organization deleted successfully",
|
||||
status: HttpCode.OK,
|
||||
status: HttpCode.OK
|
||||
});
|
||||
} catch (error) {
|
||||
logger.error(error);
|
||||
|
||||
@@ -16,7 +16,7 @@ const updateOrgParamsSchema = z.object({
|
||||
const updateOrgBodySchema = z
|
||||
.object({
|
||||
name: z.string().min(1).max(255).optional(),
|
||||
domain: z.string().min(1).max(255).optional(),
|
||||
// domain: z.string().min(1).max(255).optional(),
|
||||
})
|
||||
.strict()
|
||||
.refine((data) => Object.keys(data).length > 0, {
|
||||
|
||||
@@ -104,7 +104,6 @@ export async function authWithAccessToken(
|
||||
// outputLen: 32,
|
||||
// parallelism: 1
|
||||
// });
|
||||
logger.debug(`${accessToken} ${tokenItem.tokenHash}`)
|
||||
const validCode = accessToken === tokenItem.tokenHash;
|
||||
|
||||
if (!validCode) {
|
||||
|
||||
Reference in New Issue
Block a user