jackson/pages/api/admin/connections/index.ts

import type { NextApiRequest, NextApiResponse } from 'next';

import jackson from '@lib/jackson';
import { oidcMetadataParse, parsePaginateApiParams, strategyChecker } from '@lib/utils';
import { adminPortalSSODefaults } from '@lib/env';
import retraced from '@ee/retraced';
import { defaultHandler } from '@lib/api';
import { ApiError } from '@lib/error';
import { validateDevelopmentModeLimits } from '@lib/development-mode';

const handler = async (req: NextApiRequest, res: NextApiResponse) => {
  await defaultHandler(req, res, {
    GET: handleGET,
    POST: handlePOST,
    PATCH: handlePATCH,
    DELETE: handleDELETE,
  });
};

// Get all connections
const handleGET = async (req: NextApiRequest, res: NextApiResponse) => {
  const { adminController, connectionAPIController } = await jackson();

  const { isSystemSSO } = req.query as {
    isSystemSSO?: string; // if present will be '' else undefined
  };

  const { pageOffset, pageLimit, pageToken } = parsePaginateApiParams(req.query);

  const { tenant: adminPortalSSOTenant, product: adminPortalSSOProduct } = adminPortalSSODefaults;

  const paginatedConnectionList = await adminController.getAllConnection(pageOffset, pageLimit, pageToken);

  const connections =
    isSystemSSO === undefined
      ? // For the Connections list under Enterprise SSO, `isSystemSSO` flag added to show system sso badge
        paginatedConnectionList?.data?.map((conn) => ({
          ...conn,
          isSystemSSO: adminPortalSSOTenant === conn.tenant && adminPortalSSOProduct === conn.product,
        }))
      : // For settings view, pagination not done for now as the system connections are expected to be a few
        await connectionAPIController.getConnections({
          tenant: adminPortalSSOTenant,
          product: adminPortalSSOProduct,
        });

  if (paginatedConnectionList.pageToken) {
    res.setHeader('jackson-pagetoken', paginatedConnectionList.pageToken);
  }

  res.json(connections);
};

// Create a new connection
const handlePOST = async (req: NextApiRequest, res: NextApiResponse) => {
  const { connectionAPIController } = await jackson();

  const { isSAML, isOIDC } = strategyChecker(req);

  await validateDevelopmentModeLimits(req.body.product, 'sso');

  if (!isSAML && !isOIDC) {
    throw new ApiError('Missing SSO connection params', 400);
  }

  // Create SAML connection
  if (isSAML) {
    const connection = await connectionAPIController.createSAMLConnection(req.body);

    retraced.reportAdminPortalEvent({
      action: 'sso.connection.create',
      crud: 'c',
      req,
      target: {
        id: connection.clientID,
        type: 'SAML Connection',
      },
    });

    res.status(201).json({ data: connection });
  }
  // Create OIDC connection
  else {
    const connection = await connectionAPIController.createOIDCConnection(oidcMetadataParse(req.body));

    retraced.reportAdminPortalEvent({
      action: 'sso.connection.create',
      crud: 'c',
      req,
      target: {
        id: connection.clientID,
        type: 'OIDC Connection',
      },
    });

    res.status(201).json({ data: connection });
  }
};

// Update a connection
const handlePATCH = async (req: NextApiRequest, res: NextApiResponse) => {
  const { connectionAPIController } = await jackson();

  const { isSAML, isOIDC } = strategyChecker(req);

  if (!isSAML && !isOIDC) {
    throw new ApiError('Missing SSO connection params', 400);
  }

  // Update SAML connection
  if (isSAML) {
    await connectionAPIController.updateSAMLConnection(req.body);

    retraced.reportAdminPortalEvent({
      action: 'sso.connection.update',
      crud: 'u',
      req,
      target: {
        id: req.body.clientID,
        type: 'SAML Connection',
      },
    });

    res.status(204).end();
  }
  // Update OIDC connection
  else {
    await connectionAPIController.updateOIDCConnection(oidcMetadataParse(req.body));

    retraced.reportAdminPortalEvent({
      action: 'sso.connection.update',
      crud: 'u',
      req,
      target: {
        id: req.body.clientID,
        type: 'OIDC Connection',
      },
    });

    res.status(204).end();
  }
};

// Delete a connection
const handleDELETE = async (req: NextApiRequest, res: NextApiResponse) => {
  const { connectionAPIController } = await jackson();

  const { clientID, clientSecret } = req.query as {
    clientID: string;
    clientSecret: string;
  };

  await connectionAPIController.deleteConnections({ clientID, clientSecret });

  retraced.reportAdminPortalEvent({
    action: 'sso.connection.delete',
    crud: 'd',
    req,
    target: {
      id: clientID,
    },
  });

  res.json({ data: null });
};

export default handler;