Merge pull request #2716 from fosrl/patch-1

Add typecasts

license.py

@@ -1,115 +0,0 @@
-import os
-import sys
-
-# --- Configuration ---
-# The header text to be added to the files.
-HEADER_TEXT = """/*
- * This file is part of a proprietary work.
- *
- * Copyright (c) 2025 Fossorial, Inc.
- * All rights reserved.
- *
- * This file is licensed under the Fossorial Commercial License.
- * You may not use this file except in compliance with the License.
- * Unauthorized use, copying, modification, or distribution is strictly prohibited.
- *
- * This file is not licensed under the AGPLv3.
- */
-"""
-
-def should_add_header(file_path):
-    """
-    Checks if a file should receive the commercial license header.
-    Returns True if 'private' is in the path or file content.
-    """
-    # Check if 'private' is in the file path (case-insensitive)
-    if 'server/private' in file_path.lower():
-        return True
-
-    # Check if 'private' is in the file content (case-insensitive)
-    # try:
-    #     with open(file_path, 'r', encoding='utf-8', errors='ignore') as f:
-    #         content = f.read()
-    #         if 'private' in content.lower():
-    #             return True
-    # except Exception as e:
-    #     print(f"Could not read file {file_path}: {e}")
-
-    return False
-
-def process_directory(root_dir):
-    """
-    Recursively scans a directory and adds headers to qualifying .ts or .tsx files,
-    skipping any 'node_modules' directories.
-    """
-    print(f"Scanning directory: {root_dir}")
-    files_processed = 0
-    headers_added = 0
-
-    for root, dirs, files in os.walk(root_dir):
-        # --- MODIFICATION ---
-        # Exclude 'node_modules' directories from the scan to improve performance.
-        if 'node_modules' in dirs:
-            dirs.remove('node_modules')
-
-        for file in files:
-            if file.endswith('.ts') or file.endswith('.tsx'):
-                file_path = os.path.join(root, file)
-                files_processed += 1
-
-                try:
-                    with open(file_path, 'r+', encoding='utf-8') as f:
-                        original_content = f.read()
-                        has_header = original_content.startswith(HEADER_TEXT.strip())
-                        
-                        if should_add_header(file_path):
-                            # Add header only if it's not already there
-                            if not has_header:
-                                f.seek(0, 0) # Go to the beginning of the file
-                                f.write(HEADER_TEXT.strip() + '\n\n' + original_content)
-                                print(f"Added header to: {file_path}")
-                                headers_added += 1
-                            else:
-                                print(f"Header already exists in: {file_path}")
-                        else:
-                            # Remove header if it exists but shouldn't be there
-                            if has_header:
-                                # Find the end of the header and remove it (including following newlines)
-                                header_with_newlines = HEADER_TEXT.strip() + '\n\n'
-                                if original_content.startswith(header_with_newlines):
-                                    content_without_header = original_content[len(header_with_newlines):]
-                                else:
-                                    # Handle case where there might be different newline patterns
-                                    header_end = len(HEADER_TEXT.strip())
-                                    # Skip any newlines after the header
-                                    while header_end < len(original_content) and original_content[header_end] in '\n\r':
-                                        header_end += 1
-                                    content_without_header = original_content[header_end:]
-                                
-                                f.seek(0)
-                                f.write(content_without_header)
-                                f.truncate()
-                                print(f"Removed header from: {file_path}")
-                                headers_added += 1  # Reusing counter for modifications
-
-                except Exception as e:
-                    print(f"Error processing file {file_path}: {e}")
-
-    print("\n--- Scan Complete ---")
-    print(f"Total .ts or .tsx files found: {files_processed}")
-    print(f"Files modified (headers added/removed): {headers_added}")
-
-
-if __name__ == "__main__":
-    # Get the target directory from the command line arguments.
-    # If no directory is provided, it uses the current directory ('.').
-    if len(sys.argv) > 1:
-        target_directory = sys.argv[1]
-    else:
-        target_directory = '.' # Default to current directory
-
-    if not os.path.isdir(target_directory):
-        print(f"Error: Directory '{target_directory}' not found.")
-        sys.exit(1)
-
-    process_directory(os.path.abspath(target_directory))

server/lib/ip.ts

@@ -571,129 +571,6 @@ export function generateSubnetProxyTargets(
     return targets;
 }
 
-export type SubnetProxyTargetV2 = {
-    sourcePrefixes: string[]; // must be cidrs
-    destPrefix: string; // must be a cidr
-    disableIcmp?: boolean;
-    rewriteTo?: string; // must be a cidr
-    portRange?: {
-        min: number;
-        max: number;
-        protocol: "tcp" | "udp";
-    }[];
-};
-
-export function generateSubnetProxyTargetV2(
-    siteResource: SiteResource,
-    clients: {
-        clientId: number;
-        pubKey: string | null;
-        subnet: string | null;
-    }[]
-): SubnetProxyTargetV2 | undefined {
-    if (clients.length === 0) {
-        logger.debug(
-            `No clients have access to site resource ${siteResource.siteResourceId}, skipping target generation.`
-        );
-        return;
-    }
-
-    let target: SubnetProxyTargetV2 | null = null;
-
-    const portRange = [
-        ...parsePortRangeString(siteResource.tcpPortRangeString, "tcp"),
-        ...parsePortRangeString(siteResource.udpPortRangeString, "udp")
-    ];
-    const disableIcmp = siteResource.disableIcmp ?? false;
-
-    if (siteResource.mode == "host") {
-        let destination = siteResource.destination;
-        // check if this is a valid ip
-        const ipSchema = z.union([z.ipv4(), z.ipv6()]);
-        if (ipSchema.safeParse(destination).success) {
-            destination = `${destination}/32`;
-
-            target = {
-                sourcePrefixes: [],
-                destPrefix: destination,
-                portRange,
-                disableIcmp
-            };
-        }
-
-        if (siteResource.alias && siteResource.aliasAddress) {
-            // also push a match for the alias address
-            target = {
-                sourcePrefixes: [],
-                destPrefix: `${siteResource.aliasAddress}/32`,
-                rewriteTo: destination,
-                portRange,
-                disableIcmp
-            };
-        }
-    } else if (siteResource.mode == "cidr") {
-        target = {
-            sourcePrefixes: [],
-            destPrefix: siteResource.destination,
-            portRange,
-            disableIcmp
-        };
-    }
-
-    if (!target) {
-        return;
-    }
-
-    for (const clientSite of clients) {
-        if (!clientSite.subnet) {
-            logger.debug(
-                `Client ${clientSite.clientId} has no subnet, skipping for site resource ${siteResource.siteResourceId}.`
-            );
-            continue;
-        }
-
-        const clientPrefix = `${clientSite.subnet.split("/")[0]}/32`;
-
-        // add client prefix to source prefixes
-        target.sourcePrefixes.push(clientPrefix);
-    }
-
-    // print a nice representation of the targets
-    // logger.debug(
-    //     `Generated subnet proxy targets for: ${JSON.stringify(targets, null, 2)}`
-    // );
-
-    return target;
-}
-
-
-/**
- * Converts a SubnetProxyTargetV2 to an array of SubnetProxyTarget (v1)
- * by expanding each source prefix into its own target entry.
- * @param targetV2 - The v2 target to convert
- * @returns Array of v1 SubnetProxyTarget objects
- */
- export function convertSubnetProxyTargetsV2ToV1(
-     targetsV2: SubnetProxyTargetV2[]
- ): SubnetProxyTarget[] {
-     return targetsV2.flatMap((targetV2) =>
-         targetV2.sourcePrefixes.map((sourcePrefix) => ({
-             sourcePrefix,
-             destPrefix: targetV2.destPrefix,
-             ...(targetV2.disableIcmp !== undefined && {
-                 disableIcmp: targetV2.disableIcmp
-             }),
-             ...(targetV2.rewriteTo !== undefined && {
-                 rewriteTo: targetV2.rewriteTo
-             }),
-             ...(targetV2.portRange !== undefined && {
-                 portRange: targetV2.portRange
-             })
-         }))
-     );
- }
-
-
 // Custom schema for validating port range strings
 // Format: "80,443,8000-9000" or "*" for all ports, or empty string
 export const portRangeStringSchema = z

server/lib/readConfigFile.ts

@@ -302,8 +302,8 @@ export const configSchema = z
             .optional()
             .default({
                 block_size: 24,
-                subnet_group: "100.90.128.0/20",
+                subnet_group: "100.90.128.0/24",
-                utility_subnet_group: "100.96.128.0/20"
+                utility_subnet_group: "100.96.128.0/24"
             }),
         rate_limits: z
             .object({

server/lib/rebuildClientAssociations.ts

@@ -32,7 +32,7 @@ import logger from "@server/logger";
 import {
     generateAliasConfig,
     generateRemoteSubnets,
-    generateSubnetProxyTargetV2,
+    generateSubnetProxyTargets,
     parseEndpoint,
     formatEndpoint
 } from "@server/lib/ip";
@@ -660,16 +660,19 @@ async function handleSubnetProxyTargetUpdates(
         );
 
         if (addedClients.length > 0) {
-            const targetToAdd = generateSubnetProxyTargetV2(
+            const targetsToAdd = generateSubnetProxyTargets(
                 siteResource,
                 addedClients
             );
 
-            if (targetToAdd) {
+            if (targetsToAdd.length > 0) {
+                logger.info(
+                    `Adding ${targetsToAdd.length} subnet proxy targets for siteResource ${siteResource.siteResourceId}`
+                );
                 proxyJobs.push(
                     addSubnetProxyTargets(
                         newt.newtId,
-                        [targetToAdd],
+                        targetsToAdd,
                         newt.version
                     )
                 );
@@ -697,16 +700,19 @@ async function handleSubnetProxyTargetUpdates(
         );
 
         if (removedClients.length > 0) {
-            const targetToRemove = generateSubnetProxyTargetV2(
+            const targetsToRemove = generateSubnetProxyTargets(
                 siteResource,
                 removedClients
             );
 
-            if (targetToRemove) {
+            if (targetsToRemove.length > 0) {
+                logger.info(
+                    `Removing ${targetsToRemove.length} subnet proxy targets for siteResource ${siteResource.siteResourceId}`
+                );
                 proxyJobs.push(
                     removeSubnetProxyTargets(
                         newt.newtId,
-                        [targetToRemove],
+                        targetsToRemove,
                         newt.version
                     )
                 );
@@ -1163,7 +1169,7 @@ async function handleMessagesForClientResources(
             }
 
             for (const resource of resources) {
-                const target = generateSubnetProxyTargetV2(resource, [
+                const targets = generateSubnetProxyTargets(resource, [
                     {
                         clientId: client.clientId,
                         pubKey: client.pubKey,
@@ -1171,11 +1177,11 @@ async function handleMessagesForClientResources(
                     }
                 ]);
 
-                if (target) {
+                if (targets.length > 0) {
                     proxyJobs.push(
                         addSubnetProxyTargets(
                             newt.newtId,
-                            [target],
+                            targets,
                             newt.version
                         )
                     );
@@ -1240,7 +1246,7 @@ async function handleMessagesForClientResources(
             }
 
             for (const resource of resources) {
-                const target = generateSubnetProxyTargetV2(resource, [
+                const targets = generateSubnetProxyTargets(resource, [
                     {
                         clientId: client.clientId,
                         pubKey: client.pubKey,
@@ -1248,11 +1254,11 @@ async function handleMessagesForClientResources(
                     }
                 ]);
 
-                if (target) {
+                if (targets.length > 0) {
                     proxyJobs.push(
                         removeSubnetProxyTargets(
                             newt.newtId,
-                            [target],
+                            targets,
                             newt.version
                         )
                     );

server/private/lib/readConfigFile.ts

@@ -57,10 +57,7 @@ export const privateConfigSchema = z.object({
         .object({
             host: z.string(),
             port: portSchema,
-            password: z
+            password: z.string().optional(),
-                .string()
-                .optional()
-                .transform(getEnvOrYaml("REDIS_PASSWORD")),
             db: z.int().nonnegative().optional().default(0),
             replicas: z
                 .array(

server/private/routers/ssh/signSshKey.ts

@@ -24,7 +24,6 @@ import {
     sites,
     userOrgs
 } from "@server/db";
-import { logAccessAudit } from "#private/lib/logAccessAudit";
 import { isLicensedOrSubscribed } from "#private/lib/isLicencedOrSubscribed";
 import { tierMatrix } from "@server/lib/billing/tierMatrix";
 import response from "@server/lib/response";
@@ -464,24 +463,6 @@ export async function signSshKey(
             })
         });
 
-        await logAccessAudit({
-            action: true,
-            type: "ssh",
-            orgId: orgId,
-            resourceId: resource.siteResourceId,
-            user: req.user
-                ? { username: req.user.username ?? "", userId: req.user.userId }
-                : undefined,
-            metadata: {
-                resourceName: resource.name,
-                siteId: resource.siteId,
-                sshUsername: usernameToUse,
-                sshHost: sshHost
-            },
-            userAgent: req.headers["user-agent"],
-            requestIp: req.ip
-        });
-
         return response<SignSshKeyResponse>(res, {
             data: {
                 certificate: cert.certificate,

server/routers/client/targets.ts

@@ -1,54 +1,15 @@
 import { sendToClient } from "#dynamic/routers/ws";
-import { db, newts, olms } from "@server/db";
+import { db, olms, Transaction } from "@server/db";
-import {
-    Alias,
-    convertSubnetProxyTargetsV2ToV1,
-    SubnetProxyTarget,
-    SubnetProxyTargetV2
-} from "@server/lib/ip";
 import { canCompress } from "@server/lib/clientVersionChecks";
+import { Alias, SubnetProxyTarget } from "@server/lib/ip";
 import logger from "@server/logger";
 import { eq } from "drizzle-orm";
-import semver from "semver";
-
-const NEWT_V2_TARGETS_VERSION = ">=1.10.3";
-
-export async function convertTargetsIfNessicary(
-    newtId: string,
-    targets: SubnetProxyTarget[] | SubnetProxyTargetV2[]
-) {
-    // get the newt
-    const [newt] = await db
-        .select()
-        .from(newts)
-        .where(eq(newts.newtId, newtId));
-    if (!newt) {
-        throw new Error(`No newt found for id: ${newtId}`);
-    }
-
-    // check the semver
-    if (
-        newt.version &&
-        !semver.satisfies(newt.version, NEWT_V2_TARGETS_VERSION)
-    ) {
-        logger.debug(
-            `addTargets Newt version ${newt.version} does not support targets v2 falling back`
-        );
-        targets = convertSubnetProxyTargetsV2ToV1(
-            targets as SubnetProxyTargetV2[]
-        );
-    }
-
-    return targets;
-}
 
 export async function addTargets(
     newtId: string,
-    targets: SubnetProxyTarget[] | SubnetProxyTargetV2[],
+    targets: SubnetProxyTarget[],
     version?: string | null
 ) {
-    targets = await convertTargetsIfNessicary(newtId, targets);
-
     await sendToClient(
         newtId,
         {
@@ -61,11 +22,9 @@ export async function addTargets(
 
 export async function removeTargets(
     newtId: string,
-    targets: SubnetProxyTarget[] | SubnetProxyTargetV2[],
+    targets: SubnetProxyTarget[],
     version?: string | null
 ) {
-    targets = await convertTargetsIfNessicary(newtId, targets);
-
     await sendToClient(
         newtId,
         {
@@ -79,39 +38,11 @@ export async function removeTargets(
 export async function updateTargets(
     newtId: string,
     targets: {
-        oldTargets: SubnetProxyTarget[] | SubnetProxyTargetV2[];
+        oldTargets: SubnetProxyTarget[];
-        newTargets: SubnetProxyTarget[] | SubnetProxyTargetV2[];
+        newTargets: SubnetProxyTarget[];
     },
     version?: string | null
 ) {
-    // get the newt
-    const [newt] = await db
-        .select()
-        .from(newts)
-        .where(eq(newts.newtId, newtId));
-    if (!newt) {
-        logger.error(`addTargetsL No newt found for id: ${newtId}`);
-        return;
-    }
-
-    // check the semver
-    if (
-        newt.version &&
-        !semver.satisfies(newt.version, NEWT_V2_TARGETS_VERSION)
-    ) {
-        logger.debug(
-            `addTargets Newt version ${newt.version} does not support targets v2 falling back`
-        );
-        targets = {
-            oldTargets: convertSubnetProxyTargetsV2ToV1(
-                targets.oldTargets as SubnetProxyTargetV2[]
-            ),
-            newTargets: convertSubnetProxyTargetsV2ToV1(
-                targets.newTargets as SubnetProxyTargetV2[]
-            )
-        };
-    }
-
     await sendToClient(
         newtId,
         {

server/routers/gerbil/receiveBandwidth.ts

@@ -146,7 +146,7 @@ export async function flushSiteBandwidthToDb(): Promise<void> {
         // support UPDATE … FROM (VALUES …), letting us update the whole chunk
         // in a single query instead of N individual round-trips.
         const valuesList = chunk.map(([publicKey, { bytesIn, bytesOut }]) =>
-            sql`(${publicKey}, ${bytesIn}, ${bytesOut})`
+            sql`(${publicKey}::text, ${bytesIn}::real, ${bytesOut}::real)`
         );
         const valuesClause = sql.join(valuesList, sql`, `);
 

server/routers/newt/buildConfiguration.ts

@@ -16,8 +16,8 @@ import { eq, and } from "drizzle-orm";
 import config from "@server/lib/config";
 import {
     formatEndpoint,
-    generateSubnetProxyTargetV2,
+    generateSubnetProxyTargets,
-    SubnetProxyTargetV2
+    SubnetProxyTarget
 } from "@server/lib/ip";
 
 export async function buildClientConfigurationForNewtClient(
@@ -143,7 +143,7 @@ export async function buildClientConfigurationForNewtClient(
         .from(siteResources)
         .where(eq(siteResources.siteId, siteId));
 
-    const targetsToSend: SubnetProxyTargetV2[] = [];
+    const targetsToSend: SubnetProxyTarget[] = [];
 
     for (const resource of allSiteResources) {
         // Get clients associated with this specific resource
@@ -168,14 +168,12 @@ export async function buildClientConfigurationForNewtClient(
                 )
             );
 
-        const resourceTarget = generateSubnetProxyTargetV2(
+        const resourceTargets = generateSubnetProxyTargets(
             resource,
             resourceClients
         );
 
-        if (resourceTarget) {
+        targetsToSend.push(...resourceTargets);
-            targetsToSend.push(resourceTarget);
-        }
     }
 
     return {

server/routers/newt/handleGetConfigMessage.ts

@@ -6,7 +6,6 @@ import { db, ExitNode, exitNodes, Newt, sites } from "@server/db";
 import { eq } from "drizzle-orm";
 import { sendToExitNode } from "#dynamic/lib/exitNodes";
 import { buildClientConfigurationForNewtClient } from "./buildConfiguration";
-import { convertTargetsIfNessicary } from "../client/targets";
 import { canCompress } from "@server/lib/clientVersionChecks";
 
 const inputSchema = z.object({
@@ -128,15 +127,13 @@ export const handleGetConfigMessage: MessageHandler = async (context) => {
         exitNode
     );
 
-    const targetsToSend = await convertTargetsIfNessicary(newt.newtId, targets);
-
     return {
         message: {
             type: "newt/wg/receive-config",
             data: {
                 ipAddress: site.address,
                 peers,
-                targets: targetsToSend
+                targets
             }
         },
         options: {

server/routers/siteResource/createSiteResource.ts

@@ -88,7 +88,7 @@ const createSiteResourceSchema = z
         },
         {
             message:
-                "Destination must be a valid IPV4 address or valid domain AND alias is required"
+                "Destination must be a valid IP address or valid domain AND alias is required"
         }
     )
     .refine(

server/routers/siteResource/updateSiteResource.ts

@@ -24,7 +24,7 @@ import { updatePeerData, updateTargets } from "@server/routers/client/targets";
 import {
     generateAliasConfig,
     generateRemoteSubnets,
-    generateSubnetProxyTargetV2,
+    generateSubnetProxyTargets,
     isIpInCidr,
     portRangeStringSchema
 } from "@server/lib/ip";
@@ -608,18 +608,18 @@ export async function handleMessagingForUpdatedSiteResource(
 
         // Only update targets on newt if destination changed
         if (destinationChanged || portRangesChanged) {
-            const oldTarget = generateSubnetProxyTargetV2(
+            const oldTargets = generateSubnetProxyTargets(
                 existingSiteResource,
                 mergedAllClients
             );
-            const newTarget = generateSubnetProxyTargetV2(
+            const newTargets = generateSubnetProxyTargets(
                 updatedSiteResource,
                 mergedAllClients
             );
 
             await updateTargets(newt.newtId, {
-                oldTargets: oldTarget ? [oldTarget] : [],
+                oldTargets: oldTargets,
-                newTargets: newTarget ? [newTarget] : []
+                newTargets: newTargets
             }, newt.version);
         }
 

src/app/[orgId]/settings/logs/access/page.tsx

@@ -493,8 +493,7 @@ export default function GeneralPage() {
                                 {
                                     value: "whitelistedEmail",
                                     label: "Whitelisted Email"
-                                },
+                                }
-                                { value: "ssh", label: "SSH" }
                             ]}
                             selectedValue={filters.type}
                             onValueChange={(value) =>
@@ -508,12 +507,13 @@ export default function GeneralPage() {
                 );
             },
             cell: ({ row }) => {
-                const typeLabel =
+                // should be capitalized first letter
-                    row.original.type === "ssh"
+                return (
-                        ? "SSH"
+                    <span>
-                        : row.original.type.charAt(0).toUpperCase() +
+                        {row.original.type.charAt(0).toUpperCase() +
-                          row.original.type.slice(1);
+                            row.original.type.slice(1) || "-"}
-                return <span>{typeLabel || "-"}</span>;
+                    </span>
+                );
             }
         },
         {