-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathcredits-admin.router.ts
More file actions
54 lines (50 loc) · 1.73 KB
/
Copy pathcredits-admin.router.ts
File metadata and controls
54 lines (50 loc) · 1.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
import { Router } from "express";
import { meGuard } from "@/api/v2/accounts/middleware/meGuard";
import { accountViewGetHandler } from "./handlers/account-view-get";
import { adjustPostHandler } from "./handlers/adjust-post";
import { adminPageHandler } from "./handlers/admin-page";
import { auditGetHandler } from "./handlers/audit-get";
import { auditRecentGetHandler } from "./handlers/audit-recent-get";
import { grantPostHandler } from "./handlers/grant-post";
import { searchGetHandler } from "./handlers/search-get";
import { whoamiGetHandler } from "./handlers/whoami-get";
import { attachActorIdentity } from "./middleware/cf-identity";
import { creditsAdminTokenAuth } from "./middleware/token-auth";
export const creditsAdminRouter = Router();
// Public shell — authenticates client-side (Bearer), leaks no data server-side.
creditsAdminRouter.get("/", adminPageHandler);
// Reads — token gate only (no audit write).
creditsAdminRouter.get(
"/whoami",
creditsAdminTokenAuth,
attachActorIdentity,
whoamiGetHandler,
);
creditsAdminRouter.get("/search", creditsAdminTokenAuth, searchGetHandler);
creditsAdminRouter.get("/audit", creditsAdminTokenAuth, auditGetHandler);
creditsAdminRouter.get(
"/audit/recent",
creditsAdminTokenAuth,
auditRecentGetHandler,
);
creditsAdminRouter.get(
"/accounts/:accountId",
creditsAdminTokenAuth,
meGuard,
accountViewGetHandler,
);
// Audited mutations — token gate, then verified CF identity, then UUID guard.
creditsAdminRouter.post(
"/accounts/:accountId/grant",
creditsAdminTokenAuth,
attachActorIdentity,
meGuard,
grantPostHandler,
);
creditsAdminRouter.post(
"/accounts/:accountId/adjust",
creditsAdminTokenAuth,
attachActorIdentity,
meGuard,
adjustPostHandler,
);