pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-04-11 12:26:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Working

Browse Source
This commit is contained in:
Owen
2026-04-10 17:21:54 -04:00
parent 510931e7d6
commit a19f0acfb9
4 changed files with 36 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
server/lib/ip.ts
View File

@@ -5,6 +5,7 @@ import config from "@server/lib/config";
import z from "zod"; import z from "zod";
import logger from "@server/logger"; import logger from "@server/logger";
import semver from "semver"; import semver from "semver";
import { getValidCertificatesForDomains } from "#private/lib/certificates";
interface IPRange { interface IPRange {
start: bigint; start: bigint;
@@ -594,14 +595,14 @@ export type HTTPTarget = {
scheme: "http" | "https"; scheme: "http" | "https";
}; };
export function generateSubnetProxyTargetV2( export async function generateSubnetProxyTargetV2(
siteResource: SiteResource, siteResource: SiteResource,
clients: { clients: {
clientId: number; clientId: number;
pubKey: string | null; pubKey: string | null;
subnet: string | null; subnet: string | null;
}[] }[]
): SubnetProxyTargetV2 | undefined { ): Promise<SubnetProxyTargetV2 | undefined> {
if (clients.length === 0) { if (clients.length === 0) {
logger.debug( logger.debug(
`No clients have access to site resource ${siteResource.siteResourceId}, skipping target generation.` `No clients have access to site resource ${siteResource.siteResourceId}, skipping target generation.`
@@ -672,6 +673,30 @@ export function generateSubnetProxyTargetV2(
return; return;
} }
// also push a match for the alias address // also push a match for the alias address
let tlsCert: string | undefined;
let tlsKey: string | undefined;
if (siteResource.ssl && siteResource.alias) {
try {
const certs = await getValidCertificatesForDomains(
new Set([siteResource.alias]),
true
);
if (certs.length > 0 && certs[0].certFile && certs[0].keyFile) {
tlsCert = certs[0].certFile;
tlsKey = certs[0].keyFile;
} else {
logger.warn(
`No valid certificate found for SSL site resource ${siteResource.siteResourceId} with domain ${siteResource.alias}`
);
}
} catch (err) {
logger.error(
`Failed to retrieve certificate for site resource ${siteResource.siteResourceId} domain ${siteResource.alias}: ${err}`
);
}
}
target = { target = {
sourcePrefixes: [], sourcePrefixes: [],
destPrefix: `${siteResource.aliasAddress}/32`, destPrefix: `${siteResource.aliasAddress}/32`,
@@ -679,7 +704,7 @@ export function generateSubnetProxyTargetV2(
portRange, portRange,
disableIcmp, disableIcmp,
resourceId: siteResource.siteResourceId, resourceId: siteResource.siteResourceId,
protocol: siteResource.mode, // will be either http or https, protocol: siteResource.ssl ? "https" : "http",
httpTargets: [ httpTargets: [
{ {
destAddr: siteResource.destination, destAddr: siteResource.destination,
@@ -687,8 +712,7 @@ export function generateSubnetProxyTargetV2(
scheme: siteResource.scheme scheme: siteResource.scheme
} }
], ],
// tlsCert: "", ...(tlsCert && tlsKey ? { tlsCert, tlsKey } : {})
// tlsKey: ""
}; };
} }

8
server/lib/rebuildClientAssociations.ts
View File

@@ -661,7 +661,7 @@ async function handleSubnetProxyTargetUpdates(
); );
if (addedClients.length > 0) { if (addedClients.length > 0) {
const targetToAdd = generateSubnetProxyTargetV2( const targetToAdd = await generateSubnetProxyTargetV2(
siteResource, siteResource,
addedClients addedClients
); );
@@ -698,7 +698,7 @@ async function handleSubnetProxyTargetUpdates(
); );
if (removedClients.length > 0) { if (removedClients.length > 0) {
const targetToRemove = generateSubnetProxyTargetV2( const targetToRemove = await generateSubnetProxyTargetV2(
siteResource, siteResource,
removedClients removedClients
); );
@@ -1164,7 +1164,7 @@ async function handleMessagesForClientResources(
} }
for (const resource of resources) { for (const resource of resources) {
const target = generateSubnetProxyTargetV2(resource, [ const target = await generateSubnetProxyTargetV2(resource, [
{ {
clientId: client.clientId, clientId: client.clientId,
pubKey: client.pubKey, pubKey: client.pubKey,
@@ -1241,7 +1241,7 @@ async function handleMessagesForClientResources(
} }
for (const resource of resources) { for (const resource of resources) {
const target = generateSubnetProxyTargetV2(resource, [ const target = await generateSubnetProxyTargetV2(resource, [
{ {
clientId: client.clientId, clientId: client.clientId,
pubKey: client.pubKey, pubKey: client.pubKey,

2
server/routers/newt/buildConfiguration.ts
View File

@@ -168,7 +168,7 @@ export async function buildClientConfigurationForNewtClient(
) )
); );
const resourceTarget = generateSubnetProxyTargetV2( const resourceTarget = await generateSubnetProxyTargetV2(
resource, resource,
resourceClients resourceClients
); );

4
server/routers/siteResource/updateSiteResource.ts
View File

@@ -634,11 +634,11 @@ export async function handleMessagingForUpdatedSiteResource(
// Only update targets on newt if destination changed // Only update targets on newt if destination changed
if (destinationChanged || portRangesChanged) { if (destinationChanged || portRangesChanged) {
const oldTarget = generateSubnetProxyTargetV2( const oldTarget = await generateSubnetProxyTargetV2(
existingSiteResource, existingSiteResource,
mergedAllClients mergedAllClients
); );
const newTarget = generateSubnetProxyTargetV2( const newTarget = await generateSubnetProxyTargetV2(
updatedSiteResource, updatedSiteResource,
mergedAllClients mergedAllClients
); );