e1f2be7ecf
Wire up Better Auth for session-based authentication. Add actor middleware that resolves local_trusted mode to an implicit board actor and authenticated mode to Better Auth sessions. Add access service with membership, permission, invite, and join-request management. Register access routes for member/invite/ join-request CRUD. Update health endpoint to report deployment mode and bootstrap status. Enforce tasks:assign and agents:create permissions in issue and agent routes. Add deployment mode validation at startup with guardrails (loopback-only for local_trusted, auth config required for authenticated). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
41 lines
1.5 KiB
TypeScript
41 lines
1.5 KiB
TypeScript
import { Router } from "express";
|
|
import type { Db } from "@paperclip/db";
|
|
import { and, eq, sql } from "drizzle-orm";
|
|
import { joinRequests } from "@paperclip/db";
|
|
import { sidebarBadgeService } from "../services/sidebar-badges.js";
|
|
import { accessService } from "../services/access.js";
|
|
import { assertCompanyAccess } from "./authz.js";
|
|
|
|
export function sidebarBadgeRoutes(db: Db) {
|
|
const router = Router();
|
|
const svc = sidebarBadgeService(db);
|
|
const access = accessService(db);
|
|
|
|
router.get("/companies/:companyId/sidebar-badges", async (req, res) => {
|
|
const companyId = req.params.companyId as string;
|
|
assertCompanyAccess(req, companyId);
|
|
let canApproveJoins = false;
|
|
if (req.actor.type === "board") {
|
|
canApproveJoins =
|
|
req.actor.source === "local_implicit" ||
|
|
Boolean(req.actor.isInstanceAdmin) ||
|
|
(await access.canUser(companyId, req.actor.userId, "joins:approve"));
|
|
} else if (req.actor.type === "agent" && req.actor.agentId) {
|
|
canApproveJoins = await access.hasPermission(companyId, "agent", req.actor.agentId, "joins:approve");
|
|
}
|
|
|
|
const joinRequestCount = canApproveJoins
|
|
? await db
|
|
.select({ count: sql<number>`count(*)` })
|
|
.from(joinRequests)
|
|
.where(and(eq(joinRequests.companyId, companyId), eq(joinRequests.status, "pending_approval")))
|
|
.then((rows) => Number(rows[0]?.count ?? 0))
|
|
: 0;
|
|
|
|
const badges = await svc.get(companyId, { joinRequests: joinRequestCount });
|
|
res.json(badges);
|
|
});
|
|
|
|
return router;
|
|
}
|