pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-03-03 17:26:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Calc session id correctly

Browse Source
This commit is contained in:
Owen
2025-12-07 15:01:18 -05:00
parent 5a60f66ae0
commit 042c88ccb8
2 changed files with 26 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
server/routers/olm/handleOlmPingMessage.ts
View File

@@ -7,6 +7,8 @@ import logger from "@server/logger";
import { validateSessionToken } from "@server/auth/sessions/app"; import { validateSessionToken } from "@server/auth/sessions/app";
import { checkOrgAccessPolicy } from "#dynamic/lib/checkOrgAccessPolicy"; import { checkOrgAccessPolicy } from "#dynamic/lib/checkOrgAccessPolicy";
import { sendTerminateClient } from "../client/terminate"; import { sendTerminateClient } from "../client/terminate";
import { encodeHexLowerCase } from "@oslojs/encoding";
import { sha256 } from "@oslojs/crypto/sha2";
// Track if the offline checker interval is running // Track if the offline checker interval is running
let offlineCheckerInterval: NodeJS.Timeout | null = null; let offlineCheckerInterval: NodeJS.Timeout | null = null;
@@ -133,10 +135,14 @@ export const handleOlmPingMessage: MessageHandler = async (context) => {
return; return;
} }
const sessionId = encodeHexLowerCase(
sha256(new TextEncoder().encode(userToken))
);
const policyCheck = await checkOrgAccessPolicy({ const policyCheck = await checkOrgAccessPolicy({
orgId: client.orgId, orgId: client.orgId,
userId: olm.userId, userId: olm.userId,
sessionId: userToken // this is the user token passed in the message sessionId // this is the user token passed in the message
}); });
if (!policyCheck.allowed) { if (!policyCheck.allowed) {

39
server/routers/olm/handleOlmRegisterMessage.ts
View File

@@ -1,17 +1,8 @@
import { import {
Client,
clientSiteResourcesAssociationsCache, clientSiteResourcesAssociationsCache,
db, db,
ExitNode,
Org,
orgs, orgs,
roleClients, siteResources
roles,
siteResources,
Transaction,
userClients,
userOrgs,
users
} from "@server/db"; } from "@server/db";
import { MessageHandler } from "@server/routers/ws"; import { MessageHandler } from "@server/routers/ws";
import { import {
@@ -25,16 +16,13 @@ import {
import { and, eq, inArray, isNull } from "drizzle-orm"; import { and, eq, inArray, isNull } from "drizzle-orm";
import { addPeer, deletePeer } from "../newt/peers"; import { addPeer, deletePeer } from "../newt/peers";
import logger from "@server/logger"; import logger from "@server/logger";
import { listExitNodes } from "#dynamic/lib/exitNodes"; import { generateAliasConfig } from "@server/lib/ip";
import {
generateAliasConfig,
getNextAvailableClientSubnet
} from "@server/lib/ip";
import { generateRemoteSubnets } from "@server/lib/ip"; import { generateRemoteSubnets } from "@server/lib/ip";
import { rebuildClientAssociationsFromClient } from "@server/lib/rebuildClientAssociations";
import { checkOrgAccessPolicy } from "#dynamic/lib/checkOrgAccessPolicy"; import { checkOrgAccessPolicy } from "#dynamic/lib/checkOrgAccessPolicy";
import { validateSessionToken } from "@server/auth/sessions/app"; import { validateSessionToken } from "@server/auth/sessions/app";
import config from "@server/lib/config"; import config from "@server/lib/config";
import { encodeHexLowerCase } from "@oslojs/encoding";
import { sha256 } from "@oslojs/crypto/sha2";
export const handleOlmRegisterMessage: MessageHandler = async (context) => { export const handleOlmRegisterMessage: MessageHandler = async (context) => {
logger.info("Handling register olm message!"); logger.info("Handling register olm message!");
@@ -48,7 +36,8 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => {
return; return;
} }
const { publicKey, relay, olmVersion, olmAgent, orgId, userToken } = message.data; const { publicKey, relay, olmVersion, olmAgent, orgId, userToken } =
message.data;
if (!olm.clientId) { if (!olm.clientId) {
logger.warn("Olm client ID not found"); logger.warn("Olm client ID not found");
@@ -94,10 +83,14 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => {
return; return;
} }
const sessionId = encodeHexLowerCase(
sha256(new TextEncoder().encode(userToken))
);
const policyCheck = await checkOrgAccessPolicy({ const policyCheck = await checkOrgAccessPolicy({
orgId: orgId, orgId: orgId,
userId: olm.userId, userId: olm.userId,
sessionId: userToken // this is the user token passed in the message sessionId // this is the user token passed in the message
}); });
if (!policyCheck.allowed) { if (!policyCheck.allowed) {
@@ -117,7 +110,10 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => {
return; return;
} }
if ((olmVersion && olm.version !== olmVersion) || (olmAgent && olm.agent !== olmAgent)) { if (
(olmVersion && olm.version !== olmVersion) ||
(olmAgent && olm.agent !== olmAgent)
) {
await db await db
.update(olms) .update(olms)
.set({ .set({
@@ -175,7 +171,10 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => {
} }
// Process each site // Process each site
for (const { sites: site, clientSitesAssociationsCache: association } of sitesData) { for (const {
sites: site,
clientSitesAssociationsCache: association
} of sitesData) {
if (!site.exitNodeId) { if (!site.exitNodeId) {
logger.warn( logger.warn(
`Site ${site.siteId} does not have exit node, skipping` `Site ${site.siteId} does not have exit node, skipping`