mirror of
https://github.com/fosrl/pangolin.git
synced 2026-03-01 00:06:38 +00:00
✨ create approval request and mark client approval as pending if the user's role requires it
This commit is contained in:
Fred KISSIE
@@ -1,21 +1,24 @@
|
|||||||
|
import { listExitNodes } from "#dynamic/lib/exitNodes";
|
||||||
|
import { build } from "@server/build";
|
||||||
import {
|
import {
|
||||||
|
approvals,
|
||||||
clients,
|
clients,
|
||||||
db,
|
db,
|
||||||
olms,
|
olms,
|
||||||
orgs,
|
orgs,
|
||||||
roleClients,
|
roleClients,
|
||||||
roles,
|
roles,
|
||||||
|
Transaction,
|
||||||
userClients,
|
userClients,
|
||||||
userOrgs,
|
userOrgs
|
||||||
Transaction
|
|
||||||
} from "@server/db";
|
} from "@server/db";
|
||||||
import { eq, and, notInArray } from "drizzle-orm";
|
|
||||||
import { listExitNodes } from "#dynamic/lib/exitNodes";
|
|
||||||
import { getNextAvailableClientSubnet } from "@server/lib/ip";
|
|
||||||
import logger from "@server/logger";
|
|
||||||
import { rebuildClientAssociationsFromClient } from "./rebuildClientAssociations";
|
|
||||||
import { sendTerminateClient } from "@server/routers/client/terminate";
|
|
||||||
import { getUniqueClientName } from "@server/db/names";
|
import { getUniqueClientName } from "@server/db/names";
|
||||||
|
import { getNextAvailableClientSubnet } from "@server/lib/ip";
|
||||||
|
import { isLicensedOrSubscribed } from "@server/lib/isLicencedOrSubscribed";
|
||||||
|
import logger from "@server/logger";
|
||||||
|
import { sendTerminateClient } from "@server/routers/client/terminate";
|
||||||
|
import { and, eq, notInArray, type InferInsertModel } from "drizzle-orm";
|
||||||
|
import { rebuildClientAssociationsFromClient } from "./rebuildClientAssociations";
|
||||||
|
|
||||||
export async function calculateUserClientsForOrgs(
|
export async function calculateUserClientsForOrgs(
|
||||||
userId: string,
|
userId: string,
|
||||||
@@ -38,13 +41,15 @@ export async function calculateUserClientsForOrgs(
|
|||||||
const allUserOrgs = await transaction
|
const allUserOrgs = await transaction
|
||||||
.select()
|
.select()
|
||||||
.from(userOrgs)
|
.from(userOrgs)
|
||||||
|
.innerJoin(roles, eq(roles.roleId, userOrgs.roleId))
|
||||||
.where(eq(userOrgs.userId, userId));
|
.where(eq(userOrgs.userId, userId));
|
||||||
|
|
||||||
const userOrgIds = allUserOrgs.map((uo) => uo.orgId);
|
const userOrgIds = allUserOrgs.map(({ userOrgs: uo }) => uo.orgId);
|
||||||
|
|
||||||
// For each OLM, ensure there's a client in each org the user is in
|
// For each OLM, ensure there's a client in each org the user is in
|
||||||
for (const olm of userOlms) {
|
for (const olm of userOlms) {
|
||||||
for (const userOrg of allUserOrgs) {
|
for (const userRoleOrg of allUserOrgs) {
|
||||||
|
const { userOrgs: userOrg, roles: role } = userRoleOrg;
|
||||||
const orgId = userOrg.orgId;
|
const orgId = userOrg.orgId;
|
||||||
|
|
||||||
const [org] = await transaction
|
const [org] = await transaction
|
||||||
@@ -182,21 +187,46 @@ export async function calculateUserClientsForOrgs(
|
|||||||
|
|
||||||
const niceId = await getUniqueClientName(orgId);
|
const niceId = await getUniqueClientName(orgId);
|
||||||
|
|
||||||
|
const isOrgLicensed = await isLicensedOrSubscribed(
|
||||||
|
userOrg.orgId
|
||||||
|
);
|
||||||
|
const requireApproval =
|
||||||
|
build !== "oss" &&
|
||||||
|
isOrgLicensed &&
|
||||||
|
role.requireDeviceApproval;
|
||||||
|
|
||||||
|
const newClientData: InferInsertModel<typeof clients> = {
|
||||||
|
userId,
|
||||||
|
orgId: userOrg.orgId,
|
||||||
|
exitNodeId: randomExitNode.exitNodeId,
|
||||||
|
name: olm.name || "User Client",
|
||||||
|
subnet: updatedSubnet,
|
||||||
|
olmId: olm.olmId,
|
||||||
|
type: "olm",
|
||||||
|
niceId,
|
||||||
|
approvalState: requireApproval ? "pending" : "approved"
|
||||||
|
};
|
||||||
|
|
||||||
// Create the client
|
// Create the client
|
||||||
const [newClient] = await transaction
|
const [newClient] = await transaction
|
||||||
.insert(clients)
|
.insert(clients)
|
||||||
.values({
|
.values(newClientData)
|
||||||
userId,
|
|
||||||
orgId: userOrg.orgId,
|
|
||||||
exitNodeId: randomExitNode.exitNodeId,
|
|
||||||
name: olm.name || "User Client",
|
|
||||||
subnet: updatedSubnet,
|
|
||||||
olmId: olm.olmId,
|
|
||||||
type: "olm",
|
|
||||||
niceId
|
|
||||||
})
|
|
||||||
.returning();
|
.returning();
|
||||||
|
|
||||||
|
// create approval request
|
||||||
|
if (requireApproval) {
|
||||||
|
await transaction
|
||||||
|
.insert(approvals)
|
||||||
|
.values({
|
||||||
|
timestamp: new Date().getTime() / 1000,
|
||||||
|
orgId: userOrg.orgId,
|
||||||
|
clientId: newClient.clientId,
|
||||||
|
userId,
|
||||||
|
type: "user_device"
|
||||||
|
})
|
||||||
|
.returning();
|
||||||
|
}
|
||||||
|
|
||||||
await rebuildClientAssociationsFromClient(
|
await rebuildClientAssociationsFromClient(
|
||||||
newClient,
|
newClient,
|
||||||
transaction
|
transaction
|
||||||
|
|||||||
Reference in New Issue
Block a user