fix: Fix endpoints auth (#214)

Co-authored-by: Seam Bot <devops@getseam.com>

src/lib/database/schema.ts

@@ -102,6 +102,7 @@ export interface DatabaseMethods {
     email: string
     short_token: string
     long_token_hash: string
+    user_id?: string
     created_at?: string
   }) => AccessToken
   addClientSession: (params: {

src/lib/database/seed.ts

@@ -23,7 +23,7 @@ export interface Seed {
   john_user_id: "john_user_id"
   john_user_key: "john_user_key"
   visionline_acs_system_1: "visionline_acs_system_1"
-  seam_at1_token: "seam_at1_shorttoken_longtoken"
+  seam_at1_token: "seam_at1_longtoken"
 }
 
 export const seed: Seed = {
@@ -42,7 +42,7 @@ export const seed: Seed = {
   seam_apikey2_token: "seam_apikey2_token",
   seam_cst1_token: "seam_cst1_token",
   seam_pk1_token: "seam_pk1_token",
-  seam_at1_token: "seam_at1_shorttoken_longtoken",
+  seam_at1_token: "seam_at1_longtoken",
   john_user_identifier_key: "john_user_identifier_key",
   john_user_identity_id: "john_user_identity_id",
   john_user_id: "john_user_id",
@@ -261,11 +261,12 @@ export const seedDatabase = (db: Database): Seed => {
     connected_account_ids: [seed.john_connected_account_id],
   })
 
-  const [, , short_token = "", long_token = ""] = seed.seam_at1_token.split("_")
+  const [, short_token = "", long_token = ""] = seed.seam_at1_token.split("_")
   const long_token_hash = hashLongToken(long_token)
   db.addAccessToken({
     access_token_name: "Seeded Fake Access Token",
     email: "john@example.com",
+    user_id: seed.john_user_id,
     long_token_hash,
     short_token,
   })

src/lib/database/store.ts

@@ -267,7 +267,7 @@ const initializer = immer<Database>((set, get) => ({
     const new_access_token: AccessToken = {
       access_token_id,
       email: params.email,
-      user_id,
+      user_id: params.user_id ?? user_id,
       access_token_name: params.access_token_name,
       long_token_hash: params.long_token_hash,
       short_token: params.short_token,

src/lib/middleware/with-access-token.ts

@@ -22,14 +22,12 @@ export const withAccessToken =
     is_workspace_id_required: RequiresWorkspaceId
   }): Middleware<
     {
-      auth: {
-        type: RequiresWorkspaceId extends true
-          ? Extract<AuthenticatedRequest["auth"], { type: "access_token" }>
-          : Extract<
-              AuthenticatedRequest["auth"],
-              { type: "access_token_without_workspace" }
-            >
-      }
+      auth: RequiresWorkspaceId extends true
+        ? Extract<AuthenticatedRequest["auth"], { type: "access_token" }>
+        : Extract<
+            AuthenticatedRequest["auth"],
+            { type: "access_token_without_workspace" }
+          >
     },
     {
       db: Database

src/lib/middleware/with-route-spec.ts

@@ -6,7 +6,6 @@ import { withApiKey } from "./with-api-key.ts"
 import { withBaseUrl } from "./with-base-url.ts"
 import { withClientSession } from "./with-client-session.ts"
 import { withCors } from "./with-cors.ts"
-import { withClientSessionOrApiKeyOrPublishableKey } from "./with-cst-or-api-key-or-publishable-key.ts"
 import { withDb } from "./with-db.ts"
 import { withRequestId } from "./with-request-id.ts"
 import { withSessionAuth } from "./with-session-auth.ts"
@@ -53,7 +52,5 @@ export const withRouteSpec = createWithRouteSpec({
     console_session: withSessionAuth({ is_workspace_id_required: true }),
     api_key: withApiKey,
     client_session: withClientSession,
-    cst_ak_pk: withClientSessionOrApiKeyOrPublishableKey,
-    // only for get_or_create and create client session token
   },
 } as const)

src/pages/api/access_codes/create.ts

@@ -19,7 +19,7 @@ export const json_body = z.object({
 })
 
 export default withRouteSpec({
-  auth: "cst_ak_pk",
+  auth: ["client_session", "pat_with_workspace", "console_session", "api_key"],
   methods: ["POST"],
   jsonBody: json_body
     .refine((value) => {

src/pages/api/access_codes/create_multiple.ts

@@ -23,7 +23,7 @@ const json_body = z
   )
 
 export default withRouteSpec({
-  auth: "cst_ak_pk",
+  auth: ["client_session", "pat_with_workspace", "console_session", "api_key"],
   methods: ["POST"],
   jsonBody: json_body,
   jsonResponse: z.object({

src/pages/api/access_codes/delete.ts

@@ -11,7 +11,7 @@ const json_body = z.object({
 })
 
 export default withRouteSpec({
-  auth: "cst_ak_pk",
+  auth: ["client_session", "pat_with_workspace", "console_session", "api_key"],
   methods: ["POST", "DELETE"],
   jsonBody: json_body,
   jsonResponse: z.object({

src/pages/api/access_codes/generate_code.ts

@@ -5,7 +5,7 @@ import { z } from "zod"
 import { withRouteSpec } from "lib/middleware/with-route-spec.ts"
 
 export default withRouteSpec({
-  auth: "cst_ak_pk",
+  auth: ["client_session", "pat_with_workspace", "console_session", "api_key"],
   methods: ["GET", "POST"],
   commonParams: z.object({
     device_id: z.string(),

src/pages/api/access_codes/get.ts

@@ -41,7 +41,7 @@ export const commonParams = z
   })
 
 export default withRouteSpec({
-  auth: "cst_ak_pk",
+  auth: ["client_session", "pat_with_workspace", "console_session", "api_key"],
   methods: ["GET", "POST"],
   commonParams,
   jsonResponse: z.object({

src/pages/api/access_codes/list.ts

@@ -5,7 +5,7 @@ import { access_code } from "lib/zod/index.ts"
 import { withRouteSpec } from "lib/middleware/with-route-spec.ts"
 
 export default withRouteSpec({
-  auth: "cst_ak_pk",
+  auth: ["client_session", "pat_with_workspace", "console_session", "api_key"],
   methods: ["GET", "POST"],
   commonParams: z
     .object({

src/pages/api/access_codes/pull_backup_access_code.ts

@@ -6,7 +6,7 @@ import { access_code } from "lib/zod/index.ts"
 import { withRouteSpec } from "lib/middleware/with-route-spec.ts"
 
 export default withRouteSpec({
-  auth: "cst_ak_pk",
+  auth: ["client_session", "pat_with_workspace", "console_session", "api_key"],
   methods: ["POST"],
   jsonBody: z.object({
     access_code_id: z.string(),

src/pages/api/access_codes/simulate/create_unmanaged_access_code.ts

@@ -6,7 +6,7 @@ import { access_code } from "lib/zod/index.ts"
 import { withRouteSpec } from "lib/middleware/with-route-spec.ts"
 
 export default withRouteSpec({
-  auth: "cst_ak_pk",
+  auth: ["client_session", "pat_with_workspace", "console_session", "api_key"],
   methods: ["POST"],
   jsonBody: z.object({
     device_id: z.string(),

src/pages/api/access_codes/unmanaged/list.ts

@@ -5,7 +5,7 @@ import { access_code } from "lib/zod/index.ts"
 import { withRouteSpec } from "lib/middleware/with-route-spec.ts"
 
 export default withRouteSpec({
-  auth: "cst_ak_pk",
+  auth: ["client_session", "pat_with_workspace", "console_session", "api_key"],
   methods: ["GET", "POST"],
   commonParams: z.object({
     device_id: z.string(),

src/pages/api/access_codes/unmanaged/update.ts

@@ -4,7 +4,7 @@ import { z } from "zod"
 import { withRouteSpec } from "lib/middleware/with-route-spec.ts"
 
 export default withRouteSpec({
-  auth: "cst_ak_pk",
+  auth: ["client_session", "pat_with_workspace", "console_session", "api_key"],
   methods: ["POST", "PATCH"],
   commonParams: z.object({
     access_code_id: z.string(),

src/pages/api/access_codes/update.ts

@@ -37,7 +37,7 @@ const json_body = z
   }, "Both starts_at and ends_at must be provided if one is")
 
 export default withRouteSpec({
-  auth: "cst_ak_pk",
+  auth: ["client_session", "pat_with_workspace", "console_session", "api_key"],
   methods: ["POST"],
   jsonBody: json_body,
   jsonResponse: z.object({

src/pages/api/acs/entrances/get.ts

@@ -8,7 +8,7 @@ import { cloneWithoutUnderscoreKeys } from "lib/util/clone-without-underscore-ke
 
 export default withRouteSpec({
   methods: ["GET", "POST"],
-  auth: "cst_ak_pk",
+  auth: ["client_session", "pat_with_workspace", "console_session", "api_key"],
   commonParams: z.object({
     acs_entrance_id: z.string(),
   }),

src/pages/api/acs/entrances/grant_access.ts

@@ -5,7 +5,7 @@ import { withRouteSpec } from "lib/middleware/index.ts"
 
 export default withRouteSpec({
   methods: ["POST"],
-  auth: "cst_ak_pk",
+  auth: ["client_session", "pat_with_workspace", "console_session", "api_key"],
   jsonBody: z.object({
     acs_entrance_id: z.string(),
     acs_user_id: z.string(),

src/pages/api/acs/entrances/list.ts

@@ -7,7 +7,7 @@ import { cloneWithoutUnderscoreKeys } from "lib/util/clone-without-underscore-ke
 
 export default withRouteSpec({
   methods: ["GET", "POST"],
-  auth: "cst_ak_pk",
+  auth: ["client_session", "pat_with_workspace", "console_session", "api_key"],
   commonParams: z.object({
     acs_system_id: z.string().optional(),
     acs_credential_id: z.string().optional(),

src/pages/api/acs/systems/get.ts

@@ -6,7 +6,7 @@ import { acs_system } from "lib/zod/index.ts"
 
 export default withRouteSpec({
   methods: ["GET", "POST"],
-  auth: "cst_ak_pk",
+  auth: ["client_session", "pat_with_workspace", "console_session", "api_key"],
   commonParams: z.object({
     acs_system_id: z.string(),
   }),

src/pages/api/acs/systems/list.ts

@@ -5,7 +5,7 @@ import { acs_system } from "lib/zod/index.ts"
 
 export default withRouteSpec({
   methods: ["GET", "POST"],
-  auth: "cst_ak_pk",
+  auth: ["client_session", "pat_with_workspace", "console_session", "api_key"],
   commonParams: z.object({
     connected_account_id: z.string().optional(),
   }),

src/pages/api/acs/users/add_to_access_group.ts

@@ -5,7 +5,7 @@ import { withRouteSpec } from "lib/middleware/index.ts"
 
 export default withRouteSpec({
   methods: ["PUT", "POST"],
-  auth: "cst_ak_pk",
+  auth: ["client_session", "pat_with_workspace", "console_session", "api_key"],
   jsonBody: z.object({
     acs_user_id: z.string(),
     acs_access_group_id: z.string(),

src/pages/api/acs/users/create.ts

@@ -6,7 +6,7 @@ import { acs_user } from "lib/zod/index.ts"
 
 export default withRouteSpec({
   methods: ["POST"],
-  auth: "cst_ak_pk",
+  auth: ["client_session", "pat_with_workspace", "console_session", "api_key"],
   jsonBody: z
     .object({
       acs_system_id: z.string(),

src/pages/api/acs/users/delete.ts

@@ -5,7 +5,7 @@ import { withRouteSpec } from "lib/middleware/index.ts"
 
 export default withRouteSpec({
   methods: ["DELETE", "POST"],
-  auth: "cst_ak_pk",
+  auth: ["client_session", "pat_with_workspace", "console_session", "api_key"],
   commonParams: z.object({
     acs_user_id: z.string(),
   }),

src/pages/api/acs/users/get.ts

@@ -6,7 +6,7 @@ import { acs_user } from "lib/zod/index.ts"
 
 export default withRouteSpec({
   methods: ["GET", "POST"],
-  auth: "cst_ak_pk",
+  auth: ["client_session", "pat_with_workspace", "console_session", "api_key"],
   commonParams: z.object({
     acs_user_id: z.string(),
   }),

src/pages/api/acs/users/list.ts

@@ -5,7 +5,7 @@ import { acs_user, phone_number } from "lib/zod/index.ts"
 
 export default withRouteSpec({
   methods: ["GET", "POST"],
-  auth: "cst_ak_pk",
+  auth: ["client_session", "pat_with_workspace", "console_session", "api_key"],
   commonParams: z.object({
     user_identity_id: z.string().optional(),
     user_identity_phone_number: phone_number.optional(),

src/pages/api/acs/users/remove_from_access_group.ts

@@ -5,7 +5,7 @@ import { withRouteSpec } from "lib/middleware/index.ts"
 
 export default withRouteSpec({
   methods: ["DELETE", "POST"],
-  auth: "cst_ak_pk",
+  auth: ["client_session", "pat_with_workspace", "console_session", "api_key"],
   jsonBody: z.object({
     acs_user_id: z.string(),
     acs_access_group_id: z.string(),

src/pages/api/acs/users/suspend.ts

@@ -5,7 +5,7 @@ import { withRouteSpec } from "lib/middleware/index.ts"
 
 export default withRouteSpec({
   methods: ["POST"],
-  auth: "cst_ak_pk",
+  auth: ["client_session", "pat_with_workspace", "console_session", "api_key"],
   jsonBody: z.object({
     acs_user_id: z.string(),
   }),

src/pages/api/acs/users/unsuspend.ts

@@ -5,7 +5,7 @@ import { withRouteSpec } from "lib/middleware/index.ts"
 
 export default withRouteSpec({
   methods: ["POST"],
-  auth: "cst_ak_pk",
+  auth: ["client_session", "pat_with_workspace", "console_session", "api_key"],
   jsonBody: z.object({
     acs_user_id: z.string(),
   }),