sumba 2.22.0 → 2.23.0

package/extend/bajo/hook/dobo.sumba-team-guard@after-action.js

@@ -0,0 +1,6 @@
+async function afterAction (action, ...args) {
+  if (!['createRecord', 'updateRecord', 'removeRecord'].includes(action)) return
+  await this.getTeamGuards(true)
+}
+
+export default afterAction

package/extend/bajo/hook/dobo.sumba-user-guard@after-action.js

@@ -0,0 +1,6 @@
+async function afterAction (action, ...args) {
+  if (!['createRecord', 'updateRecord', 'removeRecord'].includes(action)) return
+  await this.getUserGuards(true)
+}
+
+export default afterAction

package/extend/bajo/hook/dobo.sumba-user@after-update-record.js

@@ -1,10 +1,8 @@
 export async function clearCache (id, result) {
   if (!this.app.bajoCache) return
-  const { hash } = this.app.bajoExtra
   const { clear } = this.app.bajoCache ?? {}
-  const { get, isEmpty } = this.app.lib._
-  let token = get(result, 'data.token', get(result, 'oldData.token', ''))
-  if (!isEmpty(token)) token = await hash(token)
+  const { get } = this.app.lib._
+  const token = get(result, 'data.token', get(result, 'oldData.token', ''))
   await clear({ key: `dobo|SumbaUser|getUserById|${id}` })
   await clear({ key: `dobo|SumbaUser|getUserByToken|${token}` })
 }

package/extend/bajo/hook/waibu-mpa@pre-parsing.js

@@ -1,13 +1,13 @@
-import { checkUserId, checkTeam, checkTheme, checkIconset, checkinterSite } from '../../../lib/util.js'
+import { checkUserId, checkTeam, checkTheme, checkIconset, checkInterSite } from '../../../lib/util.js'
 
 const preParsing = {
   level: 10,
   handler: async function (req, reply) {
     await checkTheme.call(this, req, reply)
     await checkIconset.call(this, req, reply)
-    await checkUserId.call(this, req, reply, 'waibuMpa')
-    await checkTeam.call(this, req, reply, 'waibuMpa')
-    await checkinterSite.call(this, req, reply)
+    if (!await checkUserId.call(this, req, reply, 'waibuMpa')) return
+    if (!await checkTeam.call(this, req, reply, 'waibuMpa')) return
+    await checkInterSite.call(this, req, reply)
   }
 }
 

package/extend/bajo/hook/waibu-rest-api@pre-parsing.js

@@ -1,11 +1,11 @@
-import { checkUserId, checkTeam, checkinterSite } from '../../../lib/util.js'
+import { checkUserId, checkTeam, checkInterSite } from '../../../lib/util.js'
 
 const preParsing = {
   level: 10,
   handler: async function (req, reply) {
-    await checkUserId.call(this, req, reply, 'waibuRestApi')
-    await checkTeam.call(this, req, reply, 'waibuRestApi')
-    await checkinterSite.call(this, req, reply)
+    if (!await checkUserId.call(this, req, reply, 'waibuRestApi')) return
+    if (!await checkTeam.call(this, req, reply, 'waibuRestApi')) return
+    await checkInterSite.call(this, req, reply)
   }
 }
 

package/extend/bajo/hook/waibu-static@pre-parsing.js

@@ -1,11 +1,11 @@
-import { checkUserId, checkTeam, checkinterSite } from '../../../lib/util.js'
+import { checkUserId, checkTeam, checkInterSite } from '../../../lib/util.js'
 
 const preParsing = {
   level: 10,
   handler: async function (req, reply) {
-    await checkUserId.call(this, req, reply, 'waibuStatic')
-    await checkTeam.call(this, req, reply, 'waibuStatic')
-    await checkinterSite.call(this, req, reply)
+    if (!await checkUserId.call(this, req, reply, 'waibuStatic')) return
+    if (!await checkTeam.call(this, req, reply, 'waibuStatic')) return
+    await checkInterSite.call(this, req, reply)
   }
 }
 

package/extend/bajo/hook/waibu@after-app-boot.js

@@ -1,23 +1,5 @@
-import { collectRoutes, collectTeam } from '../../../lib/collect.js'
-
-async function afterAppBoot () {
-  const { runHook } = this.app.bajo
-  await runHook(`${this.ns}:beforeBoot`)
-  this.log.trace('collectingRouteGuards')
-  await collectRoutes.call(this, 'secure')
-  await runHook(`${this.ns}:afterCollectSecureRoutes`, this.secureRoutes, this.secureNegRoutes)
-  this.log.trace('secureRoutes%d', this.secureRoutes.length)
-  this.log.trace('secureNegRoutes%d', this.secureNegRoutes.length)
-  await collectRoutes.call(this, 'anonymous')
-  await runHook(`${this.ns}:afterCollectAnonymousRoutes`, this.anonymousRoutes, this.anonymousNegRoutes)
-  this.log.trace('anonRoutes%d', this.anonymousRoutes.length)
-  this.log.trace('anonNegRoutes%d', this.anonymousNegRoutes.length)
-  this.log.trace('collectingTeamGuards')
-  await collectTeam.call(this)
-  await runHook(`${this.ns}:afterCollectTeamRoutes`, this.teamRoutes, this.teamNegRoutes)
-  this.log.trace('teamRoutes%d', this.teamRoutes.length)
-  this.log.trace('teamNegRoutes%d', this.teamNegRoutes.length)
-  await runHook(`${this.ns}:afterBoot`)
-}
-
-export default afterAppBoot
+async function afterAppBoot () {
+  await this.getRouteGuards(true)
+}
+
+export default afterAppBoot

package/extend/bajo/hook/waibu@pre-parsing.js

@@ -1,13 +1,8 @@
-import { checkNoRouteSetting, checkNoRouteSettingKey } from '../../../lib/util.js'
-
 const preParsing = {
   level: 10,
   handler: async function (req, reply) {
-    const { get } = this.app.lib._
     const { getHostname } = this.app.waibu
     req.site = await this.getSite(getHostname(req))
-    const routes = get(req.site, checkNoRouteSettingKey)
-    checkNoRouteSetting.call(this, req, routes)
   }
 }
 

package/extend/bajo/intl/en-US.json

@@ -61,11 +61,6 @@
   "troubleTickets": "Trouble Tickets",
   "guest": "Guest",
   "warningMemberOnly%s": "Please authenticate yourself first, because the <a href=\"%s\">page<a> your're trying to access is a member only page",
-  "collectingRouteGuards": "Collecting route guards:",
-  "secureRoutes%d": "- Secure routes: %d",
-  "secureNegRoutes%d": "- Secure, negated routes: %d",
-  "anonRoutes%d": "- Anonymous routes: %d",
-  "anonNegRoutes%d": "- Anonymous, negated routes: %d",
   "replies": "Replies",
   "compose": "Compose",
   "yourReply": "Your Reply",
@@ -136,6 +131,8 @@
   "statusOpen": "Open",
   "statusClosed": "Closed",
   "allSites": "All Sites",
+  "permission": "Permission",
+  "routeGuard": "Route Guard",
   "field": {
     "currentPassword": "Current Password",
     "newPassword": "New Password",
@@ -159,7 +156,12 @@
     "team": "Team",
     "ns": "Module's Namespace",
     "value": "Value",
-    "notes": "Notes"
+    "notes": "Notes",
+    "path": "Path",
+    "inverse": "Inverse?",
+    "anonymous": "Anonymous?",
+    "methods": "Methods",
+    "teams": "Teams"
   },
   "validation": {
     "password": {

package/extend/dobo/fixture/route-guard.js

@@ -0,0 +1,26 @@
+const routes = [
+  'sumba:/your-stuff/**/*',
+  'sumba:/signout',
+  'sumba:/help/trouble-tickets/**/*',
+  'sumba.restapi:/user/api-key',
+  'sumba.restapi:/your-stuff/**/*',
+  'sumba.restapi:/manage/**/*',
+  '~sumba:/user/**/*',
+  '~sumba:/signin',
+  '~sumba.restapi:/user/access-token/**/*'
+]
+
+async function userGuard () {
+  return routes.map(r => {
+    const anonymous = r[0] === '~'
+    return {
+      path: anonymous ? r.slice(1) : r,
+      anonymous,
+      _immutable: true,
+      siteId: '?:SumbaSite::alias:default',
+      status: 'ACTIVE'
+    }
+  })
+}
+
+export default userGuard

package/extend/dobo/model/route-guard.js

@@ -0,0 +1,60 @@
+async function routeGuard () {
+  return {
+    connection: 'memory',
+    properties: [
+      'path,,255,true,true',
+      {
+        name: 'inverse',
+        type: 'boolean',
+        required: true,
+        default: false
+      }, {
+        name: 'anonymous',
+        type: 'boolean',
+        required: true,
+        default: false
+      }, {
+        name: 'methods',
+        type: 'array',
+        required: true,
+        default: ['GET', 'POST', 'UPDATE', 'DELETE'],
+        values: ['GET', 'POST', 'UPDATE', 'DELETE']
+      }, {
+        name: 'teams',
+        type: 'array',
+        default: [],
+        ref: {
+          teams: {
+            model: 'SumbaTeam',
+            field: 'alias',
+            searchField: 'name',
+            fields: ['alias', 'name']
+          }
+        }
+      }, {
+        name: 'weight',
+        type: 'smallint',
+        default: 0
+      }
+    ],
+    features: [
+      {
+        name: 'sumba:status',
+        values: ['ACTIVE', 'INACTIVE'],
+        default: 'ACTIVE'
+      },
+      {
+        name: 'dobo:unique',
+        fields: ['path', 'anonymous', 'methods', 'teams', 'inverse', 'weight', 'status', 'siteId']
+      },
+      'dobo:immutable',
+      'dobo:updatedAt',
+      'sumba:siteId'
+    ],
+    options: {
+      persistence: false
+    }
+  }
+}
+
+export default routeGuard

package/extend/dobo/model/user.js

@@ -28,6 +28,7 @@ async function user () {
       maxLength: 100,
       virtual: true,
       getValue: async function (val, rec) {
+        if (!rec.salt) return
         return await this.plugin.hash(rec.salt)
       }
     }, {
@@ -63,7 +64,7 @@ async function user () {
       fields: ['email', 'siteId'],
       type: 'unique'
     }],
-    hidden: ['password', 'token'],
+    hidden: ['password'],
     features: [
       'sumba:address',
       'sumba:social',

package/extend/waibuDb/schema/route-guard.js

@@ -0,0 +1,15 @@
+async function routeGuard () {
+  return {
+    common: {
+      widget: {
+        teams: {
+          attr: {
+            refUrl: 'waibuAdmin:/{prefix}/team/details?id={id}'
+          }
+        }
+      }
+    }
+  }
+}
+
+export default routeGuard

package/extend/waibuMpa/extend/waibuAdmin/route/route-guard/@action.js

@@ -0,0 +1,11 @@
+const action = {
+  method: ['GET', 'POST'],
+  title: 'routeGuard',
+  handler: async function (req, reply) {
+    const { importModule } = this.app.bajo
+    const crudSkel = await importModule('waibuAdmin:/lib/crud-skel.js')
+    return await crudSkel.call(this, 'SumbaRouteGuard', req, reply)
+  }
+}
+
+export default action

package/extend/waibuRestApi/route/manage/route-guard/model-builder.json

@@ -0,0 +1,4 @@
+{
+  "model": "SumbaRouteGuard",
+  "disabled": ["create", "update", "remove"]
+}

package/extend/waibuRestApi/route/your-stuff/profile/get.js

@@ -1,5 +1,5 @@
 const model = 'SumbaUser'
-const hidden = ['password', 'token', 'siteId', 'salt']
+const hidden = ['password', 'siteId']
 
 async function get () {
   const { getRecord } = this.app.waibuDb

package/index.js

@@ -152,6 +152,8 @@ async function factory (pkgName) {
           getUserByTokenDur: '1m'
         }
       }
+      this.userGuards = []
+      this.teamGuards = []
       this.unsafeUserFields = ['password']
       this.selfBind(['createNewSite', 'removeSite', 'getSite', 'getUserById', 'getUserByToken', 'getUserByUsernamePassword'])
     }
@@ -160,10 +162,6 @@ async function factory (pkgName) {
       const { getPluginDataDir } = this.app.bajo
       this.downloadDir = `${getPluginDataDir(this.ns)}/download`
       this.app.lib.fs.ensureDirSync(this.downloadDir)
-      for (const type of ['secure', 'anonymous', 'team']) {
-        this[`${type}Routes`] = this[`${type}Routes`] ?? []
-        this[`${type}NegRoutes`] = this[`${type}NegRoutes`] ?? []
-      }
       if (this.config.multiSite === true) {
         this.config.multiSite = cloneDeep(defMultiSite)
         this.config.multiSite.enabled = true
@@ -173,8 +171,8 @@ async function factory (pkgName) {
     start = async () => {
       const { getModel } = this.app.dobo
       if (this.config.interSiteAdmins.length === 0) {
-        const site = await getModel('SumbaSite').findOneRecord({ query: { alias: 'default' } }, { noHook: true })
-        const user = await getModel('SumbaUser').findOneRecord({ query: { username: 'admin', siteId: site.id } }, { noHook: true })
+        const site = await getModel('SumbaSite').findOneRecord({ query: { alias: 'default' } }, { noMagic: true })
+        const user = await getModel('SumbaUser').findOneRecord({ query: { username: 'admin', siteId: site.id } }, { noMagic: true })
         this.config.interSiteAdmins.push(user.id)
       }
     }
@@ -227,6 +225,11 @@ async function factory (pkgName) {
           { title: 'teamUser', href: `waibuAdmin:/${prefix}/team-user/list` },
           { title: 'teamSetting', href: `waibuAdmin:/${prefix}/team-setting/list` }
         ]
+      }, {
+        title: 'permission',
+        children: [
+          { title: 'routeGuard', href: `waibuAdmin:/${prefix}/route-guard/list` }
+        ]
       }, {
         title: 'supportSystem',
         children: [
@@ -358,7 +361,7 @@ async function factory (pkgName) {
       return true
     }
 
-    checkPathsByTeam = ({ paths = [], method = 'GET', teams = [], guards = [] }) => {
+    checkPathsByRoute = ({ paths = [], method = 'GET', teams = [], guards = [] }) => {
       const { includes } = this.app.lib.aneka
       const { outmatch } = this.app.lib
 
@@ -366,9 +369,8 @@ async function factory (pkgName) {
         const matchPath = outmatch(item.path)
         for (const path of paths) {
           if (matchPath(path)) {
-            const matchMethods = outmatch(item.methods, { separator: false })
-            if (matchMethods(method)) {
-              if (item.teams.length === 0) return item
+            if (item.methods.includes(method)) {
+              if (teams.length === 0) return item
               if (includes(teams, item.teams)) return item
             }
           }
@@ -376,19 +378,6 @@ async function factory (pkgName) {
       }
     }
 
-    checkPathsByRoute = ({ paths = [], method = 'GET', guards = [] }) => {
-      const { outmatch } = this.app.lib
-      for (const item of guards) {
-        const matchPath = outmatch(item.path)
-        for (const path of paths) {
-          if (matchPath(path)) {
-            const matchMethods = outmatch(item.methods, { separator: false })
-            if (matchMethods(method)) return item
-          }
-        }
-      }
-    }
-
     checkPathsByGuard = ({ guards, paths }) => {
       const { outmatch } = this.app.lib
       const matcher = outmatch(guards)
@@ -535,31 +524,25 @@ async function factory (pkgName) {
       return password
     }
 
-    parseRouteGuard = item => {
-      const { routePath, routePathHandlers } = this.app.waibu
-      const { isString, isEmpty } = this.app.lib._
-      if (isString(item)) {
-        let [path, methods] = item.split('|').map(i => i.trim())
-        methods = isEmpty(methods) ? ['*'] : methods.split(',').map(i => i.trim())
-        item = { path, methods }
-      }
-      item.methods = item.methods ?? ['*']
-      if (item.methods.includes('*')) item.methods = ['*']
-      const [, routeHandler] = item.path.split(':')[0].split('.')
-      if (!isEmpty(routeHandler) && !routePathHandlers[routeHandler]) return
-      const rns = isEmpty(routeHandler) ? 'waibuMpa' : routePathHandlers[routeHandler].ns
-      if (!this.app[rns]) return
-      item.inverse = item.path[0] === '!'
-      if (item.inverse) item.path = item.path.slice(1)
-      item.path = routePath(item.path, { defFormat: false })
-      return item
-    }
-
     hash = async (item) => {
       const { hash } = this.app.bajoExtra
       return await hash(item, this.config.auth.common.apiKey.algo)
     }
 
+    getRouteGuards = async (reread) => {
+      const { getModel } = this.app.dobo
+      const { routePath } = this.app.waibu
+      const { map, orderBy } = this.app.lib._
+      if (!reread) return this.routeGuards
+      const model = getModel('SumbaRouteGuard')
+      const results = await model.findAllRecord({ query: { status: 'ACTIVE' } }, { noMagic: true, dataOnly: true })
+      this.routeGuards = orderBy(map(results, item => {
+        item.path = routePath(item.path)
+        return item
+      }), ['weight', 'path'])
+      return this.routeGuards
+    }
+
     createNewSite = createNewSite
     removeSite = removeSite
     getSite = getSite

package/lib/util.js

@@ -1,9 +1,6 @@
-export const checkNoRouteSettingKey = 'setting.waibu.noRoutes.$in'
-
 export function parseNsSettings (ns, setting, items) {
-  const { trim, set, isPlainObject, isArray, isEmpty, find, get, isString } = this.app.lib._
+  const { trim, set, isPlainObject, isArray, isEmpty, find } = this.app.lib._
   const { parseObject, dayjs } = this.app.lib
-  const { routePath } = this.app.waibu
 
   for (const item of items) {
     if (item.ns === '_var' || ns === '_var') continue
@@ -27,30 +24,6 @@ export function parseNsSettings (ns, setting, items) {
     if ((isPlainObject(value) || isArray(value)) && isEmpty(value)) continue
     set(setting, `${ns}.${item.key}`, value)
   }
-  const key = checkNoRouteSettingKey.slice(checkNoRouteSettingKey.indexOf('.') + 1)
-  let noRoutes = get(setting, key, [])
-  if (noRoutes.length > 0) {
-    noRoutes = noRoutes.map(item => {
-      if (!isString(item)) return item
-      let [url, methods] = item.split('|')
-      if (methods === '*' || !methods) methods = 'GET,POST,PUT,DELETE'
-      methods = methods.split(',').map(m => m.trim().toUpperCase())
-      return { url: routePath(url), methods }
-    })
-    set(setting, key, noRoutes)
-  }
-}
-
-export function checkNoRouteSetting (req, routes) {
-  const { isEmpty } = this.app.lib._
-  const { outmatch } = this.app.lib
-  if (isEmpty(routes)) return
-  for (const route of routes) {
-    const isMatchUrl = outmatch(route.url)
-    if (isMatchUrl(req.url) || isMatchUrl(req.routeOptions.url)) {
-      if (route.methods.includes(req.method)) throw this.error('accessDenied', { statusCode: 403 })
-    }
-  }
 }
 
 export function pathsToCheck (req, withHome) {
@@ -84,25 +57,20 @@ export async function checkTheme (req, reply) {
 }
 
 export async function checkTeam (req, reply, source) {
-  const { get, isEmpty } = this.app.lib._
   if (!req.user) return
   const { map } = this.app.lib._
   const paths = pathsToCheck.call(this, req, true)
   const teams = map(req.user.teams, 'alias')
-  let match = this.checkPathsByTeam({ paths, method: req.method, teams, guards: this.teamRoutes })
-  if (!match) match = this.checkPathsByTeam({ paths, method: req.method, teams, guards: this.teamNegRoutes })
-  if (!match) {
-    const guards = map(this.teamRoutes, 'path')
-    match = !this.checkPathsByGuard({ paths, guards })
+  const allGuards = (await this.getRouteGuards()).filter(item => item.siteId === req.site.id + '' && item.teams.length > 0)
+  if (allGuards.length === 0) return // no route guarded
+  let match = this.checkPathsByRoute({ paths, method: req.method, teams, guards: allGuards.filter(item => !item.inverse) })
+  if (!match) return // route is NOT protected by team guard
+  if (match) {
+    const neg = this.checkPathsByRoute({ paths, method: req.method, teams, guards: allGuards.filter(item => item.inverse) })
+    if (neg) match = undefined
   }
   if (!match) throw this.error('accessDenied', { statusCode: 403 })
-  const routes = []
-  for (const team of (req.user.teams ?? [])) {
-    const items = get(team, checkNoRouteSettingKey, [])
-    if (isEmpty(items)) continue
-    routes.push(...items)
-  }
-  checkNoRouteSetting.call(this, req, routes)
+  // passed
 }
 
 export async function checkUserId (req, reply, source) {
@@ -111,10 +79,9 @@ export async function checkUserId (req, reply, source) {
   const userId = get(req, 'session.userId')
 
   const setUser = async () => {
-    const id = get(req, 'session.userId')
-    if (!id) return
+    if (!userId) return
     try {
-      const user = await this.getUserById(id, req)
+      const user = await this.getUserById(userId, req)
       if (user) req.user = user
       else req.session.userId = null
     } catch (err) {
@@ -133,46 +100,47 @@ export async function checkUserId (req, reply, source) {
   }
 
   const paths = pathsToCheck.call(this, req)
-  let securePath = await this.checkPathsByRoute({ paths, method: req.method, guards: this.secureRoutes })
+  const allGuards = (await this.getRouteGuards()).filter(item => item.siteId === req.site.id + '')
+  if (allGuards.length === 0) return false // no routes protected
+  let securePath = await this.checkPathsByRoute({ paths, method: req.method, guards: allGuards.filter(item => !item.anonymous && !item.inverse) })
   if (securePath) {
-    const neg = await this.checkPathsByRoute({ paths, method: req.method, guards: this.secureNegRoutes })
+    const neg = await this.checkPathsByRoute({ paths, method: req.method, guards: allGuards.filter(item => !item.anonymous && item.inverse) })
     if (neg) securePath = undefined
   }
-  let anonymousPath = await this.checkPathsByRoute({ paths, method: req.method, guards: this.anonymousRoutes })
+  let anonymousPath = await this.checkPathsByRoute({ paths, method: req.method, guards: allGuards.filter(item => item.anonymous && !item.inverse) })
   if (anonymousPath) {
-    const neg = await this.checkPathsByRoute({ paths, method: req.method, guards: this.anonymousNegRoutes })
+    const neg = await this.checkPathsByRoute({ paths, method: req.method, guards: allGuards.filter(item => item.anonymous && item.inverse) })
     if (neg) anonymousPath = undefined
   }
   if (!securePath && !anonymousPath) {
     if (userId) await setUser()
-    return
+    return false // regular, unguarded path. Not secure & not anonymous path
   }
   if (anonymousPath) {
-    if (!userId) return
+    if (!userId) return false
     req.session.ref = req.url
     return reply.redirectTo(routePath(this.config.redirect.signout))
   }
-  if (securePath) {
-    if (userId) {
-      await setUser()
-      return
-    }
-    const silentOnError = this.config.auth[webApp].silentOnError ?? this.config.auth.common.silentOnError
-    const payload = silentOnError ? { noContent: true } : undefined
-    const authMethods = this.config.auth[webApp].methods ?? []
-    if (isEmpty(authMethods)) throw this.error('noAuthMethod', merge({ statusCode: 500 }, payload))
-    let success
-    for (const m of authMethods) {
-      const handler = this[camelCase(`verify ${m}`)]
-      if (!handler) throw this.error('invalidAuthMethod%s', m, merge({ statusCode: 500 }, payload))
-      const check = await handler(req, reply, source, payload)
-      if (check) {
-        success = check
-        break
-      }
+  if (userId) {
+    await setUser()
+    return true
+  }
+  const silentOnError = this.config.auth[webApp].silentOnError ?? this.config.auth.common.silentOnError
+  const payload = silentOnError ? { noContent: true } : undefined
+  const authMethods = this.config.auth[webApp].methods ?? []
+  if (isEmpty(authMethods)) throw this.error('noAuthMethod', merge({ statusCode: 500 }, payload))
+  let success
+  for (const m of authMethods) {
+    const handler = this[camelCase(`verify ${m}`)]
+    if (!handler) throw this.error('invalidAuthMethod%s', m, merge({ statusCode: 500 }, payload))
+    const check = await handler(req, reply, source, payload)
+    if (check) {
+      success = check
+      break
     }
-    if (!success) throw this.error('accessDeniedNoAuth', merge({ statusCode: 403 }, payload))
   }
+  if (!success) throw this.error('accessDeniedNoAuth', merge({ statusCode: 403 }, payload))
+  return true
 }
 
 export async function latLngHook (body, options) {
@@ -182,7 +150,14 @@ export async function latLngHook (body, options) {
   body[options.field] = round(body[options.field], options.scale)
 }
 
-export async function checkinterSite (req, reply) {
+/**
+ * If current route is an inter site route user is an inter site admin, then let it passed
+ *
+ * @param {Object} req - Request object
+ * @param {Object} reply - Reply object
+ * @returns
+ */
+export async function checkInterSite (req, reply) {
   const { get } = this.app.lib._
   const isinterSite = get(req, 'routeOptions.config.interSite')
   const isInterSiteAdmin = get(req, 'user.interSiteAdmin')

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sumba",
-  "version": "2.22.0",
+  "version": "2.23.0",
   "description": "Biz Suite for Bajo Framework",
   "main": "index.js",
   "scripts": {

package/wiki/CHANGES.md

@@ -1,5 +1,14 @@
 # Changes
 
+## 2026-05-11
+
+- [2.23.0] Unify route guards and put it in ```SumbaRouteGuard``` database
+- [2.23.0] Phased out ```setting.noRoutes```
+
+## 2026-04-25
+
+- [2.21.1] Bug fix on team routes collections
+
 ## 2026-04-25
 
 - [2.21.0] Change options to format value using the new key set by dobo

package/extend/sumba/route-guard/anonymous.json

@@ -1,10 +0,0 @@
-[{
-  "path": "sumba:/user/**/*",
-  "methods": ["*"]
-}, {
-  "path": "sumba:/signin",
-  "methods": ["*"]
-}, {
-  "path": "sumba.restapi:/user/access-token/**/*",
-  "methods": ["*"]
-}]

package/extend/sumba/route-guard/secure.json

@@ -1,8 +0,0 @@
-[
-  "sumba:/your-stuff/**/*",
-  "sumba:/signout",
-  "sumba:/help/trouble-tickets/**/*",
-  "sumba.restapi:/user/api-key",
-  "sumba.restapi:/your-stuff/**/*",
-  "sumba.restapi:/manage/**/*"
-]

package/lib/collect.js

@@ -1,52 +0,0 @@
-export async function collect ({ type = '', handler, container, file, ns, dir }) {
-  const { readConfig } = this.app.bajo
-  const { parseRouteGuard } = this
-  const { camelCase, find, isEmpty } = this.app.lib._
-  let items = await readConfig(file, { ns, baseNs: this.ns, defValue: [] })
-  if (isEmpty(items)) items = []
-  for (let item of items) {
-    item = parseRouteGuard(item)
-    if (!item) continue
-    if (handler) await handler.call(this, item)
-    const guards = this[camelCase(`${type} ${item.reverse ? 'Neg' : ''} ${container}`)]
-    delete item.reverse
-    if (find(guards, { path: item.path })) continue
-    guards.push(item)
-  }
-}
-
-function collectHandler (item, keys = []) {
-  const { isString } = this.app.lib._
-  for (const k of keys) {
-    item[k] = item[k] ?? []
-    if (isString(item[k])) item[k] = item[k].split(',')
-  }
-}
-
-export async function collectRoutes (type) {
-  const { eachPlugins } = this.app.bajo
-  const me = this
-
-  function handler (item) {
-    collectHandler.call(this, item, ['methods'])
-  }
-
-  await eachPlugins(async function ({ file, dir }) {
-    const { ns } = this
-    await collect.call(me, { type, container: 'Routes', handler, file, ns, dir })
-  }, { glob: `route-guard/${type}.*`, prefix: this.ns })
-}
-
-export async function collectTeam () {
-  const { eachPlugins } = this.app.bajo
-  const me = this
-
-  function handler (item) {
-    collectHandler.call(this, item, ['methods', 'teams', 'features'])
-  }
-
-  await eachPlugins(async function ({ file, dir }) {
-    const { ns } = this
-    await collect.call(me, { type: 'team', container: 'Routes', handler, file, ns, dir })
-  }, { glob: 'route/team.*', prefix: this.ns })
-}