-
-
Notifications
You must be signed in to change notification settings - Fork 116
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Co-authored-by: [email protected] <raj@raj-beast>
- Loading branch information
1 parent
69a832e
commit 19e6603
Showing
20 changed files
with
1,127 additions
and
106 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,165 @@ | ||
import { | ||
ApiKey, | ||
Environment, | ||
EventSeverity, | ||
EventTriggerer, | ||
EventType, | ||
EventSource, | ||
PrismaClient, | ||
Project, | ||
Secret, | ||
User, | ||
Workspace, | ||
WorkspaceMember, | ||
WorkspaceRole | ||
} from '@prisma/client' | ||
import { JsonObject } from '@prisma/client/runtime/library' | ||
|
||
export default async function createEvent( | ||
data: { | ||
triggerer?: EventTriggerer | ||
severity?: EventSeverity | ||
triggeredBy?: User | ||
entity?: | ||
| Workspace | ||
| Project | ||
| Environment | ||
| WorkspaceRole | ||
| WorkspaceMember | ||
| ApiKey | ||
| Secret | ||
type: EventType | ||
source: EventSource | ||
title: string | ||
description?: string | ||
metadata: JsonObject | ||
}, | ||
prisma: PrismaClient | ||
) { | ||
if (data.triggerer !== EventTriggerer.SYSTEM && !data.triggeredBy) { | ||
throw new Error('User must be provided for non-system events') | ||
} | ||
|
||
const baseData = { | ||
triggerer: data.triggerer ?? EventTriggerer.USER, | ||
severity: data.severity ?? EventSeverity.INFO, | ||
type: data.type, | ||
source: data.source, | ||
title: data.title, | ||
description: data.description, | ||
metadata: data.metadata, | ||
sourceUser: data.triggeredBy.id | ||
? { | ||
connect: { | ||
id: data.triggeredBy.id | ||
} | ||
} | ||
: undefined | ||
} | ||
|
||
try { | ||
switch (data.source) { | ||
case EventSource.WORKSPACE: { | ||
const entity = data.entity as Workspace | ||
await prisma.event.create({ | ||
data: { | ||
...baseData, | ||
sourceWorkspace: data.entity | ||
? { | ||
connect: { | ||
id: entity.id | ||
} | ||
} | ||
: undefined | ||
} | ||
}) | ||
break | ||
} | ||
case EventSource.PROJECT: { | ||
const entity = data.entity as Project | ||
await prisma.event.create({ | ||
data: { | ||
...baseData, | ||
sourceProject: data.entity | ||
? { connect: { id: entity.id } } | ||
: undefined | ||
} | ||
}) | ||
break | ||
} | ||
case EventSource.ENVIRONMENT: { | ||
const entity = data.entity as Environment | ||
await prisma.event.create({ | ||
data: { | ||
...baseData, | ||
sourceEnvironment: data.entity | ||
? { connect: { id: entity.id } } | ||
: undefined | ||
} | ||
}) | ||
break | ||
} | ||
case EventSource.WORKSPACE_ROLE: { | ||
const entity = data.entity as WorkspaceRole | ||
await prisma.event.create({ | ||
data: { | ||
...baseData, | ||
sourceWorkspaceRole: data.entity | ||
? { connect: { id: entity.id } } | ||
: undefined | ||
} | ||
}) | ||
break | ||
} | ||
case EventSource.WORKSPACE_MEMBER: { | ||
const entity = data.entity as WorkspaceMember | ||
await prisma.event.create({ | ||
data: { | ||
...baseData, | ||
sourceWorkspaceMembership: data.entity | ||
? { connect: { id: entity.id } } | ||
: undefined | ||
} | ||
}) | ||
break | ||
} | ||
case EventSource.API_KEY: { | ||
const entity = data.entity as ApiKey | ||
await prisma.event.create({ | ||
data: { | ||
...baseData, | ||
sourceApiKey: data.entity | ||
? { connect: { id: entity.id } } | ||
: undefined | ||
} | ||
}) | ||
break | ||
} | ||
case EventSource.SECRET: { | ||
const entity = data.entity as Secret | ||
await prisma.event.create({ | ||
data: { | ||
...baseData, | ||
sourceSecret: data.entity | ||
? { connect: { id: entity.id } } | ||
: undefined | ||
} | ||
}) | ||
break | ||
} | ||
case EventSource.USER: { | ||
await prisma.event.create({ | ||
data: { | ||
...baseData | ||
} | ||
}) | ||
break | ||
} | ||
default: { | ||
throw new Error('Invalid event source') | ||
} | ||
} | ||
} catch (error) { | ||
console.error('Error creating event', error) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
import { Authority, PrismaClient, Secret, User } from '@prisma/client' | ||
import { SecretWithProjectAndVersion } from '../secret/secret.types' | ||
import getCollectiveProjectAuthorities from './get-collective-project-authorities' | ||
import { ConflictException, NotFoundException } from '@nestjs/common' | ||
|
||
export default async function getSecretWithAuthority( | ||
userId: User['id'], | ||
secretId: Secret['id'], | ||
authority: Authority, | ||
prisma: PrismaClient | ||
): Promise<SecretWithProjectAndVersion> { | ||
// Fetch the secret | ||
const secret = await prisma.secret.findUnique({ | ||
where: { | ||
id: secretId | ||
}, | ||
include: { | ||
versions: true, | ||
project: { | ||
include: { | ||
workspace: { | ||
include: { | ||
members: true | ||
} | ||
} | ||
} | ||
} | ||
} | ||
}) | ||
|
||
if (!secret) { | ||
throw new NotFoundException(`Secret with id ${secretId} not found`) | ||
} | ||
|
||
// Check if the user has the project in their workspace role list | ||
const permittedAuthorities = await getCollectiveProjectAuthorities( | ||
userId, | ||
secret.project, | ||
prisma | ||
) | ||
|
||
// Check if the user has the required authorities | ||
if ( | ||
!permittedAuthorities.has(authority) && | ||
!permittedAuthorities.has(Authority.WORKSPACE_ADMIN) | ||
) { | ||
throw new ConflictException( | ||
`User ${userId} does not have the required authorities` | ||
) | ||
} | ||
|
||
// Remove the workspace from the secret | ||
secret.project.workspace = undefined | ||
|
||
return secret | ||
} |
Oops, something went wrong.