Secure machine operations with AdminGuard

Added AdminGuard to POST and DELETE routes in MachinesController to ensure only admins can create or delete machines. Renamed endpoints for clarity and removed redundant code. This enhances security and improves API design.
2024-10-08 13:25:44 +02:00 · 2024-10-08 13:25:44 +02:00 · f72b7ad9cb
commit f72b7ad9cb
parent ec8af843b5
1 changed files with 11 additions and 10 deletions
--- a/apps/backend/src/app/machines/machines.controller.ts
+++ b/apps/backend/src/app/machines/machines.controller.ts
@ -4,38 +4,39 @@ import {
 	Delete,
 	Get,
 	Param,
+	ParseBoolPipe,
 	ParseIntPipe,
 	Post,
 	Query,
+	UseGuards,
 } from "@nestjs/common";
+import { AdminGuard } from "apps/backend/src/app/auth/auth.guard";
 import { MachinesService } from "apps/backend/src/app/machines/machines.service";

@Controller("machines")
 export class MachinesController {
 	constructor(private readonly machineService: MachinesService) {}

-	@Get()
+	@Get("find")
 	async findMany(
 		@Query("limit", new DefaultValuePipe(20), ParseIntPipe) limit: number,
 		@Query("offset", new DefaultValuePipe(0), ParseIntPipe) offset: number,
 		@Query("search", new DefaultValuePipe("")) search: string,
-	) {
-		const query = { limit, offset, search };
-	}
+	) {}

+	@UseGuards(AdminGuard)
 	@Post("new")
 	async newMachine() {}

+	@UseGuards(AdminGuard)
 	@Delete(":machineId")
-	async deleteGroup(@Param("machineId") machineId: string) {}
+	async deleteMachine(@Param("machineId") machineId: string) {}

-	@Get(":groupId")
-	async getForGroup(
+	@Get(":machineId/files")
+	async getFilesForMachine(
 		@Query("limit", new DefaultValuePipe(20), ParseIntPipe) limit: number,
 		@Query("offset", new DefaultValuePipe(0), ParseIntPipe) offset: number,
 		@Query("search", new DefaultValuePipe("")) search: string,
 		@Param("machineId") machineId: string,
-	) {
-		const query = { limit, offset, search };
-	}
+	) {}
 }