pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-02-22 04:46:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

update olm and client routes

Browse Source
This commit is contained in:
miloschwartz
2025-11-06 20:12:54 -08:00
parent 999fb2fff1
commit 2274a3525b
14 changed files with 495 additions and 186 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
server/routers/client/createClient.ts
View File

@@ -8,8 +8,6 @@ import {
roleClients,
userClients,
olms,
clientSites,
exitNodes,
orgs,
sites
} from "@server/db";
@@ -20,45 +18,44 @@ import logger from "@server/logger";
import { eq, and } from "drizzle-orm";
import { fromError } from "zod-validation-error";
import moment from "moment";
import { hashPassword, verifyPassword } from "@server/auth/password";
import { isValidCIDR, isValidIP } from "@server/lib/validators";
import { hashPassword } from "@server/auth/password";
import { isValidIP } from "@server/lib/validators";
import { isIpInCidr } from "@server/lib/ip";
import { OpenAPITags, registry } from "@server/openApi";
import { listExitNodes } from "#dynamic/lib/exitNodes";
import { generateId } from "@server/auth/sessions/app";
import { OpenAPITags, registry } from "@server/openApi";
const createClientParamsSchema = z
const paramsSchema = z
.object({
orgId: z.string()
})
.strict();
const createClientSchema = z
const bodySchema = z
.object({
name: z.string().min(1).max(255),
siteIds: z.array(z.number().int().positive()),
olmId: z.string(),
secret: z.string().optional(),
secret: z.string(),
subnet: z.string(),
type: z.enum(["olm"])
})
.strict();
export type CreateClientBody = z.infer<typeof createClientSchema>;
export type CreateClientBody = z.infer<typeof bodySchema>;
export type CreateClientResponse = Client;
registry.registerPath({
method: "put",
path: "/org/{orgId}/client",
description: "Create a new client.",
description: "Create a new client for an organization.",
tags: [OpenAPITags.Client, OpenAPITags.Org],
request: {
params: createClientParamsSchema,
params: paramsSchema,
body: {
content: {
"application/json": {
schema: createClientSchema
schema: bodySchema
}
}
}
@@ -72,7 +69,7 @@ export async function createClient(
next: NextFunction
): Promise<any> {
try {
const parsedBody = createClientSchema.safeParse(req.body);
const parsedBody = bodySchema.safeParse(req.body);
if (!parsedBody.success) {
return next(
createHttpError(
@@ -82,9 +79,9 @@ export async function createClient(
);
}
const { name, type, siteIds, olmId, secret, subnet } = parsedBody.data;
const { name, type, olmId, secret, subnet } = parsedBody.data;
const parsedParams = createClientParamsSchema.safeParse(req.params);
const parsedParams = paramsSchema.safeParse(req.params);
if (!parsedParams.success) {
return next(
createHttpError(
@@ -184,19 +181,13 @@ export async function createClient(
.where(eq(olms.olmId, olmId))
.limit(1);
// TODO: HOW DO WE WANT TO AUTH THAT YOU CAN ADOPT AN EXISTING OLM CROSS ORG OTHER THAN MAKING SURE THE SECRET IS CORRECT
if (existingOlm && secret) {
// verify the secret
const validSecret = await verifyPassword(
secret,
existingOlm.secretHash
if (existingOlm) {
return next(
createHttpError(
HttpCode.CONFLICT,
`OLM with ID ${olmId} already exists`
)
);
if (!validSecret) {
return next(
createHttpError(HttpCode.BAD_REQUEST, "Secret is incorrect on existing olm")
);
}
}
await db.transaction(async (trx) => {
@@ -237,21 +228,11 @@ export async function createClient(
if (req.user && req.userOrgRoleId != adminRole.roleId) {
// make sure the user can access the client
trx.insert(userClients).values({
userId: req.user?.userId!,
userId: req.user.userId,
clientId: newClient.clientId
});
}
// Create site to client associations
if (siteIds && siteIds.length > 0) {
await trx.insert(clientSites).values(
siteIds.map((siteId) => ({
clientId: newClient.clientId,
siteId
}))
);
}
let secretToUse = secret;
if (!secretToUse) {
secretToUse = generateId(48);