diff --git a/server/private/routers/external.ts b/server/private/routers/external.ts index 179ec89c7..ac18861ca 100644 --- a/server/private/routers/external.ts +++ b/server/private/routers/external.ts @@ -495,29 +495,31 @@ authRouter.post( auth.transferSession ); -authenticated.post( - "/license/activate", - verifyUserIsServerAdmin, - license.activateLicense -); +if (build !== "saas") { + authenticated.post( + "/license/activate", + verifyUserIsServerAdmin, + license.activateLicense + ); -authenticated.get( - "/license/keys", - verifyUserIsServerAdmin, - license.listLicenseKeys -); + authenticated.get( + "/license/keys", + verifyUserIsServerAdmin, + license.listLicenseKeys + ); -authenticated.delete( - "/license/:licenseKey", - verifyUserIsServerAdmin, - license.deleteLicenseKey -); + authenticated.delete( + "/license/:licenseKey", + verifyUserIsServerAdmin, + license.deleteLicenseKey + ); -authenticated.post( - "/license/recheck", - verifyUserIsServerAdmin, - license.recheckStatus -); + authenticated.post( + "/license/recheck", + verifyUserIsServerAdmin, + license.recheckStatus + ); +} authenticated.get( "/org/:orgId/logs/action", diff --git a/server/routers/external.ts b/server/routers/external.ts index 960c00249..a64162e6a 100644 --- a/server/routers/external.ts +++ b/server/routers/external.ts @@ -910,19 +910,6 @@ unauthenticated.post( ); unauthenticated.get("/my-device", verifySessionMiddleware, user.myDevice); -authenticated.get("/users", verifyUserIsServerAdmin, user.adminListUsers); -authenticated.get("/user/:userId", verifyUserIsServerAdmin, user.adminGetUser); -authenticated.post( - "/user/:userId/generate-password-reset-code", - verifyUserIsServerAdmin, - user.adminGeneratePasswordResetCode -); -authenticated.delete( - "/user/:userId", - verifyUserIsServerAdmin, - user.adminRemoveUser -); - authenticated.put( "/org/:orgId/user", verifyOrgAccess, @@ -945,12 +932,6 @@ authenticated.post( authenticated.get("/org/:orgId/user/:userId", verifyOrgAccess, user.getOrgUser); authenticated.get("/org/:orgId/user/:userId/check", org.checkOrgUserAccess); -authenticated.post( - "/user/:userId/2fa", - verifyUserIsServerAdmin, - user.updateUser2FA -); - authenticated.get( "/org/:orgId/users", verifyOrgAccess, @@ -1033,85 +1014,112 @@ authenticated.post( olm.recoverOlmWithFingerprint ); -authenticated.put( - "/idp/oidc", - verifyUserIsServerAdmin, - // verifyUserHasAction(ActionsEnum.createIdp), - idp.createOidcIdp -); +if (build !== "saas") { + authenticated.put( + "/idp/oidc", + verifyUserIsServerAdmin, + // verifyUserHasAction(ActionsEnum.createIdp), + idp.createOidcIdp + ); -authenticated.post( - "/idp/:idpId/oidc", - verifyUserIsServerAdmin, - idp.updateOidcIdp -); + authenticated.post( + "/idp/:idpId/oidc", + verifyUserIsServerAdmin, + idp.updateOidcIdp + ); -authenticated.delete("/idp/:idpId", verifyUserIsServerAdmin, idp.deleteIdp); + authenticated.delete("/idp/:idpId", verifyUserIsServerAdmin, idp.deleteIdp); -authenticated.get("/idp/:idpId", verifyUserIsServerAdmin, idp.getIdp); + authenticated.get("/idp/:idpId", verifyUserIsServerAdmin, idp.getIdp); -authenticated.put( - "/idp/:idpId/org/:orgId", - verifyUserIsServerAdmin, - idp.createIdpOrgPolicy -); + authenticated.put( + "/idp/:idpId/org/:orgId", + verifyUserIsServerAdmin, + idp.createIdpOrgPolicy + ); -authenticated.post( - "/idp/:idpId/org/:orgId", - verifyUserIsServerAdmin, - idp.updateIdpOrgPolicy -); + authenticated.post( + "/idp/:idpId/org/:orgId", + verifyUserIsServerAdmin, + idp.updateIdpOrgPolicy + ); -authenticated.delete( - "/idp/:idpId/org/:orgId", - verifyUserIsServerAdmin, - idp.deleteIdpOrgPolicy -); + authenticated.delete( + "/idp/:idpId/org/:orgId", + verifyUserIsServerAdmin, + idp.deleteIdpOrgPolicy + ); -authenticated.get( - "/idp/:idpId/org", - verifyUserIsServerAdmin, - idp.listIdpOrgPolicies -); + authenticated.get( + "/idp/:idpId/org", + verifyUserIsServerAdmin, + idp.listIdpOrgPolicies + ); + + authenticated.get( + `/api-key/:apiKeyId`, + verifyUserIsServerAdmin, + apiKeys.getApiKey + ); + + authenticated.put( + `/api-key`, + verifyUserIsServerAdmin, + apiKeys.createRootApiKey + ); + + authenticated.delete( + `/api-key/:apiKeyId`, + verifyUserIsServerAdmin, + apiKeys.deleteApiKey + ); + + authenticated.get( + `/api-keys`, + verifyUserIsServerAdmin, + apiKeys.listRootApiKeys + ); + + authenticated.get( + `/api-key/:apiKeyId/actions`, + verifyUserIsServerAdmin, + apiKeys.listApiKeyActions + ); + + authenticated.post( + `/api-key/:apiKeyId/actions`, + verifyUserIsServerAdmin, + apiKeys.setApiKeyActions + ); + + authenticated.get("/users", verifyUserIsServerAdmin, user.adminListUsers); + + authenticated.get( + "/user/:userId", + verifyUserIsServerAdmin, + user.adminGetUser + ); + + authenticated.post( + "/user/:userId/generate-password-reset-code", + verifyUserIsServerAdmin, + user.adminGeneratePasswordResetCode + ); + + authenticated.delete( + "/user/:userId", + verifyUserIsServerAdmin, + user.adminRemoveUser + ); + + authenticated.post( + "/user/:userId/2fa", + verifyUserIsServerAdmin, + user.updateUser2FA + ); +} authenticated.get("/idp", idp.listIdps); // anyone can see this; it's just a list of idp names and ids -authenticated.get("/idp/:idpId", verifyUserIsServerAdmin, idp.getIdp); - -authenticated.get( - `/api-key/:apiKeyId`, - verifyUserIsServerAdmin, - apiKeys.getApiKey -); - -authenticated.put( - `/api-key`, - verifyUserIsServerAdmin, - apiKeys.createRootApiKey -); - -authenticated.delete( - `/api-key/:apiKeyId`, - verifyUserIsServerAdmin, - apiKeys.deleteApiKey -); - -authenticated.get( - `/api-keys`, - verifyUserIsServerAdmin, - apiKeys.listRootApiKeys -); - -authenticated.get( - `/api-key/:apiKeyId/actions`, - verifyUserIsServerAdmin, - apiKeys.listApiKeyActions -); - -authenticated.post( - `/api-key/:apiKeyId/actions`, - verifyUserIsServerAdmin, - apiKeys.setApiKeyActions -); authenticated.get( `/org/:orgId/api-keys`, diff --git a/src/app/admin/layout.tsx b/src/app/admin/layout.tsx index 5f35ee4cd..15d900ee8 100644 --- a/src/app/admin/layout.tsx +++ b/src/app/admin/layout.tsx @@ -13,6 +13,7 @@ import { Layout } from "@app/components/Layout"; import { adminNavSections } from "../navigation"; import { pullEnv } from "@app/lib/pullEnv"; import SubscriptionStatusProvider from "@app/providers/SubscriptionStatusProvider"; +import { build } from "@server/build"; export const dynamic = "force-dynamic"; @@ -29,6 +30,11 @@ export default async function AdminLayout(props: LayoutProps) { const getUser = cache(verifySession); const user = await getUser(); + // Disable the admin page on saas + if (build == "saas") { + redirect(`/`); + } + const env = pullEnv(); if (!user || !user.serverAdmin) {