Add initial Portal version

2026-04-09 22:16:22 +02:00
commit d526c1ff4a
51 changed files with 10752 additions and 0 deletions
--- a/src/app/api/tenants/[name]/route.ts
+++ b/src/app/api/tenants/[name]/route.ts
@@ -0,0 +1,95 @@
+import { NextRequest, NextResponse } from "next/server";
+import { auth } from "@/lib/auth";
+import { getTenant, patchTenantSpec } from "@/lib/k8s";
+
+function isPlatformRole(roles: string[]): boolean {
+  return roles.some((r) =>
+    ["platform_admin", "platform_operator"].includes(r)
+  );
+}
+
+export async function GET(
+  _req: NextRequest,
+  { params }: { params: Promise<{ name: string }> }
+) {
+  const session = await auth();
+  if (!session?.user) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+
+  const { name } = await params;
+  const { orgId, roles } = session.user as any;
+
+  try {
+    const tenant = await getTenant(name);
+    if (!tenant) {
+      return NextResponse.json({ error: "Not found" }, { status: 404 });
+    }
+
+    // Scope check: non-platform users can only see their own org's tenants
+    if (
+      !isPlatformRole(roles || []) &&
+      tenant.metadata?.labels?.["zitadel-org-id"] !== orgId
+    ) {
+      return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+    }
+
+    return NextResponse.json(tenant);
+  } catch (e: any) {
+    return NextResponse.json(
+      { error: "K8s API error", detail: e.message },
+      { status: e.statusCode || 500 }
+    );
+  }
+}
+
+export async function PATCH(
+  req: NextRequest,
+  { params }: { params: Promise<{ name: string }> }
+) {
+  const session = await auth();
+  if (!session?.user) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+
+  const { name } = await params;
+  const { orgId, roles } = session.user as any;
+  const body = await req.json();
+  const userRoles = roles || [];
+
+  // Only owner or platform roles can patch
+  if (!isPlatformRole(userRoles) && !userRoles.includes("owner")) {
+    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+  }
+
+  try {
+    // Ownership check
+    const existing = await getTenant(name);
+    if (!existing) {
+      return NextResponse.json({ error: "Not found" }, { status: 404 });
+    }
+    if (
+      !isPlatformRole(userRoles) &&
+      existing.metadata?.labels?.["zitadel-org-id"] !== orgId
+    ) {
+      return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+    }
+
+    // Build partial spec — only allow specific fields
+    const specPatch: Record<string, any> = {};
+    if (body.packages !== undefined) specPatch.packages = body.packages;
+    if (body.workspaceFiles !== undefined)
+      specPatch.workspaceFiles = body.workspaceFiles;
+    if (body.displayName !== undefined)
+      specPatch.displayName = body.displayName;
+    if (body.agentName !== undefined) specPatch.agentName = body.agentName;
+
+    const updated = await patchTenantSpec(name, specPatch);
+    return NextResponse.json(updated);
+  } catch (e: any) {
+    return NextResponse.json(
+      { error: "Patch failed", detail: e.message },
+      { status: e.statusCode || 500 }
+    );
+  }
+}