Ronni Baslund
80 lines
2.8 KiB
TypeScript
80 lines
2.8 KiB
TypeScript
import {
|
|
Body,
|
|
Controller,
|
|
Delete,
|
|
ForbiddenException,
|
|
Get,
|
|
HttpCode,
|
|
Param,
|
|
Patch,
|
|
Post,
|
|
UseGuards,
|
|
} from '@nestjs/common'
|
|
import { Types } from 'mongoose'
|
|
import { ActorService } from '../../auth/actor.service.js'
|
|
import { CurrentUser } from '../../auth/current-user.decorator.js'
|
|
import { JwtAuthGuard } from '../../auth/jwt-auth.guard.js'
|
|
import type { AuthentikJwtPayload } from '../../auth/jwt-payload.interface.js'
|
|
import { TenantsService } from '../../tenants/tenants.service.js'
|
|
import { CreateWebhookDto, UpdateWebhookDto } from './dto/webhook-dtos.js'
|
|
import { WebhooksService } from './webhooks.service.js'
|
|
|
|
// Tenant webhook administration. Same base path + gating as the rest of the
|
|
// scheduling admin surface (platformAdmin OR a member of the tenant). The
|
|
// signing secret is returned in full on create/get/rotate so the tenant can
|
|
// configure their receiver's HMAC verification.
|
|
@Controller('api/v1/tenants/:slug/scheduling/webhooks')
|
|
@UseGuards(JwtAuthGuard)
|
|
export class WebhooksController {
|
|
constructor(
|
|
private readonly actor: ActorService,
|
|
private readonly tenants: TenantsService,
|
|
private readonly webhooks: WebhooksService,
|
|
) {}
|
|
|
|
private async gate(slug: string, jwt: AuthentikJwtPayload): Promise<Types.ObjectId> {
|
|
const actor = await this.actor.resolve(jwt)
|
|
const tenant = await this.tenants.findOneBySlug(slug)
|
|
if (!actor.platformAdmin && !actor.tenantIds.some((id) => id.equals(tenant._id))) {
|
|
throw new ForbiddenException(`No access to tenant "${slug}"`)
|
|
}
|
|
return tenant._id
|
|
}
|
|
|
|
@Get()
|
|
async list(@Param('slug') slug: string, @CurrentUser() jwt: AuthentikJwtPayload) {
|
|
return this.webhooks.list(await this.gate(slug, jwt))
|
|
}
|
|
|
|
@Post()
|
|
async create(@Param('slug') slug: string, @Body() dto: CreateWebhookDto, @CurrentUser() jwt: AuthentikJwtPayload) {
|
|
return this.webhooks.create(await this.gate(slug, jwt), dto)
|
|
}
|
|
|
|
@Patch(':id')
|
|
async update(
|
|
@Param('slug') slug: string,
|
|
@Param('id') id: string,
|
|
@Body() dto: UpdateWebhookDto,
|
|
@CurrentUser() jwt: AuthentikJwtPayload,
|
|
) {
|
|
return this.webhooks.update(await this.gate(slug, jwt), id, dto)
|
|
}
|
|
|
|
@Post(':id/rotate-secret')
|
|
async rotateSecret(@Param('slug') slug: string, @Param('id') id: string, @CurrentUser() jwt: AuthentikJwtPayload) {
|
|
return this.webhooks.rotateSecret(await this.gate(slug, jwt), id)
|
|
}
|
|
|
|
@Get(':id/deliveries')
|
|
async deliveries(@Param('slug') slug: string, @Param('id') id: string, @CurrentUser() jwt: AuthentikJwtPayload) {
|
|
return this.webhooks.listDeliveries(await this.gate(slug, jwt), id)
|
|
}
|
|
|
|
@Delete(':id')
|
|
@HttpCode(204)
|
|
async remove(@Param('slug') slug: string, @Param('id') id: string, @CurrentUser() jwt: AuthentikJwtPayload) {
|
|
await this.webhooks.remove(await this.gate(slug, jwt), id)
|
|
}
|
|
}
|