Skip to content

Commit 63cd8de

Browse files
BccorbBccorb
committed
chore: make admin routes not need m2m tokens
1 parent 1025b2f commit 63cd8de

7 files changed

Lines changed: 38 additions & 33 deletions

File tree

.env.example

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -32,8 +32,8 @@ RATE_LIMIT=100
3232
DELAY_AFTER=50
3333

3434
# OPTIONAL SERVICE TOKENS
35-
# Used only if enabling admin or automation endpoints
36-
API_SERVICE_TOKEN=GRAB_FROM_SEAMLESS_AUTH_PORTAL
35+
# Used only if enabling admin or m2m communications
36+
API_SERVICE_TOKEN=32-byte-hex-string
3737

3838
# JWKS
3939
JWKS_ACTIVE_KID=dev-main

docker-compose.yml

Lines changed: 16 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ services:
55
dockerfile: Dockerfile.dev
66
container_name: seamless-auth
77
ports:
8-
- '5312:5312'
8+
- "5312:5312"
99
volumes:
1010
- .:/app
1111
- /app/node_modules
@@ -17,7 +17,7 @@ services:
1717
postgres:
1818
condition: service_healthy
1919
healthcheck:
20-
test: ['CMD', 'node', './healthCheck.js']
20+
test: ["CMD", "node", "./healthCheck.js"]
2121
interval: 30s
2222
timeout: 5s
2323
retries: 3
@@ -27,18 +27,29 @@ services:
2727
restart: always
2828
container_name: db
2929
ports:
30-
- '5432:5432'
30+
- "5432:5432"
3131
environment:
3232
POSTGRES_USER: myuser
3333
POSTGRES_PASSWORD: mypassword
3434
POSTGRES_DB: postgres
3535
healthcheck:
36-
test: ['CMD-SHELL', 'pg_isready -U myuser -d postgres']
36+
test: ["CMD-SHELL", "pg_isready -U myuser -d postgres"]
3737
interval: 5s
3838
timeout: 5s
3939
retries: 5
4040
volumes:
4141
- pgdata:/var/lib/postgresql/data
4242

43+
admin:
44+
image: seamless-admin:local
45+
container_name: seamless-admin
46+
ports:
47+
- "5174:80"
48+
depends_on:
49+
- api
50+
environment:
51+
API_URL: http://localhost:5312
52+
restart: unless-stopped
53+
4354
volumes:
44-
pgdata:
55+
pgdata:

src/controllers/internalSecurity.ts

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,6 @@ export const getSecurityAnomalies = async (_req: Request, res: Response) => {
5454
attributes: ['user_id', 'type', 'ip_address', 'user_agent', 'metadata', 'created_at'],
5555
});
5656

57-
console.log('events', events);
5857
return res.json({
5958
suspiciousEvents: events,
6059
total: events.length,

src/middleware/requireAdmin.ts

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -14,11 +14,6 @@ const logger = getLogger('requireAdmin');
1414
export function requireAdmin() {
1515
return (req: AuthenticatedRequest, res: Response, next: NextFunction) => {
1616
try {
17-
if (!req.clientId) {
18-
logger.error('Admin route hit without service identity');
19-
return res.status(401).json({ error: 'Unauthorized' });
20-
}
21-
2217
if (!req.user) {
2318
logger.error('Admin route hit without authenticated user');
2419
return res.status(401).json({ error: 'Unauthorized' });

src/routes/admin.routes.ts

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ adminRouter.get(
4141
{
4242
summary: 'List users (internal)',
4343
tags: ['Admin'],
44-
middleware: [verifyServiceToken, attachAuthMiddleware(), requireAdmin()],
44+
middleware: [attachAuthMiddleware(), requireAdmin()],
4545

4646
schemas: {
4747
response: {
@@ -56,7 +56,7 @@ adminRouter.get(
5656
adminRouter.get(
5757
'/auth-events',
5858
{
59-
middleware: [verifyServiceToken, attachAuthMiddleware(), requireAdmin()],
59+
middleware: [attachAuthMiddleware(), requireAdmin()],
6060
tags: ['Admin'],
6161
schemas: {
6262
query: AuthEventQuerySchema,
@@ -73,7 +73,7 @@ adminRouter.get(
7373
{
7474
summary: 'Get credential count',
7575
tags: ['Admin'],
76-
middleware: [verifyServiceToken, attachAuthMiddleware(), requireAdmin()],
76+
middleware: [attachAuthMiddleware(), requireAdmin()],
7777

7878
schemas: {
7979
response: {
@@ -89,7 +89,7 @@ adminRouter.post(
8989
'/users',
9090
{
9191
tags: ['Admin'],
92-
middleware: [verifyServiceToken, attachAuthMiddleware(), requireAdmin()],
92+
middleware: [attachAuthMiddleware(), requireAdmin()],
9393
schemas: {
9494
body: CreateUserSchema,
9595
},
@@ -102,7 +102,7 @@ adminRouter.delete(
102102
{
103103
summary: 'Delete user',
104104
tags: ['Admin'],
105-
middleware: [verifyServiceToken, attachAuthMiddleware(), requireAdmin()],
105+
middleware: [attachAuthMiddleware(), requireAdmin()],
106106

107107
schemas: {
108108
response: {
@@ -119,7 +119,7 @@ adminRouter.patch(
119119
{
120120
summary: 'Update user',
121121
tags: ['Admin'],
122-
middleware: [verifyServiceToken, attachAuthMiddleware(), requireAdmin()],
122+
middleware: [attachAuthMiddleware(), requireAdmin()],
123123

124124
schemas: {
125125
body: UpdateUserSchema,
@@ -138,7 +138,7 @@ adminRouter.get(
138138
'/users/:userId',
139139
{
140140
tags: ['Admin'],
141-
middleware: [verifyServiceToken, attachAuthMiddleware(), requireAdmin()],
141+
middleware: [attachAuthMiddleware(), requireAdmin()],
142142
},
143143
getUserDetail,
144144
);
@@ -147,7 +147,7 @@ adminRouter.get(
147147
'/users/:userId/anomalies',
148148
{
149149
tags: ['Admin'],
150-
middleware: [verifyServiceToken, attachAuthMiddleware(), requireAdmin()],
150+
middleware: [attachAuthMiddleware(), requireAdmin()],
151151
},
152152
getUserAnomalies,
153153
);
@@ -156,7 +156,7 @@ adminRouter.get(
156156
'/sessions',
157157
{
158158
tags: ['Admin'],
159-
middleware: [verifyServiceToken, attachAuthMiddleware(), requireAdmin()],
159+
middleware: [attachAuthMiddleware(), requireAdmin()],
160160
schema: {
161161
query: PaginationQuerySchema,
162162
},
@@ -167,7 +167,7 @@ adminRouter.get(
167167
adminRouter.get(
168168
'/sessions/:userId',
169169
{
170-
middleware: [verifyServiceToken, attachAuthMiddleware(), requireAdmin()],
170+
middleware: [attachAuthMiddleware(), requireAdmin()],
171171
tags: ['Admin'],
172172
schemas: {
173173
params: UserIdParamSchema,
@@ -183,7 +183,7 @@ adminRouter.get(
183183
adminRouter.delete(
184184
'/sessions/:userId/revoke-all',
185185
{
186-
middleware: [verifyServiceToken, attachAuthMiddleware(), requireAdmin()],
186+
middleware: [attachAuthMiddleware(), requireAdmin()],
187187
tags: ['Admin'],
188188
schemas: {
189189
params: UserIdParamSchema,

src/routes/internal.routes.ts

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ const internalRouter = createRouter('/internal');
2323
internalRouter.get(
2424
'/auth-events/summary',
2525
{
26-
middleware: [verifyServiceToken, attachAuthMiddleware(), requireAdmin()],
26+
middleware: [attachAuthMiddleware(), requireAdmin()],
2727
tags: ['Internal'],
2828
schemas: {
2929
query: MetricsQuerySchema,
@@ -35,7 +35,7 @@ internalRouter.get(
3535
internalRouter.get(
3636
'/auth-events/timeseries',
3737
{
38-
middleware: [verifyServiceToken, attachAuthMiddleware(), requireAdmin()],
38+
middleware: [attachAuthMiddleware(), requireAdmin()],
3939
tags: ['Internal'],
4040
schemas: {
4141
query: MetricsQuerySchema,
@@ -47,7 +47,7 @@ internalRouter.get(
4747
internalRouter.get(
4848
'/auth-events/login-stats',
4949
{
50-
middleware: [verifyServiceToken, attachAuthMiddleware(), requireAdmin()],
50+
middleware: [attachAuthMiddleware(), requireAdmin()],
5151
tags: ['Internal'],
5252
},
5353
getLoginStats,
@@ -56,7 +56,7 @@ internalRouter.get(
5656
internalRouter.get(
5757
'/security/anomalies',
5858
{
59-
middleware: [verifyServiceToken, attachAuthMiddleware(), requireAdmin()],
59+
middleware: [attachAuthMiddleware(), requireAdmin()],
6060
summary: 'Detect suspicious activity',
6161
tags: ['Internal'],
6262
},
@@ -66,7 +66,7 @@ internalRouter.get(
6666
internalRouter.get(
6767
'/metrics/dashboard',
6868
{
69-
middleware: [verifyServiceToken, attachAuthMiddleware(), requireAdmin()],
69+
middleware: [attachAuthMiddleware(), requireAdmin()],
7070
summary: 'Dashboard metrics',
7171
tags: ['Internal'],
7272
},
@@ -76,7 +76,7 @@ internalRouter.get(
7676
internalRouter.get(
7777
'/auth-events/grouped',
7878
{
79-
middleware: [verifyServiceToken, attachAuthMiddleware(), requireAdmin()],
79+
middleware: [attachAuthMiddleware(), requireAdmin()],
8080
summary: 'Auth Event metrics grouped',
8181
tags: ['Internal'],
8282
},

src/routes/systemConfig.routes.ts

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ systemConfigRouter.get(
2828
summary: 'Get available roles',
2929
tags: ['SystemConfig'],
3030

31-
middleware: [verifyServiceToken, attachAuthMiddleware(), requireAdmin()],
31+
middleware: [attachAuthMiddleware(), requireAdmin()],
3232
},
3333
getAvailableRoles,
3434
);
@@ -39,7 +39,7 @@ systemConfigRouter.get(
3939
summary: 'Retrieve system configuration',
4040
tags: ['SystemConfig'],
4141

42-
middleware: [verifyServiceToken, attachAuthMiddleware(), requireAdmin()],
42+
middleware: [attachAuthMiddleware(), requireAdmin()],
4343

4444
schemas: {
4545
response: {
@@ -58,7 +58,7 @@ systemConfigRouter.patch(
5858
summary: 'Update system configuration',
5959
tags: ['SystemConfig'],
6060

61-
middleware: [verifyServiceToken, attachAuthMiddleware(), requireAdmin()],
61+
middleware: [attachAuthMiddleware(), requireAdmin()],
6262

6363
schemas: {
6464
response: {

0 commit comments

Comments
 (0)