feat(agent): v0.3.5 Windows inbound forwarding, UI actions, lifecycle
- Configure tailscale serve automatically for each instance on Windows userspace networking. - Add local UI buttons: start/stop/reset/delete instances (stop/start preserve volumes). - Clean shutdown: stop tailscaled and instances, notify server with instance_stopped. - Restart tailscaled on agent boot using persisted state when pre-auth key is absent. - Sync instance stopped/deleted status to dashboard (server/lib/websocket.ts). - Security: include prior authz/scoping changes across API routes, ephemeral pre-auth keys, ACL policy, internal API key. - Update SUIVI_VPN_ONDEMAND.md and docs/ONBOARDING_CLIENT.md. - Bump agent version to 0.3.5.
This commit is contained in:
@@ -0,0 +1,39 @@
|
||||
import { NextResponse } from "next/server";
|
||||
import { getServerSession } from "next-auth/next";
|
||||
import { authOptions } from "./auth-config";
|
||||
|
||||
export type ApiUser = {
|
||||
id: string;
|
||||
email: string;
|
||||
role: "superadmin" | "admin" | "teacher";
|
||||
establishmentId?: string;
|
||||
};
|
||||
|
||||
export async function requireAuth(): Promise<ApiUser | NextResponse> {
|
||||
const session = await getServerSession(authOptions);
|
||||
if (!session?.user) {
|
||||
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
||||
}
|
||||
return session.user as ApiUser;
|
||||
}
|
||||
|
||||
export function requireRole(user: ApiUser, ...allowed: string[]): NextResponse | null {
|
||||
if (!allowed.includes(user.role)) {
|
||||
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
export function forbidden(): NextResponse {
|
||||
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
|
||||
}
|
||||
|
||||
export function getScopedEstablishmentId(user: ApiUser, requested?: string | null): string | undefined | NextResponse {
|
||||
if (user.role === "superadmin") {
|
||||
return requested ?? undefined;
|
||||
}
|
||||
if (requested && requested !== user.establishmentId) {
|
||||
return forbidden();
|
||||
}
|
||||
return user.establishmentId;
|
||||
}
|
||||
Reference in New Issue
Block a user