mirror of
https://github.com/fosrl/pangolin.git
synced 2026-02-21 20:36:37 +00:00
add site resource modes and alias
This commit is contained in:
miloschwartz
@@ -204,11 +204,13 @@ export const siteResources = pgTable("siteResources", {
|
||||
.references(() => orgs.orgId, { onDelete: "cascade" }),
|
||||
niceId: varchar("niceId").notNull(),
|
||||
name: varchar("name").notNull(),
|
||||
protocol: varchar("protocol").notNull(),
|
||||
proxyPort: integer("proxyPort").notNull(),
|
||||
destinationPort: integer("destinationPort").notNull(),
|
||||
destinationIp: varchar("destinationIp").notNull(),
|
||||
enabled: boolean("enabled").notNull().default(true)
|
||||
mode: varchar("mode").notNull(), // "host" | "cidr" | "port"
|
||||
protocol: varchar("protocol"), // only for port mode
|
||||
proxyPort: integer("proxyPort"), // only for port mode
|
||||
destinationPort: integer("destinationPort"), // only for port mode
|
||||
destination: varchar("destination").notNull(), // ip, cidr, hostname; validate against the mode
|
||||
enabled: boolean("enabled").notNull().default(true),
|
||||
alias: varchar("alias")
|
||||
});
|
||||
|
||||
export const roleSiteResources = pgTable("roleSiteResources", {
|
||||
|
||||
@@ -225,11 +225,13 @@ export const siteResources = sqliteTable("siteResources", {
|
||||
.references(() => orgs.orgId, { onDelete: "cascade" }),
|
||||
niceId: text("niceId").notNull(),
|
||||
name: text("name").notNull(),
|
||||
protocol: text("protocol").notNull(),
|
||||
proxyPort: integer("proxyPort").notNull(),
|
||||
destinationPort: integer("destinationPort").notNull(),
|
||||
destinationIp: text("destinationIp").notNull(),
|
||||
enabled: integer("enabled", { mode: "boolean" }).notNull().default(true)
|
||||
mode: text("mode").notNull(), // "host" | "cidr" | "port"
|
||||
protocol: text("protocol"), // only for port mode
|
||||
proxyPort: integer("proxyPort"), // only for port mode
|
||||
destinationPort: integer("destinationPort"), // only for port mode
|
||||
destination: text("destination").notNull(), // ip, cidr, hostname
|
||||
enabled: integer("enabled", { mode: "boolean" }).notNull().default(true),
|
||||
alias: text("alias")
|
||||
});
|
||||
|
||||
export const roleSiteResources = sqliteTable("roleSiteResources", {
|
||||
|
||||
@@ -122,14 +122,14 @@ export async function applyBlueprint({
|
||||
)
|
||||
.limit(1);
|
||||
|
||||
if (site) {
|
||||
if (site && result.resource.mode === "port" && result.resource.protocol && result.resource.proxyPort && result.resource.destinationPort) {
|
||||
logger.debug(
|
||||
`Updating client resource ${result.resource.siteResourceId} on site ${site.sites.siteId}`
|
||||
);
|
||||
|
||||
await addClientTargets(
|
||||
site.newt.newtId,
|
||||
result.resource.destinationIp,
|
||||
result.resource.destination,
|
||||
result.resource.destinationPort,
|
||||
result.resource.protocol,
|
||||
result.resource.proxyPort
|
||||
|
||||
@@ -75,8 +75,9 @@ export async function updateClientResources(
|
||||
.set({
|
||||
name: resourceData.name || resourceNiceId,
|
||||
siteId: site.siteId,
|
||||
mode: "port",
|
||||
proxyPort: resourceData["proxy-port"]!,
|
||||
destinationIp: resourceData.hostname,
|
||||
destination: resourceData.hostname,
|
||||
destinationPort: resourceData["internal-port"],
|
||||
protocol: resourceData.protocol
|
||||
})
|
||||
@@ -98,8 +99,9 @@ export async function updateClientResources(
|
||||
siteId: site.siteId,
|
||||
niceId: resourceNiceId,
|
||||
name: resourceData.name || resourceNiceId,
|
||||
mode: "port",
|
||||
proxyPort: resourceData["proxy-port"]!,
|
||||
destinationIp: resourceData.hostname,
|
||||
destination: resourceData.hostname,
|
||||
destinationPort: resourceData["internal-port"],
|
||||
protocol: resourceData.protocol
|
||||
})
|
||||
|
||||
@@ -53,8 +53,6 @@ export async function verifyOrgAccess(
|
||||
session: req.session
|
||||
});
|
||||
|
||||
logger.debug("Org check policy result", { policyCheck });
|
||||
|
||||
if (!policyCheck.allowed || policyCheck.error) {
|
||||
return next(
|
||||
createHttpError(
|
||||
|
||||
@@ -216,13 +216,18 @@ export const handleGetConfigMessage: MessageHandler = async (context) => {
|
||||
|
||||
const { tcpTargets, udpTargets } = allSiteResources.reduce(
|
||||
(acc, resource) => {
|
||||
// Only process port mode resources
|
||||
if (resource.mode !== "port") {
|
||||
return acc;
|
||||
}
|
||||
|
||||
// Filter out invalid targets
|
||||
if (!resource.proxyPort || !resource.destinationIp || !resource.destinationPort) {
|
||||
if (!resource.proxyPort || !resource.destination || !resource.destinationPort || !resource.protocol) {
|
||||
return acc;
|
||||
}
|
||||
|
||||
// Format target into string
|
||||
const formattedTarget = `${resource.proxyPort}:${resource.destinationIp}:${resource.destinationPort}`;
|
||||
const formattedTarget = `${resource.proxyPort}:${resource.destination}:${resource.destinationPort}`;
|
||||
|
||||
// Add to the appropriate protocol array
|
||||
if (resource.protocol === "tcp") {
|
||||
|
||||
@@ -22,13 +22,30 @@ const createSiteResourceParamsSchema = z
|
||||
const createSiteResourceSchema = z
|
||||
.object({
|
||||
name: z.string().min(1).max(255),
|
||||
protocol: z.enum(["tcp", "udp"]),
|
||||
proxyPort: z.number().int().positive(),
|
||||
destinationPort: z.number().int().positive(),
|
||||
destinationIp: z.string(),
|
||||
enabled: z.boolean().default(true)
|
||||
})
|
||||
.strict();
|
||||
mode: z.enum(["host", "cidr", "port"]),
|
||||
protocol: z.enum(["tcp", "udp"]).optional(),
|
||||
proxyPort: z.number().int().positive().optional(),
|
||||
destinationPort: z.number().int().positive().optional(),
|
||||
destination: z.string().min(1),
|
||||
enabled: z.boolean().default(true),
|
||||
alias: z.string().optional()
|
||||
}).strict()
|
||||
.refine(
|
||||
(data) => {
|
||||
if (data.mode === "port") {
|
||||
return (
|
||||
data.protocol !== undefined &&
|
||||
data.proxyPort !== undefined &&
|
||||
data.destinationPort !== undefined
|
||||
);
|
||||
}
|
||||
return true;
|
||||
},
|
||||
{
|
||||
message:
|
||||
"Protocol, proxy port, and destination port are required for port mode"
|
||||
}
|
||||
);
|
||||
|
||||
export type CreateSiteResourceBody = z.infer<typeof createSiteResourceSchema>;
|
||||
export type CreateSiteResourceResponse = SiteResource;
|
||||
@@ -82,11 +99,13 @@ export async function createSiteResource(
|
||||
const { siteId, orgId } = parsedParams.data;
|
||||
const {
|
||||
name,
|
||||
mode,
|
||||
protocol,
|
||||
proxyPort,
|
||||
destinationPort,
|
||||
destinationIp,
|
||||
enabled
|
||||
destination,
|
||||
enabled,
|
||||
alias
|
||||
} = parsedBody.data;
|
||||
|
||||
// Verify the site exists and belongs to the org
|
||||
@@ -100,26 +119,28 @@ export async function createSiteResource(
|
||||
return next(createHttpError(HttpCode.NOT_FOUND, "Site not found"));
|
||||
}
|
||||
|
||||
// check if resource with same protocol and proxy port already exists
|
||||
const [existingResource] = await db
|
||||
.select()
|
||||
.from(siteResources)
|
||||
.where(
|
||||
and(
|
||||
eq(siteResources.siteId, siteId),
|
||||
eq(siteResources.orgId, orgId),
|
||||
eq(siteResources.protocol, protocol),
|
||||
eq(siteResources.proxyPort, proxyPort)
|
||||
// check if resource with same protocol and proxy port already exists (only for port mode)
|
||||
if (mode === "port" && protocol && proxyPort) {
|
||||
const [existingResource] = await db
|
||||
.select()
|
||||
.from(siteResources)
|
||||
.where(
|
||||
and(
|
||||
eq(siteResources.siteId, siteId),
|
||||
eq(siteResources.orgId, orgId),
|
||||
eq(siteResources.protocol, protocol),
|
||||
eq(siteResources.proxyPort, proxyPort)
|
||||
)
|
||||
)
|
||||
)
|
||||
.limit(1);
|
||||
if (existingResource && existingResource.siteResourceId) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.CONFLICT,
|
||||
"A resource with the same protocol and proxy port already exists"
|
||||
)
|
||||
);
|
||||
.limit(1);
|
||||
if (existingResource && existingResource.siteResourceId) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.CONFLICT,
|
||||
"A resource with the same protocol and proxy port already exists"
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
const niceId = await getUniqueSiteResourceName(orgId);
|
||||
@@ -132,11 +153,13 @@ export async function createSiteResource(
|
||||
niceId,
|
||||
orgId,
|
||||
name,
|
||||
protocol,
|
||||
proxyPort,
|
||||
destinationPort,
|
||||
destinationIp,
|
||||
enabled
|
||||
mode,
|
||||
protocol: mode === "port" ? protocol : null,
|
||||
proxyPort: mode === "port" ? proxyPort : null,
|
||||
destinationPort: mode === "port" ? destinationPort : null,
|
||||
destination,
|
||||
enabled,
|
||||
alias: alias || null
|
||||
})
|
||||
.returning();
|
||||
|
||||
@@ -157,24 +180,29 @@ export async function createSiteResource(
|
||||
siteResourceId: newSiteResource.siteResourceId
|
||||
});
|
||||
|
||||
const [newt] = await db
|
||||
.select()
|
||||
.from(newts)
|
||||
.where(eq(newts.siteId, site.siteId))
|
||||
.limit(1);
|
||||
// Only add targets for port mode
|
||||
if (mode === "port" && protocol && proxyPort && destinationPort) {
|
||||
const [newt] = await db
|
||||
.select()
|
||||
.from(newts)
|
||||
.where(eq(newts.siteId, site.siteId))
|
||||
.limit(1);
|
||||
|
||||
if (!newt) {
|
||||
return next(createHttpError(HttpCode.NOT_FOUND, "Newt not found"));
|
||||
if (!newt) {
|
||||
return next(
|
||||
createHttpError(HttpCode.NOT_FOUND, "Newt not found")
|
||||
);
|
||||
}
|
||||
|
||||
await addTargets(
|
||||
newt.newtId,
|
||||
destination,
|
||||
destinationPort,
|
||||
protocol,
|
||||
proxyPort
|
||||
);
|
||||
}
|
||||
|
||||
await addTargets(
|
||||
newt.newtId,
|
||||
destinationIp,
|
||||
destinationPort,
|
||||
protocol,
|
||||
proxyPort
|
||||
);
|
||||
|
||||
logger.info(
|
||||
`Created site resource ${newSiteResource.siteResourceId} for site ${siteId}`
|
||||
);
|
||||
|
||||
@@ -91,24 +91,27 @@ export async function deleteSiteResource(
|
||||
eq(siteResources.orgId, orgId)
|
||||
));
|
||||
|
||||
const [newt] = await db
|
||||
.select()
|
||||
.from(newts)
|
||||
.where(eq(newts.siteId, site.siteId))
|
||||
.limit(1);
|
||||
// Only remove targets for port mode
|
||||
if (existingSiteResource.mode === "port" && existingSiteResource.protocol && existingSiteResource.proxyPort && existingSiteResource.destinationPort) {
|
||||
const [newt] = await db
|
||||
.select()
|
||||
.from(newts)
|
||||
.where(eq(newts.siteId, site.siteId))
|
||||
.limit(1);
|
||||
|
||||
if (!newt) {
|
||||
return next(createHttpError(HttpCode.NOT_FOUND, "Newt not found"));
|
||||
if (!newt) {
|
||||
return next(createHttpError(HttpCode.NOT_FOUND, "Newt not found"));
|
||||
}
|
||||
|
||||
await removeTargets(
|
||||
newt.newtId,
|
||||
existingSiteResource.destination,
|
||||
existingSiteResource.destinationPort,
|
||||
existingSiteResource.protocol,
|
||||
existingSiteResource.proxyPort
|
||||
);
|
||||
}
|
||||
|
||||
await removeTargets(
|
||||
newt.newtId,
|
||||
existingSiteResource.destinationIp,
|
||||
existingSiteResource.destinationPort,
|
||||
existingSiteResource.protocol,
|
||||
existingSiteResource.proxyPort
|
||||
);
|
||||
|
||||
logger.info(`Deleted site resource ${siteResourceId} for site ${siteId}`);
|
||||
|
||||
return response(res, {
|
||||
|
||||
@@ -32,7 +32,7 @@ const listAllSiteResourcesByOrgQuerySchema = z.object({
|
||||
});
|
||||
|
||||
export type ListAllSiteResourcesByOrgResponse = {
|
||||
siteResources: (SiteResource & { siteName: string, siteNiceId: string })[];
|
||||
siteResources: (SiteResource & { siteName: string, siteNiceId: string, siteAddress: string | null })[];
|
||||
};
|
||||
|
||||
registry.registerPath({
|
||||
@@ -82,14 +82,18 @@ export async function listAllSiteResourcesByOrg(
|
||||
siteResourceId: siteResources.siteResourceId,
|
||||
siteId: siteResources.siteId,
|
||||
orgId: siteResources.orgId,
|
||||
niceId: siteResources.niceId,
|
||||
name: siteResources.name,
|
||||
mode: siteResources.mode,
|
||||
protocol: siteResources.protocol,
|
||||
proxyPort: siteResources.proxyPort,
|
||||
destinationPort: siteResources.destinationPort,
|
||||
destinationIp: siteResources.destinationIp,
|
||||
destination: siteResources.destination,
|
||||
enabled: siteResources.enabled,
|
||||
alias: siteResources.alias,
|
||||
siteName: sites.name,
|
||||
siteNiceId: sites.niceId
|
||||
siteNiceId: sites.niceId,
|
||||
siteAddress: sites.address
|
||||
})
|
||||
.from(siteResources)
|
||||
.innerJoin(sites, eq(siteResources.siteId, sites.siteId))
|
||||
|
||||
@@ -25,11 +25,13 @@ const updateSiteResourceParamsSchema = z
|
||||
const updateSiteResourceSchema = z
|
||||
.object({
|
||||
name: z.string().min(1).max(255).optional(),
|
||||
protocol: z.enum(["tcp", "udp"]).optional(),
|
||||
proxyPort: z.number().int().positive().optional(),
|
||||
destinationPort: z.number().int().positive().optional(),
|
||||
destinationIp: z.string().optional(),
|
||||
enabled: z.boolean().optional()
|
||||
mode: z.enum(["host", "cidr", "port"]).optional(),
|
||||
protocol: z.enum(["tcp", "udp"]).nullish(),
|
||||
proxyPort: z.number().int().positive().nullish(),
|
||||
destinationPort: z.number().int().positive().nullish(),
|
||||
destination: z.string().min(1).optional(),
|
||||
enabled: z.boolean().optional(),
|
||||
alias: z.string().nullish()
|
||||
})
|
||||
.strict();
|
||||
|
||||
@@ -114,39 +116,77 @@ export async function updateSiteResource(
|
||||
);
|
||||
}
|
||||
|
||||
const protocol = updateData.protocol || existingSiteResource.protocol;
|
||||
const proxyPort =
|
||||
updateData.proxyPort || existingSiteResource.proxyPort;
|
||||
// Determine the final mode and validate port mode requirements
|
||||
const finalMode = updateData.mode || existingSiteResource.mode;
|
||||
const finalProtocol = updateData.protocol !== undefined ? updateData.protocol : existingSiteResource.protocol;
|
||||
const finalProxyPort = updateData.proxyPort !== undefined ? updateData.proxyPort : existingSiteResource.proxyPort;
|
||||
const finalDestinationPort = updateData.destinationPort !== undefined ? updateData.destinationPort : existingSiteResource.destinationPort;
|
||||
|
||||
// check if resource with same protocol and proxy port already exists
|
||||
const [existingResource] = await db
|
||||
.select()
|
||||
.from(siteResources)
|
||||
.where(
|
||||
and(
|
||||
eq(siteResources.siteId, siteId),
|
||||
eq(siteResources.orgId, orgId),
|
||||
eq(siteResources.protocol, protocol),
|
||||
eq(siteResources.proxyPort, proxyPort)
|
||||
if (finalMode === "port") {
|
||||
if (!finalProtocol || !finalProxyPort || !finalDestinationPort) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.BAD_REQUEST,
|
||||
"Protocol, proxy port, and destination port are required for port mode"
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
// check if resource with same protocol and proxy port already exists
|
||||
const [existingResource] = await db
|
||||
.select()
|
||||
.from(siteResources)
|
||||
.where(
|
||||
and(
|
||||
eq(siteResources.siteId, siteId),
|
||||
eq(siteResources.orgId, orgId),
|
||||
eq(siteResources.protocol, finalProtocol),
|
||||
eq(siteResources.proxyPort, finalProxyPort)
|
||||
)
|
||||
)
|
||||
)
|
||||
.limit(1);
|
||||
if (
|
||||
existingResource &&
|
||||
existingResource.siteResourceId !== siteResourceId
|
||||
) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.CONFLICT,
|
||||
"A resource with the same protocol and proxy port already exists"
|
||||
)
|
||||
);
|
||||
.limit(1);
|
||||
if (
|
||||
existingResource &&
|
||||
existingResource.siteResourceId !== siteResourceId
|
||||
) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.CONFLICT,
|
||||
"A resource with the same protocol and proxy port already exists"
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
// Prepare update data
|
||||
const updateValues: any = {};
|
||||
if (updateData.name !== undefined) updateValues.name = updateData.name;
|
||||
if (updateData.mode !== undefined) updateValues.mode = updateData.mode;
|
||||
if (updateData.destination !== undefined) updateValues.destination = updateData.destination;
|
||||
if (updateData.enabled !== undefined) updateValues.enabled = updateData.enabled;
|
||||
|
||||
// Handle nullish fields (can be undefined, null, or a value)
|
||||
if (updateData.alias !== undefined) {
|
||||
updateValues.alias = updateData.alias && updateData.alias.trim() ? updateData.alias : null;
|
||||
}
|
||||
|
||||
// Handle port mode fields - include in update if explicitly provided (null or value) or if mode changed
|
||||
const isModeChangingFromPort = existingSiteResource.mode === "port" && updateData.mode && updateData.mode !== "port";
|
||||
|
||||
if (updateData.protocol !== undefined || isModeChangingFromPort) {
|
||||
updateValues.protocol = finalMode === "port" ? finalProtocol : null;
|
||||
}
|
||||
if (updateData.proxyPort !== undefined || isModeChangingFromPort) {
|
||||
updateValues.proxyPort = finalMode === "port" ? finalProxyPort : null;
|
||||
}
|
||||
if (updateData.destinationPort !== undefined || isModeChangingFromPort) {
|
||||
updateValues.destinationPort = finalMode === "port" ? finalDestinationPort : null;
|
||||
}
|
||||
|
||||
// Update the site resource
|
||||
const [updatedSiteResource] = await db
|
||||
.update(siteResources)
|
||||
.set(updateData)
|
||||
.set(updateValues)
|
||||
.where(
|
||||
and(
|
||||
eq(siteResources.siteResourceId, siteResourceId),
|
||||
@@ -156,24 +196,27 @@ export async function updateSiteResource(
|
||||
)
|
||||
.returning();
|
||||
|
||||
const [newt] = await db
|
||||
.select()
|
||||
.from(newts)
|
||||
.where(eq(newts.siteId, site.siteId))
|
||||
.limit(1);
|
||||
// Only add targets for port mode
|
||||
if (updatedSiteResource.mode === "port" && updatedSiteResource.protocol && updatedSiteResource.proxyPort && updatedSiteResource.destinationPort) {
|
||||
const [newt] = await db
|
||||
.select()
|
||||
.from(newts)
|
||||
.where(eq(newts.siteId, site.siteId))
|
||||
.limit(1);
|
||||
|
||||
if (!newt) {
|
||||
return next(createHttpError(HttpCode.NOT_FOUND, "Newt not found"));
|
||||
if (!newt) {
|
||||
return next(createHttpError(HttpCode.NOT_FOUND, "Newt not found"));
|
||||
}
|
||||
|
||||
await addTargets(
|
||||
newt.newtId,
|
||||
updatedSiteResource.destination,
|
||||
updatedSiteResource.destinationPort,
|
||||
updatedSiteResource.protocol,
|
||||
updatedSiteResource.proxyPort
|
||||
);
|
||||
}
|
||||
|
||||
await addTargets(
|
||||
newt.newtId,
|
||||
updatedSiteResource.destinationIp,
|
||||
updatedSiteResource.destinationPort,
|
||||
updatedSiteResource.protocol,
|
||||
updatedSiteResource.proxyPort
|
||||
);
|
||||
|
||||
logger.info(
|
||||
`Updated site resource ${siteResourceId} for site ${siteId}`
|
||||
);
|
||||
|
||||
Reference in New Issue
Block a user