pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-02-21 12:26:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Clean up and copy to getTraefikConfig

Browse Source
This commit is contained in:
Owen
2025-10-06 09:50:18 -07:00
parent 9e8e00d4bb
commit cd285cc019
3 changed files with 101 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

113
server/lib/traefik/getTraefikConfig.ts
View File

@@ -5,77 +5,11 @@ import config from "@server/lib/config";
import { orgs, resources, sites, Target, targets } from "@server/db"; import { orgs, resources, sites, Target, targets } from "@server/db";
import { build } from "@server/build"; import { build } from "@server/build";
import createPathRewriteMiddleware from "./middleware"; import createPathRewriteMiddleware from "./middleware";
import { sanitize, validatePathRewriteConfig } from "./utils";
const redirectHttpsMiddlewareName = "redirect-to-https"; const redirectHttpsMiddlewareName = "redirect-to-https";
const badgerMiddlewareName = "badger"; const badgerMiddlewareName = "badger";
function validatePathRewriteConfig(
path: string | null,
pathMatchType: string | null,
rewritePath: string | null,
rewritePathType: string | null
): { isValid: boolean; error?: string } {
// If no path matching is configured, no rewriting is possible
if (!path || !pathMatchType) {
if (rewritePath || rewritePathType) {
return {
isValid: false,
error: "Path rewriting requires path matching to be configured"
};
}
return { isValid: true };
}
if (rewritePathType !== "stripPrefix") {
if ((rewritePath && !rewritePathType) || (!rewritePath && rewritePathType)) {
return { isValid: false, error: "Both rewritePath and rewritePathType must be specified together" };
}
}
if (!rewritePath || !rewritePathType) {
return { isValid: true };
}
const validPathMatchTypes = ["exact", "prefix", "regex"];
if (!validPathMatchTypes.includes(pathMatchType)) {
return {
isValid: false,
error: `Invalid pathMatchType: ${pathMatchType}. Must be one of: ${validPathMatchTypes.join(", ")}`
};
}
const validRewritePathTypes = ["exact", "prefix", "regex", "stripPrefix"];
if (!validRewritePathTypes.includes(rewritePathType)) {
return {
isValid: false,
error: `Invalid rewritePathType: ${rewritePathType}. Must be one of: ${validRewritePathTypes.join(", ")}`
};
}
if (pathMatchType === "regex") {
try {
new RegExp(path);
} catch (e) {
return {
isValid: false,
error: `Invalid regex pattern in path: ${path}`
};
}
}
// Additional validation for stripPrefix
if (rewritePathType === "stripPrefix") {
if (pathMatchType !== "prefix") {
logger.warn(`stripPrefix rewrite type is most effective with prefix path matching. Current match type: ${pathMatchType}`);
}
}
return { isValid: true };
}
export async function getTraefikConfig( export async function getTraefikConfig(
exitNodeId: number, exitNodeId: number,
siteTypes: string[], siteTypes: string[],
@@ -99,6 +33,7 @@ export async function getTraefikConfig(
.select({ .select({
// Resource fields // Resource fields
resourceId: resources.resourceId, resourceId: resources.resourceId,
resourceName: resources.name,
fullDomain: resources.fullDomain, fullDomain: resources.fullDomain,
ssl: resources.ssl, ssl: resources.ssl,
http: resources.http, http: resources.http,
@@ -159,7 +94,8 @@ export async function getTraefikConfig(
resourcesWithTargetsAndSites.forEach((row) => { resourcesWithTargetsAndSites.forEach((row) => {
const resourceId = row.resourceId; const resourceId = row.resourceId;
const targetPath = sanitizePath(row.path) || ""; // Handle null/undefined paths const resourceName = sanitize(row.resourceName) || "";
const targetPath = sanitize(row.path) || ""; // Handle null/undefined paths
const pathMatchType = row.pathMatchType || ""; const pathMatchType = row.pathMatchType || "";
const rewritePath = row.rewritePath || ""; const rewritePath = row.rewritePath || "";
const rewritePathType = row.rewritePathType || ""; const rewritePathType = row.rewritePathType || "";
@@ -169,8 +105,9 @@ export async function getTraefikConfig(
.filter(Boolean) .filter(Boolean)
.join("-"); .join("-");
const mapKey = [resourceId, pathKey].filter(Boolean).join("-"); const mapKey = [resourceId, pathKey].filter(Boolean).join("-");
const key = sanitize(mapKey);
if (!resourcesMap.has(mapKey)) { if (!resourcesMap.has(key)) {
const validation = validatePathRewriteConfig( const validation = validatePathRewriteConfig(
row.path, row.path,
row.pathMatchType, row.pathMatchType,
@@ -183,8 +120,9 @@ export async function getTraefikConfig(
return; return;
} }
resourcesMap.set(mapKey, { resourcesMap.set(key, {
resourceId: row.resourceId, resourceId: row.resourceId,
name: resourceName,
fullDomain: row.fullDomain, fullDomain: row.fullDomain,
ssl: row.ssl, ssl: row.ssl,
http: row.http, http: row.http,
@@ -207,7 +145,7 @@ export async function getTraefikConfig(
} }
// Add target with its associated site data // Add target with its associated site data
resourcesMap.get(mapKey).targets.push({ resourcesMap.get(key).targets.push({
resourceId: row.resourceId, resourceId: row.resourceId,
targetId: row.targetId, targetId: row.targetId,
ip: row.ip, ip: row.ip,
@@ -248,13 +186,11 @@ export async function getTraefikConfig(
for (const [key, resource] of resourcesMap.entries()) { for (const [key, resource] of resourcesMap.entries()) {
const targets = resource.targets; const targets = resource.targets;
const sanatizedKey = sanitizeForMiddlewareName(key); const routerName = `${key}-${resource.name}-router`;
const serviceName = `${key}-${resource.name}-service`;
const routerName = `${sanatizedKey}-router`;
const serviceName = `${sanatizedKey}-service`;
const fullDomain = `${resource.fullDomain}`; const fullDomain = `${resource.fullDomain}`;
const transportName = `${sanatizedKey}-transport`; const transportName = `${key}-transport`;
const headersMiddlewareName = `${sanatizedKey}-headers-middleware`; const headersMiddlewareName = `${key}-headers-middleware`;
if (!resource.enabled) { if (!resource.enabled) {
continue; continue;
@@ -328,7 +264,7 @@ export async function getTraefikConfig(
resource.rewritePathType) { resource.rewritePathType) {
// Create a unique middleware name // Create a unique middleware name
const rewriteMiddlewareName = `rewrite-r${resource.resourceId}-${sanitizeForMiddlewareName(key)}`; const rewriteMiddlewareName = `rewrite-r${resource.resourceId}-${key}`;
try { try {
const rewriteResult = createPathRewriteMiddleware( const rewriteResult = createPathRewriteMiddleware(
@@ -642,24 +578,3 @@ export async function getTraefikConfig(
} }
return config_output; return config_output;
} }
function sanitizePath(path: string | null | undefined): string | undefined {
if (!path) return undefined;
const trimmed = path.trim();
if (!trimmed) return undefined;
// Preserve path structure for rewriting, only warn if very long
if (trimmed.length > 1000) {
logger.warn(`Path exceeds 1000 characters: ${trimmed.substring(0, 100)}...`);
return trimmed.substring(0, 1000);
}
return trimmed;
}
function sanitizeForMiddlewareName(str: string): string {
// Replace any characters that aren't alphanumeric or dash with dash
// and remove consecutive dashes
return str.replace(/[^a-zA-Z0-9-]/g, '-').replace(/-+/g, '-').replace(/^-|-$/g, '');
}

21
server/lib/traefik/privateGetTraefikConfig.ts
View File

@@ -11,7 +11,6 @@
* This file is not licensed under the AGPLv3. * This file is not licensed under the AGPLv3.
*/ */
import { Request, Response } from "express";
import { import {
certificates, certificates,
db, db,
@@ -26,6 +25,7 @@ import HttpCode from "@server/types/HttpCode";
import config from "@server/lib/config"; import config from "@server/lib/config";
import { orgs, resources, sites, Target, targets } from "@server/db"; import { orgs, resources, sites, Target, targets } from "@server/db";
import { build } from "@server/build"; import { build } from "@server/build";
import { sanitize } from "./utils";
const redirectHttpsMiddlewareName = "redirect-to-https"; const redirectHttpsMiddlewareName = "redirect-to-https";
const redirectToRootMiddlewareName = "redirect-to-root"; const redirectToRootMiddlewareName = "redirect-to-root";
@@ -137,9 +137,10 @@ export async function getTraefikConfig(
// Create a unique key combining resourceId and path+pathMatchType // Create a unique key combining resourceId and path+pathMatchType
const pathKey = [targetPath, pathMatchType].filter(Boolean).join("-"); const pathKey = [targetPath, pathMatchType].filter(Boolean).join("-");
const mapKey = [resourceId, pathKey].filter(Boolean).join("-"); const mapKey = [resourceId, pathKey].filter(Boolean).join("-");
const key = sanitize(mapKey);
if (!resourcesMap.has(mapKey)) { if (!resourcesMap.has(key)) {
resourcesMap.set(mapKey, { resourcesMap.set(key, {
resourceId: row.resourceId, resourceId: row.resourceId,
name: resourceName, name: resourceName,
fullDomain: row.fullDomain, fullDomain: row.fullDomain,
@@ -163,7 +164,7 @@ export async function getTraefikConfig(
} }
// Add target with its associated site data // Add target with its associated site data
resourcesMap.get(mapKey).targets.push({ resourcesMap.get(key).targets.push({
resourceId: row.resourceId, resourceId: row.resourceId,
targetId: row.targetId, targetId: row.targetId,
ip: row.ip, ip: row.ip,
@@ -682,14 +683,4 @@ export async function getTraefikConfig(
} }
return config_output; return config_output;
} }
function sanitize(input: string | null | undefined): string | undefined {
if (!input) return undefined;
// clean any non alphanumeric characters from the input and replace with dashes
// the input cant be too long either, so limit to 50 characters
if (input.length > 50) {
input = input.substring(0, 50);
}
return input.replace(/[^a-zA-Z0-9]/g, "");
}

81
server/lib/traefik/utils.ts Normal file
View File

@@ -0,0 +1,81 @@
import logger from "@server/logger";
export function sanitize(input: string | null | undefined): string | undefined {
if (!input) return undefined;
// clean any non alphanumeric characters from the input and replace with dashes
// the input cant be too long either, so limit to 50 characters
if (input.length > 50) {
input = input.substring(0, 50);
}
return input
.replace(/[^a-zA-Z0-9-]/g, "-")
.replace(/-+/g, "-")
.replace(/^-|-$/g, "");
}
export function validatePathRewriteConfig(
path: string | null,
pathMatchType: string | null,
rewritePath: string | null,
rewritePathType: string | null
): { isValid: boolean; error?: string } {
// If no path matching is configured, no rewriting is possible
if (!path || !pathMatchType) {
if (rewritePath || rewritePathType) {
return {
isValid: false,
error: "Path rewriting requires path matching to be configured"
};
}
return { isValid: true };
}
if (rewritePathType !== "stripPrefix") {
if ((rewritePath && !rewritePathType) || (!rewritePath && rewritePathType)) {
return { isValid: false, error: "Both rewritePath and rewritePathType must be specified together" };
}
}
if (!rewritePath || !rewritePathType) {
return { isValid: true };
}
const validPathMatchTypes = ["exact", "prefix", "regex"];
if (!validPathMatchTypes.includes(pathMatchType)) {
return {
isValid: false,
error: `Invalid pathMatchType: ${pathMatchType}. Must be one of: ${validPathMatchTypes.join(", ")}`
};
}
const validRewritePathTypes = ["exact", "prefix", "regex", "stripPrefix"];
if (!validRewritePathTypes.includes(rewritePathType)) {
return {
isValid: false,
error: `Invalid rewritePathType: ${rewritePathType}. Must be one of: ${validRewritePathTypes.join(", ")}`
};
}
if (pathMatchType === "regex") {
try {
new RegExp(path);
} catch (e) {
return {
isValid: false,
error: `Invalid regex pattern in path: ${path}`
};
}
}
// Additional validation for stripPrefix
if (rewritePathType === "stripPrefix") {
if (pathMatchType !== "prefix") {
logger.warn(`stripPrefix rewrite type is most effective with prefix path matching. Current match type: ${pathMatchType}`);
}
}
return { isValid: true };
}