Skip to content

Commit 1cef4f2

Browse files
MarceloRGoncMarceloRGonc
authored
Add security policy for unscoped endpoints (#2099)
Fixes OPS-3885.
1 parent fd01e8f commit 1cef4f2

2 files changed

Lines changed: 15 additions & 3 deletions

File tree

packages/server/api/src/app/ai/providers/ai-providers.controller.ts

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,4 @@
11
import { FastifyPluginAsyncTypebox } from '@fastify/type-provider-typebox';
2-
import { Type } from '@sinclair/typebox';
3-
42
import {
53
getAiProvider,
64
getAvailableProvidersWithModels,
@@ -10,6 +8,8 @@ import {
108
GetProvidersResponse,
119
PrincipalType,
1210
} from '@openops/shared';
11+
import { Type } from '@sinclair/typebox';
12+
import { getUnscopedRoutePolicy } from '../../core/security/route-policies/route-security-policy-factory';
1313

1414
export const aiProvidersController: FastifyPluginAsyncTypebox = async (app) => {
1515
app.get(
@@ -37,6 +37,7 @@ export const aiProvidersController: FastifyPluginAsyncTypebox = async (app) => {
3737
const ListAiProvidersRequest = {
3838
config: {
3939
allowedPrincipals: [PrincipalType.USER],
40+
security: getUnscopedRoutePolicy([PrincipalType.USER]),
4041
},
4142
schema: {
4243
tags: ['ai-providers'],
@@ -48,6 +49,7 @@ const ListAiProvidersRequest = {
4849
const GetAiProviderRequest = {
4950
config: {
5051
allowedPrincipals: [PrincipalType.USER],
52+
security: getUnscopedRoutePolicy([PrincipalType.USER]),
5153
},
5254
schema: {
5355
tags: ['ai-providers'],

packages/server/api/src/app/user/user.module.ts

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,17 +1,19 @@
11
import { FastifyPluginAsyncTypebox } from '@fastify/type-provider-typebox';
22
import { PrincipalType, UpdateTrackingRequestBody } from '@openops/shared';
33
import { FastifyRequest } from 'fastify';
4+
import { getUnscopedRoutePolicy } from '../core/security/route-policies/route-security-policy-factory';
45
import { userService } from './user-service';
56

67
export const userModule: FastifyPluginAsyncTypebox = async (app) => {
78
await app.register(usersController, { prefix: '/v1/users' });
89
};
910

1011
const usersController: FastifyPluginAsyncTypebox = async (app) => {
11-
app.get('/me', async (request: FastifyRequest) => {
12+
app.get('/me', MeRequestOptions, async (request: FastifyRequest) => {
1213
const user = await userService.getMetaInfo({
1314
principal: request.principal,
1415
});
16+
1517
return user;
1618
});
1719

@@ -41,9 +43,17 @@ const usersController: FastifyPluginAsyncTypebox = async (app) => {
4143
);
4244
};
4345

46+
const MeRequestOptions = {
47+
config: {
48+
allowedPrincipals: [PrincipalType.USER],
49+
security: getUnscopedRoutePolicy([PrincipalType.USER]),
50+
},
51+
};
52+
4453
const UpdateTrackingRequestOptions = {
4554
config: {
4655
allowedPrincipals: [PrincipalType.USER],
56+
security: getUnscopedRoutePolicy([PrincipalType.USER]),
4757
},
4858
schema: {
4959
body: UpdateTrackingRequestBody,

0 commit comments

Comments
 (0)