pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-03-09 20:26:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

add clients to resource

Browse Source
This commit is contained in:
miloschwartz
2025-11-07 16:30:24 -08:00
parent c813202f92
commit e51fca1f61
19 changed files with 1212 additions and 189 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
messages/en-US.json
View File

@@ -671,7 +671,7 @@
"resourcePincodeSetupTitle": "Set Pincode", "resourcePincodeSetupTitle": "Set Pincode",
"resourcePincodeSetupTitleDescription": "Set a pincode to protect this resource", "resourcePincodeSetupTitleDescription": "Set a pincode to protect this resource",
"resourceRoleDescription": "Admins can always access this resource.", "resourceRoleDescription": "Admins can always access this resource.",
"resourceUsersRoles": "Users & Roles", "resourceUsersRoles": "Access Controls",
"resourceUsersRolesDescription": "Configure which users and roles can visit this resource", "resourceUsersRolesDescription": "Configure which users and roles can visit this resource",
"resourceUsersRolesSubmit": "Save Users & Roles", "resourceUsersRolesSubmit": "Save Users & Roles",
"resourceWhitelistSave": "Saved successfully", "resourceWhitelistSave": "Saved successfully",
@@ -2153,5 +2153,8 @@
"selectedResources": "Selected Resources", "selectedResources": "Selected Resources",
"enableSelected": "Enable Selected", "enableSelected": "Enable Selected",
"disableSelected": "Disable Selected", "disableSelected": "Disable Selected",
"checkSelectedStatus": "Check Status of Selected" "checkSelectedStatus": "Check Status of Selected",
"clients": "Clients",
"accessClientSelect": "Select machine clients",
"resourceClientDescription": "Machine clients that can access this resource"
} }

9
server/db/pg/schema/schema.ts
View File

@@ -213,6 +213,15 @@ export const siteResources = pgTable("siteResources", {
alias: varchar("alias") alias: varchar("alias")
}); });
export const clientSiteResources = pgTable("clientSiteResources", {
clientId: integer("clientId")
.notNull()
.references(() => clients.clientId, { onDelete: "cascade" }),
siteResourceId: integer("siteResourceId")
.notNull()
.references(() => siteResources.siteResourceId, { onDelete: "cascade" })
});
export const roleSiteResources = pgTable("roleSiteResources", { export const roleSiteResources = pgTable("roleSiteResources", {
roleId: integer("roleId") roleId: integer("roleId")
.notNull() .notNull()

13
server/db/sqlite/schema/schema.ts
View File

@@ -228,12 +228,21 @@ export const siteResources = sqliteTable("siteResources", {
mode: text("mode").notNull(), // "host" | "cidr" | "port" mode: text("mode").notNull(), // "host" | "cidr" | "port"
protocol: text("protocol"), // only for port mode protocol: text("protocol"), // only for port mode
proxyPort: integer("proxyPort"), // only for port mode proxyPort: integer("proxyPort"), // only for port mode
destinationPort: integer("destinationPort"), // only for port mode destinationPort: integer("destinationPort"), // only for port mode
destination: text("destination").notNull(), // ip, cidr, hostname destination: text("destination").notNull(), // ip, cidr, hostname
enabled: integer("enabled", { mode: "boolean" }).notNull().default(true), enabled: integer("enabled", { mode: "boolean" }).notNull().default(true),
alias: text("alias") alias: text("alias")
}); });
export const clientSiteResources = sqliteTable("clientSiteResources", {
clientId: integer("clientId")
.notNull()
.references(() => clients.clientId, { onDelete: "cascade" }),
siteResourceId: integer("siteResourceId")
.notNull()
.references(() => siteResources.siteResourceId, { onDelete: "cascade" })
});
export const roleSiteResources = sqliteTable("roleSiteResources", { export const roleSiteResources = sqliteTable("roleSiteResources", {
roleId: integer("roleId") roleId: integer("roleId")
.notNull() .notNull()
@@ -350,7 +359,7 @@ export const clients = sqliteTable("clients", {
type: text("type").notNull(), // "olm" type: text("type").notNull(), // "olm"
online: integer("online", { mode: "boolean" }).notNull().default(false), online: integer("online", { mode: "boolean" }).notNull().default(false),
// endpoint: text("endpoint"), // endpoint: text("endpoint"),
lastHolePunch: integer("lastHolePunch") lastHolePunch: integer("lastHolePunch"),
}); });
export const clientSites = sqliteTable("clientSites", { export const clientSites = sqliteTable("clientSites", {

1
server/middlewares/index.ts
View File

@@ -11,6 +11,7 @@ export * from "./verifyRoleAccess";
export * from "./verifyUserAccess"; export * from "./verifyUserAccess";
export * from "./verifyAdmin"; export * from "./verifyAdmin";
export * from "./verifySetResourceUsers"; export * from "./verifySetResourceUsers";
export * from "./verifySetResourceClients";
export * from "./verifyUserInRole"; export * from "./verifyUserInRole";
export * from "./verifyAccessTokenAccess"; export * from "./verifyAccessTokenAccess";
export * from "./requestTimeout"; export * from "./requestTimeout";

1
server/middlewares/integration/index.ts
View File

@@ -7,6 +7,7 @@ export * from "./verifyApiKeyTargetAccess";
export * from "./verifyApiKeyRoleAccess"; export * from "./verifyApiKeyRoleAccess";
export * from "./verifyApiKeyUserAccess"; export * from "./verifyApiKeyUserAccess";
export * from "./verifyApiKeySetResourceUsers"; export * from "./verifyApiKeySetResourceUsers";
export * from "./verifyApiKeySetResourceClients";
export * from "./verifyAccessTokenAccess"; export * from "./verifyAccessTokenAccess";
export * from "./verifyApiKeyIsRoot"; export * from "./verifyApiKeyIsRoot";
export * from "./verifyApiKeyApiKeyAccess"; export * from "./verifyApiKeyApiKeyAccess";

73
server/middlewares/integration/verifyApiKeySetResourceClients.ts Normal file
View File

@@ -0,0 +1,73 @@
import { Request, Response, NextFunction } from "express";
import { db } from "@server/db";
import { clients } from "@server/db";
import { and, eq, inArray } from "drizzle-orm";
import createHttpError from "http-errors";
import HttpCode from "@server/types/HttpCode";
export async function verifyApiKeySetResourceClients(
req: Request,
res: Response,
next: NextFunction
) {
const apiKey = req.apiKey;
const singleClientId = req.params.clientId || req.body.clientId || req.query.clientId;
const { clientIds } = req.body;
const allClientIds = clientIds || (singleClientId ? [parseInt(singleClientId as string)] : []);
if (!apiKey) {
return next(
createHttpError(HttpCode.UNAUTHORIZED, "Key not authenticated")
);
}
if (apiKey.isRoot) {
// Root keys can access any client in any org
return next();
}
if (!req.apiKeyOrg) {
return next(
createHttpError(
HttpCode.FORBIDDEN,
"Key does not have access to this organization"
)
);
}
if (allClientIds.length === 0) {
return next();
}
try {
const orgId = req.apiKeyOrg.orgId;
const clientsData = await db
.select()
.from(clients)
.where(
and(
inArray(clients.clientId, allClientIds),
eq(clients.orgId, orgId)
)
);
if (clientsData.length !== allClientIds.length) {
return next(
createHttpError(
HttpCode.FORBIDDEN,
"Key does not have access to one or more specified clients"
)
);
}
return next();
} catch (error) {
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
"Error checking if key has access to the specified clients"
)
);
}
}

69
server/middlewares/verifySetResourceClients.ts Normal file
View File

@@ -0,0 +1,69 @@
import { Request, Response, NextFunction } from "express";
import { db } from "@server/db";
import { clients } from "@server/db";
import { and, eq, inArray } from "drizzle-orm";
import createHttpError from "http-errors";
import HttpCode from "@server/types/HttpCode";
export async function verifySetResourceClients(
req: Request,
res: Response,
next: NextFunction
) {
const userId = req.user!.userId;
const singleClientId = req.params.clientId || req.body.clientId || req.query.clientId;
const { clientIds } = req.body;
const allClientIds = clientIds || (singleClientId ? [parseInt(singleClientId as string)] : []);
if (!userId) {
return next(
createHttpError(HttpCode.UNAUTHORIZED, "User not authenticated")
);
}
if (!req.userOrg) {
return next(
createHttpError(
HttpCode.FORBIDDEN,
"User does not have access to this organization"
)
);
}
if (allClientIds.length === 0) {
return next();
}
try {
const orgId = req.userOrg.orgId;
// get all clients for the clientIds
const clientsData = await db
.select()
.from(clients)
.where(
and(
inArray(clients.clientId, allClientIds),
eq(clients.orgId, orgId)
)
);
if (clientsData.length !== allClientIds.length) {
return next(
createHttpError(
HttpCode.FORBIDDEN,
"User does not have access to one or more specified clients"
)
);
}
return next();
} catch (error) {
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
"Error checking if user has access to the specified clients"
)
);
}
}

9
server/routers/client/createUserClient.ts
View File

@@ -182,6 +182,15 @@ export async function createUserClient(
); );
} }
if (existingOlm.userId !== userId) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
`OLM with ID ${olmId} does not belong to user with ID ${userId}`
)
);
}
await db.transaction(async (trx) => { await db.transaction(async (trx) => {
// TODO: more intelligent way to pick the exit node // TODO: more intelligent way to pick the exit node
const exitNodesList = await listExitNodes(orgId); const exitNodesList = await listExitNodes(orgId);

9
server/routers/client/deleteClient.ts
View File

@@ -60,6 +60,15 @@ export async function deleteClient(
); );
} }
if (client.userId) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
`Cannot delete a user client with this endpoint`
)
);
}
await db.transaction(async (trx) => { await db.transaction(async (trx) => {
// Delete the client-site associations first // Delete the client-site associations first
await trx await trx

35
server/routers/external.ts
View File

@@ -29,6 +29,7 @@ import {
verifyTargetAccess, verifyTargetAccess,
verifyRoleAccess, verifyRoleAccess,
verifySetResourceUsers, verifySetResourceUsers,
verifySetResourceClients,
verifyUserAccess, verifyUserAccess,
getUserOrgs, getUserOrgs,
verifyUserIsServerAdmin, verifyUserIsServerAdmin,
@@ -301,6 +302,13 @@ authenticated.get(
siteResource.listSiteResourceUsers siteResource.listSiteResourceUsers
); );
authenticated.get(
"/site-resource/:siteResourceId/clients",
verifySiteResourceAccess,
verifyUserHasAction(ActionsEnum.listResourceUsers),
siteResource.listSiteResourceClients
);
authenticated.post( authenticated.post(
"/site-resource/:siteResourceId/roles", "/site-resource/:siteResourceId/roles",
verifySiteResourceAccess, verifySiteResourceAccess,
@@ -319,6 +327,33 @@ authenticated.post(
siteResource.setSiteResourceUsers, siteResource.setSiteResourceUsers,
); );
authenticated.post(
"/site-resource/:siteResourceId/clients",
verifySiteResourceAccess,
verifySetResourceClients,
verifyUserHasAction(ActionsEnum.setResourceUsers),
logActionAudit(ActionsEnum.setResourceUsers),
siteResource.setSiteResourceClients,
);
authenticated.post(
"/site-resource/:siteResourceId/clients/add",
verifySiteResourceAccess,
verifySetResourceClients,
verifyUserHasAction(ActionsEnum.setResourceUsers),
logActionAudit(ActionsEnum.setResourceUsers),
siteResource.addClientToSiteResource,
);
authenticated.post(
"/site-resource/:siteResourceId/clients/remove",
verifySiteResourceAccess,
verifySetResourceClients,
verifyUserHasAction(ActionsEnum.setResourceUsers),
logActionAudit(ActionsEnum.setResourceUsers),
siteResource.removeClientFromSiteResource,
);
authenticated.put( authenticated.put(
"/org/:orgId/resource", "/org/:orgId/resource",
verifyOrgAccess, verifyOrgAccess,

37
server/routers/integration.ts
View File

@@ -25,7 +25,8 @@ import {
verifyApiKeyIsRoot, verifyApiKeyIsRoot,
verifyApiKeyClientAccess, verifyApiKeyClientAccess,
verifyClientsEnabled, verifyClientsEnabled,
verifyApiKeySiteResourceAccess verifyApiKeySiteResourceAccess,
verifyApiKeySetResourceClients
} from "@server/middlewares"; } from "@server/middlewares";
import HttpCode from "@server/types/HttpCode"; import HttpCode from "@server/types/HttpCode";
import { Router } from "express"; import { Router } from "express";
@@ -211,6 +212,13 @@ authenticated.get(
siteResource.listSiteResourceUsers siteResource.listSiteResourceUsers
); );
authenticated.get(
"/site-resource/:siteResourceId/clients",
verifyApiKeySiteResourceAccess,
verifyApiKeyHasAction(ActionsEnum.listResourceUsers),
siteResource.listSiteResourceClients
);
authenticated.post( authenticated.post(
"/site-resource/:siteResourceId/roles", "/site-resource/:siteResourceId/roles",
verifyApiKeySiteResourceAccess, verifyApiKeySiteResourceAccess,
@@ -265,6 +273,33 @@ authenticated.post(
siteResource.removeUserFromSiteResource siteResource.removeUserFromSiteResource
); );
authenticated.post(
"/site-resource/:siteResourceId/clients",
verifyApiKeySiteResourceAccess,
verifyApiKeySetResourceClients,
verifyApiKeyHasAction(ActionsEnum.setResourceUsers),
logActionAudit(ActionsEnum.setResourceUsers),
siteResource.setSiteResourceClients
);
authenticated.post(
"/site-resource/:siteResourceId/clients/add",
verifyApiKeySiteResourceAccess,
verifyApiKeySetResourceClients,
verifyApiKeyHasAction(ActionsEnum.setResourceUsers),
logActionAudit(ActionsEnum.setResourceUsers),
siteResource.addClientToSiteResource
);
authenticated.post(
"/site-resource/:siteResourceId/clients/remove",
verifyApiKeySiteResourceAccess,
verifyApiKeySetResourceClients,
verifyApiKeyHasAction(ActionsEnum.setResourceUsers),
logActionAudit(ActionsEnum.setResourceUsers),
siteResource.removeClientFromSiteResource
);
authenticated.put( authenticated.put(
"/org/:orgId/resource", "/org/:orgId/resource",
verifyApiKeyOrgAccess, verifyApiKeyOrgAccess,

156
server/routers/siteResource/addClientToSiteResource.ts Normal file
View File

@@ -0,0 +1,156 @@
import { Request, Response, NextFunction } from "express";
import { z } from "zod";
import { db, siteResources, clients, clientSiteResources } from "@server/db";
import response from "@server/lib/response";
import HttpCode from "@server/types/HttpCode";
import createHttpError from "http-errors";
import logger from "@server/logger";
import { fromError } from "zod-validation-error";
import { eq, and } from "drizzle-orm";
import { OpenAPITags, registry } from "@server/openApi";
import { rebuildSiteClientAssociations } from "@server/lib/rebuildSiteClientAssociations";
const addClientToSiteResourceBodySchema = z
.object({
clientId: z.number().int().positive()
})
.strict();
const addClientToSiteResourceParamsSchema = z
.object({
siteResourceId: z
.string()
.transform(Number)
.pipe(z.number().int().positive())
})
.strict();
registry.registerPath({
method: "post",
path: "/site-resource/{siteResourceId}/clients/add",
description: "Add a single client to a site resource. Clients with a userId cannot be added.",
tags: [OpenAPITags.Resource, OpenAPITags.Client],
request: {
params: addClientToSiteResourceParamsSchema,
body: {
content: {
"application/json": {
schema: addClientToSiteResourceBodySchema
}
}
}
},
responses: {}
});
export async function addClientToSiteResource(
req: Request,
res: Response,
next: NextFunction
): Promise<any> {
try {
const parsedBody = addClientToSiteResourceBodySchema.safeParse(req.body);
if (!parsedBody.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedBody.error).toString()
)
);
}
const { clientId } = parsedBody.data;
const parsedParams = addClientToSiteResourceParamsSchema.safeParse(
req.params
);
if (!parsedParams.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedParams.error).toString()
)
);
}
const { siteResourceId } = parsedParams.data;
// get the site resource
const [siteResource] = await db
.select()
.from(siteResources)
.where(eq(siteResources.siteResourceId, siteResourceId))
.limit(1);
if (!siteResource) {
return next(
createHttpError(HttpCode.NOT_FOUND, "Site resource not found")
);
}
// Check if client exists and has a userId
const [client] = await db
.select()
.from(clients)
.where(eq(clients.clientId, clientId))
.limit(1);
if (!client) {
return next(
createHttpError(HttpCode.NOT_FOUND, "Client not found")
);
}
if (client.userId !== null) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"Cannot add clients that are associated with a user"
)
);
}
// Check if client already exists in site resource
const existingEntry = await db
.select()
.from(clientSiteResources)
.where(
and(
eq(clientSiteResources.siteResourceId, siteResourceId),
eq(clientSiteResources.clientId, clientId)
)
);
if (existingEntry.length > 0) {
return next(
createHttpError(
HttpCode.CONFLICT,
"Client already assigned to site resource"
)
);
}
await db.transaction(async (trx) => {
await trx.insert(clientSiteResources).values({
clientId,
siteResourceId
});
await rebuildSiteClientAssociations(siteResource, trx);
});
return response(res, {
data: {},
success: true,
error: false,
message: "Client added to site resource successfully",
status: HttpCode.CREATED
});
} catch (error) {
logger.error(error);
return next(
createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
);
}
}

4
server/routers/siteResource/index.ts
View File

@@ -6,9 +6,13 @@ export * from "./listSiteResources";
export * from "./listAllSiteResourcesByOrg"; export * from "./listAllSiteResourcesByOrg";
export * from "./listSiteResourceRoles"; export * from "./listSiteResourceRoles";
export * from "./listSiteResourceUsers"; export * from "./listSiteResourceUsers";
export * from "./listSiteResourceClients";
export * from "./setSiteResourceRoles"; export * from "./setSiteResourceRoles";
export * from "./setSiteResourceUsers"; export * from "./setSiteResourceUsers";
export * from "./addRoleToSiteResource"; export * from "./addRoleToSiteResource";
export * from "./removeRoleFromSiteResource"; export * from "./removeRoleFromSiteResource";
export * from "./addUserToSiteResource"; export * from "./addUserToSiteResource";
export * from "./removeUserFromSiteResource"; export * from "./removeUserFromSiteResource";
export * from "./setSiteResourceClients";
export * from "./addClientToSiteResource";
export * from "./removeClientFromSiteResource";

85
server/routers/siteResource/listSiteResourceClients.ts Normal file
View File

@@ -0,0 +1,85 @@
import { Request, Response, NextFunction } from "express";
import { z } from "zod";
import { db } from "@server/db";
import { clientSiteResources, clients } from "@server/db";
import { eq } from "drizzle-orm";
import response from "@server/lib/response";
import HttpCode from "@server/types/HttpCode";
import createHttpError from "http-errors";
import logger from "@server/logger";
import { fromError } from "zod-validation-error";
import { OpenAPITags, registry } from "@server/openApi";
const listSiteResourceClientsSchema = z
.object({
siteResourceId: z
.string()
.transform(Number)
.pipe(z.number().int().positive())
})
.strict();
async function queryClients(siteResourceId: number) {
return await db
.select({
clientId: clientSiteResources.clientId,
name: clients.name,
subnet: clients.subnet
})
.from(clientSiteResources)
.innerJoin(clients, eq(clientSiteResources.clientId, clients.clientId))
.where(eq(clientSiteResources.siteResourceId, siteResourceId));
}
export type ListSiteResourceClientsResponse = {
clients: NonNullable<Awaited<ReturnType<typeof queryClients>>>;
};
registry.registerPath({
method: "get",
path: "/site-resource/{siteResourceId}/clients",
description: "List all clients for a site resource.",
tags: [OpenAPITags.Resource, OpenAPITags.Client],
request: {
params: listSiteResourceClientsSchema
},
responses: {}
});
export async function listSiteResourceClients(
req: Request,
res: Response,
next: NextFunction
): Promise<any> {
try {
const parsedParams = listSiteResourceClientsSchema.safeParse(req.params);
if (!parsedParams.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedParams.error).toString()
)
);
}
const { siteResourceId } = parsedParams.data;
const siteResourceClientsList = await queryClients(siteResourceId);
return response<ListSiteResourceClientsResponse>(res, {
data: {
clients: siteResourceClientsList
},
success: true,
error: false,
message: "Site resource clients retrieved successfully",
status: HttpCode.OK
});
} catch (error) {
logger.error(error);
return next(
createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
);
}
}

162
server/routers/siteResource/removeClientFromSiteResource.ts Normal file
View File

@@ -0,0 +1,162 @@
import { Request, Response, NextFunction } from "express";
import { z } from "zod";
import { db, siteResources, clients, clientSiteResources } from "@server/db";
import response from "@server/lib/response";
import HttpCode from "@server/types/HttpCode";
import createHttpError from "http-errors";
import logger from "@server/logger";
import { fromError } from "zod-validation-error";
import { eq, and } from "drizzle-orm";
import { OpenAPITags, registry } from "@server/openApi";
import { rebuildSiteClientAssociations } from "@server/lib/rebuildSiteClientAssociations";
const removeClientFromSiteResourceBodySchema = z
.object({
clientId: z.number().int().positive()
})
.strict();
const removeClientFromSiteResourceParamsSchema = z
.object({
siteResourceId: z
.string()
.transform(Number)
.pipe(z.number().int().positive())
})
.strict();
registry.registerPath({
method: "post",
path: "/site-resource/{siteResourceId}/clients/remove",
description: "Remove a single client from a site resource. Clients with a userId cannot be removed.",
tags: [OpenAPITags.Resource, OpenAPITags.Client],
request: {
params: removeClientFromSiteResourceParamsSchema,
body: {
content: {
"application/json": {
schema: removeClientFromSiteResourceBodySchema
}
}
}
},
responses: {}
});
export async function removeClientFromSiteResource(
req: Request,
res: Response,
next: NextFunction
): Promise<any> {
try {
const parsedBody = removeClientFromSiteResourceBodySchema.safeParse(
req.body
);
if (!parsedBody.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedBody.error).toString()
)
);
}
const { clientId } = parsedBody.data;
const parsedParams = removeClientFromSiteResourceParamsSchema.safeParse(
req.params
);
if (!parsedParams.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedParams.error).toString()
)
);
}
const { siteResourceId } = parsedParams.data;
// get the site resource
const [siteResource] = await db
.select()
.from(siteResources)
.where(eq(siteResources.siteResourceId, siteResourceId))
.limit(1);
if (!siteResource) {
return next(
createHttpError(HttpCode.NOT_FOUND, "Site resource not found")
);
}
// Check if client exists and has a userId
const [client] = await db
.select()
.from(clients)
.where(eq(clients.clientId, clientId))
.limit(1);
if (!client) {
return next(
createHttpError(HttpCode.NOT_FOUND, "Client not found")
);
}
if (client.userId !== null) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"Cannot remove clients that are associated with a user"
)
);
}
// Check if client exists in site resource
const existingEntry = await db
.select()
.from(clientSiteResources)
.where(
and(
eq(clientSiteResources.siteResourceId, siteResourceId),
eq(clientSiteResources.clientId, clientId)
)
);
if (existingEntry.length === 0) {
return next(
createHttpError(
HttpCode.NOT_FOUND,
"Client not found in site resource"
)
);
}
await db.transaction(async (trx) => {
await trx
.delete(clientSiteResources)
.where(
and(
eq(clientSiteResources.siteResourceId, siteResourceId),
eq(clientSiteResources.clientId, clientId)
)
);
await rebuildSiteClientAssociations(siteResource, trx);
});
return response(res, {
data: {},
success: true,
error: false,
message: "Client removed from site resource successfully",
status: HttpCode.OK
});
} catch (error) {
logger.error(error);
return next(
createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
);
}
}

149
server/routers/siteResource/setSiteResourceClients.ts Normal file
View File

@@ -0,0 +1,149 @@
import { Request, Response, NextFunction } from "express";
import { z } from "zod";
import { db, siteResources, clients, clientSiteResources } from "@server/db";
import response from "@server/lib/response";
import HttpCode from "@server/types/HttpCode";
import createHttpError from "http-errors";
import logger from "@server/logger";
import { fromError } from "zod-validation-error";
import { eq, inArray } from "drizzle-orm";
import { OpenAPITags, registry } from "@server/openApi";
import { rebuildSiteClientAssociations } from "@server/lib/rebuildSiteClientAssociations";
const setSiteResourceClientsBodySchema = z
.object({
clientIds: z.array(z.number().int().positive())
})
.strict();
const setSiteResourceClientsParamsSchema = z
.object({
siteResourceId: z
.string()
.transform(Number)
.pipe(z.number().int().positive())
})
.strict();
registry.registerPath({
method: "post",
path: "/site-resource/{siteResourceId}/clients",
description:
"Set clients for a site resource. This will replace all existing clients. Clients with a userId cannot be added.",
tags: [OpenAPITags.Resource, OpenAPITags.Client],
request: {
params: setSiteResourceClientsParamsSchema,
body: {
content: {
"application/json": {
schema: setSiteResourceClientsBodySchema
}
}
}
},
responses: {}
});
export async function setSiteResourceClients(
req: Request,
res: Response,
next: NextFunction
): Promise<any> {
try {
const parsedBody = setSiteResourceClientsBodySchema.safeParse(req.body);
if (!parsedBody.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedBody.error).toString()
)
);
}
const { clientIds } = parsedBody.data;
const parsedParams = setSiteResourceClientsParamsSchema.safeParse(req.params);
if (!parsedParams.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedParams.error).toString()
)
);
}
const { siteResourceId } = parsedParams.data;
// get the site resource
const [siteResource] = await db
.select()
.from(siteResources)
.where(eq(siteResources.siteResourceId, siteResourceId))
.limit(1);
if (!siteResource) {
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
"Site resource not found"
)
);
}
// Check if any clients have a userId (associated with a user)
if (clientIds.length > 0) {
const clientsWithUsers = await db
.select()
.from(clients)
.where(
inArray(clients.clientId, clientIds)
);
const clientsWithUserId = clientsWithUsers.filter(
(client) => client.userId !== null
);
if (clientsWithUserId.length > 0) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"Cannot add clients that are associated with a user"
)
);
}
}
await db.transaction(async (trx) => {
await trx
.delete(clientSiteResources)
.where(eq(clientSiteResources.siteResourceId, siteResourceId));
if (clientIds.length > 0) {
await Promise.all(
clientIds.map((clientId) =>
trx
.insert(clientSiteResources)
.values({ clientId, siteResourceId })
.returning()
)
);
}
await rebuildSiteClientAssociations(siteResource, trx);
});
return response(res, {
data: {},
success: true,
error: false,
message: "Clients set for site resource successfully",
status: HttpCode.CREATED
});
} catch (error) {
logger.error(error);
return next(
createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
);
}
}

399
src/components/ClientsTable.tsx
View File

@@ -36,7 +36,7 @@ import {
} from "lucide-react"; } from "lucide-react";
import Link from "next/link"; import Link from "next/link";
import { useRouter, useSearchParams } from "next/navigation"; import { useRouter, useSearchParams } from "next/navigation";
import { useState, useEffect } from "react"; import { useState, useEffect, useMemo } from "react";
import ConfirmDeleteDialog from "@app/components/ConfirmDeleteDialog"; import ConfirmDeleteDialog from "@app/components/ConfirmDeleteDialog";
import { toast } from "@app/hooks/useToast"; import { toast } from "@app/hooks/useToast";
import { formatAxiosError } from "@app/lib/api"; import { formatAxiosError } from "@app/lib/api";
@@ -214,12 +214,20 @@ export default function ClientsTable({
userId: false userId: false
}; };
const [userColumnVisibility, setUserColumnVisibility] = useState<VisibilityState>( const [userColumnVisibility, setUserColumnVisibility] =
() => getStoredColumnVisibility("user-clients", defaultUserColumnVisibility) useState<VisibilityState>(() =>
); getStoredColumnVisibility(
const [machineColumnVisibility, setMachineColumnVisibility] = useState<VisibilityState>( "user-clients",
() => getStoredColumnVisibility("machine-clients", defaultMachineColumnVisibility) defaultUserColumnVisibility
); )
);
const [machineColumnVisibility, setMachineColumnVisibility] =
useState<VisibilityState>(() =>
getStoredColumnVisibility(
"machine-clients",
defaultMachineColumnVisibility
)
);
const currentView = searchParams.get("view") || defaultView; const currentView = searchParams.get("view") || defaultView;
@@ -276,9 +284,7 @@ export default function ClientsTable({
placeholder={t("resourcesSearch")} placeholder={t("resourcesSearch")}
value={machineGlobalFilter ?? ""} value={machineGlobalFilter ?? ""}
onChange={(e) => onChange={(e) =>
machineTable.setGlobalFilter( machineTable.setGlobalFilter(String(e.target.value))
String(e.target.value)
)
} }
className="w-full pl-8" className="w-full pl-8"
/> />
@@ -318,8 +324,14 @@ export default function ClientsTable({
return null; return null;
}; };
// Check if there are any rows without userIds in the current view's data
const hasRowsWithoutUserId = useMemo(() => {
const currentData = currentView === "machine" ? machineClients : userClients;
return currentData?.some((client) => !client.userId) ?? false;
}, [currentView, machineClients, userClients]);
const columns: ColumnDef<ClientRow>[] = [ const columns: ColumnDef<ClientRow>[] = useMemo(() => {
const baseColumns: ColumnDef<ClientRow>[] = [
{ {
accessorKey: "name", accessorKey: "name",
header: ({ column }) => { header: ({ column }) => {
@@ -513,52 +525,59 @@ export default function ClientsTable({
); );
} }
}, },
{ ];
id: "actions",
header: () => (<span className="p-3">{t("actions")}</span>), // Only include actions column if there are rows without userIds
cell: ({ row }) => { if (hasRowsWithoutUserId) {
const clientRow = row.original; baseColumns.push({
return ( id: "actions",
<div className="flex items-center"> header: () => <span className="p-3">{t("actions")}</span>,
<Link cell: ({ row }) => {
href={`/${clientRow.orgId}/settings/clients/${clientRow.id}`} const clientRow = row.original;
> return !clientRow.userId ? (
<Button variant={"outline"}> <div className="flex items-center">
Edit <Link
<ArrowRight className="ml-2 w-4 h-4" /> href={`/${clientRow.orgId}/settings/clients/${clientRow.id}`}
</Button> >
</Link> <Button variant={"outline"}>
<DropdownMenu> Edit
<DropdownMenuTrigger asChild> <ArrowRight className="ml-2 w-4 h-4" />
<Button variant="ghost" className="h-8 w-8 p-0">
<span className="sr-only">Open menu</span>
<MoreHorizontal className="h-4 w-4" />
</Button> </Button>
</DropdownMenuTrigger> </Link>
<DropdownMenuContent align="end"> <DropdownMenu>
{/* <Link */} <DropdownMenuTrigger asChild>
{/* className="block w-full" */} <Button variant="ghost" className="h-8 w-8 p-0">
{/* href={`/${clientRow.orgId}/settings/sites/${clientRow.nice}`} */} <span className="sr-only">Open menu</span>
{/* > */} <MoreHorizontal className="h-4 w-4" />
{/* <DropdownMenuItem> */} </Button>
{/* View settings */} </DropdownMenuTrigger>
{/* </DropdownMenuItem> */} <DropdownMenuContent align="end">
{/* </Link> */} {/* <Link */}
<DropdownMenuItem {/* className="block w-full" */}
onClick={() => { {/* href={`/${clientRow.orgId}/settings/sites/${clientRow.nice}`} */}
setSelectedClient(clientRow); {/* > */}
setIsDeleteModalOpen(true); {/* <DropdownMenuItem> */}
}} {/* View settings */}
> {/* </DropdownMenuItem> */}
<span className="text-red-500">Delete</span> {/* </Link> */}
</DropdownMenuItem> <DropdownMenuItem
</DropdownMenuContent> onClick={() => {
</DropdownMenu> setSelectedClient(clientRow);
</div> setIsDeleteModalOpen(true);
); }}
} >
<span className="text-red-500">Delete</span>
</DropdownMenuItem>
</DropdownMenuContent>
</DropdownMenu>
</div>
) : null;
}
});
} }
];
return baseColumns;
}, [hasRowsWithoutUserId, t]);
const userTable = useReactTable({ const userTable = useReactTable({
data: userClients || [], data: userClients || [],
@@ -674,80 +693,122 @@ export default function ClientsTable({
</TabsList> </TabsList>
</div> </div>
<div className="flex items-center gap-2 sm:justify-end"> <div className="flex items-center gap-2 sm:justify-end">
{currentView === "user" && userTable.getAllColumns().some((column) => column.getCanHide()) && ( {currentView === "user" &&
<DropdownMenu> userTable
<DropdownMenuTrigger asChild> .getAllColumns()
<Button variant="outline"> .some((column) =>
<Columns className="mr-0 sm:mr-2 h-4 w-4" /> column.getCanHide()
<span className="hidden sm:inline"> ) && (
{t("columns") || "Columns"} <DropdownMenu>
</span> <DropdownMenuTrigger asChild>
</Button> <Button variant="outline">
</DropdownMenuTrigger> <Columns className="mr-0 sm:mr-2 h-4 w-4" />
<DropdownMenuContent align="end" className="w-48"> <span className="hidden sm:inline">
<DropdownMenuLabel> {t("columns") ||
{t("toggleColumns") || "Toggle columns"} "Columns"}
</DropdownMenuLabel> </span>
<DropdownMenuSeparator /> </Button>
{userTable </DropdownMenuTrigger>
.getAllColumns() <DropdownMenuContent
.filter((column) => column.getCanHide()) align="end"
.map((column) => { className="w-48"
return ( >
<DropdownMenuCheckboxItem <DropdownMenuLabel>
key={column.id} {t("toggleColumns") ||
className="capitalize" "Toggle columns"}
checked={column.getIsVisible()} </DropdownMenuLabel>
onCheckedChange={(value) => <DropdownMenuSeparator />
column.toggleVisibility(!!value) {userTable
} .getAllColumns()
> .filter((column) =>
{typeof column.columnDef.header === "string" column.getCanHide()
? column.columnDef.header )
: column.id} .map((column) => {
</DropdownMenuCheckboxItem> return (
); <DropdownMenuCheckboxItem
})} key={column.id}
</DropdownMenuContent> className="capitalize"
</DropdownMenu> checked={column.getIsVisible()}
)} onCheckedChange={(
{currentView === "machine" && machineTable.getAllColumns().some((column) => column.getCanHide()) && ( value
<DropdownMenu> ) =>
<DropdownMenuTrigger asChild> column.toggleVisibility(
<Button variant="outline"> !!value
<Columns className="mr-0 sm:mr-2 h-4 w-4" /> )
<span className="hidden sm:inline"> }
{t("columns") || "Columns"} >
</span> {typeof column
</Button> .columnDef
</DropdownMenuTrigger> .header ===
<DropdownMenuContent align="end" className="w-48"> "string"
<DropdownMenuLabel> ? column
{t("toggleColumns") || "Toggle columns"} .columnDef
</DropdownMenuLabel> .header
<DropdownMenuSeparator /> : column.id}
{machineTable </DropdownMenuCheckboxItem>
.getAllColumns() );
.filter((column) => column.getCanHide()) })}
.map((column) => { </DropdownMenuContent>
return ( </DropdownMenu>
<DropdownMenuCheckboxItem )}
key={column.id} {currentView === "machine" &&
className="capitalize" machineTable
checked={column.getIsVisible()} .getAllColumns()
onCheckedChange={(value) => .some((column) =>
column.toggleVisibility(!!value) column.getCanHide()
} ) && (
> <DropdownMenu>
{typeof column.columnDef.header === "string" <DropdownMenuTrigger asChild>
? column.columnDef.header <Button variant="outline">
: column.id} <Columns className="mr-0 sm:mr-2 h-4 w-4" />
</DropdownMenuCheckboxItem> <span className="hidden sm:inline">
); {t("columns") ||
})} "Columns"}
</DropdownMenuContent> </span>
</DropdownMenu> </Button>
)} </DropdownMenuTrigger>
<DropdownMenuContent
align="end"
className="w-48"
>
<DropdownMenuLabel>
{t("toggleColumns") ||
"Toggle columns"}
</DropdownMenuLabel>
<DropdownMenuSeparator />
{machineTable
.getAllColumns()
.filter((column) =>
column.getCanHide()
)
.map((column) => {
return (
<DropdownMenuCheckboxItem
key={column.id}
className="capitalize"
checked={column.getIsVisible()}
onCheckedChange={(
value
) =>
column.toggleVisibility(
!!value
)
}
>
{typeof column
.columnDef
.header ===
"string"
? column
.columnDef
.header
: column.id}
</DropdownMenuCheckboxItem>
);
})}
</DropdownMenuContent>
</DropdownMenu>
)}
<div> <div>
<Button <Button
variant="outline" variant="outline"
@@ -774,24 +835,24 @@ export default function ClientsTable({
.map((headerGroup) => ( .map((headerGroup) => (
<TableRow key={headerGroup.id}> <TableRow key={headerGroup.id}>
{headerGroup.headers {headerGroup.headers
.filter((header) => header.column.getIsVisible()) .filter((header) =>
.map( header.column.getIsVisible()
(header) => ( )
<TableHead .map((header) => (
key={header.id} <TableHead
> key={header.id}
{header.isPlaceholder >
? null {header.isPlaceholder
: flexRender( ? null
header : flexRender(
.column header
.columnDef .column
.header, .columnDef
header.getContext() .header,
)} header.getContext()
</TableHead> )}
) </TableHead>
)} ))}
</TableRow> </TableRow>
))} ))}
</TableHeader> </TableHeader>
@@ -830,9 +891,7 @@ export default function ClientsTable({
) : ( ) : (
<TableRow> <TableRow>
<TableCell <TableCell
colSpan={ colSpan={columns.length}
columns.length
}
className="h-24 text-center" className="h-24 text-center"
> >
{t("noResults")} {t("noResults")}
@@ -858,24 +917,24 @@ export default function ClientsTable({
.map((headerGroup) => ( .map((headerGroup) => (
<TableRow key={headerGroup.id}> <TableRow key={headerGroup.id}>
{headerGroup.headers {headerGroup.headers
.filter((header) => header.column.getIsVisible()) .filter((header) =>
.map( header.column.getIsVisible()
(header) => ( )
<TableHead .map((header) => (
key={header.id} <TableHead
> key={header.id}
{header.isPlaceholder >
? null {header.isPlaceholder
: flexRender( ? null
header : flexRender(
.column header
.columnDef .column
.header, .columnDef
header.getContext() .header,
)} header.getContext()
</TableHead> )}
) </TableHead>
)} ))}
</TableRow> </TableRow>
))} ))}
</TableHeader> </TableHeader>
@@ -914,9 +973,7 @@ export default function ClientsTable({
) : ( ) : (
<TableRow> <TableRow>
<TableCell <TableCell
colSpan={ colSpan={columns.length}
columns.length
}
className="h-24 text-center" className="h-24 text-center"
> >
{t("noResults")} {t("noResults")}

79
src/components/CreateInternalResourceDialog.tsx
View File

@@ -53,6 +53,7 @@ import { useEnvContext } from "@app/hooks/useEnvContext";
import { ListSitesResponse } from "@server/routers/site"; import { ListSitesResponse } from "@server/routers/site";
import { ListRolesResponse } from "@server/routers/role"; import { ListRolesResponse } from "@server/routers/role";
import { ListUsersResponse } from "@server/routers/user"; import { ListUsersResponse } from "@server/routers/user";
import { ListClientsResponse } from "@server/routers/client/listClients";
import { cn } from "@app/lib/cn"; import { cn } from "@app/lib/cn";
import { Tag, TagInput } from "@app/components/tags/tag-input"; import { Tag, TagInput } from "@app/components/tags/tag-input";
import { Separator } from "@app/components/ui/separator"; import { Separator } from "@app/components/ui/separator";
@@ -115,6 +116,12 @@ export default function CreateInternalResourceDialog({
id: z.string(), id: z.string(),
text: z.string() text: z.string()
}) })
).optional(),
clients: z.array(
z.object({
id: z.string(),
text: z.string()
})
).optional() ).optional()
}) })
.refine( .refine(
@@ -158,8 +165,11 @@ export default function CreateInternalResourceDialog({
const [allRoles, setAllRoles] = useState<{ id: string; text: string }[]>([]); const [allRoles, setAllRoles] = useState<{ id: string; text: string }[]>([]);
const [allUsers, setAllUsers] = useState<{ id: string; text: string }[]>([]); const [allUsers, setAllUsers] = useState<{ id: string; text: string }[]>([]);
const [allClients, setAllClients] = useState<{ id: string; text: string }[]>([]);
const [activeRolesTagIndex, setActiveRolesTagIndex] = useState<number | null>(null); const [activeRolesTagIndex, setActiveRolesTagIndex] = useState<number | null>(null);
const [activeUsersTagIndex, setActiveUsersTagIndex] = useState<number | null>(null); const [activeUsersTagIndex, setActiveUsersTagIndex] = useState<number | null>(null);
const [activeClientsTagIndex, setActiveClientsTagIndex] = useState<number | null>(null);
const [hasMachineClients, setHasMachineClients] = useState(false);
const availableSites = sites.filter( const availableSites = sites.filter(
(site) => site.type === "newt" && site.subnet (site) => site.type === "newt" && site.subnet
@@ -177,7 +187,8 @@ export default function CreateInternalResourceDialog({
destinationPort: undefined, destinationPort: undefined,
alias: "", alias: "",
roles: [], roles: [],
users: [] users: [],
clients: []
} }
}); });
@@ -195,17 +206,19 @@ export default function CreateInternalResourceDialog({
destinationPort: undefined, destinationPort: undefined,
alias: "", alias: "",
roles: [], roles: [],
users: [] users: [],
clients: []
}); });
} }
}, [open]); }, [open]);
useEffect(() => { useEffect(() => {
const fetchRolesAndUsers = async () => { const fetchRolesUsersAndClients = async () => {
try { try {
const [rolesResponse, usersResponse] = await Promise.all([ const [rolesResponse, usersResponse, clientsResponse] = await Promise.all([
api.get<AxiosResponse<ListRolesResponse>>(`/org/${orgId}/roles`), api.get<AxiosResponse<ListRolesResponse>>(`/org/${orgId}/roles`),
api.get<AxiosResponse<ListUsersResponse>>(`/org/${orgId}/users`) api.get<AxiosResponse<ListUsersResponse>>(`/org/${orgId}/users`),
api.get<AxiosResponse<ListClientsResponse>>(`/org/${orgId}/clients?filter=machine&limit=1000`)
]); ]);
setAllRoles( setAllRoles(
@@ -223,13 +236,23 @@ export default function CreateInternalResourceDialog({
text: `${user.email || user.username}${user.type !== UserType.Internal ? ` (${user.idpName})` : ""}` text: `${user.email || user.username}${user.type !== UserType.Internal ? ` (${user.idpName})` : ""}`
})) }))
); );
const machineClients = clientsResponse.data.data.clients
.filter((client) => !client.userId)
.map((client) => ({
id: client.clientId.toString(),
text: client.name
}));
setAllClients(machineClients);
setHasMachineClients(machineClients.length > 0);
} catch (error) { } catch (error) {
console.error("Error fetching roles and users:", error); console.error("Error fetching roles, users, and clients:", error);
} }
}; };
if (open) { if (open) {
fetchRolesAndUsers(); fetchRolesUsersAndClients();
} }
}, [open, orgId]); }, [open, orgId]);
@@ -265,6 +288,12 @@ export default function CreateInternalResourceDialog({
}); });
} }
if (data.clients && data.clients.length > 0) {
await api.post(`/site-resource/${siteResourceId}/clients`, {
clientIds: data.clients.map((c) => parseInt(c.id))
});
}
toast({ toast({
title: t("createInternalResourceDialogSuccess"), title: t("createInternalResourceDialogSuccess"),
description: t("createInternalResourceDialogInternalResourceCreatedSuccessfully"), description: t("createInternalResourceDialogInternalResourceCreatedSuccessfully"),
@@ -641,6 +670,42 @@ export default function CreateInternalResourceDialog({
</FormItem> </FormItem>
)} )}
/> />
{hasMachineClients && (
<FormField
control={form.control}
name="clients"
render={({ field }) => (
<FormItem className="flex flex-col items-start">
<FormLabel>{t("clients")}</FormLabel>
<FormControl>
<TagInput
{...field}
activeTagIndex={activeClientsTagIndex}
setActiveTagIndex={setActiveClientsTagIndex}
placeholder={t("accessClientSelect") || "Select machine clients"}
size="sm"
tags={form.getValues().clients || []}
setTags={(newClients) => {
form.setValue(
"clients",
newClients as [Tag, ...Tag[]]
);
}}
enableAutocomplete={true}
autocompleteOptions={allClients}
allowDuplicates={false}
restrictTagsToAutocompleteOptions={true}
sortTags={true}
/>
</FormControl>
<FormMessage />
<FormDescription>
{t("resourceClientDescription") || "Machine clients that can access this resource"}
</FormDescription>
</FormItem>
)}
/>
)}
</div> </div>
</div> </div>
</form> </form>

104
src/components/EditInternalResourceDialog.tsx
View File

@@ -41,6 +41,8 @@ import { ListRolesResponse } from "@server/routers/role";
import { ListUsersResponse } from "@server/routers/user"; import { ListUsersResponse } from "@server/routers/user";
import { ListSiteResourceRolesResponse } from "@server/routers/siteResource/listSiteResourceRoles"; import { ListSiteResourceRolesResponse } from "@server/routers/siteResource/listSiteResourceRoles";
import { ListSiteResourceUsersResponse } from "@server/routers/siteResource/listSiteResourceUsers"; import { ListSiteResourceUsersResponse } from "@server/routers/siteResource/listSiteResourceUsers";
import { ListSiteResourceClientsResponse } from "@server/routers/siteResource/listSiteResourceClients";
import { ListClientsResponse } from "@server/routers/client/listClients";
import { Tag, TagInput } from "@app/components/tags/tag-input"; import { Tag, TagInput } from "@app/components/tags/tag-input";
import { AxiosResponse } from "axios"; import { AxiosResponse } from "axios";
import { UserType } from "@server/types/UserTypes"; import { UserType } from "@server/types/UserTypes";
@@ -97,6 +99,12 @@ export default function EditInternalResourceDialog({
id: z.string(), id: z.string(),
text: z.string() text: z.string()
}) })
).optional(),
clients: z.array(
z.object({
id: z.string(),
text: z.string()
})
).optional() ).optional()
}) })
.refine( .refine(
@@ -140,9 +148,12 @@ export default function EditInternalResourceDialog({
const [allRoles, setAllRoles] = useState<{ id: string; text: string }[]>([]); const [allRoles, setAllRoles] = useState<{ id: string; text: string }[]>([]);
const [allUsers, setAllUsers] = useState<{ id: string; text: string }[]>([]); const [allUsers, setAllUsers] = useState<{ id: string; text: string }[]>([]);
const [allClients, setAllClients] = useState<{ id: string; text: string }[]>([]);
const [activeRolesTagIndex, setActiveRolesTagIndex] = useState<number | null>(null); const [activeRolesTagIndex, setActiveRolesTagIndex] = useState<number | null>(null);
const [activeUsersTagIndex, setActiveUsersTagIndex] = useState<number | null>(null); const [activeUsersTagIndex, setActiveUsersTagIndex] = useState<number | null>(null);
const [activeClientsTagIndex, setActiveClientsTagIndex] = useState<number | null>(null);
const [loadingRolesUsers, setLoadingRolesUsers] = useState(false); const [loadingRolesUsers, setLoadingRolesUsers] = useState(false);
const [hasMachineClients, setHasMachineClients] = useState(false);
const form = useForm<FormData>({ const form = useForm<FormData>({
resolver: zodResolver(formSchema), resolver: zodResolver(formSchema),
@@ -155,7 +166,8 @@ export default function EditInternalResourceDialog({
destinationPort: resource.destinationPort ?? undefined, destinationPort: resource.destinationPort ?? undefined,
alias: resource.alias ?? null, alias: resource.alias ?? null,
roles: [], roles: [],
users: [] users: [],
clients: []
} }
}); });
@@ -168,7 +180,8 @@ export default function EditInternalResourceDialog({
rolesResponse, rolesResponse,
resourceRolesResponse, resourceRolesResponse,
usersResponse, usersResponse,
resourceUsersResponse resourceUsersResponse,
clientsResponse
] = await Promise.all([ ] = await Promise.all([
api.get<AxiosResponse<ListRolesResponse>>(`/org/${orgId}/roles`), api.get<AxiosResponse<ListRolesResponse>>(`/org/${orgId}/roles`),
api.get<AxiosResponse<ListSiteResourceRolesResponse>>( api.get<AxiosResponse<ListSiteResourceRolesResponse>>(
@@ -177,9 +190,29 @@ export default function EditInternalResourceDialog({
api.get<AxiosResponse<ListUsersResponse>>(`/org/${orgId}/users`), api.get<AxiosResponse<ListUsersResponse>>(`/org/${orgId}/users`),
api.get<AxiosResponse<ListSiteResourceUsersResponse>>( api.get<AxiosResponse<ListSiteResourceUsersResponse>>(
`/site-resource/${resource.id}/users` `/site-resource/${resource.id}/users`
) ),
api.get<AxiosResponse<ListClientsResponse>>(`/org/${orgId}/clients?filter=machine&limit=1000`)
]); ]);
let resourceClientsResponse: AxiosResponse<AxiosResponse<ListSiteResourceClientsResponse>>;
try {
resourceClientsResponse = await api.get<AxiosResponse<ListSiteResourceClientsResponse>>(
`/site-resource/${resource.id}/clients`
);
} catch {
resourceClientsResponse = {
data: {
data: {
clients: []
}
},
status: 200,
statusText: "OK",
headers: {} as any,
config: {} as any
} as any;
}
setAllRoles( setAllRoles(
rolesResponse.data.data.roles rolesResponse.data.data.roles
.map((role) => ({ .map((role) => ({
@@ -213,8 +246,27 @@ export default function EditInternalResourceDialog({
text: `${i.email || i.username}${i.type !== UserType.Internal ? ` (${i.idpName})` : ""}` text: `${i.email || i.username}${i.type !== UserType.Internal ? ` (${i.idpName})` : ""}`
})) }))
); );
const machineClients = clientsResponse.data.data.clients
.filter((client) => !client.userId)
.map((client) => ({
id: client.clientId.toString(),
text: client.name
}));
setAllClients(machineClients);
const existingClients = resourceClientsResponse.data.data.clients.map((c: { clientId: number; name: string }) => ({
id: c.clientId.toString(),
text: c.name
}));
form.setValue("clients", existingClients);
// Show clients tag input if there are machine clients OR existing client access
setHasMachineClients(machineClients.length > 0 || existingClients.length > 0);
} catch (error) { } catch (error) {
console.error("Error fetching roles and users:", error); console.error("Error fetching roles, users, and clients:", error);
} finally { } finally {
setLoadingRolesUsers(false); setLoadingRolesUsers(false);
} }
@@ -231,7 +283,8 @@ export default function EditInternalResourceDialog({
destinationPort: resource.destinationPort ?? undefined, destinationPort: resource.destinationPort ?? undefined,
alias: resource.alias ?? null, alias: resource.alias ?? null,
roles: [], roles: [],
users: [] users: [],
clients: []
}); });
fetchRolesAndUsers(); fetchRolesAndUsers();
} }
@@ -252,13 +305,16 @@ export default function EditInternalResourceDialog({
alias: data.alias && typeof data.alias === "string" && data.alias.trim() ? data.alias : null alias: data.alias && typeof data.alias === "string" && data.alias.trim() ? data.alias : null
}); });
// Update roles and users // Update roles, users, and clients
await Promise.all([ await Promise.all([
api.post(`/site-resource/${resource.id}/roles`, { api.post(`/site-resource/${resource.id}/roles`, {
roleIds: (data.roles || []).map((r) => parseInt(r.id)) roleIds: (data.roles || []).map((r) => parseInt(r.id))
}), }),
api.post(`/site-resource/${resource.id}/users`, { api.post(`/site-resource/${resource.id}/users`, {
userIds: (data.users || []).map((u) => u.id) userIds: (data.users || []).map((u) => u.id)
}),
api.post(`/site-resource/${resource.id}/clients`, {
clientIds: (data.clients || []).map((c) => parseInt(c.id))
}) })
]); ]);
@@ -530,6 +586,42 @@ export default function EditInternalResourceDialog({
</FormItem> </FormItem>
)} )}
/> />
{hasMachineClients && (
<FormField
control={form.control}
name="clients"
render={({ field }) => (
<FormItem className="flex flex-col items-start">
<FormLabel>{t("clients")}</FormLabel>
<FormControl>
<TagInput
{...field}
activeTagIndex={activeClientsTagIndex}
setActiveTagIndex={setActiveClientsTagIndex}
placeholder={t("accessClientSelect") || "Select machine clients"}
size="sm"
tags={form.getValues().clients || []}
setTags={(newClients) => {
form.setValue(
"clients",
newClients as [Tag, ...Tag[]]
);
}}
enableAutocomplete={true}
autocompleteOptions={allClients}
allowDuplicates={false}
restrictTagsToAutocompleteOptions={true}
sortTags={true}
/>
</FormControl>
<FormMessage />
<FormDescription>
{t("resourceClientDescription") || "Machine clients that can access this resource"}
</FormDescription>
</FormItem>
)}
/>
)}
</div> </div>
)} )}
</div> </div>