Merge branch 'dev' into hybrid

server/routers/external.ts

@@ -9,6 +9,7 @@ import * as user from "./user";
 import * as auth from "./auth";
 import * as role from "./role";
 import * as client from "./client";
+import * as siteResource from "./siteResource";
 import * as supporterKey from "./supporterKey";
 import * as accessToken from "./accessToken";
 import * as idp from "./idp";
@@ -34,7 +35,8 @@ import {
     verifyDomainAccess,
     verifyClientsEnabled,
     verifyUserHasAction,
-    verifyUserIsOrgOwner
+    verifyUserIsOrgOwner,
+    verifySiteResourceAccess
 } from "@server/middlewares";
 import { createStore } from "@server/lib/rateLimitStore";
 import { ActionsEnum } from "@server/auth/actions";
@@ -213,9 +215,60 @@ authenticated.get(
     site.listContainers
 );
 
+// Site Resource endpoints
 authenticated.put(
     "/org/:orgId/site/:siteId/resource",
     verifyOrgAccess,
+    verifySiteAccess,
+    verifyUserHasAction(ActionsEnum.createSiteResource),
+    siteResource.createSiteResource
+);
+
+authenticated.get(
+    "/org/:orgId/site/:siteId/resources",
+    verifyOrgAccess,
+    verifySiteAccess,
+    verifyUserHasAction(ActionsEnum.listSiteResources),
+    siteResource.listSiteResources
+);
+
+authenticated.get(
+    "/org/:orgId/site-resources",
+    verifyOrgAccess,
+    verifyUserHasAction(ActionsEnum.listSiteResources),
+    siteResource.listAllSiteResourcesByOrg
+);
+
+authenticated.get(
+    "/org/:orgId/site/:siteId/resource/:siteResourceId",
+    verifyOrgAccess,
+    verifySiteAccess,
+    verifySiteResourceAccess,
+    verifyUserHasAction(ActionsEnum.getSiteResource),
+    siteResource.getSiteResource
+);
+
+authenticated.post(
+    "/org/:orgId/site/:siteId/resource/:siteResourceId",
+    verifyOrgAccess,
+    verifySiteAccess,
+    verifySiteResourceAccess,
+    verifyUserHasAction(ActionsEnum.updateSiteResource),
+    siteResource.updateSiteResource
+);
+
+authenticated.delete(
+    "/org/:orgId/site/:siteId/resource/:siteResourceId",
+    verifyOrgAccess,
+    verifySiteAccess,
+    verifySiteResourceAccess,
+    verifyUserHasAction(ActionsEnum.deleteSiteResource),
+    siteResource.deleteSiteResource
+);
+
+authenticated.put(
+    "/org/:orgId/resource",
+    verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.createResource),
     resource.createResource
 );
@@ -397,28 +450,6 @@ authenticated.post(
     user.addUserRole
 );
 
-// authenticated.put(
-//     "/role/:roleId/site",
-//     verifyRoleAccess,
-//     verifyUserInRole,
-//     verifyUserHasAction(ActionsEnum.addRoleSite),
-//     role.addRoleSite
-// );
-// authenticated.delete(
-//     "/role/:roleId/site",
-//     verifyRoleAccess,
-//     verifyUserInRole,
-//     verifyUserHasAction(ActionsEnum.removeRoleSite),
-//     role.removeRoleSite
-// );
-// authenticated.get(
-//     "/role/:roleId/sites",
-//     verifyRoleAccess,
-//     verifyUserInRole,
-//     verifyUserHasAction(ActionsEnum.listRoleSites),
-//     role.listRoleSites
-// );
-
 authenticated.post(
     "/resource/:resourceId/roles",
     verifyResourceAccess,
@@ -463,13 +494,6 @@ authenticated.get(
     resource.getResourceWhitelist
 );
 
-authenticated.post(
-    `/resource/:resourceId/transfer`,
-    verifyResourceAccess,
-    verifyUserHasAction(ActionsEnum.updateResource),
-    resource.transferResource
-);
-
 authenticated.post(
     `/resource/:resourceId/access-token`,
     verifyResourceAccess,
@@ -1033,6 +1057,7 @@ authRouter.post("/idp/:idpId/oidc/validate-callback", idp.validateOidcCallback);
 
 authRouter.put("/set-server-admin", auth.setServerAdmin);
 authRouter.get("/initial-setup-complete", auth.initialSetupComplete);
+authRouter.post("/validate-setup-token", auth.validateSetupToken);
 
 // Security Key routes
 authRouter.post(