pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-02-28 15:56:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Chungus

Browse Source
This commit is contained in:
Owen
2025-10-04 18:36:44 -07:00
parent 3123f858bb
commit c2c907852d
320 changed files with 35785 additions and 2984 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
server/routers/resource/createResource.ts
View File

@@ -1,6 +1,6 @@
import { Request, Response, NextFunction } from "express";
import { z } from "zod";
import { db } from "@server/db";
import { db, loginPage } from "@server/db";
import {
domains,
orgDomains,
@@ -21,6 +21,7 @@ import { subdomainSchema } from "@server/lib/schemas";
import config from "@server/lib/config";
import { OpenAPITags, registry } from "@server/openApi";
import { build } from "@server/build";
import { createCertificate } from "../private/certificates/createCertificate";
import { getUniqueResourceName } from "@server/db/names";
import { validateAndConstructDomain } from "@server/lib/domainUtils";
@@ -54,7 +55,7 @@ const createRawResourceSchema = z
name: z.string().min(1).max(255),
http: z.boolean(),
protocol: z.enum(["tcp", "udp"]),
proxyPort: z.number().int().min(1).max(65535),
proxyPort: z.number().int().min(1).max(65535)
// enableProxy: z.boolean().default(true) // always true now
})
.strict()
@@ -142,10 +143,7 @@ export async function createResource(
const { http } = req.body;
if (http) {
return await createHttpResource(
{ req, res, next },
{ orgId }
);
return await createHttpResource({ req, res, next }, { orgId });
} else {
if (
!config.getRawConfig().flags?.allow_raw_resources &&
@@ -158,10 +156,7 @@ export async function createResource(
)
);
}
return await createRawResource(
{ req, res, next },
{ orgId }
);
return await createRawResource({ req, res, next }, { orgId });
}
} catch (error) {
logger.error(error);
@@ -198,15 +193,14 @@ async function createHttpResource(
const subdomain = parsedBody.data.subdomain;
// Validate domain and construct full domain
const domainResult = await validateAndConstructDomain(domainId, orgId, subdomain);
const domainResult = await validateAndConstructDomain(
domainId,
orgId,
subdomain
);
if (!domainResult.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
domainResult.error
)
);
return next(createHttpError(HttpCode.BAD_REQUEST, domainResult.error));
}
const { fullDomain, subdomain: finalSubdomain } = domainResult;
@@ -228,6 +222,22 @@ async function createHttpResource(
);
}
if (build != "oss") {
const existingLoginPages = await db
.select()
.from(loginPage)
.where(eq(loginPage.fullDomain, fullDomain));
if (existingLoginPages.length > 0) {
return next(
createHttpError(
HttpCode.CONFLICT,
"Login page with that domain already exists"
)
);
}
}
let resource: Resource | undefined;
const niceId = await getUniqueResourceName(orgId);
@@ -285,6 +295,10 @@ async function createHttpResource(
);
}
if (build != "oss") {
await createCertificate(domainId, fullDomain, db);
}
return response<CreateResourceResponse>(res, {
data: resource,
success: true,
@@ -332,7 +346,7 @@ async function createRawResource(
name,
http,
protocol,
proxyPort,
proxyPort
// enableProxy
})
.returning();

2
server/routers/resource/createResourceRule.ts
View File

@@ -18,7 +18,7 @@ import { OpenAPITags, registry } from "@server/openApi";
const createResourceRuleSchema = z
.object({
action: z.enum(["ACCEPT", "DROP", "PASS"]),
match: z.enum(["CIDR", "IP", "PATH"]),
match: z.enum(["CIDR", "IP", "PATH", "GEOIP"]),
value: z.string().min(1),
priority: z.number().int(),
enabled: z.boolean().optional()

2
server/routers/resource/getExchangeToken.ts
View File

@@ -14,7 +14,7 @@ import {
encodeHexLowerCase
} from "@oslojs/encoding";
import { sha256 } from "@oslojs/crypto/sha2";
import { response } from "@server/lib";
import { response } from "@server/lib/response";
const getExchangeTokenParams = z
.object({

50
server/routers/resource/getResourceAuthInfo.ts
View File

@@ -1,17 +1,14 @@
import { Request, Response, NextFunction } from "express";
import { z } from "zod";
import { db } from "@server/db";
import {
resourcePassword,
resourcePincode,
resources
} from "@server/db";
import { resourcePassword, resourcePincode, resources } from "@server/db";
import { eq } from "drizzle-orm";
import response from "@server/lib/response";
import HttpCode from "@server/types/HttpCode";
import createHttpError from "http-errors";
import { fromError } from "zod-validation-error";
import logger from "@server/logger";
import { build } from "@server/build";
const getResourceAuthInfoSchema = z
.object({
@@ -52,19 +49,36 @@ export async function getResourceAuthInfo(
const { resourceGuid } = parsedParams.data;
const [result] = await db
.select()
.from(resources)
.leftJoin(
resourcePincode,
eq(resourcePincode.resourceId, resources.resourceId)
)
.leftJoin(
resourcePassword,
eq(resourcePassword.resourceId, resources.resourceId)
)
.where(eq(resources.resourceGuid, resourceGuid))
.limit(1);
const isGuidInteger = /^\d+$/.test(resourceGuid);
const [result] =
isGuidInteger && build === "saas"
? await db
.select()
.from(resources)
.leftJoin(
resourcePincode,
eq(resourcePincode.resourceId, resources.resourceId)
)
.leftJoin(
resourcePassword,
eq(resourcePassword.resourceId, resources.resourceId)
)
.where(eq(resources.resourceId, Number(resourceGuid)))
.limit(1)
: await db
.select()
.from(resources)
.leftJoin(
resourcePincode,
eq(resourcePincode.resourceId, resources.resourceId)
)
.leftJoin(
resourcePassword,
eq(resourcePassword.resourceId, resources.resourceId)
)
.where(eq(resources.resourceGuid, resourceGuid))
.limit(1);
const resource = result?.resources;
const pincode = result?.resourcePincode;

2
server/routers/resource/setResourcePassword.ts
View File

@@ -7,7 +7,7 @@ import HttpCode from "@server/types/HttpCode";
import createHttpError from "http-errors";
import { fromError } from "zod-validation-error";
import { hash } from "@node-rs/argon2";
import { response } from "@server/lib";
import { response } from "@server/lib/response";
import logger from "@server/logger";
import { hashPassword } from "@server/auth/password";
import { OpenAPITags, registry } from "@server/openApi";

2
server/routers/resource/setResourcePincode.ts
View File

@@ -7,7 +7,7 @@ import HttpCode from "@server/types/HttpCode";
import createHttpError from "http-errors";
import { fromError } from "zod-validation-error";
import { hash } from "@node-rs/argon2";
import { response } from "@server/lib";
import { response } from "@server/lib/response";
import stoi from "@server/lib/stoi";
import logger from "@server/logger";
import { hashPassword } from "@server/auth/password";

42
server/routers/resource/updateResource.ts
View File

@@ -1,6 +1,6 @@
import { Request, Response, NextFunction } from "express";
import { z } from "zod";
import { db } from "@server/db";
import { db, loginPage } from "@server/db";
import {
domains,
Org,
@@ -20,8 +20,10 @@ import { tlsNameSchema } from "@server/lib/schemas";
import { subdomainSchema } from "@server/lib/schemas";
import { registry } from "@server/openApi";
import { OpenAPITags } from "@server/openApi";
import { createCertificate } from "../private/certificates/createCertificate";
import { validateAndConstructDomain } from "@server/lib/domainUtils";
import { validateHeaders } from "@server/lib/validators";
import { build } from "@server/build";
const updateResourceParamsSchema = z
.object({
@@ -47,7 +49,10 @@ const updateHttpResourceBodySchema = z
tlsServerName: z.string().nullable().optional(),
setHostHeader: z.string().nullable().optional(),
skipToIdpId: z.number().int().positive().nullable().optional(),
headers: z.array(z.object({ name: z.string(), value: z.string() })).nullable().optional(),
headers: z
.array(z.object({ name: z.string(), value: z.string() }))
.nullable()
.optional()
})
.strict()
.refine((data) => Object.keys(data).length > 0, {
@@ -234,14 +239,15 @@ async function updateHttpResource(
const domainId = updateData.domainId;
// Validate domain and construct full domain
const domainResult = await validateAndConstructDomain(domainId, resource.orgId, updateData.subdomain);
const domainResult = await validateAndConstructDomain(
domainId,
resource.orgId,
updateData.subdomain
);
if (!domainResult.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
domainResult.error
)
createHttpError(HttpCode.BAD_REQUEST, domainResult.error)
);
}
@@ -266,6 +272,22 @@ async function updateHttpResource(
)
);
}
if (build != "oss") {
const existingLoginPages = await db
.select()
.from(loginPage)
.where(eq(loginPage.fullDomain, fullDomain));
if (existingLoginPages.length > 0) {
return next(
createHttpError(
HttpCode.CONFLICT,
"Login page with that domain already exists"
)
);
}
}
}
// update the full domain if it has changed
@@ -278,6 +300,10 @@ async function updateHttpResource(
// Update the subdomain in the update data
updateData.subdomain = finalSubdomain;
if (build != "oss") {
await createCertificate(domainId, fullDomain, db);
}
}
let headers = null;

2
server/routers/resource/updateResourceRule.ts
View File

@@ -30,7 +30,7 @@ const updateResourceRuleParamsSchema = z
const updateResourceRuleSchema = z
.object({
action: z.enum(["ACCEPT", "DROP", "PASS"]).optional(),
match: z.enum(["CIDR", "IP", "PATH"]).optional(),
match: z.enum(["CIDR", "IP", "PATH", "GEOIP"]).optional(),
value: z.string().min(1).optional(),
priority: z.number().int(),
enabled: z.boolean().optional()