pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-03-04 17:56:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dev' into auth-providers-clients

Browse Source
This commit is contained in:
Owen
2025-04-29 11:39:12 -04:00
parent 02ccb029ae 3ebc01df8c
commit 752c474983
156 changed files with 12954 additions and 3559 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
server/lib/config.ts
View File

@@ -13,6 +13,7 @@ import stoi from "./stoi";
import db from "@server/db";
import { SupporterKey, supporterKey } from "@server/db/schemas";
import { eq } from "drizzle-orm";
import { license } from "@server/license/license";
const portSchema = z.number().positive().gt(0).lte(65535);
@@ -59,6 +60,10 @@ const configSchema = z.object({
}
),
server: z.object({
integration_port: portSchema
.optional()
.transform(stoi)
.pipe(portSchema.optional()),
external_port: portSchema.optional().transform(stoi).pipe(portSchema),
internal_port: portSchema.optional().transform(stoi).pipe(portSchema),
next_port: portSchema.optional().transform(stoi).pipe(portSchema),
@@ -95,14 +100,7 @@ const configSchema = z.object({
.string()
.optional()
.transform(getEnvOrYaml("SERVER_SECRET"))
.pipe(
z
.string()
.min(
32,
"SERVER_SECRET must be at least 32 characters long"
)
)
.pipe(z.string().min(8))
}),
traefik: z.object({
http_entrypoint: z.string(),
@@ -270,13 +268,20 @@ export class Config {
: "false";
process.env.DASHBOARD_URL = parsedConfig.data.app.dashboard_url;
if (!this.isDev) {
this.checkSupporterKey();
}
license.setServerSecret(parsedConfig.data.server.secret);
this.checkKeyStatus();
this.rawConfig = parsedConfig.data;
}
private async checkKeyStatus() {
const licenseStatus = await license.check();
if (!licenseStatus.isHostLicensed) {
this.checkSupporterKey();
}
}
public getRawConfig() {
return this.rawConfig;
}
@@ -322,7 +327,7 @@ export class Config {
try {
const response = await fetch(
"https://api.dev.fossorial.io/api/v1/license/validate",
"https://api.fossorial.io/api/v1/license/validate",
{
method: "POST",
headers: {

40
server/lib/crypto.ts
View File

@@ -1,40 +1,12 @@
import * as crypto from "crypto";
const ALGORITHM = "aes-256-gcm";
import CryptoJS from "crypto-js";
export function encrypt(value: string, key: string): string {
const iv = crypto.randomBytes(12);
const keyBuffer = Buffer.from(key, "base64"); // assuming base64 input
const cipher = crypto.createCipheriv(ALGORITHM, keyBuffer, iv);
const encrypted = Buffer.concat([
cipher.update(value, "utf8"),
cipher.final()
]);
const authTag = cipher.getAuthTag();
return [
iv.toString("base64"),
encrypted.toString("base64"),
authTag.toString("base64")
].join(":");
const ciphertext = CryptoJS.AES.encrypt(value, key).toString();
return ciphertext;
}
export function decrypt(encryptedValue: string, key: string): string {
const [ivB64, encryptedB64, authTagB64] = encryptedValue.split(":");
const iv = Buffer.from(ivB64, "base64");
const encrypted = Buffer.from(encryptedB64, "base64");
const authTag = Buffer.from(authTagB64, "base64");
const keyBuffer = Buffer.from(key, "base64");
const decipher = crypto.createDecipheriv(ALGORITHM, keyBuffer, iv);
decipher.setAuthTag(authTag);
const decrypted = Buffer.concat([
decipher.update(encrypted),
decipher.final()
]);
return decrypted.toString("utf8");
const bytes = CryptoJS.AES.decrypt(encryptedValue, key);
const originalText = bytes.toString(CryptoJS.enc.Utf8);
return originalText;
}

7
server/lib/schemas.ts
View File

@@ -9,3 +9,10 @@ export const subdomainSchema = z
.min(1, "Subdomain must be at least 1 character long")
.transform((val) => val.toLowerCase());
export const tlsNameSchema = z
.string()
.regex(
/^(?!:\/\/)([a-zA-Z0-9-_]+\.)*[a-zA-Z0-9-_]+$|^$/,
"Invalid subdomain format"
)
.transform((val) => val.toLowerCase());