pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-03-08 03:36:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix session test for olm and show proper alert for ee

Browse Source
This commit is contained in:
Owen
2025-12-05 17:18:05 -05:00
parent 4809b64f7d
commit c8ec94c307
8 changed files with 123 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
messages/en-US.json
View File

@@ -2235,7 +2235,6 @@
"endpoint": "Endpoint", "endpoint": "Endpoint",
"Id": "Id", "Id": "Id",
"SecretKey": "Secret Key", "SecretKey": "Secret Key",
"featureDisabledTooltip": "This feature is only available in the enterprise plan and require a license to use it.",
"niceId": "Nice ID", "niceId": "Nice ID",
"niceIdUpdated": "Nice ID Updated", "niceIdUpdated": "Nice ID Updated",
"niceIdUpdatedSuccessfully": "Nice ID Updated Successfully", "niceIdUpdatedSuccessfully": "Nice ID Updated Successfully",

2
server/db/pg/driver.ts
View File

@@ -73,7 +73,7 @@ function createDb() {
return withReplicas( return withReplicas(
DrizzlePostgres(primaryPool, { DrizzlePostgres(primaryPool, {
logger: process.env.QUERY_LOGGING === "true" logger: process.env.QUERY_LOGGING == "true"
}), }),
replicas as any replicas as any
); );

2
server/routers/olm/handleOlmPingMessage.ts
View File

@@ -136,7 +136,7 @@ export const handleOlmPingMessage: MessageHandler = async (context) => {
const policyCheck = await checkOrgAccessPolicy({ const policyCheck = await checkOrgAccessPolicy({
orgId: client.orgId, orgId: client.orgId,
userId: olm.userId, userId: olm.userId,
session: userToken // this is the user token passed in the message sessionId: userToken // this is the user token passed in the message
}); });
if (!policyCheck.allowed) { if (!policyCheck.allowed) {

2
server/routers/olm/handleOlmRegisterMessage.ts
View File

@@ -97,7 +97,7 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => {
const policyCheck = await checkOrgAccessPolicy({ const policyCheck = await checkOrgAccessPolicy({
orgId: orgId, orgId: orgId,
userId: olm.userId, userId: olm.userId,
session: userToken // this is the user token passed in the message sessionId: userToken // this is the user token passed in the message
}); });
if (!policyCheck.allowed) { if (!policyCheck.allowed) {

23
server/routers/siteResource/updateSiteResource.ts
View File

@@ -2,6 +2,7 @@ import { Request, Response, NextFunction } from "express";
import { z } from "zod"; import { z } from "zod";
import { import {
clientSiteResources, clientSiteResources,
clientSiteResourcesAssociationsCache,
db, db,
newts, newts,
roles, roles,
@@ -321,7 +322,6 @@ export async function updateSiteResource(
); );
} }
let oldDestinationStillInUseByASite = false;
// Only update targets on newt if destination changed // Only update targets on newt if destination changed
if (destinationChanged) { if (destinationChanged) {
const oldTargets = generateSubnetProxyTargets( const oldTargets = generateSubnetProxyTargets(
@@ -337,12 +337,28 @@ export async function updateSiteResource(
oldTargets: oldTargets, oldTargets: oldTargets,
newTargets: newTargets newTargets: newTargets
}); });
}
const olmJobs: Promise<void>[] = [];
for (const client of mergedAllClients) {
// does this client have access to another resource on this site that has the same destination still? if so we dont want to remove it from their olm yet
// todo: optimize this query if needed
const oldDestinationStillInUseSites = await trx const oldDestinationStillInUseSites = await trx
.select() .select()
.from(siteResources) .from(siteResources)
.innerJoin(
clientSiteResourcesAssociationsCache,
eq(
clientSiteResourcesAssociationsCache.siteResourceId,
siteResources.siteResourceId
)
)
.where( .where(
and( and(
eq(
clientSiteResourcesAssociationsCache.clientId,
client.clientId
),
eq(siteResources.siteId, site.siteId), eq(siteResources.siteId, site.siteId),
eq( eq(
siteResources.destination, siteResources.destination,
@@ -355,12 +371,9 @@ export async function updateSiteResource(
) )
); );
oldDestinationStillInUseByASite = const oldDestinationStillInUseByASite =
oldDestinationStillInUseSites.length > 0; oldDestinationStillInUseSites.length > 0;
}
const olmJobs: Promise<void>[] = [];
for (const client of mergedAllClients) {
// we also need to update the remote subnets on the olms for each client that has access to this site // we also need to update the remote subnets on the olms for each client that has access to this site
olmJobs.push( olmJobs.push(
updatePeerData( updatePeerData(

80
src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx
View File

@@ -25,7 +25,13 @@ import RegenerateCredentialsModal from "@app/components/RegenerateCredentialsMod
import { useSubscriptionStatusContext } from "@app/hooks/useSubscriptionStatusContext"; import { useSubscriptionStatusContext } from "@app/hooks/useSubscriptionStatusContext";
import { useLicenseStatusContext } from "@app/hooks/useLicenseStatusContext"; import { useLicenseStatusContext } from "@app/hooks/useLicenseStatusContext";
import { build } from "@server/build"; import { build } from "@server/build";
import { Tooltip, TooltipContent, TooltipProvider, TooltipTrigger } from "@app/components/ui/tooltip"; import {
Tooltip,
TooltipContent,
TooltipProvider,
TooltipTrigger
} from "@app/components/ui/tooltip";
import { SecurityFeaturesAlert } from "@app/components/SecurityFeaturesAlert";
export default function CredentialsPage() { export default function CredentialsPage() {
const { env } = useEnvContext(); const { env } = useEnvContext();
@@ -36,7 +42,8 @@ export default function CredentialsPage() {
const { remoteExitNode } = useRemoteExitNodeContext(); const { remoteExitNode } = useRemoteExitNodeContext();
const [modalOpen, setModalOpen] = useState(false); const [modalOpen, setModalOpen] = useState(false);
const [credentials, setCredentials] = useState<PickRemoteExitNodeDefaultsResponse | null>(null); const [credentials, setCredentials] =
useState<PickRemoteExitNodeDefaultsResponse | null>(null);
const { licenseStatus, isUnlocked } = useLicenseStatusContext(); const { licenseStatus, isUnlocked } = useLicenseStatusContext();
const subscription = useSubscriptionStatusContext(); const subscription = useSubscriptionStatusContext();
@@ -48,12 +55,10 @@ export default function CredentialsPage() {
return isEnterpriseNotLicensed || isSaasNotSubscribed; return isEnterpriseNotLicensed || isSaasNotSubscribed;
}; };
const handleConfirmRegenerate = async () => { const handleConfirmRegenerate = async () => {
const response = await api.get<
const response = await api.get<AxiosResponse<PickRemoteExitNodeDefaultsResponse>>( AxiosResponse<PickRemoteExitNodeDefaultsResponse>
`/org/${orgId}/pick-remote-exit-node-defaults` >(`/org/${orgId}/pick-remote-exit-node-defaults`);
);
const data = response.data.data; const data = response.data.data;
setCredentials(data); setCredentials(data);
@@ -62,7 +67,7 @@ export default function CredentialsPage() {
`/re-key/${orgId}/reGenerate-remote-exit-node-secret`, `/re-key/${orgId}/reGenerate-remote-exit-node-secret`,
{ {
remoteExitNodeId: remoteExitNode.remoteExitNodeId, remoteExitNodeId: remoteExitNode.remoteExitNodeId,
secret: data.secret, secret: data.secret
} }
); );
@@ -85,40 +90,29 @@ export default function CredentialsPage() {
}; };
return ( return (
<SettingsContainer> <>
<SettingsSection> <SettingsContainer>
<SettingsSectionHeader> <SettingsSection>
<SettingsSectionTitle> <SettingsSectionHeader>
{t("generatedcredentials")} <SettingsSectionTitle>
</SettingsSectionTitle> {t("generatedcredentials")}
<SettingsSectionDescription> </SettingsSectionTitle>
{t("regenerateCredentials")} <SettingsSectionDescription>
</SettingsSectionDescription> {t("regenerateCredentials")}
</SettingsSectionHeader> </SettingsSectionDescription>
</SettingsSectionHeader>
<SettingsSectionBody> <SettingsSectionBody>
<TooltipProvider> <SecurityFeaturesAlert />
<Tooltip> <Button
<TooltipTrigger asChild> onClick={() => setModalOpen(true)}
<div className="inline-block"> disabled={isSecurityFeatureDisabled()}
<Button >
onClick={() => setModalOpen(true)} {t("regeneratecredentials")}
disabled={isSecurityFeatureDisabled()} </Button>
> </SettingsSectionBody>
{t("regeneratecredentials")} </SettingsSection>
</Button> </SettingsContainer>
</div>
</TooltipTrigger>
{isSecurityFeatureDisabled() && (
<TooltipContent side="top">
{t("featureDisabledTooltip")}
</TooltipContent>
)}
</Tooltip>
</TooltipProvider>
</SettingsSectionBody>
</SettingsSection>
<RegenerateCredentialsModal <RegenerateCredentialsModal
open={modalOpen} open={modalOpen}
@@ -128,6 +122,6 @@ export default function CredentialsPage() {
dashboardUrl={env.app.dashboardUrl} dashboardUrl={env.app.dashboardUrl}
credentials={getCredentials()} credentials={getCredentials()}
/> />
</SettingsContainer> </>
); );
} }

58
src/app/[orgId]/settings/clients/machine/[clientId]/credentials/page.tsx
View File

@@ -1,6 +1,7 @@
"use client"; "use client";
import RegenerateCredentialsModal from "@app/components/RegenerateCredentialsModal"; import RegenerateCredentialsModal from "@app/components/RegenerateCredentialsModal";
import { SecurityFeaturesAlert } from "@app/components/SecurityFeaturesAlert";
import { import {
SettingsContainer, SettingsContainer,
SettingsSection, SettingsSection,
@@ -84,40 +85,29 @@ export default function CredentialsPage() {
}; };
return ( return (
<SettingsContainer> <>
<SettingsSection> <SettingsContainer>
<SettingsSectionHeader> <SettingsSection>
<SettingsSectionTitle> <SettingsSectionHeader>
{t("generatedcredentials")} <SettingsSectionTitle>
</SettingsSectionTitle> {t("generatedcredentials")}
<SettingsSectionDescription> </SettingsSectionTitle>
{t("regenerateCredentials")} <SettingsSectionDescription>
</SettingsSectionDescription> {t("regenerateCredentials")}
</SettingsSectionHeader> </SettingsSectionDescription>
</SettingsSectionHeader>
<SettingsSectionBody> <SettingsSectionBody>
<TooltipProvider> <SecurityFeaturesAlert />
<Tooltip> <Button
<TooltipTrigger asChild> onClick={() => setModalOpen(true)}
<div className="inline-block"> disabled={isSecurityFeatureDisabled()}
<Button >
onClick={() => setModalOpen(true)} {t("regeneratecredentials")}
disabled={isSecurityFeatureDisabled()} </Button>
> </SettingsSectionBody>
{t("regeneratecredentials")} </SettingsSection>
</Button> </SettingsContainer>
</div>
</TooltipTrigger>
{isSecurityFeatureDisabled() && (
<TooltipContent side="top">
{t("featureDisabledTooltip")}
</TooltipContent>
)}
</Tooltip>
</TooltipProvider>
</SettingsSectionBody>
</SettingsSection>
<RegenerateCredentialsModal <RegenerateCredentialsModal
open={modalOpen} open={modalOpen}
@@ -127,6 +117,6 @@ export default function CredentialsPage() {
dashboardUrl={env.app.dashboardUrl} dashboardUrl={env.app.dashboardUrl}
credentials={getCredentials()} credentials={getCredentials()}
/> />
</SettingsContainer> </>
); );
} }

83
src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx
View File

@@ -22,7 +22,13 @@ import RegenerateCredentialsModal from "@app/components/RegenerateCredentialsMod
import { useLicenseStatusContext } from "@app/hooks/useLicenseStatusContext"; import { useLicenseStatusContext } from "@app/hooks/useLicenseStatusContext";
import { useSubscriptionStatusContext } from "@app/hooks/useSubscriptionStatusContext"; import { useSubscriptionStatusContext } from "@app/hooks/useSubscriptionStatusContext";
import { build } from "@server/build"; import { build } from "@server/build";
import { Tooltip, TooltipContent, TooltipProvider, TooltipTrigger } from "@app/components/ui/tooltip"; import {
Tooltip,
TooltipContent,
TooltipProvider,
TooltipTrigger
} from "@app/components/ui/tooltip";
import { SecurityFeaturesAlert } from "@app/components/SecurityFeaturesAlert";
export default function CredentialsPage() { export default function CredentialsPage() {
const { env } = useEnvContext(); const { env } = useEnvContext();
@@ -33,7 +39,8 @@ export default function CredentialsPage() {
const { site } = useSiteContext(); const { site } = useSiteContext();
const [modalOpen, setModalOpen] = useState(false); const [modalOpen, setModalOpen] = useState(false);
const [siteDefaults, setSiteDefaults] = useState<PickSiteDefaultsResponse | null>(null); const [siteDefaults, setSiteDefaults] =
useState<PickSiteDefaultsResponse | null>(null);
const [wgConfig, setWgConfig] = useState(""); const [wgConfig, setWgConfig] = useState("");
const [publicKey, setPublicKey] = useState(""); const [publicKey, setPublicKey] = useState("");
@@ -47,7 +54,6 @@ export default function CredentialsPage() {
return isEnterpriseNotLicensed || isSaasNotSubscribed; return isEnterpriseNotLicensed || isSaasNotSubscribed;
}; };
const hydrateWireGuardConfig = ( const hydrateWireGuardConfig = (
privateKey: string, privateKey: string,
publicKey: string, publicKey: string,
@@ -109,11 +115,14 @@ PersistentKeepalive = 5`;
const data = res.data.data; const data = res.data.data;
setSiteDefaults(data); setSiteDefaults(data);
await api.post(`/re-key/${site?.siteId}/regenerate-site-secret`, { await api.post(
type: "newt", `/re-key/${site?.siteId}/regenerate-site-secret`,
newtId: data.newtId, {
newtSecret: data.newtSecret type: "newt",
}); newtId: data.newtId,
newtSecret: data.newtSecret
}
);
} }
} }
@@ -145,40 +154,30 @@ PersistentKeepalive = 5`;
}; };
return ( return (
<SettingsContainer> <>
<SettingsSection> <SettingsContainer>
<SettingsSectionHeader> <SettingsSection>
<SettingsSectionTitle> <SettingsSectionHeader>
{t("generatedcredentials")} <SettingsSectionTitle>
</SettingsSectionTitle> {t("generatedcredentials")}
<SettingsSectionDescription> </SettingsSectionTitle>
{t("regenerateCredentials")} <SettingsSectionDescription>
</SettingsSectionDescription> {t("regenerateCredentials")}
</SettingsSectionHeader> </SettingsSectionDescription>
</SettingsSectionHeader>
<SettingsSectionBody> <SecurityFeaturesAlert />
<TooltipProvider>
<Tooltip>
<TooltipTrigger asChild>
<div className="inline-block">
<Button
onClick={() => setModalOpen(true)}
disabled={isSecurityFeatureDisabled()}
>
{t("regeneratecredentials")}
</Button>
</div>
</TooltipTrigger>
{isSecurityFeatureDisabled() && ( <SettingsSectionBody>
<TooltipContent side="top"> <Button
{t("featureDisabledTooltip")} onClick={() => setModalOpen(true)}
</TooltipContent> disabled={isSecurityFeatureDisabled()}
)} >
</Tooltip> {t("regeneratecredentials")}
</TooltipProvider> </Button>
</SettingsSectionBody> </SettingsSectionBody>
</SettingsSection> </SettingsSection>
</SettingsContainer>
<RegenerateCredentialsModal <RegenerateCredentialsModal
open={modalOpen} open={modalOpen}
@@ -188,6 +187,6 @@ PersistentKeepalive = 5`;
dashboardUrl={env.app.dashboardUrl} dashboardUrl={env.app.dashboardUrl}
credentials={getCredentials()} credentials={getCredentials()}
/> />
</SettingsContainer> </>
); );
} }