feat: updated var names and permission, rate limit changes based on c…

…omments
Infisical · Jun 22, 2024 · b6cc17d · b6cc17d
1 parent 4072a40
commit b6cc17d
Show file tree

Hide file tree

Showing 11 changed files with 20 additions and 20 deletions.
diff --git a/backend/src/server/routes/v1/identity-aws-iam-auth-router.ts b/backend/src/server/routes/v1/identity-aws-iam-auth-router.ts
@@ -271,7 +271,7 @@ export const registerIdentityAwsAuthRouter = async (server: FastifyZodProvider)
     method: "DELETE",
     url: "/aws-auth/identities/:identityId",
     config: {
-      rateLimit: readLimit
+      rateLimit: writeLimit
     },
     onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
     schema: {

diff --git a/backend/src/server/routes/v1/identity-azure-auth-router.ts b/backend/src/server/routes/v1/identity-azure-auth-router.ts
@@ -265,7 +265,7 @@ export const registerIdentityAzureAuthRouter = async (server: FastifyZodProvider
     method: "DELETE",
     url: "/azure-auth/identities/:identityId",
     config: {
-      rateLimit: readLimit
+      rateLimit: writeLimit
     },
     onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
     schema: {

diff --git a/backend/src/server/routes/v1/identity-gcp-auth-router.ts b/backend/src/server/routes/v1/identity-gcp-auth-router.ts
@@ -271,7 +271,7 @@ export const registerIdentityGcpAuthRouter = async (server: FastifyZodProvider)
     method: "DELETE",
     url: "/gcp-auth/identities/:identityId",
     config: {
-      rateLimit: readLimit
+      rateLimit: writeLimit
     },
     onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
     schema: {

diff --git a/backend/src/server/routes/v1/identity-kubernetes-auth-router.ts b/backend/src/server/routes/v1/identity-kubernetes-auth-router.ts
@@ -286,7 +286,7 @@ export const registerIdentityKubernetesRouter = async (server: FastifyZodProvide
     method: "DELETE",
     url: "/kubernetes-auth/identities/:identityId",
     config: {
-      rateLimit: readLimit
+      rateLimit: writeLimit
     },
     onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
     schema: {

diff --git a/backend/src/server/routes/v1/identity-ua.ts → ...utes/v1/identity-universal-auth-router.ts b/backend/src/server/routes/v1/identity-ua.ts → ...utes/v1/identity-universal-auth-router.ts
@@ -299,7 +299,7 @@ export const registerIdentityUaRouter = async (server: FastifyZodProvider) => {
     method: "DELETE",
     url: "/universal-auth/identities/:identityId",
     config: {
-      rateLimit: readLimit
+      rateLimit: writeLimit
     },
     onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
     schema: {
@@ -450,7 +450,7 @@ export const registerIdentityUaRouter = async (server: FastifyZodProvider) => {
     method: "GET",
     url: "/universal-auth/identities/:identityId/client-secrets/:clientSecretId",
     config: {
-      rateLimit: writeLimit
+      rateLimit: readLimit
     },
     onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
     schema: {

diff --git a/backend/src/server/routes/v1/index.ts b/backend/src/server/routes/v1/index.ts
@@ -9,7 +9,7 @@ import { registerIdentityAzureAuthRouter } from "./identity-azure-auth-router";
 import { registerIdentityGcpAuthRouter } from "./identity-gcp-auth-router";
 import { registerIdentityKubernetesRouter } from "./identity-kubernetes-auth-router";
 import { registerIdentityRouter } from "./identity-router";
-import { registerIdentityUaRouter } from "./identity-ua";
+import { registerIdentityUaRouter } from "./identity-universal-auth-router";
 import { registerIntegrationAuthRouter } from "./integration-auth-router";
 import { registerIntegrationRouter } from "./integration-router";
 import { registerInviteOrgRouter } from "./invite-org-router";

diff --git a/backend/src/services/identity-aws-auth/identity-aws-auth-service.ts b/backend/src/services/identity-aws-auth/identity-aws-auth-service.ts
@@ -323,7 +323,7 @@ export const identityAwsAuthServiceFactory = ({
       actorAuthMethod,
       actorOrgId
     );
-    ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Create, OrgPermissionSubjects.Identity);
+    ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Edit, OrgPermissionSubjects.Identity);
 
     const { permission: rolePermission } = await permissionService.getOrgPermission(
       ActorType.IDENTITY,
@@ -339,9 +339,9 @@ export const identityAwsAuthServiceFactory = ({
       });
 
     const revokedIdentityAwsAuth = await identityAwsAuthDAL.transaction(async (tx) => {
-      const deletedUniversalAuth = await identityAwsAuthDAL.delete({ identityId }, tx);
+      const deletedAwsAuth = await identityAwsAuthDAL.delete({ identityId }, tx);
       await identityDAL.updateById(identityId, { authMethod: null }, tx);
-      return { ...deletedUniversalAuth?.[0], orgId: identityMembershipOrg.orgId };
+      return { ...deletedAwsAuth?.[0], orgId: identityMembershipOrg.orgId };
     });
     return revokedIdentityAwsAuth;
   };

diff --git a/backend/src/services/identity-azure-auth/identity-azure-auth-service.ts b/backend/src/services/identity-azure-auth/identity-azure-auth-service.ts
@@ -302,7 +302,7 @@ export const identityAzureAuthServiceFactory = ({
       actorAuthMethod,
       actorOrgId
     );
-    ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Create, OrgPermissionSubjects.Identity);
+    ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Edit, OrgPermissionSubjects.Identity);
 
     const { permission: rolePermission } = await permissionService.getOrgPermission(
       ActorType.IDENTITY,
@@ -318,9 +318,9 @@ export const identityAzureAuthServiceFactory = ({
       });
 
     const revokedIdentityAzureAuth = await identityAzureAuthDAL.transaction(async (tx) => {
-      const deletedUniversalAuth = await identityAzureAuthDAL.delete({ identityId }, tx);
+      const deletedAzureAuth = await identityAzureAuthDAL.delete({ identityId }, tx);
       await identityDAL.updateById(identityId, { authMethod: null }, tx);
-      return { ...deletedUniversalAuth?.[0], orgId: identityMembershipOrg.orgId };
+      return { ...deletedAzureAuth?.[0], orgId: identityMembershipOrg.orgId };
     });
     return revokedIdentityAzureAuth;
   };

diff --git a/backend/src/services/identity-gcp-auth/identity-gcp-auth-service.ts b/backend/src/services/identity-gcp-auth/identity-gcp-auth-service.ts
@@ -337,7 +337,7 @@ export const identityGcpAuthServiceFactory = ({
       actorAuthMethod,
       actorOrgId
     );
-    ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Create, OrgPermissionSubjects.Identity);
+    ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Edit, OrgPermissionSubjects.Identity);
 
     const { permission: rolePermission } = await permissionService.getOrgPermission(
       ActorType.IDENTITY,
@@ -353,9 +353,9 @@ export const identityGcpAuthServiceFactory = ({
       });
 
     const revokedIdentityGcpAuth = await identityGcpAuthDAL.transaction(async (tx) => {
-      const deletedUniversalAuth = await identityGcpAuthDAL.delete({ identityId }, tx);
+      const deletedGcpAuth = await identityGcpAuthDAL.delete({ identityId }, tx);
       await identityDAL.updateById(identityId, { authMethod: null }, tx);
-      return { ...deletedUniversalAuth?.[0], orgId: identityMembershipOrg.orgId };
+      return { ...deletedGcpAuth?.[0], orgId: identityMembershipOrg.orgId };
     });
     return revokedIdentityGcpAuth;
   };

diff --git a/backend/src/services/identity-kubernetes-auth/identity-kubernetes-auth-service.ts b/backend/src/services/identity-kubernetes-auth/identity-kubernetes-auth-service.ts
@@ -555,7 +555,7 @@ export const identityKubernetesAuthServiceFactory = ({
       actorAuthMethod,
       actorOrgId
     );
-    ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Create, OrgPermissionSubjects.Identity);
+    ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Edit, OrgPermissionSubjects.Identity);
 
     const { permission: rolePermission } = await permissionService.getOrgPermission(
       ActorType.IDENTITY,
@@ -571,9 +571,9 @@ export const identityKubernetesAuthServiceFactory = ({
       });
 
     const revokedIdentityKubernetesAuth = await identityKubernetesAuthDAL.transaction(async (tx) => {
-      const deletedUniversalAuth = await identityKubernetesAuthDAL.delete({ identityId }, tx);
+      const deletedKubernetesAuth = await identityKubernetesAuthDAL.delete({ identityId }, tx);
       await identityDAL.updateById(identityId, { authMethod: null }, tx);
-      return { ...deletedUniversalAuth?.[0], orgId: identityMembershipOrg.orgId };
+      return { ...deletedKubernetesAuth?.[0], orgId: identityMembershipOrg.orgId };
     });
     return revokedIdentityKubernetesAuth;
   };

diff --git a/backend/src/services/identity-ua/identity-ua-service.ts b/backend/src/services/identity-ua/identity-ua-service.ts
@@ -355,7 +355,7 @@ export const identityUaServiceFactory = ({
       actorAuthMethod,
       actorOrgId
     );
-    ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Create, OrgPermissionSubjects.Identity);
+    ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Edit, OrgPermissionSubjects.Identity);
 
     const { permission: rolePermission } = await permissionService.getOrgPermission(
       ActorType.IDENTITY,