Update gerbil with new sites and targets

2026-03-01 16:26:39 +00:00 · 2024-10-26 22:44:34 -04:00
parent 25224e0343
commit 4ed5ef1765
11 changed files with 270 additions and 104 deletions
--- a/server/routers/gerbil/getConfig.ts
+++ b/server/routers/gerbil/getConfig.ts
@@ -13,6 +13,7 @@ import { findNextAvailableCidr } from "@server/utils/ip";
 // Define Zod schema for request validation
 const getConfigSchema = z.object({
    publicKey: z.string(),
+    reachableAt: z.string().optional(),
 });

 export type GetConfigResponse = {
@@ -37,7 +38,7 @@ export async function getConfig(req: Request, res: Response, next: NextFunction)
            );
        }

-        const { publicKey } = parsedParams.data;
+        const { publicKey, reachableAt } = parsedParams.data;

        if (!publicKey) {
            return next(createHttpError(HttpCode.BAD_REQUEST, 'publicKey is required'));
@@ -57,6 +58,7 @@ export async function getConfig(req: Request, res: Response, next: NextFunction)
                endpoint: `${subEndpoint}.${config.gerbil.base_endpoint}`,
                address,
                listenPort,
+                reachableAt,
                name: `Exit Node ${publicKey.slice(0, 8)}`,
            }).returning().execute();

--- a/server/routers/gerbil/peers.ts
+++ b/server/routers/gerbil/peers.ts
@@ -0,0 +1,57 @@
+import axios from 'axios';
+import logger from '@server/logger';
+import db from '@server/db';
+import { exitNodes } from '@server/db/schema';
+import { eq } from 'drizzle-orm';
+
+export async function addPeer(exitNodeId: number, peer: {
+    publicKey: string;
+    allowedIps: string[];
+}) {
+
+    const [exitNode] = await db.select().from(exitNodes).where(eq(exitNodes.exitNodeId, exitNodeId)).limit(1);
+    if (!exitNode) {
+        throw new Error(`Exit node with ID ${exitNodeId} not found`);
+    }
+    if (!exitNode.reachableAt) {
+        throw new Error(`Exit node with ID ${exitNodeId} is not reachable`);
+    }
+
+    try {
+        const response = await axios.post(`${exitNode.reachableAt}/peer`, peer, {
+            headers: {
+                'Content-Type': 'application/json',
+            }
+        });
+
+        logger.info('Peer added successfully:', response.data.status);
+        return response.data;
+    } catch (error) {
+        if (axios.isAxiosError(error)) {
+            throw new Error(`HTTP error! status: ${error.response?.status}`);
+        }
+        throw error;
+    }
+}
+
+export async function deletePeer(exitNodeId: number, publicKey: string) {
+    const [exitNode] = await db.select().from(exitNodes).where(eq(exitNodes.exitNodeId, exitNodeId)).limit(1);
+    if (!exitNode) {
+        throw new Error(`Exit node with ID ${exitNodeId} not found`);
+    }
+    if (!exitNode.reachableAt) {
+        throw new Error(`Exit node with ID ${exitNodeId} is not reachable`);
+    }
+    try {
+        const response = await axios.delete(`${exitNode.reachableAt}/peer`, {
+            data: { publicKey }  // Send public key in request body
+        });
+        logger.info('Peer deleted successfully:', response.data.status);
+        return response.data;
+    } catch (error) {
+        if (axios.isAxiosError(error)) {
+            throw new Error(`HTTP error! status: ${error.response?.status}`);
+        }
+        throw error;
+    }
+}
--- a/server/routers/site/createSite.ts
+++ b/server/routers/site/createSite.ts
@@ -1,15 +1,15 @@
 import { Request, Response, NextFunction } from 'express';
 import { z } from 'zod';
 import { db } from '@server/db';
-import { roles, userSites, sites, roleSites } from '@server/db/schema';
+import { roles, userSites, sites, roleSites, exitNodes } from '@server/db/schema';
 import response from "@server/utils/response";
 import HttpCode from '@server/types/HttpCode';
 import createHttpError from 'http-errors';
-import fetch from 'node-fetch';
 import { ActionsEnum, checkUserActionPermission } from '@server/auth/actions';
 import logger from '@server/logger';
 import { eq, and } from 'drizzle-orm';
 import { getUniqueSiteName } from '@server/db/names';
+import { addPeer } from '../gerbil/peers';

 const API_BASE_URL = "http://localhost:3000";

@@ -113,6 +113,12 @@ export async function createSite(req: Request, res: Response, next: NextFunction
            });
        }

+        // Add the peer to the exit node
+        await addPeer(exitNodeId, {
+            publicKey: pubKey,
+            allowedIps: [],
+        });
+
        return response(res, {
            data: {
                name: newSite.name,
@@ -128,31 +134,7 @@ export async function createSite(req: Request, res: Response, next: NextFunction
            status: HttpCode.CREATED,
        });
    } catch (error) {
-        throw error;
+        logger.error(error);
        return next(createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred..."));
    }
-}
-
-
-async function addPeer(peer: string) {
-    try {
-        const response = await fetch(`${API_BASE_URL}/peer`, {
-            method: 'POST',
-            headers: {
-                'Content-Type': 'application/json',
-            },
-            body: JSON.stringify(peer),
-        });
-
-        if (!response.ok) {
-            throw new Error(`HTTP error! status: ${response.status}`);
-        }
-
-        const data: any = await response.json();
-        logger.info('Peer added successfully:', data.status);
-        return data;
-    } catch (error: any) {
-        throw error;
-    }
-}
-
+}
--- a/server/routers/site/deleteSite.ts
+++ b/server/routers/site/deleteSite.ts
@@ -8,6 +8,7 @@ import HttpCode from '@server/types/HttpCode';
 import createHttpError from 'http-errors';
 import { ActionsEnum, checkUserActionPermission } from '@server/auth/actions';
 import logger from '@server/logger';
+import { deletePeer } from '../gerbil/peers';

 const API_BASE_URL = "http://localhost:3000";

@@ -38,11 +39,11 @@ export async function deleteSite(req: Request, res: Response, next: NextFunction
        }

        // Delete the site from the database
-        const deletedSite = await db.delete(sites)
+        const [deletedSite] = await db.delete(sites)
            .where(eq(sites.siteId, siteId))
            .returning();

-        if (deletedSite.length === 0) {
+        if (!deletedSite) {
            return next(
                createHttpError(
                    HttpCode.NOT_FOUND,
@@ -51,6 +52,8 @@ export async function deleteSite(req: Request, res: Response, next: NextFunction
            );
        }

+        await deletePeer(deletedSite.exitNodeId!, deletedSite.pubKey);
+
        return response(res, {
            data: null,
            success: true,
--- a/server/routers/target/createTarget.ts
+++ b/server/routers/target/createTarget.ts
@@ -1,12 +1,15 @@
 import { Request, Response, NextFunction } from 'express';
 import { z } from 'zod';
 import { db } from '@server/db';
-import { targets } from '@server/db/schema';
+import { resources, sites, targets } from '@server/db/schema';
 import response from "@server/utils/response";
 import HttpCode from '@server/types/HttpCode';
 import createHttpError from 'http-errors';
 import { ActionsEnum, checkUserActionPermission } from '@server/auth/actions';
 import logger from '@server/logger';
+import { addPeer } from '../gerbil/peers';
+import { eq, and } from 'drizzle-orm';
+import { isIpInCidr } from '@server/utils/ip';

 const createTargetParamsSchema = z.object({
    resourceId: z.string().transform(Number).pipe(z.number().int().positive()),
@@ -52,11 +55,72 @@ export async function createTarget(req: Request, res: Response, next: NextFuncti
            return next(createHttpError(HttpCode.FORBIDDEN, 'User does not have permission to perform this action'));
        }

+        // get the resource
+        const [resource] = await db.select({
+            siteId: resources.siteId,
+        })
+            .from(resources)
+            .where(eq(resources.resourceId, resourceId));
+
+        if (!resource) {
+            return next(
+                createHttpError(
+                    HttpCode.NOT_FOUND,
+                    `Resource with ID ${resourceId} not found`
+                )
+            );
+        }
+
+        // TODO: is this all inefficient?
+        
+        // get the site
+        const [site] = await db.select()
+            .from(sites)
+            .where(eq(sites.siteId, resource.siteId!))
+            .limit(1);
+
+        if (!site) {
+            return next(
+                createHttpError(
+                    HttpCode.NOT_FOUND,
+                    `Site with ID ${resource.siteId} not found`
+                )
+            );
+        }
+
+        // make sure the target is within the site subnet
+        if (!isIpInCidr(targetData.ip, site.subnet!)) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    `Target IP is not within the site subnet`
+                )
+            );
+        }
+
        const newTarget = await db.insert(targets).values({
            resourceId,
            ...targetData
        }).returning();

+        // Fetch resources for this site
+        const resourcesRes = await db.query.resources.findMany({
+            where: eq(resources.siteId, site.siteId),
+        });
+
+        // Fetch targets for all resources of this site
+        const targetIps = await Promise.all(resourcesRes.map(async (resource) => {
+            const targetsRes = await db.query.targets.findMany({
+                where: eq(targets.resourceId, resource.resourceId),
+            });
+            return targetsRes.map(target => `${target.ip}/32`);
+        }));
+
+        await addPeer(site.exitNodeId!, {
+            publicKey: site.pubKey,
+            allowedIps: targetIps.flat()
+        });
+
        return response(res, {
            data: newTarget[0],
            success: true,
--- a/server/routers/target/deleteTarget.ts
+++ b/server/routers/target/deleteTarget.ts
@@ -1,13 +1,14 @@
 import { Request, Response, NextFunction } from 'express';
 import { z } from 'zod';
 import { db } from '@server/db';
-import { targets } from '@server/db/schema';
+import { resources, sites, targets } from '@server/db/schema';
 import { eq } from 'drizzle-orm';
 import response from "@server/utils/response";
 import HttpCode from '@server/types/HttpCode';
 import createHttpError from 'http-errors';
 import { ActionsEnum, checkUserActionPermission } from '@server/auth/actions';
 import logger from '@server/logger';
+import { addPeer } from '../gerbil/peers';

 const deleteTargetSchema = z.object({
    targetId: z.string().transform(Number).pipe(z.number().int().positive())
@@ -33,11 +34,12 @@ export async function deleteTarget(req: Request, res: Response, next: NextFuncti
            return next(createHttpError(HttpCode.FORBIDDEN, 'User does not have permission to perform this action'));
        }

-        const deletedTarget = await db.delete(targets)
+
+        const [deletedTarget] = await db.delete(targets)
            .where(eq(targets.targetId, targetId))
            .returning();

-        if (deletedTarget.length === 0) {
+        if (!deletedTarget) {
            return next(
                createHttpError(
                    HttpCode.NOT_FOUND,
@@ -45,6 +47,56 @@ export async function deleteTarget(req: Request, res: Response, next: NextFuncti
                )
            );
        }
+        // get the resource
+        const [resource] = await db.select({
+            siteId: resources.siteId,
+        })
+            .from(resources)
+            .where(eq(resources.resourceId, deletedTarget.resourceId!));
+
+        if (!resource) {
+            return next(
+                createHttpError(
+                    HttpCode.NOT_FOUND,
+                    `Resource with ID ${deletedTarget.resourceId} not found`
+                )
+            );
+        }
+
+        // TODO: is this all inefficient?
+
+        // get the site
+        const [site] = await db.select()
+            .from(sites)
+            .where(eq(sites.siteId, resource.siteId!))
+            .limit(1);
+
+        if (!site) {
+            return next(
+                createHttpError(
+                    HttpCode.NOT_FOUND,
+                    `Site with ID ${resource.siteId} not found`
+                )
+            );
+        }
+
+        // Fetch resources for this site
+        const resourcesRes = await db.query.resources.findMany({
+            where: eq(resources.siteId, site.siteId),
+        });
+
+        // Fetch targets for all resources of this site
+        const targetIps = await Promise.all(resourcesRes.map(async (resource) => {
+            const targetsRes = await db.query.targets.findMany({
+                where: eq(targets.resourceId, resource.resourceId),
+            });
+            return targetsRes.map(target => `${target.ip}/32`);
+        }));
+
+        await addPeer(site.exitNodeId!, {
+            publicKey: site.pubKey,
+            allowedIps: targetIps.flat()
+        });

        return response(res, {
            data: null,
--- a/server/routers/target/updateTarget.ts
+++ b/server/routers/target/updateTarget.ts
@@ -14,7 +14,7 @@ const updateTargetParamsSchema = z.object({
 });

 const updateTargetBodySchema = z.object({
-    ip: z.string().ip().optional(),
+    // ip: z.string().ip().optional(), // for now we cant update the ip; you will have to delete
    method: z.string().min(1).max(10).optional(),
    port: z.number().int().min(1).max(65535).optional(),
    protocol: z.string().optional(),