fix(api): remove unused suspend user (#2723)

## Describe your changes Fixes https://linear.app/nango/issue/NAN-1717/remove-problematic-suspend-user - Remove this unused endpoint It was insecure and there is a better way now to remove user from a team
NangoHQ · Sep 13, 2024 · 44f05eb · 44f05eb
1 parent 4ed946c
commit 44f05eb
Show file tree

Hide file tree

Showing 3 changed files with 1 addition and 13 deletions.
diff --git a/packages/server/lib/controllers/user.controller.ts b/packages/server/lib/controllers/user.controller.ts
@@ -26,17 +26,6 @@ class UserController {
             next(err);
         }
     }
-
-    async suspend(req: Request, res: Response<any, never>, next: NextFunction) {
-        try {
-            const userId = req.params['userId'];
-
-            await userService.suspendUser(Number(userId));
-            res.status(200).send();
-        } catch (err) {
-            next(err);
-        }
-    }
 }
 
 export default new UserController();
diff --git a/packages/server/lib/middleware/access.middleware.ts b/packages/server/lib/middleware/access.middleware.ts
@@ -8,7 +8,7 @@ import type { RequestLocals } from '../utils/express.js';
 const logger = getLogger('AccessMiddleware');
 
 const keyRegex = /^[0-9A-F]{8}-[0-9A-F]{4}-[4][0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}$/i;
-const ignoreEnvPaths = ['/api/v1/meta', '/api/v1/user', '/api/v1/user/name', '/api/v1/users/:userId/suspend', '/api/v1/signin', '/api/v1/invite/:id'];
+const ignoreEnvPaths = ['/api/v1/meta', '/api/v1/user', '/api/v1/user/name', '/api/v1/signin', '/api/v1/invite/:id'];
 
 export class AccessMiddleware {
     async secretKeyAuth(req: Request, res: Response<any, RequestLocals>, next: NextFunction) {

diff --git a/packages/server/lib/routes.ts b/packages/server/lib/routes.ts
@@ -279,7 +279,6 @@ web.route('/api/v1/connection/admin/:connectionId').delete(webAuth, connectionCo
 web.route('/api/v1/user').get(webAuth, getUser);
 web.route('/api/v1/user').patch(webAuth, patchUser);
 web.route('/api/v1/user/password').put(webAuth, userController.editPassword.bind(userController));
-web.route('/api/v1/users/:userId/suspend').post(webAuth, userController.suspend.bind(userController));
 
 web.route('/api/v1/sync').get(webAuth, syncController.getSyncsByParams.bind(syncController));
 web.route('/api/v1/sync/command').post(webAuth, syncController.syncCommand.bind(syncController));