pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-03-01 00:06:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add remote subnets back based on resources

Browse Source
This commit is contained in:
Owen
2025-11-08 12:17:33 -08:00
parent cad4d97fb3
commit f98b4baa73
4 changed files with 55 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
server/db/sqlite/schema/schema.ts
View File

@@ -93,8 +93,7 @@ export const sites = sqliteTable("sites", {
listenPort: integer("listenPort"), listenPort: integer("listenPort"),
dockerSocketEnabled: integer("dockerSocketEnabled", { mode: "boolean" }) dockerSocketEnabled: integer("dockerSocketEnabled", { mode: "boolean" })
.notNull() .notNull()
.default(true), .default(true)
remoteSubnets: text("remoteSubnets") // comma-separated list of subnets that this site can access
}); });
export const resources = sqliteTable("resources", { export const resources = sqliteTable("resources", {
@@ -359,7 +358,7 @@ export const clients = sqliteTable("clients", {
type: text("type").notNull(), // "olm" type: text("type").notNull(), // "olm"
online: integer("online", { mode: "boolean" }).notNull().default(false), online: integer("online", { mode: "boolean" }).notNull().default(false),
// endpoint: text("endpoint"), // endpoint: text("endpoint"),
lastHolePunch: integer("lastHolePunch"), lastHolePunch: integer("lastHolePunch")
}); });
export const clientSites = sqliteTable("clientSites", { export const clientSites = sqliteTable("clientSites", {

17
server/lib/rebuildSiteClientAssociations.ts
View File

@@ -10,6 +10,7 @@ import {
roleSiteResources, roleSiteResources,
Site, Site,
SiteResource, SiteResource,
siteResources,
sites, sites,
Transaction, Transaction,
userOrgs, userOrgs,
@@ -324,6 +325,20 @@ async function handleMessagesForSiteClients(
) )
); );
// TODO: should we have this here?
const allSiteResources = await trx
.select()
.from(siteResources)
.where(eq(siteResources.siteId, site.siteId));
let remoteSubnets = allSiteResources
.filter((sr) => sr.mode == "cidr")
.map((sr) => sr.destination);
// remove duplicates
remoteSubnets = Array.from(new Set(remoteSubnets));
const remoteSubnetsStr =
remoteSubnets.length > 0 ? remoteSubnets.join(",") : null;
olmJobs.push( olmJobs.push(
olmAddPeer( olmAddPeer(
client.clientId, client.clientId,
@@ -336,7 +351,7 @@ async function handleMessagesForSiteClients(
publicKey: site.publicKey, publicKey: site.publicKey,
serverIP: site.address, serverIP: site.address,
serverPort: site.listenPort, serverPort: site.listenPort,
remoteSubnets: site.remoteSubnets remoteSubnets: remoteSubnetsStr
}, },
olm.olmId olm.olmId
) )

28
server/routers/newt/handleGetConfigMessage.ts
View File

@@ -66,7 +66,9 @@ export const handleGetConfigMessage: MessageHandler = async (context) => {
// we need to wait for hole punch success // we need to wait for hole punch success
if (!existingSite.endpoint) { if (!existingSite.endpoint) {
logger.debug(`In newt get config: existing site ${existingSite.siteId} has no endpoint, skipping`); logger.debug(
`In newt get config: existing site ${existingSite.siteId} has no endpoint, skipping`
);
return; return;
} }
@@ -181,13 +183,28 @@ export const handleGetConfigMessage: MessageHandler = async (context) => {
return null; return null;
} }
const allSiteResources = await db
.select()
.from(siteResources)
.where(eq(siteResources.siteId, site.siteId));
let remoteSubnets = allSiteResources
.filter((sr) => sr.mode == "cidr")
.map((sr) => sr.destination);
// remove duplicates
remoteSubnets = Array.from(new Set(remoteSubnets));
const remoteSubnetsStr =
remoteSubnets.length > 0
? remoteSubnets.join(",")
: null;
await updatePeer(client.clients.clientId, { await updatePeer(client.clients.clientId, {
siteId: site.siteId, siteId: site.siteId,
endpoint: endpoint, endpoint: endpoint,
publicKey: site.publicKey, publicKey: site.publicKey,
serverIP: site.address, serverIP: site.address,
serverPort: site.listenPort, serverPort: site.listenPort,
remoteSubnets: site.remoteSubnets remoteSubnets: remoteSubnetsStr
}); });
} catch (error) { } catch (error) {
logger.error( logger.error(
@@ -222,7 +239,12 @@ export const handleGetConfigMessage: MessageHandler = async (context) => {
} }
// Filter out invalid targets // Filter out invalid targets
if (!resource.proxyPort || !resource.destination || !resource.destinationPort || !resource.protocol) { if (
!resource.proxyPort ||
!resource.destination ||
!resource.destinationPort ||
!resource.protocol
) {
return acc; return acc;
} }

13
server/routers/olm/handleOlmRegisterMessage.ts
View File

@@ -5,6 +5,7 @@ import {
orgs, orgs,
roleClients, roleClients,
roles, roles,
siteResources,
Transaction, Transaction,
userClients, userClients,
userOrgs, userOrgs,
@@ -231,6 +232,16 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => {
) )
.limit(1); .limit(1);
const allSiteResources = await db
.select()
.from(siteResources)
.where(eq(siteResources.siteId, site.siteId));
let remoteSubnets = allSiteResources.filter((sr => sr.mode == "cidr")).map(sr => sr.destination);
// remove duplicates
remoteSubnets = Array.from(new Set(remoteSubnets));
const remoteSubnetsStr = remoteSubnets.length > 0 ? remoteSubnets.join(",") : null;
// Add the peer to the exit node for this site // Add the peer to the exit node for this site
if (clientSite.endpoint) { if (clientSite.endpoint) {
logger.info( logger.info(
@@ -268,7 +279,7 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => {
publicKey: site.publicKey, publicKey: site.publicKey,
serverIP: site.address, serverIP: site.address,
serverPort: site.listenPort, serverPort: site.listenPort,
remoteSubnets: site.remoteSubnets remoteSubnets: remoteSubnetsStr
}); });
} }