Merge branch 'logging-provision' into dev

2026-03-30 14:36:46 +00:00 · 2026-03-29 13:59:14 -07:00
parent 9808a48da0 a3b088f8d2
commit 9dc9b6a2c3
43 changed files with 4458 additions and 36 deletions
--- a/server/db/pg/schema/privateSchema.ts
+++ b/server/db/pg/schema/privateSchema.ts
@@ -7,7 +7,8 @@ import {
    bigint,
    real,
    text,
-    index
+    index,
+    primaryKey
 } from "drizzle-orm/pg-core";
 import { InferSelectModel } from "drizzle-orm";
 import {
@@ -17,7 +18,9 @@ import {
    users,
    exitNodes,
    sessions,
-    clients
+    clients,
+    siteResources,
+    sites
 } from "./schema";

 export const certificates = pgTable("certificates", {
@@ -89,7 +92,9 @@ export const subscriptions = pgTable("subscriptions", {

 export const subscriptionItems = pgTable("subscriptionItems", {
    subscriptionItemId: serial("subscriptionItemId").primaryKey(),
-    stripeSubscriptionItemId: varchar("stripeSubscriptionItemId", { length: 255 }),
+    stripeSubscriptionItemId: varchar("stripeSubscriptionItemId", {
+        length: 255
+    }),
    subscriptionId: varchar("subscriptionId", { length: 255 })
        .notNull()
        .references(() => subscriptions.subscriptionId, {
@@ -302,6 +307,45 @@ export const accessAuditLog = pgTable(
    ]
 );

+export const connectionAuditLog = pgTable(
+    "connectionAuditLog",
+    {
+        id: serial("id").primaryKey(),
+        sessionId: text("sessionId").notNull(),
+        siteResourceId: integer("siteResourceId").references(
+            () => siteResources.siteResourceId,
+            { onDelete: "cascade" }
+        ),
+        orgId: text("orgId").references(() => orgs.orgId, {
+            onDelete: "cascade"
+        }),
+        siteId: integer("siteId").references(() => sites.siteId, {
+            onDelete: "cascade"
+        }),
+        clientId: integer("clientId").references(() => clients.clientId, {
+            onDelete: "cascade"
+        }),
+        userId: text("userId").references(() => users.userId, {
+            onDelete: "cascade"
+        }),
+        sourceAddr: text("sourceAddr").notNull(),
+        destAddr: text("destAddr").notNull(),
+        protocol: text("protocol").notNull(),
+        startedAt: integer("startedAt").notNull(),
+        endedAt: integer("endedAt"),
+        bytesTx: integer("bytesTx"),
+        bytesRx: integer("bytesRx")
+    },
+    (table) => [
+        index("idx_accessAuditLog_startedAt").on(table.startedAt),
+        index("idx_accessAuditLog_org_startedAt").on(
+            table.orgId,
+            table.startedAt
+        ),
+        index("idx_accessAuditLog_siteResourceId").on(table.siteResourceId)
+    ]
+);
+
 export const approvals = pgTable("approvals", {
    approvalId: serial("approvalId").primaryKey(),
    timestamp: integer("timestamp").notNull(), // this is EPOCH time in seconds
@@ -329,13 +373,48 @@ export const approvals = pgTable("approvals", {
 });

 export const bannedEmails = pgTable("bannedEmails", {
-    email: varchar("email", { length: 255 }).primaryKey(),
+    email: varchar("email", { length: 255 }).primaryKey()
 });

 export const bannedIps = pgTable("bannedIps", {
-    ip: varchar("ip", { length: 255 }).primaryKey(),
+    ip: varchar("ip", { length: 255 }).primaryKey()
 });

+export const siteProvisioningKeys = pgTable("siteProvisioningKeys", {
+    siteProvisioningKeyId: varchar("siteProvisioningKeyId", {
+        length: 255
+    }).primaryKey(),
+    name: varchar("name", { length: 255 }).notNull(),
+    siteProvisioningKeyHash: text("siteProvisioningKeyHash").notNull(),
+    lastChars: varchar("lastChars", { length: 4 }).notNull(),
+    createdAt: varchar("dateCreated", { length: 255 }).notNull(),
+    lastUsed: varchar("lastUsed", { length: 255 }),
+    maxBatchSize: integer("maxBatchSize"), // null = no limit
+    numUsed: integer("numUsed").notNull().default(0),
+    validUntil: varchar("validUntil", { length: 255 })
+});
+
+export const siteProvisioningKeyOrg = pgTable(
+    "siteProvisioningKeyOrg",
+    {
+        siteProvisioningKeyId: varchar("siteProvisioningKeyId", {
+            length: 255
+        })
+            .notNull()
+            .references(() => siteProvisioningKeys.siteProvisioningKeyId, {
+                onDelete: "cascade"
+            }),
+        orgId: varchar("orgId", { length: 255 })
+            .notNull()
+            .references(() => orgs.orgId, { onDelete: "cascade" })
+    },
+    (table) => [
+        primaryKey({
+            columns: [table.siteProvisioningKeyId, table.orgId]
+        })
+    ]
+);
+
 export type Approval = InferSelectModel<typeof approvals>;
 export type Limit = InferSelectModel<typeof limits>;
 export type Account = InferSelectModel<typeof account>;
@@ -357,3 +436,4 @@ export type LoginPage = InferSelectModel<typeof loginPage>;
 export type LoginPageBranding = InferSelectModel<typeof loginPageBranding>;
 export type ActionAuditLog = InferSelectModel<typeof actionAuditLog>;
 export type AccessAuditLog = InferSelectModel<typeof accessAuditLog>;
+export type ConnectionAuditLog = InferSelectModel<typeof connectionAuditLog>;
--- a/server/db/pg/schema/schema.ts
+++ b/server/db/pg/schema/schema.ts
@@ -57,6 +57,9 @@ export const orgs = pgTable("orgs", {
    settingsLogRetentionDaysAction: integer("settingsLogRetentionDaysAction") // where 0 = dont keep logs and -1 = keep forever and 9001 = end of the following year
        .notNull()
        .default(0),
+    settingsLogRetentionDaysConnection: integer("settingsLogRetentionDaysConnection") // where 0 = dont keep logs and -1 = keep forever and 9001 = end of the following year
+        .notNull()
+        .default(0),
    sshCaPrivateKey: text("sshCaPrivateKey"), // Encrypted SSH CA private key (PEM format)
    sshCaPublicKey: text("sshCaPublicKey"), // SSH CA public key (OpenSSH format)
    isBillingOrg: boolean("isBillingOrg"),
--- a/server/db/sqlite/schema/privateSchema.ts
+++ b/server/db/sqlite/schema/privateSchema.ts
@@ -2,11 +2,12 @@ import { InferSelectModel } from "drizzle-orm";
 import {
    index,
    integer,
+    primaryKey,
    real,
    sqliteTable,
    text
 } from "drizzle-orm/sqlite-core";
-import { clients, domains, exitNodes, orgs, sessions, users } from "./schema";
+import { clients, domains, exitNodes, orgs, sessions, siteResources, sites, users } from "./schema";

 export const certificates = sqliteTable("certificates", {
    certId: integer("certId").primaryKey({ autoIncrement: true }),
@@ -294,6 +295,45 @@ export const accessAuditLog = sqliteTable(
    ]
 );

+export const connectionAuditLog = sqliteTable(
+    "connectionAuditLog",
+    {
+        id: integer("id").primaryKey({ autoIncrement: true }),
+        sessionId: text("sessionId").notNull(),
+        siteResourceId: integer("siteResourceId").references(
+            () => siteResources.siteResourceId,
+            { onDelete: "cascade" }
+        ),
+        orgId: text("orgId").references(() => orgs.orgId, {
+            onDelete: "cascade"
+        }),
+        siteId: integer("siteId").references(() => sites.siteId, {
+            onDelete: "cascade"
+        }),
+        clientId: integer("clientId").references(() => clients.clientId, {
+            onDelete: "cascade"
+        }),
+        userId: text("userId").references(() => users.userId, {
+            onDelete: "cascade"
+        }),
+        sourceAddr: text("sourceAddr").notNull(),
+        destAddr: text("destAddr").notNull(),
+        protocol: text("protocol").notNull(),
+        startedAt: integer("startedAt").notNull(),
+        endedAt: integer("endedAt"),
+        bytesTx: integer("bytesTx"),
+        bytesRx: integer("bytesRx")
+    },
+    (table) => [
+        index("idx_accessAuditLog_startedAt").on(table.startedAt),
+        index("idx_accessAuditLog_org_startedAt").on(
+            table.orgId,
+            table.startedAt
+        ),
+        index("idx_accessAuditLog_siteResourceId").on(table.siteResourceId)
+    ]
+);
+
 export const approvals = sqliteTable("approvals", {
    approvalId: integer("approvalId").primaryKey({ autoIncrement: true }),
    timestamp: integer("timestamp").notNull(), // this is EPOCH time in seconds
@@ -318,7 +358,6 @@ export const approvals = sqliteTable("approvals", {
        .notNull()
 });

-
 export const bannedEmails = sqliteTable("bannedEmails", {
    email: text("email").primaryKey()
 });
@@ -327,6 +366,37 @@ export const bannedIps = sqliteTable("bannedIps", {
    ip: text("ip").primaryKey()
 });

+export const siteProvisioningKeys = sqliteTable("siteProvisioningKeys", {
+    siteProvisioningKeyId: text("siteProvisioningKeyId").primaryKey(),
+    name: text("name").notNull(),
+    siteProvisioningKeyHash: text("siteProvisioningKeyHash").notNull(),
+    lastChars: text("lastChars").notNull(),
+    createdAt: text("dateCreated").notNull(),
+    lastUsed: text("lastUsed"),
+    maxBatchSize: integer("maxBatchSize"), // null = no limit
+    numUsed: integer("numUsed").notNull().default(0),
+    validUntil: text("validUntil")
+});
+
+export const siteProvisioningKeyOrg = sqliteTable(
+    "siteProvisioningKeyOrg",
+    {
+        siteProvisioningKeyId: text("siteProvisioningKeyId")
+            .notNull()
+            .references(() => siteProvisioningKeys.siteProvisioningKeyId, {
+                onDelete: "cascade"
+            }),
+        orgId: text("orgId")
+            .notNull()
+            .references(() => orgs.orgId, { onDelete: "cascade" })
+    },
+    (table) => [
+        primaryKey({
+            columns: [table.siteProvisioningKeyId, table.orgId]
+        })
+    ]
+);
+
 export type Approval = InferSelectModel<typeof approvals>;
 export type Limit = InferSelectModel<typeof limits>;
 export type Account = InferSelectModel<typeof account>;
@@ -348,3 +418,4 @@ export type LoginPage = InferSelectModel<typeof loginPage>;
 export type LoginPageBranding = InferSelectModel<typeof loginPageBranding>;
 export type ActionAuditLog = InferSelectModel<typeof actionAuditLog>;
 export type AccessAuditLog = InferSelectModel<typeof accessAuditLog>;
+export type ConnectionAuditLog = InferSelectModel<typeof connectionAuditLog>;
--- a/server/db/sqlite/schema/schema.ts
+++ b/server/db/sqlite/schema/schema.ts
@@ -54,6 +54,9 @@ export const orgs = sqliteTable("orgs", {
    settingsLogRetentionDaysAction: integer("settingsLogRetentionDaysAction") // where 0 = dont keep logs and -1 = keep forever and 9001 = end of the following year
        .notNull()
        .default(0),
+    settingsLogRetentionDaysConnection: integer("settingsLogRetentionDaysConnection") // where 0 = dont keep logs and -1 = keep forever and 9001 = end of the following year
+        .notNull()
+        .default(0),
    sshCaPrivateKey: text("sshCaPrivateKey"), // Encrypted SSH CA private key (PEM format)
    sshCaPublicKey: text("sshCaPublicKey"), // SSH CA public key (OpenSSH format)
    isBillingOrg: integer("isBillingOrg", { mode: "boolean" }),