pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-02-19 03:16:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' of https://github.com/fosrl/pangolin

Browse Source
This commit is contained in:
Owen Schwartz
2024-10-26 12:02:34 -04:00
parent bbf3709974 a601d6b24f
commit c6d4c4db20
33 changed files with 458 additions and 366 deletions
Download Patch File Download Diff File Expand all files Collapse all files

93
server/config.ts
View File

@@ -3,58 +3,57 @@ import { fromError } from "zod-validation-error";
import path from "path";
import fs from "fs";
import yaml from "js-yaml";
import { fileURLToPath } from "url";
import { signup } from "./routers/auth";
export const __FILENAME = fileURLToPath(import.meta.url);
export const __DIRNAME = path.dirname(__FILENAME);
export const APP_PATH = path.join("config");
const portSchema = z.number().positive().gt(0).lte(65535);
const environmentSchema = z.object({
app: z.object({
name: z.string(),
environment: z.enum(["dev", "prod"]),
base_url: z.string().url(),
base_domain: z.string(),
log_level: z.enum(["debug", "info", "warn", "error"]),
save_logs: z.string().transform((val) => val === "true"),
save_logs: z.boolean(),
}),
server: z.object({
external_port: z
.string()
.transform((val) => parseInt(val, 10))
.pipe(z.number()),
internal_port: z
.string()
.transform((val) => parseInt(val, 10))
.pipe(z.number()),
external_port: portSchema,
internal_port: portSchema,
internal_hostname: z.string(),
secure_cookies: z.string().transform((val) => val === "true"),
secure_cookies: z.boolean(),
signup_secret: z.string().optional(),
}),
traefik: z.object({
http_entrypoint: z.string(),
https_entrypoint: z.string().optional(),
cert_resolver: z.string().optional(),
prefer_wildcard_cert: z.boolean().optional(),
}),
rate_limit: z.object({
window_minutes: z
.string()
.transform((val) => parseInt(val, 10))
.pipe(z.number()),
max_requests: z
.string()
.transform((val) => parseInt(val, 10))
.pipe(z.number()),
window_minutes: z.number().positive().gt(0),
max_requests: z.number().positive().gt(0),
}),
email: z
.object({
smtp_host: z.string().optional(),
smtp_port: z
.string()
.optional()
.transform((val) => {
if (val) {
return parseInt(val, 10);
}
return val;
})
.pipe(z.number().optional()),
smtp_port: portSchema.optional(),
smtp_user: z.string().optional(),
smtp_pass: z.string().optional(),
no_reply: z.string().email().optional(),
})
.optional(),
flags: z
.object({
allow_org_subdomain_changing: z.boolean().optional(),
require_email_verification: z.boolean().optional(),
disable_signup_without_invite: z.boolean().optional(),
require_signup_secret: z.boolean().optional(),
})
.optional(),
});
const loadConfig = (configPath: string) => {
@@ -65,7 +64,7 @@ const loadConfig = (configPath: string) => {
} catch (error) {
if (error instanceof Error) {
throw new Error(
`Error loading configuration file: ${error.message}`,
`Error loading configuration file: ${error.message}`
);
}
throw error;
@@ -81,6 +80,30 @@ if (fs.existsSync(configFilePath1)) {
} else if (fs.existsSync(configFilePath2)) {
environment = loadConfig(configFilePath2);
}
if (!environment) {
const exampleConfigPath = path.join(__DIRNAME, "config.example.yml");
if (fs.existsSync(exampleConfigPath)) {
try {
const exampleConfigContent = fs.readFileSync(
exampleConfigPath,
"utf8"
);
fs.writeFileSync(configFilePath1, exampleConfigContent, "utf8");
environment = loadConfig(configFilePath1);
} catch (error) {
if (error instanceof Error) {
throw new Error(
`Error creating configuration file from example: ${error.message}`
);
}
throw error;
}
} else {
throw new Error(
"No configuration file found and no example configuration available"
);
}
}
if (!environment) {
throw new Error("No configuration file found");
@@ -95,12 +118,16 @@ if (!parsedConfig.success) {
process.env.NEXT_PUBLIC_EXTERNAL_API_BASE_URL = new URL(
"/api/v1",
parsedConfig.data.app.base_url,
parsedConfig.data.app.base_url
).href;
process.env.NEXT_PUBLIC_INTERNAL_API_BASE_URL = new URL(
"/api/v1",
`http://${parsedConfig.data.server.internal_hostname}:${parsedConfig.data.server.external_port}`,
`http://${parsedConfig.data.server.internal_hostname}:${parsedConfig.data.server.external_port}`
).href;
process.env.NEXT_PUBLIC_APP_NAME = parsedConfig.data.app.name;
process.env.NEXT_PUBLIC_FLAGS_EMAIL_VERIFICATION_REQUIRED = parsedConfig.data
.flags?.require_email_verification
? "true"
: "false";
export default parsedConfig.data;

38
server/db/names.ts
View File

@@ -1,27 +1,26 @@
import { fileURLToPath } from 'url';
import { dirname, join } from 'path';
import { readFileSync } from 'fs';
import { db } from '@server/db';
import { sites } from './schema';
import { eq, and } from 'drizzle-orm';
// Get the directory name of the current module
const __filename = fileURLToPath(import.meta.url);
const __dirname = dirname(__filename);
import { join } from "path";
import { readFileSync } from "fs";
import { db } from "@server/db";
import { sites } from "./schema";
import { eq, and } from "drizzle-orm";
import { __DIRNAME } from "@server/config";
// Load the names from the names.json file
const file = join(__dirname, 'names.json');
export const names = JSON.parse(readFileSync(file, 'utf-8'));
const file = join(__DIRNAME, "names.json");
export const names = JSON.parse(readFileSync(file, "utf-8"));
export async function getUniqueName(orgId: string): Promise<string> {
let loops = 0;
while (true) {
if (loops > 100) {
throw new Error('Could not generate a unique name');
throw new Error("Could not generate a unique name");
}
const name = generateName();
const count = await db.select({ niceId: sites.niceId, orgId: sites.orgId }).from(sites).where(and(eq(sites.niceId, name), eq(sites.orgId, orgId)));
const count = await db
.select({ niceId: sites.niceId, orgId: sites.orgId })
.from(sites)
.where(and(eq(sites.niceId, name), eq(sites.orgId, orgId)));
if (count.length === 0) {
return name;
}
@@ -31,7 +30,12 @@ export async function getUniqueName(orgId: string): Promise<string> {
export function generateName(): string {
return (
names.descriptors[Math.floor(Math.random() * names.descriptors.length)] + "-" +
names.descriptors[
Math.floor(Math.random() * names.descriptors.length)
] +
"-" +
names.animals[Math.floor(Math.random() * names.animals.length)]
).toLowerCase().replace(/\s/g, '-');
}
)
.toLowerCase()
.replace(/\s/g, "-");
}

4
server/db/schema.ts
View File

@@ -24,7 +24,8 @@ export const sites = sqliteTable("sites", {
});
export const resources = sqliteTable("resources", {
resourceId: text("resourceId", { length: 2048 }).primaryKey(),
resourceId: integer("resourceId").primaryKey({ autoIncrement: true }),
fullDomain: text("fullDomain", { length: 2048 }),
siteId: integer("siteId").references(() => sites.siteId, {
onDelete: "cascade",
}),
@@ -45,6 +46,7 @@ export const targets = sqliteTable("targets", {
port: integer("port").notNull(),
protocol: text("protocol"),
enabled: integer("enabled", { mode: "boolean" }).notNull().default(true),
ssl: integer("ssl", { mode: "boolean" }).notNull().default(false),
});
export const exitNodes = sqliteTable("exitNodes", {

10
server/index.ts
View File

@@ -16,7 +16,7 @@ import cookieParser from "cookie-parser";
import { User } from "@server/db/schema";
import { ensureActions } from "./db/ensureActions";
const dev = config.app.environment !== "prod";
const dev = process.env.ENVIRONMENT !== "prod";
const app = next({ dev });
const handle = app.getRequestHandler();
@@ -39,8 +39,8 @@ app.prepare().then(() => {
if (!dev) {
externalServer.use(
rateLimitMiddleware({
windowMin: 1,
max: 100,
windowMin: config.rate_limit.window_minutes,
max: config.rate_limit.max_requests,
type: "IP_ONLY",
}),
);
@@ -88,7 +88,7 @@ app.prepare().then(() => {
internalServer.use(errorHandlerMiddleware);
});
declare global {
declare global { // TODO: eventually make seperate types that extend express.Request
namespace Express {
interface Request {
user?: User;
@@ -97,4 +97,4 @@ declare global {
userOrgIds?: string[];
}
}
}
}

6
server/middlewares/formatError.ts
View File

@@ -8,10 +8,10 @@ export const errorHandlerMiddleware: ErrorRequestHandler = (
error,
req,
res: Response<ErrorResponse>,
next: NextFunction,
next: NextFunction
) => {
const statusCode = error.statusCode || HttpCode.INTERNAL_SERVER_ERROR;
if (config.app.environment !== "prod") {
if (process.env.ENVIRONMENT !== "prod") {
logger.error(error);
}
res?.status(statusCode).send({
@@ -20,6 +20,6 @@ export const errorHandlerMiddleware: ErrorRequestHandler = (
error: true,
message: error.message || "Internal Server Error",
status: statusCode,
stack: config.app.environment === "prod" ? null : error.stack,
stack: process.env.ENVIRONMENT === "prod" ? null : error.stack,
});
};

12
server/middlewares/verifyUser.ts
View File

@@ -6,11 +6,12 @@ import { users } from "@server/db/schema";
import { eq } from "drizzle-orm";
import createHttpError from "http-errors";
import HttpCode from "@server/types/HttpCode";
import config from "@server/config";
export const verifySessionUserMiddleware = async (
req: any,
res: Response<ErrorResponse>,
next: NextFunction,
next: NextFunction
) => {
const { session, user } = await verifySession(req);
if (!session || !user) {
@@ -24,16 +25,19 @@ export const verifySessionUserMiddleware = async (
if (!existingUser || !existingUser[0]) {
return next(
createHttpError(HttpCode.BAD_REQUEST, "User does not exist"),
createHttpError(HttpCode.BAD_REQUEST, "User does not exist")
);
}
req.user = existingUser[0];
req.session = session;
if (!existingUser[0].emailVerified) {
if (
!existingUser[0].emailVerified &&
config.flags?.require_email_verification
) {
return next(
createHttpError(HttpCode.BAD_REQUEST, "Email is not verified"), // Might need to change the response type?
createHttpError(HttpCode.BAD_REQUEST, "Email is not verified") // Might need to change the response type?
);
}

32
server/routers/auth/login.ts
View File

@@ -15,6 +15,7 @@ import createHttpError from "http-errors";
import { z } from "zod";
import { fromError } from "zod-validation-error";
import { verifyTotpCode } from "@server/auth/2fa";
import config from "@server/config";
export const loginBodySchema = z.object({
email: z.string().email(),
@@ -32,7 +33,7 @@ export type LoginResponse = {
export async function login(
req: Request,
res: Response,
next: NextFunction,
next: NextFunction
): Promise<any> {
const parsedBody = loginBodySchema.safeParse(req.body);
@@ -40,8 +41,8 @@ export async function login(
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedBody.error).toString(),
),
fromError(parsedBody.error).toString()
)
);
}
@@ -67,8 +68,8 @@ export async function login(
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"Username or password is incorrect",
),
"Username or password is incorrect"
)
);
}
@@ -82,14 +83,14 @@ export async function login(
timeCost: 2,
outputLen: 32,
parallelism: 1,
},
}
);
if (!validPassword) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"Username or password is incorrect",
),
"Username or password is incorrect"
)
);
}
@@ -107,15 +108,15 @@ export async function login(
const validOTP = await verifyTotpCode(
code,
existingUser.twoFactorSecret!,
existingUser.userId,
existingUser.userId
);
if (!validOTP) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"The two-factor code you entered is incorrect",
),
"The two-factor code you entered is incorrect"
)
);
}
}
@@ -126,7 +127,10 @@ export async function login(
res.appendHeader("Set-Cookie", cookie);
if (!existingUser.emailVerified) {
if (
!existingUser.emailVerified &&
config.flags?.require_email_verification
) {
return response<LoginResponse>(res, {
data: { emailVerificationRequired: true },
success: true,
@@ -147,8 +151,8 @@ export async function login(
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
"Failed to authenticate user",
),
"Failed to authenticate user"
)
);
}
}

20
server/routers/auth/requestEmailVerificationCode.ts
View File

@@ -4,6 +4,7 @@ import HttpCode from "@server/types/HttpCode";
import { response } from "@server/utils";
import { User } from "@server/db/schema";
import { sendEmailVerificationCode } from "./sendEmailVerificationCode";
import config from "@server/config";
export type RequestEmailVerificationCodeResponse = {
codeSent: boolean;
@@ -12,8 +13,17 @@ export type RequestEmailVerificationCodeResponse = {
export async function requestEmailVerificationCode(
req: Request,
res: Response,
next: NextFunction,
next: NextFunction
): Promise<any> {
if (!config.flags?.require_email_verification) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"Email verification is not enabled"
)
);
}
try {
const user = req.user as User;
@@ -21,8 +31,8 @@ export async function requestEmailVerificationCode(
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"Email is already verified",
),
"Email is already verified"
)
);
}
@@ -41,8 +51,8 @@ export async function requestEmailVerificationCode(
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
"Failed to send email verification code",
),
"Failed to send email verification code"
)
);
}
}

56
server/routers/auth/signup.ts
View File

@@ -19,6 +19,7 @@ import {
serializeSessionCookie,
} from "@server/auth";
import { ActionsEnum } from "@server/auth/actions";
import config from "@server/config";
export const signupBodySchema = z.object({
email: z.string().email(),
@@ -28,13 +29,13 @@ export const signupBodySchema = z.object({
export type SignUpBody = z.infer<typeof signupBodySchema>;
export type SignUpResponse = {
emailVerificationRequired: boolean;
emailVerificationRequired?: boolean;
};
export async function signup(
req: Request,
res: Response,
next: NextFunction,
next: NextFunction
): Promise<any> {
const parsedBody = signupBodySchema.safeParse(req.body);
@@ -42,8 +43,8 @@ export async function signup(
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedBody.error).toString(),
),
fromError(parsedBody.error).toString()
)
);
}
@@ -64,6 +65,15 @@ export async function signup(
.where(eq(users.email, email));
if (existing && existing.length > 0) {
if (!config.flags?.require_email_verification) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"A user with that email address already exists"
)
);
}
const user = existing[0];
// If the user is already verified, we don't want to create a new user
@@ -71,8 +81,8 @@ export async function signup(
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"A user with that email address already exists",
),
"A user with that email address already exists"
)
);
}
@@ -85,8 +95,8 @@ export async function signup(
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"A verification email was already sent to this email address. Please check your email for the verification code.",
),
"A verification email was already sent to this email address. Please check your email for the verification code."
)
);
} else {
// If the user was created more than 2 hours ago, we want to delete the old user and create a new one
@@ -101,7 +111,7 @@ export async function signup(
dateCreated: moment().toISOString(),
});
// give the user their default permissions:
// give the user their default permissions:
// await db.insert(userActions).values({
// userId: userId,
// actionId: ActionsEnum.createOrg,
@@ -113,15 +123,25 @@ export async function signup(
const cookie = serializeSessionCookie(token);
res.appendHeader("Set-Cookie", cookie);
sendEmailVerificationCode(email, userId);
if (config.flags?.require_email_verification) {
sendEmailVerificationCode(email, userId);
return response<SignUpResponse>(res, {
data: {
emailVerificationRequired: true,
},
success: true,
error: false,
message: `User created successfully. We sent an email to ${email} with a verification code.`,
status: HttpCode.OK,
});
}
return response<SignUpResponse>(res, {
data: {
emailVerificationRequired: true,
},
data: {},
success: true,
error: false,
message: `User created successfully. We sent an email to ${email} with a verification code.`,
message: "User created successfully",
status: HttpCode.OK,
});
} catch (e) {
@@ -129,15 +149,15 @@ export async function signup(
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"A user with that email address already exists",
),
"A user with that email address already exists"
)
);
} else {
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
"Failed to create user",
),
"Failed to create user"
)
);
}
}

26
server/routers/auth/verifyEmail.ts
View File

@@ -8,6 +8,7 @@ import { db } from "@server/db";
import { User, emailVerificationCodes, users } from "@server/db/schema";
import { eq } from "drizzle-orm";
import { isWithinExpirationDate } from "oslo";
import config from "@server/config";
export const verifyEmailBody = z.object({
code: z.string(),
@@ -22,16 +23,25 @@ export type VerifyEmailResponse = {
export async function verifyEmail(
req: Request,
res: Response,
next: NextFunction,
next: NextFunction
): Promise<any> {
if (!config.flags?.require_email_verification) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"Email verification is not enabled"
)
);
}
const parsedBody = verifyEmailBody.safeParse(req.body);
if (!parsedBody.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedBody.error).toString(),
),
fromError(parsedBody.error).toString()
)
);
}
@@ -41,7 +51,7 @@ export async function verifyEmail(
if (user.emailVerified) {
return next(
createHttpError(HttpCode.BAD_REQUEST, "Email is already verified"),
createHttpError(HttpCode.BAD_REQUEST, "Email is already verified")
);
}
@@ -63,8 +73,8 @@ export async function verifyEmail(
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"Invalid verification code",
),
"Invalid verification code"
)
);
}
@@ -81,8 +91,8 @@ export async function verifyEmail(
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
"Failed to verify email",
),
"Failed to verify email"
)
);
}
}

82
server/routers/traefik/getTraefikConfig.ts
View File

@@ -2,10 +2,9 @@ import { Request, Response } from "express";
import db from "@server/db";
import * as schema from "@server/db/schema";
import { DynamicTraefikConfig } from "./configSchema";
import { and, like, eq } from "drizzle-orm";
import { and, like, eq, isNotNull } from "drizzle-orm";
import logger from "@server/logger";
import HttpCode from "@server/types/HttpCode";
import env from "@server/config";
import config from "@server/config";
export async function traefikConfigProvider(_: Request, res: Response) {
@@ -22,46 +21,33 @@ export async function traefikConfigProvider(_: Request, res: Response) {
}
export function buildTraefikConfig(
targets: schema.Target[],
targets: schema.Target[]
): DynamicTraefikConfig {
if (!targets.length) {
return { http: {} } as DynamicTraefikConfig;
}
const middlewareName = "badger";
const baseDomain = new URL(config.app.base_url).hostname;
const tls = {
certResolver: config.traefik.cert_resolver,
...(config.traefik.prefer_wildcard_cert
? { domains: [baseDomain, `*.${baseDomain}`] }
: {}),
};
const http: any = {
routers: {
main: {
entryPoints: ["https"],
middlewares: [],
service: "service-main",
rule: "Host(`fossorial.io`)",
tls: {
certResolver: "letsencrypt",
domains: [
{
main: "fossorial.io",
sans: ["*.fossorial.io"],
},
],
},
},
},
services: {
"service-main": {
loadBalancer: {
servers: [
{
url: `http://${config.server.internal_hostname}:${config.server.external_port}`,
},
],
},
},
},
routers: {},
services: {},
middlewares: {
[middlewareName]: {
plugin: {
[middlewareName]: {
apiBaseUrl: new URL(
"/api/v1",
`http://${config.server.internal_hostname}:${config.server.internal_port}`,
`http://${config.server.internal_hostname}:${config.server.internal_port}`
).href,
appBaseUrl: config.app.base_url,
},
@@ -70,23 +56,19 @@ export function buildTraefikConfig(
},
};
for (const target of targets) {
const routerName = `router-${target.targetId}`;
const serviceName = `service-${target.targetId}`;
const routerName = `${target.targetId}-router`;
const serviceName = `${target.targetId}-service`;
http.routers![routerName] = {
entryPoints: ["https"],
entryPoints: [
target.ssl
? config.traefik.https_entrypoint
: config.traefik.http_entrypoint,
],
middlewares: [middlewareName],
service: serviceName,
rule: `Host(\`${target.resourceId}\`)`, // assuming resourceId is a valid full hostname
tls: {
certResolver: "letsencrypt",
domains: [
{
main: "fossorial.io",
sans: ["*.fossorial.io"],
},
],
},
...(target.ssl ? { tls } : {}),
};
http.services![serviceName] = {
@@ -105,11 +87,15 @@ export async function getAllTargets(): Promise<schema.Target[]> {
const all = await db
.select()
.from(schema.targets)
.innerJoin(
schema.resources,
eq(schema.targets.resourceId, schema.resources.resourceId)
)
.where(
and(
eq(schema.targets.enabled, true),
like(schema.targets.resourceId, "%.%"),
),
); // any resourceId with a dot is a valid hostname; otherwise it's a UUID placeholder
return all;
isNotNull(schema.resources.fullDomain)
)
);
return all.map((row) => row.targets);
}