feat(backend): add permission check for gateway configuration routes

Lasim · Lasim · commit f069cbe602f5 · 2025-08-15T22:36:34.000+02:00
diff --git a/services/backend/src/routes/gateway/config/get-client-config.ts b/services/backend/src/routes/gateway/config/get-client-config.ts
@@ -1,5 +1,6 @@
 import { type FastifyInstance } from 'fastify';
 import { requireAuthenticationAny, requireOAuthScope } from '../../../middleware/oauthMiddleware';
+import { requirePermission } from '../../../middleware/roleMiddleware';
 import { 
   CLIENT_PARAM_SCHEMA, 
   SUCCESS_RESPONSE_SCHEMA, 
@@ -63,7 +64,8 @@ export default async function getClientConfig(server: FastifyInstance) {
   server.get('/gateway/config/:client', {
     preValidation: [
       requireAuthenticationAny(),
-      requireOAuthScope('gateway:config:read')
+      requireOAuthScope('gateway:config:read'),
+      requirePermission('gateway.config:read')
     ],
     schema: {
       tags: ['Gateway Configuration'],
diff --git a/services/backend/src/routes/gateway/config/list-clients.ts b/services/backend/src/routes/gateway/config/list-clients.ts
@@ -1,5 +1,6 @@
 import { type FastifyInstance } from 'fastify';
 import { requireAuthenticationAny, requireOAuthScope } from '../../../middleware/oauthMiddleware';
+import { requirePermission } from '../../../middleware/roleMiddleware';
 import { 
   CLIENT_TYPES, 
   CLIENTS_LIST_RESPONSE_SCHEMA, 
@@ -12,7 +13,8 @@ export default async function listClients(server: FastifyInstance) {
   server.get('/gateway/config/clients', {
     preValidation: [
       requireAuthenticationAny(),
-      requireOAuthScope('gateway:config:read')
+      requireOAuthScope('gateway:config:read'),
+      requirePermission('gateway.config:read')
     ],
     schema: {
       tags: ['Gateway Configuration'],
