mirror of
https://github.com/fosrl/pangolin.git
synced 2026-03-12 21:56:36 +00:00
Compare commits
21 Commits
1.16.2-s.3
...
1.16.2-s.6
| Author | SHA1 | Date | |
|---|---|---|---|
|
90afe5a7ac | ||
|
|
b24de85157 | ||
|
|
eda43dffe1 | ||
|
|
82c9a1eb70 | ||
|
|
1cc5f59f66 | ||
|
|
4e2d88efdd | ||
|
|
4975cabb2c | ||
|
|
225591094f | ||
|
|
82f88f2cd3 | ||
|
|
99e6bd31b6 | ||
|
|
5c50590d7b | ||
|
|
42b9d5158d | ||
|
|
2ba225299e | ||
|
|
fa0818d3fa | ||
|
|
91b7ceb2cf | ||
|
|
d4b830b9bb | ||
|
|
14d6ff25a7 | ||
|
|
1f62f305ce | ||
|
|
cebcf3e337 | ||
|
|
4cfcc64481 | ||
|
|
1a2069a6d9 |
@@ -2343,8 +2343,8 @@
|
|||||||
"logRetentionEndOfFollowingYear": "End of following year",
|
"logRetentionEndOfFollowingYear": "End of following year",
|
||||||
"actionLogsDescription": "View a history of actions performed in this organization",
|
"actionLogsDescription": "View a history of actions performed in this organization",
|
||||||
"accessLogsDescription": "View access auth requests for resources in this organization",
|
"accessLogsDescription": "View access auth requests for resources in this organization",
|
||||||
"licenseRequiredToUse": "An <enterpriseLicenseLink>Enterprise Edition</enterpriseLicenseLink> license or <pangolinCloudLink>Pangolin Cloud</pangolinCloudLink> is required to use this feature.",
|
"licenseRequiredToUse": "An <enterpriseLicenseLink>Enterprise Edition</enterpriseLicenseLink> license or <pangolinCloudLink>Pangolin Cloud</pangolinCloudLink> is required to use this feature. <bookADemoLink>Book a demo or POC trial</bookADemoLink>.",
|
||||||
"ossEnterpriseEditionRequired": "The <enterpriseEditionLink>Enterprise Edition</enterpriseEditionLink> is required to use this feature. This feature is also available in <pangolinCloudLink>Pangolin Cloud</pangolinCloudLink>.",
|
"ossEnterpriseEditionRequired": "The <enterpriseEditionLink>Enterprise Edition</enterpriseEditionLink> is required to use this feature. This feature is also available in <pangolinCloudLink>Pangolin Cloud</pangolinCloudLink>. <bookADemoLink>Book a demo or POC trial</bookADemoLink>.",
|
||||||
"certResolver": "Certificate Resolver",
|
"certResolver": "Certificate Resolver",
|
||||||
"certResolverDescription": "Select the certificate resolver to use for this resource.",
|
"certResolverDescription": "Select the certificate resolver to use for this resource.",
|
||||||
"selectCertResolver": "Select Certificate Resolver",
|
"selectCertResolver": "Select Certificate Resolver",
|
||||||
|
|||||||
3934
package-lock.json
generated
3934
package-lock.json
generated
File diff suppressed because it is too large
Load Diff
36
package.json
36
package.json
@@ -33,7 +33,7 @@
|
|||||||
},
|
},
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@asteasolutions/zod-to-openapi": "8.4.1",
|
"@asteasolutions/zod-to-openapi": "8.4.1",
|
||||||
"@aws-sdk/client-s3": "3.989.0",
|
"@aws-sdk/client-s3": "3.1004.0",
|
||||||
"@faker-js/faker": "10.3.0",
|
"@faker-js/faker": "10.3.0",
|
||||||
"@headlessui/react": "2.2.9",
|
"@headlessui/react": "2.2.9",
|
||||||
"@hookform/resolvers": "5.2.2",
|
"@hookform/resolvers": "5.2.2",
|
||||||
@@ -80,16 +80,16 @@
|
|||||||
"d3": "7.9.0",
|
"d3": "7.9.0",
|
||||||
"drizzle-orm": "0.45.1",
|
"drizzle-orm": "0.45.1",
|
||||||
"express": "5.2.1",
|
"express": "5.2.1",
|
||||||
"express-rate-limit": "8.2.1",
|
"express-rate-limit": "8.3.0",
|
||||||
"glob": "13.0.6",
|
"glob": "13.0.6",
|
||||||
"helmet": "8.1.0",
|
"helmet": "8.1.0",
|
||||||
"http-errors": "2.0.1",
|
"http-errors": "2.0.1",
|
||||||
"input-otp": "1.4.2",
|
"input-otp": "1.4.2",
|
||||||
"ioredis": "5.9.3",
|
"ioredis": "5.10.0",
|
||||||
"jmespath": "0.16.0",
|
"jmespath": "0.16.0",
|
||||||
"js-yaml": "4.1.1",
|
"js-yaml": "4.1.1",
|
||||||
"jsonwebtoken": "9.0.3",
|
"jsonwebtoken": "9.0.3",
|
||||||
"lucide-react": "0.563.0",
|
"lucide-react": "0.577.0",
|
||||||
"maxmind": "5.0.5",
|
"maxmind": "5.0.5",
|
||||||
"moment": "2.30.1",
|
"moment": "2.30.1",
|
||||||
"next": "15.5.12",
|
"next": "15.5.12",
|
||||||
@@ -99,21 +99,21 @@
|
|||||||
"node-cache": "5.1.2",
|
"node-cache": "5.1.2",
|
||||||
"nodemailer": "8.0.1",
|
"nodemailer": "8.0.1",
|
||||||
"oslo": "1.2.1",
|
"oslo": "1.2.1",
|
||||||
"pg": "8.19.0",
|
"pg": "8.20.0",
|
||||||
"posthog-node": "5.26.0",
|
"posthog-node": "5.28.0",
|
||||||
"qrcode.react": "4.2.0",
|
"qrcode.react": "4.2.0",
|
||||||
"react": "19.2.4",
|
"react": "19.2.4",
|
||||||
"react-day-picker": "9.13.2",
|
"react-day-picker": "9.14.0",
|
||||||
"react-dom": "19.2.4",
|
"react-dom": "19.2.4",
|
||||||
"react-easy-sort": "1.8.0",
|
"react-easy-sort": "1.8.0",
|
||||||
"react-hook-form": "7.71.2",
|
"react-hook-form": "7.71.2",
|
||||||
"react-icons": "5.5.0",
|
"react-icons": "5.6.0",
|
||||||
"recharts": "2.15.4",
|
"recharts": "2.15.4",
|
||||||
"reodotdev": "1.0.0",
|
"reodotdev": "1.1.0",
|
||||||
"resend": "6.9.2",
|
"resend": "6.9.2",
|
||||||
"semver": "7.7.4",
|
"semver": "7.7.4",
|
||||||
"sshpk": "^1.18.0",
|
"sshpk": "^1.18.0",
|
||||||
"stripe": "20.3.1",
|
"stripe": "20.4.1",
|
||||||
"swagger-ui-express": "5.0.1",
|
"swagger-ui-express": "5.0.1",
|
||||||
"tailwind-merge": "3.5.0",
|
"tailwind-merge": "3.5.0",
|
||||||
"topojson-client": "3.1.0",
|
"topojson-client": "3.1.0",
|
||||||
@@ -131,10 +131,10 @@
|
|||||||
"zod-validation-error": "5.0.0"
|
"zod-validation-error": "5.0.0"
|
||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
"@dotenvx/dotenvx": "1.52.0",
|
"@dotenvx/dotenvx": "1.54.1",
|
||||||
"@esbuild-plugins/tsconfig-paths": "0.1.2",
|
"@esbuild-plugins/tsconfig-paths": "0.1.2",
|
||||||
"@react-email/preview-server": "5.2.8",
|
"@react-email/preview-server": "5.2.8",
|
||||||
"@tailwindcss/postcss": "4.1.18",
|
"@tailwindcss/postcss": "4.2.1",
|
||||||
"@tanstack/react-query-devtools": "5.91.3",
|
"@tanstack/react-query-devtools": "5.91.3",
|
||||||
"@types/better-sqlite3": "7.6.13",
|
"@types/better-sqlite3": "7.6.13",
|
||||||
"@types/cookie-parser": "1.4.10",
|
"@types/cookie-parser": "1.4.10",
|
||||||
@@ -146,10 +146,10 @@
|
|||||||
"@types/jmespath": "0.15.2",
|
"@types/jmespath": "0.15.2",
|
||||||
"@types/js-yaml": "4.0.9",
|
"@types/js-yaml": "4.0.9",
|
||||||
"@types/jsonwebtoken": "9.0.10",
|
"@types/jsonwebtoken": "9.0.10",
|
||||||
"@types/node": "25.2.3",
|
"@types/node": "25.3.5",
|
||||||
"@types/nodemailer": "7.0.11",
|
"@types/nodemailer": "7.0.11",
|
||||||
"@types/nprogress": "0.2.3",
|
"@types/nprogress": "0.2.3",
|
||||||
"@types/pg": "8.16.0",
|
"@types/pg": "8.18.0",
|
||||||
"@types/react": "19.2.14",
|
"@types/react": "19.2.14",
|
||||||
"@types/react-dom": "19.2.3",
|
"@types/react-dom": "19.2.3",
|
||||||
"@types/semver": "7.7.1",
|
"@types/semver": "7.7.1",
|
||||||
@@ -167,10 +167,14 @@
|
|||||||
"postcss": "8.5.6",
|
"postcss": "8.5.6",
|
||||||
"prettier": "3.8.1",
|
"prettier": "3.8.1",
|
||||||
"react-email": "5.2.8",
|
"react-email": "5.2.8",
|
||||||
"tailwindcss": "4.1.18",
|
"tailwindcss": "4.2.1",
|
||||||
"tsc-alias": "1.8.16",
|
"tsc-alias": "1.8.16",
|
||||||
"tsx": "4.21.0",
|
"tsx": "4.21.0",
|
||||||
"typescript": "5.9.3",
|
"typescript": "5.9.3",
|
||||||
"typescript-eslint": "8.55.0"
|
"typescript-eslint": "8.56.1"
|
||||||
|
},
|
||||||
|
"overrides": {
|
||||||
|
"esbuild": "0.27.3",
|
||||||
|
"dompurify": "3.3.2"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -328,6 +328,14 @@ export const approvals = pgTable("approvals", {
|
|||||||
.notNull()
|
.notNull()
|
||||||
});
|
});
|
||||||
|
|
||||||
|
export const bannedEmails = pgTable("bannedEmails", {
|
||||||
|
email: varchar("email", { length: 255 }).primaryKey(),
|
||||||
|
});
|
||||||
|
|
||||||
|
export const bannedIps = pgTable("bannedIps", {
|
||||||
|
ip: varchar("ip", { length: 255 }).primaryKey(),
|
||||||
|
});
|
||||||
|
|
||||||
export type Approval = InferSelectModel<typeof approvals>;
|
export type Approval = InferSelectModel<typeof approvals>;
|
||||||
export type Limit = InferSelectModel<typeof limits>;
|
export type Limit = InferSelectModel<typeof limits>;
|
||||||
export type Account = InferSelectModel<typeof account>;
|
export type Account = InferSelectModel<typeof account>;
|
||||||
|
|||||||
@@ -318,6 +318,15 @@ export const approvals = sqliteTable("approvals", {
|
|||||||
.notNull()
|
.notNull()
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
||||||
|
export const bannedEmails = sqliteTable("bannedEmails", {
|
||||||
|
email: text("email").primaryKey()
|
||||||
|
});
|
||||||
|
|
||||||
|
export const bannedIps = sqliteTable("bannedIps", {
|
||||||
|
ip: text("ip").primaryKey()
|
||||||
|
});
|
||||||
|
|
||||||
export type Approval = InferSelectModel<typeof approvals>;
|
export type Approval = InferSelectModel<typeof approvals>;
|
||||||
export type Limit = InferSelectModel<typeof limits>;
|
export type Limit = InferSelectModel<typeof limits>;
|
||||||
export type Account = InferSelectModel<typeof account>;
|
export type Account = InferSelectModel<typeof account>;
|
||||||
|
|||||||
@@ -85,9 +85,7 @@ export async function deleteOrgById(
|
|||||||
deletedNewtIds.push(deletedNewt.newtId);
|
deletedNewtIds.push(deletedNewt.newtId);
|
||||||
await trx
|
await trx
|
||||||
.delete(newtSessions)
|
.delete(newtSessions)
|
||||||
.where(
|
.where(eq(newtSessions.newtId, deletedNewt.newtId));
|
||||||
eq(newtSessions.newtId, deletedNewt.newtId)
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -121,33 +119,38 @@ export async function deleteOrgById(
|
|||||||
eq(clientSitesAssociationsCache.clientId, client.clientId)
|
eq(clientSitesAssociationsCache.clientId, client.clientId)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
await trx.delete(resources).where(eq(resources.orgId, orgId));
|
||||||
|
|
||||||
const allOrgDomains = await trx
|
const allOrgDomains = await trx
|
||||||
.select()
|
.select()
|
||||||
.from(orgDomains)
|
.from(orgDomains)
|
||||||
.innerJoin(domains, eq(domains.domainId, orgDomains.domainId))
|
.innerJoin(domains, eq(orgDomains.domainId, domains.domainId))
|
||||||
.where(
|
.where(
|
||||||
and(
|
and(
|
||||||
eq(orgDomains.orgId, orgId),
|
eq(orgDomains.orgId, orgId),
|
||||||
eq(domains.configManaged, false)
|
eq(domains.configManaged, false)
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
logger.info(`Found ${allOrgDomains.length} domains to delete`);
|
||||||
const domainIdsToDelete: string[] = [];
|
const domainIdsToDelete: string[] = [];
|
||||||
for (const orgDomain of allOrgDomains) {
|
for (const orgDomain of allOrgDomains) {
|
||||||
const domainId = orgDomain.domains.domainId;
|
const domainId = orgDomain.domains.domainId;
|
||||||
const orgCount = await trx
|
const [orgCount] = await trx
|
||||||
.select({ count: sql<number>`count(*)` })
|
.select({ count: count() })
|
||||||
.from(orgDomains)
|
.from(orgDomains)
|
||||||
.where(eq(orgDomains.domainId, domainId));
|
.where(eq(orgDomains.domainId, domainId));
|
||||||
if (orgCount[0].count === 1) {
|
logger.info(`Found ${orgCount.count} orgs using domain ${domainId}`);
|
||||||
|
if (orgCount.count === 1) {
|
||||||
domainIdsToDelete.push(domainId);
|
domainIdsToDelete.push(domainId);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
logger.info(`Found ${domainIdsToDelete.length} domains to delete`);
|
||||||
if (domainIdsToDelete.length > 0) {
|
if (domainIdsToDelete.length > 0) {
|
||||||
await trx
|
await trx
|
||||||
.delete(domains)
|
.delete(domains)
|
||||||
.where(inArray(domains.domainId, domainIdsToDelete));
|
.where(inArray(domains.domainId, domainIdsToDelete));
|
||||||
}
|
}
|
||||||
await trx.delete(resources).where(eq(resources.orgId, orgId));
|
|
||||||
|
|
||||||
await usageService.add(orgId, FeatureId.ORGINIZATIONS, -1, trx); // here we are decreasing the org count BEFORE deleting the org because we need to still be able to get the org to get the billing org inside of here
|
await usageService.add(orgId, FeatureId.ORGINIZATIONS, -1, trx); // here we are decreasing the org count BEFORE deleting the org because we need to still be able to get the org to get the billing org inside of here
|
||||||
|
|
||||||
@@ -231,15 +234,13 @@ export function sendTerminationMessages(result: DeleteOrgByIdResult): void {
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
for (const olmId of result.olmsToTerminate) {
|
for (const olmId of result.olmsToTerminate) {
|
||||||
sendTerminateClient(
|
sendTerminateClient(0, OlmErrorCodes.TERMINATED_REKEYED, olmId).catch(
|
||||||
0,
|
(error) => {
|
||||||
OlmErrorCodes.TERMINATED_REKEYED,
|
logger.error(
|
||||||
olmId
|
"Failed to send termination message to olm:",
|
||||||
).catch((error) => {
|
error
|
||||||
logger.error(
|
);
|
||||||
"Failed to send termination message to olm:",
|
}
|
||||||
error
|
);
|
||||||
);
|
|
||||||
});
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -571,7 +571,7 @@ export async function updateClientSiteDestinations(
|
|||||||
destinations: [
|
destinations: [
|
||||||
{
|
{
|
||||||
destinationIP: site.sites.subnet.split("/")[0],
|
destinationIP: site.sites.subnet.split("/")[0],
|
||||||
destinationPort: site.sites.listenPort || 0
|
destinationPort: site.sites.listenPort || 1 // this satisfies gerbil for now but should be reevaluated
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
};
|
};
|
||||||
@@ -579,7 +579,7 @@ export async function updateClientSiteDestinations(
|
|||||||
// add to the existing destinations
|
// add to the existing destinations
|
||||||
destinations.destinations.push({
|
destinations.destinations.push({
|
||||||
destinationIP: site.sites.subnet.split("/")[0],
|
destinationIP: site.sites.subnet.split("/")[0],
|
||||||
destinationPort: site.sites.listenPort || 0
|
destinationPort: site.sites.listenPort || 1 // this satisfies gerbil for now but should be reevaluated
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -218,10 +218,11 @@ export class TraefikConfigManager {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Fetch if it's been more than 24 hours (for renewals)
|
|
||||||
const dayInMs = 24 * 60 * 60 * 1000;
|
const dayInMs = 24 * 60 * 60 * 1000;
|
||||||
const timeSinceLastFetch =
|
const timeSinceLastFetch =
|
||||||
Date.now() - this.lastCertificateFetch.getTime();
|
Date.now() - this.lastCertificateFetch.getTime();
|
||||||
|
|
||||||
|
// Fetch if it's been more than 24 hours (daily routine check)
|
||||||
if (timeSinceLastFetch > dayInMs) {
|
if (timeSinceLastFetch > dayInMs) {
|
||||||
logger.info("Fetching certificates due to 24-hour renewal check");
|
logger.info("Fetching certificates due to 24-hour renewal check");
|
||||||
return true;
|
return true;
|
||||||
@@ -265,7 +266,7 @@ export class TraefikConfigManager {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if any local certificates are missing or appear to be outdated
|
// Check if any local certificates are missing (needs immediate fetch)
|
||||||
for (const domain of domainsNeedingCerts) {
|
for (const domain of domainsNeedingCerts) {
|
||||||
const localState = this.lastLocalCertificateState.get(domain);
|
const localState = this.lastLocalCertificateState.get(domain);
|
||||||
if (!localState || !localState.exists) {
|
if (!localState || !localState.exists) {
|
||||||
@@ -274,17 +275,55 @@ export class TraefikConfigManager {
|
|||||||
);
|
);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Check if certificate is expiring soon (within 30 days)
|
// For expiry checks, throttle to every 6 hours to avoid querying the
|
||||||
if (localState.expiresAt) {
|
// API/DB on every monitor loop. The certificate-service renews certs
|
||||||
const nowInSeconds = Math.floor(Date.now() / 1000);
|
// 45 days before expiry, so checking every 6 hours is plenty frequent
|
||||||
const secondsUntilExpiry = localState.expiresAt - nowInSeconds;
|
// to pick up renewed certs promptly.
|
||||||
const daysUntilExpiry = secondsUntilExpiry / (60 * 60 * 24);
|
const renewalCheckIntervalMs = 6 * 60 * 60 * 1000; // 6 hours
|
||||||
if (daysUntilExpiry < 30) {
|
if (timeSinceLastFetch > renewalCheckIntervalMs) {
|
||||||
logger.info(
|
// Check non-wildcard certs for expiry (within 45 days to match
|
||||||
`Fetching certificates due to upcoming expiry for ${domain} (${Math.round(daysUntilExpiry)} days remaining)`
|
// the server-side renewal window in certificate-service)
|
||||||
);
|
for (const domain of domainsNeedingCerts) {
|
||||||
return true;
|
const localState =
|
||||||
|
this.lastLocalCertificateState.get(domain);
|
||||||
|
if (localState?.expiresAt) {
|
||||||
|
const nowInSeconds = Math.floor(Date.now() / 1000);
|
||||||
|
const secondsUntilExpiry =
|
||||||
|
localState.expiresAt - nowInSeconds;
|
||||||
|
const daysUntilExpiry =
|
||||||
|
secondsUntilExpiry / (60 * 60 * 24);
|
||||||
|
if (daysUntilExpiry < 45) {
|
||||||
|
logger.info(
|
||||||
|
`Fetching certificates due to upcoming expiry for ${domain} (${Math.round(daysUntilExpiry)} days remaining)`
|
||||||
|
);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Also check wildcard certificates for expiry. These are not
|
||||||
|
// included in domainsNeedingCerts since their subdomains are
|
||||||
|
// filtered out, so we must check them separately.
|
||||||
|
for (const [certDomain, state] of this
|
||||||
|
.lastLocalCertificateState) {
|
||||||
|
if (
|
||||||
|
state.exists &&
|
||||||
|
state.wildcard &&
|
||||||
|
state.expiresAt
|
||||||
|
) {
|
||||||
|
const nowInSeconds = Math.floor(Date.now() / 1000);
|
||||||
|
const secondsUntilExpiry =
|
||||||
|
state.expiresAt - nowInSeconds;
|
||||||
|
const daysUntilExpiry =
|
||||||
|
secondsUntilExpiry / (60 * 60 * 24);
|
||||||
|
if (daysUntilExpiry < 45) {
|
||||||
|
logger.info(
|
||||||
|
`Fetching certificates due to upcoming expiry for wildcard cert ${certDomain} (${Math.round(daysUntilExpiry)} days remaining)`
|
||||||
|
);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -361,6 +400,32 @@ export class TraefikConfigManager {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Also include wildcard cert base domains that are
|
||||||
|
// expiring or expired so they get re-fetched even though
|
||||||
|
// their subdomains were filtered out above.
|
||||||
|
for (const [certDomain, state] of this
|
||||||
|
.lastLocalCertificateState) {
|
||||||
|
if (
|
||||||
|
state.exists &&
|
||||||
|
state.wildcard &&
|
||||||
|
state.expiresAt
|
||||||
|
) {
|
||||||
|
const nowInSeconds = Math.floor(
|
||||||
|
Date.now() / 1000
|
||||||
|
);
|
||||||
|
const secondsUntilExpiry =
|
||||||
|
state.expiresAt - nowInSeconds;
|
||||||
|
const daysUntilExpiry =
|
||||||
|
secondsUntilExpiry / (60 * 60 * 24);
|
||||||
|
if (daysUntilExpiry < 45) {
|
||||||
|
domainsToFetch.add(certDomain);
|
||||||
|
logger.info(
|
||||||
|
`Including expiring wildcard cert domain ${certDomain} in fetch (${Math.round(daysUntilExpiry)} days remaining)`
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (domainsToFetch.size > 0) {
|
if (domainsToFetch.size > 0) {
|
||||||
// Get valid certificates for domains not covered by wildcards
|
// Get valid certificates for domains not covered by wildcards
|
||||||
validCertificates =
|
validCertificates =
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
import { NextFunction, Request, Response } from "express";
|
import { NextFunction, Request, Response } from "express";
|
||||||
import { db, users } from "@server/db";
|
import { bannedEmails, bannedIps, db, users } from "@server/db";
|
||||||
import HttpCode from "@server/types/HttpCode";
|
import HttpCode from "@server/types/HttpCode";
|
||||||
import { email, z } from "zod";
|
import { email, z } from "zod";
|
||||||
import { fromError } from "zod-validation-error";
|
import { fromError } from "zod-validation-error";
|
||||||
@@ -66,6 +66,30 @@ export async function signup(
|
|||||||
skipVerificationEmail
|
skipVerificationEmail
|
||||||
} = parsedBody.data;
|
} = parsedBody.data;
|
||||||
|
|
||||||
|
const [bannedEmail] = await db
|
||||||
|
.select()
|
||||||
|
.from(bannedEmails)
|
||||||
|
.where(eq(bannedEmails.email, email))
|
||||||
|
.limit(1);
|
||||||
|
if (bannedEmail) {
|
||||||
|
return next(
|
||||||
|
createHttpError(HttpCode.FORBIDDEN, "Signup blocked. Do not attempt to continue to use this service.")
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (req.ip) {
|
||||||
|
const [bannedIp] = await db
|
||||||
|
.select()
|
||||||
|
.from(bannedIps)
|
||||||
|
.where(eq(bannedIps.ip, req.ip))
|
||||||
|
.limit(1);
|
||||||
|
if (bannedIp) {
|
||||||
|
return next(
|
||||||
|
createHttpError(HttpCode.FORBIDDEN, "Signup blocked. Do not attempt to continue to use this service.")
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
const passwordHash = await hashPassword(password);
|
const passwordHash = await hashPassword(password);
|
||||||
const userId = generateId(15);
|
const userId = generateId(15);
|
||||||
|
|
||||||
|
|||||||
@@ -125,7 +125,7 @@ export async function generateRelayMappings(exitNode: ExitNode) {
|
|||||||
// Add site as a destination for this client
|
// Add site as a destination for this client
|
||||||
const destination: PeerDestination = {
|
const destination: PeerDestination = {
|
||||||
destinationIP: site.subnet.split("/")[0],
|
destinationIP: site.subnet.split("/")[0],
|
||||||
destinationPort: site.listenPort
|
destinationPort: site.listenPort || 1 // this satisfies gerbil for now but should be reevaluated
|
||||||
};
|
};
|
||||||
|
|
||||||
// Check if this destination is already in the array to avoid duplicates
|
// Check if this destination is already in the array to avoid duplicates
|
||||||
@@ -165,7 +165,7 @@ export async function generateRelayMappings(exitNode: ExitNode) {
|
|||||||
|
|
||||||
const destination: PeerDestination = {
|
const destination: PeerDestination = {
|
||||||
destinationIP: peer.subnet.split("/")[0],
|
destinationIP: peer.subnet.split("/")[0],
|
||||||
destinationPort: peer.listenPort
|
destinationPort: peer.listenPort || 1 // this satisfies gerbil for now but should be reevaluated
|
||||||
};
|
};
|
||||||
|
|
||||||
// Check for duplicates
|
// Check for duplicates
|
||||||
|
|||||||
@@ -112,7 +112,7 @@ export async function updateHolePunch(
|
|||||||
destinations: destinations
|
destinations: destinations
|
||||||
});
|
});
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
// logger.error(error); // FIX THIS
|
logger.error(error);
|
||||||
return next(
|
return next(
|
||||||
createHttpError(
|
createHttpError(
|
||||||
HttpCode.INTERNAL_SERVER_ERROR,
|
HttpCode.INTERNAL_SERVER_ERROR,
|
||||||
@@ -262,7 +262,7 @@ export async function updateAndGenerateEndpointDestinations(
|
|||||||
if (site.subnet && site.listenPort) {
|
if (site.subnet && site.listenPort) {
|
||||||
destinations.push({
|
destinations.push({
|
||||||
destinationIP: site.subnet.split("/")[0],
|
destinationIP: site.subnet.split("/")[0],
|
||||||
destinationPort: site.listenPort
|
destinationPort: site.listenPort || 1 // this satisfies gerbil for now but should be reevaluated
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -104,11 +104,11 @@ export const handleGetConfigMessage: MessageHandler = async (context) => {
|
|||||||
const payload = {
|
const payload = {
|
||||||
oldDestination: {
|
oldDestination: {
|
||||||
destinationIP: existingSite.subnet?.split("/")[0],
|
destinationIP: existingSite.subnet?.split("/")[0],
|
||||||
destinationPort: existingSite.listenPort
|
destinationPort: existingSite.listenPort || 1 // this satisfies gerbil for now but should be reevaluated
|
||||||
},
|
},
|
||||||
newDestination: {
|
newDestination: {
|
||||||
destinationIP: site.subnet?.split("/")[0],
|
destinationIP: site.subnet?.split("/")[0],
|
||||||
destinationPort: site.listenPort
|
destinationPort: site.listenPort || 1 // this satisfies gerbil for now but should be reevaluated
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@@ -223,6 +223,20 @@ async function createHttpResource(
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Prevent creating resource with same domain as dashboard
|
||||||
|
const dashboardUrl = config.getRawConfig().app.dashboard_url;
|
||||||
|
if (dashboardUrl) {
|
||||||
|
const dashboardHost = new URL(dashboardUrl).hostname;
|
||||||
|
if (fullDomain === dashboardHost) {
|
||||||
|
return next(
|
||||||
|
createHttpError(
|
||||||
|
HttpCode.CONFLICT,
|
||||||
|
"Resource domain cannot be the same as the dashboard domain"
|
||||||
|
)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (build != "oss") {
|
if (build != "oss") {
|
||||||
const existingLoginPages = await db
|
const existingLoginPages = await db
|
||||||
.select()
|
.select()
|
||||||
|
|||||||
@@ -353,6 +353,20 @@ async function updateHttpResource(
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Prevent updating resource with same domain as dashboard
|
||||||
|
const dashboardUrl = config.getRawConfig().app.dashboard_url;
|
||||||
|
if (dashboardUrl) {
|
||||||
|
const dashboardHost = new URL(dashboardUrl).hostname;
|
||||||
|
if (fullDomain === dashboardHost) {
|
||||||
|
return next(
|
||||||
|
createHttpError(
|
||||||
|
HttpCode.CONFLICT,
|
||||||
|
"Resource domain cannot be the same as the dashboard domain"
|
||||||
|
)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (build != "oss") {
|
if (build != "oss") {
|
||||||
const existingLoginPages = await db
|
const existingLoginPages = await db
|
||||||
.select()
|
.select()
|
||||||
|
|||||||
@@ -559,7 +559,7 @@ export default function Page() {
|
|||||||
toast({
|
toast({
|
||||||
variant: "destructive",
|
variant: "destructive",
|
||||||
title: t("resourceErrorCreate"),
|
title: t("resourceErrorCreate"),
|
||||||
description: t("resourceErrorCreateMessageDescription")
|
description: formatAxiosError(e, t("resourceErrorCreateMessageDescription"))
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -84,7 +84,7 @@ const CredenzaContent = ({ className, children, ...props }: CredenzaProps) => {
|
|||||||
return (
|
return (
|
||||||
<CredenzaContent
|
<CredenzaContent
|
||||||
className={cn(
|
className={cn(
|
||||||
"overflow-y-auto max-h-[100dvh] md:max-h-screen md:top-[clamp(1.5rem,12vh,200px)] md:translate-y-0",
|
"overflow-y-auto max-h-[100dvh] md:max-h-[calc(100vh-clamp(3rem,24vh,400px))] md:top-[clamp(1.5rem,12vh,200px)] md:translate-y-0",
|
||||||
className
|
className
|
||||||
)}
|
)}
|
||||||
{...props}
|
{...props}
|
||||||
|
|||||||
@@ -51,6 +51,7 @@ const docsLinkClassName =
|
|||||||
const PANGOLIN_CLOUD_SIGNUP_URL = "https://app.pangolin.net/auth/signup/";
|
const PANGOLIN_CLOUD_SIGNUP_URL = "https://app.pangolin.net/auth/signup/";
|
||||||
const ENTERPRISE_DOCS_URL =
|
const ENTERPRISE_DOCS_URL =
|
||||||
"https://docs.pangolin.net/self-host/enterprise-edition";
|
"https://docs.pangolin.net/self-host/enterprise-edition";
|
||||||
|
const BOOK_A_DEMO_URL = "https://click.fossorial.io/ep922";
|
||||||
|
|
||||||
function getTierLinkRenderer(billingHref: string) {
|
function getTierLinkRenderer(billingHref: string) {
|
||||||
return function tierLinkRenderer(chunks: React.ReactNode) {
|
return function tierLinkRenderer(chunks: React.ReactNode) {
|
||||||
@@ -78,6 +79,22 @@ function getPangolinCloudLinkRenderer() {
|
|||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function getBookADemoLinkRenderer() {
|
||||||
|
return function bookADemoLinkRenderer(chunks: React.ReactNode) {
|
||||||
|
return (
|
||||||
|
<Link
|
||||||
|
href={BOOK_A_DEMO_URL}
|
||||||
|
target="_blank"
|
||||||
|
rel="noopener noreferrer"
|
||||||
|
className={docsLinkClassName}
|
||||||
|
>
|
||||||
|
{chunks}
|
||||||
|
<ExternalLink className="size-3.5 shrink-0" />
|
||||||
|
</Link>
|
||||||
|
);
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
function getDocsLinkRenderer(href: string) {
|
function getDocsLinkRenderer(href: string) {
|
||||||
return function docsLinkRenderer(chunks: React.ReactNode) {
|
return function docsLinkRenderer(chunks: React.ReactNode) {
|
||||||
return (
|
return (
|
||||||
@@ -116,6 +133,7 @@ export function PaidFeaturesAlert({ tiers }: Props) {
|
|||||||
const tierLinkRenderer = getTierLinkRenderer(billingHref);
|
const tierLinkRenderer = getTierLinkRenderer(billingHref);
|
||||||
const pangolinCloudLinkRenderer = getPangolinCloudLinkRenderer();
|
const pangolinCloudLinkRenderer = getPangolinCloudLinkRenderer();
|
||||||
const enterpriseDocsLinkRenderer = getDocsLinkRenderer(ENTERPRISE_DOCS_URL);
|
const enterpriseDocsLinkRenderer = getDocsLinkRenderer(ENTERPRISE_DOCS_URL);
|
||||||
|
const bookADemoLinkRenderer = getBookADemoLinkRenderer();
|
||||||
|
|
||||||
if (env.flags.disableEnterpriseFeatures) {
|
if (env.flags.disableEnterpriseFeatures) {
|
||||||
return null;
|
return null;
|
||||||
@@ -157,7 +175,8 @@ export function PaidFeaturesAlert({ tiers }: Props) {
|
|||||||
{t.rich("licenseRequiredToUse", {
|
{t.rich("licenseRequiredToUse", {
|
||||||
enterpriseLicenseLink:
|
enterpriseLicenseLink:
|
||||||
enterpriseDocsLinkRenderer,
|
enterpriseDocsLinkRenderer,
|
||||||
pangolinCloudLink: pangolinCloudLinkRenderer
|
pangolinCloudLink: pangolinCloudLinkRenderer,
|
||||||
|
bookADemoLink: bookADemoLinkRenderer
|
||||||
})}
|
})}
|
||||||
</span>
|
</span>
|
||||||
</div>
|
</div>
|
||||||
@@ -174,7 +193,8 @@ export function PaidFeaturesAlert({ tiers }: Props) {
|
|||||||
{t.rich("ossEnterpriseEditionRequired", {
|
{t.rich("ossEnterpriseEditionRequired", {
|
||||||
enterpriseEditionLink:
|
enterpriseEditionLink:
|
||||||
enterpriseDocsLinkRenderer,
|
enterpriseDocsLinkRenderer,
|
||||||
pangolinCloudLink: pangolinCloudLinkRenderer
|
pangolinCloudLink: pangolinCloudLinkRenderer,
|
||||||
|
bookADemoLink: bookADemoLinkRenderer
|
||||||
})}
|
})}
|
||||||
</span>
|
</span>
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
Reference in New Issue
Block a user