Bump recharts from 2.15.4 to 3.8.0

Bumps [recharts](https://github.com/recharts/recharts) from 2.15.4 to 3.8.0. - [Release notes](https://github.com/recharts/recharts/releases) - [Changelog](https://github.com/recharts/recharts/blob/main/CHANGELOG.md) - [Commits](https://github.com/recharts/recharts/compare/v2.15.4...v3.8.0) --- updated-dependencies: - dependency-name: recharts dependency-version: 3.8.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Merge pull request #2552 from huzky-v/feat-add-bandwidth-reset-api
2026-03-19 09:06:37 +00:00 · 2026-03-19 01:44:34 +00:00 · 2026-03-18 16:17:43 -07:00 · 2026-03-18 15:32:53 -07:00 · 2026-03-18 15:30:46 -07:00 · 2026-03-18 22:30:09 +00:00
18 changed files with 1565 additions and 1520 deletions
--- a/.github/workflows/cicd.yml
+++ b/.github/workflows/cicd.yml
@@ -77,7 +77,7 @@ jobs:
                  fi

            - name: Log in to Docker Hub
-              uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
+              uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
              with:
                  registry: docker.io
                  username: ${{ secrets.DOCKER_HUB_USERNAME }}
@@ -149,7 +149,7 @@ jobs:
                  fi

            - name: Log in to Docker Hub
-              uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
+              uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
              with:
                  registry: docker.io
                  username: ${{ secrets.DOCKER_HUB_USERNAME }}
@@ -204,7 +204,7 @@ jobs:
              uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

            - name: Log in to Docker Hub
-              uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
+              uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
              with:
                  registry: docker.io
                  username: ${{ secrets.DOCKER_HUB_USERNAME }}
@@ -264,7 +264,7 @@ jobs:
              shell: bash

            - name: Install Go
-              uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
+              uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
              with:
                  go-version: 1.24

@@ -299,7 +299,7 @@ jobs:
              shell: bash

            - name: Upload artifacts from /install/bin
-              uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+              uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
              with:
                  name: install-bin
                  path: install/bin/
@@ -407,7 +407,7 @@ jobs:
              shell: bash

            - name: Login to GitHub Container Registry (for cosign)
-              uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
+              uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
              with:
                registry: ghcr.io
                username: ${{ github.actor }}
@@ -415,7 +415,7 @@ jobs:

            - name: Install cosign
              # cosign is used to sign and verify container images (key and keyless)
-              uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
+              uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0

            - name: Dual-sign and verify (GHCR & Docker Hub)
              # Sign each image by digest using keyless (OIDC) and key-based signing,
--- a/.github/workflows/linting.yml
+++ b/.github/workflows/linting.yml
@@ -24,7 +24,7 @@ jobs:
              uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

            - name: Set up Node.js
-              uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+              uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
              with:
                node-version: '24'

--- a/.github/workflows/mirror.yaml
+++ b/.github/workflows/mirror.yaml
@@ -23,7 +23,7 @@ jobs:
          skopeo --version

      - name: Install cosign
-        uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
+        uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0

      - name: Input check
        run: |
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -17,7 +17,7 @@ jobs:
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Install Node
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
        with:
          node-version: '24'

--- a/README.md
+++ b/README.md
@@ -43,7 +43,7 @@

 <p align="center">
    <strong>
-        Start testing Pangolin at <a href="https://app.pangolin.net/auth/signup">app.pangolin.net</a>
+        Get started with Pangolin at <a href="https://app.pangolin.net/auth/signup">app.pangolin.net</a>
    </strong>
 </p>

@@ -60,9 +60,9 @@ Pangolin is an open-source, identity-based remote access platform built on WireG

 | <img width=500 /> | Description |
 |-----------------|--------------|
+| **Pangolin Cloud** | Fully managed service with instant setup and pay-as-you-go pricing — no infrastructure required. Or, self-host your own [remote node](https://docs.pangolin.net/manage/remote-node/understanding-nodes) and connect to our control plane. |
 | **Self-Host: Community Edition** | Free, open source, and licensed under AGPL-3. |
 | **Self-Host: Enterprise Edition** | Licensed under Fossorial Commercial License. Free for personal and hobbyist use, and for businesses earning under \$100K USD annually. |
-| **Pangolin Cloud** | Fully managed service with instant setup and pay-as-you-go pricing — no infrastructure required. Or, self-host your own [remote node](https://docs.pangolin.net/manage/remote-node/nodes) and connect to our control plane. |

 ## Key Features

@@ -85,17 +85,16 @@ Download the Pangolin client for your platform:

 ## Get Started

+### Sign up now
+
+Create an account at [app.pangolin.net](https://app.pangolin.net) to get started with Pangolin Cloud. A generous free tier is available.
+
 ### Check out the docs

 We encourage everyone to read the full documentation first, which is
 available at [docs.pangolin.net](https://docs.pangolin.net). This README provides only a very brief subset of
 the docs to illustrate some basic ideas.

-### Sign up and try now
-
-For Pangolin's managed service, you will first need to create an account at
-[app.pangolin.net](https://app.pangolin.net). We have a generous free tier to get started.
-
 ## Licensing

 Pangolin is dual licensed under the AGPL-3 and the [Fossorial Commercial License](https://pangolin.net/fcl.html). For inquiries about commercial licensing, please contact us at [contact@pangolin.net](mailto:contact@pangolin.net).
--- a/install/go.mod
+++ b/install/go.mod
@@ -1,11 +1,11 @@
 module installer

-go 1.24.0
+go 1.25.0

 require (
 	github.com/charmbracelet/huh v0.8.0
 	github.com/charmbracelet/lipgloss v1.1.0
-	golang.org/x/term v0.40.0
+	golang.org/x/term v0.41.0
 	gopkg.in/yaml.v3 v3.0.1
 )

@@ -33,6 +33,6 @@ require (
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
 	golang.org/x/sync v0.15.0 // indirect
-	golang.org/x/sys v0.41.0 // indirect
+	golang.org/x/sys v0.42.0 // indirect
 	golang.org/x/text v0.23.0 // indirect
 )
--- a/install/go.sum
+++ b/install/go.sum
@@ -69,10 +69,10 @@ golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8=
 golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k=
-golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/term v0.40.0 h1:36e4zGLqU4yhjlmxEaagx2KuYbJq3EwY8K943ZsHcvg=
-golang.org/x/term v0.40.0/go.mod h1:w2P8uVp06p2iyKKuvXIm7N/y0UCRt3UfJTfZ7oOpglM=
+golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo=
+golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
+golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU=
+golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A=
 golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
 golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1120,6 +1120,7 @@
    "setupTokenDescription": "Enter the setup token from the server console.",
    "setupTokenRequired": "Setup token is required",
    "actionUpdateSite": "Update Site",
+    "actionResetSiteBandwidth": "Reset Organization Bandwidth",
    "actionListSiteRoles": "List Allowed Site Roles",
    "actionCreateResource": "Create Resource",
    "actionDeleteResource": "Delete Resource",
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -33,7 +33,7 @@
    },
    "dependencies": {
        "@asteasolutions/zod-to-openapi": "8.4.1",
-        "@aws-sdk/client-s3": "3.1004.0",
+        "@aws-sdk/client-s3": "3.1011.0",
        "@faker-js/faker": "10.3.0",
        "@headlessui/react": "2.2.9",
        "@hookform/resolvers": "5.2.2",
@@ -62,8 +62,8 @@
        "@react-email/components": "1.0.8",
        "@react-email/render": "2.0.4",
        "@react-email/tailwind": "2.0.5",
-        "@simplewebauthn/browser": "13.2.2",
-        "@simplewebauthn/server": "13.2.3",
+        "@simplewebauthn/browser": "13.3.0",
+        "@simplewebauthn/server": "13.3.0",
        "@tailwindcss/forms": "0.5.11",
        "@tanstack/react-query": "5.90.21",
        "@tanstack/react-table": "8.21.3",
@@ -108,7 +108,7 @@
        "react-easy-sort": "1.8.0",
        "react-hook-form": "7.71.2",
        "react-icons": "5.6.0",
-        "recharts": "2.15.4",
+        "recharts": "3.8.0",
        "reodotdev": "1.1.0",
        "resend": "6.9.2",
        "semver": "7.7.4",
@@ -133,7 +133,7 @@
    "devDependencies": {
        "@dotenvx/dotenvx": "1.54.1",
        "@esbuild-plugins/tsconfig-paths": "0.1.2",
-        "@react-email/preview-server": "5.2.8",
+        "@react-email/preview-server": "5.2.10",
        "@tailwindcss/postcss": "4.2.1",
        "@tanstack/react-query-devtools": "5.91.3",
        "@types/better-sqlite3": "7.6.13",
@@ -159,14 +159,14 @@
        "@types/ws": "8.18.1",
        "@types/yargs": "17.0.35",
        "babel-plugin-react-compiler": "1.0.0",
-        "drizzle-kit": "0.31.9",
+        "drizzle-kit": "0.31.10",
        "esbuild": "0.27.3",
        "esbuild-node-externals": "1.20.1",
-        "eslint": "9.39.2",
-        "eslint-config-next": "16.1.6",
-        "postcss": "8.5.6",
+        "eslint": "10.0.3",
+        "eslint-config-next": "16.1.7",
+        "postcss": "8.5.8",
        "prettier": "3.8.1",
-        "react-email": "5.2.8",
+        "react-email": "5.2.10",
        "tailwindcss": "4.2.1",
        "tsc-alias": "1.8.16",
        "tsx": "4.21.0",
--- a/server/auth/actions.ts
+++ b/server/auth/actions.ts
@@ -19,6 +19,7 @@ export enum ActionsEnum {
    getSite = "getSite",
    listSites = "listSites",
    updateSite = "updateSite",
+    resetSiteBandwidth = "resetSiteBandwidth",
    reGenerateSecret = "reGenerateSecret",
    createResource = "createResource",
    deleteResource = "deleteResource",
--- a/server/routers/gerbil/receiveBandwidth.ts
+++ b/server/routers/gerbil/receiveBandwidth.ts
@@ -97,7 +97,6 @@ export async function flushSiteBandwidthToDb(): Promise<void> {
    accumulator = new Map<string, AccumulatorEntry>();

    const currentTime = new Date().toISOString();
-    const currentTimeEpochSeconds = Math.floor(new Date().getTime() / 1000);

    // Sort by publicKey for consistent lock ordering across concurrent
    // writers — deadlock-prevention strategy.
@@ -121,7 +120,6 @@ export async function flushSiteBandwidthToDb(): Promise<void> {
                        megabytesOut: sql`COALESCE(${sites.megabytesOut}, 0) + ${bytesIn}`,
                        megabytesIn: sql`COALESCE(${sites.megabytesIn}, 0) + ${bytesOut}`,
                        lastBandwidthUpdate: currentTime,
-                        lastPing: currentTimeEpochSeconds
                    })
                    .where(eq(sites.pubKey, publicKey))
                    .returning({
--- a/server/routers/integration.ts
+++ b/server/routers/integration.ts
@@ -135,6 +135,13 @@ authenticated.post(
    logActionAudit(ActionsEnum.updateSite),
    site.updateSite
 );
+authenticated.post(
+    "/org/:orgId/reset-bandwidth",
+    verifyApiKeyOrgAccess,
+    verifyApiKeyHasAction(ActionsEnum.resetSiteBandwidth),
+    logActionAudit(ActionsEnum.resetSiteBandwidth),
+    org.resetOrgBandwidth
+);

 authenticated.delete(
    "/site/:siteId",
@@ -309,6 +316,14 @@ authenticated.post(
    siteResource.removeClientFromSiteResource
 );

+authenticated.post(
+    "/client/:clientId/site-resources",
+    verifyLimits,
+    verifyApiKeyHasAction(ActionsEnum.setResourceUsers),
+    logActionAudit(ActionsEnum.setResourceUsers),
+    siteResource.batchAddClientToSiteResources
+);
+
 authenticated.put(
    "/org/:orgId/resource",
    verifyApiKeyOrgAccess,
--- a/server/routers/org/index.ts
+++ b/server/routers/org/index.ts
@@ -8,3 +8,4 @@ export * from "./getOrgOverview";
 export * from "./listOrgs";
 export * from "./pickOrgDefaults";
 export * from "./checkOrgUserAccess";
+export * from "./resetOrgBandwidth";
--- a/server/routers/org/resetOrgBandwidth.ts
+++ b/server/routers/org/resetOrgBandwidth.ts
@@ -0,0 +1,83 @@
+import { NextFunction, Request, Response } from "express";
+import { z } from "zod";
+import { db, sites } from "@server/db";
+import { eq } from "drizzle-orm";
+import response from "@server/lib/response";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import logger from "@server/logger";
+import { fromError } from "zod-validation-error";
+import { OpenAPITags, registry } from "@server/openApi";
+
+const resetOrgBandwidthParamsSchema = z.strictObject({
+    orgId: z.string()
+});
+
+registry.registerPath({
+    method: "post",
+    path: "/org/{orgId}/reset-bandwidth",
+    description: "Reset all sites in selected organization bandwidth counters.",
+    tags: [OpenAPITags.Org, OpenAPITags.Site],
+    request: {
+        params: resetOrgBandwidthParamsSchema
+    },
+    responses: {}
+});
+
+export async function resetOrgBandwidth(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedParams = resetOrgBandwidthParamsSchema.safeParse(
+            req.params
+        );
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error).toString()
+                )
+            );
+        }
+
+        const { orgId } = parsedParams.data;
+
+        const [site] = await db
+            .select({ siteId: sites.siteId })
+            .from(sites)
+            .where(eq(sites.orgId, orgId))
+            .limit(1);
+
+        if (!site) {
+            return next(
+                createHttpError(
+                    HttpCode.NOT_FOUND,
+                    `No sites found in org ${orgId}`
+                )
+            );
+        }
+
+        await db
+            .update(sites)
+            .set({
+                megabytesIn: 0,
+                megabytesOut: 0
+            })
+            .where(eq(sites.orgId, orgId));
+
+        return response(res, {
+            data: {},
+            success: true,
+            error: false,
+            message: "Sites bandwidth reset successfully",
+            status: HttpCode.OK
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
--- a/server/routers/siteResource/batchAddClientToSiteResources.ts
+++ b/server/routers/siteResource/batchAddClientToSiteResources.ts
@@ -0,0 +1,247 @@
+import { Request, Response, NextFunction } from "express";
+import { z } from "zod";
+import {
+    db,
+    clients,
+    clientSiteResources,
+    siteResources,
+    apiKeyOrg
+} from "@server/db";
+import response from "@server/lib/response";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import logger from "@server/logger";
+import { fromError } from "zod-validation-error";
+import { eq, and, inArray } from "drizzle-orm";
+import { OpenAPITags, registry } from "@server/openApi";
+import {
+    rebuildClientAssociationsFromClient,
+    rebuildClientAssociationsFromSiteResource
+} from "@server/lib/rebuildClientAssociations";
+
+const batchAddClientToSiteResourcesParamsSchema = z
+    .object({
+        clientId: z.string().transform(Number).pipe(z.number().int().positive())
+    })
+    .strict();
+
+const batchAddClientToSiteResourcesBodySchema = z
+    .object({
+        siteResourceIds: z
+            .array(z.number().int().positive())
+            .min(1, "At least one siteResourceId is required")
+    })
+    .strict();
+
+registry.registerPath({
+    method: "post",
+    path: "/client/{clientId}/site-resources",
+    description: "Add a machine client to multiple site resources at once.",
+    tags: [OpenAPITags.Client],
+    request: {
+        params: batchAddClientToSiteResourcesParamsSchema,
+        body: {
+            content: {
+                "application/json": {
+                    schema: batchAddClientToSiteResourcesBodySchema
+                }
+            }
+        }
+    },
+    responses: {}
+});
+
+export async function batchAddClientToSiteResources(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const apiKey = req.apiKey;
+        if (!apiKey) {
+            return next(
+                createHttpError(HttpCode.UNAUTHORIZED, "Key not authenticated")
+            );
+        }
+
+        const parsedParams =
+            batchAddClientToSiteResourcesParamsSchema.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error).toString()
+                )
+            );
+        }
+
+        const parsedBody = batchAddClientToSiteResourcesBodySchema.safeParse(
+            req.body
+        );
+        if (!parsedBody.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedBody.error).toString()
+                )
+            );
+        }
+
+        const { clientId } = parsedParams.data;
+        const { siteResourceIds } = parsedBody.data;
+        const uniqueSiteResourceIds = [...new Set(siteResourceIds)];
+
+        const batchSiteResources = await db
+            .select()
+            .from(siteResources)
+            .where(
+                inArray(siteResources.siteResourceId, uniqueSiteResourceIds)
+            );
+
+        if (batchSiteResources.length !== uniqueSiteResourceIds.length) {
+            return next(
+                createHttpError(
+                    HttpCode.NOT_FOUND,
+                    "One or more site resources not found"
+                )
+            );
+        }
+
+        if (!apiKey.isRoot) {
+            const orgIds = [
+                ...new Set(batchSiteResources.map((sr) => sr.orgId))
+            ];
+            if (orgIds.length > 1) {
+                return next(
+                    createHttpError(
+                        HttpCode.BAD_REQUEST,
+                        "All site resources must belong to the same organization"
+                    )
+                );
+            }
+            const orgId = orgIds[0];
+            const [apiKeyOrgRow] = await db
+                .select()
+                .from(apiKeyOrg)
+                .where(
+                    and(
+                        eq(apiKeyOrg.apiKeyId, apiKey.apiKeyId),
+                        eq(apiKeyOrg.orgId, orgId)
+                    )
+                )
+                .limit(1);
+
+            if (!apiKeyOrgRow) {
+                return next(
+                    createHttpError(
+                        HttpCode.FORBIDDEN,
+                        "Key does not have access to the organization of the specified site resources"
+                    )
+                );
+            }
+
+            const [clientInOrg] = await db
+                .select()
+                .from(clients)
+                .where(
+                    and(
+                        eq(clients.clientId, clientId),
+                        eq(clients.orgId, orgId)
+                    )
+                )
+                .limit(1);
+
+            if (!clientInOrg) {
+                return next(
+                    createHttpError(
+                        HttpCode.FORBIDDEN,
+                        "Key does not have access to the specified client"
+                    )
+                );
+            }
+        }
+
+        const [client] = await db
+            .select()
+            .from(clients)
+            .where(eq(clients.clientId, clientId))
+            .limit(1);
+
+        if (!client) {
+            return next(
+                createHttpError(HttpCode.NOT_FOUND, "Client not found")
+            );
+        }
+
+        if (client.userId !== null) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    "This endpoint only supports machine (non-user) clients; the specified client is associated with a user"
+                )
+            );
+        }
+
+        const existingEntries = await db
+            .select({
+                siteResourceId: clientSiteResources.siteResourceId
+            })
+            .from(clientSiteResources)
+            .where(
+                and(
+                    eq(clientSiteResources.clientId, clientId),
+                    inArray(
+                        clientSiteResources.siteResourceId,
+                        batchSiteResources.map((sr) => sr.siteResourceId)
+                    )
+                )
+            );
+
+        const existingSiteResourceIds = new Set(
+            existingEntries.map((e) => e.siteResourceId)
+        );
+        const siteResourcesToAdd = batchSiteResources.filter(
+            (sr) => !existingSiteResourceIds.has(sr.siteResourceId)
+        );
+
+        if (siteResourcesToAdd.length === 0) {
+            return next(
+                createHttpError(
+                    HttpCode.CONFLICT,
+                    "Client is already assigned to all specified site resources"
+                )
+            );
+        }
+
+        await db.transaction(async (trx) => {
+            for (const siteResource of siteResourcesToAdd) {
+                await trx.insert(clientSiteResources).values({
+                    clientId,
+                    siteResourceId: siteResource.siteResourceId
+                });
+            }
+
+            await rebuildClientAssociationsFromClient(client, trx);
+        });
+
+        return response(res, {
+            data: {
+                addedCount: siteResourcesToAdd.length,
+                skippedCount:
+                    batchSiteResources.length - siteResourcesToAdd.length,
+                siteResourceIds: siteResourcesToAdd.map(
+                    (sr) => sr.siteResourceId
+                )
+            },
+            success: true,
+            error: false,
+            message: `Client added to ${siteResourcesToAdd.length} site resource(s) successfully`,
+            status: HttpCode.CREATED
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
--- a/server/routers/siteResource/index.ts
+++ b/server/routers/siteResource/index.ts
@@ -15,4 +15,5 @@ export * from "./addUserToSiteResource";
 export * from "./removeUserFromSiteResource";
 export * from "./setSiteResourceClients";
 export * from "./addClientToSiteResource";
+export * from "./batchAddClientToSiteResources";
 export * from "./removeClientFromSiteResource";
--- a/src/components/PermissionsSelectBox.tsx
+++ b/src/components/PermissionsSelectBox.tsx
@@ -26,6 +26,7 @@ function getActionsCategories(root: boolean) {
            [t("actionGetOrg")]: "getOrg",
            [t("actionUpdateOrg")]: "updateOrg",
            [t("actionGetOrgUser")]: "getOrgUser",
+            [t("actionResetSiteBandwidth")]: "resetSiteBandwidth",
            [t("actionInviteUser")]: "inviteUser",
            [t("actionRemoveInvitation")]: "removeInvitation",
            [t("actionListInvitations")]: "listInvitations",
Author	SHA1	Message	Date
dependabot[bot]	04d1bdb5a6	Bump recharts from 2.15.4 to 3.8.0 Bumps [recharts](https://github.com/recharts/recharts) from 2.15.4 to 3.8.0. - [Release notes](https://github.com/recharts/recharts/releases) - [Changelog](https://github.com/recharts/recharts/blob/main/CHANGELOG.md) - [Commits](https://github.com/recharts/recharts/compare/v2.15.4...v3.8.0) --- updated-dependencies: - dependency-name: recharts dependency-version: 3.8.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-19 01:44:34 +00:00
Owen Schwartz	4843268537	Merge pull request #2552 from huzky-v/feat-add-bandwidth-reset-api feat: Adding an organization sites bandwidth reset API	2026-03-18 16:17:43 -07:00
Owen Schwartz	f60ae13e4e	Merge pull request #2668 from LaurenceJJones/docs/improve-cloud-messaging chore(readme): Reorder and promote cloud	2026-03-18 15:32:53 -07:00
Owen Schwartz	e72697f8b8	Merge pull request #2669 from fosrl/dependabot/npm_and_yarn/multi-577d045ab6 Bump fast-xml-parser and @aws-sdk/xml-builder	2026-03-18 15:30:46 -07:00
dependabot[bot]	0c3dc1ad14	Bump fast-xml-parser and @aws-sdk/xml-builder Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) and [@aws-sdk/xml-builder](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/packages-internal/xml-builder). These dependencies needed to be updated together. Updates `fast-xml-parser` from 5.4.1 to 5.5.6 - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.4.1...v5.5.6) Updates `@aws-sdk/xml-builder` from 3.972.10 to 3.972.12 - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/packages-internal/xml-builder/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/HEAD/packages-internal/xml-builder) --- updated-dependencies: - dependency-name: fast-xml-parser dependency-version: 5.5.6 dependency-type: indirect - dependency-name: "@aws-sdk/xml-builder" dependency-version: 3.972.12 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-18 22:30:09 +00:00
Owen Schwartz	840fe86f78	Merge pull request #2633 from fosrl/dependabot/npm_and_yarn/eslint-10.0.3 Bump eslint from 9.39.2 to 10.0.3	2026-03-18 15:28:51 -07:00
Owen Schwartz	e079927a5b	Merge pull request #2579 from fosrl/dependabot/github_actions/actions/setup-go-6.3.0 Bump actions/setup-go from 6.2.0 to 6.3.0	2026-03-18 15:28:26 -07:00
dependabot[bot]	63379964fa	Bump eslint from 9.39.2 to 10.0.3 Bumps [eslint](https://github.com/eslint/eslint) from 9.39.2 to 10.0.3. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](https://github.com/eslint/eslint/compare/v9.39.2...v10.0.3) --- updated-dependencies: - dependency-name: eslint dependency-version: 10.0.3 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-18 22:28:22 +00:00
Owen Schwartz	0cfaf6ed7f	Merge pull request #2580 from fosrl/dependabot/github_actions/actions/upload-artifact-7.0.0 Bump actions/upload-artifact from 6.0.0 to 7.0.0	2026-03-18 15:28:12 -07:00
Owen Schwartz	043ee9e9d2	Merge pull request #2620 from fosrl/dependabot/github_actions/actions/setup-node-6.3.0 Bump actions/setup-node from 6.2.0 to 6.3.0	2026-03-18 15:27:52 -07:00
Owen Schwartz	b63e3e5888	Merge pull request #2621 from fosrl/dependabot/github_actions/docker/login-action-4.0.0 Bump docker/login-action from 3.7.0 to 4.0.0	2026-03-18 15:27:26 -07:00
Owen Schwartz	4f82470506	Merge pull request #2629 from fosrl/dependabot/npm_and_yarn/prod-minor-updates-47a8475ba0 Bump the prod-minor-updates group across 1 directory with 3 updates	2026-03-18 15:26:14 -07:00
Owen Schwartz	40e21b6f28	Merge pull request #2641 from fosrl/dependabot/go_modules/install/minor-updates-a98db8910e Bump golang.org/x/term from 0.40.0 to 0.41.0 in /install in the minor-updates group	2026-03-18 15:25:44 -07:00
Owen Schwartz	67fab1928d	Merge pull request #2656 from fosrl/dependabot/github_actions/sigstore/cosign-installer-4.1.0 Bump sigstore/cosign-installer from 4.0.0 to 4.1.0	2026-03-18 15:25:31 -07:00
Owen Schwartz	eb98374566	Merge pull request #2666 from fosrl/dependabot/npm_and_yarn/dev-patch-updates-6a5ea32984 Bump the dev-patch-updates group across 1 directory with 5 updates	2026-03-18 15:25:14 -07:00
Laurence	6c83e78256	chore(readme): Reorder and promote cloud Simply moving the items around and improve the messaging around the cloud	2026-03-18 16:06:50 +00:00
dependabot[bot]	0908f0f057	Bump the prod-minor-updates group across 1 directory with 3 updates Bumps the prod-minor-updates group with 3 updates in the / directory: [@aws-sdk/client-s3](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3), [@simplewebauthn/browser](https://github.com/MasterKale/SimpleWebAuthn/tree/HEAD/packages/browser) and [@simplewebauthn/server](https://github.com/MasterKale/SimpleWebAuthn/tree/HEAD/packages/server). Updates `@aws-sdk/client-s3` from 3.1004.0 to 3.1006.0 - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-s3/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1006.0/clients/client-s3) Updates `@simplewebauthn/browser` from 13.2.2 to 13.3.0 - [Release notes](https://github.com/MasterKale/SimpleWebAuthn/releases) - [Changelog](https://github.com/MasterKale/SimpleWebAuthn/blob/master/CHANGELOG.md) - [Commits](https://github.com/MasterKale/SimpleWebAuthn/commits/v13.3.0/packages/browser) Updates `@simplewebauthn/server` from 13.2.3 to 13.3.0 - [Release notes](https://github.com/MasterKale/SimpleWebAuthn/releases) - [Changelog](https://github.com/MasterKale/SimpleWebAuthn/blob/master/CHANGELOG.md) - [Commits](https://github.com/MasterKale/SimpleWebAuthn/commits/v13.3.0/packages/server) --- updated-dependencies: - dependency-name: "@aws-sdk/client-s3" dependency-version: 3.1006.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-minor-updates - dependency-name: "@simplewebauthn/browser" dependency-version: 13.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-minor-updates - dependency-name: "@simplewebauthn/server" dependency-version: 13.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-minor-updates ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-18 01:37:21 +00:00
dependabot[bot]	2785449c7a	Bump the dev-patch-updates group across 1 directory with 5 updates Bumps the dev-patch-updates group with 5 updates in the / directory: \| Package \| From \| To \| \| --- \| --- \| --- \| \| [@react-email/preview-server](https://github.com/resend/react-email/tree/HEAD/packages/preview-server) \| `5.2.8` \| `5.2.10` \| \| [drizzle-kit](https://github.com/drizzle-team/drizzle-orm) \| `0.31.9` \| `0.31.10` \| \| [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next) \| `16.1.6` \| `16.1.7` \| \| [postcss](https://github.com/postcss/postcss) \| `8.5.6` \| `8.5.8` \| \| [react-email](https://github.com/resend/react-email/tree/HEAD/packages/react-email) \| `5.2.8` \| `5.2.10` \| Updates `@react-email/preview-server` from 5.2.8 to 5.2.10 - [Release notes](https://github.com/resend/react-email/releases) - [Changelog](https://github.com/resend/react-email/blob/canary/packages/preview-server/CHANGELOG.md) - [Commits](https://github.com/resend/react-email/commits/@react-email/preview-server@5.2.10/packages/preview-server) Updates `drizzle-kit` from 0.31.9 to 0.31.10 - [Release notes](https://github.com/drizzle-team/drizzle-orm/releases) - [Commits](https://github.com/drizzle-team/drizzle-orm/compare/drizzle-kit@0.31.9...drizzle-kit@0.31.10) Updates `eslint-config-next` from 16.1.6 to 16.1.7 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](https://github.com/vercel/next.js/commits/v16.1.7/packages/eslint-config-next) Updates `postcss` from 8.5.6 to 8.5.8 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/postcss/postcss/compare/8.5.6...8.5.8) Updates `react-email` from 5.2.8 to 5.2.10 - [Release notes](https://github.com/resend/react-email/releases) - [Changelog](https://github.com/resend/react-email/blob/canary/packages/react-email/CHANGELOG.md) - [Commits](https://github.com/resend/react-email/commits/react-email@5.2.10/packages/react-email) --- updated-dependencies: - dependency-name: "@react-email/preview-server" dependency-version: 5.2.10 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-patch-updates - dependency-name: drizzle-kit dependency-version: 0.31.10 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-patch-updates - dependency-name: eslint-config-next dependency-version: 16.1.7 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-patch-updates - dependency-name: postcss dependency-version: 8.5.8 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-patch-updates - dependency-name: react-email dependency-version: 5.2.10 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-patch-updates ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-18 01:36:08 +00:00
dependabot[bot]	d2419ba572	Bump golang.org/x/term in /install in the minor-updates group Bumps the minor-updates group in /install with 1 update: [golang.org/x/term](https://github.com/golang/term). Updates `golang.org/x/term` from 0.40.0 to 0.41.0 - [Commits](https://github.com/golang/term/compare/v0.40.0...v0.41.0) --- updated-dependencies: - dependency-name: golang.org/x/term dependency-version: 0.41.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-updates ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-18 01:34:08 +00:00
Owen Schwartz	aed86ce4ba	Merge pull request #2663 from fosrl/dev change route name	2026-03-16 20:03:56 -07:00
miloschwartz	2c2be50b19	change route name	2026-03-16 20:02:57 -07:00
Owen Schwartz	e2db4c6246	Merge pull request #2662 from fosrl/batch-add-client-to-resources batch add client to resources	2026-03-16 19:53:47 -07:00
miloschwartz	c4839fee08	Merge branch 'dev' into batch-add-client-to-resources	2026-03-16 17:58:37 -07:00
miloschwartz	965b7026f0	add batch endpoint	2026-03-16 17:58:20 -07:00
Owen	e14e15fcbb	Revert: Also update lastPing for legacy	2026-03-16 17:47:06 -07:00
dependabot[bot]	10349932f4	Bump sigstore/cosign-installer from 4.0.0 to 4.1.0 Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](`faadad0cce...ba7bc0a3fe`) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-16 01:35:18 +00:00
dependabot[bot]	2e2684c695	Bump docker/login-action from 3.7.0 to 4.0.0 Bumps [docker/login-action](https://github.com/docker/login-action) from 3.7.0 to 4.0.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](`c94ce9fb46...b45d80f862`) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-09 01:36:08 +00:00
dependabot[bot]	7e2fd8f49d	Bump actions/setup-node from 6.2.0 to 6.3.0 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 6.2.0 to 6.3.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](`6044e13b5d...53b83947a5`) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-09 01:36:02 +00:00
dependabot[bot]	a060c8029f	Bump actions/upload-artifact from 6.0.0 to 7.0.0 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6.0.0 to 7.0.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](`b7c566a772...bbbca2ddaa`) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-02 01:36:11 +00:00
dependabot[bot]	aca9d1e070	Bump actions/setup-go from 6.2.0 to 6.3.0 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 6.2.0 to 6.3.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](`7a3fe6cf4c...4b73464bb3`) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-02 01:36:05 +00:00
Jacky Fong	5c4de03588	add reset bandwidth api for site Change endpoint update to reset all site in the organization move the logic to organization move the permission to organization	2026-02-28 15:47:03 +08:00