From d2a9e1d1107ea05f13725e9528bc6ab1566c8efb Mon Sep 17 00:00:00 2001 From: Blake Matthes Date: Tue, 12 May 2026 12:02:59 -0500 Subject: [PATCH] fix(app): required auth was in wrong spot caused entire app to want you logged in --- backend/admin/admin.routes.ts | 10 ++++------ backend/app.ts | 3 ++- backend/gpSql/gpSql.routes.ts | 3 +-- backend/ocp/ocp.printer.listener.ts | 2 +- backend/ocp/ocp.printer.update.ts | 2 +- backend/ocp/ocp.routes.ts | 25 ++++++++----------------- backend/opendock/opendock.routes.ts | 18 +++++++----------- backend/prodSql/prodSql.routes.ts | 8 +++----- backend/prodSql/prodSqlRestart.route.ts | 2 +- backend/prodSql/prodSqlStart.route.ts | 2 +- backend/prodSql/prodSqlStop.route.ts | 2 +- backend/routeHandler.routes.ts | 2 +- 12 files changed, 31 insertions(+), 48 deletions(-) diff --git a/backend/admin/admin.routes.ts b/backend/admin/admin.routes.ts index 4b08e1f..8d1bac8 100644 --- a/backend/admin/admin.routes.ts +++ b/backend/admin/admin.routes.ts @@ -3,16 +3,14 @@ import { requireAuth } from "../middleware/auth.middleware.js"; import build from "./admin.build.js"; import update from "./admin.updateServer.js"; +import users from "./admin.users.js"; export const setupAdminRoutes = (baseUrl: string, app: Express) => { //stats will be like this as we dont need to change this - app.use(`${baseUrl}/api/admin/build`, requireAuth, build); - app.use( - `${baseUrl}/api/admin/build`, - requireAuth, - update, - ); + app.use(`${baseUrl}/api/admin/build`, requireAuth, build); + app.use(`${baseUrl}/api/admin/build`, requireAuth, update); + app.use(`${baseUrl}/api/admin/user`, requireAuth, users); // all other system should be under /api/system/* }; diff --git a/backend/app.ts b/backend/app.ts index c4c241d..f3b155f 100644 --- a/backend/app.ts +++ b/backend/app.ts @@ -34,7 +34,6 @@ const createApp = async () => { app.use(routeHitMiddleware); app.all(`${baseUrl}/api/auth/*splat`, toNodeHandler(auth)); app.use(express.json()); - setupRoutes(baseUrl, app); app.get(`${baseUrl}/api/lst-config.js`, (_, res) => { res.type("application/javascript"); @@ -52,6 +51,8 @@ const createApp = async () => { `); }); + setupRoutes(baseUrl, app); + app.use( `${baseUrl}/app`, express.static(join(__dirname, "../frontend/dist")), diff --git a/backend/gpSql/gpSql.routes.ts b/backend/gpSql/gpSql.routes.ts index bb69bde..ca4cd75 100644 --- a/backend/gpSql/gpSql.routes.ts +++ b/backend/gpSql/gpSql.routes.ts @@ -8,11 +8,10 @@ export const setupGPSqlRoutes = (baseUrl: string, app: Express) => { //setup all the routes // Apply auth to entire router const router = Router(); - router.use(requireAuth); router.use(start); router.use(stop); router.use(restart); - app.use(`${baseUrl}/api/system/gpSql`, router); + app.use(`${baseUrl}/api/system/gpSql`, requireAuth, router); }; diff --git a/backend/ocp/ocp.printer.listener.ts b/backend/ocp/ocp.printer.listener.ts index 88eb359..92fc74c 100644 --- a/backend/ocp/ocp.printer.listener.ts +++ b/backend/ocp/ocp.printer.listener.ts @@ -43,7 +43,7 @@ const parseZebraAlert = (body: any): PrinterEvent => { }; }; -r.post("/printer/listener/:printer", upload.any(), async (req, res) => { +r.post("/:printer", upload.any(), async (req, res) => { const { printer: printerName } = req.params; const event: PrinterEvent = parseZebraAlert(req.body); diff --git a/backend/ocp/ocp.printer.update.ts b/backend/ocp/ocp.printer.update.ts index 6469e64..e3bbbaf 100644 --- a/backend/ocp/ocp.printer.update.ts +++ b/backend/ocp/ocp.printer.update.ts @@ -21,7 +21,7 @@ import { printerSync } from "./ocp.printer.manage.js"; const r = Router(); -r.post("/printer/update", async (_, res) => { +r.post("/update", async (_, res) => { printerSync(); return apiReturn(res, { success: true, diff --git a/backend/ocp/ocp.routes.ts b/backend/ocp/ocp.routes.ts index 494ba3d..db6266d 100644 --- a/backend/ocp/ocp.routes.ts +++ b/backend/ocp/ocp.routes.ts @@ -1,4 +1,4 @@ -import { type Express, Router } from "express"; +import type { Express } from "express"; import { requireAuth } from "../middleware/auth.middleware.js"; import { featureCheck } from "../middleware/featureActive.middleware.js"; @@ -6,20 +6,11 @@ import listener from "./ocp.printer.listener.js"; import update from "./ocp.printer.update.js"; export const setupOCPRoutes = (baseUrl: string, app: Express) => { - //setup all the routes - const router = Router(); - - // is the feature even on? - router.use(featureCheck("ocp")); - - // non auth routes up here - router.use(listener); - - // auth routes below here - router.use(requireAuth); - - router.use(update); - //router.use(""); - - app.use(`${baseUrl}/api/ocp`, router); + app.use(`${baseUrl}/api/ocp/printer/listener`, featureCheck("ocp"), listener); + app.use( + `${baseUrl}/api/ocp/printer`, + featureCheck("ocp"), + requireAuth, + update, + ); }; diff --git a/backend/opendock/opendock.routes.ts b/backend/opendock/opendock.routes.ts index ccec156..0a9d39d 100644 --- a/backend/opendock/opendock.routes.ts +++ b/backend/opendock/opendock.routes.ts @@ -1,4 +1,4 @@ -import { type Express, Router } from "express"; +import type { Express } from "express"; import { requireAuth } from "../middleware/auth.middleware.js"; import { featureCheck } from "../middleware/featureActive.middleware.js"; @@ -6,15 +6,11 @@ import getApt from "./opendockGetRelease.route.js"; export const setupOpendockRoutes = (baseUrl: string, app: Express) => { //setup all the routes - // Apply auth to entire router - const router = Router(); - // is the feature even on? - router.use(featureCheck("opendock_sync")); - - // we need to make sure we are authenticated to see the releases - router.use(requireAuth); - - router.use(getApt); - app.use(`${baseUrl}/api/opendock`, router); + app.use( + `${baseUrl}/api/opendock`, + featureCheck("opendock_sync"), + requireAuth, + getApt, + ); }; diff --git a/backend/prodSql/prodSql.routes.ts b/backend/prodSql/prodSql.routes.ts index 45e5266..662ea71 100644 --- a/backend/prodSql/prodSql.routes.ts +++ b/backend/prodSql/prodSql.routes.ts @@ -10,9 +10,7 @@ export const setupProdSqlRoutes = (baseUrl: string, app: Express) => { const router = Router(); router.use(requireAuth); - router.use(start); - router.use(stop); - router.use(restart); - - app.use(`${baseUrl}/api/system/prodSql`, router); + app.use(`${baseUrl}/api/system/prodSql/start`, requireAuth, start); + app.use(`${baseUrl}/api/system/prodSql/stop`, requireAuth, stop); + app.use(`${baseUrl}/api/system/prodSql/restart`, requireAuth, restart); }; diff --git a/backend/prodSql/prodSqlRestart.route.ts b/backend/prodSql/prodSqlRestart.route.ts index 105812d..20bb175 100644 --- a/backend/prodSql/prodSqlRestart.route.ts +++ b/backend/prodSql/prodSqlRestart.route.ts @@ -4,7 +4,7 @@ import { closePool, connectProdSql } from "./prodSqlConnection.controller.js"; const r = Router(); -r.post("/restart", async (_, res) => { +r.post("/", async (_, res) => { await closePool(); await new Promise((r) => setTimeout(r, 2000)); diff --git a/backend/prodSql/prodSqlStart.route.ts b/backend/prodSql/prodSqlStart.route.ts index f35ec75..bff49b7 100644 --- a/backend/prodSql/prodSqlStart.route.ts +++ b/backend/prodSql/prodSqlStart.route.ts @@ -4,7 +4,7 @@ import { connectProdSql } from "./prodSqlConnection.controller.js"; const r = Router(); -r.post("/start", async (_, res) => { +r.post("/", async (_, res) => { const connect = await connectProdSql(); apiReturn(res, { success: connect.success, diff --git a/backend/prodSql/prodSqlStop.route.ts b/backend/prodSql/prodSqlStop.route.ts index c1f27b4..3435fa5 100644 --- a/backend/prodSql/prodSqlStop.route.ts +++ b/backend/prodSql/prodSqlStop.route.ts @@ -4,7 +4,7 @@ import { closePool } from "./prodSqlConnection.controller.js"; const r = Router(); -r.post("/stop", async (_, res) => { +r.post("/", async (_, res) => { const connect = await closePool(); apiReturn(res, { success: connect.success, diff --git a/backend/routeHandler.routes.ts b/backend/routeHandler.routes.ts index 4da1be9..382c5db 100644 --- a/backend/routeHandler.routes.ts +++ b/backend/routeHandler.routes.ts @@ -16,6 +16,7 @@ import { setupUtilsRoutes } from "./utils/utils.routes.js"; export const setupRoutes = (baseUrl: string, app: Express) => { //routes that are on by default + setupMobileRoutes(baseUrl, app); setupSystemRoutes(baseUrl, app); setupAdminRoutes(baseUrl, app); setupApiDocsRoutes(baseUrl, app); @@ -28,5 +29,4 @@ export const setupRoutes = (baseUrl: string, app: Express) => { setupNotificationRoutes(baseUrl, app); setupOCPRoutes(baseUrl, app); setupTCPRoutes(baseUrl, app); - setupMobileRoutes(baseUrl, app); };