pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-02-25 14:26:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Squashed commit of the following:

Browse Source 
commit c276d2193da5dbe7af5197bdf7e2bcce6f87b0cf
Author: Owen Schwartz <owen@txv.io>
Date:   Tue Jan 28 22:06:04 2025 -0500

    Okay actually now

commit 9afdc0aadc3f4fb4e811930bacff70a9e17eab9f
Author: Owen Schwartz <owen@txv.io>
Date:   Tue Jan 28 21:58:44 2025 -0500

    Migrations working finally

commit a7336b3b2466fe74d650b9c253ecadbe1eff749d
Merge: e7c7203 fdb1ab4
Author: Owen Schwartz <owen@txv.io>
Date:   Mon Jan 27 22:19:15 2025 -0500

    Merge branch 'dev' into tcp-udp-traffic

commit e7c7203330b1b08e570048b10ef314b55068e466
Author: Owen Schwartz <owen@txv.io>
Date:   Mon Jan 27 22:18:09 2025 -0500

    Working on migration

commit a4704dfd44b10647257c7c7054c0dae806d315bb
Author: Owen Schwartz <owen@txv.io>
Date:   Mon Jan 27 21:40:52 2025 -0500

    Add flag to allow raw resources

commit d74f7a57ed11e2a6bf1a7e0c28c29fb07eb573a0
Merge: 6817788 d791b9b
Author: Owen Schwartz <owen@txv.io>
Date:   Mon Jan 27 21:28:50 2025 -0500

    Merge branch 'tcp-udp-traffic' of https://github.com/fosrl/pangolin into tcp-udp-traffic

commit 68177882781b54ef30b62cca7dee8bbed7c5a2fa
Author: Owen Schwartz <owen@txv.io>
Date:   Mon Jan 27 21:28:32 2025 -0500

    Get everything working

commit d791b9b47f9f6ca050d6edfd1d674438f8562d99
Author: Milo Schwartz <mschwartz10612@gmail.com>
Date:   Mon Jan 27 17:46:19 2025 -0500

    fix orgId check in verifyAdmin

commit 6ac30afd7a449a126190d311bd98d7f1048f73a4
Author: Owen Schwartz <owen@txv.io>
Date:   Sun Jan 26 23:19:33 2025 -0500

    Trying to figure out traefik...

commit 9886b42272882f8bb6baff2efdbe26cee7cac2b6
Merge: 786e67e 85e9129
Author: Owen Schwartz <owen@txv.io>
Date:   Sun Jan 26 21:53:32 2025 -0500

    Merge branch 'tcp-udp-traffic' of https://github.com/fosrl/pangolin into tcp-udp-traffic

commit 786e67eadd6df1ee8df24e77aed20c1f1fc9ca67
Author: Owen Schwartz <owen@txv.io>
Date:   Sun Jan 26 21:51:37 2025 -0500

    Bug fixing

commit 85e9129ae313b2e4a460a8bc53a0af9f9fbbafb2
Author: Milo Schwartz <mschwartz10612@gmail.com>
Date:   Sun Jan 26 18:35:24 2025 -0500

    rethrow errors in migration and remove permanent redirect

commit bd82699505fc7510c27f72cd80ea0ce815d8c5ef
Author: Owen Schwartz <owen@txv.io>
Date:   Sun Jan 26 17:49:12 2025 -0500

    Fix merge issue

commit 933dbf3a02b1f19fd1f627410b2407fdf05cd9bf
Author: Owen Schwartz <owen@txv.io>
Date:   Sun Jan 26 17:46:13 2025 -0500

    Add sql to update resources and targets

commit f19437bad847c8dbf57fddd2c48cd17bab20ddb0
Merge: 58980eb 9f1f291
Author: Owen Schwartz <owen@txv.io>
Date:   Sun Jan 26 17:19:51 2025 -0500

    Merge branch 'dev' into tcp-udp-traffic

commit 58980ebb64d1040b4d224c76beb38c2254f3c5d9
Merge: 1de682a d284d36
Author: Owen Schwartz <owen@txv.io>
Date:   Sun Jan 26 17:10:09 2025 -0500

    Merge branch 'dev' into tcp-udp-traffic

commit 1de682a9f6039f40e05c8901c7381a94b0d018ed
Author: Owen Schwartz <owen@txv.io>
Date:   Sun Jan 26 17:08:29 2025 -0500

    Working on migrations

commit dc853d2bc02b11997be5c3c7ea789402716fb4c2
Author: Owen Schwartz <owen@txv.io>
Date:   Sun Jan 26 16:56:49 2025 -0500

    Finish config of resource pages

commit 37c681c08d7ab73d2cad41e7ef1dbe3a8852e1f2
Author: Owen Schwartz <owen@txv.io>
Date:   Sun Jan 26 16:07:25 2025 -0500

    Finish up table

commit 461c6650bbea0d7439cc042971ec13fdb52a7431
Author: Owen Schwartz <owen@txv.io>
Date:   Sun Jan 26 15:54:46 2025 -0500

    Working toward having dual resource types

commit f0894663627375e16ce6994370cb30b298efc2dc
Author: Owen Schwartz <owen@txv.io>
Date:   Sat Jan 25 22:31:25 2025 -0500

    Add qutoes

commit edc535b79b94c2e65b290cd90a69fe17d27245e9
Author: Owen Schwartz <owen@txv.io>
Date:   Sat Jan 25 22:28:45 2025 -0500

    Add readTimeout to allow long file uploads

commit 194892fa14b505bd7c2b31873dc13d4b8996c0e1
Author: Owen Schwartz <owen@txv.io>
Date:   Sat Jan 25 20:37:34 2025 -0500

    Rework traefik config generation

commit ad3f896b5333e4706d610c3198f29dcd67610365
Author: Owen Schwartz <owen@txv.io>
Date:   Sat Jan 25 13:01:47 2025 -0500

    Add proxy port to api

commit ca6013b2ffda0924a696ec3141825a54a4e5297d
Author: Owen Schwartz <owen@txv.io>
Date:   Sat Jan 25 12:58:01 2025 -0500

    Add migration

commit 2258d76cb3a49d3db7f05f76d8b8a9f1c248b5e4
Author: Owen Schwartz <owen@txv.io>
Date:   Sat Jan 25 12:55:02 2025 -0500

    Add new proxy port
This commit is contained in:
Owen Schwartz
2025-01-28 22:26:45 -05:00
parent f874449d36
commit 0e04e82b88
32 changed files with 1003 additions and 451 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/routers/badger/exchangeSession.ts
View File

@@ -163,7 +163,7 @@ export async function exchangeSession(
const cookieName = `${config.getRawConfig().server.session_cookie_name}`;
const cookie = serializeResourceSessionCookie(
cookieName,
resource.fullDomain,
resource.fullDomain!,
token,
!resource.ssl
);

2
server/routers/badger/verifySession.ts
View File

@@ -352,7 +352,7 @@ async function createAccessTokenSession(
const cookieName = `${config.getRawConfig().server.session_cookie_name}`;
const cookie = serializeResourceSessionCookie(
cookieName,
resource.fullDomain,
resource.fullDomain!,
token,
!resource.ssl
);

12
server/routers/internal.ts
View File

@@ -1,11 +1,12 @@
import { Router } from "express";
import * as gerbil from "@server/routers/gerbil";
import * as badger from "@server/routers/badger";
import * as traefik from "@server/routers/traefik";
import * as auth from "@server/routers/auth";
import * as resource from "@server/routers/resource";
import HttpCode from "@server/types/HttpCode";
import { verifyResourceAccess, verifySessionUserMiddleware } from "@server/middlewares";
import { getExchangeToken } from "./resource/getExchangeToken";
import { verifyResourceSession } from "./badger";
import { exchangeSession } from "./badger/exchangeSession";
// Root routes
const internalRouter = Router();
@@ -15,6 +16,7 @@ internalRouter.get("/", (_, res) => {
});
internalRouter.get("/traefik-config", traefik.traefikConfigProvider);
internalRouter.get(
"/resource-session/:resourceId/:token",
auth.checkResourceSession
@@ -24,7 +26,7 @@ internalRouter.post(
`/resource/:resourceId/get-exchange-token`,
verifySessionUserMiddleware,
verifyResourceAccess,
resource.getExchangeToken
getExchangeToken
);
// Gerbil routes
@@ -38,7 +40,7 @@ gerbilRouter.post("/receive-bandwidth", gerbil.receiveBandwidth);
const badgerRouter = Router();
internalRouter.use("/badger", badgerRouter);
badgerRouter.post("/verify-session", badger.verifyResourceSession);
badgerRouter.post("/exchange-session", badger.exchangeSession);
badgerRouter.post("/verify-session", verifyResourceSession);
badgerRouter.post("/exchange-session", exchangeSession);
export default internalRouter;

94
server/routers/newt/handleRegisterMessage.ts
View File

@@ -1,7 +1,13 @@
import db from "@server/db";
import { MessageHandler } from "../ws";
import { exitNodes, resources, sites, targets } from "@server/db/schema";
import { eq, inArray } from "drizzle-orm";
import {
exitNodes,
resources,
sites,
Target,
targets
} from "@server/db/schema";
import { eq, and, sql } from "drizzle-orm";
import { addPeer, deletePeer } from "../gerbil/peers";
import logger from "@server/logger";
@@ -69,37 +75,67 @@ export const handleRegisterMessage: MessageHandler = async (context) => {
allowedIps: [site.subnet]
});
const siteResources = await db
.select()
const allResources = await db
.select({
// Resource fields
resourceId: resources.resourceId,
subdomain: resources.subdomain,
fullDomain: resources.fullDomain,
ssl: resources.ssl,
blockAccess: resources.blockAccess,
sso: resources.sso,
emailWhitelistEnabled: resources.emailWhitelistEnabled,
http: resources.http,
proxyPort: resources.proxyPort,
protocol: resources.protocol,
// Targets as a subquery
targets: sql<string>`json_group_array(json_object(
'targetId', ${targets.targetId},
'ip', ${targets.ip},
'method', ${targets.method},
'port', ${targets.port},
'internalPort', ${targets.internalPort},
'enabled', ${targets.enabled}
))`.as("targets")
})
.from(resources)
.where(eq(resources.siteId, siteId));
// get the targets from the resourceIds
const siteTargets = await db
.select()
.from(targets)
.where(
inArray(
targets.resourceId,
siteResources.map((resource) => resource.resourceId)
.leftJoin(
targets,
and(
eq(targets.resourceId, resources.resourceId),
eq(targets.enabled, true)
)
);
)
.groupBy(resources.resourceId);
const udpTargets = siteTargets
.filter((target) => target.protocol === "udp")
.map((target) => {
return `${target.internalPort ? target.internalPort + ":" : ""}${
target.ip
}:${target.port}`;
});
let tcpTargets: string[] = [];
let udpTargets: string[] = [];
const tcpTargets = siteTargets
.filter((target) => target.protocol === "tcp")
.map((target) => {
return `${target.internalPort ? target.internalPort + ":" : ""}${
target.ip
}:${target.port}`;
});
for (const resource of allResources) {
const targets = JSON.parse(resource.targets);
if (!targets || targets.length === 0) {
continue;
}
if (resource.protocol === "tcp") {
tcpTargets = tcpTargets.concat(
targets.map(
(target: Target) =>
`${
target.internalPort ? target.internalPort + ":" : ""
}${target.ip}:${target.port}`
)
);
} else {
udpTargets = tcpTargets.concat(
targets.map(
(target: Target) =>
`${
target.internalPort ? target.internalPort + ":" : ""
}${target.ip}:${target.port}`
)
);
}
}
return {
message: {

97
server/routers/newt/targets.ts
View File

@@ -1,73 +1,44 @@
import { Target } from "@server/db/schema";
import { sendToClient } from "../ws";
export async function addTargets(newtId: string, targets: Target[]): Promise<void> {
export async function addTargets(
newtId: string,
targets: Target[],
protocol: string
): Promise<void> {
//create a list of udp and tcp targets
const udpTargets = targets
.filter((target) => target.protocol === "udp")
.map((target) => {
return `${target.internalPort ? target.internalPort + ":" : ""}${target.ip}:${target.port}`;
});
const payloadTargets = targets.map((target) => {
return `${target.internalPort ? target.internalPort + ":" : ""}${
target.ip
}:${target.port}`;
});
const tcpTargets = targets
.filter((target) => target.protocol === "tcp")
.map((target) => {
return `${target.internalPort ? target.internalPort + ":" : ""}${target.ip}:${target.port}`;
});
if (udpTargets.length > 0) {
const payload = {
type: `newt/udp/add`,
data: {
targets: udpTargets,
},
};
sendToClient(newtId, payload);
}
if (tcpTargets.length > 0) {
const payload = {
type: `newt/tcp/add`,
data: {
targets: tcpTargets,
},
};
sendToClient(newtId, payload);
}
const payload = {
type: `newt/${protocol}/add`,
data: {
targets: payloadTargets
}
};
sendToClient(newtId, payload);
}
export async function removeTargets(newtId: string, targets: Target[]): Promise<void> {
export async function removeTargets(
newtId: string,
targets: Target[],
protocol: string
): Promise<void> {
//create a list of udp and tcp targets
const udpTargets = targets
.filter((target) => target.protocol === "udp")
.map((target) => {
return `${target.internalPort ? target.internalPort + ":" : ""}${target.ip}:${target.port}`;
});
const payloadTargets = targets.map((target) => {
return `${target.internalPort ? target.internalPort + ":" : ""}${
target.ip
}:${target.port}`;
});
const tcpTargets = targets
.filter((target) => target.protocol === "tcp")
.map((target) => {
return `${target.internalPort ? target.internalPort + ":" : ""}${target.ip}:${target.port}`;
});
if (udpTargets.length > 0) {
const payload = {
type: `newt/udp/remove`,
data: {
targets: udpTargets,
},
};
sendToClient(newtId, payload);
}
if (tcpTargets.length > 0) {
const payload = {
type: `newt/tcp/remove`,
data: {
targets: tcpTargets,
},
};
sendToClient(newtId, payload);
}
const payload = {
type: `newt/${protocol}/remove`,
data: {
targets: payloadTargets
}
};
sendToClient(newtId, payload);
}

100
server/routers/resource/createResource.ts
View File

@@ -16,7 +16,6 @@ import createHttpError from "http-errors";
import { eq, and } from "drizzle-orm";
import stoi from "@server/lib/stoi";
import { fromError } from "zod-validation-error";
import { subdomainSchema } from "@server/schemas/subdomainSchema";
import logger from "@server/logger";
const createResourceParamsSchema = z
@@ -28,11 +27,36 @@ const createResourceParamsSchema = z
const createResourceSchema = z
.object({
subdomain: z
.union([
z
.string()
.regex(
/^(?!:\/\/)([a-zA-Z0-9-_]+\.)*[a-zA-Z0-9-_]+$/,
"Invalid subdomain format"
)
.min(1, "Subdomain must be at least 1 character long")
.transform((val) => val.toLowerCase()),
z.string().optional()
])
.optional(),
name: z.string().min(1).max(255),
subdomain: subdomainSchema
})
.strict();
http: z.boolean(),
protocol: z.string(),
proxyPort: z.number().int().min(1).max(65535).optional(),
}).refine(
(data) => {
if (data.http === true) {
return true;
}
return !!data.proxyPort;
},
{
message: "Port number is required for non-HTTP resources",
path: ["proxyPort"]
}
);
export type CreateResourceResponse = Resource;
export async function createResource(
@@ -51,7 +75,7 @@ export async function createResource(
);
}
let { name, subdomain } = parsedBody.data;
let { name, subdomain, protocol, proxyPort, http } = parsedBody.data;
// Validate request params
const parsedParams = createResourceParamsSchema.safeParse(req.params);
@@ -89,15 +113,65 @@ export async function createResource(
}
const fullDomain = `${subdomain}.${org[0].domain}`;
// if http is false check to see if there is already a resource with the same port and protocol
if (!http) {
const existingResource = await db
.select()
.from(resources)
.where(
and(
eq(resources.protocol, protocol),
eq(resources.proxyPort, proxyPort!)
)
);
if (existingResource.length > 0) {
return next(
createHttpError(
HttpCode.CONFLICT,
"Resource with that protocol and port already exists"
)
);
}
} else {
if (proxyPort === 443 || proxyPort === 80) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"Port 80 and 443 are reserved for https resources"
)
);
}
// make sure the full domain is unique
const existingResource = await db
.select()
.from(resources)
.where(eq(resources.fullDomain, fullDomain));
if (existingResource.length > 0) {
return next(
createHttpError(
HttpCode.CONFLICT,
"Resource with that domain already exists"
)
);
}
}
await db.transaction(async (trx) => {
const newResource = await trx
.insert(resources)
.values({
siteId,
fullDomain,
fullDomain: http? fullDomain : null,
orgId,
name,
subdomain,
http,
protocol,
proxyPort,
ssl: true
})
.returning();
@@ -135,18 +209,6 @@ export async function createResource(
});
});
} catch (error) {
if (
error instanceof SqliteError &&
error.code === "SQLITE_CONSTRAINT_UNIQUE"
) {
return next(
createHttpError(
HttpCode.CONFLICT,
"Resource with that subdomain already exists"
)
);
}
logger.error(error);
return next(
createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")

2
server/routers/resource/deleteResource.ts
View File

@@ -103,7 +103,7 @@ export async function deleteResource(
.where(eq(newts.siteId, site.siteId))
.limit(1);
removeTargets(newt.newtId, targetsToBeRemoved);
removeTargets(newt.newtId, targetsToBeRemoved, deletedResource.protocol);
}
}

10
server/routers/resource/listResources.ts
View File

@@ -63,7 +63,10 @@ function queryResources(
passwordId: resourcePassword.passwordId,
pincodeId: resourcePincode.pincodeId,
sso: resources.sso,
whitelist: resources.emailWhitelistEnabled
whitelist: resources.emailWhitelistEnabled,
http: resources.http,
protocol: resources.protocol,
proxyPort: resources.proxyPort
})
.from(resources)
.leftJoin(sites, eq(resources.siteId, sites.siteId))
@@ -93,7 +96,10 @@ function queryResources(
passwordId: resourcePassword.passwordId,
sso: resources.sso,
pincodeId: resourcePincode.pincodeId,
whitelist: resources.emailWhitelistEnabled
whitelist: resources.emailWhitelistEnabled,
http: resources.http,
protocol: resources.protocol,
proxyPort: resources.proxyPort
})
.from(resources)
.leftJoin(sites, eq(resources.siteId, sites.siteId))

2
server/routers/resource/updateResource.ts
View File

@@ -26,8 +26,8 @@ const updateResourceBodySchema = z
ssl: z.boolean().optional(),
sso: z.boolean().optional(),
blockAccess: z.boolean().optional(),
proxyPort: z.number().int().min(1).max(65535).optional(),
emailWhitelistEnabled: z.boolean().optional()
// siteId: z.number(),
})
.strict()
.refine((data) => Object.keys(data).length > 0, {

11
server/routers/target/createTarget.ts
View File

@@ -53,9 +53,8 @@ const createTargetParamsSchema = z
const createTargetSchema = z
.object({
ip: domainSchema,
method: z.string().min(1).max(10),
method: z.string().optional().nullable(),
port: z.number().int().min(1).max(65535),
protocol: z.string().optional(),
enabled: z.boolean().default(true)
})
.strict();
@@ -94,9 +93,7 @@ export async function createTarget(
// get the resource
const [resource] = await db
.select({
siteId: resources.siteId
})
.select()
.from(resources)
.where(eq(resources.resourceId, resourceId));
@@ -130,7 +127,6 @@ export async function createTarget(
.insert(targets)
.values({
resourceId,
protocol: "tcp", // hard code for now
...targetData
})
.returning();
@@ -163,7 +159,6 @@ export async function createTarget(
.insert(targets)
.values({
resourceId,
protocol: "tcp", // hard code for now
internalPort,
...targetData
})
@@ -186,7 +181,7 @@ export async function createTarget(
.where(eq(newts.siteId, site.siteId))
.limit(1);
addTargets(newt.newtId, newTarget);
addTargets(newt.newtId, newTarget, resource.protocol);
}
}
}

6
server/routers/target/deleteTarget.ts
View File

@@ -50,9 +50,7 @@ export async function deleteTarget(
}
// get the resource
const [resource] = await db
.select({
siteId: resources.siteId
})
.select()
.from(resources)
.where(eq(resources.resourceId, deletedTarget.resourceId!));
@@ -110,7 +108,7 @@ export async function deleteTarget(
.where(eq(newts.siteId, site.siteId))
.limit(1);
removeTargets(newt.newtId, [deletedTarget]);
removeTargets(newt.newtId, [deletedTarget], resource.protocol);
}
}

1
server/routers/target/listTargets.ts
View File

@@ -40,7 +40,6 @@ function queryTargets(resourceId: number) {
ip: targets.ip,
method: targets.method,
port: targets.port,
protocol: targets.protocol,
enabled: targets.enabled,
resourceId: targets.resourceId
// resourceName: resources.name,

8
server/routers/target/updateTarget.ts
View File

@@ -49,7 +49,7 @@ const updateTargetParamsSchema = z
const updateTargetBodySchema = z
.object({
ip: domainSchema.optional(),
method: z.string().min(1).max(10).optional(),
method: z.string().min(1).max(10).optional().nullable(),
port: z.number().int().min(1).max(65535).optional(),
enabled: z.boolean().optional()
})
@@ -103,9 +103,7 @@ export async function updateTarget(
// get the resource
const [resource] = await db
.select({
siteId: resources.siteId
})
.select()
.from(resources)
.where(eq(resources.resourceId, target.resourceId!));
@@ -167,7 +165,7 @@ export async function updateTarget(
.where(eq(newts.siteId, site.siteId))
.limit(1);
addTargets(newt.newtId, [updatedTarget]);
addTargets(newt.newtId, [updatedTarget], resource.protocol);
}
}
return response(res, {

342
server/routers/traefik/getTraefikConfig.ts
View File

@@ -1,173 +1,267 @@
import { Request, Response } from "express";
import db from "@server/db";
import * as schema from "@server/db/schema";
import { and, eq, isNotNull } from "drizzle-orm";
import { and, eq } from "drizzle-orm";
import logger from "@server/logger";
import HttpCode from "@server/types/HttpCode";
import config from "@server/lib/config";
import { orgs, resources, sites, Target, targets } from "@server/db/schema";
import { sql } from "drizzle-orm";
export async function traefikConfigProvider(
_: Request,
res: Response,
res: Response
): Promise<any> {
try {
const all = await db
.select()
.from(schema.targets)
.innerJoin(
schema.resources,
eq(schema.targets.resourceId, schema.resources.resourceId),
)
.innerJoin(
schema.orgs,
eq(schema.resources.orgId, schema.orgs.orgId),
)
.innerJoin(
schema.sites,
eq(schema.sites.siteId, schema.resources.siteId),
)
.where(
const allResources = await db
.select({
// Resource fields
resourceId: resources.resourceId,
subdomain: resources.subdomain,
fullDomain: resources.fullDomain,
ssl: resources.ssl,
blockAccess: resources.blockAccess,
sso: resources.sso,
emailWhitelistEnabled: resources.emailWhitelistEnabled,
http: resources.http,
proxyPort: resources.proxyPort,
protocol: resources.protocol,
// Site fields
site: {
siteId: sites.siteId,
type: sites.type,
subnet: sites.subnet
},
// Org fields
org: {
orgId: orgs.orgId,
domain: orgs.domain
},
// Targets as a subquery
targets: sql<string>`json_group_array(json_object(
'targetId', ${targets.targetId},
'ip', ${targets.ip},
'method', ${targets.method},
'port', ${targets.port},
'internalPort', ${targets.internalPort},
'enabled', ${targets.enabled}
))`.as("targets")
})
.from(resources)
.innerJoin(sites, eq(sites.siteId, resources.siteId))
.innerJoin(orgs, eq(resources.orgId, orgs.orgId))
.leftJoin(
targets,
and(
eq(schema.targets.enabled, true),
isNotNull(schema.resources.subdomain),
isNotNull(schema.orgs.domain),
),
);
eq(targets.resourceId, resources.resourceId),
eq(targets.enabled, true)
)
)
.groupBy(resources.resourceId);
if (!all.length) {
if (!allResources.length) {
return res.status(HttpCode.OK).json({});
}
const badgerMiddlewareName = "badger";
const redirectHttpsMiddlewareName = "redirect-to-https";
const http: any = {
routers: {},
services: {},
middlewares: {
[badgerMiddlewareName]: {
plugin: {
[badgerMiddlewareName]: {
apiBaseUrl: new URL(
"/api/v1",
`http://${config.getRawConfig().server.internal_hostname}:${config.getRawConfig().server.internal_port}`,
).href,
userSessionCookieName:
config.getRawConfig().server.session_cookie_name,
accessTokenQueryParam: config.getRawConfig().server.resource_access_token_param,
resourceSessionRequestParam: config.getRawConfig().server.resource_session_request_param
},
},
},
[redirectHttpsMiddlewareName]: {
redirectScheme: {
scheme: "https"
const config_output: any = {
http: {
middlewares: {
[badgerMiddlewareName]: {
plugin: {
[badgerMiddlewareName]: {
apiBaseUrl: new URL(
"/api/v1",
`http://${config.getRawConfig().server.internal_hostname}:${
config.getRawConfig().server
.internal_port
}`
).href,
userSessionCookieName:
config.getRawConfig().server
.session_cookie_name,
accessTokenQueryParam:
config.getRawConfig().server
.resource_access_token_param,
resourceSessionRequestParam:
config.getRawConfig().server
.resource_session_request_param
}
}
},
[redirectHttpsMiddlewareName]: {
redirectScheme: {
scheme: "https"
}
}
}
},
}
};
for (const item of all) {
const target = item.targets;
const resource = item.resources;
const site = item.sites;
const org = item.orgs;
const routerName = `${target.targetId}-router`;
const serviceName = `${target.targetId}-service`;
for (const resource of allResources) {
const targets = JSON.parse(resource.targets);
const site = resource.site;
const org = resource.org;
if (!resource || !resource.subdomain) {
continue;
}
if (!org || !org.domain) {
if (!org.domain) {
continue;
}
const routerName = `${resource.resourceId}-router`;
const serviceName = `${resource.resourceId}-service`;
const fullDomain = `${resource.subdomain}.${org.domain}`;
const domainParts = fullDomain.split(".");
let wildCard;
if (domainParts.length <= 2) {
wildCard = `*.${domainParts.join(".")}`;
} else {
wildCard = `*.${domainParts.slice(1).join(".")}`;
}
if (resource.http) {
// HTTP configuration remains the same
if (!resource.subdomain) {
continue;
}
const tls = {
certResolver: config.getRawConfig().traefik.cert_resolver,
...(config.getRawConfig().traefik.prefer_wildcard_cert
? {
domains: [
{
main: wildCard,
},
],
}
: {}),
};
if (
targets.filter(
(target: Target) => target.internalPort != null
).length == 0
) {
continue;
}
const additionalMiddlewares = config.getRawConfig().traefik.additional_middlewares || [];
// add routers and services empty objects if they don't exist
if (!config_output.http.routers) {
config_output.http.routers = {};
}
http.routers![routerName] = {
entryPoints: [
resource.ssl
? config.getRawConfig().traefik.https_entrypoint
: config.getRawConfig().traefik.http_entrypoint,
],
middlewares: [badgerMiddlewareName, ...additionalMiddlewares],
service: serviceName,
rule: `Host(\`${fullDomain}\`)`,
...(resource.ssl ? { tls } : {}),
};
if (!config_output.http.services) {
config_output.http.services = {};
}
if (resource.ssl) {
http.routers![routerName + "-redirect"] = {
entryPoints: [config.getRawConfig().traefik.http_entrypoint],
middlewares: [redirectHttpsMiddlewareName],
const domainParts = fullDomain.split(".");
let wildCard;
if (domainParts.length <= 2) {
wildCard = `*.${domainParts.join(".")}`;
} else {
wildCard = `*.${domainParts.slice(1).join(".")}`;
}
const tls = {
certResolver: config.getRawConfig().traefik.cert_resolver,
...(config.getRawConfig().traefik.prefer_wildcard_cert
? {
domains: [
{
main: wildCard
}
]
}
: {})
};
config_output.http.routers![routerName] = {
entryPoints: [
resource.ssl
? config.getRawConfig().traefik.https_entrypoint
: config.getRawConfig().traefik.http_entrypoint
],
middlewares: [badgerMiddlewareName],
service: serviceName,
rule: `Host(\`${fullDomain}\`)`,
...(resource.ssl ? { tls } : {})
};
}
if (site.type === "newt") {
const ip = site.subnet.split("/")[0];
http.services![serviceName] = {
loadBalancer: {
servers: [
{
url: `${target.method}://${ip}:${target.internalPort}`,
},
if (resource.ssl) {
config_output.http.routers![routerName + "-redirect"] = {
entryPoints: [
config.getRawConfig().traefik.http_entrypoint
],
},
middlewares: [redirectHttpsMiddlewareName],
service: serviceName,
rule: `Host(\`${fullDomain}\`)`
};
}
config_output.http.services![serviceName] = {
loadBalancer: {
servers: targets
.filter(
(target: Target) => target.internalPort != null
)
.map((target: Target) => {
if (
site.type === "local" ||
site.type === "wireguard"
) {
return {
url: `${target.method}://${target.ip}:${target.port}`
};
} else if (site.type === "newt") {
const ip = site.subnet.split("/")[0];
return {
url: `${target.method}://${ip}:${target.internalPort}`
};
}
})
}
};
} else if (site.type === "wireguard") {
http.services![serviceName] = {
loadBalancer: {
servers: [
{
url: `${target.method}://${target.ip}:${target.port}`,
},
],
},
} else {
// Non-HTTP (TCP/UDP) configuration
const protocol = resource.protocol.toLowerCase();
const port = resource.proxyPort;
if (!port) {
continue;
}
if (
targets.filter(
(target: Target) => target.internalPort != null
).length == 0
) {
continue;
}
if (!config_output[protocol]) {
config_output[protocol] = {
routers: {},
services: {}
};
}
config_output[protocol].routers[routerName] = {
entryPoints: [`${protocol}-${port}`],
service: serviceName,
...(protocol === "tcp" ? { rule: "HostSNI(`*`)" } : {})
};
} else if (site.type === "local") {
http.services![serviceName] = {
config_output[protocol].services[serviceName] = {
loadBalancer: {
servers: [
{
url: `${target.method}://${target.ip}:${target.port}`,
},
],
},
servers: targets
.filter(
(target: Target) => target.internalPort != null
)
.map((target: Target) => {
if (
site.type === "local" ||
site.type === "wireguard"
) {
return {
address: `${target.ip}:${target.port}`
};
} else if (site.type === "newt") {
const ip = site.subnet.split("/")[0];
return {
address: `${ip}:${target.internalPort}`
};
}
})
}
};
}
}
return res.status(HttpCode.OK).json({ http });
return res.status(HttpCode.OK).json(config_output);
} catch (e) {
logger.error(`Failed to build traefik config: ${e}`);
return res.status(HttpCode.INTERNAL_SERVER_ERROR).json({
error: "Failed to build traefik config",
error: "Failed to build traefik config"
});
}
}

2
server/routers/traefik/index.ts
View File

@@ -1 +1 @@
export * from "./getTraefikConfig";
export * from "./getTraefikConfig";