From 03d95874e6dbccc746091fdac8d7c784b83f3774 Mon Sep 17 00:00:00 2001 From: Owen Date: Mon, 13 Apr 2026 20:44:35 -0700 Subject: [PATCH] Proxy targets returns an array --- server/lib/ip.ts | 90 +++++++++---------- server/lib/rebuildClientAssociations.ts | 24 ++--- server/routers/newt/buildConfiguration.ts | 6 +- .../siteResource/updateSiteResource.ts | 8 +- 4 files changed, 64 insertions(+), 64 deletions(-) diff --git a/server/lib/ip.ts b/server/lib/ip.ts index 7f829bcef..633983629 100644 --- a/server/lib/ip.ts +++ b/server/lib/ip.ts @@ -591,7 +591,7 @@ export function generateSubnetProxyTargetV2( pubKey: string | null; subnet: string | null; }[] -): SubnetProxyTargetV2 | undefined { +): SubnetProxyTargetV2[] | undefined { if (clients.length === 0) { logger.debug( `No clients have access to site resource ${siteResource.siteResourceId}, skipping target generation.` @@ -599,7 +599,7 @@ export function generateSubnetProxyTargetV2( return; } - let target: SubnetProxyTargetV2 | null = null; + let targets: SubnetProxyTargetV2[] = []; const portRange = [ ...parsePortRangeString(siteResource.tcpPortRangeString, "tcp"), @@ -614,52 +614,54 @@ export function generateSubnetProxyTargetV2( if (ipSchema.safeParse(destination).success) { destination = `${destination}/32`; - target = { + targets.push({ sourcePrefixes: [], destPrefix: destination, portRange, disableIcmp, - resourceId: siteResource.siteResourceId, - }; + resourceId: siteResource.siteResourceId + }); } if (siteResource.alias && siteResource.aliasAddress) { // also push a match for the alias address - target = { + targets.push({ sourcePrefixes: [], destPrefix: `${siteResource.aliasAddress}/32`, rewriteTo: destination, portRange, disableIcmp, - resourceId: siteResource.siteResourceId, - }; + resourceId: siteResource.siteResourceId + }); } } else if (siteResource.mode == "cidr") { - target = { + targets.push({ sourcePrefixes: [], destPrefix: siteResource.destination, portRange, disableIcmp, - resourceId: siteResource.siteResourceId, - }; + resourceId: siteResource.siteResourceId + }); } - if (!target) { + if (targets.length == 0) { return; } - for (const clientSite of clients) { - if (!clientSite.subnet) { - logger.debug( - `Client ${clientSite.clientId} has no subnet, skipping for site resource ${siteResource.siteResourceId}.` - ); - continue; + for (const target of targets) { + for (const clientSite of clients) { + if (!clientSite.subnet) { + logger.debug( + `Client ${clientSite.clientId} has no subnet, skipping for site resource ${siteResource.siteResourceId}.` + ); + continue; + } + + const clientPrefix = `${clientSite.subnet.split("/")[0]}/32`; + + // add client prefix to source prefixes + target.sourcePrefixes.push(clientPrefix); } - - const clientPrefix = `${clientSite.subnet.split("/")[0]}/32`; - - // add client prefix to source prefixes - target.sourcePrefixes.push(clientPrefix); } // print a nice representation of the targets @@ -667,36 +669,34 @@ export function generateSubnetProxyTargetV2( // `Generated subnet proxy targets for: ${JSON.stringify(targets, null, 2)}` // ); - return target; + return targets; } - /** * Converts a SubnetProxyTargetV2 to an array of SubnetProxyTarget (v1) * by expanding each source prefix into its own target entry. * @param targetV2 - The v2 target to convert * @returns Array of v1 SubnetProxyTarget objects */ - export function convertSubnetProxyTargetsV2ToV1( - targetsV2: SubnetProxyTargetV2[] - ): SubnetProxyTarget[] { - return targetsV2.flatMap((targetV2) => - targetV2.sourcePrefixes.map((sourcePrefix) => ({ - sourcePrefix, - destPrefix: targetV2.destPrefix, - ...(targetV2.disableIcmp !== undefined && { - disableIcmp: targetV2.disableIcmp - }), - ...(targetV2.rewriteTo !== undefined && { - rewriteTo: targetV2.rewriteTo - }), - ...(targetV2.portRange !== undefined && { - portRange: targetV2.portRange - }) - })) - ); - } - +export function convertSubnetProxyTargetsV2ToV1( + targetsV2: SubnetProxyTargetV2[] +): SubnetProxyTarget[] { + return targetsV2.flatMap((targetV2) => + targetV2.sourcePrefixes.map((sourcePrefix) => ({ + sourcePrefix, + destPrefix: targetV2.destPrefix, + ...(targetV2.disableIcmp !== undefined && { + disableIcmp: targetV2.disableIcmp + }), + ...(targetV2.rewriteTo !== undefined && { + rewriteTo: targetV2.rewriteTo + }), + ...(targetV2.portRange !== undefined && { + portRange: targetV2.portRange + }) + })) + ); +} // Custom schema for validating port range strings // Format: "80,443,8000-9000" or "*" for all ports, or empty string diff --git a/server/lib/rebuildClientAssociations.ts b/server/lib/rebuildClientAssociations.ts index 8459ce249..d636a2f2b 100644 --- a/server/lib/rebuildClientAssociations.ts +++ b/server/lib/rebuildClientAssociations.ts @@ -661,16 +661,16 @@ async function handleSubnetProxyTargetUpdates( ); if (addedClients.length > 0) { - const targetToAdd = generateSubnetProxyTargetV2( + const targetsToAdd = generateSubnetProxyTargetV2( siteResource, addedClients ); - if (targetToAdd) { + if (targetsToAdd) { proxyJobs.push( addSubnetProxyTargets( newt.newtId, - [targetToAdd], + targetsToAdd, newt.version ) ); @@ -698,16 +698,16 @@ async function handleSubnetProxyTargetUpdates( ); if (removedClients.length > 0) { - const targetToRemove = generateSubnetProxyTargetV2( + const targetsToRemove = generateSubnetProxyTargetV2( siteResource, removedClients ); - if (targetToRemove) { + if (targetsToRemove) { proxyJobs.push( removeSubnetProxyTargets( newt.newtId, - [targetToRemove], + targetsToRemove, newt.version ) ); @@ -1164,7 +1164,7 @@ async function handleMessagesForClientResources( } for (const resource of resources) { - const target = generateSubnetProxyTargetV2(resource, [ + const targets = generateSubnetProxyTargetV2(resource, [ { clientId: client.clientId, pubKey: client.pubKey, @@ -1172,11 +1172,11 @@ async function handleMessagesForClientResources( } ]); - if (target) { + if (targets) { proxyJobs.push( addSubnetProxyTargets( newt.newtId, - [target], + targets, newt.version ) ); @@ -1241,7 +1241,7 @@ async function handleMessagesForClientResources( } for (const resource of resources) { - const target = generateSubnetProxyTargetV2(resource, [ + const targets = generateSubnetProxyTargetV2(resource, [ { clientId: client.clientId, pubKey: client.pubKey, @@ -1249,11 +1249,11 @@ async function handleMessagesForClientResources( } ]); - if (target) { + if (targets) { proxyJobs.push( removeSubnetProxyTargets( newt.newtId, - [target], + targets, newt.version ) ); diff --git a/server/routers/newt/buildConfiguration.ts b/server/routers/newt/buildConfiguration.ts index 35d52816e..afb196152 100644 --- a/server/routers/newt/buildConfiguration.ts +++ b/server/routers/newt/buildConfiguration.ts @@ -168,13 +168,13 @@ export async function buildClientConfigurationForNewtClient( ) ); - const resourceTarget = generateSubnetProxyTargetV2( + const resourceTargets = generateSubnetProxyTargetV2( resource, resourceClients ); - if (resourceTarget) { - targetsToSend.push(resourceTarget); + if (resourceTargets) { + targetsToSend.push(...resourceTargets); } } diff --git a/server/routers/siteResource/updateSiteResource.ts b/server/routers/siteResource/updateSiteResource.ts index 8f56ece0f..ab70d0fce 100644 --- a/server/routers/siteResource/updateSiteResource.ts +++ b/server/routers/siteResource/updateSiteResource.ts @@ -618,11 +618,11 @@ export async function handleMessagingForUpdatedSiteResource( // Only update targets on newt if destination changed if (destinationChanged || portRangesChanged) { - const oldTarget = generateSubnetProxyTargetV2( + const oldTargets = generateSubnetProxyTargetV2( existingSiteResource, mergedAllClients ); - const newTarget = generateSubnetProxyTargetV2( + const newTargets = generateSubnetProxyTargetV2( updatedSiteResource, mergedAllClients ); @@ -630,8 +630,8 @@ export async function handleMessagingForUpdatedSiteResource( await updateTargets( newt.newtId, { - oldTargets: oldTarget ? [oldTarget] : [], - newTargets: newTarget ? [newTarget] : [] + oldTargets: oldTargets ? oldTargets : [], + newTargets: newTargets ? newTargets : [] }, newt.version );