fix: prevent access to admin info from outside the dashboard

Add @UseGuards to prevent access to admin info from outside the dashboard, exclude the admin
controller endpoints from the api docs and remove all the api requests related to the admins in the
api sdk.

re #460

apps/api/src/app/admins/admins.controller.ts

@@ -1,5 +1,14 @@
-import { Body, Controller, Get, Param, Post, Put } from "@nestjs/common"
-import { ApiCreatedResponse } from "@nestjs/swagger"
+import {
+    Body,
+    Controller,
+    Get,
+    Param,
+    Post,
+    Put,
+    UseGuards
+} from "@nestjs/common"
+import { ApiExcludeEndpoint } from "@nestjs/swagger"
+import { AuthGuard } from "../auth/auth.guard"
 import { CreateAdminDTO } from "./dto/create-admin.dto"
 import { AdminsService } from "./admins.service"
 import { Admin } from "./entities/admin.entity"
@@ -10,17 +19,22 @@ export class AdminsController {
     constructor(private readonly adminsService: AdminsService) {}
 
     @Post()
+    @UseGuards(AuthGuard)
+    @ApiExcludeEndpoint()
     async createAdmin(@Body() dto: CreateAdminDTO): Promise<Admin> {
         return this.adminsService.create(dto)
     }
 
     @Get(":admin")
-    @ApiCreatedResponse({ type: Admin })
+    @UseGuards(AuthGuard)
+    @ApiExcludeEndpoint()
     async getAdmin(@Param("admin") adminId: string) {
         return this.adminsService.findOne({ id: adminId })
     }
 
     @Put(":admin/apikey")
+    @UseGuards(AuthGuard)
+    @ApiExcludeEndpoint()
     async updateApiKey(
         @Param("admin") adminId: string,
         @Body() dto: UpdateApiKeyDTO

libs/api-sdk/src/apiSdk.ts

@@ -3,10 +3,7 @@ import {
     GroupResponse,
     InviteResponse,
     GroupRequest,
-    GroupUpdateRequest,
-    AdminRequest,
-    AdminResponse,
-    AdminUpdateApiKeyRequest
+    GroupUpdateRequest
 } from "./types"
 import checkParameter from "./checkParameter"
 import {
@@ -25,7 +22,6 @@ import {
     removeMemberByApiKey,
     removeMembersByApiKey
 } from "./groups"
-import { createAdmin, getAdmin, updateApiKey } from "./admins"
 import { getInvite } from "./invites"
 
 export default class ApiSdk {
@@ -79,43 +75,6 @@ export default class ApiSdk {
         return this._config
     }
 
-    /**
-     * Create an admin.
-     * @param dto The data of the admin.
-     * @returns Specific admin.
-     */
-    async createAdmin(dto: AdminRequest): Promise<AdminResponse> {
-        const admin = await createAdmin(this._config, dto)
-
-        return admin
-    }
-
-    /**
-     * Get the admin with given id.
-     * @param adminId The admin id.
-     * @returns Specific admin.
-     */
-    async getAdmin(adminId: string): Promise<AdminResponse> {
-        const admin = await getAdmin(this._config, adminId)
-
-        return admin
-    }
-
-    /**
-     * Update an admin API key.
-     * @param adminId The admin id.
-     * @param dto The action to be executed on the API key.
-     * @returns The updated API key.
-     */
-    async updateApiKey(
-        adminId: string,
-        dto: AdminUpdateApiKeyRequest
-    ): Promise<string> {
-        const apiKey = await updateApiKey(this._config, adminId, dto)
-
-        return apiKey
-    }
-
     /**
      * Returns the list of groups.
      * @returns List of groups.

libs/api-sdk/src/types/index.ts

@@ -38,26 +38,6 @@ export type GroupUpdateRequest = {
     }
 }
 
-export type AdminRequest = {
-    id: string
-    address: string
-    username?: string
-}
-
-export type AdminResponse = {
-    id: string
-    address: string
-    username: string
-    apiKey: string
-    apiEnabled: boolean
-    createdAt?: Date
-    updatedAt?: Date
-}
-
-export type AdminUpdateApiKeyRequest = {
-    action: ApiKeyActions
-}
-
 type Group = {
     id: string
     name: string