archetecture security fix
This commit is contained in:
+282
@@ -0,0 +1,282 @@
|
||||
"use strict";
|
||||
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
||||
if (k2 === undefined) k2 = k;
|
||||
var desc = Object.getOwnPropertyDescriptor(m, k);
|
||||
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
||||
desc = { enumerable: true, get: function() { return m[k]; } };
|
||||
}
|
||||
Object.defineProperty(o, k2, desc);
|
||||
}) : (function(o, m, k, k2) {
|
||||
if (k2 === undefined) k2 = k;
|
||||
o[k2] = m[k];
|
||||
}));
|
||||
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
||||
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
||||
}) : function(o, v) {
|
||||
o["default"] = v;
|
||||
});
|
||||
var __importStar = (this && this.__importStar) || (function () {
|
||||
var ownKeys = function(o) {
|
||||
ownKeys = Object.getOwnPropertyNames || function (o) {
|
||||
var ar = [];
|
||||
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
||||
return ar;
|
||||
};
|
||||
return ownKeys(o);
|
||||
};
|
||||
return function (mod) {
|
||||
if (mod && mod.__esModule) return mod;
|
||||
var result = {};
|
||||
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
||||
__setModuleDefault(result, mod);
|
||||
return result;
|
||||
};
|
||||
})();
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
const express_1 = require("express");
|
||||
const requireCompanyAuth_1 = require("../../middleware/requireCompanyAuth");
|
||||
const requireTenant_1 = require("../../middleware/requireTenant");
|
||||
const requireSubscription_1 = require("../../middleware/requireSubscription");
|
||||
const requireRole_1 = require("../../middleware/requireRole");
|
||||
const requireCompanyPolicy_1 = require("../../middleware/requireCompanyPolicy");
|
||||
const validate_1 = require("../../http/validate");
|
||||
const respond_1 = require("../../http/respond");
|
||||
const upload_1 = require("../../http/upload");
|
||||
const service = __importStar(require("./company.service"));
|
||||
const company_schemas_1 = require("./company.schemas");
|
||||
const router = (0, express_1.Router)();
|
||||
router.use(requireCompanyAuth_1.requireCompanyAuth, requireTenant_1.requireTenant, requireSubscription_1.requireSubscription);
|
||||
router.get('/me', async (req, res, next) => {
|
||||
try {
|
||||
const company = await service.getCompany(req.companyId);
|
||||
(0, respond_1.ok)(res, company);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.patch('/me', (0, requireRole_1.requireRole)('OWNER'), async (req, res, next) => {
|
||||
try {
|
||||
const body = (0, validate_1.parseBody)(company_schemas_1.companySchema, req);
|
||||
const company = await service.updateCompany(req.companyId, body);
|
||||
(0, respond_1.ok)(res, company);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.get('/me/brand', async (req, res, next) => {
|
||||
try {
|
||||
const brand = await service.getBrand(req.companyId);
|
||||
(0, respond_1.ok)(res, brand);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.patch('/me/brand', (0, requireRole_1.requireRole)('OWNER'), async (req, res, next) => {
|
||||
try {
|
||||
const body = (0, validate_1.parseBody)(company_schemas_1.brandSchema, req);
|
||||
const brand = await service.updateBrand(req.companyId, body, req.company.name, req.company.slug);
|
||||
(0, respond_1.ok)(res, brand);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.post('/me/brand/logo', (0, requireRole_1.requireRole)('OWNER'), upload_1.imageUpload.single('file'), async (req, res, next) => {
|
||||
try {
|
||||
(0, upload_1.assertImageFile)(req.file, 'logo');
|
||||
const brand = await service.uploadLogo(req.companyId, req.company.name, req.company.slug, req.file.buffer);
|
||||
(0, respond_1.ok)(res, brand);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.post('/me/brand/hero', (0, requireRole_1.requireRole)('OWNER'), upload_1.imageUpload.single('file'), async (req, res, next) => {
|
||||
try {
|
||||
(0, upload_1.assertImageFile)(req.file, 'hero image');
|
||||
const brand = await service.uploadHeroImage(req.companyId, req.company.name, req.company.slug, req.file.buffer);
|
||||
(0, respond_1.ok)(res, brand);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.post('/me/brand/subdomain/check', (0, requireRole_1.requireRole)('OWNER'), async (req, res, next) => {
|
||||
try {
|
||||
const { subdomain } = (0, validate_1.parseBody)(company_schemas_1.subdomainSchema, req);
|
||||
const result = await service.checkSubdomainAvailability(subdomain, req.companyId);
|
||||
(0, respond_1.ok)(res, result);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.post('/me/brand/custom-domain', (0, requireRole_1.requireRole)('OWNER'), async (req, res, next) => {
|
||||
try {
|
||||
const { customDomain } = (0, validate_1.parseBody)(company_schemas_1.customDomainSchema, req);
|
||||
const brand = await service.setCustomDomain(req.companyId, req.company.name, req.company.slug, customDomain);
|
||||
(0, respond_1.ok)(res, brand);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.get('/me/brand/custom-domain/status', async (req, res, next) => {
|
||||
try {
|
||||
const status = await service.getCustomDomainStatus(req.companyId);
|
||||
(0, respond_1.ok)(res, status);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.delete('/me/brand/custom-domain', (0, requireRole_1.requireRole)('OWNER'), async (req, res, next) => {
|
||||
try {
|
||||
const result = await service.removeCustomDomain(req.companyId);
|
||||
(0, respond_1.ok)(res, result);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.get('/me/contract-settings', async (req, res, next) => {
|
||||
try {
|
||||
const settings = await service.getContractSettings(req.companyId);
|
||||
(0, respond_1.ok)(res, settings);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.patch('/me/contract-settings', (0, requireRole_1.requireRole)('MANAGER'), async (req, res, next) => {
|
||||
try {
|
||||
const body = (0, validate_1.parseBody)(company_schemas_1.contractSettingsSchema, req);
|
||||
const settings = await service.updateContractSettings(req.companyId, body);
|
||||
(0, respond_1.ok)(res, settings);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.get('/me/insurance-policies', async (req, res, next) => {
|
||||
try {
|
||||
const policies = await service.getInsurancePolicies(req.companyId);
|
||||
(0, respond_1.ok)(res, policies);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.post('/me/insurance-policies', (0, requireRole_1.requireRole)('MANAGER'), async (req, res, next) => {
|
||||
try {
|
||||
const body = (0, validate_1.parseBody)(company_schemas_1.insurancePolicySchema, req);
|
||||
const policy = await service.createInsurancePolicy(req.companyId, body);
|
||||
(0, respond_1.created)(res, policy);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.patch('/me/insurance-policies/:id', (0, requireRole_1.requireRole)('MANAGER'), async (req, res, next) => {
|
||||
try {
|
||||
const { id } = (0, validate_1.parseParams)(company_schemas_1.idParamSchema, req);
|
||||
const body = (0, validate_1.parseBody)(company_schemas_1.insurancePolicySchema.partial(), req);
|
||||
const policy = await service.updateInsurancePolicy(id, req.companyId, body);
|
||||
(0, respond_1.ok)(res, policy);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.delete('/me/insurance-policies/:id', (0, requireRole_1.requireRole)('MANAGER'), async (req, res, next) => {
|
||||
try {
|
||||
const { id } = (0, validate_1.parseParams)(company_schemas_1.idParamSchema, req);
|
||||
await service.deleteInsurancePolicy(id, req.companyId);
|
||||
(0, respond_1.ok)(res, { success: true });
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.get('/me/pricing-rules', async (req, res, next) => {
|
||||
try {
|
||||
const rules = await service.getPricingRules(req.companyId);
|
||||
(0, respond_1.ok)(res, rules);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.post('/me/pricing-rules', (0, requireRole_1.requireRole)('MANAGER'), async (req, res, next) => {
|
||||
try {
|
||||
const body = (0, validate_1.parseBody)(company_schemas_1.pricingRuleSchema, req);
|
||||
const rule = await service.createPricingRule(req.companyId, body);
|
||||
(0, respond_1.created)(res, rule);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.patch('/me/pricing-rules/:id', (0, requireRole_1.requireRole)('MANAGER'), async (req, res, next) => {
|
||||
try {
|
||||
const { id } = (0, validate_1.parseParams)(company_schemas_1.idParamSchema, req);
|
||||
const body = (0, validate_1.parseBody)(company_schemas_1.pricingRuleSchema.partial(), req);
|
||||
const rule = await service.updatePricingRule(id, req.companyId, body);
|
||||
(0, respond_1.ok)(res, rule);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.delete('/me/pricing-rules/:id', (0, requireCompanyPolicy_1.requireCompanyPolicy)('deletePricingRule'), async (req, res, next) => {
|
||||
try {
|
||||
const { id } = (0, validate_1.parseParams)(company_schemas_1.idParamSchema, req);
|
||||
await service.deletePricingRule(id, req.companyId);
|
||||
(0, respond_1.ok)(res, { success: true });
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.get('/me/accounting-settings', async (req, res, next) => {
|
||||
try {
|
||||
const settings = await service.getAccountingSettings(req.companyId);
|
||||
(0, respond_1.ok)(res, settings);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.patch('/me/accounting-settings', (0, requireCompanyPolicy_1.requireCompanyPolicy)('updateAccountingSettings'), async (req, res, next) => {
|
||||
try {
|
||||
const body = (0, validate_1.parseBody)(company_schemas_1.accountingSettingsSchema, req);
|
||||
const settings = await service.updateAccountingSettings(req.companyId, body);
|
||||
(0, respond_1.ok)(res, settings);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.get('/me/api-key', (0, requireCompanyPolicy_1.requireCompanyPolicy)('viewApiKey'), async (req, res, next) => {
|
||||
try {
|
||||
const company = await service.getApiKey(req.companyId);
|
||||
(0, respond_1.ok)(res, company);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.post('/me/api-key/regenerate', (0, requireCompanyPolicy_1.requireCompanyPolicy)('regenerateApiKey'), async (req, res, next) => {
|
||||
try {
|
||||
const company = await service.regenerateApiKey(req.companyId);
|
||||
(0, respond_1.ok)(res, company);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
exports.default = router;
|
||||
//# sourceMappingURL=company.routes.js.map
|
||||
Reference in New Issue
Block a user