pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-02-21 20:36:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

show features in ce

Browse Source
This commit is contained in:
miloschwartz
2026-02-07 17:00:44 -08:00
committed by Owen
parent ae6ed8ad97
commit fed56c1959
22 changed files with 671 additions and 707 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
messages/en-US.json
View File

@@ -2267,6 +2267,7 @@
"actionLogsDescription": "View a history of actions performed in this organization", "actionLogsDescription": "View a history of actions performed in this organization",
"accessLogsDescription": "View access auth requests for resources in this organization", "accessLogsDescription": "View access auth requests for resources in this organization",
"licenseRequiredToUse": "An Enterprise license is required to use this feature.", "licenseRequiredToUse": "An Enterprise license is required to use this feature.",
"ossEnterpriseEditionRequired": "The <enterpriseEditionLink>Enterprise Edition</enterpriseEditionLink> is required to use this feature.",
"certResolver": "Certificate Resolver", "certResolver": "Certificate Resolver",
"certResolverDescription": "Select the certificate resolver to use for this resource.", "certResolverDescription": "Select the certificate resolver to use for this resource.",
"selectCertResolver": "Select Certificate Resolver", "selectCertResolver": "Select Certificate Resolver",

50
server/routers/client/getClient.ts
View File

@@ -56,19 +56,29 @@ async function query(clientId?: number, niceId?: string, orgId?: string) {
} }
type PostureData = { type PostureData = {
biometricsEnabled?: boolean | null; biometricsEnabled?: boolean | null | "-";
diskEncrypted?: boolean | null; diskEncrypted?: boolean | null | "-";
firewallEnabled?: boolean | null; firewallEnabled?: boolean | null | "-";
autoUpdatesEnabled?: boolean | null; autoUpdatesEnabled?: boolean | null | "-";
tpmAvailable?: boolean | null; tpmAvailable?: boolean | null | "-";
windowsAntivirusEnabled?: boolean | null; windowsAntivirusEnabled?: boolean | null | "-";
macosSipEnabled?: boolean | null; macosSipEnabled?: boolean | null | "-";
macosGatekeeperEnabled?: boolean | null; macosGatekeeperEnabled?: boolean | null | "-";
macosFirewallStealthMode?: boolean | null; macosFirewallStealthMode?: boolean | null | "-";
linuxAppArmorEnabled?: boolean | null; linuxAppArmorEnabled?: boolean | null | "-";
linuxSELinuxEnabled?: boolean | null; linuxSELinuxEnabled?: boolean | null | "-";
}; };
function maskPostureDataWithPlaceholder(posture: PostureData): PostureData {
const masked: PostureData = {};
for (const key of Object.keys(posture) as (keyof PostureData)[]) {
if (posture[key] !== undefined && posture[key] !== null) {
(masked as Record<keyof PostureData, "-">)[key] = "-";
}
}
return masked;
}
function getPlatformPostureData( function getPlatformPostureData(
platform: string | null | undefined, platform: string | null | undefined,
fingerprint: typeof currentFingerprint.$inferSelect | null fingerprint: typeof currentFingerprint.$inferSelect | null
@@ -309,17 +319,19 @@ export async function getClient(
: null; : null;
// Build posture data if available (platform-specific) // Build posture data if available (platform-specific)
// Only return posture data if org is licensed/subscribed // Licensed: real values; not licensed: same keys but values set to "-"
let postureData: PostureData | null = null; const rawPosture = getPlatformPostureData(
const isOrgLicensed = await isLicensedOrSubscribed(
client.clients.orgId
);
if (isOrgLicensed) {
postureData = getPlatformPostureData(
client.currentFingerprint?.platform || null, client.currentFingerprint?.platform || null,
client.currentFingerprint client.currentFingerprint
); );
} const isOrgLicensed = await isLicensedOrSubscribed(
client.clients.orgId
);
const postureData: PostureData | null = rawPosture
? isOrgLicensed
? rawPosture
: maskPostureDataWithPlaceholder(rawPosture)
: null;
const data: GetClientResponse = { const data: GetClientResponse = {
...client.clients, ...client.clients,

4
src/app/[orgId]/settings/(private)/idp/create/page.tsx
View File

@@ -27,6 +27,7 @@ import {
import { Input } from "@app/components/ui/input"; import { Input } from "@app/components/ui/input";
import { useEnvContext } from "@app/hooks/useEnvContext"; import { useEnvContext } from "@app/hooks/useEnvContext";
import { useLicenseStatusContext } from "@app/hooks/useLicenseStatusContext"; import { useLicenseStatusContext } from "@app/hooks/useLicenseStatusContext";
import { usePaidStatus } from "@app/hooks/usePaidStatus";
import { toast } from "@app/hooks/useToast"; import { toast } from "@app/hooks/useToast";
import { createApiClient, formatAxiosError } from "@app/lib/api"; import { createApiClient, formatAxiosError } from "@app/lib/api";
import { zodResolver } from "@hookform/resolvers/zod"; import { zodResolver } from "@hookform/resolvers/zod";
@@ -51,6 +52,7 @@ export default function Page() {
>("role"); >("role");
const { isUnlocked } = useLicenseStatusContext(); const { isUnlocked } = useLicenseStatusContext();
const t = useTranslations(); const t = useTranslations();
const { isPaidUser } = usePaidStatus();
const params = useParams(); const params = useParams();
@@ -806,7 +808,7 @@ export default function Page() {
</Button> </Button>
<Button <Button
type="submit" type="submit"
disabled={createLoading} disabled={createLoading || !isPaidUser}
loading={createLoading} loading={createLoading}
onClick={() => { onClick={() => {
// log any issues with the form // log any issues with the form

10
src/app/[orgId]/settings/(private)/idp/layout.tsx
View File

@@ -1,18 +1,8 @@
import { pullEnv } from "@app/lib/pullEnv";
import { build } from "@server/build";
import { redirect } from "next/navigation";
interface LayoutProps { interface LayoutProps {
children: React.ReactNode; children: React.ReactNode;
params: Promise<{}>; params: Promise<{}>;
} }
export default async function Layout(props: LayoutProps) { export default async function Layout(props: LayoutProps) {
const env = pullEnv();
if (build !== "saas" && !env.flags.useOrgOnlyIdp) {
redirect("/");
}
return props.children; return props.children;
} }

2
src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx
View File

@@ -195,7 +195,6 @@ export default function CredentialsPage() {
</Alert> </Alert>
)} )}
</SettingsSectionBody> </SettingsSectionBody>
{build !== "oss" && (
<SettingsSectionFooter> <SettingsSectionFooter>
<Button <Button
variant="outline" variant="outline"
@@ -217,7 +216,6 @@ export default function CredentialsPage() {
{t("remoteExitNodeRegenerateAndDisconnect")} {t("remoteExitNodeRegenerateAndDisconnect")}
</Button> </Button>
</SettingsSectionFooter> </SettingsSectionFooter>
)}
</SettingsSection> </SettingsSection>
</SettingsContainer> </SettingsContainer>

6
src/app/[orgId]/settings/clients/machine/[niceId]/credentials/page.tsx
View File

@@ -61,7 +61,9 @@ export default function CredentialsPage() {
const isEnterpriseNotLicensed = build === "enterprise" && !isUnlocked(); const isEnterpriseNotLicensed = build === "enterprise" && !isUnlocked();
const isSaasNotSubscribed = const isSaasNotSubscribed =
build === "saas" && !subscription?.isSubscribed(); build === "saas" && !subscription?.isSubscribed();
return isEnterpriseNotLicensed || isSaasNotSubscribed; return (
isEnterpriseNotLicensed || isSaasNotSubscribed || build === "oss"
);
}; };
const handleConfirmRegenerate = async () => { const handleConfirmRegenerate = async () => {
@@ -181,7 +183,6 @@ export default function CredentialsPage() {
</Alert> </Alert>
)} )}
</SettingsSectionBody> </SettingsSectionBody>
{build !== "oss" && (
<SettingsSectionFooter> <SettingsSectionFooter>
<Button <Button
variant="outline" variant="outline"
@@ -203,7 +204,6 @@ export default function CredentialsPage() {
{t("clientRegenerateAndDisconnect")} {t("clientRegenerateAndDisconnect")}
</Button> </Button>
</SettingsSectionFooter> </SettingsSectionFooter>
)}
</SettingsSection> </SettingsSection>
<OlmInstallCommands <OlmInstallCommands

74
src/app/[orgId]/settings/clients/user/[niceId]/general/page.tsx
View File

@@ -28,7 +28,15 @@ import { createApiClient, formatAxiosError } from "@app/lib/api";
import { toast } from "@app/hooks/useToast"; import { toast } from "@app/hooks/useToast";
import { useRouter } from "next/navigation"; import { useRouter } from "next/navigation";
import { useState, useEffect, useTransition } from "react"; import { useState, useEffect, useTransition } from "react";
import { Check, Ban, Shield, ShieldOff, Clock, CheckCircle2, XCircle } from "lucide-react"; import {
Check,
Ban,
Shield,
ShieldOff,
Clock,
CheckCircle2,
XCircle
} from "lucide-react";
import { useParams } from "next/navigation"; import { useParams } from "next/navigation";
import { FaApple, FaWindows, FaLinux } from "react-icons/fa"; import { FaApple, FaWindows, FaLinux } from "react-icons/fa";
import { SiAndroid } from "react-icons/si"; import { SiAndroid } from "react-icons/si";
@@ -111,13 +119,13 @@ function getPlatformFieldConfig(
osVersion: { show: true, labelKey: "iosVersion" }, osVersion: { show: true, labelKey: "iosVersion" },
kernelVersion: { show: false, labelKey: "kernelVersion" }, kernelVersion: { show: false, labelKey: "kernelVersion" },
arch: { show: true, labelKey: "architecture" }, arch: { show: true, labelKey: "architecture" },
deviceModel: { show: true, labelKey: "deviceModel" }, deviceModel: { show: true, labelKey: "deviceModel" }
}, },
android: { android: {
osVersion: { show: true, labelKey: "androidVersion" }, osVersion: { show: true, labelKey: "androidVersion" },
kernelVersion: { show: true, labelKey: "kernelVersion" }, kernelVersion: { show: true, labelKey: "kernelVersion" },
arch: { show: true, labelKey: "architecture" }, arch: { show: true, labelKey: "architecture" },
deviceModel: { show: true, labelKey: "deviceModel" }, deviceModel: { show: true, labelKey: "deviceModel" }
}, },
unknown: { unknown: {
osVersion: { show: true, labelKey: "osVersion" }, osVersion: { show: true, labelKey: "osVersion" },
@@ -133,7 +141,6 @@ function getPlatformFieldConfig(
return configs[normalizedPlatform] || configs.unknown; return configs[normalizedPlatform] || configs.unknown;
} }
export default function GeneralPage() { export default function GeneralPage() {
const { client, updateClient } = useClientContext(); const { client, updateClient } = useClientContext();
const { isPaidUser } = usePaidStatus(); const { isPaidUser } = usePaidStatus();
@@ -423,7 +430,8 @@ export default function GeneralPage() {
{t( {t(
fieldConfig fieldConfig
.osVersion .osVersion
?.labelKey || "osVersion" ?.labelKey ||
"osVersion"
)} )}
</InfoSectionTitle> </InfoSectionTitle>
<InfoSectionContent> <InfoSectionContent>
@@ -559,8 +567,6 @@ export default function GeneralPage() {
</SettingsSection> </SettingsSection>
)} )}
{/* Device Security Section */}
{build !== "oss" && (
<SettingsSection> <SettingsSection>
<SettingsSectionHeader> <SettingsSectionHeader>
<SettingsSectionTitle> <SettingsSectionTitle>
@@ -572,12 +578,14 @@ export default function GeneralPage() {
</SettingsSectionHeader> </SettingsSectionHeader>
<SettingsSectionBody> <SettingsSectionBody>
{client.posture && Object.keys(client.posture).length > 0 ? ( <PaidFeaturesAlert />
{client.posture &&
Object.keys(client.posture).length > 0 ? (
<> <>
{!isPaidUser && <PaidFeaturesAlert />}
<InfoSections cols={3}> <InfoSections cols={3}>
{client.posture.biometricsEnabled !== null && {client.posture.biometricsEnabled !== null &&
client.posture.biometricsEnabled !== undefined && ( client.posture.biometricsEnabled !==
undefined && (
<InfoSection> <InfoSection>
<InfoSectionTitle> <InfoSectionTitle>
{t("biometricsEnabled")} {t("biometricsEnabled")}
@@ -585,7 +593,8 @@ export default function GeneralPage() {
<InfoSectionContent> <InfoSectionContent>
{isPaidUser {isPaidUser
? formatPostureValue( ? formatPostureValue(
client.posture.biometricsEnabled client.posture
.biometricsEnabled
) )
: "-"} : "-"}
</InfoSectionContent> </InfoSectionContent>
@@ -593,7 +602,8 @@ export default function GeneralPage() {
)} )}
{client.posture.diskEncrypted !== null && {client.posture.diskEncrypted !== null &&
client.posture.diskEncrypted !== undefined && ( client.posture.diskEncrypted !==
undefined && (
<InfoSection> <InfoSection>
<InfoSectionTitle> <InfoSectionTitle>
{t("diskEncrypted")} {t("diskEncrypted")}
@@ -601,7 +611,8 @@ export default function GeneralPage() {
<InfoSectionContent> <InfoSectionContent>
{isPaidUser {isPaidUser
? formatPostureValue( ? formatPostureValue(
client.posture.diskEncrypted client.posture
.diskEncrypted
) )
: "-"} : "-"}
</InfoSectionContent> </InfoSectionContent>
@@ -609,7 +620,8 @@ export default function GeneralPage() {
)} )}
{client.posture.firewallEnabled !== null && {client.posture.firewallEnabled !== null &&
client.posture.firewallEnabled !== undefined && ( client.posture.firewallEnabled !==
undefined && (
<InfoSection> <InfoSection>
<InfoSectionTitle> <InfoSectionTitle>
{t("firewallEnabled")} {t("firewallEnabled")}
@@ -617,7 +629,8 @@ export default function GeneralPage() {
<InfoSectionContent> <InfoSectionContent>
{isPaidUser {isPaidUser
? formatPostureValue( ? formatPostureValue(
client.posture.firewallEnabled client.posture
.firewallEnabled
) )
: "-"} : "-"}
</InfoSectionContent> </InfoSectionContent>
@@ -625,7 +638,8 @@ export default function GeneralPage() {
)} )}
{client.posture.autoUpdatesEnabled !== null && {client.posture.autoUpdatesEnabled !== null &&
client.posture.autoUpdatesEnabled !== undefined && ( client.posture.autoUpdatesEnabled !==
undefined && (
<InfoSection> <InfoSection>
<InfoSectionTitle> <InfoSectionTitle>
{t("autoUpdatesEnabled")} {t("autoUpdatesEnabled")}
@@ -633,7 +647,8 @@ export default function GeneralPage() {
<InfoSectionContent> <InfoSectionContent>
{isPaidUser {isPaidUser
? formatPostureValue( ? formatPostureValue(
client.posture.autoUpdatesEnabled client.posture
.autoUpdatesEnabled
) )
: "-"} : "-"}
</InfoSectionContent> </InfoSectionContent>
@@ -641,7 +656,8 @@ export default function GeneralPage() {
)} )}
{client.posture.tpmAvailable !== null && {client.posture.tpmAvailable !== null &&
client.posture.tpmAvailable !== undefined && ( client.posture.tpmAvailable !==
undefined && (
<InfoSection> <InfoSection>
<InfoSectionTitle> <InfoSectionTitle>
{t("tpmAvailable")} {t("tpmAvailable")}
@@ -649,15 +665,18 @@ export default function GeneralPage() {
<InfoSectionContent> <InfoSectionContent>
{isPaidUser {isPaidUser
? formatPostureValue( ? formatPostureValue(
client.posture.tpmAvailable client.posture
.tpmAvailable
) )
: "-"} : "-"}
</InfoSectionContent> </InfoSectionContent>
</InfoSection> </InfoSection>
)} )}
{client.posture.windowsAntivirusEnabled !== null && {client.posture.windowsAntivirusEnabled !==
client.posture.windowsAntivirusEnabled !== undefined && ( null &&
client.posture.windowsAntivirusEnabled !==
undefined && (
<InfoSection> <InfoSection>
<InfoSectionTitle> <InfoSectionTitle>
{t("windowsAntivirusEnabled")} {t("windowsAntivirusEnabled")}
@@ -674,7 +693,8 @@ export default function GeneralPage() {
)} )}
{client.posture.macosSipEnabled !== null && {client.posture.macosSipEnabled !== null &&
client.posture.macosSipEnabled !== undefined && ( client.posture.macosSipEnabled !==
undefined && (
<InfoSection> <InfoSection>
<InfoSectionTitle> <InfoSectionTitle>
{t("macosSipEnabled")} {t("macosSipEnabled")}
@@ -682,14 +702,16 @@ export default function GeneralPage() {
<InfoSectionContent> <InfoSectionContent>
{isPaidUser {isPaidUser
? formatPostureValue( ? formatPostureValue(
client.posture.macosSipEnabled client.posture
.macosSipEnabled
) )
: "-"} : "-"}
</InfoSectionContent> </InfoSectionContent>
</InfoSection> </InfoSection>
)} )}
{client.posture.macosGatekeeperEnabled !== null && {client.posture.macosGatekeeperEnabled !==
null &&
client.posture.macosGatekeeperEnabled !== client.posture.macosGatekeeperEnabled !==
undefined && ( undefined && (
<InfoSection> <InfoSection>
@@ -707,7 +729,8 @@ export default function GeneralPage() {
</InfoSection> </InfoSection>
)} )}
{client.posture.macosFirewallStealthMode !== null && {client.posture.macosFirewallStealthMode !==
null &&
client.posture.macosFirewallStealthMode !== client.posture.macosFirewallStealthMode !==
undefined && ( undefined && (
<InfoSection> <InfoSection>
@@ -769,7 +792,6 @@ export default function GeneralPage() {
)} )}
</SettingsSectionBody> </SettingsSectionBody>
</SettingsSection> </SettingsSection>
)}
</SettingsContainer> </SettingsContainer>
); );
} }

5
src/app/[orgId]/settings/general/auth-page/page.tsx
View File

@@ -20,11 +20,6 @@ export interface AuthPageProps {
export default async function AuthPage(props: AuthPageProps) { export default async function AuthPage(props: AuthPageProps) {
const orgId = (await props.params).orgId; const orgId = (await props.params).orgId;
// custom auth branding is only available in enterprise and saas
if (build === "oss") {
redirect(`/${orgId}/settings/general/`);
}
let subscriptionStatus: GetOrgTierResponse | null = null; let subscriptionStatus: GetOrgTierResponse | null = null;
try { try {
const subRes = await getCachedSubscription(orgId); const subRes = await getCachedSubscription(orgId);

8
src/app/[orgId]/settings/general/layout.tsx
View File

@@ -55,14 +55,12 @@ export default async function GeneralSettingsPage({
{ {
title: t("security"), title: t("security"),
href: `/{orgId}/settings/general/security` href: `/{orgId}/settings/general/security`
} },
]; {
if (build !== "oss") {
navItems.push({
title: t("authPage"), title: t("authPage"),
href: `/{orgId}/settings/general/auth-page` href: `/{orgId}/settings/general/auth-page`
});
} }
];
return ( return (
<> <>

55
src/app/[orgId]/settings/general/security/page.tsx
View File

@@ -3,12 +3,7 @@ import ConfirmDeleteDialog from "@app/components/ConfirmDeleteDialog";
import { Button } from "@app/components/ui/button"; import { Button } from "@app/components/ui/button";
import { useOrgContext } from "@app/hooks/useOrgContext"; import { useOrgContext } from "@app/hooks/useOrgContext";
import { toast } from "@app/hooks/useToast"; import { toast } from "@app/hooks/useToast";
import { import { useState, useRef, useActionState, type ComponentRef } from "react";
useState,
useRef,
useActionState,
type ComponentRef
} from "react";
import { import {
Form, Form,
FormControl, FormControl,
@@ -110,7 +105,7 @@ export default function SecurityPage() {
return ( return (
<SettingsContainer> <SettingsContainer>
<LogRetentionSectionForm org={org.org} /> <LogRetentionSectionForm org={org.org} />
{build !== "oss" && <SecuritySettingsSectionForm org={org.org} />} <SecuritySettingsSectionForm org={org.org} />
</SettingsContainer> </SettingsContainer>
); );
} }
@@ -243,8 +238,6 @@ function LogRetentionSectionForm({ org }: SectionFormProps) {
)} )}
/> />
{build !== "oss" && (
<>
<PaidFeaturesAlert /> <PaidFeaturesAlert />
<FormField <FormField
@@ -256,19 +249,13 @@ function LogRetentionSectionForm({ org }: SectionFormProps) {
return ( return (
<FormItem> <FormItem>
<FormLabel> <FormLabel>
{t( {t("logRetentionAccessLabel")}
"logRetentionAccessLabel"
)}
</FormLabel> </FormLabel>
<FormControl> <FormControl>
<Select <Select
value={field.value.toString()} value={field.value.toString()}
onValueChange={( onValueChange={(value) => {
value if (!isDisabled) {
) => {
if (
!isDisabled
) {
field.onChange( field.onChange(
parseInt( parseInt(
value, value,
@@ -277,9 +264,7 @@ function LogRetentionSectionForm({ org }: SectionFormProps) {
); );
} }
}} }}
disabled={ disabled={isDisabled}
isDisabled
}
> >
<SelectTrigger> <SelectTrigger>
<SelectValue <SelectValue
@@ -290,9 +275,7 @@ function LogRetentionSectionForm({ org }: SectionFormProps) {
</SelectTrigger> </SelectTrigger>
<SelectContent> <SelectContent>
{LOG_RETENTION_OPTIONS.map( {LOG_RETENTION_OPTIONS.map(
( (option) => (
option
) => (
<SelectItem <SelectItem
key={ key={
option.value option.value
@@ -322,19 +305,13 @@ function LogRetentionSectionForm({ org }: SectionFormProps) {
return ( return (
<FormItem> <FormItem>
<FormLabel> <FormLabel>
{t( {t("logRetentionActionLabel")}
"logRetentionActionLabel"
)}
</FormLabel> </FormLabel>
<FormControl> <FormControl>
<Select <Select
value={field.value.toString()} value={field.value.toString()}
onValueChange={( onValueChange={(value) => {
value if (!isDisabled) {
) => {
if (
!isDisabled
) {
field.onChange( field.onChange(
parseInt( parseInt(
value, value,
@@ -343,9 +320,7 @@ function LogRetentionSectionForm({ org }: SectionFormProps) {
); );
} }
}} }}
disabled={ disabled={isDisabled}
isDisabled
}
> >
<SelectTrigger> <SelectTrigger>
<SelectValue <SelectValue
@@ -356,9 +331,7 @@ function LogRetentionSectionForm({ org }: SectionFormProps) {
</SelectTrigger> </SelectTrigger>
<SelectContent> <SelectContent>
{LOG_RETENTION_OPTIONS.map( {LOG_RETENTION_OPTIONS.map(
( (option) => (
option
) => (
<SelectItem <SelectItem
key={ key={
option.value option.value
@@ -379,8 +352,6 @@ function LogRetentionSectionForm({ org }: SectionFormProps) {
); );
}} }}
/> />
</>
)}
</form> </form>
</Form> </Form>
</SettingsSectionForm> </SettingsSectionForm>
@@ -740,7 +711,7 @@ function SecuritySettingsSectionForm({ org }: SectionFormProps) {
type="submit" type="submit"
form="security-settings-section-form" form="security-settings-section-form"
loading={loadingSave} loading={loadingSave}
disabled={loadingSave} disabled={loadingSave || !isPaidUser}
> >
{t("saveSettings")} {t("saveSettings")}
</Button> </Button>

23
src/app/[orgId]/settings/logs/access/page.tsx
View File

@@ -20,6 +20,7 @@ import { Alert, AlertDescription } from "@app/components/ui/alert";
import { getSevenDaysAgo } from "@app/lib/getSevenDaysAgo"; import { getSevenDaysAgo } from "@app/lib/getSevenDaysAgo";
import axios from "axios"; import axios from "axios";
import { useStoredPageSize } from "@app/hooks/useStoredPageSize"; import { useStoredPageSize } from "@app/hooks/useStoredPageSize";
import { PaidFeaturesAlert } from "@app/components/PaidFeaturesAlert";
export default function GeneralPage() { export default function GeneralPage() {
const router = useRouter(); const router = useRouter();
@@ -209,7 +210,8 @@ export default function GeneralPage() {
console.log("Date range changed:", { startDate, endDate, page, size }); console.log("Date range changed:", { startDate, endDate, page, size });
if ( if (
(build == "saas" && !subscription?.subscribed) || (build == "saas" && !subscription?.subscribed) ||
(build == "enterprise" && !isUnlocked()) (build == "enterprise" && !isUnlocked()) ||
build === "oss"
) { ) {
console.log( console.log(
"Access denied: subscription inactive or license locked" "Access denied: subscription inactive or license locked"
@@ -611,21 +613,7 @@ export default function GeneralPage() {
description={t("accessLogsDescription")} description={t("accessLogsDescription")}
/> />
{build == "saas" && !subscription?.subscribed ? ( <PaidFeaturesAlert />
<Alert variant="info" className="mb-6">
<AlertDescription>
{t("subscriptionRequiredToUse")}
</AlertDescription>
</Alert>
) : null}
{build == "enterprise" && !isUnlocked() ? (
<Alert variant="info" className="mb-6">
<AlertDescription>
{t("licenseRequiredToUse")}
</AlertDescription>
</Alert>
) : null}
<LogDataTable <LogDataTable
columns={columns} columns={columns}
@@ -656,7 +644,8 @@ export default function GeneralPage() {
renderExpandedRow={renderExpandedRow} renderExpandedRow={renderExpandedRow}
disabled={ disabled={
(build == "saas" && !subscription?.subscribed) || (build == "saas" && !subscription?.subscribed) ||
(build == "enterprise" && !isUnlocked()) (build == "enterprise" && !isUnlocked()) ||
build === "oss"
} }
/> />
</> </>

23
src/app/[orgId]/settings/logs/action/page.tsx
View File

@@ -2,6 +2,7 @@
import { ColumnFilter } from "@app/components/ColumnFilter"; import { ColumnFilter } from "@app/components/ColumnFilter";
import { DateTimeValue } from "@app/components/DateTimePicker"; import { DateTimeValue } from "@app/components/DateTimePicker";
import { LogDataTable } from "@app/components/LogDataTable"; import { LogDataTable } from "@app/components/LogDataTable";
import { PaidFeaturesAlert } from "@app/components/PaidFeaturesAlert";
import SettingsSectionTitle from "@app/components/SettingsSectionTitle"; import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
import { Alert, AlertDescription } from "@app/components/ui/alert"; import { Alert, AlertDescription } from "@app/components/ui/alert";
import { useEnvContext } from "@app/hooks/useEnvContext"; import { useEnvContext } from "@app/hooks/useEnvContext";
@@ -92,6 +93,9 @@ export default function GeneralPage() {
// Trigger search with default values on component mount // Trigger search with default values on component mount
useEffect(() => { useEffect(() => {
if (build === "oss") {
return;
}
const defaultRange = getDefaultDateRange(); const defaultRange = getDefaultDateRange();
queryDateTime( queryDateTime(
defaultRange.startDate, defaultRange.startDate,
@@ -461,21 +465,7 @@ export default function GeneralPage() {
description={t("actionLogsDescription")} description={t("actionLogsDescription")}
/> />
{build == "saas" && !subscription?.subscribed ? ( <PaidFeaturesAlert />
<Alert variant="info" className="mb-6">
<AlertDescription>
{t("subscriptionRequiredToUse")}
</AlertDescription>
</Alert>
) : null}
{build == "enterprise" && !isUnlocked() ? (
<Alert variant="info" className="mb-6">
<AlertDescription>
{t("licenseRequiredToUse")}
</AlertDescription>
</Alert>
) : null}
<LogDataTable <LogDataTable
columns={columns} columns={columns}
@@ -508,7 +498,8 @@ export default function GeneralPage() {
renderExpandedRow={renderExpandedRow} renderExpandedRow={renderExpandedRow}
disabled={ disabled={
(build == "saas" && !subscription?.subscribed) || (build == "saas" && !subscription?.subscribed) ||
(build == "enterprise" && !isUnlocked()) (build == "enterprise" && !isUnlocked()) ||
build === "oss"
} }
/> />
</> </>

4
src/app/[orgId]/settings/logs/request/page.tsx
View File

@@ -16,6 +16,7 @@ import Link from "next/link";
import { useParams, useRouter, useSearchParams } from "next/navigation"; import { useParams, useRouter, useSearchParams } from "next/navigation";
import { useEffect, useState, useTransition } from "react"; import { useEffect, useState, useTransition } from "react";
import { useStoredPageSize } from "@app/hooks/useStoredPageSize"; import { useStoredPageSize } from "@app/hooks/useStoredPageSize";
import { build } from "@server/build";
export default function GeneralPage() { export default function GeneralPage() {
const router = useRouter(); const router = useRouter();
@@ -110,6 +111,9 @@ export default function GeneralPage() {
// Trigger search with default values on component mount // Trigger search with default values on component mount
useEffect(() => { useEffect(() => {
if (build === "oss") {
return;
}
const defaultRange = getDefaultDateRange(); const defaultRange = getDefaultDateRange();
queryDateTime( queryDateTime(
defaultRange.startDate, defaultRange.startDate,

8
src/app/[orgId]/settings/resources/proxy/[niceId]/general/page.tsx
View File

@@ -63,6 +63,7 @@ import {
import { PaidFeaturesAlert } from "@app/components/PaidFeaturesAlert"; import { PaidFeaturesAlert } from "@app/components/PaidFeaturesAlert";
import { GetResourceResponse } from "@server/routers/resource/getResource"; import { GetResourceResponse } from "@server/routers/resource/getResource";
import type { ResourceContextType } from "@app/contexts/resourceContext"; import type { ResourceContextType } from "@app/contexts/resourceContext";
import { usePaidStatus } from "@app/hooks/usePaidStatus";
type MaintenanceSectionFormProps = { type MaintenanceSectionFormProps = {
resource: GetResourceResponse; resource: GetResourceResponse;
@@ -78,6 +79,7 @@ function MaintenanceSectionForm({
const api = createApiClient({ env }); const api = createApiClient({ env });
const { isUnlocked } = useLicenseStatusContext(); const { isUnlocked } = useLicenseStatusContext();
const subscription = useSubscriptionStatusContext(); const subscription = useSubscriptionStatusContext();
const { isPaidUser } = usePaidStatus();
const MaintenanceFormSchema = z.object({ const MaintenanceFormSchema = z.object({
maintenanceModeEnabled: z.boolean().optional(), maintenanceModeEnabled: z.boolean().optional(),
@@ -161,7 +163,7 @@ function MaintenanceSectionForm({
const isEnterpriseNotLicensed = build === "enterprise" && !isUnlocked(); const isEnterpriseNotLicensed = build === "enterprise" && !isUnlocked();
const isSaasNotSubscribed = const isSaasNotSubscribed =
build === "saas" && !subscription?.isSubscribed(); build === "saas" && !subscription?.isSubscribed();
return isEnterpriseNotLicensed || isSaasNotSubscribed; return isEnterpriseNotLicensed || isSaasNotSubscribed || build === "oss";
}; };
if (!resource.http) { if (!resource.http) {
@@ -413,7 +415,7 @@ function MaintenanceSectionForm({
<Button <Button
type="submit" type="submit"
loading={maintenanceSaveLoading} loading={maintenanceSaveLoading}
disabled={maintenanceSaveLoading} disabled={maintenanceSaveLoading || !isPaidUser }
form="maintenance-settings-form" form="maintenance-settings-form"
> >
{t("saveSettings")} {t("saveSettings")}
@@ -739,12 +741,10 @@ export default function GeneralForm() {
</SettingsSectionFooter> </SettingsSectionFooter>
</SettingsSection> </SettingsSection>
{build !== "oss" && (
<MaintenanceSectionForm <MaintenanceSectionForm
resource={resource} resource={resource}
updateResource={updateResource} updateResource={updateResource}
/> />
)}
</SettingsContainer> </SettingsContainer>
<Credenza <Credenza

8
src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx
View File

@@ -72,7 +72,9 @@ export default function CredentialsPage() {
const isEnterpriseNotLicensed = build === "enterprise" && !isUnlocked(); const isEnterpriseNotLicensed = build === "enterprise" && !isUnlocked();
const isSaasNotSubscribed = const isSaasNotSubscribed =
build === "saas" && !subscription?.isSubscribed(); build === "saas" && !subscription?.isSubscribed();
return isEnterpriseNotLicensed || isSaasNotSubscribed; return (
isEnterpriseNotLicensed || isSaasNotSubscribed || build === "oss"
);
}; };
// Fetch site defaults for wireguard sites to show in obfuscated config // Fetch site defaults for wireguard sites to show in obfuscated config
@@ -269,7 +271,6 @@ export default function CredentialsPage() {
</Alert> </Alert>
)} )}
</SettingsSectionBody> </SettingsSectionBody>
{build !== "oss" && (
<SettingsSectionFooter> <SettingsSectionFooter>
<Button <Button
variant="outline" variant="outline"
@@ -291,7 +292,6 @@ export default function CredentialsPage() {
{t("siteRegenerateAndDisconnect")} {t("siteRegenerateAndDisconnect")}
</Button> </Button>
</SettingsSectionFooter> </SettingsSectionFooter>
)}
</SettingsSection> </SettingsSection>
<NewtSiteInstallCommands <NewtSiteInstallCommands
@@ -383,7 +383,6 @@ export default function CredentialsPage() {
</> </>
)} )}
</SettingsSectionBody> </SettingsSectionBody>
{build === "enterprise" && (
<SettingsSectionFooter> <SettingsSectionFooter>
<Button <Button
onClick={() => setModalOpen(true)} onClick={() => setModalOpen(true)}
@@ -392,7 +391,6 @@ export default function CredentialsPage() {
{t("siteRegenerateAndDisconnect")} {t("siteRegenerateAndDisconnect")}
</Button> </Button>
</SettingsSectionFooter> </SettingsSectionFooter>
)}
</SettingsSection> </SettingsSection>
)} )}
</SettingsContainer> </SettingsContainer>

16
src/app/navigation.tsx
View File

@@ -121,24 +121,16 @@ export const orgNavSections = (env?: Env): SidebarNavSection[] => [
href: "/{orgId}/settings/access/roles", href: "/{orgId}/settings/access/roles",
icon: <Users className="size-4 flex-none" /> icon: <Users className="size-4 flex-none" />
}, },
...(build === "saas" || env?.flags.useOrgOnlyIdp
? [
{ {
title: "sidebarIdentityProviders", title: "sidebarIdentityProviders",
href: "/{orgId}/settings/idp", href: "/{orgId}/settings/idp",
icon: <Fingerprint className="size-4 flex-none" /> icon: <Fingerprint className="size-4 flex-none" />
} },
]
: []),
...(build !== "oss"
? [
{ {
title: "sidebarApprovals", title: "sidebarApprovals",
href: "/{orgId}/settings/access/approvals", href: "/{orgId}/settings/access/approvals",
icon: <UserCog className="size-4 flex-none" /> icon: <UserCog className="size-4 flex-none" />
} },
]
: []),
{ {
title: "sidebarShareableLinks", title: "sidebarShareableLinks",
href: "/{orgId}/settings/share-links", href: "/{orgId}/settings/share-links",
@@ -155,8 +147,6 @@ export const orgNavSections = (env?: Env): SidebarNavSection[] => [
href: "/{orgId}/settings/logs/request", href: "/{orgId}/settings/logs/request",
icon: <SquareMousePointer className="size-4 flex-none" /> icon: <SquareMousePointer className="size-4 flex-none" />
}, },
...(build != "oss"
? [
{ {
title: "sidebarLogsAccess", title: "sidebarLogsAccess",
href: "/{orgId}/settings/logs/access", href: "/{orgId}/settings/logs/access",
@@ -167,8 +157,6 @@ export const orgNavSections = (env?: Env): SidebarNavSection[] => [
href: "/{orgId}/settings/logs/action", href: "/{orgId}/settings/logs/action",
icon: <Logs className="size-4 flex-none" /> icon: <Logs className="size-4 flex-none" />
} }
]
: [])
]; ];
const analytics = { const analytics = {

15
src/components/ApprovalFeed.tsx
View File

@@ -30,6 +30,7 @@ import {
import { Separator } from "./ui/separator"; import { Separator } from "./ui/separator";
import { InfoPopup } from "./ui/info-popup"; import { InfoPopup } from "./ui/info-popup";
import { ApprovalsEmptyState } from "./ApprovalsEmptyState"; import { ApprovalsEmptyState } from "./ApprovalsEmptyState";
import { usePaidStatus } from "@app/hooks/usePaidStatus";
export type ApprovalFeedProps = { export type ApprovalFeedProps = {
orgId: string; orgId: string;
@@ -50,9 +51,12 @@ export function ApprovalFeed({
Object.fromEntries(searchParams.entries()) Object.fromEntries(searchParams.entries())
); );
const { data, isFetching, refetch } = useQuery( const { isPaidUser } = usePaidStatus();
approvalQueries.listApprovals(orgId, filters)
); const { data, isFetching, refetch } = useQuery({
...approvalQueries.listApprovals(orgId, filters),
enabled: isPaidUser
});
const approvals = data?.approvals ?? []; const approvals = data?.approvals ?? [];
@@ -229,7 +233,10 @@ function ApprovalRequest({ approval, orgId, onSuccess }: ApprovalRequestProps) {
{t("deviceInformation")} {t("deviceInformation")}
</div> </div>
<div className="text-muted-foreground whitespace-pre-line"> <div className="text-muted-foreground whitespace-pre-line">
{formatFingerprintInfo(approval.fingerprint, t)} {formatFingerprintInfo(
approval.fingerprint,
t
)}
</div> </div>
</div> </div>
</InfoPopup> </InfoPopup>

9
src/components/CreateRoleForm.tsx
View File

@@ -160,8 +160,7 @@ export default function CreateRoleForm({
</FormItem> </FormItem>
)} )}
/> />
{build !== "oss" && (
<div>
<PaidFeaturesAlert /> <PaidFeaturesAlert />
<FormField <FormField
@@ -172,9 +171,7 @@ export default function CreateRoleForm({
<FormControl> <FormControl>
<CheckboxWithLabel <CheckboxWithLabel
{...field} {...field}
disabled={ disabled={!isPaidUser}
!isPaidUser
}
value="on" value="on"
checked={form.watch( checked={form.watch(
"requireDeviceApproval" "requireDeviceApproval"
@@ -208,8 +205,6 @@ export default function CreateRoleForm({
</FormItem> </FormItem>
)} )}
/> />
</div>
)}
</form> </form>
</Form> </Form>
</CredenzaBody> </CredenzaBody>

8
src/components/EditRoleForm.tsx
View File

@@ -168,8 +168,6 @@ export default function EditRoleForm({
</FormItem> </FormItem>
)} )}
/> />
{build !== "oss" && (
<div>
<PaidFeaturesAlert /> <PaidFeaturesAlert />
<FormField <FormField
@@ -180,9 +178,7 @@ export default function EditRoleForm({
<FormControl> <FormControl>
<CheckboxWithLabel <CheckboxWithLabel
{...field} {...field}
disabled={ disabled={!isPaidUser}
!isPaidUser
}
value="on" value="on"
checked={form.watch( checked={form.watch(
"requireDeviceApproval" "requireDeviceApproval"
@@ -216,8 +212,6 @@ export default function EditRoleForm({
</FormItem> </FormItem>
)} )}
/> />
</div>
)}
</form> </form>
</Form> </Form>
</CredenzaBody> </CredenzaBody>

63
src/components/PaidFeaturesAlert.tsx
View File

@@ -1,8 +1,16 @@
"use client"; "use client";
import { Alert, AlertDescription } from "@app/components/ui/alert"; import { Card, CardContent } from "@app/components/ui/card";
import { build } from "@server/build"; import { build } from "@server/build";
import { useTranslations } from "next-intl";
import { usePaidStatus } from "@app/hooks/usePaidStatus"; import { usePaidStatus } from "@app/hooks/usePaidStatus";
import { ExternalLink, KeyRound, Sparkles } from "lucide-react";
import { useTranslations } from "next-intl";
import Link from "next/link";
const bannerClassName =
"mb-6 border-primary/30 bg-linear-to-br from-primary/10 via-background to-background overflow-hidden";
const bannerContentClassName = "py-3 px-4";
const bannerRowClassName =
"flex items-center gap-2.5 text-sm text-muted-foreground";
export function PaidFeaturesAlert() { export function PaidFeaturesAlert() {
const t = useTranslations(); const t = useTranslations();
@@ -10,19 +18,50 @@ export function PaidFeaturesAlert() {
return ( return (
<> <>
{build === "saas" && !hasSaasSubscription ? ( {build === "saas" && !hasSaasSubscription ? (
<Alert variant="info" className="mb-6"> <Card className={bannerClassName}>
<AlertDescription> <CardContent className={bannerContentClassName}>
{t("subscriptionRequiredToUse")} <div className={bannerRowClassName}>
</AlertDescription> <KeyRound className="size-4 shrink-0 text-primary" />
</Alert> <span>{t("subscriptionRequiredToUse")}</span>
</div>
</CardContent>
</Card>
) : null} ) : null}
{build === "enterprise" && !hasEnterpriseLicense ? ( {build === "enterprise" && !hasEnterpriseLicense ? (
<Alert variant="info" className="mb-6"> <Card className={bannerClassName}>
<AlertDescription> <CardContent className={bannerContentClassName}>
{t("licenseRequiredToUse")} <div className={bannerRowClassName}>
</AlertDescription> <KeyRound className="size-4 shrink-0 text-primary" />
</Alert> <span>{t("licenseRequiredToUse")}</span>
</div>
</CardContent>
</Card>
) : null}
{build === "oss" && !hasEnterpriseLicense ? (
<Card className={bannerClassName}>
<CardContent className={bannerContentClassName}>
<div className={bannerRowClassName}>
<KeyRound className="size-4 shrink-0 text-primary" />
<span>
{t.rich("ossEnterpriseEditionRequired", {
enterpriseEditionLink: (chunks) => (
<Link
href="https://docs.pangolin.net/self-host/enterprise-edition"
target="_blank"
rel="noopener noreferrer"
className="inline-flex items-center gap-1 font-medium text-foreground underline"
>
{chunks}
<ExternalLink className="size-3.5 shrink-0" />
</Link>
)
})}
</span>
</div>
</CardContent>
</Card>
) : null} ) : null}
</> </>
); );

9
src/components/UserDevicesTable.tsx
View File

@@ -548,7 +548,7 @@ export default function UserDevicesTable({ userClients }: ClientTableProps) {
</Button> </Button>
</DropdownMenuTrigger> </DropdownMenuTrigger>
<DropdownMenuContent align="end"> <DropdownMenuContent align="end">
{clientRow.approvalState === "pending" && build !== "oss" && ( {clientRow.approvalState === "pending" && (
<> <>
<DropdownMenuItem <DropdownMenuItem
onClick={() => approveDevice(clientRow)} onClick={() => approveDevice(clientRow)}
@@ -652,17 +652,10 @@ export default function UserDevicesTable({ userClients }: ClientTableProps) {
} }
]; ];
if (build === "oss") {
return allOptions.filter((option) => option.value !== "pending" && option.value !== "denied");
}
return allOptions; return allOptions;
}, [t]); }, [t]);
const statusFilterDefaultValues = useMemo(() => { const statusFilterDefaultValues = useMemo(() => {
if (build === "oss") {
return ["active"];
}
return ["active", "pending"]; return ["active", "pending"];
}, []); }, []);

23
src/middleware.ts
View File

@@ -2,29 +2,6 @@ import { NextRequest, NextResponse } from "next/server";
import { build } from "@server/build"; import { build } from "@server/build";
export function middleware(request: NextRequest) { export function middleware(request: NextRequest) {
// If build is OSS, block access to private routes
if (build === "oss") {
const pathname = request.nextUrl.pathname;
// Define private route patterns that should be blocked in OSS build
const privateRoutes = [
"/settings/billing",
"/settings/remote-exit-nodes",
"/settings/idp",
"/auth/org"
];
// Check if current path matches any private route pattern
const isPrivateRoute = privateRoutes.some((route) =>
pathname.includes(route)
);
if (isPrivateRoute) {
// Return 404 to make it seem like the route doesn't exist
return new NextResponse(null, { status: 404 });
}
}
return NextResponse.next(); return NextResponse.next();
} }