move re-key API routes to private api

server/private/routers/external.ts

@@ -23,11 +23,15 @@ import * as license from "#private/routers/license";
 import * as generateLicense from "./generatedLicense";
 import * as logs from "#private/routers/auditLogs";
 import * as misc from "#private/routers/misc";
+import * as reKey from "#private/routers/re-key";
 
 import {
     verifyOrgAccess,
     verifyUserHasAction,
-    verifyUserIsServerAdmin
+    verifyUserIsServerAdmin,
+    verifySiteAccess,
+    verifyClientAccess,
+    verifyClientsEnabled,
 } from "@server/middlewares";
 import { ActionsEnum } from "@server/auth/actions";
 import {
@@ -236,14 +240,6 @@ authenticated.put(
     remoteExitNode.createRemoteExitNode
 );
 
-authenticated.put(
-    "/org/:orgId/reGenerate-remote-exit-node-secret",
-    verifyValidLicense,
-    verifyOrgAccess,
-    verifyUserHasAction(ActionsEnum.updateRemoteExitNode),
-    remoteExitNode.reGenerateExitNodeSecret
-);
-
 authenticated.get(
     "/org/:orgId/remote-exit-nodes",
     verifyValidLicense,
@@ -411,3 +407,26 @@ authenticated.get(
     logActionAudit(ActionsEnum.exportLogs),
     logs.exportAccessAuditLogs
 );
+
+authenticated.post(
+    "/re-key/:clientId/regenerate-client-secret",
+    verifyClientsEnabled,
+    verifyClientAccess,
+    verifyUserHasAction(ActionsEnum.reGenerateSecret),
+    reKey.reGenerateClientSecret
+);
+
+authenticated.post(
+    "/re-key/:siteId/regenerate-site-secret",
+    verifySiteAccess,
+    verifyUserHasAction(ActionsEnum.reGenerateSecret),
+    reKey.reGenerateSiteSecret
+);
+
+authenticated.put(
+    "/re-key/:orgId/reGenerate-remote-exit-node-secret",
+    verifyValidLicense,
+    verifyOrgAccess,
+    verifyUserHasAction(ActionsEnum.updateRemoteExitNode),
+    reKey.reGenerateExitNodeSecret
+);

server/private/routers/re-key/index.ts

@@ -0,0 +1,3 @@
+export * from "./reGenerateClientSecret";
+export * from "./reGenerateSiteSecret";
+export * from "./reGenerateExitNodeSecret";

server/private/routers/re-key/reGenerateClientSecret.ts

@@ -29,7 +29,7 @@ export type ReGenerateSecretBody = z.infer<typeof reGenerateSecretBodySchema>;
 
 registry.registerPath({
     method: "post",
-    path: "/client/{clientId}/regenerate-secret",
+    path: "/re-key/{clientId}/regenerate-client-secret",
     description: "Regenerate a client's OLM credentials by its client ID.",
     tags: [OpenAPITags.Client],
     request: {

server/private/routers/re-key/reGenerateExitNodeSecret.ts

@@ -23,7 +23,11 @@ import { hashPassword } from "@server/auth/password";
 import logger from "@server/logger";
 import { and, eq } from "drizzle-orm";
 import { UpdateRemoteExitNodeResponse } from "@server/routers/remoteExitNode/types";
-import { paramsSchema } from "./createRemoteExitNode";
+import { OpenAPITags, registry } from "@server/openApi";
+
+export const paramsSchema = z.object({
+    orgId: z.string()
+});
 
 const bodySchema = z
     .object({
@@ -32,6 +36,25 @@ const bodySchema = z
     })
     .strict();
 
+
+registry.registerPath({
+    method: "post",
+    path: "/re-key/{orgId}/regenerate-secret",
+    description: "Regenerate a exit node credentials by its org ID.",
+    tags: [OpenAPITags.Org],
+    request: {
+        params: paramsSchema,
+        body: {
+            content: {
+                "application/json": {
+                    schema: bodySchema
+                }
+            }
+        }
+    },
+    responses: {}
+});
+
 export async function reGenerateExitNodeSecret(
     req: Request,
     res: Response,

server/private/routers/re-key/reGenerateSiteSecret.ts

@@ -9,7 +9,7 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 import { hashPassword } from "@server/auth/password";
-import { addPeer } from "../gerbil/peers";
+import { addPeer } from "@server/routers/gerbil/peers";
 
 
 const updateSiteParamsSchema = z
@@ -31,7 +31,7 @@ const updateSiteBodySchema = z
 
 registry.registerPath({
     method: "post",
-    path: "/site/{siteId}/regenerate-secret",
+    path: "/re-key/{siteId}/regenerate-site-secret",
     description: "Regenerate a site's Newt or WireGuard credentials by its site ID.",
     tags: [OpenAPITags.Site],
     request: {

server/private/routers/remoteExitNode/index.ts

@@ -21,4 +21,3 @@ export * from "./deleteRemoteExitNode";
 export * from "./listRemoteExitNodes";
 export * from "./pickRemoteExitNodeDefaults";
 export * from "./quickStartRemoteExitNode";
-export * from "./reGenerateExitNodeSecret";

server/routers/client/index.ts

@@ -3,5 +3,4 @@ export * from "./createClient";
 export * from "./deleteClient";
 export * from "./listClients";
 export * from "./updateClient";
-export * from "./getClient";
-export * from "./reGenerateClientSecret";
+export * from "./getClient";

server/routers/external.ts

@@ -178,13 +178,6 @@ authenticated.post(
     client.updateClient,
 );
 
-authenticated.post(
-    "/client/:clientId/regenerate-secret",
-    verifyClientsEnabled,
-    verifyClientAccess,
-    verifyUserHasAction(ActionsEnum.reGenerateSecret),
-    client.reGenerateClientSecret
-);
 
 // authenticated.get(
 //     "/site/:siteId/roles",
@@ -200,12 +193,6 @@ authenticated.post(
     site.updateSite,
 );
 
-authenticated.post(
-    "/site/:siteId/regenerate-secret",
-    verifySiteAccess,
-    verifyUserHasAction(ActionsEnum.reGenerateSecret),
-    site.reGenerateSiteSecret
-);
 authenticated.delete(
     "/site/:siteId",
     verifySiteAccess,

server/routers/site/index.ts

@@ -5,5 +5,4 @@ export * from "./updateSite";
 export * from "./listSites";
 export * from "./listSiteRoles";
 export * from "./pickSiteDefaults";
-export * from "./socketIntegration";
-export * from "./reGenerateSiteSecret";
+export * from "./socketIntegration";