Proxy targets returns an array

2026-04-14 22:06:36 +00:00 · 2026-04-13 20:44:35 -07:00
parent 5d51af4330
commit 03d95874e6
4 changed files with 64 additions and 64 deletions
--- a/server/lib/ip.ts
+++ b/server/lib/ip.ts
@@ -591,7 +591,7 @@ export function generateSubnetProxyTargetV2(
        pubKey: string | null;
        subnet: string | null;
    }[]
-): SubnetProxyTargetV2 | undefined {
+): SubnetProxyTargetV2[] | undefined {
    if (clients.length === 0) {
        logger.debug(
            `No clients have access to site resource ${siteResource.siteResourceId}, skipping target generation.`
@@ -599,7 +599,7 @@ export function generateSubnetProxyTargetV2(
        return;
    }

-    let target: SubnetProxyTargetV2 | null = null;
+    let targets: SubnetProxyTargetV2[] = [];

    const portRange = [
        ...parsePortRangeString(siteResource.tcpPortRangeString, "tcp"),
@@ -614,52 +614,54 @@ export function generateSubnetProxyTargetV2(
        if (ipSchema.safeParse(destination).success) {
            destination = `${destination}/32`;

-            target = {
+            targets.push({
                sourcePrefixes: [],
                destPrefix: destination,
                portRange,
                disableIcmp,
-                resourceId: siteResource.siteResourceId,
-            };
+                resourceId: siteResource.siteResourceId
+            });
        }

        if (siteResource.alias && siteResource.aliasAddress) {
            // also push a match for the alias address
-            target = {
+            targets.push({
                sourcePrefixes: [],
                destPrefix: `${siteResource.aliasAddress}/32`,
                rewriteTo: destination,
                portRange,
                disableIcmp,
-                resourceId: siteResource.siteResourceId,
-            };
+                resourceId: siteResource.siteResourceId
+            });
        }
    } else if (siteResource.mode == "cidr") {
-        target = {
+        targets.push({
            sourcePrefixes: [],
            destPrefix: siteResource.destination,
            portRange,
            disableIcmp,
-            resourceId: siteResource.siteResourceId,
-        };
+            resourceId: siteResource.siteResourceId
+        });
    }

-    if (!target) {
+    if (targets.length == 0) {
        return;
    }

-    for (const clientSite of clients) {
-        if (!clientSite.subnet) {
-            logger.debug(
-                `Client ${clientSite.clientId} has no subnet, skipping for site resource ${siteResource.siteResourceId}.`
-            );
-            continue;
+    for (const target of targets) {
+        for (const clientSite of clients) {
+            if (!clientSite.subnet) {
+                logger.debug(
+                    `Client ${clientSite.clientId} has no subnet, skipping for site resource ${siteResource.siteResourceId}.`
+                );
+                continue;
+            }
+
+            const clientPrefix = `${clientSite.subnet.split("/")[0]}/32`;
+
+            // add client prefix to source prefixes
+            target.sourcePrefixes.push(clientPrefix);
        }
-
-        const clientPrefix = `${clientSite.subnet.split("/")[0]}/32`;
-
-        // add client prefix to source prefixes
-        target.sourcePrefixes.push(clientPrefix);
    }

    // print a nice representation of the targets
@@ -667,36 +669,34 @@ export function generateSubnetProxyTargetV2(
    //     `Generated subnet proxy targets for: ${JSON.stringify(targets, null, 2)}`
    // );

-    return target;
+    return targets;
 }

-
 /**
 * Converts a SubnetProxyTargetV2 to an array of SubnetProxyTarget (v1)
 * by expanding each source prefix into its own target entry.
 * @param targetV2 - The v2 target to convert
 * @returns Array of v1 SubnetProxyTarget objects
 */
- export function convertSubnetProxyTargetsV2ToV1(
-     targetsV2: SubnetProxyTargetV2[]
- ): SubnetProxyTarget[] {
-     return targetsV2.flatMap((targetV2) =>
-         targetV2.sourcePrefixes.map((sourcePrefix) => ({
-             sourcePrefix,
-             destPrefix: targetV2.destPrefix,
-             ...(targetV2.disableIcmp !== undefined && {
-                 disableIcmp: targetV2.disableIcmp
-             }),
-             ...(targetV2.rewriteTo !== undefined && {
-                 rewriteTo: targetV2.rewriteTo
-             }),
-             ...(targetV2.portRange !== undefined && {
-                 portRange: targetV2.portRange
-             })
-         }))
-     );
- }
-
+export function convertSubnetProxyTargetsV2ToV1(
+    targetsV2: SubnetProxyTargetV2[]
+): SubnetProxyTarget[] {
+    return targetsV2.flatMap((targetV2) =>
+        targetV2.sourcePrefixes.map((sourcePrefix) => ({
+            sourcePrefix,
+            destPrefix: targetV2.destPrefix,
+            ...(targetV2.disableIcmp !== undefined && {
+                disableIcmp: targetV2.disableIcmp
+            }),
+            ...(targetV2.rewriteTo !== undefined && {
+                rewriteTo: targetV2.rewriteTo
+            }),
+            ...(targetV2.portRange !== undefined && {
+                portRange: targetV2.portRange
+            })
+        }))
+    );
+}

 // Custom schema for validating port range strings
 // Format: "80,443,8000-9000" or "*" for all ports, or empty string