diff options
Diffstat (limited to 'packages/api')
| -rw-r--r-- | packages/api/index.ts | 2 | ||||
| -rw-r--r-- | packages/api/middlewares/auth.ts | 22 | ||||
| -rw-r--r-- | packages/api/routes/admin.ts | 24 |
3 files changed, 48 insertions, 0 deletions
diff --git a/packages/api/index.ts b/packages/api/index.ts index 82beca53..39075548 100644 --- a/packages/api/index.ts +++ b/packages/api/index.ts @@ -6,6 +6,7 @@ import { poweredBy } from "hono/powered-by"; import { Context } from "@karakeep/trpc"; import trpcAdapter from "./middlewares/trpcAdapter"; +import admin from "./routes/admin"; import assets from "./routes/assets"; import bookmarks from "./routes/bookmarks"; import health from "./routes/health"; @@ -58,6 +59,7 @@ const app = new Hono<{ .route("/health", health) .route("/trpc", trpc) .route("/v1", v1) + .route("/admin", admin) .route("/assets", assets) .route("/public", publicRoute) .route("/metrics", metrics); diff --git a/packages/api/middlewares/auth.ts b/packages/api/middlewares/auth.ts index 42bca6c8..92f591ad 100644 --- a/packages/api/middlewares/auth.ts +++ b/packages/api/middlewares/auth.ts @@ -35,3 +35,25 @@ export const authMiddleware = createMiddleware<{ c.set("api", createCaller(c.get("ctx"))); await next(); }); + +export const adminAuthMiddleware = createMiddleware<{ + Variables: { + ctx: AuthedContext; + api: ReturnType<typeof createCaller>; + }; +}>(async (c, next) => { + if (!c.var.ctx || !c.var.ctx.user || c.var.ctx.user === null) { + throw new HTTPException(401, { + message: "Unauthorized", + }); + } + + if (c.var.ctx.user.role !== "admin") { + throw new HTTPException(403, { + message: "Forbidden - Admin access required", + }); + } + + c.set("api", createCaller(c.get("ctx"))); + await next(); +}); diff --git a/packages/api/routes/admin.ts b/packages/api/routes/admin.ts new file mode 100644 index 00000000..4b5438d6 --- /dev/null +++ b/packages/api/routes/admin.ts @@ -0,0 +1,24 @@ +import { zValidator } from "@hono/zod-validator"; +import { Hono } from "hono"; + +import { updateUserSchema } from "@karakeep/shared/types/admin"; + +import { adminAuthMiddleware } from "../middlewares/auth"; + +const app = new Hono() + .use(adminAuthMiddleware) + + // PUT /admin/users/:userId + .put("/users/:userId", zValidator("json", updateUserSchema), async (c) => { + const userId = c.req.param("userId"); + const body = c.req.valid("json"); + + // Ensure the userId from the URL matches the one in the body + const input = { ...body, userId }; + + await c.var.api.admin.updateUser(input); + + return c.json({ success: true }, 200); + }); + +export default app; |