set auth daemon type on resource

2026-02-26 23:06:37 +00:00 · 2026-02-20 17:33:21 -08:00
parent 6442eb12fb
commit d6ba34aeea
33 changed files with 2010 additions and 2800 deletions
--- a/server/routers/siteResource/createSiteResource.ts
+++ b/server/routers/siteResource/createSiteResource.ts
@@ -16,6 +16,8 @@ import {
    isIpInCidr,
    portRangeStringSchema
 } from "@server/lib/ip";
+import { isLicensedOrSubscribed } from "#dynamic/lib/isLicencedOrSubscribed";
+import { tierMatrix } from "@server/lib/billing/tierMatrix";
 import { rebuildClientAssociationsFromSiteResource } from "@server/lib/rebuildClientAssociations";
 import response from "@server/lib/response";
 import logger from "@server/logger";
@@ -53,7 +55,9 @@ const createSiteResourceSchema = z
        clientIds: z.array(z.int()),
        tcpPortRangeString: portRangeStringSchema,
        udpPortRangeString: portRangeStringSchema,
-        disableIcmp: z.boolean().optional()
+        disableIcmp: z.boolean().optional(),
+        authDaemonPort: z.int().positive().optional(),
+        authDaemonMode: z.enum(["site", "remote"]).optional()
    })
    .strict()
    .refine(
@@ -168,7 +172,9 @@ export async function createSiteResource(
            clientIds,
            tcpPortRangeString,
            udpPortRangeString,
-            disableIcmp
+            disableIcmp,
+            authDaemonPort,
+            authDaemonMode
        } = parsedBody.data;

        // Verify the site exists and belongs to the org
@@ -267,6 +273,11 @@ export async function createSiteResource(
            }
        }

+        const isLicensedSshPam = await isLicensedOrSubscribed(
+            orgId,
+            tierMatrix.sshPam
+        );
+
        const niceId = await getUniqueSiteResourceName(orgId);
        let aliasAddress: string | null = null;
        if (mode == "host") {
@@ -277,25 +288,29 @@ export async function createSiteResource(
        let newSiteResource: SiteResource | undefined;
        await db.transaction(async (trx) => {
            // Create the site resource
+            const insertValues: typeof siteResources.$inferInsert = {
+                siteId,
+                niceId,
+                orgId,
+                name,
+                mode: mode as "host" | "cidr",
+                destination,
+                enabled,
+                alias,
+                aliasAddress,
+                tcpPortRangeString,
+                udpPortRangeString,
+                disableIcmp
+            };
+            if (isLicensedSshPam) {
+                if (authDaemonPort !== undefined)
+                    insertValues.authDaemonPort = authDaemonPort;
+                if (authDaemonMode !== undefined)
+                    insertValues.authDaemonMode = authDaemonMode;
+            }
            [newSiteResource] = await trx
                .insert(siteResources)
-                .values({
-                    siteId,
-                    niceId,
-                    orgId,
-                    name,
-                    mode: mode as "host" | "cidr",
-                    // protocol: mode === "port" ? protocol : null,
-                    // proxyPort: mode === "port" ? proxyPort : null,
-                    // destinationPort: mode === "port" ? destinationPort : null,
-                    destination,
-                    enabled,
-                    alias,
-                    aliasAddress,
-                    tcpPortRangeString,
-                    udpPortRangeString,
-                    disableIcmp
-                })
+                .values(insertValues)
                .returning();

            const siteResourceId = newSiteResource.siteResourceId;