82 lines
2.0 KiB
TypeScript
82 lines
2.0 KiB
TypeScript
import {
|
|
clearUserDeviceMdmId,
|
|
getMdmStatusByUdid,
|
|
getUserDeviceByDeviceId,
|
|
} from "../../../../db/mdm";
|
|
import { getDeviceProtectionState } from "../../../../db/device-protection";
|
|
import { requireUser } from "../../../../utils/auth";
|
|
|
|
/**
|
|
* GET /api/magic/devices/:deviceId/mdm
|
|
*
|
|
* Returns the NanoMDM enrollment status for the user's iOS device and the
|
|
* locally tracked nefilter (lock profile) protection state.
|
|
*/
|
|
export default defineEventHandler(async (event) => {
|
|
const user = await requireUser(event);
|
|
const deviceId = getRouterParam(event, "deviceId");
|
|
|
|
if (!deviceId) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
data: { error: "device_id_required" },
|
|
});
|
|
}
|
|
|
|
const device = await getUserDeviceByDeviceId(user.id, deviceId, "ios");
|
|
|
|
if (!device) {
|
|
throw createError({
|
|
statusCode: 404,
|
|
data: { error: "device_not_found" },
|
|
});
|
|
}
|
|
|
|
// Not linked to a NanoMDM UDID → enrolled false.
|
|
if (!device.mdmId) {
|
|
return {
|
|
success: true,
|
|
data: { enrolled: false },
|
|
};
|
|
}
|
|
|
|
let status: Awaited<ReturnType<typeof getMdmStatusByUdid>>;
|
|
try {
|
|
status = await getMdmStatusByUdid(device.mdmId);
|
|
} catch (err: any) {
|
|
console.error("[MDM] NanoMDM DB query failed:", err);
|
|
throw createError({
|
|
statusCode: 503,
|
|
message: "mdm_db_unreachable",
|
|
data: { code: "mdm_db_unreachable" },
|
|
});
|
|
}
|
|
|
|
// UDID stored but no longer present in NanoMDM → clear stale link.
|
|
if (!status.enrolled) {
|
|
await clearUserDeviceMdmId(user.id, deviceId);
|
|
return {
|
|
success: true,
|
|
data: { enrolled: false },
|
|
};
|
|
}
|
|
|
|
// Lock-profile state is derived from the locally tracked nefilter state,
|
|
// not from MDM enrollment alone.
|
|
const lockState = await getDeviceProtectionState(
|
|
user.id,
|
|
deviceId,
|
|
"nefilter",
|
|
);
|
|
|
|
return {
|
|
success: true,
|
|
data: {
|
|
enrolled: true,
|
|
company: "ReBreak",
|
|
supervised: true,
|
|
lockProfileInstalled: lockState?.active ?? false,
|
|
lastAppPushAt: status.lastAppPushAt?.toISOString() ?? null,
|
|
},
|
|
};
|
|
}); |