mirror of
https://github.com/fosrl/pangolin.git
synced 2026-05-07 00:39:53 +00:00
Compare commits
46 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
52a90fbd2b | ||
|
|
2ecf076c0f | ||
|
|
e06dda27cb | ||
|
|
18f6e0f75d | ||
|
|
3b232bcc58 | ||
|
|
c575bb76e7 | ||
|
|
c8e7e0ee1e | ||
|
|
0e7aafd364 | ||
|
|
91f1bae3e9 | ||
|
|
53c138ce3e | ||
|
|
969db14a3c | ||
|
|
c1c387bdd8 | ||
|
|
6e83d77a87 | ||
|
|
ba9a1efa4c | ||
|
|
9e046b9608 | ||
|
|
37794eb299 | ||
|
|
4e66b0e74b | ||
|
|
44fa873977 | ||
|
|
505461a533 | ||
|
|
a88c5b1428 | ||
|
|
97ef1d605c | ||
|
|
3fc1c9d948 | ||
|
|
68bd37ab6c | ||
|
|
5c317c535b | ||
|
|
37c6b11899 | ||
|
|
45c567ffa0 | ||
|
|
775ea64b55 | ||
|
|
64ad7641af | ||
|
|
d724f5bb5d | ||
|
|
d4f7c4a9c4 | ||
|
|
1cc0e9b689 | ||
|
|
584be4dbd2 | ||
|
|
c33e295ce7 | ||
|
|
1a926a7127 | ||
|
|
eb515a8f7f | ||
|
|
81b8a8a9e3 | ||
|
|
bcd164219f | ||
|
|
c90e405105 | ||
|
|
b2c8311b26 | ||
|
|
2154811ffb | ||
|
|
1772ac220f | ||
|
|
9bd33072f4 | ||
|
|
0655ba9423 | ||
|
|
2c85bcd06b | ||
|
|
d6abe83fdc | ||
|
|
8e1905a695 |
@@ -25,6 +25,10 @@
|
||||
"subscriptionViolationMessage": "Превишихте ограничението на текущия си план. Коригирайте проблема, като премахнете сайтове, потребители или други ресурси, за да оставате в рамките на плана си.",
|
||||
"trialBannerMessage": "Пробният Ви период изтича след {countdown}. Актуализирайте за запазване на достъпа.",
|
||||
"trialBannerExpired": "Пробният Ви период е изтекъл. Актуализирайте сега, за да възстановите достъпа.",
|
||||
"billingTrialBannerTitle": "Пробният период е активен",
|
||||
"billingTrialBannerDescription": "В момента сте в пробен период на бизнес ниво. След края на пробния период, вашият акаунт автоматично ще бъде върнат към функциите и ограниченията на основното ниво. Надградете по всяко време, за да запазите достъпа до текущите функции на плана.",
|
||||
"billingTrialBannerUpgrade": "Надградете сега",
|
||||
"billingTrialBadge": "Пробен период",
|
||||
"trialActive": "Активен пробен период",
|
||||
"trialExpired": "Пробният период е изтекъл",
|
||||
"trialHasEnded": "Пробният Ви период е приключил.",
|
||||
|
||||
@@ -25,6 +25,10 @@
|
||||
"subscriptionViolationMessage": "Jste za hranicemi vašeho aktuálního plánu. Opravte problém odstraněním webů, uživatelů nebo jiných zdrojů, abyste zůstali ve vašem tarifu.",
|
||||
"trialBannerMessage": "Vaše zkušební verze vyprší za {countdown}. Pro udržení přístupu upgraduje.",
|
||||
"trialBannerExpired": "Vaše zkušební verze vypršela. Upgradujte nyní pro obnovu přístupu.",
|
||||
"billingTrialBannerTitle": "Aktivní zkušební verze",
|
||||
"billingTrialBannerDescription": "Právě používáte zkušební verzi na úrovni business. Po skončení zkušební verze se váš účet automaticky vrátí k funkcím a limitům úrovně Basic. Upgradujte kdykoli pro zachování přístupu k funkcím vašeho aktuálního plánu.",
|
||||
"billingTrialBannerUpgrade": "Upgradovat nyní",
|
||||
"billingTrialBadge": "Zkušební verze",
|
||||
"trialActive": "Zkušební verze je aktivní",
|
||||
"trialExpired": "Zkušební verze vypršela",
|
||||
"trialHasEnded": "Vaše zkušební verze skončila.",
|
||||
|
||||
@@ -25,6 +25,10 @@
|
||||
"subscriptionViolationMessage": "Sie überschreiten Ihre Grenzen für Ihr aktuelles Paket. Korrigieren Sie das Problem, indem Sie Webseiten, Benutzer oder andere Ressourcen entfernen, um in Ihrem Paket zu bleiben.",
|
||||
"trialBannerMessage": "Ihre Testversion läuft in {countdown} ab. Upgraden, um den Zugriff zu behalten.",
|
||||
"trialBannerExpired": "Ihre Testversion ist abgelaufen. Jetzt upgraden, um den Zugriff wiederherzustellen.",
|
||||
"billingTrialBannerTitle": "Kostenlose Testversion aktiv",
|
||||
"billingTrialBannerDescription": "Sie nutzen derzeit eine kostenlose Testversion auf der Geschäftsstufe. Wenn die Testversion endet, wird Ihr Konto automatisch auf die Funktionen und Beschränkungen der Basisstufe zurückgesetzt. Upgraden Sie jederzeit, um weiterhin Zugriff auf die Funktionen Ihres aktuellen Plans zu behalten.",
|
||||
"billingTrialBannerUpgrade": "Jetzt upgraden",
|
||||
"billingTrialBadge": "Kostenlose Testversion",
|
||||
"trialActive": "Kostenlose Testversion aktiv",
|
||||
"trialExpired": "Testversion abgelaufen",
|
||||
"trialHasEnded": "Ihre Testversion ist beendet.",
|
||||
|
||||
@@ -25,6 +25,10 @@
|
||||
"subscriptionViolationMessage": "You're beyond your limits for your current plan. Correct the problem by removing sites, users, or other resources to stay within your plan.",
|
||||
"trialBannerMessage": "Your trial expires in {countdown}. Upgrade to keep access.",
|
||||
"trialBannerExpired": "Your trial has expired. Upgrade now to restore access.",
|
||||
"billingTrialBannerTitle": "Free Trial Active",
|
||||
"billingTrialBannerDescription": "You're currently on a free trial on the business tier. When the trial ends, your account will automatically revert to the Basic tier features and limits. Upgrade anytime to keep access to your current plan's features.",
|
||||
"billingTrialBannerUpgrade": "Upgrade Now",
|
||||
"billingTrialBadge": "Free Trial",
|
||||
"trialActive": "Free Trial Active",
|
||||
"trialExpired": "Trial Expired",
|
||||
"trialHasEnded": "Your trial has ended.",
|
||||
|
||||
@@ -25,6 +25,10 @@
|
||||
"subscriptionViolationMessage": "Estás más allá de tus límites para tu plan actual. Corrija el problema eliminando sitios, usuarios u otros recursos para permanecer dentro de tu plan.",
|
||||
"trialBannerMessage": "Su prueba expira en {countdown}. Actualice para mantener el acceso.",
|
||||
"trialBannerExpired": "Su prueba ha expirado. Actualice ahora para restaurar el acceso.",
|
||||
"billingTrialBannerTitle": "Prueba gratuita activada",
|
||||
"billingTrialBannerDescription": "Actualmente estás en una prueba gratuita en el nivel empresarial. Cuando finalice la prueba, tu cuenta volverá automáticamente a las características y límites del nivel Básico. Mejora en cualquier momento para mantener el acceso a las características de tu plan actual.",
|
||||
"billingTrialBannerUpgrade": "Actualizar ahora",
|
||||
"billingTrialBadge": "Prueba Gratuita",
|
||||
"trialActive": "Prueba gratuita activa",
|
||||
"trialExpired": "Prueba expirada",
|
||||
"trialHasEnded": "Su prueba ha terminado.",
|
||||
|
||||
@@ -25,6 +25,10 @@
|
||||
"subscriptionViolationMessage": "Vous dépassez vos limites pour votre forfait actuel. Corrigez le problème en supprimant des sites, des utilisateurs ou d'autres ressources pour rester dans votre forfait.",
|
||||
"trialBannerMessage": "Votre essai expire dans {countdown}. Passez à l'abonnement pour garder l'accès.",
|
||||
"trialBannerExpired": "Votre essai a expiré. Passez à l'abonnement maintenant pour restaurer l'accès.",
|
||||
"billingTrialBannerTitle": "Essai gratuit actif",
|
||||
"billingTrialBannerDescription": "Vous êtes actuellement en essai gratuit sur le niveau business. À la fin de l'essai, votre compte basculera automatiquement aux fonctionnalités et limites du niveau Basique. Mettez à jour à tout moment pour conserver l'accès aux fonctionnalités de votre plan actuel.",
|
||||
"billingTrialBannerUpgrade": "Passer à la version supérieure maintenant",
|
||||
"billingTrialBadge": "Essai gratuit",
|
||||
"trialActive": "Essai gratuit actif",
|
||||
"trialExpired": "Essai expiré",
|
||||
"trialHasEnded": "Votre essai est terminé.",
|
||||
|
||||
@@ -25,6 +25,10 @@
|
||||
"subscriptionViolationMessage": "Hai superato i tuoi limiti per il tuo piano attuale. Correggi il problema rimuovendo siti, utenti o altre risorse per rimanere all'interno del tuo piano.",
|
||||
"trialBannerMessage": "Il tuo periodo di prova scade tra {countdown}. Aggiorna per mantenere l'accesso.",
|
||||
"trialBannerExpired": "Il tuo periodo di prova è scaduto. Aggiorna ora per ripristinare l'accesso.",
|
||||
"billingTrialBannerTitle": "Prova Gratuita Attiva",
|
||||
"billingTrialBannerDescription": "Attualmente sei in una prova gratuita sul livello business. Quando la prova terminerà, il tuo account tornerà automaticamente alle funzionalità e ai limiti del piano Basic. Effettua l'upgrade in qualsiasi momento per mantenere l'accesso alle funzionalità del tuo piano attuale.",
|
||||
"billingTrialBannerUpgrade": "Effettua l'Upgrade Ora",
|
||||
"billingTrialBadge": "Prova Gratuita",
|
||||
"trialActive": "Prova Gratuita Attiva",
|
||||
"trialExpired": "Prova scaduta",
|
||||
"trialHasEnded": "La tua prova è terminata.",
|
||||
|
||||
@@ -25,6 +25,10 @@
|
||||
"subscriptionViolationMessage": "현재 계획의 한계를 초과했습니다. 사이트, 사용자 또는 기타 리소스를 제거하여 계획 내에 머물도록 해결하세요.",
|
||||
"trialBannerMessage": "시험 사용 기간이 {countdown} 안에 만료됩니다. 업그레이드하여 액세스를 유지하세요.",
|
||||
"trialBannerExpired": "시험 사용 기간이 만료되었습니다. 지금 업그레이드하여 액세스를 복구하세요.",
|
||||
"billingTrialBannerTitle": "무료 평가판 활성화",
|
||||
"billingTrialBannerDescription": "현재 비즈니스 티어의 무료 평가판을 사용 중입니다. 평가판이 종료되면 계정은 자동으로 기본 티어 기능 및 제한으로 돌아갑니다. 현재 계획의 기능을 유지하려면 언제든지 업그레이드 하세요.",
|
||||
"billingTrialBannerUpgrade": "지금 업그레이드",
|
||||
"billingTrialBadge": "무료 평가판",
|
||||
"trialActive": "무료 체험 활성화됨",
|
||||
"trialExpired": "체험 만료됨",
|
||||
"trialHasEnded": "시험 사용 기간이 종료되었습니다.",
|
||||
|
||||
@@ -25,6 +25,10 @@
|
||||
"subscriptionViolationMessage": "Du er utenfor grensen for gjeldende plan. Rett problemet ved å fjerne nettsteder, brukere eller andre ressurser for å bli innenfor planen din.",
|
||||
"trialBannerMessage": "Din prøveperiode utløper om {countdown}. Oppgrader for å beholde tilgangen.",
|
||||
"trialBannerExpired": "Prøveperioden din har utløpt. Oppgrader nå for å gjenopprette tilgangen.",
|
||||
"billingTrialBannerTitle": "Prøveversjon Aktiv",
|
||||
"billingTrialBannerDescription": "Du har for øyeblikket en gratis prøveversjon på forretningsnivået. Når prøven avsluttes, vil kontoen din automatisk gå tilbake til funksjoner og begrensninger på Basis-nivået. Oppgrader når som helst for å beholde tilgang til de nåværende planens funksjoner.",
|
||||
"billingTrialBannerUpgrade": "Oppgrader nå",
|
||||
"billingTrialBadge": "Prøveversjon",
|
||||
"trialActive": "Gratis prøveversjon aktiv",
|
||||
"trialExpired": "Prøveperioden er utløpt",
|
||||
"trialHasEnded": "Din prøveperiode har avsluttet.",
|
||||
|
||||
@@ -25,6 +25,10 @@
|
||||
"subscriptionViolationMessage": "U overschrijdt uw huidige abonnement. Corrigeer het probleem door sites, gebruikers of andere bronnen te verwijderen om binnen uw plan te blijven.",
|
||||
"trialBannerMessage": "Uw proefversie verloopt over {countdown}. Upgrade om toegang te behouden.",
|
||||
"trialBannerExpired": "Uw proefperiode is verlopen. Upgrade nu om toegang te herstellen.",
|
||||
"billingTrialBannerTitle": "Proefperiode Actief",
|
||||
"billingTrialBannerDescription": "Je bent momenteel bezig met een gratis proefperiode op het zakelijke niveau. Wanneer de proefperiode eindigt, wordt je account automatisch teruggezet naar de functies en limieten van het Basic-niveau. Upgrade op elk moment om toegang te houden tot de functies van je huidige plan.",
|
||||
"billingTrialBannerUpgrade": "Nu Upgraden",
|
||||
"billingTrialBadge": "Gratis Proefversie",
|
||||
"trialActive": "Gratis proefversie actief",
|
||||
"trialExpired": "Proefversie verlopen",
|
||||
"trialHasEnded": "Uw proefperiode is geëindigd.",
|
||||
|
||||
@@ -25,6 +25,10 @@
|
||||
"subscriptionViolationMessage": "Nie masz ograniczeń dla aktualnego planu. Popraw problem poprzez usunięcie stron, użytkowników lub innych zasobów, aby pozostać w swoim planie.",
|
||||
"trialBannerMessage": "Twój okres próbny wygasa za {countdown}. Uaktualnij, aby zachować dostęp.",
|
||||
"trialBannerExpired": "Twój okres próbny wygasł. Uaktualnij teraz, aby przywrócić dostęp.",
|
||||
"billingTrialBannerTitle": "Bezpłatna wersja próbna aktywna",
|
||||
"billingTrialBannerDescription": "Obecnie korzystasz z bezpłatnej wersji próbnej na poziomie biznesowym. Po zakończeniu wersji próbnej, Twoje konto automatycznie powróci do funkcji i limitów poziomu Podstawowego. Możesz dokonać uaktualnienia w każdej chwili, aby zachować dostęp do funkcji obecnego planu.",
|
||||
"billingTrialBannerUpgrade": "Uaktualnij teraz",
|
||||
"billingTrialBadge": "Bezpłatna wersja próbna",
|
||||
"trialActive": "Okres próbny aktywny",
|
||||
"trialExpired": "Okres próbny wygasł",
|
||||
"trialHasEnded": "Twój okres próbny dobiegł końca.",
|
||||
|
||||
@@ -25,6 +25,10 @@
|
||||
"subscriptionViolationMessage": "Você está além dos seus limites para o seu plano atual. Corrija o problema removendo sites, usuários, ou outros recursos para ficar em seu plano.",
|
||||
"trialBannerMessage": "Sua avaliação termina em {countdown}. Faça o upgrade para manter o acesso.",
|
||||
"trialBannerExpired": "Sua avaliação expirou. Faça o upgrade agora para restaurar o acesso.",
|
||||
"billingTrialBannerTitle": "Teste Gratuito Ativo",
|
||||
"billingTrialBannerDescription": "Atualmente, você está em um teste gratuito no nível empresarial. Quando o teste terminar, sua conta reverterá automaticamente para os recursos e limites do nível Básico. Atualize a qualquer momento para manter o acesso aos recursos do seu plano atual.",
|
||||
"billingTrialBannerUpgrade": "Atualize Agora",
|
||||
"billingTrialBadge": "Teste Gratuito",
|
||||
"trialActive": "Avaliação Gratuita Ativa",
|
||||
"trialExpired": "Avaliação Expirada",
|
||||
"trialHasEnded": "Sua avaliação terminou.",
|
||||
|
||||
@@ -25,6 +25,10 @@
|
||||
"subscriptionViolationMessage": "Вы превысили лимиты для вашего текущего плана. Исправьте проблему, удалив сайты, пользователей или другие ресурсы, чтобы остаться в пределах вашего плана.",
|
||||
"trialBannerMessage": "Ваш пробный период истекает через {countdown}. Обновите, чтобы сохранить доступ.",
|
||||
"trialBannerExpired": "Ваш пробный период истек. Обновите сейчас, чтобы восстановить доступ.",
|
||||
"billingTrialBannerTitle": "Бесплатная версия активна",
|
||||
"billingTrialBannerDescription": "Вы в настоящее время находитесь на бесплатном пробном периоде бизнес-уровня. Когда пробный период закончится, ваш аккаунт автоматически вернётся к функциям и лимитам базового уровня. Обновите в любое время, чтобы сохранить доступ к функциям текущего плана.",
|
||||
"billingTrialBannerUpgrade": "Обновить сейчас",
|
||||
"billingTrialBadge": "Бесплатная версия",
|
||||
"trialActive": "Бесплатный пробный период активен",
|
||||
"trialExpired": "Пробный период истек",
|
||||
"trialHasEnded": "Ваш пробный период окончен.",
|
||||
|
||||
@@ -25,6 +25,10 @@
|
||||
"subscriptionViolationMessage": "Geçerli planınız için limitlerinizi aştınız. Planınız dahilinde kalmak için siteleri, kullanıcıları veya diğer kaynakları kaldırarak sorunu düzeltin.",
|
||||
"trialBannerMessage": "Deneme süreniz {countdown} içinde sona eriyor. Erişimi sürdürmek için yükseltin.",
|
||||
"trialBannerExpired": "Deneme süreniz sona erdi. Erişimi geri yüklemek için şimdi yükseltin.",
|
||||
"billingTrialBannerTitle": "Ücretsiz Deneme Aktif",
|
||||
"billingTrialBannerDescription": "Şu anda iş seviyesi için ücretsiz deneme sürümündesiniz. Deneme süresi sona erdiğinde, hesabınız otomatik olarak Temel seviye özelliklerine ve limitlerine geri dönecektir. Mevcut planınızın özelliklerine erişimi sürdürmek için istediğiniz zaman yükseltin.",
|
||||
"billingTrialBannerUpgrade": "Şimdi Yükselt",
|
||||
"billingTrialBadge": "Ücretsiz Deneme",
|
||||
"trialActive": "Ücretsiz Deneme Aktif",
|
||||
"trialExpired": "Deneme Süresi Doldu",
|
||||
"trialHasEnded": "Deneme süreniz sona erdi.",
|
||||
|
||||
@@ -25,6 +25,10 @@
|
||||
"subscriptionViolationMessage": "您的当前计划超出了您的限制。通过移除站点、用户或其他资源以保持在您的计划范围内来纠正问题。",
|
||||
"trialBannerMessage": "您的试用将在 {countdown} 到期。升级以保持访问。",
|
||||
"trialBannerExpired": "您的试用已到期。立即升级以恢复访问。",
|
||||
"billingTrialBannerTitle": "免费试用激活中",
|
||||
"billingTrialBannerDescription": "您目前正在商用层进行免费试用。试用结束后,您的账户将自动回到基础层功能和限制。可随时升级以保持当前计划的功能访问。",
|
||||
"billingTrialBannerUpgrade": "立即升级",
|
||||
"billingTrialBadge": "免费试用",
|
||||
"trialActive": "免费试用中",
|
||||
"trialExpired": "试用到期",
|
||||
"trialHasEnded": "您的试用已结束。",
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
import { drizzle as DrizzleSqlite } from "drizzle-orm/better-sqlite3";
|
||||
import Database from "better-sqlite3";
|
||||
import type BetterSqlite3 from "better-sqlite3";
|
||||
import * as schema from "./schema/schema";
|
||||
import path from "path";
|
||||
import fs from "fs";
|
||||
@@ -11,8 +12,69 @@ export const exists = checkFileExists(location);
|
||||
|
||||
bootstrapVolume();
|
||||
|
||||
/**
|
||||
* Wraps better-sqlite3 Statement to call `finalize()` immediately after
|
||||
* execution, freeing native sqlite3_stmt memory deterministically instead
|
||||
* of waiting for GC. Fixes steady off-heap growth under load (#2120).
|
||||
* WARNING: Finalizes after first execution — incompatible with drizzle's
|
||||
* reusable .prepare() builders. No such usage exists in this codebase.
|
||||
*/
|
||||
function autoFinalizeStatement(
|
||||
stmt: BetterSqlite3.Statement
|
||||
): BetterSqlite3.Statement {
|
||||
const wrapExec = <T extends (...args: any[]) => any>(fn: T): T => {
|
||||
return function (this: any, ...args: any[]) {
|
||||
try {
|
||||
return fn.apply(this, args);
|
||||
} finally {
|
||||
try {
|
||||
// finalize() exists on the native Statement at runtime but
|
||||
// is missing from @types/better-sqlite3.
|
||||
(stmt as any).finalize();
|
||||
} catch {
|
||||
// Already finalized — harmless
|
||||
}
|
||||
}
|
||||
} as unknown as T;
|
||||
};
|
||||
|
||||
stmt.run = wrapExec(stmt.run);
|
||||
stmt.get = wrapExec(stmt.get);
|
||||
stmt.all = wrapExec(stmt.all);
|
||||
|
||||
return stmt;
|
||||
}
|
||||
|
||||
function createDb() {
|
||||
const sqlite = new Database(location);
|
||||
|
||||
if (process.env.ENABLE_SQLITE_WAL_MODE == "true") {
|
||||
// Enable WAL mode — allows concurrent readers + single writer, preventing
|
||||
// contention across subsystems (verifySession, Traefik, audit, ping).
|
||||
sqlite.pragma("journal_mode = WAL");
|
||||
// NORMAL sync mode: safe with WAL, reduces write lock hold time.
|
||||
sqlite.pragma("synchronous = NORMAL");
|
||||
}
|
||||
|
||||
// Wait up to 5s on SQLITE_BUSY instead of failing — prevents audit log
|
||||
// retry loops that accumulate memory.
|
||||
sqlite.pragma("busy_timeout = 5000");
|
||||
|
||||
// 64 MB page cache (default 2 MB) — reduces I/O round-trips on large
|
||||
// TraefikConfigManager JOINs that block the event loop.
|
||||
sqlite.pragma("cache_size = -65536");
|
||||
|
||||
// 256 MB memory-mapped I/O — OS serves reads from page cache directly,
|
||||
// reducing event-loop blocking.
|
||||
sqlite.pragma("mmap_size = 268435456");
|
||||
|
||||
// Wrap prepare() so every drizzle-orm statement is auto-finalized after
|
||||
// first use, preventing sqlite3_stmt accumulation between GC cycles.
|
||||
const originalPrepare = sqlite.prepare.bind(sqlite);
|
||||
(sqlite as any).prepare = function autoFinalizePrepare(source: string) {
|
||||
return autoFinalizeStatement(originalPrepare(source));
|
||||
};
|
||||
|
||||
return DrizzleSqlite(sqlite, {
|
||||
schema
|
||||
});
|
||||
@@ -23,7 +85,7 @@ export default db;
|
||||
export const primaryDb = db;
|
||||
export type Transaction = Parameters<
|
||||
Parameters<(typeof db)["transaction"]>[0]
|
||||
>[0];
|
||||
>[0];
|
||||
export const DB_TYPE: "pg" | "sqlite" = "sqlite";
|
||||
|
||||
function checkFileExists(filePath: string): boolean {
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
import { z } from "zod";
|
||||
import { db, logsDb, statusHistory } from "@server/db";
|
||||
import { and, eq, gte, asc } from "drizzle-orm";
|
||||
import cache from "@server/lib/cache";
|
||||
import { regionalCache as cache } from "@server/private/lib/cache";
|
||||
|
||||
const STATUS_HISTORY_CACHE_TTL = 60; // seconds
|
||||
|
||||
@@ -63,7 +63,7 @@ export async function invalidateStatusHistoryCache(
|
||||
entityId: number
|
||||
): Promise<void> {
|
||||
const prefix = `statusHistory:${entityType}:${entityId}:`;
|
||||
const keys = cache.keys().filter((k) => k.startsWith(prefix));
|
||||
const keys = await cache.keysWithPrefix(prefix);
|
||||
if (keys.length > 0) {
|
||||
await cache.del(keys);
|
||||
}
|
||||
|
||||
@@ -500,7 +500,30 @@ function findAcmeJsonFiles(dirPath: string): string[] {
|
||||
const fullPath = path.join(dirPath, entry.name);
|
||||
if (entry.isDirectory()) {
|
||||
results.push(...findAcmeJsonFiles(fullPath));
|
||||
} else if (entry.isFile() && entry.name === "acme.json") {
|
||||
} else if (entry.isFile()) {
|
||||
// check if it is a json file
|
||||
if (entry.name.endsWith(".json")) {
|
||||
let raw: string;
|
||||
try {
|
||||
raw = fs.readFileSync(fullPath, "utf8");
|
||||
} catch (err) {
|
||||
logger.warn(
|
||||
`acmeCertSync: could not read file "${fullPath}": ${err}`
|
||||
);
|
||||
continue;
|
||||
}
|
||||
|
||||
let parsed: any;
|
||||
try {
|
||||
parsed = JSON.parse(raw);
|
||||
} catch (err) {
|
||||
logger.warn(
|
||||
`acmeCertSync: could not parse "${fullPath}" as JSON: ${err}`
|
||||
);
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
results.push(fullPath);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
|
||||
import NodeCache from "node-cache";
|
||||
import logger from "@server/logger";
|
||||
import { redisManager } from "@server/private/lib/redis";
|
||||
import { redisManager, regionalRedisManager } from "@server/private/lib/redis";
|
||||
|
||||
// Create local cache with maxKeys limit to prevent memory leaks
|
||||
// With ~10k requests/day and 5min TTL, 10k keys should be more than sufficient
|
||||
@@ -298,3 +298,147 @@ class AdaptiveCache {
|
||||
// Export singleton instance
|
||||
export const cache = new AdaptiveCache();
|
||||
export default cache;
|
||||
|
||||
/**
|
||||
* Regional adaptive cache backed by the in-cluster Redis instance.
|
||||
* Falls back to a local NodeCache when the regional Redis is unavailable.
|
||||
* Use this for data that is regional in nature (e.g. status history) so
|
||||
* reads are served from the same cluster the user is hitting.
|
||||
*/
|
||||
const regionalLocalCache = new NodeCache({
|
||||
stdTTL: 3600,
|
||||
checkperiod: 120,
|
||||
maxKeys: 10000
|
||||
});
|
||||
|
||||
class RegionalAdaptiveCache {
|
||||
private useRedis(): boolean {
|
||||
return (
|
||||
regionalRedisManager.isRedisEnabled() &&
|
||||
regionalRedisManager.getHealthStatus().isHealthy
|
||||
);
|
||||
}
|
||||
|
||||
async set(key: string, value: any, ttl?: number): Promise<boolean> {
|
||||
const effectiveTtl = ttl === 0 ? undefined : ttl;
|
||||
const redisTtl = ttl === 0 ? undefined : (ttl ?? 3600);
|
||||
|
||||
if (this.useRedis()) {
|
||||
try {
|
||||
const serialized = JSON.stringify(value);
|
||||
const success = await regionalRedisManager.set(
|
||||
key,
|
||||
serialized,
|
||||
redisTtl
|
||||
);
|
||||
if (success) {
|
||||
logger.debug(`[regional] Set key in Redis: ${key}`);
|
||||
return true;
|
||||
}
|
||||
} catch (error) {
|
||||
logger.error(
|
||||
`[regional] Redis set error for key ${key}:`,
|
||||
error
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
const success = regionalLocalCache.set(key, value, effectiveTtl || 0);
|
||||
if (success) logger.debug(`[regional] Set key in local cache: ${key}`);
|
||||
return success;
|
||||
}
|
||||
|
||||
async get<T = any>(key: string): Promise<T | undefined> {
|
||||
if (this.useRedis()) {
|
||||
try {
|
||||
const value = await regionalRedisManager.get(key);
|
||||
if (value !== null) {
|
||||
logger.debug(`[regional] Cache hit in Redis: ${key}`);
|
||||
return JSON.parse(value) as T;
|
||||
}
|
||||
logger.debug(`[regional] Cache miss in Redis: ${key}`);
|
||||
return undefined;
|
||||
} catch (error) {
|
||||
logger.error(
|
||||
`[regional] Redis get error for key ${key}:`,
|
||||
error
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
const value = regionalLocalCache.get<T>(key);
|
||||
if (value !== undefined) {
|
||||
logger.debug(`[regional] Cache hit in local cache: ${key}`);
|
||||
} else {
|
||||
logger.debug(`[regional] Cache miss in local cache: ${key}`);
|
||||
}
|
||||
return value;
|
||||
}
|
||||
|
||||
async del(key: string | string[]): Promise<number> {
|
||||
const keys = Array.isArray(key) ? key : [key];
|
||||
let deletedCount = 0;
|
||||
|
||||
if (this.useRedis()) {
|
||||
try {
|
||||
for (const k of keys) {
|
||||
const success = await regionalRedisManager.del(k);
|
||||
if (success) {
|
||||
deletedCount++;
|
||||
logger.debug(`[regional] Deleted key from Redis: ${k}`);
|
||||
}
|
||||
}
|
||||
if (deletedCount === keys.length) return deletedCount;
|
||||
deletedCount = 0;
|
||||
} catch (error) {
|
||||
logger.error(`[regional] Redis del error:`, error);
|
||||
deletedCount = 0;
|
||||
}
|
||||
}
|
||||
|
||||
for (const k of keys) {
|
||||
const count = regionalLocalCache.del(k);
|
||||
if (count > 0) {
|
||||
deletedCount++;
|
||||
logger.debug(`[regional] Deleted key from local cache: ${k}`);
|
||||
}
|
||||
}
|
||||
return deletedCount;
|
||||
}
|
||||
|
||||
async has(key: string): Promise<boolean> {
|
||||
if (this.useRedis()) {
|
||||
try {
|
||||
const value = await regionalRedisManager.get(key);
|
||||
return value !== null;
|
||||
} catch (error) {
|
||||
logger.error(
|
||||
`[regional] Redis has error for key ${key}:`,
|
||||
error
|
||||
);
|
||||
}
|
||||
}
|
||||
return regionalLocalCache.has(key);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns keys matching the given prefix from whichever backend is active.
|
||||
* Redis uses a KEYS scan; local cache filters in-memory keys.
|
||||
*/
|
||||
async keysWithPrefix(prefix: string): Promise<string[]> {
|
||||
if (this.useRedis()) {
|
||||
try {
|
||||
return await regionalRedisManager.keys(`${prefix}*`);
|
||||
} catch (error) {
|
||||
logger.error(`[regional] Redis keys error:`, error);
|
||||
}
|
||||
}
|
||||
return regionalLocalCache.keys().filter((k) => k.startsWith(prefix));
|
||||
}
|
||||
|
||||
getCurrentBackend(): "redis" | "local" {
|
||||
return this.useRedis() ? "redis" : "local";
|
||||
}
|
||||
}
|
||||
|
||||
export const regionalCache = new RegionalAdaptiveCache();
|
||||
|
||||
@@ -73,6 +73,25 @@ export const privateConfigSchema = z
|
||||
.object({
|
||||
rejectUnauthorized: z.boolean().optional().default(true)
|
||||
})
|
||||
.optional(),
|
||||
regional_redis: z
|
||||
.object({
|
||||
host: z.string(),
|
||||
port: portSchema,
|
||||
password: z
|
||||
.string()
|
||||
.optional()
|
||||
.transform(getEnvOrYaml("REGIONAL_REDIS_PASSWORD")),
|
||||
db: z.int().nonnegative().optional().default(0),
|
||||
tls: z
|
||||
.object({
|
||||
rejectUnauthorized: z
|
||||
.boolean()
|
||||
.optional()
|
||||
.default(true)
|
||||
})
|
||||
.optional()
|
||||
})
|
||||
.optional()
|
||||
})
|
||||
.optional(),
|
||||
|
||||
@@ -109,14 +109,14 @@ class RedisManager {
|
||||
password: redisConfig.password,
|
||||
db: redisConfig.db
|
||||
};
|
||||
|
||||
|
||||
// Enable TLS if configured (required for AWS ElastiCache in-transit encryption)
|
||||
if (redisConfig.tls) {
|
||||
opts.tls = {
|
||||
rejectUnauthorized: redisConfig.tls.rejectUnauthorized ?? true
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
return opts;
|
||||
}
|
||||
|
||||
@@ -135,14 +135,14 @@ class RedisManager {
|
||||
password: replica.password,
|
||||
db: replica.db || redisConfig.db
|
||||
};
|
||||
|
||||
|
||||
// Enable TLS if configured (required for AWS ElastiCache in-transit encryption)
|
||||
if (redisConfig.tls) {
|
||||
opts.tls = {
|
||||
rejectUnauthorized: redisConfig.tls.rejectUnauthorized ?? true
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
return opts;
|
||||
}
|
||||
|
||||
@@ -855,3 +855,163 @@ class RedisManager {
|
||||
export const redisManager = new RedisManager();
|
||||
export const redis = redisManager.getClient();
|
||||
export default redisManager;
|
||||
|
||||
/**
|
||||
* Lightweight Redis manager for the regional (in-cluster) Redis instance.
|
||||
* Connects only when `redis.regional_redis` is present in the private config
|
||||
* and `flags.enable_redis` is true. No pub/sub — designed for low-latency
|
||||
* caching of regionally-scoped data.
|
||||
*/
|
||||
class RegionalRedisManager {
|
||||
private writeClient: Redis | null = null;
|
||||
private readClient: Redis | null = null;
|
||||
private isEnabled: boolean = false;
|
||||
private isHealthy: boolean = false;
|
||||
private connectionTimeout: number = 5000;
|
||||
private commandTimeout: number = 5000;
|
||||
|
||||
constructor() {
|
||||
if (build === "oss") return;
|
||||
|
||||
const cfg = privateConfig.getRawPrivateConfig();
|
||||
if (!cfg.flags.enable_redis || !cfg.redis?.regional_redis) return;
|
||||
|
||||
this.isEnabled = true;
|
||||
this.initializeClients();
|
||||
}
|
||||
|
||||
private getConfig(): RedisOptions {
|
||||
const r = privateConfig.getRawPrivateConfig().redis!.regional_redis!;
|
||||
const opts: RedisOptions = {
|
||||
host: r.host,
|
||||
port: r.port,
|
||||
password: r.password,
|
||||
db: r.db
|
||||
};
|
||||
if (r.tls) {
|
||||
opts.tls = { rejectUnauthorized: r.tls.rejectUnauthorized ?? true };
|
||||
}
|
||||
return opts;
|
||||
}
|
||||
|
||||
private initializeClients(): void {
|
||||
const cfg = this.getConfig();
|
||||
const baseOpts = {
|
||||
...cfg,
|
||||
enableReadyCheck: false,
|
||||
maxRetriesPerRequest: 3,
|
||||
keepAlive: 10000,
|
||||
connectTimeout: this.connectionTimeout,
|
||||
commandTimeout: this.commandTimeout
|
||||
};
|
||||
|
||||
try {
|
||||
this.writeClient = new Redis(baseOpts);
|
||||
// redis-1 (replica) handles reads; fall back to primary if not resolvable
|
||||
this.readClient = new Redis({
|
||||
...baseOpts,
|
||||
host: cfg.host!.replace(/^(.*?)(\.\S+)$/, (_, h, rest) => {
|
||||
// Derive replica hostname from the headless service pattern:
|
||||
// redis.redis.svc.cluster.local -> redis-1.redis-headless.redis.svc.cluster.local
|
||||
// If it doesn't look like a k8s service, just use the same host
|
||||
return h + rest;
|
||||
})
|
||||
});
|
||||
|
||||
// For simplicity use same host for both; callers can always read from primary
|
||||
// The real replica routing is handled by the StatefulSet headless service
|
||||
this.readClient = this.writeClient;
|
||||
|
||||
this.writeClient.on("ready", () => {
|
||||
logger.info("Regional Redis client ready");
|
||||
this.isHealthy = true;
|
||||
});
|
||||
this.writeClient.on("error", (err) => {
|
||||
logger.error("Regional Redis client error:", err);
|
||||
this.isHealthy = false;
|
||||
});
|
||||
this.writeClient.on("reconnecting", () => {
|
||||
logger.info("Regional Redis client reconnecting...");
|
||||
this.isHealthy = false;
|
||||
});
|
||||
|
||||
logger.info("Regional Redis client initialized");
|
||||
} catch (error) {
|
||||
logger.error("Failed to initialize regional Redis client:", error);
|
||||
this.isEnabled = false;
|
||||
}
|
||||
}
|
||||
|
||||
public isRedisEnabled(): boolean {
|
||||
return this.isEnabled && this.writeClient !== null && this.isHealthy;
|
||||
}
|
||||
|
||||
public getHealthStatus() {
|
||||
return { isEnabled: this.isEnabled, isHealthy: this.isHealthy };
|
||||
}
|
||||
|
||||
public async set(
|
||||
key: string,
|
||||
value: string,
|
||||
ttl?: number
|
||||
): Promise<boolean> {
|
||||
if (!this.isRedisEnabled() || !this.writeClient) return false;
|
||||
try {
|
||||
if (ttl) {
|
||||
await this.writeClient.setex(key, ttl, value);
|
||||
} else {
|
||||
await this.writeClient.set(key, value);
|
||||
}
|
||||
return true;
|
||||
} catch (error) {
|
||||
logger.error("Regional Redis SET error:", error);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
public async get(key: string): Promise<string | null> {
|
||||
if (!this.isRedisEnabled() || !this.readClient) return null;
|
||||
try {
|
||||
return await this.readClient.get(key);
|
||||
} catch (error) {
|
||||
logger.error("Regional Redis GET error:", error);
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
public async del(key: string): Promise<boolean> {
|
||||
if (!this.isRedisEnabled() || !this.writeClient) return false;
|
||||
try {
|
||||
await this.writeClient.del(key);
|
||||
return true;
|
||||
} catch (error) {
|
||||
logger.error("Regional Redis DEL error:", error);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
public async keys(pattern: string): Promise<string[]> {
|
||||
if (!this.isRedisEnabled() || !this.readClient) return [];
|
||||
try {
|
||||
return await this.readClient.keys(pattern);
|
||||
} catch (error) {
|
||||
logger.error("Regional Redis KEYS error:", error);
|
||||
return [];
|
||||
}
|
||||
}
|
||||
|
||||
public async disconnect(): Promise<void> {
|
||||
try {
|
||||
if (this.writeClient) {
|
||||
await this.writeClient.quit();
|
||||
this.writeClient = null;
|
||||
}
|
||||
this.readClient = null;
|
||||
logger.info("Regional Redis client disconnected");
|
||||
} catch (error) {
|
||||
logger.error("Error disconnecting regional Redis client:", error);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
export const regionalRedisManager = new RegionalRedisManager();
|
||||
|
||||
@@ -16,6 +16,7 @@ import { customers, db, subscriptions } from "@server/db";
|
||||
import { eq } from "drizzle-orm";
|
||||
import logger from "@server/logger";
|
||||
import { generateId } from "@server/auth/sessions/app";
|
||||
import { handleSubscriptionLifesycle } from "../subscriptionLifecycle";
|
||||
|
||||
export async function handleCustomerCreated(
|
||||
customer: Stripe.Customer
|
||||
@@ -62,6 +63,13 @@ export async function handleCustomerCreated(
|
||||
expiresAt: trialExpiresAt,
|
||||
trial: true
|
||||
});
|
||||
|
||||
// update to the business limits for the trial
|
||||
await handleSubscriptionLifesycle(
|
||||
customer.metadata.orgId,
|
||||
"active",
|
||||
"tier3"
|
||||
);
|
||||
});
|
||||
|
||||
logger.info(`Customer with ID ${customer.id} created successfully.`);
|
||||
|
||||
@@ -44,7 +44,7 @@ function getLimitSetForSubscriptionType(
|
||||
export async function handleSubscriptionLifesycle(
|
||||
orgId: string,
|
||||
status: string,
|
||||
subType: SubscriptionType | null
|
||||
subType: SubscriptionType | null = null
|
||||
) {
|
||||
switch (status) {
|
||||
case "active":
|
||||
|
||||
@@ -90,14 +90,13 @@ export async function createCertificate(
|
||||
domainToWrite = `*.${domainToWrite}`;
|
||||
}
|
||||
} else if (domainRecord.type == "ns") {
|
||||
// first if we have a * in the domain for this case we dont want to include it because it will mess with the cert generator so remove it
|
||||
if (domain.startsWith("*.")) {
|
||||
domain = domain.slice(2);
|
||||
}
|
||||
|
||||
const parts = domain.split(".");
|
||||
if (parts.length > 2) {
|
||||
domainToWrite = parts.slice(1).join(".");
|
||||
if (domain == domainRecord.baseDomain) {
|
||||
domainToWrite = domainRecord.baseDomain;
|
||||
} else {
|
||||
const parts = domain.split(".");
|
||||
if (parts.length > 2) {
|
||||
domainToWrite = parts.slice(1).join(".");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -24,13 +24,18 @@ import { fromError } from "zod-validation-error";
|
||||
import { sendEmail } from "@server/emails";
|
||||
import NotifyTrialExpiring from "@server/emails/templates/NotifyTrialExpiring";
|
||||
import config from "@server/lib/config";
|
||||
import { handleSubscriptionLifesycle } from "../billing/subscriptionLifecycle";
|
||||
|
||||
const sendTrialNotificationParamsSchema = z.object({
|
||||
orgId: z.string()
|
||||
});
|
||||
|
||||
const sendTrialNotificationBodySchema = z.object({
|
||||
notificationType: z.enum(["trial_ending_5d", "trial_ending_24h", "trial_ended"]),
|
||||
notificationType: z.enum([
|
||||
"trial_ending_5d",
|
||||
"trial_ending_24h",
|
||||
"trial_ended"
|
||||
]),
|
||||
orgName: z.string(),
|
||||
trialEndsAt: z.number(),
|
||||
billingLink: z.string().optional()
|
||||
@@ -69,9 +74,7 @@ async function getOrgAdmins(orgId: string) {
|
||||
)
|
||||
);
|
||||
|
||||
const byUserId = new Map(
|
||||
admins.map((a) => [a.userId, a])
|
||||
);
|
||||
const byUserId = new Map(admins.map((a) => [a.userId, a]));
|
||||
const orgAdmins = Array.from(byUserId.values()).filter(
|
||||
(admin) => admin.email && admin.email.length > 0
|
||||
);
|
||||
@@ -108,8 +111,12 @@ export async function sendTrialNotification(
|
||||
}
|
||||
|
||||
const { orgId } = parsedParams.data;
|
||||
const { notificationType, orgName, trialEndsAt, billingLink: bodyBillingLink } =
|
||||
parsedBody.data;
|
||||
const {
|
||||
notificationType,
|
||||
orgName,
|
||||
trialEndsAt,
|
||||
billingLink: bodyBillingLink
|
||||
} = parsedBody.data;
|
||||
|
||||
// Verify organization exists
|
||||
const org = await db
|
||||
@@ -146,13 +153,17 @@ export async function sendTrialNotification(
|
||||
bodyBillingLink ??
|
||||
`${config.getRawConfig().app.dashboard_url}/${orgId}/settings/billing`;
|
||||
|
||||
const trialEndsAtFormatted = new Date(trialEndsAt * 1000).toLocaleDateString(
|
||||
"en-US",
|
||||
{ year: "numeric", month: "long", day: "numeric" }
|
||||
);
|
||||
const trialEndsAtFormatted = new Date(
|
||||
trialEndsAt * 1000
|
||||
).toLocaleDateString("en-US", {
|
||||
year: "numeric",
|
||||
month: "long",
|
||||
day: "numeric"
|
||||
});
|
||||
|
||||
let daysRemaining: number | null;
|
||||
let subject: string;
|
||||
let resetLimits = false;
|
||||
|
||||
if (notificationType === "trial_ending_5d") {
|
||||
daysRemaining = 5;
|
||||
@@ -163,6 +174,7 @@ export async function sendTrialNotification(
|
||||
} else {
|
||||
daysRemaining = null;
|
||||
subject = "Your trial has ended";
|
||||
resetLimits = true;
|
||||
}
|
||||
|
||||
let emailsSent = 0;
|
||||
@@ -201,6 +213,14 @@ export async function sendTrialNotification(
|
||||
}
|
||||
}
|
||||
|
||||
if (resetLimits) {
|
||||
// this will only fire if they have not upgraded yet because when upgrading we delete the trial
|
||||
await handleSubscriptionLifesycle(orgId, "cancled");
|
||||
logger.debug(
|
||||
`Trial ended for org ${orgId}, limits reset to free tier`
|
||||
);
|
||||
}
|
||||
|
||||
return response<SendTrialNotificationResponse>(res, {
|
||||
data: {
|
||||
success: true,
|
||||
@@ -221,4 +241,4 @@ export async function sendTrialNotification(
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -22,7 +22,7 @@ import {
|
||||
Olm,
|
||||
olms,
|
||||
RemoteExitNode,
|
||||
remoteExitNodes,
|
||||
remoteExitNodes
|
||||
} from "@server/db";
|
||||
import { eq } from "drizzle-orm";
|
||||
import { db } from "@server/db";
|
||||
@@ -194,8 +194,6 @@ const connectedClients: Map<string, AuthenticatedWebSocket[]> = new Map();
|
||||
// Config version tracking map (local to this node, resets on server restart)
|
||||
const clientConfigVersions: Map<string, number> = new Map();
|
||||
|
||||
|
||||
|
||||
// Recovery tracking
|
||||
let isRedisRecoveryInProgress = false;
|
||||
|
||||
@@ -406,6 +404,9 @@ const removeClient = async (
|
||||
const updatedClients = existingClients.filter((client) => client !== ws);
|
||||
if (updatedClients.length === 0) {
|
||||
connectedClients.delete(mapKey);
|
||||
// Remove clientId from clientConfigVersions on disconnect — prevents
|
||||
// unbounded memory growth from stale entries.
|
||||
clientConfigVersions.delete(clientId);
|
||||
|
||||
if (redisManager.isRedisEnabled()) {
|
||||
try {
|
||||
@@ -1097,6 +1098,11 @@ const disconnectClient = async (clientId: string): Promise<boolean> => {
|
||||
}
|
||||
});
|
||||
|
||||
// Eagerly remove client — close event may not fire if socket is already
|
||||
// CLOSING, leaving zombie entries.
|
||||
connectedClients.delete(mapKey);
|
||||
clientConfigVersions.delete(clientId);
|
||||
|
||||
return true;
|
||||
};
|
||||
|
||||
|
||||
@@ -1003,7 +1003,11 @@ async function checkRules(
|
||||
isIpInCidr(clientIp, rule.value)
|
||||
) {
|
||||
return rule.action as any;
|
||||
} else if (clientIp && rule.match == "IP" && clientIp == rule.value) {
|
||||
} else if (
|
||||
clientIp &&
|
||||
rule.match == "IP" &&
|
||||
clientIp == rule.value
|
||||
) {
|
||||
return rule.action as any;
|
||||
} else if (
|
||||
path &&
|
||||
@@ -1013,16 +1017,35 @@ async function checkRules(
|
||||
return rule.action as any;
|
||||
} else if (
|
||||
clientIp &&
|
||||
rule.match == "COUNTRY" &&
|
||||
(await isIpInGeoIP(ipCC, rule.value))
|
||||
rule.match == "COUNTRY"
|
||||
) {
|
||||
return rule.action as any;
|
||||
// COUNTRY=ALL should not affect local/private/CGNAT addresses.
|
||||
if (
|
||||
rule.value.toUpperCase() === "ALL" &&
|
||||
isLocalOrCarrierGradeNatIp(clientIp)
|
||||
) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (await isIpInGeoIP(ipCC, rule.value)) {
|
||||
return rule.action as any;
|
||||
}
|
||||
} else if (
|
||||
clientIp &&
|
||||
rule.match == "ASN" &&
|
||||
(await isIpInAsn(ipAsn, rule.value))
|
||||
rule.match == "ASN"
|
||||
) {
|
||||
return rule.action as any;
|
||||
// ASN=ALL/AS0 should not affect local/private/CGNAT addresses.
|
||||
if (
|
||||
(rule.value.toUpperCase() === "ALL" ||
|
||||
rule.value.toUpperCase() === "AS0") &&
|
||||
isLocalOrCarrierGradeNatIp(clientIp)
|
||||
) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (await isIpInAsn(ipAsn, rule.value)) {
|
||||
return rule.action as any;
|
||||
}
|
||||
} else if (
|
||||
clientIp &&
|
||||
rule.match == "REGION" &&
|
||||
@@ -1184,6 +1207,26 @@ async function isIpInGeoIP(
|
||||
return ipCountryCode?.toUpperCase() === checkCountryCode.toUpperCase();
|
||||
}
|
||||
|
||||
function isLocalOrCarrierGradeNatIp(ip: string): boolean {
|
||||
const localAndCgnatCidrs = [
|
||||
"10.0.0.0/8",
|
||||
"172.16.0.0/12",
|
||||
"192.168.0.0/16",
|
||||
"100.64.0.0/10",
|
||||
"127.0.0.0/8",
|
||||
"169.254.0.0/16",
|
||||
"::1/128",
|
||||
"fc00::/7",
|
||||
"fe80::/10"
|
||||
];
|
||||
|
||||
try {
|
||||
return localAndCgnatCidrs.some((cidr) => isIpInCidr(ip, cidr));
|
||||
} catch {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
async function isIpInAsn(
|
||||
ipAsn: number | undefined,
|
||||
checkAsn: string
|
||||
|
||||
@@ -38,10 +38,7 @@ import { calculateUserClientsForOrgs } from "@server/lib/calculateUserClientsFor
|
||||
import { isSubscribed } from "#dynamic/lib/isSubscribed";
|
||||
import { isLicensedOrSubscribed } from "#dynamic/lib/isLicencedOrSubscribed";
|
||||
import { tierMatrix } from "@server/lib/billing/tierMatrix";
|
||||
import {
|
||||
assignUserToOrg,
|
||||
removeUserFromOrg
|
||||
} from "@server/lib/userOrg";
|
||||
import { assignUserToOrg, removeUserFromOrg } from "@server/lib/userOrg";
|
||||
import { unwrapRoleMapping } from "@app/lib/idpRoleMapping";
|
||||
|
||||
const ensureTrailingSlash = (url: string): string => {
|
||||
@@ -344,13 +341,6 @@ export async function validateOidcCallback(
|
||||
if (!subscribed) {
|
||||
// filter out the org
|
||||
allOrgs = allOrgs.filter((o) => o.orgId !== org.orgId);
|
||||
|
||||
// return next(
|
||||
// createHttpError(
|
||||
// HttpCode.FORBIDDEN,
|
||||
// "This organization's current plan does not support this feature."
|
||||
// )
|
||||
// );
|
||||
}
|
||||
}
|
||||
} else {
|
||||
@@ -396,16 +386,14 @@ export async function validateOidcCallback(
|
||||
idpOrgRes?.roleMapping || defaultRoleMapping;
|
||||
if (roleMapping) {
|
||||
logger.debug("Role Mapping", { roleMapping });
|
||||
const roleMappingJmes = unwrapRoleMapping(
|
||||
roleMapping
|
||||
).evaluationExpression;
|
||||
const roleMappingJmes =
|
||||
unwrapRoleMapping(roleMapping).evaluationExpression;
|
||||
const roleMappingResult = jmespath.search(
|
||||
claims,
|
||||
roleMappingJmes
|
||||
);
|
||||
const roleNames = normalizeRoleMappingResult(
|
||||
roleMappingResult
|
||||
);
|
||||
const roleNames =
|
||||
normalizeRoleMappingResult(roleMappingResult);
|
||||
|
||||
const supportsMultiRole = await isLicensedOrSubscribed(
|
||||
org.orgId,
|
||||
@@ -495,7 +483,14 @@ export async function validateOidcCallback(
|
||||
}
|
||||
}
|
||||
|
||||
await calculateUserClientsForOrgs(existingUser.userId);
|
||||
calculateUserClientsForOrgs(existingUser.userId).catch(
|
||||
(err) => {
|
||||
logger.error(
|
||||
"Error calculating user clients after removing all orgs for user with no valid IdP mappings",
|
||||
{ error: err }
|
||||
);
|
||||
}
|
||||
);
|
||||
|
||||
return next(
|
||||
createHttpError(
|
||||
@@ -515,12 +510,11 @@ export async function validateOidcCallback(
|
||||
}
|
||||
}
|
||||
|
||||
const orgUserCounts: { orgId: string; userCount: number }[] = [];
|
||||
const orgUserCounts: { orgId: string; userCount: number }[] = [];
|
||||
|
||||
let userId = existingUser?.userId;
|
||||
// sync the user with the orgs and roles
|
||||
await db.transaction(async (trx) => {
|
||||
let userId = existingUser?.userId;
|
||||
|
||||
// create user if not exists
|
||||
if (!existingUser) {
|
||||
userId = generateId(15);
|
||||
@@ -628,7 +622,7 @@ export async function validateOidcCallback(
|
||||
{
|
||||
orgId: org.orgId,
|
||||
userId: userId!,
|
||||
autoProvisioned: true,
|
||||
autoProvisioned: true
|
||||
},
|
||||
org.roleIds,
|
||||
trx
|
||||
@@ -650,8 +644,15 @@ export async function validateOidcCallback(
|
||||
userCount: userCount.length
|
||||
});
|
||||
}
|
||||
});
|
||||
|
||||
db.transaction(async (trx) => {
|
||||
await calculateUserClientsForOrgs(userId!, trx);
|
||||
}).catch((err) => {
|
||||
logger.error(
|
||||
"Error calculating user clients after syncing orgs and roles for OIDC user",
|
||||
{ error: err }
|
||||
);
|
||||
});
|
||||
|
||||
for (const orgCount of orgUserCounts) {
|
||||
@@ -758,9 +759,7 @@ function hydrateOrgMapping(
|
||||
return orgMapping.split("{{orgId}}").join(orgId);
|
||||
}
|
||||
|
||||
function normalizeRoleMappingResult(
|
||||
result: unknown
|
||||
): string[] {
|
||||
function normalizeRoleMappingResult(result: unknown): string[] {
|
||||
if (typeof result === "string") {
|
||||
const role = result.trim();
|
||||
return role ? [role] : [];
|
||||
@@ -770,7 +769,9 @@ function normalizeRoleMappingResult(
|
||||
return [
|
||||
...new Set(
|
||||
result
|
||||
.filter((value): value is string => typeof value === "string")
|
||||
.filter(
|
||||
(value): value is string => typeof value === "string"
|
||||
)
|
||||
.map((value) => value.trim())
|
||||
.filter(Boolean)
|
||||
)
|
||||
|
||||
@@ -56,6 +56,8 @@ function queryTargets(resourceId: number) {
|
||||
hcStatus: targetHealthCheck.hcStatus,
|
||||
hcHealth: targetHealthCheck.hcHealth,
|
||||
hcTlsServerName: targetHealthCheck.hcTlsServerName,
|
||||
hcHealthyThreshold: targetHealthCheck.hcHealthyThreshold,
|
||||
hcUnhealthyThreshold: targetHealthCheck.hcUnhealthyThreshold,
|
||||
path: targets.path,
|
||||
pathMatchType: targets.pathMatchType,
|
||||
rewritePath: targets.rewritePath,
|
||||
|
||||
@@ -3,7 +3,15 @@ import zlib from "zlib";
|
||||
import { Server as HttpServer } from "http";
|
||||
import { WebSocket, WebSocketServer } from "ws";
|
||||
import { Socket } from "net";
|
||||
import { Newt, newts, NewtSession, olms, Olm, OlmSession, sites } from "@server/db";
|
||||
import {
|
||||
Newt,
|
||||
newts,
|
||||
NewtSession,
|
||||
olms,
|
||||
Olm,
|
||||
OlmSession,
|
||||
sites
|
||||
} from "@server/db";
|
||||
import { eq } from "drizzle-orm";
|
||||
import { db } from "@server/db";
|
||||
import { recordPing } from "@server/routers/newt/pingAccumulator";
|
||||
@@ -80,6 +88,9 @@ const removeClient = async (
|
||||
const updatedClients = existingClients.filter((client) => client !== ws);
|
||||
if (updatedClients.length === 0) {
|
||||
connectedClients.delete(mapKey);
|
||||
// Remove clientId from clientConfigVersions — prevents unbounded growth
|
||||
// from stale entries.
|
||||
clientConfigVersions.delete(clientId);
|
||||
|
||||
logger.info(
|
||||
`All connections removed for ${clientType.toUpperCase()} ID: ${clientId}`
|
||||
@@ -218,9 +229,13 @@ const hasActiveConnections = async (clientId: string): Promise<boolean> => {
|
||||
};
|
||||
|
||||
// Get the current config version for a client
|
||||
const getClientConfigVersion = async (clientId: string): Promise<number | undefined> => {
|
||||
const getClientConfigVersion = async (
|
||||
clientId: string
|
||||
): Promise<number | undefined> => {
|
||||
const version = clientConfigVersions.get(clientId);
|
||||
logger.debug(`getClientConfigVersion called for clientId: ${clientId}, returning: ${version} (type: ${typeof version})`);
|
||||
logger.debug(
|
||||
`getClientConfigVersion called for clientId: ${clientId}, returning: ${version} (type: ${typeof version})`
|
||||
);
|
||||
return version;
|
||||
};
|
||||
|
||||
@@ -507,6 +522,11 @@ const disconnectClient = async (clientId: string): Promise<boolean> => {
|
||||
}
|
||||
});
|
||||
|
||||
// Eagerly remove client — close event may not fire if socket already
|
||||
// CLOSING, leaving zombie entries.
|
||||
connectedClients.delete(mapKey);
|
||||
clientConfigVersions.delete(clientId);
|
||||
|
||||
return true;
|
||||
};
|
||||
|
||||
|
||||
@@ -23,6 +23,7 @@ import m14 from "./scriptsPg/1.15.4";
|
||||
import m15 from "./scriptsPg/1.16.0";
|
||||
import m16 from "./scriptsPg/1.17.0";
|
||||
import m17 from "./scriptsPg/1.18.0";
|
||||
import m18 from "./scriptsPg/1.18.3";
|
||||
|
||||
// THIS CANNOT IMPORT ANYTHING FROM THE SERVER
|
||||
// EXCEPT FOR THE DATABASE AND THE SCHEMA
|
||||
@@ -45,7 +46,8 @@ const migrations = [
|
||||
{ version: "1.15.4", run: m14 },
|
||||
{ version: "1.16.0", run: m15 },
|
||||
{ version: "1.17.0", run: m16 },
|
||||
{ version: "1.18.0", run: m17 }
|
||||
{ version: "1.18.0", run: m17 },
|
||||
{ version: "1.18.3", run: m18 }
|
||||
// Add new migrations here as they are created
|
||||
] as {
|
||||
version: string;
|
||||
|
||||
@@ -41,6 +41,7 @@ import m35 from "./scriptsSqlite/1.15.4";
|
||||
import m36 from "./scriptsSqlite/1.16.0";
|
||||
import m37 from "./scriptsSqlite/1.17.0";
|
||||
import m38 from "./scriptsSqlite/1.18.0";
|
||||
import m39 from "./scriptsSqlite/1.18.3";
|
||||
|
||||
// THIS CANNOT IMPORT ANYTHING FROM THE SERVER
|
||||
// EXCEPT FOR THE DATABASE AND THE SCHEMA
|
||||
@@ -79,7 +80,8 @@ const migrations = [
|
||||
{ version: "1.15.4", run: m35 },
|
||||
{ version: "1.16.0", run: m36 },
|
||||
{ version: "1.17.0", run: m37 },
|
||||
{ version: "1.18.0", run: m38 }
|
||||
{ version: "1.18.0", run: m38 },
|
||||
{ version: "1.18.3", run: m39 }
|
||||
// Add new migrations here as they are created
|
||||
] as const;
|
||||
|
||||
|
||||
173
server/setup/scriptsPg/1.18.3.ts
Normal file
173
server/setup/scriptsPg/1.18.3.ts
Normal file
@@ -0,0 +1,173 @@
|
||||
import { db } from "@server/db/pg/driver";
|
||||
import { sql } from "drizzle-orm";
|
||||
|
||||
const version = "1.18.3";
|
||||
|
||||
export default async function migration() {
|
||||
console.log(`Running setup script ${version}...`);
|
||||
|
||||
// Query existing targetHealthCheck data with joined siteId and orgId before
|
||||
// the transaction adds the new columns (which start NULL for existing rows).
|
||||
// We will delete all rows and reinsert them with targetHealthCheckId = targetId
|
||||
// so the two IDs form a stable 1:1 mapping.
|
||||
const healthChecksQuery = await db.execute(
|
||||
sql`SELECT
|
||||
thc."targetHealthCheckId",
|
||||
thc."targetId",
|
||||
t."siteId",
|
||||
s."orgId",
|
||||
r."name" AS "resourceName",
|
||||
t."ip",
|
||||
t."port"
|
||||
FROM "targetHealthCheck" thc
|
||||
JOIN "targets" t ON thc."targetId" = t."targetId"
|
||||
JOIN "sites" s ON t."siteId" = s."siteId"
|
||||
JOIN "resources" r ON t."resourceId" = r."resourceId"
|
||||
WHERE thc."name" IS NULL OR thc."name" = ''`
|
||||
);
|
||||
|
||||
const existingHealthChecks = healthChecksQuery.rows as {
|
||||
targetHealthCheckId: number;
|
||||
targetId: number;
|
||||
siteId: number;
|
||||
orgId: string;
|
||||
resourceName: string;
|
||||
ip: string;
|
||||
port: number;
|
||||
}[];
|
||||
|
||||
console.log(
|
||||
`Found ${existingHealthChecks.length} existing targetHealthCheck row(s) to migrate`
|
||||
);
|
||||
|
||||
try {
|
||||
await db.execute(sql`BEGIN`);
|
||||
|
||||
await db.execute(sql`
|
||||
CREATE TABLE "trialNotifications" (
|
||||
"notificationId" serial PRIMARY KEY NOT NULL,
|
||||
"subscriptionId" varchar(255) NOT NULL,
|
||||
"notificationType" varchar(50) NOT NULL,
|
||||
"sentAt" bigint NOT NULL
|
||||
);
|
||||
`);
|
||||
|
||||
await db.execute(sql`
|
||||
ALTER TABLE "trialNotifications" ADD CONSTRAINT "trialNotifications_subscriptionId_subscriptions_subscriptionId_fk" FOREIGN KEY ("subscriptionId") REFERENCES "public"."subscriptions"("subscriptionId") ON DELETE cascade ON UPDATE no action;
|
||||
`);
|
||||
|
||||
await db.execute(sql`COMMIT`);
|
||||
console.log("Migrated database");
|
||||
} catch (e) {
|
||||
await db.execute(sql`ROLLBACK`);
|
||||
console.log("Unable to migrate database");
|
||||
console.log(e);
|
||||
throw e;
|
||||
}
|
||||
|
||||
if (existingHealthChecks.length > 0) {
|
||||
// fix the name column
|
||||
try {
|
||||
for (const hc of existingHealthChecks) {
|
||||
await db.execute(sql`
|
||||
UPDATE "targetHealthCheck"
|
||||
SET "name" = ${`Resource ${hc.resourceName} - ${hc.ip}:${hc.port}`}
|
||||
WHERE "targetHealthCheckId" = ${hc.targetHealthCheckId}
|
||||
`);
|
||||
}
|
||||
|
||||
console.log(
|
||||
`Migrated ${existingHealthChecks.length} targetHealthCheck row(s) with corrected IDs`
|
||||
);
|
||||
} catch (e) {
|
||||
console.error("Error while migrating targetHealthCheck rows:", e);
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
||||
// Recompute resource health by aggregating across the resource's targets'
|
||||
// target health checks, then update the resources.health column to match.
|
||||
try {
|
||||
const resourceTargetHealthQuery = await db.execute(
|
||||
sql`SELECT
|
||||
r."resourceId" AS "resourceId",
|
||||
r."orgId" AS "orgId",
|
||||
r."health" AS "currentHealth",
|
||||
thc."hcHealth" AS "hcHealth"
|
||||
FROM "resources" r
|
||||
LEFT JOIN "targets" t ON t."resourceId" = r."resourceId"
|
||||
LEFT JOIN "targetHealthCheck" thc ON thc."targetId" = t."targetId"`
|
||||
);
|
||||
const resourceTargetHealthRows = resourceTargetHealthQuery.rows as {
|
||||
resourceId: number;
|
||||
orgId: string;
|
||||
currentHealth: string | null;
|
||||
hcHealth: string | null;
|
||||
}[];
|
||||
|
||||
const resourceHealthMap = new Map<
|
||||
number,
|
||||
{
|
||||
hasHealthy: boolean;
|
||||
hasUnhealthy: boolean;
|
||||
hasUnknown: boolean;
|
||||
orgId: string;
|
||||
currentHealth: string | null;
|
||||
}
|
||||
>();
|
||||
for (const row of resourceTargetHealthRows) {
|
||||
const entry = resourceHealthMap.get(row.resourceId) ?? {
|
||||
hasHealthy: false,
|
||||
hasUnhealthy: false,
|
||||
hasUnknown: false,
|
||||
orgId: row.orgId,
|
||||
currentHealth: row.currentHealth
|
||||
};
|
||||
const status = row.hcHealth ?? "unknown";
|
||||
if (status === "healthy") entry.hasHealthy = true;
|
||||
else if (status === "unhealthy") entry.hasUnhealthy = true;
|
||||
else entry.hasUnknown = true;
|
||||
resourceHealthMap.set(row.resourceId, entry);
|
||||
}
|
||||
|
||||
const now = Math.floor(Date.now() / 1000);
|
||||
let updatedResourceCount = 0;
|
||||
for (const [resourceId, entry] of resourceHealthMap.entries()) {
|
||||
let aggregated: "healthy" | "unhealthy" | "degraded" | "unknown";
|
||||
if (entry.hasHealthy && entry.hasUnhealthy) {
|
||||
aggregated = "degraded";
|
||||
} else if (entry.hasHealthy) {
|
||||
aggregated = "healthy";
|
||||
} else if (entry.hasUnhealthy) {
|
||||
aggregated = "unhealthy";
|
||||
} else {
|
||||
aggregated = "unknown";
|
||||
}
|
||||
|
||||
if (entry.currentHealth !== aggregated) {
|
||||
await db.execute(sql`
|
||||
UPDATE "resources"
|
||||
SET "health" = ${aggregated}
|
||||
WHERE "resourceId" = ${resourceId}
|
||||
`);
|
||||
await db.execute(sql`
|
||||
INSERT INTO "statusHistory" ("entityType", "entityId", "orgId", "status", "timestamp")
|
||||
VALUES ('resource', ${resourceId}, ${entry.orgId}, ${aggregated}, ${now})
|
||||
`);
|
||||
updatedResourceCount++;
|
||||
}
|
||||
}
|
||||
|
||||
console.log(
|
||||
`Recomputed health for ${updatedResourceCount} resource(s) based on target health checks`
|
||||
);
|
||||
} catch (e) {
|
||||
console.error(
|
||||
"Error while recomputing resource health from target health checks:",
|
||||
e
|
||||
);
|
||||
throw e;
|
||||
}
|
||||
|
||||
console.log(`${version} migration complete`);
|
||||
}
|
||||
172
server/setup/scriptsSqlite/1.18.3.ts
Normal file
172
server/setup/scriptsSqlite/1.18.3.ts
Normal file
@@ -0,0 +1,172 @@
|
||||
import { APP_PATH } from "@server/lib/consts";
|
||||
import Database from "better-sqlite3";
|
||||
import path from "path";
|
||||
|
||||
const version = "1.18.3";
|
||||
|
||||
export default async function migration() {
|
||||
console.log(`Running setup script ${version}...`);
|
||||
|
||||
const location = path.join(APP_PATH, "db", "db.sqlite");
|
||||
const db = new Database(location);
|
||||
|
||||
try {
|
||||
db.pragma("foreign_keys = OFF");
|
||||
|
||||
db.transaction(() => {
|
||||
db.prepare(
|
||||
`
|
||||
CREATE TABLE 'trialNotifications' (
|
||||
'notificationId' integer PRIMARY KEY AUTOINCREMENT NOT NULL,
|
||||
'subscriptionId' text NOT NULL,
|
||||
'notificationType' text NOT NULL,
|
||||
'sentAt' integer NOT NULL,
|
||||
FOREIGN KEY ('subscriptionId') REFERENCES 'subscriptions'('subscriptionId') ON UPDATE no action ON DELETE cascade
|
||||
);
|
||||
`
|
||||
).run();
|
||||
})();
|
||||
|
||||
db.pragma("foreign_keys = ON");
|
||||
|
||||
console.log("Migrated database");
|
||||
|
||||
// Fix names for health checks that don't have one
|
||||
const healthChecksWithoutName = db
|
||||
.prepare(
|
||||
`SELECT
|
||||
thc."targetHealthCheckId",
|
||||
r."name" AS "resourceName",
|
||||
t."ip",
|
||||
t."port"
|
||||
FROM 'targetHealthCheck' thc
|
||||
JOIN 'targets' t ON thc."targetId" = t."targetId"
|
||||
JOIN 'resources' r ON t."resourceId" = r."resourceId"
|
||||
WHERE thc."name" IS NULL OR thc."name" = ''`
|
||||
)
|
||||
.all() as {
|
||||
targetHealthCheckId: number;
|
||||
resourceName: string;
|
||||
ip: string;
|
||||
port: number;
|
||||
}[];
|
||||
|
||||
console.log(
|
||||
`Found ${healthChecksWithoutName.length} targetHealthCheck row(s) with missing names`
|
||||
);
|
||||
|
||||
if (healthChecksWithoutName.length > 0) {
|
||||
const updateName = db.prepare(
|
||||
`UPDATE 'targetHealthCheck' SET "name" = ? WHERE "targetHealthCheckId" = ?`
|
||||
);
|
||||
const updateAllNames = db.transaction(() => {
|
||||
for (const hc of healthChecksWithoutName) {
|
||||
updateName.run(
|
||||
`Resource ${hc.resourceName} - ${hc.ip}:${hc.port}`,
|
||||
hc.targetHealthCheckId
|
||||
);
|
||||
}
|
||||
});
|
||||
updateAllNames();
|
||||
console.log(
|
||||
`Updated names for ${healthChecksWithoutName.length} targetHealthCheck row(s)`
|
||||
);
|
||||
}
|
||||
|
||||
// Recompute resource health by aggregating across the resource's
|
||||
// targets' target health checks, then update resources.health and
|
||||
// insert a statusHistory entry for any resource whose health changed.
|
||||
const resourceTargetHealthRows = db
|
||||
.prepare(
|
||||
`SELECT
|
||||
r."resourceId" AS "resourceId",
|
||||
r."orgId" AS "orgId",
|
||||
r."health" AS "currentHealth",
|
||||
thc."hcHealth" AS "hcHealth"
|
||||
FROM 'resources' r
|
||||
LEFT JOIN 'targets' t ON t."resourceId" = r."resourceId"
|
||||
LEFT JOIN 'targetHealthCheck' thc ON thc."targetId" = t."targetId"`
|
||||
)
|
||||
.all() as {
|
||||
resourceId: number;
|
||||
orgId: string;
|
||||
currentHealth: string | null;
|
||||
hcHealth: string | null;
|
||||
}[];
|
||||
|
||||
const resourceHealthMap = new Map<
|
||||
number,
|
||||
{
|
||||
hasHealthy: boolean;
|
||||
hasUnhealthy: boolean;
|
||||
hasUnknown: boolean;
|
||||
orgId: string;
|
||||
currentHealth: string | null;
|
||||
}
|
||||
>();
|
||||
for (const row of resourceTargetHealthRows) {
|
||||
const entry = resourceHealthMap.get(row.resourceId) ?? {
|
||||
hasHealthy: false,
|
||||
hasUnhealthy: false,
|
||||
hasUnknown: false,
|
||||
orgId: row.orgId,
|
||||
currentHealth: row.currentHealth
|
||||
};
|
||||
const status = row.hcHealth ?? "unknown";
|
||||
if (status === "healthy") entry.hasHealthy = true;
|
||||
else if (status === "unhealthy") entry.hasUnhealthy = true;
|
||||
else entry.hasUnknown = true;
|
||||
resourceHealthMap.set(row.resourceId, entry);
|
||||
}
|
||||
|
||||
const updateResourceHealth = db.prepare(
|
||||
`UPDATE 'resources' SET "health" = ? WHERE "resourceId" = ?`
|
||||
);
|
||||
const insertResourceHistory = db.prepare(
|
||||
`INSERT INTO 'statusHistory' ("entityType", "entityId", "orgId", "status", "timestamp") VALUES (?, ?, ?, ?, ?)`
|
||||
);
|
||||
|
||||
const now = Math.floor(Date.now() / 1000);
|
||||
let updatedResourceCount = 0;
|
||||
|
||||
const recomputeAll = db.transaction(() => {
|
||||
for (const [resourceId, entry] of resourceHealthMap.entries()) {
|
||||
let aggregated:
|
||||
| "healthy"
|
||||
| "unhealthy"
|
||||
| "degraded"
|
||||
| "unknown";
|
||||
if (entry.hasHealthy && entry.hasUnhealthy) {
|
||||
aggregated = "degraded";
|
||||
} else if (entry.hasHealthy) {
|
||||
aggregated = "healthy";
|
||||
} else if (entry.hasUnhealthy) {
|
||||
aggregated = "unhealthy";
|
||||
} else {
|
||||
aggregated = "unknown";
|
||||
}
|
||||
|
||||
if (entry.currentHealth !== aggregated) {
|
||||
updateResourceHealth.run(aggregated, resourceId);
|
||||
insertResourceHistory.run(
|
||||
"resource",
|
||||
resourceId,
|
||||
entry.orgId,
|
||||
aggregated,
|
||||
now
|
||||
);
|
||||
updatedResourceCount++;
|
||||
}
|
||||
}
|
||||
});
|
||||
recomputeAll();
|
||||
console.log(
|
||||
`Recomputed health for ${updatedResourceCount} resource(s) based on target health checks`
|
||||
);
|
||||
} catch (e) {
|
||||
console.log("Failed to migrate db:", e);
|
||||
throw e;
|
||||
}
|
||||
|
||||
console.log(`${version} migration complete`);
|
||||
}
|
||||
@@ -35,6 +35,7 @@ import {
|
||||
} from "@app/components/Credenza";
|
||||
import { cn } from "@app/lib/cn";
|
||||
import { CreditCard, ExternalLink, Check, AlertTriangle } from "lucide-react";
|
||||
import { Badge } from "@app/components/ui/badge";
|
||||
import { Alert, AlertTitle, AlertDescription } from "@app/components/ui/alert";
|
||||
import {
|
||||
Tooltip,
|
||||
@@ -55,6 +56,7 @@ import {
|
||||
tier3LimitSet
|
||||
} from "@server/lib/billing/limitSet";
|
||||
import { FeatureId } from "@server/lib/billing/features";
|
||||
import TrialBillingBanner from "@app/components/TrialBillingBanner";
|
||||
|
||||
// Plan tier definitions matching the mockup
|
||||
type PlanId = "basic" | "home" | "team" | "business" | "enterprise";
|
||||
@@ -805,6 +807,20 @@ export default function BillingPage() {
|
||||
|
||||
return (
|
||||
<SettingsContainer>
|
||||
{/* Trial Banner */}
|
||||
{isTrial && (
|
||||
<TrialBillingBanner
|
||||
onUpgrade={() => {
|
||||
const currentPlan = planOptions.find(
|
||||
(p) => p.id === currentPlanId
|
||||
);
|
||||
if (currentPlan?.tierType) {
|
||||
handleStartSubscription(currentPlan.tierType);
|
||||
}
|
||||
}}
|
||||
/>
|
||||
)}
|
||||
|
||||
{/* Subscription Status Alert */}
|
||||
{isProblematicState && statusMessage && (
|
||||
<Alert variant="destructive" className="mb-6">
|
||||
@@ -859,8 +875,19 @@ export default function BillingPage() {
|
||||
)}
|
||||
>
|
||||
<div className="flex-1">
|
||||
<div className="text-2xl">
|
||||
{plan.name}
|
||||
<div className="flex items-center gap-2 flex-wrap">
|
||||
<span className="text-2xl">
|
||||
{plan.name}
|
||||
</span>
|
||||
{isCurrentPlan && isTrial && (
|
||||
<Badge
|
||||
variant="outlinePrimary"
|
||||
className="text-xs"
|
||||
>
|
||||
{t("billingTrialBadge") ||
|
||||
"Free Trial"}
|
||||
</Badge>
|
||||
)}
|
||||
</div>
|
||||
<div className="mt-1">
|
||||
<span className="text-xl">
|
||||
|
||||
@@ -652,6 +652,8 @@ function ProxyResourceTargetsForm({
|
||||
hcMode: null,
|
||||
hcUnhealthyInterval: null,
|
||||
hcTlsServerName: null,
|
||||
hcHealthyThreshold: null,
|
||||
hcUnhealthyThreshold: null,
|
||||
siteType: sites.length > 0 ? sites[0].type : null,
|
||||
new: true,
|
||||
updated: false
|
||||
@@ -761,7 +763,9 @@ function ProxyResourceTargetsForm({
|
||||
hcStatus: target.hcStatus || null,
|
||||
hcUnhealthyInterval: target.hcUnhealthyInterval || null,
|
||||
hcMode: target.hcMode || null,
|
||||
hcTlsServerName: target.hcTlsServerName
|
||||
hcTlsServerName: target.hcTlsServerName,
|
||||
hcHealthyThreshold: target.hcHealthyThreshold || null,
|
||||
hcUnhealthyThreshold: target.hcUnhealthyThreshold || null
|
||||
};
|
||||
|
||||
// Only include path-related fields for HTTP resources
|
||||
@@ -1018,7 +1022,13 @@ function ProxyResourceTargetsForm({
|
||||
30,
|
||||
hcTlsServerName:
|
||||
selectedTargetForHealthCheck.hcTlsServerName ||
|
||||
undefined
|
||||
undefined,
|
||||
hcHealthyThreshold:
|
||||
selectedTargetForHealthCheck.hcHealthyThreshold ||
|
||||
1,
|
||||
hcUnhealthyThreshold:
|
||||
selectedTargetForHealthCheck.hcUnhealthyThreshold ||
|
||||
1
|
||||
}}
|
||||
onChanges={async (config) => {
|
||||
if (selectedTargetForHealthCheck) {
|
||||
|
||||
@@ -303,6 +303,8 @@ export default function Page() {
|
||||
hcMode: null,
|
||||
hcUnhealthyInterval: null,
|
||||
hcTlsServerName: null,
|
||||
hcHealthyThreshold: null,
|
||||
hcUnhealthyThreshold: null,
|
||||
siteType: sites.length > 0 ? sites[0].type : null,
|
||||
new: true,
|
||||
updated: false
|
||||
@@ -552,7 +554,11 @@ export default function Page() {
|
||||
hcUnhealthyInterval:
|
||||
target.hcUnhealthyInterval || null,
|
||||
hcMode: target.hcMode || null,
|
||||
hcTlsServerName: target.hcTlsServerName
|
||||
hcTlsServerName: target.hcTlsServerName,
|
||||
hcHealthyThreshold:
|
||||
target.hcHealthyThreshold || null,
|
||||
hcUnhealthyThreshold:
|
||||
target.hcUnhealthyThreshold || null
|
||||
};
|
||||
|
||||
// Only include path-related fields for HTTP resources
|
||||
@@ -1520,7 +1526,13 @@ export default function Page() {
|
||||
30,
|
||||
hcTlsServerName:
|
||||
selectedTargetForHealthCheck.hcTlsServerName ||
|
||||
undefined
|
||||
undefined,
|
||||
hcHealthyThreshold:
|
||||
selectedTargetForHealthCheck.hcHealthyThreshold ||
|
||||
1,
|
||||
hcUnhealthyThreshold:
|
||||
selectedTargetForHealthCheck.hcUnhealthyThreshold ||
|
||||
1
|
||||
}}
|
||||
onChanges={async (config) => {
|
||||
if (selectedTargetForHealthCheck) {
|
||||
|
||||
@@ -31,8 +31,9 @@ export function CertificateStatusContent({
|
||||
const t = useTranslations();
|
||||
|
||||
const labelClass =
|
||||
"inline-flex shrink-0 items-center self-center text-sm font-medium leading-none";
|
||||
const valueClass = "inline-flex items-center gap-2 text-sm leading-none";
|
||||
"inline-flex shrink-0 items-center self-center text-sm font-medium leading-normal";
|
||||
const valueClass =
|
||||
"inline-flex items-center gap-2 text-sm leading-normal";
|
||||
|
||||
const handleRefresh = async () => {
|
||||
await refreshCert();
|
||||
@@ -133,14 +134,14 @@ export function CertificateStatusContent({
|
||||
{isPending && !disableRestartButton ? (
|
||||
<Button
|
||||
variant="ghost"
|
||||
className="h-auto min-h-0 shrink-0 p-0 text-sm font-normal leading-none inline-flex items-center self-center"
|
||||
className="h-auto min-h-0 shrink-0 p-0 text-sm font-normal leading-normal inline-flex items-center self-center"
|
||||
onClick={handleRefresh}
|
||||
disabled={refreshing}
|
||||
title={t("restartCertificate", {
|
||||
defaultValue: "Restart Certificate"
|
||||
})}
|
||||
>
|
||||
<span className="inline-flex items-center gap-2 leading-none">
|
||||
<span className="inline-flex items-center gap-2 leading-normal">
|
||||
<FileBadge
|
||||
className={`h-4 w-4 shrink-0 ${getStatusColor(cert.status)}`}
|
||||
aria-hidden
|
||||
@@ -148,7 +149,7 @@ export function CertificateStatusContent({
|
||||
{cert.status.charAt(0).toUpperCase() +
|
||||
cert.status.slice(1)}
|
||||
<RotateCw
|
||||
className={`h-3 w-3 shrink-0 ${refreshing ? "animate-spin" : ""}`}
|
||||
className={`h-4 w-4 shrink-0 ${refreshing ? "animate-spin" : ""}`}
|
||||
/>
|
||||
</span>
|
||||
</Button>
|
||||
@@ -164,7 +165,7 @@ export function CertificateStatusContent({
|
||||
<Button
|
||||
size="icon"
|
||||
variant="ghost"
|
||||
className="inline-flex h-auto min-h-0 w-3 shrink-0 items-center justify-center self-center p-0"
|
||||
className="inline-flex h-4 w-4 min-h-0 shrink-0 items-center justify-center self-center p-0"
|
||||
onClick={handleRefresh}
|
||||
disabled={refreshing}
|
||||
title={t("restartCertificate", {
|
||||
@@ -172,7 +173,7 @@ export function CertificateStatusContent({
|
||||
})}
|
||||
>
|
||||
<RotateCw
|
||||
className={`h-3 w-3 shrink-0 ${refreshing ? "animate-spin" : ""}`}
|
||||
className={`h-4 w-4 shrink-0 ${refreshing ? "animate-spin" : ""}`}
|
||||
/>
|
||||
</Button>
|
||||
) : null}
|
||||
|
||||
@@ -33,7 +33,7 @@ const CopyToClipboard = ({
|
||||
<div className="flex items-center space-x-2 min-w-0 max-w-full">
|
||||
<button
|
||||
type="button"
|
||||
className="h-6 w-6 p-0 flex items-center justify-center cursor-pointer flex-shrink-0"
|
||||
className="h-4 w-4 p-0 flex items-center justify-center cursor-pointer flex-shrink-0"
|
||||
onClick={handleCopy}
|
||||
>
|
||||
{!copied ? (
|
||||
|
||||
@@ -13,6 +13,7 @@ type DismissableBannerProps = {
|
||||
titleIcon: ReactNode;
|
||||
description: string;
|
||||
children?: ReactNode;
|
||||
dismissable?: boolean;
|
||||
};
|
||||
|
||||
export const DismissableBanner = ({
|
||||
@@ -21,7 +22,8 @@ export const DismissableBanner = ({
|
||||
title,
|
||||
titleIcon,
|
||||
description,
|
||||
children
|
||||
children,
|
||||
dismissable = true
|
||||
}: DismissableBannerProps) => {
|
||||
const [isDismissed, setIsDismissed] = useState(true);
|
||||
const t = useTranslations();
|
||||
@@ -66,19 +68,21 @@ export const DismissableBanner = ({
|
||||
);
|
||||
};
|
||||
|
||||
if (isDismissed) {
|
||||
if (dismissable && isDismissed) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return (
|
||||
<Card className="mb-6 relative border-primary/30 bg-linear-to-br from-primary/10 via-background to-background overflow-hidden">
|
||||
<button
|
||||
onClick={handleDismiss}
|
||||
className="absolute top-3 right-3 z-10 p-1.5 rounded-md hover:bg-background/80 transition-colors cursor-pointer"
|
||||
aria-label={t("dismiss")}
|
||||
>
|
||||
<X className="w-4 h-4 text-muted-foreground" />
|
||||
</button>
|
||||
{dismissable && (
|
||||
<button
|
||||
onClick={handleDismiss}
|
||||
className="absolute top-3 right-3 z-10 p-1.5 rounded-md hover:bg-background/80 transition-colors cursor-pointer"
|
||||
aria-label={t("dismiss")}
|
||||
>
|
||||
<X className="w-4 h-4 text-muted-foreground" />
|
||||
</button>
|
||||
)}
|
||||
<CardContent className="p-6">
|
||||
<div className="flex flex-col lg:flex-row lg:items-center gap-6">
|
||||
<div className="flex-1 space-y-2 min-w-0">
|
||||
|
||||
@@ -104,7 +104,7 @@ export default function IdpLoginButtons({
|
||||
</Alert>
|
||||
)}
|
||||
|
||||
<div className="space-y-2">
|
||||
<div className="space-y-4">
|
||||
{params.get("gotoapp") ? (
|
||||
<>
|
||||
<Button
|
||||
|
||||
@@ -19,7 +19,7 @@ export function InfoSections({
|
||||
return (
|
||||
<div
|
||||
className={cn(
|
||||
"grid grid-cols-2 md:grid-cols-(--columns) md:space-x-16 gap-4 md:items-start",
|
||||
"grid w-full min-w-0 grid-cols-2 md:grid-cols-(--columns) md:space-x-16 gap-4 md:items-start",
|
||||
columnSizing === "content" &&
|
||||
"md:justify-items-start md:justify-start"
|
||||
)}
|
||||
@@ -41,7 +41,11 @@ export function InfoSection({
|
||||
children: React.ReactNode;
|
||||
className?: string;
|
||||
}) {
|
||||
return <div className={cn("space-y-1", className)}>{children}</div>;
|
||||
return (
|
||||
<div className={cn("min-w-0 w-full max-w-full space-y-1", className)}>
|
||||
{children}
|
||||
</div>
|
||||
);
|
||||
}
|
||||
|
||||
export function InfoSectionTitle({
|
||||
@@ -51,7 +55,11 @@ export function InfoSectionTitle({
|
||||
children: React.ReactNode;
|
||||
className?: string;
|
||||
}) {
|
||||
return <div className={cn("font-semibold", className)}>{children}</div>;
|
||||
return (
|
||||
<div className={cn("min-w-0 truncate font-semibold", className)}>
|
||||
{children}
|
||||
</div>
|
||||
);
|
||||
}
|
||||
|
||||
export function InfoSectionContent({
|
||||
@@ -62,8 +70,13 @@ export function InfoSectionContent({
|
||||
className?: string;
|
||||
}) {
|
||||
return (
|
||||
<div className={cn("min-w-0 overflow-hidden", className)}>
|
||||
<div className="w-full truncate [&>div.flex]:min-w-0 [&>div.flex]:!whitespace-normal [&>div.flex>span]:truncate [&>div.flex>a]:truncate">
|
||||
<div
|
||||
className={cn(
|
||||
"w-full min-w-0 max-w-full overflow-hidden",
|
||||
className
|
||||
)}
|
||||
>
|
||||
<div className="w-full min-w-0 max-w-full truncate [&>div.flex]:min-w-0 [&>div.flex]:!whitespace-normal [&>div.flex>span]:truncate [&>div.flex>a]:truncate">
|
||||
{children}
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@@ -368,7 +368,7 @@ export default function LoginForm({
|
||||
|
||||
{hasIdp && (
|
||||
<>
|
||||
<div className="relative my-4">
|
||||
<div className="relative">
|
||||
<div className="absolute inset-0 flex items-center">
|
||||
<Separator />
|
||||
</div>
|
||||
|
||||
@@ -145,7 +145,7 @@ export default function MfaInputForm({
|
||||
</Alert>
|
||||
)}
|
||||
|
||||
<div className="space-y-2">
|
||||
<div className="space-y-4">
|
||||
<Button
|
||||
type="submit"
|
||||
form={formId}
|
||||
|
||||
@@ -25,7 +25,6 @@ import {
|
||||
import {
|
||||
ArrowRight,
|
||||
ArrowUpDown,
|
||||
KeyRound,
|
||||
MoreHorizontal
|
||||
} from "lucide-react";
|
||||
import { useMemo, useState } from "react";
|
||||
@@ -50,6 +49,7 @@ import { useQuery } from "@tanstack/react-query";
|
||||
import { useDebounce } from "use-debounce";
|
||||
import type { ListUserAdminOrgIdpsResponse } from "@server/routers/orgIdp/types";
|
||||
import { cn } from "@app/lib/cn";
|
||||
import { Badge } from "@app/components/ui/badge";
|
||||
import { usePaidStatus } from "@app/hooks/usePaidStatus";
|
||||
import { tierMatrix } from "@server/lib/billing/tierMatrix";
|
||||
import { isIdpGlobalModeBannerVisible } from "@app/components/IdpGlobalModeBanner";
|
||||
@@ -63,6 +63,61 @@ export type IdpRow = {
|
||||
|
||||
type AdminIdpRow = ListUserAdminOrgIdpsResponse["idps"][number];
|
||||
|
||||
type ImportSourceOrg = { orgId: string; orgName: string };
|
||||
|
||||
type GroupedImportableIdp = {
|
||||
idpId: number;
|
||||
name: string;
|
||||
type: string;
|
||||
variant: string;
|
||||
tags: string | null;
|
||||
sources: ImportSourceOrg[];
|
||||
};
|
||||
|
||||
function adminRowForImport(
|
||||
group: GroupedImportableIdp,
|
||||
source: ImportSourceOrg
|
||||
): AdminIdpRow {
|
||||
return {
|
||||
idpId: group.idpId,
|
||||
orgId: source.orgId,
|
||||
orgName: source.orgName,
|
||||
name: group.name,
|
||||
type: group.type,
|
||||
variant: group.variant,
|
||||
tags: group.tags
|
||||
};
|
||||
}
|
||||
|
||||
function groupImportableIdps(rows: AdminIdpRow[]): GroupedImportableIdp[] {
|
||||
const map = new Map<number, GroupedImportableIdp>();
|
||||
for (const row of rows) {
|
||||
let g = map.get(row.idpId);
|
||||
if (!g) {
|
||||
g = {
|
||||
idpId: row.idpId,
|
||||
name: row.name,
|
||||
type: row.type,
|
||||
variant: row.variant,
|
||||
tags: row.tags,
|
||||
sources: []
|
||||
};
|
||||
map.set(row.idpId, g);
|
||||
}
|
||||
if (!g.sources.some((s) => s.orgId === row.orgId)) {
|
||||
g.sources.push({ orgId: row.orgId, orgName: row.orgName });
|
||||
}
|
||||
}
|
||||
return Array.from(map.values())
|
||||
.map((item) => ({
|
||||
...item,
|
||||
sources: [...item.sources].sort((a, b) =>
|
||||
a.orgName.localeCompare(b.orgName)
|
||||
)
|
||||
}))
|
||||
.sort((a, b) => b.name.localeCompare(a.name));
|
||||
}
|
||||
|
||||
function IdpImportRowIcon({
|
||||
type,
|
||||
variant
|
||||
@@ -114,16 +169,22 @@ export default function IdpTable({ idps, orgId }: Props) {
|
||||
);
|
||||
}, [adminIdpsRaw, orgId, idps]);
|
||||
|
||||
const shownImportIdps = useMemo(() => {
|
||||
const importableGrouped = useMemo(
|
||||
() => groupImportableIdps(importableIdps),
|
||||
[importableIdps]
|
||||
);
|
||||
|
||||
const shownImportGrouped = useMemo(() => {
|
||||
const q = debouncedImportSearch.trim().toLowerCase();
|
||||
if (!q) {
|
||||
return importableIdps;
|
||||
return importableGrouped;
|
||||
}
|
||||
return importableIdps.filter((row) => {
|
||||
const hay = `${row.orgName} ${row.name}`.toLowerCase();
|
||||
return importableGrouped.filter((group) => {
|
||||
const hay =
|
||||
`${group.name} ${group.sources.map((s) => s.orgName).join(" ")}`.toLowerCase();
|
||||
return hay.includes(q);
|
||||
});
|
||||
}, [importableIdps, debouncedImportSearch]);
|
||||
}, [importableGrouped, debouncedImportSearch]);
|
||||
|
||||
const deleteIdp = async (idpId: number) => {
|
||||
try {
|
||||
@@ -364,31 +425,44 @@ export default function IdpTable({ idps, orgId }: Props) {
|
||||
{t("idpImportEmpty")}
|
||||
</CommandEmpty>
|
||||
<CommandGroup>
|
||||
{shownImportIdps.map((row) => (
|
||||
{shownImportGrouped.map((group) => (
|
||||
<CommandItem
|
||||
key={`${row.idpId}:${row.orgId}`}
|
||||
key={group.idpId}
|
||||
className="items-start gap-3 py-2.5"
|
||||
value={`${row.idpId}:${row.orgId}:${row.orgName}:${row.name}`}
|
||||
value={`${group.idpId}:${group.name}:${group.sources.map((s) => s.orgName).join(" ")}`}
|
||||
disabled={!canImportOrgOidcIdp}
|
||||
onSelect={() => {
|
||||
if (!canImportOrgOidcIdp) {
|
||||
return;
|
||||
}
|
||||
void importIdp(row);
|
||||
void importIdp(
|
||||
adminRowForImport(
|
||||
group,
|
||||
group.sources[0]
|
||||
)
|
||||
);
|
||||
}}
|
||||
>
|
||||
<div className="mt-0.5 shrink-0">
|
||||
<IdpImportRowIcon
|
||||
type={row.type}
|
||||
variant={row.variant}
|
||||
type={group.type}
|
||||
variant={group.variant}
|
||||
/>
|
||||
</div>
|
||||
<div className="min-w-0 flex-1 text-left">
|
||||
<div className="truncate font-medium leading-tight">
|
||||
{row.orgName}
|
||||
{group.name}
|
||||
</div>
|
||||
<div className="truncate text-sm leading-tight text-muted-foreground">
|
||||
{row.name}
|
||||
<div className="mt-1 flex flex-wrap gap-1">
|
||||
{group.sources.map((src) => (
|
||||
<Badge
|
||||
key={src.orgId}
|
||||
variant="secondary"
|
||||
className="max-w-full truncate font-normal"
|
||||
>
|
||||
{src.orgName}
|
||||
</Badge>
|
||||
))}
|
||||
</div>
|
||||
</div>
|
||||
</CommandItem>
|
||||
|
||||
@@ -528,7 +528,7 @@ export default function ResetPasswordForm({
|
||||
)}
|
||||
|
||||
{state === "request" && (
|
||||
<div className="flex flex-col gap-2">
|
||||
<div className="flex flex-col gap-4">
|
||||
{env.email.emailEnabled && (
|
||||
<Button
|
||||
type="submit"
|
||||
|
||||
@@ -40,7 +40,9 @@ export default function ResourceInfoBox({}: ResourceInfoBoxType) {
|
||||
<InfoSection>
|
||||
<InfoSectionTitle>{t("identifier")}</InfoSectionTitle>
|
||||
<InfoSectionContent>
|
||||
{resource.niceId}
|
||||
<span className="inline-flex items-center">
|
||||
{resource.niceId}
|
||||
</span>
|
||||
</InfoSectionContent>
|
||||
</InfoSection>
|
||||
{resource.http ? (
|
||||
@@ -49,7 +51,9 @@ export default function ResourceInfoBox({}: ResourceInfoBoxType) {
|
||||
<InfoSectionTitle>URL</InfoSectionTitle>
|
||||
<InfoSectionContent>
|
||||
{resource.wildcard ? (
|
||||
<span>{fullUrl}</span>
|
||||
<span className="inline-flex items-center">
|
||||
{fullUrl}
|
||||
</span>
|
||||
) : (
|
||||
<CopyToClipboard
|
||||
text={fullUrl}
|
||||
@@ -68,7 +72,7 @@ export default function ResourceInfoBox({}: ResourceInfoBoxType) {
|
||||
authInfo.sso ||
|
||||
authInfo.whitelist ||
|
||||
authInfo.headerAuth ? (
|
||||
<div className="flex items-start space-x-2">
|
||||
<div className="flex items-center space-x-2">
|
||||
<ShieldCheck className="w-4 h-4 flex-shrink-0 text-green-500" />
|
||||
<span>{t("protected")}</span>
|
||||
</div>
|
||||
@@ -106,7 +110,9 @@ export default function ResourceInfoBox({}: ResourceInfoBoxType) {
|
||||
{t("protocol")}
|
||||
</InfoSectionTitle>
|
||||
<InfoSectionContent>
|
||||
{resource.protocol.toUpperCase()}
|
||||
<span className="inline-flex items-center">
|
||||
{resource.protocol.toUpperCase()}
|
||||
</span>
|
||||
</InfoSectionContent>
|
||||
</InfoSection>
|
||||
<InfoSection>
|
||||
|
||||
@@ -22,7 +22,7 @@ import { useEnvContext } from "@app/hooks/useEnvContext";
|
||||
import { LookupUserResponse } from "@server/routers/auth/lookupUser";
|
||||
import { useTranslations } from "next-intl";
|
||||
import LoginPasswordForm from "@app/components/LoginPasswordForm";
|
||||
import LoginOrgSelector from "@app/components/LoginOrgSelector";
|
||||
import SmartLoginOrgSelector from "@app/components/SmartLoginOrgSelector";
|
||||
import UserProfileCard from "@app/components/UserProfileCard";
|
||||
import SecurityKeyAuthButton from "@app/components/SecurityKeyAuthButton";
|
||||
import { Separator } from "@app/components/ui/separator";
|
||||
@@ -206,7 +206,7 @@ export default function SmartLoginForm({
|
||||
if (viewState.type === "orgSelector") {
|
||||
return (
|
||||
<div className="space-y-4">
|
||||
<LoginOrgSelector
|
||||
<SmartLoginOrgSelector
|
||||
identifier={viewState.identifier}
|
||||
lookupResult={viewState.lookupResult}
|
||||
redirect={redirect}
|
||||
@@ -284,7 +284,7 @@ export default function SmartLoginForm({
|
||||
|
||||
{orgSignIn && (
|
||||
<>
|
||||
<div className="relative my-4">
|
||||
<div className="relative">
|
||||
<div className="absolute inset-0 flex items-center">
|
||||
<Separator />
|
||||
</div>
|
||||
|
||||
297
src/components/SmartLoginOrgSelector.tsx
Normal file
297
src/components/SmartLoginOrgSelector.tsx
Normal file
@@ -0,0 +1,297 @@
|
||||
"use client";
|
||||
|
||||
import { useEffect, useState } from "react";
|
||||
import { Button } from "@app/components/ui/button";
|
||||
import { Badge } from "@app/components/ui/badge";
|
||||
import { Alert, AlertDescription } from "@app/components/ui/alert";
|
||||
import { useTranslations } from "next-intl";
|
||||
import LoginPasswordForm from "@app/components/LoginPasswordForm";
|
||||
import { LookupUserResponse } from "@server/routers/auth/lookupUser";
|
||||
import UserProfileCard from "@app/components/UserProfileCard";
|
||||
import IdpTypeIcon from "@app/components/IdpTypeIcon";
|
||||
import { generateOidcUrlProxy } from "@app/actions/server";
|
||||
import {
|
||||
redirect as redirectTo,
|
||||
useRouter,
|
||||
useSearchParams
|
||||
} from "next/navigation";
|
||||
import { cleanRedirect } from "@app/lib/cleanRedirect";
|
||||
import { Separator } from "@app/components/ui/separator";
|
||||
|
||||
type SmartLoginOrgSelectorProps = {
|
||||
identifier: string;
|
||||
lookupResult: LookupUserResponse;
|
||||
redirect?: string;
|
||||
forceLogin?: boolean;
|
||||
onUseDifferentAccount?: () => void;
|
||||
};
|
||||
|
||||
type OrgBucket = {
|
||||
orgId: string;
|
||||
orgName: string;
|
||||
idps: Array<{
|
||||
idpId: number;
|
||||
name: string;
|
||||
variant: string | null;
|
||||
}>;
|
||||
hasInternalAuth: boolean;
|
||||
};
|
||||
|
||||
type GroupedLoginIdp = {
|
||||
idpId: number;
|
||||
name: string;
|
||||
variant: string | null;
|
||||
orgs: { orgId: string; orgName: string }[];
|
||||
};
|
||||
|
||||
function buildOrgMap(lookupResult: LookupUserResponse) {
|
||||
const orgMap = new Map<string, OrgBucket>();
|
||||
|
||||
for (const account of lookupResult.accounts) {
|
||||
for (const org of account.orgs) {
|
||||
if (!orgMap.has(org.orgId)) {
|
||||
orgMap.set(org.orgId, {
|
||||
orgId: org.orgId,
|
||||
orgName: org.orgName,
|
||||
idps: org.idps,
|
||||
hasInternalAuth: org.hasInternalAuth
|
||||
});
|
||||
} else {
|
||||
const existing = orgMap.get(org.orgId)!;
|
||||
const existingIdpIds = new Set(
|
||||
existing.idps.map((i) => i.idpId)
|
||||
);
|
||||
for (const idp of org.idps) {
|
||||
if (!existingIdpIds.has(idp.idpId)) {
|
||||
existing.idps.push(idp);
|
||||
}
|
||||
}
|
||||
if (org.hasInternalAuth) {
|
||||
existing.hasInternalAuth = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return Array.from(orgMap.values());
|
||||
}
|
||||
|
||||
function groupIdpsAcrossOrgs(orgs: OrgBucket[]): GroupedLoginIdp[] {
|
||||
const map = new Map<number, GroupedLoginIdp>();
|
||||
|
||||
for (const org of orgs) {
|
||||
for (const idp of org.idps) {
|
||||
let g = map.get(idp.idpId);
|
||||
if (!g) {
|
||||
g = {
|
||||
idpId: idp.idpId,
|
||||
name: idp.name,
|
||||
variant: idp.variant,
|
||||
orgs: []
|
||||
};
|
||||
map.set(idp.idpId, g);
|
||||
}
|
||||
if (!g.orgs.some((o) => o.orgId === org.orgId)) {
|
||||
g.orgs.push({ orgId: org.orgId, orgName: org.orgName });
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return Array.from(map.values())
|
||||
.map((g) => ({
|
||||
...g,
|
||||
orgs: [...g.orgs].sort((a, b) => a.orgName.localeCompare(b.orgName))
|
||||
}))
|
||||
.sort((a, b) => b.name.localeCompare(a.name));
|
||||
}
|
||||
|
||||
export default function SmartLoginOrgSelector({
|
||||
identifier,
|
||||
lookupResult,
|
||||
redirect,
|
||||
forceLogin,
|
||||
onUseDifferentAccount
|
||||
}: SmartLoginOrgSelectorProps) {
|
||||
const t = useTranslations();
|
||||
const [showPasswordForm, setShowPasswordForm] = useState(false);
|
||||
const [error, setError] = useState<string | null>(null);
|
||||
const [pendingIdpId, setPendingIdpId] = useState<number | null>(null);
|
||||
const params = useSearchParams();
|
||||
const router = useRouter();
|
||||
|
||||
const orgs = buildOrgMap(lookupResult);
|
||||
const groupedIdps = groupIdpsAcrossOrgs(orgs);
|
||||
|
||||
const hasInternalAccount = lookupResult.accounts.some(
|
||||
(acc) => acc.hasInternalAuth
|
||||
);
|
||||
|
||||
function goToApp() {
|
||||
const url = window.location.href.split("?")[0];
|
||||
router.push(url);
|
||||
}
|
||||
|
||||
useEffect(() => {
|
||||
if (params.get("gotoapp")) {
|
||||
goToApp();
|
||||
}
|
||||
}, []);
|
||||
|
||||
async function loginWithIdp(idpId: number, orgId: string) {
|
||||
setPendingIdpId(idpId);
|
||||
setError(null);
|
||||
|
||||
let redirectToUrl: string | undefined;
|
||||
try {
|
||||
const safeRedirect = cleanRedirect(redirect || "/");
|
||||
const response = await generateOidcUrlProxy(
|
||||
idpId,
|
||||
safeRedirect,
|
||||
undefined,
|
||||
forceLogin
|
||||
);
|
||||
|
||||
if (response.error) {
|
||||
setError(response.message);
|
||||
setPendingIdpId(null);
|
||||
return;
|
||||
}
|
||||
|
||||
const data = response.data;
|
||||
if (data?.redirectUrl) {
|
||||
redirectToUrl = data.redirectUrl;
|
||||
}
|
||||
} catch {
|
||||
setError(
|
||||
t("loginError", {
|
||||
defaultValue:
|
||||
"An unexpected error occurred. Please try again."
|
||||
})
|
||||
);
|
||||
}
|
||||
|
||||
if (redirectToUrl) {
|
||||
redirectTo(redirectToUrl);
|
||||
} else {
|
||||
setPendingIdpId(null);
|
||||
}
|
||||
}
|
||||
|
||||
if (showPasswordForm) {
|
||||
return (
|
||||
<div className="space-y-4">
|
||||
<UserProfileCard
|
||||
identifier={identifier}
|
||||
description={t("loginSelectAuthenticationMethod")}
|
||||
onUseDifferentAccount={onUseDifferentAccount}
|
||||
useDifferentAccountText={t(
|
||||
"deviceLoginUseDifferentAccount"
|
||||
)}
|
||||
/>
|
||||
<LoginPasswordForm
|
||||
identifier={identifier}
|
||||
redirect={redirect}
|
||||
forceLogin={forceLogin}
|
||||
/>
|
||||
</div>
|
||||
);
|
||||
}
|
||||
|
||||
return (
|
||||
<div>
|
||||
<UserProfileCard
|
||||
identifier={identifier}
|
||||
description={t("loginSelectAuthenticationMethod")}
|
||||
onUseDifferentAccount={onUseDifferentAccount}
|
||||
useDifferentAccountText={t("deviceLoginUseDifferentAccount")}
|
||||
/>
|
||||
|
||||
{hasInternalAccount && (
|
||||
<div className="mt-4">
|
||||
<Button
|
||||
type="button"
|
||||
className="w-full"
|
||||
onClick={() => setShowPasswordForm(true)}
|
||||
>
|
||||
{t("signInWithPassword")}
|
||||
</Button>
|
||||
</div>
|
||||
)}
|
||||
|
||||
{groupedIdps.length > 0 ? (
|
||||
<div className="mt-3 space-y-4">
|
||||
{error && (
|
||||
<Alert variant="destructive">
|
||||
<AlertDescription>{error}</AlertDescription>
|
||||
</Alert>
|
||||
)}
|
||||
|
||||
<div className="relative my-4">
|
||||
<div className="absolute inset-0 flex items-center">
|
||||
<Separator />
|
||||
</div>
|
||||
<div className="relative flex justify-center text-xs uppercase">
|
||||
<span className="px-2 bg-card text-muted-foreground">
|
||||
{t("idpContinue")}
|
||||
</span>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div className="space-y-4">
|
||||
{params.get("gotoapp") ? (
|
||||
<Button
|
||||
type="button"
|
||||
className="w-full"
|
||||
onClick={() => {
|
||||
goToApp();
|
||||
}}
|
||||
>
|
||||
{t("continueToApplication")}
|
||||
</Button>
|
||||
) : (
|
||||
groupedIdps.map((group) => {
|
||||
const effectiveType =
|
||||
group.variant || group.name.toLowerCase();
|
||||
const sourceOrgId = group.orgs[0].orgId;
|
||||
|
||||
return (
|
||||
<Button
|
||||
key={group.idpId}
|
||||
type="button"
|
||||
variant="outline"
|
||||
className="h-auto w-full flex flex-wrap items-center justify-start gap-x-2 gap-y-1.5 py-3 text-left"
|
||||
onClick={() => {
|
||||
void loginWithIdp(
|
||||
group.idpId,
|
||||
sourceOrgId
|
||||
);
|
||||
}}
|
||||
disabled={pendingIdpId !== null}
|
||||
>
|
||||
<IdpTypeIcon
|
||||
type={effectiveType}
|
||||
size={16}
|
||||
className="shrink-0"
|
||||
/>
|
||||
<span className="font-medium shrink-0">
|
||||
{group.name}
|
||||
</span>
|
||||
{group.orgs.map((org) => (
|
||||
<Badge
|
||||
key={org.orgId}
|
||||
variant="secondary"
|
||||
className="max-w-full shrink-0 truncate font-normal"
|
||||
>
|
||||
{org.orgName}
|
||||
</Badge>
|
||||
))}
|
||||
</Button>
|
||||
);
|
||||
})
|
||||
)}
|
||||
</div>
|
||||
</div>
|
||||
) : null}
|
||||
</div>
|
||||
);
|
||||
}
|
||||
38
src/components/TrialBillingBanner.tsx
Normal file
38
src/components/TrialBillingBanner.tsx
Normal file
@@ -0,0 +1,38 @@
|
||||
"use client";
|
||||
|
||||
import React from "react";
|
||||
import { Button } from "@app/components/ui/button";
|
||||
import { ClockIcon, ArrowRight } from "lucide-react";
|
||||
import { useTranslations } from "next-intl";
|
||||
import DismissableBanner from "./DismissableBanner";
|
||||
|
||||
type TrialBillingBannerProps = {
|
||||
onUpgrade: () => void;
|
||||
};
|
||||
|
||||
export const TrialBillingBanner = ({ onUpgrade }: TrialBillingBannerProps) => {
|
||||
const t = useTranslations();
|
||||
|
||||
return (
|
||||
<DismissableBanner
|
||||
storageKey="trial-billing-banner-dismissed"
|
||||
version={1}
|
||||
title={t("billingTrialBannerTitle")}
|
||||
titleIcon={<ClockIcon className="w-5 h-5 text-primary" />}
|
||||
description={t("billingTrialBannerDescription")}
|
||||
dismissable={false}
|
||||
>
|
||||
<Button
|
||||
variant="outline"
|
||||
size="sm"
|
||||
className="gap-2 hover:bg-primary/10 hover:border-primary/50 transition-colors"
|
||||
onClick={onUpgrade}
|
||||
>
|
||||
{t("billingTrialBannerUpgrade")}
|
||||
<ArrowRight className="w-4 h-4" />
|
||||
</Button>
|
||||
</DismissableBanner>
|
||||
);
|
||||
};
|
||||
|
||||
export default TrialBillingBanner;
|
||||
@@ -17,6 +17,7 @@ import { Loader2, CheckCircle2, AlertCircle } from "lucide-react";
|
||||
import { useLicenseStatusContext } from "@app/hooks/useLicenseStatusContext";
|
||||
import { useTranslations } from "next-intl";
|
||||
import { validateOidcUrlCallbackProxy } from "@app/actions/server";
|
||||
import { build } from "@server/build";
|
||||
|
||||
type ValidateOidcTokenParams = {
|
||||
orgId: string;
|
||||
@@ -96,7 +97,7 @@ export default function ValidateOidcToken(props: ValidateOidcTokenParams) {
|
||||
stateCookie: props.stateCookie
|
||||
});
|
||||
|
||||
if (isLicenseViolation()) {
|
||||
if (build === "enterprise" && isLicenseViolation()) {
|
||||
await new Promise((resolve) => setTimeout(resolve, 5000));
|
||||
}
|
||||
|
||||
|
||||
@@ -52,6 +52,10 @@ export function NewtSiteInstallCommands({
|
||||
const acceptClientsEnv = !acceptClients
|
||||
? "\n - DISABLE_CLIENTS=true"
|
||||
: "";
|
||||
const acceptClientsHelmValue = acceptClients
|
||||
? ` \\
|
||||
--set newtInstances[0].acceptClients=true`
|
||||
: "";
|
||||
|
||||
const commandList: Record<Platform, Record<string, CommandItem[]>> = {
|
||||
linux: {
|
||||
@@ -162,13 +166,18 @@ sudo systemctl enable --now newt`
|
||||
"Helm Chart": [
|
||||
`helm repo add fossorial https://charts.fossorial.io`,
|
||||
`helm repo update fossorial`,
|
||||
`helm install newt fossorial/newt \\
|
||||
--create-namespace \\
|
||||
--set newtInstances[0].name="main-tunnel" \\
|
||||
--set newtInstances[0].enabled=true \\
|
||||
--set-string newtInstances[0].auth.keys.endpointKey="${endpoint}" \\
|
||||
--set-string newtInstances[0].auth.keys.idKey="${id}" \\
|
||||
--set-string newtInstances[0].auth.keys.secretKey="${secret}"`
|
||||
`kubectl create namespace newt --dry-run=client -o yaml | kubectl apply -f -`,
|
||||
`kubectl create secret generic newt-main-tunnel-auth \\
|
||||
-n newt \\
|
||||
--from-literal=PANGOLIN_ENDPOINT="${endpoint}" \\
|
||||
--from-literal=NEWT_ID="${id}" \\
|
||||
--from-literal=NEWT_SECRET="${secret}" \\
|
||||
--dry-run=client -o yaml | kubectl apply -f -`,
|
||||
`helm upgrade --install newt fossorial/newt \\
|
||||
-n newt \\
|
||||
--set newtInstances[0].name="main-tunnel" \\
|
||||
--set newtInstances[0].enabled=true \\
|
||||
--set-string newtInstances[0].auth.existingSecretName="newt-main-tunnel-auth"${acceptClientsHelmValue}`
|
||||
]
|
||||
},
|
||||
podman: {
|
||||
|
||||
Reference in New Issue
Block a user