From c027c8958b57475c10d92db87fe87a58bf968694 Mon Sep 17 00:00:00 2001 From: Owen Date: Thu, 9 Apr 2026 17:54:07 -0400 Subject: [PATCH] Add scheme --- server/db/pg/schema/schema.ts | 2 +- server/db/sqlite/schema/schema.ts | 2 +- server/lib/ip.ts | 21 ++++++++++---- .../siteResource/createSiteResource.ts | 29 ++----------------- .../siteResource/updateSiteResource.ts | 5 +++- 5 files changed, 25 insertions(+), 34 deletions(-) diff --git a/server/db/pg/schema/schema.ts b/server/db/pg/schema/schema.ts index 96c5b8ae6..8966bc0e4 100644 --- a/server/db/pg/schema/schema.ts +++ b/server/db/pg/schema/schema.ts @@ -231,7 +231,7 @@ export const siteResources = pgTable("siteResources", { niceId: varchar("niceId").notNull(), name: varchar("name").notNull(), mode: varchar("mode").$type<"host" | "cidr" | "http" | "https">().notNull(), // "host" | "cidr" | "http" | "https" - protocol: varchar("protocol"), // only for port mode + scheme: varchar("scheme").$type<"http" | "https">(), // only for when we are doing https or http mode proxyPort: integer("proxyPort"), // only for port mode destinationPort: integer("destinationPort"), // only for port mode destination: varchar("destination").notNull(), // ip, cidr, hostname; validate against the mode diff --git a/server/db/sqlite/schema/schema.ts b/server/db/sqlite/schema/schema.ts index 7dbbaf007..6205d0179 100644 --- a/server/db/sqlite/schema/schema.ts +++ b/server/db/sqlite/schema/schema.ts @@ -259,7 +259,7 @@ export const siteResources = sqliteTable("siteResources", { niceId: text("niceId").notNull(), name: text("name").notNull(), mode: text("mode").$type<"host" | "cidr" | "http" | "https">().notNull(), // "host" | "cidr" | "http" | "https" - protocol: text("protocol"), // only for port mode + scheme: text("scheme").$type<"http" | "https">(), // only for when we are doing https or http mode proxyPort: integer("proxyPort"), // only for port mode destinationPort: integer("destinationPort"), // only for port mode destination: text("destination").notNull(), // ip, cidr, hostname diff --git a/server/lib/ip.ts b/server/lib/ip.ts index c7d02dc1b..96ea04873 100644 --- a/server/lib/ip.ts +++ b/server/lib/ip.ts @@ -660,9 +660,14 @@ export function generateSubnetProxyTargetV2( destination = `${destination}/32`; } - if (!siteResource.alias || !siteResource.aliasAddress) { + if ( + !siteResource.alias || + !siteResource.aliasAddress || + !siteResource.destinationPort || + !siteResource.scheme + ) { logger.debug( - `Site resource ${siteResource.siteResourceId} is in HTTP/HTTPS mode but is missing alias or alias address, skipping alias target generation.` + `Site resource ${siteResource.siteResourceId} is in HTTP/HTTPS mode but is missing alias or alias address or destinationPort, skipping alias target generation.` ); return; } @@ -675,9 +680,15 @@ export function generateSubnetProxyTargetV2( disableIcmp, resourceId: siteResource.siteResourceId, protocol: siteResource.mode, // will be either http or https, - httpTargets: [], - tlsCert: "", - tlsKey: "" + httpTargets: [ + { + destAddr: siteResource.destination, + destPort: siteResource.destinationPort, + scheme: siteResource.scheme + } + ], + // tlsCert: "", + // tlsKey: "" }; } diff --git a/server/routers/siteResource/createSiteResource.ts b/server/routers/siteResource/createSiteResource.ts index e1b97bdca..437643be4 100644 --- a/server/routers/siteResource/createSiteResource.ts +++ b/server/routers/siteResource/createSiteResource.ts @@ -38,7 +38,7 @@ const createSiteResourceSchema = z name: z.string().min(1).max(255), mode: z.enum(["host", "cidr", "http", "https"]), siteId: z.int(), - // protocol: z.enum(["tcp", "udp"]).optional(), + scheme: z.enum(["http", "https"]).optional(), // proxyPort: z.int().positive().optional(), destinationPort: z.int().positive().optional(), destination: z.string().min(1), @@ -167,7 +167,7 @@ export async function createSiteResource( name, siteId, mode, - // protocol, + scheme, // proxyPort, destinationPort, destination, @@ -232,30 +232,6 @@ export async function createSiteResource( ); } - // // check if resource with same protocol and proxy port already exists (only for port mode) - // if (mode === "port" && protocol && proxyPort) { - // const [existingResource] = await db - // .select() - // .from(siteResources) - // .where( - // and( - // eq(siteResources.siteId, siteId), - // eq(siteResources.orgId, orgId), - // eq(siteResources.protocol, protocol), - // eq(siteResources.proxyPort, proxyPort) - // ) - // ) - // .limit(1); - // if (existingResource && existingResource.siteResourceId) { - // return next( - // createHttpError( - // HttpCode.CONFLICT, - // "A resource with the same protocol and proxy port already exists" - // ) - // ); - // } - // } - // make sure the alias is unique within the org if provided if (alias) { const [conflict] = await db @@ -300,6 +276,7 @@ export async function createSiteResource( name, mode, destination, + scheme, destinationPort, enabled, alias, diff --git a/server/routers/siteResource/updateSiteResource.ts b/server/routers/siteResource/updateSiteResource.ts index de4ad3398..22e57383c 100644 --- a/server/routers/siteResource/updateSiteResource.ts +++ b/server/routers/siteResource/updateSiteResource.ts @@ -52,7 +52,7 @@ const updateSiteResourceSchema = z .optional(), // mode: z.enum(["host", "cidr", "port"]).optional(), mode: z.enum(["host", "cidr", "http", "https"]).optional(), - // protocol: z.enum(["tcp", "udp"]).nullish(), + scheme: z.enum(["http", "https"]).nullish(), // proxyPort: z.int().positive().nullish(), destinationPort: z.int().positive().nullish(), destination: z.string().min(1).optional(), @@ -182,6 +182,7 @@ export async function updateSiteResource( siteId, // because it can change niceId, mode, + scheme, destination, destinationPort, alias, @@ -354,6 +355,7 @@ export async function updateSiteResource( siteId, niceId, mode, + scheme, destination, destinationPort, enabled, @@ -458,6 +460,7 @@ export async function updateSiteResource( name: name, siteId: siteId, mode: mode, + scheme, destination: destination, destinationPort: destinationPort, enabled: enabled,