Properly generate all wireguard options

2026-03-07 11:16:37 +00:00 · 2024-10-26 16:04:01 -04:00
parent 261b3c7e31
commit d78312fad8
12 changed files with 303 additions and 65 deletions
--- a/server/routers/site/createSite.ts
+++ b/server/routers/site/createSite.ts
@@ -9,7 +9,7 @@ import fetch from 'node-fetch';
 import { ActionsEnum, checkUserActionPermission } from '@server/auth/actions';
 import logger from '@server/logger';
 import { eq, and } from 'drizzle-orm';
-import { getUniqueName } from '@server/db/names';
+import { getUniqueSiteName } from '@server/db/names';

 const API_BASE_URL = "http://localhost:3000";

@@ -20,9 +20,10 @@ const createSiteParamsSchema = z.object({
 // Define Zod schema for request body validation
 const createSiteSchema = z.object({
    name: z.string().min(1).max(255),
+    exitNodeId: z.number().int().positive(),
    subdomain: z.string().min(1).max(255).optional(),
-    pubKey: z.string().optional(),
-    subnet: z.string().optional(),
+    pubKey: z.string(),
+    subnet: z.string(),
 });

 export type CreateSiteResponse = {
@@ -48,7 +49,7 @@ export async function createSite(req: Request, res: Response, next: NextFunction
            );
        }

-        const { name, subdomain, pubKey, subnet } = parsedBody.data;
+        const { name, subdomain, exitNodeId, pubKey, subnet } = parsedBody.data;

        // Validate request params
        const parsedParams = createSiteParamsSchema.safeParse(req.params);
@@ -73,13 +74,12 @@ export async function createSite(req: Request, res: Response, next: NextFunction
            return next(createHttpError(HttpCode.FORBIDDEN, 'User does not have a role'));
        }

-        const niceId = await getUniqueName(orgId);
-
-        // TODO: pick a subnet
+        const niceId = await getUniqueSiteName(orgId);

        // Create new site in the database
        const [newSite] = await db.insert(sites).values({
            orgId,
+            exitNodeId,
            name,
            niceId,
            pubKey,
--- a/server/routers/site/index.ts
+++ b/server/routers/site/index.ts
@@ -3,4 +3,5 @@ export * from "./createSite";
 export * from "./deleteSite";
 export * from "./updateSite";
 export * from "./listSites";
-export * from "./listSiteRoles";
+export * from "./listSiteRoles"
+export * from "./pickSiteDefaults";
--- a/server/routers/site/pickSiteDefaults.ts
+++ b/server/routers/site/pickSiteDefaults.ts
@@ -0,0 +1,105 @@
+import { Request, Response, NextFunction } from "express";
+import { z } from "zod";
+import { db } from "@server/db";
+import { exitNodes, Org, orgs, sites } from "@server/db/schema";
+import { eq } from "drizzle-orm";
+import response from "@server/utils/response";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions";
+import logger from "@server/logger";
+import { findNextAvailableCidr } from "@server/utils/ip";
+
+export type PickSiteDefaultsResponse = {
+    exitNodeId: number;
+    address: string;
+    publicKey: string;
+    name: string;
+    listenPort: number;
+    endpoint: string;
+    subnet: string;
+}
+
+export async function pickSiteDefaults(
+    req: Request,
+    res: Response,
+    next: NextFunction,
+): Promise<any> {
+    try {
+
+        // Check if the user has permission to list sites
+        const hasPermission = await checkUserActionPermission(
+            ActionsEnum.createSite,
+            req,
+        );
+        if (!hasPermission) {
+            return next(
+                createHttpError(
+                    HttpCode.FORBIDDEN,
+                    "User does not have permission to perform this action",
+                ),
+            );
+        }
+
+        // TODO: more intelligent way to pick the exit node
+
+        // make sure there is an exit node by counting the exit nodes table
+        const nodes = await db.select().from(exitNodes);
+        if (nodes.length === 0) {
+            return next(
+                createHttpError(
+                    HttpCode.NOT_FOUND,
+                    "No exit nodes available",
+                ),
+            );
+        }
+
+        // get the first exit node
+        const exitNode = nodes[0];
+
+        // TODO: this probably can be optimized...
+        // list all of the sites on that exit node
+        const sitesQuery = await db.select({
+            subnet: sites.subnet
+        })
+            .from(sites)
+            .where(eq(sites.exitNodeId, exitNode.exitNodeId));
+
+        // TODO: we need to lock this subnet for some time so someone else does not take it
+        const subnets = sitesQuery.map((site) => site.subnet);
+        const newSubnet = findNextAvailableCidr(subnets, 28, exitNode.address);
+        if (!newSubnet) {
+            return next(
+                createHttpError(
+                    HttpCode.INTERNAL_SERVER_ERROR,
+                    "No available subnets",
+                ),
+            );
+        }
+
+        return response<PickSiteDefaultsResponse>(res, {
+            data: {
+                exitNodeId: exitNode.exitNodeId,
+                address: exitNode.address,
+                publicKey: exitNode.publicKey,
+                name: exitNode.name,
+                listenPort: exitNode.listenPort,
+                endpoint: exitNode.endpoint,
+                subnet: newSubnet,
+            },
+            success: true,
+            error: false,
+            message: "Organization retrieved successfully",
+            status: HttpCode.OK,
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(
+                HttpCode.INTERNAL_SERVER_ERROR,
+                "An error occurred...",
+            ),
+        );
+    }
+}
+