Merge branch 'logging-provision' into dev

2026-03-31 06:56:39 +00:00 · 2026-03-29 13:59:14 -07:00
parent 9808a48da0 a3b088f8d2
commit 9dc9b6a2c3
43 changed files with 4458 additions and 36 deletions
--- a/server/lib/billing/tierMatrix.ts
+++ b/server/lib/billing/tierMatrix.ts
@@ -8,6 +8,7 @@ export enum TierFeature {
    LogExport = "logExport",
    AccessLogs = "accessLogs", // set the retention period to none on downgrade
    ActionLogs = "actionLogs", // set the retention period to none on downgrade
+    ConnectionLogs = "connectionLogs",
    RotateCredentials = "rotateCredentials",
    MaintencePage = "maintencePage", // handle downgrade
    DevicePosture = "devicePosture",
@@ -16,7 +17,8 @@ export enum TierFeature {
    PasswordExpirationPolicies = "passwordExpirationPolicies", // handle downgrade by setting to default duration
    AutoProvisioning = "autoProvisioning", // handle downgrade by disabling auto provisioning
    SshPam = "sshPam",
-    FullRbac = "fullRbac"
+    FullRbac = "fullRbac",
+    SiteProvisioningKeys = "siteProvisioningKeys" // handle downgrade by revoking keys if needed
 }

 export const tierMatrix: Record<TierFeature, Tier[]> = {
@@ -27,6 +29,7 @@ export const tierMatrix: Record<TierFeature, Tier[]> = {
    [TierFeature.LogExport]: ["tier3", "enterprise"],
    [TierFeature.AccessLogs]: ["tier2", "tier3", "enterprise"],
    [TierFeature.ActionLogs]: ["tier2", "tier3", "enterprise"],
+    [TierFeature.ConnectionLogs]: ["tier2", "tier3", "enterprise"],
    [TierFeature.RotateCredentials]: ["tier1", "tier2", "tier3", "enterprise"],
    [TierFeature.MaintencePage]: ["tier1", "tier2", "tier3", "enterprise"],
    [TierFeature.DevicePosture]: ["tier2", "tier3", "enterprise"],
@@ -50,5 +53,6 @@ export const tierMatrix: Record<TierFeature, Tier[]> = {
    ],
    [TierFeature.AutoProvisioning]: ["tier1", "tier3", "enterprise"],
    [TierFeature.SshPam]: ["tier1", "tier3", "enterprise"],
-    [TierFeature.FullRbac]: ["tier1", "tier2", "tier3", "enterprise"]
+    [TierFeature.FullRbac]: ["tier1", "tier2", "tier3", "enterprise"],
+    [TierFeature.SiteProvisioningKeys]: ["enterprise"]
 };
--- a/server/lib/cleanupLogs.ts
+++ b/server/lib/cleanupLogs.ts
@@ -2,6 +2,7 @@ import { db, orgs } from "@server/db";
 import { cleanUpOldLogs as cleanUpOldAccessLogs } from "#dynamic/lib/logAccessAudit";
 import { cleanUpOldLogs as cleanUpOldActionLogs } from "#dynamic/middlewares/logActionAudit";
 import { cleanUpOldLogs as cleanUpOldRequestLogs } from "@server/routers/badger/logRequestAudit";
+import { cleanUpOldLogs as cleanUpOldConnectionLogs } from "#dynamic/routers/newt";
 import { gt, or } from "drizzle-orm";
 import { cleanUpOldFingerprintSnapshots } from "@server/routers/olm/fingerprintingUtils";
 import { build } from "@server/build";
@@ -20,14 +21,17 @@ export function initLogCleanupInterval() {
                    settingsLogRetentionDaysAccess:
                        orgs.settingsLogRetentionDaysAccess,
                    settingsLogRetentionDaysRequest:
-                        orgs.settingsLogRetentionDaysRequest
+                        orgs.settingsLogRetentionDaysRequest,
+                    settingsLogRetentionDaysConnection:
+                        orgs.settingsLogRetentionDaysConnection
                })
                .from(orgs)
                .where(
                    or(
                        gt(orgs.settingsLogRetentionDaysAction, 0),
                        gt(orgs.settingsLogRetentionDaysAccess, 0),
-                        gt(orgs.settingsLogRetentionDaysRequest, 0)
+                        gt(orgs.settingsLogRetentionDaysRequest, 0),
+                        gt(orgs.settingsLogRetentionDaysConnection, 0)
                    )
                );

@@ -37,7 +41,8 @@ export function initLogCleanupInterval() {
                    orgId,
                    settingsLogRetentionDaysAction,
                    settingsLogRetentionDaysAccess,
-                    settingsLogRetentionDaysRequest
+                    settingsLogRetentionDaysRequest,
+                    settingsLogRetentionDaysConnection
                } = org;

                if (settingsLogRetentionDaysAction > 0) {
@@ -60,6 +65,13 @@ export function initLogCleanupInterval() {
                        settingsLogRetentionDaysRequest
                    );
                }
+
+                if (settingsLogRetentionDaysConnection > 0) {
+                    await cleanUpOldConnectionLogs(
+                        orgId,
+                        settingsLogRetentionDaysConnection
+                    );
+                }
            }

            await cleanUpOldFingerprintSnapshots(365);
--- a/server/lib/ip.ts
+++ b/server/lib/ip.ts
@@ -581,6 +581,7 @@ export type SubnetProxyTargetV2 = {
        max: number;
        protocol: "tcp" | "udp";
    }[];
+    resourceId?: number;
 };

 export function generateSubnetProxyTargetV2(
@@ -617,7 +618,8 @@ export function generateSubnetProxyTargetV2(
                sourcePrefixes: [],
                destPrefix: destination,
                portRange,
-                disableIcmp
+                disableIcmp,
+                resourceId: siteResource.siteResourceId,
            };
        }

@@ -628,7 +630,8 @@ export function generateSubnetProxyTargetV2(
                destPrefix: `${siteResource.aliasAddress}/32`,
                rewriteTo: destination,
                portRange,
-                disableIcmp
+                disableIcmp,
+                resourceId: siteResource.siteResourceId,
            };
        }
    } else if (siteResource.mode == "cidr") {
@@ -636,7 +639,8 @@ export function generateSubnetProxyTargetV2(
            sourcePrefixes: [],
            destPrefix: siteResource.destination,
            portRange,
-            disableIcmp
+            disableIcmp,
+            resourceId: siteResource.siteResourceId,
        };
    }