calvin.erfmann/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-06-23 15:51:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use the config not the env var

Browse Source
This commit is contained in:
Owen
2026-06-22 10:24:16 -04:00
parent 3b68139873
commit d7cfffd92d
7 changed files with 43 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server/lib/blueprints/resourcePolicies.ts
View File

@@ -23,6 +23,7 @@ import { hashPassword } from "@server/auth/password";
import { isValidCIDR, isValidIP, isValidUrlGlobPattern } from "../validators"; import { isValidCIDR, isValidIP, isValidUrlGlobPattern } from "../validators";
import { isLicensedOrSubscribed } from "#dynamic/lib/isLicencedOrSubscribed"; import { isLicensedOrSubscribed } from "#dynamic/lib/isLicencedOrSubscribed";
import { tierMatrix } from "../billing/tierMatrix"; import { tierMatrix } from "../billing/tierMatrix";
import privateConfig from "@server/private/lib/config";
export type ResourcePoliciesResults = { export type ResourcePoliciesResults = {
resourcePolicyId: number; resourcePolicyId: number;
@@ -83,7 +84,10 @@ export async function updateResourcePolicies(
); );
} }
if (process.env.IDENTITY_PROVIDER_MODE === "org") { if (
privateConfig.getRawPrivateConfig().app
.identity_provider_mode === "org"
) {
const [providerOrg] = await trx const [providerOrg] = await trx
.select() .select()
.from(idpOrg) .from(idpOrg)

6
server/private/routers/policy/createResourcePolicy.ts
View File

@@ -38,6 +38,7 @@ import {
} from "@server/lib/validators"; } from "@server/lib/validators";
import logger from "@server/logger"; import logger from "@server/logger";
import { OpenAPITags, registry } from "@server/openApi"; import { OpenAPITags, registry } from "@server/openApi";
import privateConfig from "@server/private/lib/config";
import HttpCode from "@server/types/HttpCode"; import HttpCode from "@server/types/HttpCode";
import { and, eq, inArray, type InferInsertModel } from "drizzle-orm"; import { and, eq, inArray, type InferInsertModel } from "drizzle-orm";
import { NextFunction, Request, Response } from "express"; import { NextFunction, Request, Response } from "express";
@@ -219,7 +220,10 @@ export async function createResourcePolicy(
); );
} }
if (process.env.IDENTITY_PROVIDER_MODE === "org") { if (
privateConfig.getRawPrivateConfig().app
.identity_provider_mode === "org"
) {
const [providerOrg] = await db const [providerOrg] = await db
.select() .select()
.from(idpOrg) .from(idpOrg)

11
server/routers/idp/createIdpOrgPolicy.ts
View File

@@ -11,6 +11,7 @@ import { OpenAPITags, registry } from "@server/openApi";
import config from "@server/lib/config"; import config from "@server/lib/config";
import { eq, and } from "drizzle-orm"; import { eq, and } from "drizzle-orm";
import { idp, idpOrg } from "@server/db"; import { idp, idpOrg } from "@server/db";
import privateConfig from "@server/private/lib/config";
const paramsSchema = z.strictObject({ const paramsSchema = z.strictObject({
idpId: z.coerce.number<number>(), idpId: z.coerce.number<number>(),
@@ -25,7 +26,6 @@ const bodySchema = z.strictObject({
export type CreateIdpOrgPolicyResponse = {}; export type CreateIdpOrgPolicyResponse = {};
const CreateIdpOrgPolicyResponseDataSchema = z.object({}); const CreateIdpOrgPolicyResponseDataSchema = z.object({});
registry.registerPath({ registry.registerPath({
method: "put", method: "put",
path: "/idp/{idpId}/org/{orgId}", path: "/idp/{idpId}/org/{orgId}",
@@ -46,7 +46,9 @@ registry.registerPath({
description: "Successful response", description: "Successful response",
content: { content: {
"application/json": { "application/json": {
schema: createApiResponseSchema(CreateIdpOrgPolicyResponseDataSchema) schema: createApiResponseSchema(
CreateIdpOrgPolicyResponseDataSchema
)
} }
} }
} }
@@ -82,7 +84,10 @@ export async function createIdpOrgPolicy(
const { idpId, orgId } = parsedParams.data; const { idpId, orgId } = parsedParams.data;
const { roleMapping, orgMapping } = parsedBody.data; const { roleMapping, orgMapping } = parsedBody.data;
if (process.env.IDENTITY_PROVIDER_MODE === "org") { if (
privateConfig.getRawPrivateConfig().app.identity_provider_mode ===
"org"
) {
return next( return next(
createHttpError( createHttpError(
HttpCode.BAD_REQUEST, HttpCode.BAD_REQUEST,

5
server/routers/idp/createOidcIdp.ts
View File

@@ -12,6 +12,7 @@ import { idp, idpOidcConfig, idpOrg, orgs } from "@server/db";
import { generateOidcRedirectUrl } from "@server/lib/idp/generateRedirectUrl"; import { generateOidcRedirectUrl } from "@server/lib/idp/generateRedirectUrl";
import { encrypt } from "@server/lib/crypto"; import { encrypt } from "@server/lib/crypto";
import config from "@server/lib/config"; import config from "@server/lib/config";
import privateConfig from "@server/private/lib/config";
const paramsSchema = z.strictObject({}); const paramsSchema = z.strictObject({});
@@ -39,7 +40,6 @@ const CreateIdpResponseDataSchema = z.object({
redirectUrl: z.string() redirectUrl: z.string()
}); });
registry.registerPath({ registry.registerPath({
method: "put", method: "put",
path: "/idp/oidc", path: "/idp/oidc",
@@ -98,7 +98,8 @@ export async function createOidcIdp(
} = parsedBody.data; } = parsedBody.data;
if ( if (
process.env.IDENTITY_PROVIDER_MODE === "org" privateConfig.getRawPrivateConfig().app.identity_provider_mode ===
"org"
) { ) {
return next( return next(
createHttpError( createHttpError(

11
server/routers/idp/updateIdpOrgPolicy.ts
View File

@@ -10,6 +10,7 @@ import { fromError } from "zod-validation-error";
import { OpenAPITags, registry } from "@server/openApi"; import { OpenAPITags, registry } from "@server/openApi";
import { eq, and } from "drizzle-orm"; import { eq, and } from "drizzle-orm";
import { idp, idpOrg } from "@server/db"; import { idp, idpOrg } from "@server/db";
import privateConfig from "@server/private/lib/config";
const paramsSchema = z.strictObject({ const paramsSchema = z.strictObject({
idpId: z.coerce.number<number>(), idpId: z.coerce.number<number>(),
@@ -24,7 +25,6 @@ const bodySchema = z.strictObject({
export type UpdateIdpOrgPolicyResponse = {}; export type UpdateIdpOrgPolicyResponse = {};
const UpdateIdpOrgPolicyResponseDataSchema = z.object({}); const UpdateIdpOrgPolicyResponseDataSchema = z.object({});
registry.registerPath({ registry.registerPath({
method: "post", method: "post",
path: "/idp/{idpId}/org/{orgId}", path: "/idp/{idpId}/org/{orgId}",
@@ -45,7 +45,9 @@ registry.registerPath({
description: "Successful response", description: "Successful response",
content: { content: {
"application/json": { "application/json": {
schema: createApiResponseSchema(UpdateIdpOrgPolicyResponseDataSchema) schema: createApiResponseSchema(
UpdateIdpOrgPolicyResponseDataSchema
)
} }
} }
} }
@@ -81,7 +83,10 @@ export async function updateIdpOrgPolicy(
const { idpId, orgId } = parsedParams.data; const { idpId, orgId } = parsedParams.data;
const { roleMapping, orgMapping } = parsedBody.data; const { roleMapping, orgMapping } = parsedBody.data;
if (process.env.IDENTITY_PROVIDER_MODE === "org") { if (
privateConfig.getRawPrivateConfig().app.identity_provider_mode ===
"org"
) {
return next( return next(
createHttpError( createHttpError(
HttpCode.BAD_REQUEST, HttpCode.BAD_REQUEST,

7
server/routers/idp/updateOidcIdp.ts
View File

@@ -12,6 +12,7 @@ import { idp, idpOidcConfig } from "@server/db";
import { eq } from "drizzle-orm"; import { eq } from "drizzle-orm";
import { encrypt } from "@server/lib/crypto"; import { encrypt } from "@server/lib/crypto";
import config from "@server/lib/config"; import config from "@server/lib/config";
import privateConfig from "@server/private/lib/config";
const paramsSchema = z const paramsSchema = z
.object({ .object({
@@ -43,7 +44,6 @@ const UpdateIdpResponseDataSchema = z.object({
idpId: z.number() idpId: z.number()
}); });
registry.registerPath({ registry.registerPath({
method: "post", method: "post",
path: "/idp/{idpId}/oidc", path: "/idp/{idpId}/oidc",
@@ -115,7 +115,10 @@ export async function updateOidcIdp(
variant variant
} = parsedBody.data; } = parsedBody.data;
if (process.env.IDENTITY_PROVIDER_MODE === "org") { if (
privateConfig.getRawPrivateConfig().app.identity_provider_mode ===
"org"
) {
return next( return next(
createHttpError( createHttpError(
HttpCode.BAD_REQUEST, HttpCode.BAD_REQUEST,

11
server/routers/policy/setResourcePolicyAccessControl.ts
View File

@@ -18,6 +18,7 @@ import logger from "@server/logger";
import { fromError } from "zod-validation-error"; import { fromError } from "zod-validation-error";
import { and, eq, inArray, ne } from "drizzle-orm"; import { and, eq, inArray, ne } from "drizzle-orm";
import { OpenAPITags, registry } from "@server/openApi"; import { OpenAPITags, registry } from "@server/openApi";
import privateConfig from "@server/private/lib/config";
const setResourcePolicyAcccessControlBodySchema = z.strictObject({ const setResourcePolicyAcccessControlBodySchema = z.strictObject({
sso: z.boolean(), sso: z.boolean(),
@@ -119,12 +120,18 @@ export async function setResourcePolicyAccessControl(
); );
} }
if (process.env.IDENTITY_PROVIDER_MODE === "org") { if (
privateConfig.getRawPrivateConfig().app
.identity_provider_mode === "org"
) {
const [providerOrg] = await db const [providerOrg] = await db
.select() .select()
.from(idpOrg) .from(idpOrg)
.where( .where(
and(eq(idpOrg.idpId, idpId), eq(idpOrg.orgId, policy.orgId)) and(
eq(idpOrg.idpId, idpId),
eq(idpOrg.orgId, policy.orgId)
)
) )
.limit(1); .limit(1);