Merge branch 'dev' into private-site-ha

2026-04-10 20:06:37 +00:00 · 2026-04-09 17:39:45 -04:00
parent 02033f611f f57012eb90
commit 96b9123306
282 changed files with 22523 additions and 4747 deletions
--- a/server/routers/site/createSite.ts
+++ b/server/routers/site/createSite.ts
@@ -111,7 +111,7 @@ export async function createSite(

        const { orgId } = parsedParams.data;

-        if (req.user && !req.userOrgRoleId) {
+        if (req.user && (!req.userOrgRoleIds || req.userOrgRoleIds.length === 0)) {
            return next(
                createHttpError(HttpCode.FORBIDDEN, "User does not have a role")
            );
@@ -298,7 +298,8 @@ export async function createSite(
                        niceId,
                        address: updatedAddress || null,
                        type,
-                        dockerSocketEnabled: true
+                        dockerSocketEnabled: true,
+                        status: "approved"
                    })
                    .returning();
            } else if (type == "wireguard") {
@@ -355,7 +356,8 @@ export async function createSite(
                        niceId,
                        subnet,
                        type,
-                        pubKey: pubKey || null
+                        pubKey: pubKey || null,
+                        status: "approved"
                    })
                    .returning();
            } else if (type == "local") {
@@ -370,7 +372,8 @@ export async function createSite(
                        type,
                        dockerSocketEnabled: false,
                        online: true,
-                        subnet: "0.0.0.0/32"
+                        subnet: "0.0.0.0/32",
+                        status: "approved"
                    })
                    .returning();
            } else {
@@ -399,7 +402,7 @@ export async function createSite(
                siteId: newSite.siteId
            });

-            if (req.user && req.userOrgRoleId != adminRole[0].roleId) {
+            if (req.user && !req.userOrgRoleIds?.includes(adminRole[0].roleId)) {
                // make sure the user can access the site
                trx.insert(userSites).values({
                    userId: req.user?.userId!,
--- a/server/routers/site/listSites.ts
+++ b/server/routers/site/listSites.ts
@@ -55,7 +55,7 @@ async function getLatestNewtVersion(): Promise<string | null> {
        tags = tags.filter((version) => !version.name.includes("rc"));
        const latestVersion = tags[0].name;

-        await cache.set("latestNewtVersion", latestVersion);
+        await cache.set("latestNewtVersion", latestVersion, 3600);

        return latestVersion;
    } catch (error: any) {
@@ -135,6 +135,15 @@ const listSitesSchema = z.object({
        .openapi({
            type: "boolean",
            description: "Filter by online status"
+        }),
+    status: z
+        .enum(["pending", "approved"])
+        .optional()
+        .catch(undefined)
+        .openapi({
+            type: "string",
+            enum: ["pending", "approved"],
+            description: "Filter by site status"
        })
 });

@@ -156,7 +165,8 @@ function querySitesBase() {
            exitNodeId: sites.exitNodeId,
            exitNodeName: exitNodes.name,
            exitNodeEndpoint: exitNodes.endpoint,
-            remoteExitNodeId: remoteExitNodes.remoteExitNodeId
+            remoteExitNodeId: remoteExitNodes.remoteExitNodeId,
+            status: sites.status
        })
        .from(sites)
        .leftJoin(orgs, eq(sites.orgId, orgs.orgId))
@@ -180,7 +190,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/sites",
    description: "List all sites in an organization",
-    tags: [OpenAPITags.Site],
+    tags: [OpenAPITags.Org, OpenAPITags.Site],
    request: {
        params: listSitesParamsSchema,
        query: listSitesSchema
@@ -235,7 +245,7 @@ export async function listSites(
                .where(
                    or(
                        eq(userSites.userId, req.user!.userId),
-                        eq(roleSites.roleId, req.userOrgRoleId!)
+                        inArray(roleSites.roleId, req.userOrgRoleIds!)
                    )
                );
        } else {
@@ -245,7 +255,7 @@ export async function listSites(
                .where(eq(sites.orgId, orgId));
        }

-        const { pageSize, page, query, sort_by, order, online } =
+        const { pageSize, page, query, sort_by, order, online, status } =
            parsedQuery.data;

        const accessibleSiteIds = accessibleSites.map((site) => site.siteId);
@@ -273,6 +283,9 @@ export async function listSites(
        if (typeof online !== "undefined") {
            conditions.push(eq(sites.online, online));
        }
+        if (typeof status !== "undefined") {
+            conditions.push(eq(sites.status, status));
+        }

        const baseQuery = querySitesBase().where(and(...conditions));

--- a/server/routers/site/updateSite.ts
+++ b/server/routers/site/updateSite.ts
@@ -19,7 +19,8 @@ const updateSiteBodySchema = z
    .strictObject({
        name: z.string().min(1).max(255).optional(),
        niceId: z.string().min(1).max(255).optional(),
-        dockerSocketEnabled: z.boolean().optional()
+        dockerSocketEnabled: z.boolean().optional(),
+        status: z.enum(["pending", "approved"]).optional(),
        // remoteSubnets: z.string().optional()
        // subdomain: z
        //     .string()