Merge pull request #192 from Infisical/cleaning

Remove accept statuses

backend/src/controllers/v1/keyController.ts

@@ -2,7 +2,6 @@ import { Request, Response } from 'express';
 import * as Sentry from '@sentry/node';
 import { Key } from '../../models';
 import { findMembership } from '../../helpers/membership';
-import { GRANTED } from '../../variables';
 
 /**
  * Add (encrypted) copy of workspace key for workspace with id [workspaceId] for user with
@@ -26,9 +25,6 @@ export const uploadKey = async (req: Request, res: Response) => {
 			throw new Error('Failed receiver membership validation for workspace');
 		}
 
-		receiverMembership.status = GRANTED;
-		await receiverMembership.save();
-
 		await new Key({
 			encryptedKey: key.encryptedKey,
 			nonce: key.nonce,

backend/src/controllers/v1/membershipController.ts

@@ -7,7 +7,7 @@ import {
 } from '../../helpers/membership';
 import { sendMail } from '../../helpers/nodemailer';
 import { SITE_URL } from '../../config';
-import { ADMIN, MEMBER, GRANTED, ACCEPTED } from '../../variables';
+import { ADMIN, MEMBER, ACCEPTED } from '../../variables';
 
 /**
  * Check that user is a member of workspace with id [workspaceId]
@@ -175,8 +175,7 @@ export const inviteUserToWorkspace = async (req: Request, res: Response) => {
 		// already a member of the workspace
 		const inviteeMembership = await Membership.findOne({
 			user: invitee._id,
-			workspace: workspaceId,
-			status: GRANTED
+			workspace: workspaceId
 		});
 
 		if (inviteeMembership)
@@ -205,8 +204,7 @@ export const inviteUserToWorkspace = async (req: Request, res: Response) => {
 		const m = await new Membership({
 			user: invitee._id,
 			workspace: workspaceId,
-			role: MEMBER,
-			status: GRANTED
+			role: MEMBER
 		}).save();
 
 		await sendMail({

backend/src/controllers/v1/workspaceController.ts

@@ -15,7 +15,7 @@ import {
 	deleteWorkspace as deleteWork
 } from '../../helpers/workspace';
 import { addMemberships } from '../../helpers/membership';
-import { ADMIN, COMPLETED, GRANTED } from '../../variables';
+import { ADMIN } from '../../variables';
 
 /**
  * Return public keys of members of workspace with id [workspaceId]
@@ -33,13 +33,12 @@ export const getWorkspacePublicKeys = async (req: Request, res: Response) => {
 				workspace: workspaceId
 			}).populate<{ user: IUser }>('user', 'publicKey')
 		)
-			.filter((m) => m.status === COMPLETED || m.status === GRANTED)
-			.map((member) => {
-				return {
-					publicKey: member.user.publicKey,
-					userId: member.user._id
-				};
-			});
+		.map((member) => {
+			return {
+				publicKey: member.user.publicKey,
+				userId: member.user._id
+			};
+		});
 	} catch (err) {
 		Sentry.setUser({ email: req.user.email });
 		Sentry.captureException(err);
@@ -169,8 +168,7 @@ export const createWorkspace = async (req: Request, res: Response) => {
 		await addMemberships({
 			userIds: [req.user._id],
 			workspaceId: workspace._id.toString(),
-			roles: [ADMIN],
-			statuses: [GRANTED]
+			roles: [ADMIN]
 		});
 	} catch (err) {
 		Sentry.setUser({ email: req.user.email });

backend/src/controllers/v2/workspaceController.ts

@@ -21,10 +21,9 @@ import {
 	reformatPullSecrets
 } from '../../helpers/secret';
 import { pushKeys } from '../../helpers/key';
-import { addMemberships } from '../../helpers/membership';
 import { postHogClient, EventService } from '../../services';
 import { eventPushSecrets } from '../../events';
-import { ADMIN, COMPLETED, GRANTED, ENV_SET } from '../../variables';
+import { ENV_SET } from '../../variables';
 
 interface V2PushSecret {
 	type: string; // personal or shared

backend/src/ee/routes/v1/secret.ts

@@ -5,18 +5,17 @@ import {
 	requireSecretAuth,
     validateRequest
 } from '../../../middleware';
-import { body, query, param } from 'express-validator';
+import { query, param } from 'express-validator';
 import { secretController } from '../../controllers/v1';
-import { ADMIN, MEMBER, COMPLETED, GRANTED } from '../../../variables';
+import { ADMIN, MEMBER } from '../../../variables';
 
 router.get(
 	'/:secretId/secret-versions',
 	requireAuth({
 		acceptedAuthModes: ['jwt']
 	}),
 	requireSecretAuth({
-		acceptedRoles: [ADMIN, MEMBER],
-		acceptedStatuses: [COMPLETED, GRANTED]
+		acceptedRoles: [ADMIN, MEMBER]
 	}),
 	param('secretId').exists().trim(),
 	query('offset').exists().isInt(),

backend/src/ee/routes/v1/workspace.ts

@@ -6,7 +6,7 @@ import {
 	validateRequest
 } from '../../../middleware';
 import { param, query } from 'express-validator';
-import { ADMIN, MEMBER, GRANTED } from '../../../variables';
+import { ADMIN, MEMBER } from '../../../variables';
 import { workspaceController } from '../../controllers/v1';
 
 router.get(
@@ -15,8 +15,7 @@ router.get(
 		acceptedAuthModes: ['jwt']
 	}),
 	requireWorkspaceAuth({
-		acceptedRoles: [ADMIN, MEMBER],
-		acceptedStatuses: [GRANTED]
+		acceptedRoles: [ADMIN, MEMBER]
 	}),
 	param('workspaceId').exists().trim(),
 	query('offset').exists().isInt(),

backend/src/helpers/membership.ts

@@ -3,7 +3,7 @@ import { Membership, Key } from '../models';
 
 /**
  * Validate that user with id [userId] is a member of workspace with id [workspaceId]
- * and has at least one of the roles in [acceptedRoles] and statuses in [acceptedStatuses]
+ * and has at least one of the roles in [acceptedRoles]
  * @param {Object} obj
  * @param {String} obj.userId - id of user to validate
  * @param {String} obj.workspaceId - id of workspace
@@ -12,12 +12,10 @@ const validateMembership = async ({
 	userId,
 	workspaceId,
 	acceptedRoles,
-	acceptedStatuses
 }: {
 	userId: string;
 	workspaceId: string;
 	acceptedRoles: string[];
-	acceptedStatuses: string[];
 }) => {
 
 	let membership;
@@ -33,11 +31,6 @@ const validateMembership = async ({
 		if (!acceptedRoles.includes(membership.role)) {
 			throw new Error('Failed to validate membership role');
 		}
-
-		if (!acceptedStatuses.includes(membership.status)) {
-			throw new Error('Failed to validate membership status');
-		}
-
 	} catch (err) {
 		Sentry.setUser(null);
 		Sentry.captureException(err);
@@ -72,18 +65,15 @@ const findMembership = async (queryObj: any) => {
  * @param {String[]} obj.userIds - id of users.
  * @param {String} obj.workspaceId - id of workspace.
  * @param {String[]} obj.roles - roles of users.
- * @param {String[]} obj.statuses - statuses of users.
  */
 const addMemberships = async ({
 	userIds,
 	workspaceId,
-	roles,
-	statuses
+	roles
 }: {
 	userIds: string[];
 	workspaceId: string;
 	roles: string[];
-	statuses: string[];
 }): Promise<void> => {
 	try {
 		const operations = userIds.map((userId, idx) => {
@@ -92,14 +82,12 @@ const addMemberships = async ({
 					filter: {
 						user: userId,
 						workspace: workspaceId,
-						role: roles[idx],
-						status: statuses[idx]
+						role: roles[idx]
 					},
 					update: {
 						user: userId,
 						workspace: workspaceId,
-						role: roles[idx],
-						status: statuses[idx]
+						role: roles[idx]
 					},
 					upsert: true
 				}

backend/src/helpers/rateLimiter.ts

@@ -3,7 +3,7 @@ import rateLimit from 'express-rate-limit';
 // 300 requests per 15 minutes
 const apiLimiter = rateLimit({
   windowMs: 15 * 60 * 1000,
-  max: 400,
+  max: 450,
   standardHeaders: true,
   legacyHeaders: false,
   skip: (request) => request.path === '/healthcheck'
@@ -20,7 +20,7 @@ const signupLimiter = rateLimit({
 // 10 requests per hour
 const loginLimiter = rateLimit({
   windowMs: 60 * 60 * 1000,
-  max: 20,
+  max: 25,
   standardHeaders: true,
   legacyHeaders: false
 });

backend/src/helpers/signup.ts

@@ -5,7 +5,7 @@ import { createOrganization } from './organization';
 import { addMembershipsOrg } from './membershipOrg';
 import { createWorkspace } from './workspace';
 import { addMemberships } from './membership';
-import { OWNER, ADMIN, ACCEPTED, GRANTED } from '../variables';
+import { OWNER, ADMIN, ACCEPTED } from '../variables';
 import { sendMail } from '../helpers/nodemailer';
 
 /**
@@ -113,8 +113,7 @@ const initializeDefaultOrg = async ({
 		await addMemberships({
 			userIds: [user._id.toString()],
 			workspaceId: workspace._id.toString(),
-			roles: [ADMIN],
-			statuses: [GRANTED]
+			roles: [ADMIN]
 		});
 	} catch (err) {
 		throw new Error('Failed to initialize default organization and workspace');

backend/src/middleware/requireBotAuth.ts

@@ -7,11 +7,9 @@ type req = 'params' | 'body' | 'query';
 
 const requireBotAuth = ({
     acceptedRoles,
-    acceptedStatuses,
     location = 'params'
 }: {
     acceptedRoles: string[];
-    acceptedStatuses: string[];
     location?: req;
 }) => {
     return async (req: Request, res: Response, next: NextFunction) => {
@@ -24,8 +22,7 @@ const requireBotAuth = ({
         await validateMembership({
             userId: req.user._id.toString(),
             workspaceId: bot.workspace.toString(),
-            acceptedRoles,
-            acceptedStatuses
+            acceptedRoles
         });
 
         req.bot = bot;

backend/src/middleware/requireIntegrationAuth.ts

@@ -9,14 +9,11 @@ import { IntegrationNotFoundError, UnauthorizedRequestError } from '../utils/err
  * with the integration on request params.
  * @param {Object} obj
  * @param {String[]} obj.acceptedRoles - accepted workspace roles
- * @param {String[]} obj.acceptedStatuses - accepted workspace statuses
  */
 const requireIntegrationAuth = ({
-	acceptedRoles,
-	acceptedStatuses
+	acceptedRoles
 }: {
 	acceptedRoles: string[];
-	acceptedStatuses: string[];
 }) => {
 	return async (req: Request, res: Response, next: NextFunction) => {
 		// integration authorization middleware
@@ -35,8 +32,7 @@ const requireIntegrationAuth = ({
 		await validateMembership({
 			userId: req.user._id.toString(),
 			workspaceId: integration.workspace.toString(),
-			acceptedRoles,
-			acceptedStatuses
+			acceptedRoles
 		});
 
 		const integrationAuth = await IntegrationAuth.findOne({

backend/src/middleware/requireIntegrationAuthorizationAuth.ts

@@ -10,16 +10,13 @@ import { UnauthorizedRequestError } from '../utils/errors';
  * with the integration authorization on request params.
  * @param {Object} obj
  * @param {String[]} obj.acceptedRoles - accepted workspace roles
- * @param {String[]} obj.acceptedStatuses - accepted workspace statuses
  * @param {Boolean} obj.attachAccessToken - whether or not to decrypt and attach integration authorization access token onto request
  */
 const requireIntegrationAuthorizationAuth = ({
 	acceptedRoles,
-	acceptedStatuses,
 	attachAccessToken = true
 }: {
 	acceptedRoles: string[];
-	acceptedStatuses: string[];
 	attachAccessToken?: boolean;
 }) => {
 	return async (req: Request, res: Response, next: NextFunction) => {
@@ -38,8 +35,7 @@ const requireIntegrationAuthorizationAuth = ({
 		await validateMembership({
 			userId: req.user._id.toString(),
 			workspaceId: integrationAuth.workspace.toString(),
-			acceptedRoles,
-			acceptedStatuses
+			acceptedRoles
 		});
 
 		req.integrationAuth = integrationAuth;

backend/src/middleware/requireSecretAuth.ts

@@ -9,15 +9,12 @@ import {
  * Validate if user on request has proper membership to modify secret.
  * @param {Object} obj
  * @param {String[]} obj.acceptedRoles - accepted workspace roles
- * @param {String[]} obj.acceptedStatuses - accepted workspace statuses
  * @param {String[]} obj.location - location of [workspaceId] on request (e.g. params, body) for parsing
  */
 const requireSecretAuth = ({
-    acceptedRoles,
-    acceptedStatuses
+    acceptedRoles
 }: {
     acceptedRoles: string[];
-    acceptedStatuses: string[];
 }) => {
     return async (req: Request, res: Response, next: NextFunction) => {
         try {
@@ -34,8 +31,7 @@ const requireSecretAuth = ({
             await validateMembership({
                 userId: req.user._id.toString(),
                 workspaceId: secret.workspace.toString(),
-                acceptedRoles,
-                acceptedStatuses
+                acceptedRoles
             });
 
             req.secret = secret as any;

backend/src/middleware/requireServiceTokenDataAuth.ts

@@ -7,11 +7,9 @@ type req = 'params' | 'body' | 'query';
 
 const requireServiceTokenDataAuth = ({
     acceptedRoles,
-    acceptedStatuses,
     location = 'params'
 }: {
     acceptedRoles: string[];
-    acceptedStatuses: string[];
     location?: req;
 }) => {
     return async (req: Request, res: Response, next: NextFunction) => {
@@ -30,8 +28,7 @@ const requireServiceTokenDataAuth = ({
             await validateMembership({
                 userId: req.user._id.toString(),
                 workspaceId: serviceTokenData.workspace.toString(),
-                acceptedRoles,
-                acceptedStatuses
+                acceptedRoles
             });
         }
 

backend/src/middleware/requireWorkspaceAuth.ts

@@ -9,16 +9,13 @@ type req = 'params' | 'body' | 'query';
  * on request params.
  * @param {Object} obj
  * @param {String[]} obj.acceptedRoles - accepted workspace roles for JWT auth
- * @param {String[]} obj.acceptedStatuses - accepted workspace statuses for JWT auth
  * @param {String[]} obj.location - location of [workspaceId] on request (e.g. params, body) for parsing
  */
 const requireWorkspaceAuth = ({
 	acceptedRoles,
-	acceptedStatuses,
 	location = 'params'
 }: {
 	acceptedRoles: string[];
-	acceptedStatuses: string[];
 	location?: req;
 }) => {
 	return async (req: Request, res: Response, next: NextFunction) => {
@@ -30,8 +27,7 @@ const requireWorkspaceAuth = ({
 				const membership = await validateMembership({
 					userId: req.user._id.toString(),
 					workspaceId,
-					acceptedRoles,
-					acceptedStatuses
+					acceptedRoles
 				});
 
 				req.membership = membership;