pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-02-25 06:16:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dev' into holepunch

Browse Source
This commit is contained in:
Owen
2025-03-25 20:42:14 -04:00
parent 779a1c303f dbfc8b51aa
commit fbe7e0a427
45 changed files with 4617 additions and 422 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
server/db/schema.ts
View File

@@ -471,6 +471,15 @@ export const resourceRules = sqliteTable("resourceRules", {
value: text("value").notNull()
});
export const supporterKey = sqliteTable("supporterKey", {
keyId: integer("keyId").primaryKey({ autoIncrement: true }),
key: text("key").notNull(),
githubUsername: text("githubUsername").notNull(),
phrase: text("phrase"),
tier: text("tier"),
valid: integer("valid", { mode: "boolean" }).notNull().default(false)
});
export type Org = InferSelectModel<typeof orgs>;
export type User = InferSelectModel<typeof users>;
export type Site = InferSelectModel<typeof sites>;
@@ -510,3 +519,4 @@ export type Client = InferSelectModel<typeof clients>;
export type RoleClient = InferSelectModel<typeof roleClients>;
export type UserClient = InferSelectModel<typeof userClients>;
export type Domain = InferSelectModel<typeof domains>;
export type SupporterKey = InferSelectModel<typeof supporterKey>;

99
server/lib/config.ts
View File

@@ -10,7 +10,9 @@ import {
} from "@server/lib/consts";
import { passwordSchema } from "@server/auth/passwordSchema";
import stoi from "./stoi";
import { start } from "repl";
import db from "@server/db";
import { SupporterKey, supporterKey } from "@server/db/schema";
import { eq } from "drizzle-orm";
const portSchema = z.number().positive().gt(0).lte(65535);
@@ -162,6 +164,10 @@ const configSchema = z.object({
export class Config {
private rawConfig!: z.infer<typeof configSchema>;
supporterData: SupporterKey | null = null;
supporterHiddenUntil: number | null = null;
constructor() {
this.loadConfig();
}
@@ -190,7 +196,9 @@ export class Config {
}
if (process.env.APP_BASE_DOMAIN) {
console.log("You're using deprecated environment variables. Transition to the configuration file. https://docs.fossorial.io/");
console.log(
"You're using deprecated environment variables. Transition to the configuration file. https://docs.fossorial.io/"
);
}
if (!environment) {
@@ -242,6 +250,14 @@ export class Config {
: "false";
process.env.DASHBOARD_URL = parsedConfig.data.app.dashboard_url;
this.checkSupporterKey()
.then(() => {
console.log("Supporter key checked");
})
.catch((error) => {
console.error("Error checking supporter key:", error);
});
this.rawConfig = parsedConfig.data;
}
@@ -258,6 +274,85 @@ export class Config {
public getDomain(domainId: string) {
return this.rawConfig.domains[domainId];
}
public hideSupporterKey(days: number = 7) {
const now = new Date().getTime();
if (this.supporterHiddenUntil && now < this.supporterHiddenUntil) {
return;
}
this.supporterHiddenUntil = now + 1000 * 60 * 60 * 24 * days;
}
public isSupporterKeyHidden() {
const now = new Date().getTime();
if (this.supporterHiddenUntil && now < this.supporterHiddenUntil) {
return true;
}
return false;
}
public async checkSupporterKey() {
const [key] = await db.select().from(supporterKey).limit(1);
if (!key) {
return;
}
const { key: licenseKey, githubUsername } = key;
const response = await fetch(
"https://api.dev.fossorial.io/api/v1/license/validate",
{
method: "POST",
headers: {
"Content-Type": "application/json"
},
body: JSON.stringify({
licenseKey,
githubUsername
})
}
);
if (!response.ok) {
this.supporterData = key;
return;
}
const data = await response.json();
if (!data.data.valid) {
this.supporterData = {
...key,
valid: false
};
return;
}
this.supporterData = {
...key,
tier: data.data.tier,
valid: true
};
// update the supporter key in the database
await db
.update(supporterKey)
.set({
tier: data.data.tier || null,
phrase: data.data.cutePhrase || null,
valid: true
})
.where(eq(supporterKey.keyId, key.keyId));
}
public getSupporterData() {
return this.supporterData;
}
}
export const config = new Config();

2
server/lib/consts.ts
View File

@@ -2,7 +2,7 @@ import path from "path";
import { fileURLToPath } from "url";
// This is a placeholder value replaced by the build process
export const APP_VERSION = "1.0.0";
export const APP_VERSION = "1.1.0";
export const __FILENAME = fileURLToPath(import.meta.url);
export const __DIRNAME = path.dirname(__FILENAME);

1
server/middlewares/index.ts
View File

@@ -15,3 +15,4 @@ export * from "./verifySetResourceUsers";
export * from "./verifyUserInRole";
export * from "./verifyAccessTokenAccess";
export * from "./verifyClientAccess";
export * from "./verifyUserIsServerAdmin";

37
server/middlewares/verifyUserIsServerAdmin.ts Normal file
View File

@@ -0,0 +1,37 @@
import { Request, Response, NextFunction } from "express";
import createHttpError from "http-errors";
import HttpCode from "@server/types/HttpCode";
export async function verifyUserIsServerAdmin(
req: Request,
res: Response,
next: NextFunction
) {
const userId = req.user!.userId;
if (!userId) {
return next(
createHttpError(HttpCode.UNAUTHORIZED, "User not authenticated")
);
}
try {
if (!req.user?.serverAdmin) {
return next(
createHttpError(
HttpCode.FORBIDDEN,
"User is not a server admin"
)
);
}
return next();
} catch (e) {
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
"Error verifying organization access"
)
);
}
}

14
server/routers/external.ts
View File

@@ -9,6 +9,7 @@ import * as user from "./user";
import * as auth from "./auth";
import * as role from "./role";
import * as client from "./client";
import * as supporterKey from "./supporterKey";
import * as accessToken from "./accessToken";
import HttpCode from "@server/types/HttpCode";
import {
@@ -24,7 +25,8 @@ import {
verifySetResourceUsers,
verifyUserAccess,
getUserOrgs,
verifyClientAccess
verifyClientAccess,
verifyUserIsServerAdmin
} from "@server/middlewares";
import { verifyUserHasAction } from "../middlewares/verifyUserHasAction";
import { ActionsEnum } from "@server/auth/actions";
@@ -413,6 +415,9 @@ authenticated.get(
authenticated.get(`/org/:orgId/overview`, verifyOrgAccess, org.getOrgOverview);
authenticated.post(`/supporter-key/validate`, supporterKey.validateSupporterKey);
authenticated.post(`/supporter-key/hide`, supporterKey.hideSupporterKey);
unauthenticated.get("/resource/:resourceId/auth", resource.getResourceAuthInfo);
// authenticated.get(
@@ -446,6 +451,13 @@ unauthenticated.get("/resource/:resourceId/auth", resource.getResourceAuthInfo);
unauthenticated.get("/user", verifySessionMiddleware, user.getUser);
authenticated.get("/users", verifyUserIsServerAdmin, user.adminListUsers);
authenticated.delete(
"/user/:userId",
verifyUserIsServerAdmin,
user.adminRemoveUser
);
authenticated.get("/org/:orgId/user/:userId", verifyOrgAccess, user.getOrgUser);
authenticated.get(
"/org/:orgId/users",

11
server/routers/internal.ts
View File

@@ -4,8 +4,12 @@ import * as traefik from "@server/routers/traefik";
import * as resource from "./resource";
import * as badger from "./badger";
import * as auth from "@server/routers/auth";
import * as supporterKey from "@server/routers/supporterKey";
import HttpCode from "@server/types/HttpCode";
import { verifyResourceAccess, verifySessionUserMiddleware } from "@server/middlewares";
import {
verifyResourceAccess,
verifySessionUserMiddleware
} from "@server/middlewares";
// Root routes
const internalRouter = Router();
@@ -28,6 +32,11 @@ internalRouter.post(
resource.getExchangeToken
);
internalRouter.get(
`/supporter-key/visible`,
supporterKey.isSupporterKeyVisible
);
// Gerbil routes
const gerbilRouter = Router();
internalRouter.use("/gerbil", gerbilRouter);

35
server/routers/supporterKey/hideSupporterKey.ts Normal file
View File

@@ -0,0 +1,35 @@
import { Request, Response, NextFunction } from "express";
import HttpCode from "@server/types/HttpCode";
import createHttpError from "http-errors";
import logger from "@server/logger";
import { response as sendResponse } from "@server/lib";
import config from "@server/lib/config";
export type HideSupporterKeyResponse = {
hidden: boolean;
};
export async function hideSupporterKey(
req: Request,
res: Response,
next: NextFunction
): Promise<any> {
try {
config.hideSupporterKey();
return sendResponse<HideSupporterKeyResponse>(res, {
data: {
hidden: true
},
success: true,
error: false,
message: "Hidden",
status: HttpCode.OK
});
} catch (error) {
logger.error(error);
return next(
createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
);
}
}

3
server/routers/supporterKey/index.ts Normal file
View File

@@ -0,0 +1,3 @@
export * from "./validateSupporterKey";
export * from "./isSupporterKeyVisible";
export * from "./hideSupporterKey";

54
server/routers/supporterKey/isSupporterKeyVisible.ts Normal file
View File

@@ -0,0 +1,54 @@
import { Request, Response, NextFunction } from "express";
import HttpCode from "@server/types/HttpCode";
import createHttpError from "http-errors";
import logger from "@server/logger";
import { response as sendResponse } from "@server/lib";
import config from "@server/lib/config";
import db from "@server/db";
import { count } from "drizzle-orm";
import { users } from "@server/db/schema";
export type IsSupporterKeyVisibleResponse = {
visible: boolean;
};
const USER_LIMIT = 5;
export async function isSupporterKeyVisible(
req: Request,
res: Response,
next: NextFunction
): Promise<any> {
try {
const hidden = config.isSupporterKeyHidden();
const key = config.getSupporterData();
let visible = !hidden && key?.valid !== true;
if (key?.tier === "Limited Supporter") {
const [numUsers] = await db.select({ count: count() }).from(users);
if (numUsers.count > USER_LIMIT) {
visible = true;
}
}
logger.debug(`Supporter key visible: ${visible}`);
logger.debug(JSON.stringify(key));
return sendResponse<IsSupporterKeyVisibleResponse>(res, {
data: {
visible
},
success: true,
error: false,
message: "Status",
status: HttpCode.OK
});
} catch (error) {
logger.error(error);
return next(
createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
);
}
}

115
server/routers/supporterKey/validateSupporterKey.ts Normal file
View File

@@ -0,0 +1,115 @@
import { Request, Response, NextFunction } from "express";
import { z } from "zod";
import HttpCode from "@server/types/HttpCode";
import createHttpError from "http-errors";
import logger from "@server/logger";
import { fromError } from "zod-validation-error";
import { response as sendResponse } from "@server/lib";
import { suppressDeprecationWarnings } from "moment";
import { supporterKey } from "@server/db/schema";
import db from "@server/db";
import { eq } from "drizzle-orm";
import config from "@server/lib/config";
const validateSupporterKeySchema = z
.object({
githubUsername: z.string().nonempty(),
key: z.string().nonempty()
})
.strict();
export type ValidateSupporterKeyResponse = {
valid: boolean;
githubUsername?: string;
tier?: string;
phrase?: string;
};
export async function validateSupporterKey(
req: Request,
res: Response,
next: NextFunction
): Promise<any> {
try {
const parsedBody = validateSupporterKeySchema.safeParse(req.body);
if (!parsedBody.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedBody.error).toString()
)
);
}
const { githubUsername, key } = parsedBody.data;
const response = await fetch(
"https://api.dev.fossorial.io/api/v1/license/validate",
{
method: "POST",
headers: {
"Content-Type": "application/json"
},
body: JSON.stringify({
licenseKey: key,
githubUsername: githubUsername
})
}
);
if (!response.ok) {
logger.error(response);
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
"An error occurred"
)
);
}
const data = await response.json();
if (!data || !data.data.valid) {
return sendResponse<ValidateSupporterKeyResponse>(res, {
data: {
valid: false
},
success: true,
error: false,
message: "Invalid supporter key",
status: HttpCode.OK
});
}
await db.transaction(async (trx) => {
await trx.delete(supporterKey);
await trx.insert(supporterKey).values({
githubUsername: githubUsername,
key: key,
tier: data.data.tier || null,
phrase: data.data.cutePhrase || null,
valid: true
});
});
await config.checkSupporterKey();
return sendResponse<ValidateSupporterKeyResponse>(res, {
data: {
valid: true,
githubUsername: data.data.githubUsername,
tier: data.data.tier,
phrase: data.data.cutePhrase
},
success: true,
error: false,
message: "Valid supporter key",
status: HttpCode.OK
});
} catch (error) {
logger.error(error);
return next(
createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
);
}
}

4
server/routers/traefik/getTraefikConfig.ts
View File

@@ -170,6 +170,10 @@ export async function traefikConfigProvider(
wildCard = `*.${domainParts.slice(1).join(".")}`;
}
if (resource.isBaseDomain) {
wildCard = resource.fullDomain;
}
const configDomain = config.getDomain(resource.domainId);
if (!configDomain) {

92
server/routers/user/adminListUsers.ts Normal file
View File

@@ -0,0 +1,92 @@
import { Request, Response, NextFunction } from "express";
import { z } from "zod";
import { db } from "@server/db";
import response from "@server/lib/response";
import HttpCode from "@server/types/HttpCode";
import createHttpError from "http-errors";
import { sql, eq } from "drizzle-orm";
import logger from "@server/logger";
import { users } from "@server/db/schema";
const listUsersSchema = z
.object({
limit: z
.string()
.optional()
.default("1000")
.transform(Number)
.pipe(z.number().int().nonnegative()),
offset: z
.string()
.optional()
.default("0")
.transform(Number)
.pipe(z.number().int().nonnegative())
})
.strict();
async function queryUsers(limit: number, offset: number) {
return await db
.select({
id: users.userId,
email: users.email,
dateCreated: users.dateCreated,
})
.from(users)
.where(eq(users.serverAdmin, false))
.limit(limit)
.offset(offset);
}
export type AdminListUsersResponse = {
users: NonNullable<Awaited<ReturnType<typeof queryUsers>>>;
pagination: { total: number; limit: number; offset: number };
};
export async function adminListUsers(
req: Request,
res: Response,
next: NextFunction
): Promise<any> {
try {
const parsedQuery = listUsersSchema.safeParse(req.query);
if (!parsedQuery.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
parsedQuery.error.errors.map((e) => e.message).join(", ")
)
);
}
const { limit, offset } = parsedQuery.data;
const allUsers = await queryUsers(
limit,
offset
);
const [{ count }] = await db
.select({ count: sql<number>`count(*)` })
.from(users);
return response<AdminListUsersResponse>(res, {
data: {
users: allUsers,
pagination: {
total: count,
limit,
offset
}
},
success: true,
error: false,
message: "Users retrieved successfully",
status: HttpCode.OK
});
} catch (error) {
logger.error(error);
return next(
createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
);
}
}

61
server/routers/user/adminRemoveUser.ts Normal file
View File

@@ -0,0 +1,61 @@
import { Request, Response, NextFunction } from "express";
import { z } from "zod";
import { db } from "@server/db";
import { userOrgs, users } from "@server/db/schema";
import { and, eq } from "drizzle-orm";
import response from "@server/lib/response";
import HttpCode from "@server/types/HttpCode";
import createHttpError from "http-errors";
import logger from "@server/logger";
import { fromError } from "zod-validation-error";
const removeUserSchema = z
.object({
userId: z.string()
})
.strict();
export async function adminRemoveUser(
req: Request,
res: Response,
next: NextFunction
): Promise<any> {
try {
const parsedParams = removeUserSchema.safeParse(req.params);
if (!parsedParams.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedParams.error).toString()
)
);
}
const { userId } = parsedParams.data;
// get the user first
const user = await db
.select()
.from(userOrgs)
.where(eq(userOrgs.userId, userId));
if (!user || user.length === 0) {
return next(createHttpError(HttpCode.NOT_FOUND, "User not found"));
}
await db.delete(users).where(eq(users.userId, userId));
return response(res, {
data: null,
success: true,
error: false,
message: "User removed successfully",
status: HttpCode.OK
});
} catch (error) {
logger.error(error);
return next(
createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
);
}
}

4
server/routers/user/index.ts
View File

@@ -4,4 +4,6 @@ export * from "./listUsers";
export * from "./addUserRole";
export * from "./inviteUser";
export * from "./acceptInvite";
export * from "./getOrgUser";
export * from "./getOrgUser";
export * from "./adminListUsers";
export * from "./adminRemoveUser";

2
server/routers/user/removeUserOrg.ts
View File

@@ -71,7 +71,7 @@ export async function removeUserOrg(
data: null,
success: true,
error: false,
message: "User remove from org successfully",
message: "User removed from org successfully",
status: HttpCode.OK
});
} catch (error) {

4
server/setup/migrations.ts
View File

@@ -17,6 +17,7 @@ import m8 from "./scripts/1.0.0-beta12";
import m13 from "./scripts/1.0.0-beta13";
import m15 from "./scripts/1.0.0-beta15";
import m16 from "./scripts/1.0.0";
import m17 from "./scripts/1.1.0";
// THIS CANNOT IMPORT ANYTHING FROM THE SERVER
// EXCEPT FOR THE DATABASE AND THE SCHEMA
@@ -33,7 +34,8 @@ const migrations = [
{ version: "1.0.0-beta.12", run: m8 },
{ version: "1.0.0-beta.13", run: m13 },
{ version: "1.0.0-beta.15", run: m15 },
{ version: "1.0.0", run: m16 }
{ version: "1.0.0", run: m16 },
{ version: "1.1.0", run: m17 }
// Add new migrations here as they are created
] as const;

28
server/setup/scripts/1.1.0.ts Normal file
View File

@@ -0,0 +1,28 @@
import db from "@server/db";
import { sql } from "drizzle-orm";
const version = "1.1.0";
export default async function migration() {
console.log(`Running setup script ${version}...`);
try {
db.transaction((trx) => {
trx.run(sql`CREATE TABLE 'supporterKey' (
'keyId' integer PRIMARY KEY AUTOINCREMENT NOT NULL,
'key' text NOT NULL,
'githubUsername' text NOT NULL,
'phrase' text,
'tier' text,
'valid' integer DEFAULT false NOT NULL
);`);
});
console.log(`Migrated database schema`);
} catch (e) {
console.log("Unable to migrate database schema");
throw e;
}
console.log(`${version} migration complete`);
}