diff --git a/meet-ce/backend/src/routes/meeting.routes.ts b/meet-ce/backend/src/routes/meeting.routes.ts index 054e3e11..1a9731ea 100644 --- a/meet-ce/backend/src/routes/meeting.routes.ts +++ b/meet-ce/backend/src/routes/meeting.routes.ts @@ -2,7 +2,7 @@ import bodyParser from 'body-parser'; import { Router } from 'express'; import * as meetingCtrl from '../controllers/meeting.controller.js'; import { roomMemberTokenValidator, withAuth } from '../middlewares/auth.middleware.js'; -import { withModeratorPermissions } from '../middlewares/participant.middleware.js'; +import { withModeratorPermissions } from '../middlewares/room-member.middleware.js'; import { validateUpdateParticipantRoleReq } from '../middlewares/request-validators/meeting-validator.middleware.js'; import { withValidRoomId } from '../middlewares/request-validators/room-validator.middleware.js'; diff --git a/meet-ce/backend/src/routes/recording.routes.ts b/meet-ce/backend/src/routes/recording.routes.ts index 5abcf3e9..b38c1ab2 100644 --- a/meet-ce/backend/src/routes/recording.routes.ts +++ b/meet-ce/backend/src/routes/recording.routes.ts @@ -32,21 +32,33 @@ recordingRouter.use(bodyParser.json()); // Recording Routes recordingRouter.get( '/', - withAuth(apiKeyValidator, tokenAndRoleValidator(MeetUserRole.ADMIN), roomMemberTokenValidator), + withAuth( + apiKeyValidator, + tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER, MeetUserRole.ROOM_MEMBER), + roomMemberTokenValidator + ), withCanRetrieveRecordingsPermission, validateGetRecordingsReq, recordingCtrl.getRecordings ); recordingRouter.delete( '/', - withAuth(apiKeyValidator, tokenAndRoleValidator(MeetUserRole.ADMIN), roomMemberTokenValidator), + withAuth( + apiKeyValidator, + tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER, MeetUserRole.ROOM_MEMBER), + roomMemberTokenValidator + ), validateBulkDeleteRecordingsReq, withCanDeleteRecordingsPermission, recordingCtrl.bulkDeleteRecordings ); recordingRouter.get( '/download', - withAuth(apiKeyValidator, tokenAndRoleValidator(MeetUserRole.ADMIN), roomMemberTokenValidator), + withAuth( + apiKeyValidator, + tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER, MeetUserRole.ROOM_MEMBER), + roomMemberTokenValidator + ), validateBulkDeleteRecordingsReq, withCanRetrieveRecordingsPermission, recordingCtrl.downloadRecordingsZip @@ -60,7 +72,11 @@ recordingRouter.get( ); recordingRouter.delete( '/:recordingId', - withAuth(apiKeyValidator, tokenAndRoleValidator(MeetUserRole.ADMIN), roomMemberTokenValidator), + withAuth( + apiKeyValidator, + tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER, MeetUserRole.ROOM_MEMBER), + roomMemberTokenValidator + ), withValidRecordingId, withCanDeleteRecordingsPermission, recordingCtrl.deleteRecording @@ -74,7 +90,11 @@ recordingRouter.get( ); recordingRouter.get( '/:recordingId/url', - withAuth(apiKeyValidator, tokenAndRoleValidator(MeetUserRole.ADMIN), roomMemberTokenValidator), + withAuth( + apiKeyValidator, + tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER, MeetUserRole.ROOM_MEMBER), + roomMemberTokenValidator + ), validateGetRecordingUrlReq, withCanRetrieveRecordingsPermission, recordingCtrl.getRecordingUrl diff --git a/meet-ce/backend/src/routes/room.routes.ts b/meet-ce/backend/src/routes/room.routes.ts index 76e61f4e..3167a631 100644 --- a/meet-ce/backend/src/routes/room.routes.ts +++ b/meet-ce/backend/src/routes/room.routes.ts @@ -1,22 +1,30 @@ import { MeetUserRole } from '@openvidu-meet/typings'; import bodyParser from 'body-parser'; import { Router } from 'express'; +import * as roomMemberCtrl from '../controllers/room-member.controller.js'; import * as roomCtrl from '../controllers/room.controller.js'; import { - allowAnonymous, apiKeyValidator, roomMemberTokenValidator, tokenAndRoleValidator, withAuth } from '../middlewares/auth.middleware.js'; -import { configureRoomMemberTokenAuth } from '../middlewares/participant.middleware.js'; +import { configureRoomMemberTokenAuth } from '../middlewares/room-member.middleware.js'; +import { + validateBulkDeleteRoomMembersReq, + validateCreateRoomMemberReq, + validateCreateRoomMemberTokenReq, + validateGetRoomMembersReq, + validateUpdateRoomMemberReq +} from '../middlewares/request-validators/room-member-validator.middleware.js'; import { validateBulkDeleteRoomsReq, - validateCreateRoomMemberTokenReq, validateCreateRoomReq, validateDeleteRoomReq, validateGetRoomsReq, + validateUpdateRoomAnonymousReq, validateUpdateRoomConfigReq, + validateUpdateRoomRolesReq, validateUpdateRoomStatusReq, withValidRoomId } from '../middlewares/request-validators/room-validator.middleware.js'; @@ -29,47 +37,55 @@ roomRouter.use(bodyParser.json()); // Room Routes roomRouter.post( '/', - withAuth(apiKeyValidator, tokenAndRoleValidator(MeetUserRole.ADMIN)), + withAuth(apiKeyValidator, tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER)), validateCreateRoomReq, roomCtrl.createRoom ); roomRouter.get( '/', - withAuth(apiKeyValidator, tokenAndRoleValidator(MeetUserRole.ADMIN)), + withAuth(apiKeyValidator, tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER, MeetUserRole.ROOM_MEMBER)), validateGetRoomsReq, roomCtrl.getRooms ); roomRouter.delete( '/', - withAuth(apiKeyValidator, tokenAndRoleValidator(MeetUserRole.ADMIN)), + withAuth(apiKeyValidator, tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER)), validateBulkDeleteRoomsReq, roomCtrl.bulkDeleteRooms ); roomRouter.get( '/:roomId', - withAuth(apiKeyValidator, tokenAndRoleValidator(MeetUserRole.ADMIN), roomMemberTokenValidator), + withAuth( + apiKeyValidator, + tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER, MeetUserRole.ROOM_MEMBER), + roomMemberTokenValidator + ), withValidRoomId, configureRoomAuthorization, roomCtrl.getRoom ); roomRouter.delete( '/:roomId', - withAuth(apiKeyValidator, tokenAndRoleValidator(MeetUserRole.ADMIN)), + withAuth(apiKeyValidator, tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER)), validateDeleteRoomReq, roomCtrl.deleteRoom ); roomRouter.get( '/:roomId/config', - withAuth(apiKeyValidator, tokenAndRoleValidator(MeetUserRole.ADMIN), roomMemberTokenValidator), + withAuth( + apiKeyValidator, + tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER, MeetUserRole.ROOM_MEMBER), + roomMemberTokenValidator + ), withValidRoomId, configureRoomAuthorization, roomCtrl.getRoomConfig ); roomRouter.put( '/:roomId/config', - withAuth(apiKeyValidator, tokenAndRoleValidator(MeetUserRole.ADMIN)), + withAuth(apiKeyValidator, tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER)), withValidRoomId, validateUpdateRoomConfigReq, roomCtrl.updateRoomConfig @@ -77,11 +93,72 @@ roomRouter.put( roomRouter.put( '/:roomId/status', - withAuth(apiKeyValidator, tokenAndRoleValidator(MeetUserRole.ADMIN)), + withAuth(apiKeyValidator, tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER)), withValidRoomId, validateUpdateRoomStatusReq, roomCtrl.updateRoomStatus ); +roomRouter.put( + '/:roomId/roles', + withAuth(apiKeyValidator, tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER)), + withValidRoomId, + validateUpdateRoomRolesReq, + roomCtrl.updateRoomRoles +); +roomRouter.put( + '/:roomId/anonymous', + withAuth(apiKeyValidator, tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER)), + withValidRoomId, + validateUpdateRoomAnonymousReq, + roomCtrl.updateRoomAnonymous +); + +// Room Member Routes +roomRouter.post( + '/:roomId/members', + withAuth(apiKeyValidator, tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER)), + withValidRoomId, + validateCreateRoomMemberReq, + roomMemberCtrl.createRoomMember +); +roomRouter.get( + '/:roomId/members', + withAuth(apiKeyValidator, tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER), roomMemberTokenValidator), + withValidRoomId, + validateGetRoomMembersReq, + roomMemberCtrl.getRoomMembers +); +roomRouter.delete( + '/:roomId/members', + withAuth(apiKeyValidator, tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER)), + withValidRoomId, + validateBulkDeleteRoomMembersReq, + roomMemberCtrl.bulkDeleteRoomMembers +); + +roomRouter.get( + '/:roomId/members/:memberId', + withAuth( + apiKeyValidator, + tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER, MeetUserRole.ROOM_MEMBER), + roomMemberTokenValidator + ), + withValidRoomId, + roomMemberCtrl.getRoomMemberTokenInfo +); +roomRouter.put( + '/:roomId/members/:memberId', + withAuth(apiKeyValidator, tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER)), + withValidRoomId, + validateUpdateRoomMemberReq, + roomMemberCtrl.updateRoomMember +); +roomRouter.delete( + '/:roomId/members/:memberId', + withAuth(apiKeyValidator, tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER)), + withValidRoomId, + roomMemberCtrl.deleteRoomMember +); // Internal room routes export const internalRoomRouter: Router = Router(); @@ -89,21 +166,9 @@ internalRoomRouter.use(bodyParser.urlencoded({ extended: true })); internalRoomRouter.use(bodyParser.json()); internalRoomRouter.post( - '/:roomId/token', + '/:roomId/members/token', withValidRoomId, validateCreateRoomMemberTokenReq, configureRoomMemberTokenAuth, - roomCtrl.generateRoomMemberToken -); -internalRoomRouter.get( - '/:roomId/roles', - withAuth(allowAnonymous), - withValidRoomId, - roomCtrl.getRoomMemberRolesAndPermissions -); -internalRoomRouter.get( - '/:roomId/roles/:secret', - withAuth(allowAnonymous), - withValidRoomId, - roomCtrl.getRoomMemberRoleAndPermissions + roomMemberCtrl.generateRoomMemberToken ); diff --git a/meet-ce/backend/src/routes/user.routes.ts b/meet-ce/backend/src/routes/user.routes.ts index 3b15a90f..1ed74a4d 100644 --- a/meet-ce/backend/src/routes/user.routes.ts +++ b/meet-ce/backend/src/routes/user.routes.ts @@ -3,17 +3,43 @@ import bodyParser from 'body-parser'; import { Router } from 'express'; import * as userCtrl from '../controllers/user.controller.js'; import { tokenAndRoleValidator, withAuth } from '../middlewares/auth.middleware.js'; -import { validateChangePasswordReq } from '../middlewares/request-validators/user-validator.middleware.js'; +import { + validateBulkDeleteUsersReq, + validateChangePasswordReq, + validateCreateUserReq, + validateGetUsersReq +} from '../middlewares/request-validators/user-validator.middleware.js'; export const userRouter: Router = Router(); userRouter.use(bodyParser.urlencoded({ extended: true })); userRouter.use(bodyParser.json()); // Users Routes -userRouter.get('/profile', withAuth(tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER)), userCtrl.getProfile); +userRouter.post('/', withAuth(tokenAndRoleValidator(MeetUserRole.ADMIN)), validateCreateUserReq, userCtrl.createUser); +userRouter.get( + '/', + withAuth(tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER)), + validateGetUsersReq, + userCtrl.getUsers +); +userRouter.delete( + '/', + withAuth(tokenAndRoleValidator(MeetUserRole.ADMIN)), + validateBulkDeleteUsersReq, + userCtrl.bulkDeleteUser +); + +userRouter.get( + '/me', + withAuth(tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER, MeetUserRole.ROOM_MEMBER)), + userCtrl.getProfile +); userRouter.post( '/change-password', - withAuth(tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER)), + withAuth(tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER, MeetUserRole.ROOM_MEMBER)), validateChangePasswordReq, userCtrl.changePassword ); + +userRouter.get('/:userId', withAuth(tokenAndRoleValidator(MeetUserRole.ADMIN, MeetUserRole.USER)), userCtrl.getUser); +userRouter.delete('/:userId', withAuth(tokenAndRoleValidator(MeetUserRole.ADMIN)), userCtrl.deleteUser);