Bump eslint from 9.39.2 to 10.0.2

Bumps [eslint](https://github.com/eslint/eslint) from 9.39.2 to 10.0.2.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v9.39.2...v10.0.2)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 10.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Dockerfile

@@ -1,5 +1,4 @@
-# FROM node:24-slim AS base
-FROM public.ecr.aws/docker/library/node:24-slim AS base
+FROM node:24-slim AS base
 
 WORKDIR /app
 
@@ -32,8 +31,7 @@ FROM base AS builder
 
 RUN npm ci --omit=dev
 
-# FROM node:24-slim AS runner
-FROM public.ecr.aws/docker/library/node:24-slim AS runner
+FROM node:24-slim AS runner
 
 WORKDIR /app
 

docker-compose.example.yml

@@ -4,12 +4,6 @@ services:
     image: fosrl/pangolin:latest
     container_name: pangolin
     restart: unless-stopped
-    deploy:
-      resources:
-        limits:
-          memory: 1g
-        reservations:
-          memory: 256m
     volumes:
       - ./config:/app/config
     healthcheck:

install/config/docker-compose.yml

@@ -4,12 +4,6 @@ services:
     image: docker.io/fosrl/pangolin:{{if .IsEnterprise}}ee-{{end}}{{.PangolinVersion}}
     container_name: pangolin
     restart: unless-stopped
-    deploy:
-      resources:
-        limits:
-          memory: 1g
-        reservations:
-          memory: 256m
     volumes:
       - ./config:/app/config
     healthcheck:

messages/bg-BG.json

@@ -175,7 +175,6 @@
     "resourceHTTPDescription": "Прокси заявки чрез HTTPS, използвайки напълно квалифицирано име на домейн.",
     "resourceRaw": "Суров TCP/UDP ресурс",
     "resourceRawDescription": "Прокси заявки чрез сурови TCP/UDP, използвайки порт номер.",
-    "resourceRawDescriptionCloud": "Прокси заявките през суров TCP/UDP, използвайки номер на порт. ИЗИСКВА ИЗПОЛЗВАНЕ НА ОТДАЛЕЧЕН УЗЕЛ.",
     "resourceCreate": "Създайте ресурс",
     "resourceCreateDescription": "Следвайте стъпките по-долу, за да създадете нов ресурс",
     "resourceSeeAll": "Вижте всички ресурси",
@@ -1102,12 +1101,6 @@
     "actionGetUser": "Получаване на потребител",
     "actionGetOrgUser": "Вземете потребител на организация",
     "actionListOrgDomains": "Изброяване на домейни на организация",
-    "actionGetDomain": "Вземи домейн",
-    "actionCreateOrgDomain": "Създай домейн",
-    "actionUpdateOrgDomain": "Актуализирай домейн",
-    "actionDeleteOrgDomain": "Изтрий домейн",
-    "actionGetDNSRecords": "Вземи DNS записи",
-    "actionRestartOrgDomain": "Рестартирай домейн",
     "actionCreateSite": "Създаване на сайт",
     "actionDeleteSite": "Изтриване на сайта",
     "actionGetSite": "Вземете сайт",
@@ -1676,10 +1669,10 @@
     "sshSudoModeCommandsDescription": "Потребителят може да изпълнява само определени команди с sudo.",
     "sshSudo": "Разреши sudo",
     "sshSudoCommands": "Sudo команди",
-    "sshSudoCommandsDescription": "Списък, разделен със запетаи, с команди, които потребителят е позволено да изпълнява с sudo.",
+    "sshSudoCommandsDescription": "Списък с команди, които потребителят е разрешено да изпълнява с sudo.",
     "sshCreateHomeDir": "Създай начална директория",
     "sshUnixGroups": "Unix групи",
-    "sshUnixGroupsDescription": "Списък, разделен със запетаи, с Unix групи, към които да се добави потребителят на целевия хост.",
+    "sshUnixGroupsDescription": "Unix групи, в които да добавите потребителя на целевия хост.",
     "retryAttempts": "Опити за повторно",
     "expectedResponseCodes": "Очаквани кодове за отговор",
     "expectedResponseCodesDescription": "HTTP статус код, указващ здравословно състояние. Ако бъде оставено празно, между 200-300 се счита за здравословно.",

messages/cs-CZ.json

@@ -175,7 +175,6 @@
     "resourceHTTPDescription": "Proxy požadavky přes HTTPS pomocí plně kvalifikovaného názvu domény.",
     "resourceRaw": "Surový TCP/UDP zdroj",
     "resourceRawDescription": "Proxy požadavky přes nezpracovaný TCP/UDP pomocí čísla portu.",
-    "resourceRawDescriptionCloud": "Požadavky na proxy přes syrové TCP/UDP pomocí portového čísla. ŽÁDOSTI POUŽÍVAT POUŽITÍ Z REMOTE NODE.",
     "resourceCreate": "Vytvořit zdroj",
     "resourceCreateDescription": "Postupujte podle níže uvedených kroků, abyste vytvořili a připojili nový zdroj",
     "resourceSeeAll": "Zobrazit všechny zdroje",
@@ -1102,12 +1101,6 @@
     "actionGetUser": "Získat uživatele",
     "actionGetOrgUser": "Získat uživatele organizace",
     "actionListOrgDomains": "Seznam domén organizace",
-    "actionGetDomain": "Získat doménu",
-    "actionCreateOrgDomain": "Vytvořit doménu",
-    "actionUpdateOrgDomain": "Aktualizovat doménu",
-    "actionDeleteOrgDomain": "Odstranit doménu",
-    "actionGetDNSRecords": "Získat záznamy DNS",
-    "actionRestartOrgDomain": "Restartovat doménu",
     "actionCreateSite": "Vytvořit lokalitu",
     "actionDeleteSite": "Odstranění lokality",
     "actionGetSite": "Získat web",
@@ -1676,10 +1669,10 @@
     "sshSudoModeCommandsDescription": "Uživatel může spustit pouze zadané příkazy s sudo.",
     "sshSudo": "Povolit sudo",
     "sshSudoCommands": "Sudo příkazy",
-    "sshSudoCommandsDescription": "Čárkami oddělený seznam příkazů, které může uživatel spouštět s sudo.",
+    "sshSudoCommandsDescription": "Seznam příkazů, které může uživatel spouštět s sudo.",
     "sshCreateHomeDir": "Vytvořit domovský adresář",
     "sshUnixGroups": "Unixové skupiny",
-    "sshUnixGroupsDescription": "Čárkou oddělené skupiny Unix přidají uživatele do cílového hostitele.",
+    "sshUnixGroupsDescription": "Unix skupiny přidají uživatele do cílového hostitele.",
     "retryAttempts": "Opakovat pokusy",
     "expectedResponseCodes": "Očekávané kódy odezvy",
     "expectedResponseCodesDescription": "HTTP kód stavu, který označuje zdravý stav. Ponecháte-li prázdné, 200-300 je považováno za zdravé.",

messages/de-DE.json

@@ -175,7 +175,6 @@
     "resourceHTTPDescription": "Proxy-Anfragen über HTTPS mit einem voll qualifizierten Domain-Namen.",
     "resourceRaw": "Direkte TCP/UDP Ressource (raw)",
     "resourceRawDescription": "Proxy-Anfragen über rohes TCP/UDP mit einer Portnummer.",
-    "resourceRawDescriptionCloud": "Proxy-Anfragen über rohe TCP/UDP mit einer Portnummer. Erfordert die NUTZUNG eines REMOTE Knotens.",
     "resourceCreate": "Ressource erstellen",
     "resourceCreateDescription": "Folgen Sie den Schritten unten, um eine neue Ressource zu erstellen",
     "resourceSeeAll": "Alle Ressourcen anzeigen",
@@ -1102,12 +1101,6 @@
     "actionGetUser": "Benutzer abrufen",
     "actionGetOrgUser": "Organisationsbenutzer abrufen",
     "actionListOrgDomains": "Organisationsdomains auflisten",
-    "actionGetDomain": "Domain abrufen",
-    "actionCreateOrgDomain": "Domain erstellen",
-    "actionUpdateOrgDomain": "Domain aktualisieren",
-    "actionDeleteOrgDomain": "Domain löschen",
-    "actionGetDNSRecords": "DNS-Einträge abrufen",
-    "actionRestartOrgDomain": "Domain neu starten",
     "actionCreateSite": "Standort erstellen",
     "actionDeleteSite": "Standort löschen",
     "actionGetSite": "Standort abrufen",
@@ -1676,10 +1669,10 @@
     "sshSudoModeCommandsDescription": "Benutzer kann nur die angegebenen Befehle mit sudo ausführen.",
     "sshSudo": "sudo erlauben",
     "sshSudoCommands": "Sudo-Befehle",
-    "sshSudoCommandsDescription": "Kommagetrennte Liste von Befehlen, die der Benutzer mit sudo ausführen darf.",
+    "sshSudoCommandsDescription": "Liste der Befehle, die der Benutzer mit sudo ausführen darf.",
     "sshCreateHomeDir": "Home-Verzeichnis erstellen",
     "sshUnixGroups": "Unix-Gruppen",
-    "sshUnixGroupsDescription": "Durch Komma getrennte Unix-Gruppen, um den Benutzer auf dem Zielhost hinzuzufügen.",
+    "sshUnixGroupsDescription": "Unix-Gruppen, zu denen der Benutzer auf dem Ziel-Host hinzugefügt wird.",
     "retryAttempts": "Wiederholungsversuche",
     "expectedResponseCodes": "Erwartete Antwortcodes",
     "expectedResponseCodesDescription": "HTTP-Statuscode, der einen gesunden Zustand anzeigt. Wenn leer gelassen, wird 200-300 als gesund angesehen.",

messages/en-US.json

@@ -175,7 +175,6 @@
     "resourceHTTPDescription": "Proxy requests over HTTPS using a fully qualified domain name.",
     "resourceRaw": "Raw TCP/UDP Resource",
     "resourceRawDescription": "Proxy requests over raw TCP/UDP using a port number.",
-    "resourceRawDescriptionCloud": "Proxy requests over raw TCP/UDP using a port number. REQUIRES THE USE OF A REMOTE NODE.",
     "resourceCreate": "Create Resource",
     "resourceCreateDescription": "Follow the steps below to create a new resource",
     "resourceSeeAll": "See All Resources",
@@ -1103,12 +1102,6 @@
     "actionGetUser": "Get User",
     "actionGetOrgUser": "Get Organization User",
     "actionListOrgDomains": "List Organization Domains",
-    "actionGetDomain": "Get Domain",
-    "actionCreateOrgDomain": "Create Domain",
-    "actionUpdateOrgDomain": "Update Domain",
-    "actionDeleteOrgDomain": "Delete Domain",
-    "actionGetDNSRecords": "Get DNS Records",
-    "actionRestartOrgDomain": "Restart Domain",
     "actionCreateSite": "Create Site",
     "actionDeleteSite": "Delete Site",
     "actionGetSite": "Get Site",
@@ -1677,10 +1670,10 @@
     "sshSudoModeCommandsDescription": "User can run only the specified commands with sudo.",
     "sshSudo": "Allow sudo",
     "sshSudoCommands": "Sudo Commands",
-    "sshSudoCommandsDescription": "Comma separated list of commands the user is allowed to run with sudo.",
+    "sshSudoCommandsDescription": "List of commands the user is allowed to run with sudo.",
     "sshCreateHomeDir": "Create Home Directory",
     "sshUnixGroups": "Unix Groups",
-    "sshUnixGroupsDescription": "Comma separated Unix groups to add the user to on the target host.",
+    "sshUnixGroupsDescription": "Unix groups to add the user to on the target host.",
     "retryAttempts": "Retry Attempts",
     "expectedResponseCodes": "Expected Response Codes",
     "expectedResponseCodesDescription": "HTTP status code that indicates healthy status. If left blank, 200-300 is considered healthy.",

messages/es-ES.json

@@ -175,7 +175,6 @@
     "resourceHTTPDescription": "Proxy proporciona solicitudes sobre HTTPS usando un nombre de dominio completamente calificado.",
     "resourceRaw": "Recurso TCP/UDP sin procesar",
     "resourceRawDescription": "Proxy proporciona solicitudes sobre TCP/UDP usando un número de puerto.",
-    "resourceRawDescriptionCloud": "Las peticiones de proxy sobre TCP/UDP crudas usando un número de puerto. REQUIERE EL USO DE UN NODO REMOTE.",
     "resourceCreate": "Crear Recurso",
     "resourceCreateDescription": "Siga los siguientes pasos para crear un nuevo recurso",
     "resourceSeeAll": "Ver todos los recursos",
@@ -1102,12 +1101,6 @@
     "actionGetUser": "Obtener usuario",
     "actionGetOrgUser": "Obtener usuario de la organización",
     "actionListOrgDomains": "Listar dominios de la organización",
-    "actionGetDomain": "Obtener dominio",
-    "actionCreateOrgDomain": "Crear dominio",
-    "actionUpdateOrgDomain": "Actualizar dominio",
-    "actionDeleteOrgDomain": "Eliminar dominio",
-    "actionGetDNSRecords": "Obtener registros DNS",
-    "actionRestartOrgDomain": "Reiniciar dominio",
     "actionCreateSite": "Crear sitio",
     "actionDeleteSite": "Eliminar sitio",
     "actionGetSite": "Obtener sitio",
@@ -1676,10 +1669,10 @@
     "sshSudoModeCommandsDescription": "El usuario sólo puede ejecutar los comandos especificados con sudo.",
     "sshSudo": "Permitir sudo",
     "sshSudoCommands": "Comandos Sudo",
-    "sshSudoCommandsDescription": "Lista separada por comas de comandos que el usuario puede ejecutar con sudo.",
+    "sshSudoCommandsDescription": "Lista de comandos que el usuario puede ejecutar con sudo.",
     "sshCreateHomeDir": "Crear directorio principal",
     "sshUnixGroups": "Grupos Unix",
-    "sshUnixGroupsDescription": "Grupos Unix separados por comas para agregar el usuario en el host de destino.",
+    "sshUnixGroupsDescription": "Grupos Unix para agregar el usuario en el host de destino.",
     "retryAttempts": "Intentos de Reintento",
     "expectedResponseCodes": "Códigos de respuesta esperados",
     "expectedResponseCodesDescription": "Código de estado HTTP que indica un estado saludable. Si se deja en blanco, se considera saludable de 200 a 300.",

messages/fr-FR.json

@@ -175,7 +175,6 @@
     "resourceHTTPDescription": "Proxy les demandes sur HTTPS en utilisant un nom de domaine entièrement qualifié.",
     "resourceRaw": "Ressource TCP/UDP brute",
     "resourceRawDescription": "Proxy les demandes sur TCP/UDP brut en utilisant un numéro de port.",
-    "resourceRawDescriptionCloud": "Requêtes de proxy sur TCP/UDP brute en utilisant un numéro de port. REQUISE L'UTILISATION D'UN Nœud DE REMOTE.",
     "resourceCreate": "Créer une ressource",
     "resourceCreateDescription": "Suivez les étapes ci-dessous pour créer une nouvelle ressource",
     "resourceSeeAll": "Voir toutes les ressources",
@@ -1102,12 +1101,6 @@
     "actionGetUser": "Obtenir l'utilisateur",
     "actionGetOrgUser": "Obtenir l'utilisateur de l'organisation",
     "actionListOrgDomains": "Lister les domaines de l'organisation",
-    "actionGetDomain": "Obtenir un domaine",
-    "actionCreateOrgDomain": "Créer un domaine",
-    "actionUpdateOrgDomain": "Mettre à jour le domaine",
-    "actionDeleteOrgDomain": "Supprimer le domaine",
-    "actionGetDNSRecords": "Récupérer les enregistrements DNS",
-    "actionRestartOrgDomain": "Redémarrer le domaine",
     "actionCreateSite": "Créer un site",
     "actionDeleteSite": "Supprimer un site",
     "actionGetSite": "Obtenir un site",
@@ -1676,10 +1669,10 @@
     "sshSudoModeCommandsDescription": "L'utilisateur ne peut exécuter que les commandes spécifiées avec sudo.",
     "sshSudo": "Autoriser sudo",
     "sshSudoCommands": "Commandes Sudo",
-    "sshSudoCommandsDescription": "Liste des commandes séparées par des virgules que l'utilisateur est autorisé à exécuter avec sudo.",
+    "sshSudoCommandsDescription": "Liste des commandes que l'utilisateur est autorisé à exécuter avec sudo.",
     "sshCreateHomeDir": "Créer un répertoire personnel",
     "sshUnixGroups": "Groupes Unix",
-    "sshUnixGroupsDescription": "Groupes Unix séparés par des virgules pour ajouter l'utilisateur sur l'hôte cible.",
+    "sshUnixGroupsDescription": "Groupes Unix à ajouter à l'utilisateur sur l'hôte cible.",
     "retryAttempts": "Tentatives de réessai",
     "expectedResponseCodes": "Codes de réponse attendus",
     "expectedResponseCodesDescription": "Code de statut HTTP indiquant un état de santé satisfaisant. Si non renseigné, 200-300 est considéré comme satisfaisant.",

messages/it-IT.json

@@ -175,7 +175,6 @@
     "resourceHTTPDescription": "Richieste proxy su HTTPS usando un nome di dominio completo.",
     "resourceRaw": "Risorsa Raw TCP/UDP",
     "resourceRawDescription": "Richieste proxy su TCP/UDP grezzo utilizzando un numero di porta.",
-    "resourceRawDescriptionCloud": "Richieste proxy su TCP/UDP grezzo utilizzando un numero di porta. RICHIEDE L'USO DI UN NODO REMOTO.",
     "resourceCreate": "Crea Risorsa",
     "resourceCreateDescription": "Segui i passaggi seguenti per creare una nuova risorsa",
     "resourceSeeAll": "Vedi Tutte Le Risorse",
@@ -1102,12 +1101,6 @@
     "actionGetUser": "Ottieni Utente",
     "actionGetOrgUser": "Ottieni Utente Organizzazione",
     "actionListOrgDomains": "Elenca Domini Organizzazione",
-    "actionGetDomain": "Ottieni Dominio",
-    "actionCreateOrgDomain": "Crea Dominio",
-    "actionUpdateOrgDomain": "Aggiorna Dominio",
-    "actionDeleteOrgDomain": "Elimina Dominio",
-    "actionGetDNSRecords": "Ottieni Record DNS",
-    "actionRestartOrgDomain": "Riavvia Dominio",
     "actionCreateSite": "Crea Sito",
     "actionDeleteSite": "Elimina Sito",
     "actionGetSite": "Ottieni Sito",
@@ -1676,10 +1669,10 @@
     "sshSudoModeCommandsDescription": "L'utente può eseguire solo i comandi specificati con sudo.",
     "sshSudo": "Consenti sudo",
     "sshSudoCommands": "Comandi Sudo",
-    "sshSudoCommandsDescription": "Elenco di comandi separati da virgole che l'utente può eseguire con sudo.",
+    "sshSudoCommandsDescription": "Elenco di comandi che l'utente può eseguire con sudo.",
     "sshCreateHomeDir": "Crea Cartella Home",
     "sshUnixGroups": "Gruppi Unix",
-    "sshUnixGroupsDescription": "Gruppi Unix separati da virgole per aggiungere l'utente sull'host di destinazione.",
+    "sshUnixGroupsDescription": "Gruppi Unix su cui aggiungere l'utente sull'host di destinazione.",
     "retryAttempts": "Tentativi di Riprova",
     "expectedResponseCodes": "Codici di Risposta Attesi",
     "expectedResponseCodesDescription": "Codice di stato HTTP che indica lo stato di salute. Se lasciato vuoto, considerato sano è compreso tra 200-300.",

messages/ko-KR.json

@@ -175,7 +175,6 @@
     "resourceHTTPDescription": "완전한 도메인 이름을 사용해 RAW 또는 HTTPS로 프록시 요청을 수행합니다.",
     "resourceRaw": "원시 TCP/UDP 리소스",
     "resourceRawDescription": "포트 번호를 사용하여 RAW TCP/UDP로 요청을 프록시합니다.",
-    "resourceRawDescriptionCloud": "원시 TCP/UDP를 포트 번호를 사용하여 프록시 요청합니다. 원격 노드 사용이 필요합니다.",
     "resourceCreate": "리소스 생성",
     "resourceCreateDescription": "아래 단계를 따라 새 리소스를 생성하세요.",
     "resourceSeeAll": "모든 리소스 보기",
@@ -1102,12 +1101,6 @@
     "actionGetUser": "사용자 조회",
     "actionGetOrgUser": "조직 사용자 가져오기",
     "actionListOrgDomains": "조직 도메인 목록",
-    "actionGetDomain": "도메인 가져오기",
-    "actionCreateOrgDomain": "도메인 생성",
-    "actionUpdateOrgDomain": "도메인 업데이트",
-    "actionDeleteOrgDomain": "도메인 삭제",
-    "actionGetDNSRecords": "DNS 레코드 가져오기",
-    "actionRestartOrgDomain": "도메인 재시작",
     "actionCreateSite": "사이트 생성",
     "actionDeleteSite": "사이트 삭제",
     "actionGetSite": "사이트 가져오기",
@@ -1676,10 +1669,10 @@
     "sshSudoModeCommandsDescription": "사용자는 sudo로 지정된 명령만 실행할 수 있습니다.",
     "sshSudo": "Sudo 허용",
     "sshSudoCommands": "Sudo 명령",
-    "sshSudoCommandsDescription": "사용자가 sudo로 실행할 수 있는 명령어의 쉼표로 구분된 목록입니다.",
+    "sshSudoCommandsDescription": "사용자가 sudo로 실행할 수 있도록 허용된 명령 목록입니다.",
     "sshCreateHomeDir": "홈 디렉터리 생성",
     "sshUnixGroups": "유닉스 그룹",
-    "sshUnixGroupsDescription": "대상 호스트에서 사용자에게 추가할 유닉스 그룹의 쉼표로 구분된 목록입니다.",
+    "sshUnixGroupsDescription": "대상 호스트에서 사용자를 추가할 유닉스 그룹입니다.",
     "retryAttempts": "재시도 횟수",
     "expectedResponseCodes": "예상 응답 코드",
     "expectedResponseCodesDescription": "정상 상태를 나타내는 HTTP 상태 코드입니다. 비워 두면 200-300이 정상으로 간주됩니다.",

messages/nb-NO.json

@@ -175,7 +175,6 @@
     "resourceHTTPDescription": "Proxy forespørsler over HTTPS ved å bruke et fullstendig kvalifisert domenenavn.",
     "resourceRaw": "Rå TCP/UDP-ressurs",
     "resourceRawDescription": "Proxy forespørsler over rå TCP/UDP ved å bruke et portnummer.",
-    "resourceRawDescriptionCloud": "Proxy ber om et portnummer. Om du vil bruke et sportsnummer.",
     "resourceCreate": "Opprett ressurs",
     "resourceCreateDescription": "Følg trinnene nedenfor for å opprette en ny ressurs",
     "resourceSeeAll": "Se alle ressurser",
@@ -1102,12 +1101,6 @@
     "actionGetUser": "Hent bruker",
     "actionGetOrgUser": "Hent organisasjonsbruker",
     "actionListOrgDomains": "List opp organisasjonsdomener",
-    "actionGetDomain": "Få Domene",
-    "actionCreateOrgDomain": "Opprett domene",
-    "actionUpdateOrgDomain": "Oppdater domene",
-    "actionDeleteOrgDomain": "Slett domene",
-    "actionGetDNSRecords": "Hent DNS-oppføringer",
-    "actionRestartOrgDomain": "Omstart Domene",
     "actionCreateSite": "Opprett område",
     "actionDeleteSite": "Slett område",
     "actionGetSite": "Hent område",
@@ -1676,10 +1669,10 @@
     "sshSudoModeCommandsDescription": "Brukeren kan bare kjøre de angitte kommandoene med sudo.",
     "sshSudo": "Tillat sudo",
     "sshSudoCommands": "Sudo kommandoer",
-    "sshSudoCommandsDescription": "Kommaseparert liste med kommandoer brukeren kan kjøre med sudo.",
+    "sshSudoCommandsDescription": "Liste av kommandoer brukeren har lov til å kjøre med sudo.",
     "sshCreateHomeDir": "Opprett hjemmappe",
     "sshUnixGroups": "Unix grupper",
-    "sshUnixGroupsDescription": "Kommaseparerte Unix grupper for å legge brukeren til på mål-verten.",
+    "sshUnixGroupsDescription": "Unix grupper for å legge til brukeren til målverten.",
     "retryAttempts": "Forsøk på nytt",
     "expectedResponseCodes": "Forventede svarkoder",
     "expectedResponseCodesDescription": "HTTP-statuskode som indikerer sunn status. Hvis den blir stående tom, regnes 200-300 som sunn.",

messages/nl-NL.json

@@ -175,7 +175,6 @@
     "resourceHTTPDescription": "Proxyverzoeken via HTTPS met een volledig gekwalificeerde domeinnaam.",
     "resourceRaw": "TCP/UDP bron",
     "resourceRawDescription": "Proxyverzoeken via ruwe TCP/UDP met een poortnummer.",
-    "resourceRawDescriptionCloud": "Proxy vraagt om onbewerkte TCP/UDP met behulp van een poortnummer. VEREIST HET GEBRUIK VAN EEN AFSTANDSBEDIENING NODE.",
     "resourceCreate": "Bron maken",
     "resourceCreateDescription": "Volg de onderstaande stappen om een nieuwe bron te maken",
     "resourceSeeAll": "Alle bronnen bekijken",
@@ -1102,12 +1101,6 @@
     "actionGetUser": "Gebruiker ophalen",
     "actionGetOrgUser": "Krijg organisatie-gebruiker",
     "actionListOrgDomains": "Lijst organisatie domeinen",
-    "actionGetDomain": "Domein verkrijgen",
-    "actionCreateOrgDomain": "Domein aanmaken",
-    "actionUpdateOrgDomain": "Domein bijwerken",
-    "actionDeleteOrgDomain": "Domein verwijderen",
-    "actionGetDNSRecords": "Krijg DNS Records",
-    "actionRestartOrgDomain": "Domein opnieuw starten",
     "actionCreateSite": "Site aanmaken",
     "actionDeleteSite": "Site verwijderen",
     "actionGetSite": "Site ophalen",
@@ -1676,10 +1669,10 @@
     "sshSudoModeCommandsDescription": "Gebruiker kan alleen de opgegeven commando's uitvoeren met de sudo.",
     "sshSudo": "sudo toestaan",
     "sshSudoCommands": "Sudo Commando's",
-    "sshSudoCommandsDescription": "Komma's gescheiden lijst van commando's waar de gebruiker een sudo mee mag uitvoeren.",
+    "sshSudoCommandsDescription": "Lijst van commando's die de gebruiker mag uitvoeren met een sudo.",
     "sshCreateHomeDir": "Maak Home Directory",
     "sshUnixGroups": "Unix groepen",
-    "sshUnixGroupsDescription": "Door komma's gescheiden Unix-groepen om de gebruiker toe te voegen aan de doelhost.",
+    "sshUnixGroupsDescription": "Unix groepen om de gebruiker toe te voegen aan de doel host.",
     "retryAttempts": "Herhaal Pogingen",
     "expectedResponseCodes": "Verwachte Reactiecodes",
     "expectedResponseCodesDescription": "HTTP-statuscode die gezonde status aangeeft. Indien leeg wordt 200-300 als gezond beschouwd.",

messages/pl-PL.json

@@ -175,7 +175,6 @@
     "resourceHTTPDescription": "Proxy zapytań przez HTTPS przy użyciu w pełni kwalifikowanej nazwy domeny.",
     "resourceRaw": "Surowy zasób TCP/UDP",
     "resourceRawDescription": "Proxy zapytań przez surowe TCP/UDP przy użyciu numeru portu.",
-    "resourceRawDescriptionCloud": "Proxy żądania przesyłania danych nad surowym TCP/UDP przy użyciu numeru portu. Wymaga UŻYTKOWANIA PALIWA węzła.",
     "resourceCreate": "Utwórz zasób",
     "resourceCreateDescription": "Wykonaj poniższe kroki, aby utworzyć nowy zasób",
     "resourceSeeAll": "Zobacz wszystkie zasoby",
@@ -1102,12 +1101,6 @@
     "actionGetUser": "Pobierz użytkownika",
     "actionGetOrgUser": "Pobierz użytkownika organizacji",
     "actionListOrgDomains": "Lista domen organizacji",
-    "actionGetDomain": "Pobierz domenę",
-    "actionCreateOrgDomain": "Utwórz domenę",
-    "actionUpdateOrgDomain": "Aktualizuj domenę",
-    "actionDeleteOrgDomain": "Usuń domenę",
-    "actionGetDNSRecords": "Pobierz rekordy DNS",
-    "actionRestartOrgDomain": "Zrestartuj domenę",
     "actionCreateSite": "Utwórz witrynę",
     "actionDeleteSite": "Usuń witrynę",
     "actionGetSite": "Pobierz witrynę",
@@ -1676,10 +1669,10 @@
     "sshSudoModeCommandsDescription": "Użytkownik może uruchamiać tylko określone polecenia z sudo.",
     "sshSudo": "Zezwól na sudo",
     "sshSudoCommands": "Komendy Sudo",
-    "sshSudoCommandsDescription": "Lista poleceń oddzielonych przecinkami, które użytkownik może uruchamiać z sudo.",
+    "sshSudoCommandsDescription": "Lista poleceń, które użytkownik może uruchamiać z sudo.",
     "sshCreateHomeDir": "Utwórz katalog domowy",
     "sshUnixGroups": "Grupy Unix",
-    "sshUnixGroupsDescription": "Oddzielone przecinkami grupy Unix, aby dodać użytkownika do docelowego hosta.",
+    "sshUnixGroupsDescription": "Grupy Unix do dodania użytkownika do docelowego hosta.",
     "retryAttempts": "Próby Ponowienia",
     "expectedResponseCodes": "Oczekiwane Kody Odpowiedzi",
     "expectedResponseCodesDescription": "Kod statusu HTTP, który wskazuje zdrowy status. Jeśli pozostanie pusty, uznaje się 200-300 za zdrowy.",

messages/pt-PT.json

@@ -175,7 +175,6 @@
     "resourceHTTPDescription": "Proxies requests sobre HTTPS usando um nome de domínio totalmente qualificado.",
     "resourceRaw": "Recurso TCP/UDP bruto",
     "resourceRawDescription": "Proxies solicitações sobre TCP/UDP bruto usando um número de porta.",
-    "resourceRawDescriptionCloud": "Proxy solicita sobre TCP/UDP bruto usando um número de porta. OBRIGATÓRIO O USO DE UMA NOTA REMOTA.",
     "resourceCreate": "Criar Recurso",
     "resourceCreateDescription": "Siga os passos abaixo para criar um novo recurso",
     "resourceSeeAll": "Ver todos os recursos",
@@ -1102,12 +1101,6 @@
     "actionGetUser": "Obter Usuário",
     "actionGetOrgUser": "Obter Utilizador da Organização",
     "actionListOrgDomains": "Listar Domínios da Organização",
-    "actionGetDomain": "Obter domínio",
-    "actionCreateOrgDomain": "Criar domínio",
-    "actionUpdateOrgDomain": "Atualizar domínio",
-    "actionDeleteOrgDomain": "Excluir domínio",
-    "actionGetDNSRecords": "Obter registros de DNS",
-    "actionRestartOrgDomain": "Reiniciar domínio",
     "actionCreateSite": "Criar Site",
     "actionDeleteSite": "Eliminar Site",
     "actionGetSite": "Obter Site",
@@ -1676,10 +1669,10 @@
     "sshSudoModeCommandsDescription": "Usuário só pode executar os comandos especificados com sudo.",
     "sshSudo": "Permitir sudo",
     "sshSudoCommands": "Comandos Sudo",
-    "sshSudoCommandsDescription": "Lista separada por vírgulas de comandos que o usuário pode executar com sudo.",
+    "sshSudoCommandsDescription": "Lista de comandos com permissão de executar com o sudo.",
     "sshCreateHomeDir": "Criar Diretório Inicial",
     "sshUnixGroups": "Grupos Unix",
-    "sshUnixGroupsDescription": "Grupos Unix separados por vírgulas para adicionar o usuário no host alvo.",
+    "sshUnixGroupsDescription": "Grupos Unix para adicionar o usuário no host de destino.",
     "retryAttempts": "Tentativas de Repetição",
     "expectedResponseCodes": "Códigos de Resposta Esperados",
     "expectedResponseCodesDescription": "Código de status HTTP que indica estado saudável. Se deixado em branco, 200-300 é considerado saudável.",

messages/ru-RU.json

@@ -175,7 +175,6 @@
     "resourceHTTPDescription": "Проксировать запросы через HTTPS с использованием полного доменного имени.",
     "resourceRaw": "Сырой TCP/UDP-ресурс",
     "resourceRawDescription": "Проксировать запросы по сырому TCP/UDP с использованием номера порта.",
-    "resourceRawDescriptionCloud": "Прокси-запросы через необработанный TCP/UDP с использованием номера порта. ТРЕБУЕТЕСЬ ИСПОЛЬЗОВАТЬ НЕОБХОДИМЫ.",
     "resourceCreate": "Создание ресурса",
     "resourceCreateDescription": "Следуйте инструкциям ниже для создания нового ресурса",
     "resourceSeeAll": "Посмотреть все ресурсы",
@@ -1102,12 +1101,6 @@
     "actionGetUser": "Получить пользователя",
     "actionGetOrgUser": "Получить пользователя организации",
     "actionListOrgDomains": "Список доменов организации",
-    "actionGetDomain": "Получить домен",
-    "actionCreateOrgDomain": "Создать домен",
-    "actionUpdateOrgDomain": "Обновить домен",
-    "actionDeleteOrgDomain": "Удалить домен",
-    "actionGetDNSRecords": "Получить записи DNS",
-    "actionRestartOrgDomain": "Перезапустить домен",
     "actionCreateSite": "Создать сайт",
     "actionDeleteSite": "Удалить сайт",
     "actionGetSite": "Получить сайт",
@@ -1676,10 +1669,10 @@
     "sshSudoModeCommandsDescription": "Пользователь может запускать только указанные команды с помощью sudo.",
     "sshSudo": "Разрешить sudo",
     "sshSudoCommands": "Sudo Команды",
-    "sshSudoCommandsDescription": "Список команд, разделенных запятыми, которые пользователю разрешено запускать с помощью sudo.",
+    "sshSudoCommandsDescription": "Список команд, которые пользователю разрешено запускать с помощью sudo.",
     "sshCreateHomeDir": "Создать домашний каталог",
     "sshUnixGroups": "Unix группы",
-    "sshUnixGroupsDescription": "Группы Unix через запятую, чтобы добавить пользователя на целевой хост.",
+    "sshUnixGroupsDescription": "Unix группы для добавления пользователя на целевой хост.",
     "retryAttempts": "Количество попыток повторного запроса",
     "expectedResponseCodes": "Ожидаемые коды ответов",
     "expectedResponseCodesDescription": "HTTP-код состояния, указывающий на здоровое состояние. Если оставить пустым, 200-300 считается здоровым.",

messages/tr-TR.json

@@ -175,7 +175,6 @@
     "resourceHTTPDescription": "Tam nitelikli bir etki alanı adı kullanarak HTTPS üzerinden proxy isteklerini yönlendirin.",
     "resourceRaw": "Ham TCP/UDP Kaynağı",
     "resourceRawDescription": "Port numarası kullanarak ham TCP/UDP üzerinden proxy isteklerini yönlendirin.",
-    "resourceRawDescriptionCloud": "Bir port numarası kullanarak ham TCP/UDP üzerinden istekleri proxy ile yönlendirin. UZAKTAN BİR DÜĞÜM KULLANIMINI GEREKTİRİR.",
     "resourceCreate": "Kaynak Oluştur",
     "resourceCreateDescription": "Yeni bir kaynak oluşturmak için aşağıdaki adımları izleyin",
     "resourceSeeAll": "Tüm Kaynakları Gör",
@@ -1102,12 +1101,6 @@
     "actionGetUser": "Kullanıcıyı Getir",
     "actionGetOrgUser": "Kuruluş Kullanıcısını Al",
     "actionListOrgDomains": "Kuruluş Alan Adlarını Listele",
-    "actionGetDomain": "Alan Adını Al",
-    "actionCreateOrgDomain": "Alan Adı Oluştur",
-    "actionUpdateOrgDomain": "Alan Adını Güncelle",
-    "actionDeleteOrgDomain": "Alan Adını Sil",
-    "actionGetDNSRecords": "DNS Kayıtlarını Al",
-    "actionRestartOrgDomain": "Alanı Yeniden Başlat",
     "actionCreateSite": "Site Oluştur",
     "actionDeleteSite": "Siteyi Sil",
     "actionGetSite": "Siteyi Al",
@@ -1676,10 +1669,10 @@
     "sshSudoModeCommandsDescription": "Kullanıcı sadece belirtilen komutları sudo ile çalıştırabilir.",
     "sshSudo": "Sudo'ya izin ver",
     "sshSudoCommands": "Sudo Komutları",
-    "sshSudoCommandsDescription": "Kullanıcının sudo ile çalıştırmasına izin verilen komutların virgülle ayrılmış listesi.",
+    "sshSudoCommandsDescription": "Kullanıcının sudo ile çalıştırmasına izin verilen komutların listesi.",
     "sshCreateHomeDir": "Ev Dizini Oluştur",
     "sshUnixGroups": "Unix Grupları",
-    "sshUnixGroupsDescription": "Hedef konakta kullanıcıya eklenecek Unix gruplarının virgülle ayrılmış listesi.",
+    "sshUnixGroupsDescription": "Hedef ana bilgisayarda kullanıcıya eklemek için Unix grupları.",
     "retryAttempts": "Tekrar Deneme Girişimleri",
     "expectedResponseCodes": "Beklenen Yanıt Kodları",
     "expectedResponseCodesDescription": "Sağlıklı durumu gösteren HTTP durum kodu. Boş bırakılırsa, 200-300 arası sağlıklı kabul edilir.",

messages/zh-CN.json

@@ -175,7 +175,6 @@
     "resourceHTTPDescription": "通过使用完全限定的域名的HTTPS代理请求。",
     "resourceRaw": "TCP/UDP 资源",
     "resourceRawDescription": "通过使用端口号的原始TCP/UDP代理请求。",
-    "resourceRawDescriptionCloud": "正在使用端口号的 TCP/UDP 代理请求。请使用一个REMOTE",
     "resourceCreate": "创建资源",
     "resourceCreateDescription": "按照下面的步骤创建新资源",
     "resourceSeeAll": "查看所有资源",
@@ -1102,12 +1101,6 @@
     "actionGetUser": "获取用户",
     "actionGetOrgUser": "获取组织用户",
     "actionListOrgDomains": "列出组织域",
-    "actionGetDomain": "获取域",
-    "actionCreateOrgDomain": "创建域",
-    "actionUpdateOrgDomain": "更新域",
-    "actionDeleteOrgDomain": "删除域",
-    "actionGetDNSRecords": "获取 DNS 记录",
-    "actionRestartOrgDomain": "重新启动域",
     "actionCreateSite": "创建站点",
     "actionDeleteSite": "删除站点",
     "actionGetSite": "获取站点",
@@ -1676,10 +1669,10 @@
     "sshSudoModeCommandsDescription": "用户只能用 sudo 运行指定的命令。",
     "sshSudo": "允许Sudo",
     "sshSudoCommands": "Sudo 命令",
-    "sshSudoCommandsDescription": "逗号分隔的用户允许使用 sudo 运行的命令列表。",
+    "sshSudoCommandsDescription": "允许用户使用 sudo 运行的命令列表。",
     "sshCreateHomeDir": "创建主目录",
     "sshUnixGroups": "Unix 组",
-    "sshUnixGroupsDescription": "用逗号分隔了Unix组，将用户添加到目标主机上。",
+    "sshUnixGroupsDescription": "将用户添加到目标主机的Unix组。",
     "retryAttempts": "重试次数",
     "expectedResponseCodes": "期望响应代码",
     "expectedResponseCodesDescription": "HTTP 状态码表示健康状态。如留空，200-300 被视为健康。",

package.json

@@ -110,6 +110,7 @@
         "react-icons": "5.5.0",
         "recharts": "2.15.4",
         "reodotdev": "1.0.0",
+        "resend": "6.9.2",
         "semver": "7.7.4",
         "sshpk": "^1.18.0",
         "stripe": "20.3.1",
@@ -161,7 +162,7 @@
         "drizzle-kit": "0.31.9",
         "esbuild": "0.27.3",
         "esbuild-node-externals": "1.20.1",
-        "eslint": "9.39.2",
+        "eslint": "10.0.2",
         "eslint-config-next": "16.1.6",
         "postcss": "8.5.6",
         "prettier": "3.8.1",

server/db/pg/schema/schema.ts

@@ -283,7 +283,6 @@ export const users = pgTable("user", {
     dateCreated: varchar("dateCreated").notNull(),
     termsAcceptedTimestamp: varchar("termsAcceptedTimestamp"),
     termsVersion: varchar("termsVersion"),
-    marketingEmailConsent: boolean("marketingEmailConsent").default(false),
     serverAdmin: boolean("serverAdmin").notNull().default(false),
     lastPasswordChange: bigint("lastPasswordChange", { mode: "number" })
 });

server/db/sqlite/schema/schema.ts

@@ -314,9 +314,6 @@ export const users = sqliteTable("user", {
     dateCreated: text("dateCreated").notNull(),
     termsAcceptedTimestamp: text("termsAcceptedTimestamp"),
     termsVersion: text("termsVersion"),
-    marketingEmailConsent: integer("marketingEmailConsent", {
-        mode: "boolean"
-    }).default(false),
     serverAdmin: integer("serverAdmin", { mode: "boolean" })
         .notNull()
         .default(false),

server/integrationApiServer.ts

@@ -17,7 +17,6 @@ import fs from "fs";
 import path from "path";
 import { APP_PATH } from "./lib/consts";
 import yaml from "js-yaml";
-import { z } from "zod";
 
 const dev = process.env.ENVIRONMENT !== "prod";
 const externalPort = config.getRawConfig().server.integration_port;
@@ -39,24 +38,12 @@ export function createIntegrationApiServer() {
     apiServer.use(cookieParser());
     apiServer.use(express.json());
 
-    const openApiDocumentation = getOpenApiDocumentation();
-
     apiServer.use(
         "/v1/docs",
         swaggerUi.serve,
-        swaggerUi.setup(openApiDocumentation)
+        swaggerUi.setup(getOpenApiDocumentation())
     );
 
-    // Unauthenticated OpenAPI spec endpoints
-    apiServer.get("/v1/openapi.json", (_req, res) => {
-        res.json(openApiDocumentation);
-    });
-
-    apiServer.get("/v1/openapi.yaml", (_req, res) => {
-        const yamlOutput = yaml.dump(openApiDocumentation);
-        res.type("application/yaml").send(yamlOutput);
-    });
-
     // API routes
     const prefix = `/v1`;
     apiServer.use(logIncomingMiddleware);
@@ -88,6 +75,16 @@ function getOpenApiDocumentation() {
         }
     );
 
+    for (const def of registry.definitions) {
+        if (def.type === "route") {
+            def.route.security = [
+                {
+                    [bearerAuth.name]: []
+                }
+            ];
+        }
+    }
+
     registry.registerPath({
         method: "get",
         path: "/",
@@ -97,74 +94,6 @@ function getOpenApiDocumentation() {
         responses: {}
     });
 
-    registry.registerPath({
-        method: "get",
-        path: "/openapi.json",
-        description: "Get OpenAPI specification as JSON",
-        tags: [],
-        request: {},
-        responses: {
-            "200": {
-                description: "OpenAPI specification as JSON",
-                content: {
-                    "application/json": {
-                        schema: {
-                            type: "object"
-                        }
-                    }
-                }
-            }
-        }
-    });
-
-    registry.registerPath({
-        method: "get",
-        path: "/openapi.yaml",
-        description: "Get OpenAPI specification as YAML",
-        tags: [],
-        request: {},
-        responses: {
-            "200": {
-                description: "OpenAPI specification as YAML",
-                content: {
-                    "application/yaml": {
-                        schema: {
-                            type: "string"
-                        }
-                    }
-                }
-            }
-        }
-    });
-
-    for (const def of registry.definitions) {
-        if (def.type === "route") {
-            def.route.security = [
-                {
-                    [bearerAuth.name]: []
-                }
-            ];
-
-            // Ensure every route has a generic JSON response schema so Swagger UI can render responses
-            const existingResponses = def.route.responses;
-            const hasExistingResponses =
-                existingResponses && Object.keys(existingResponses).length > 0;
-
-            if (!hasExistingResponses) {
-                def.route.responses = {
-                    "*": {
-                        description: "",
-                        content: {
-                            "application/json": {
-                                schema: z.object({})
-                            }
-                        }
-                    }
-                };
-            }
-        }
-    }
-
     const generator = new OpenApiGeneratorV3(registry.definitions);
 
     const generated = generator.generateDocument({

server/lib/resend.ts

@@ -0,0 +1,16 @@
+export enum AudienceIds {
+    SignUps = "",
+    Subscribed = "",
+    Churned = "",
+    Newsletter = ""
+}
+
+let resend;
+export default resend;
+
+export async function moveEmailToAudience(
+    email: string,
+    audienceId: AudienceIds
+) {
+    return;
+}

server/lib/traefik/getTraefikConfig.ts

@@ -477,10 +477,7 @@ export async function getTraefikConfig(
 
                         // TODO: HOW TO HANDLE ^^^^^^ BETTER
                         const anySitesOnline = targets.some(
-                            (target) =>
-                            target.site.online ||
-                            target.site.type === "local" ||
-                            target.site.type === "wireguard"
+                            (target) => target.site.online
                         );
 
                         return (
@@ -493,7 +490,7 @@ export async function getTraefikConfig(
                                     if (target.health == "unhealthy") {
                                         return false;
                                     }
-                                    
+
                                     // If any sites are online, exclude offline sites
                                     if (anySitesOnline && !target.site.online) {
                                         return false;
@@ -608,10 +605,7 @@ export async function getTraefikConfig(
                     servers: (() => {
                         // Check if any sites are online
                         const anySitesOnline = targets.some(
-                            (target) =>
-                            target.site.online ||
-                            target.site.type === "local" ||
-                            target.site.type === "wireguard"
+                            (target) => target.site.online
                         );
 
                         return targets
@@ -619,7 +613,7 @@ export async function getTraefikConfig(
                                 if (!target.enabled) {
                                     return false;
                                 }
-                                
+
                                 // If any sites are online, exclude offline sites
                                 if (anySitesOnline && !target.site.online) {
                                     return false;

server/middlewares/integration/index.ts

@@ -14,4 +14,3 @@ export * from "./verifyApiKeyApiKeyAccess";
 export * from "./verifyApiKeyClientAccess";
 export * from "./verifyApiKeySiteResourceAccess";
 export * from "./verifyApiKeyIdpAccess";
-export * from "./verifyApiKeyDomainAccess";

server/middlewares/integration/verifyApiKeyDomainAccess.ts

@@ -1,90 +0,0 @@
-import { Request, Response, NextFunction } from "express";
-import { db, domains, orgDomains, apiKeyOrg } from "@server/db";
-import { and, eq } from "drizzle-orm";
-import createHttpError from "http-errors";
-import HttpCode from "@server/types/HttpCode";
-
-export async function verifyApiKeyDomainAccess(
-    req: Request,
-    res: Response,
-    next: NextFunction
-) {
-    try {
-        const apiKey = req.apiKey;
-        const domainId =
-            req.params.domainId || req.body.domainId || req.query.domainId;
-        const orgId = req.params.orgId;
-
-        if (!apiKey) {
-            return next(
-                createHttpError(HttpCode.UNAUTHORIZED, "Key not authenticated")
-            );
-        }
-
-        if (!domainId) {
-            return next(
-                createHttpError(HttpCode.BAD_REQUEST, "Invalid domain ID")
-            );
-        }
-
-        if (apiKey.isRoot) {
-            // Root keys can access any domain in any org
-            return next();
-        }
-
-        // Verify domain exists and belongs to the organization
-        const [domain] = await db
-            .select()
-            .from(domains)
-            .innerJoin(orgDomains, eq(orgDomains.domainId, domains.domainId))
-            .where(
-                and(
-                    eq(orgDomains.domainId, domainId),
-                    eq(orgDomains.orgId, orgId)
-                )
-            )
-            .limit(1);
-
-        if (!domain) {
-            return next(
-                createHttpError(
-                    HttpCode.NOT_FOUND,
-                    `Domain with ID ${domainId} not found in organization ${orgId}`
-                )
-            );
-        }
-
-        // Verify the API key has access to this organization
-        if (!req.apiKeyOrg) {
-            const apiKeyOrgRes = await db
-                .select()
-                .from(apiKeyOrg)
-                .where(
-                    and(
-                        eq(apiKeyOrg.apiKeyId, apiKey.apiKeyId),
-                        eq(apiKeyOrg.orgId, orgId)
-                    )
-                )
-                .limit(1);
-            req.apiKeyOrg = apiKeyOrgRes[0];
-        }
-
-        if (!req.apiKeyOrg) {
-            return next(
-                createHttpError(
-                    HttpCode.FORBIDDEN,
-                    "Key does not have access to this organization"
-                )
-            );
-        }
-
-        return next();
-    } catch (error) {
-        return next(
-            createHttpError(
-                HttpCode.INTERNAL_SERVER_ERROR,
-                "Error verifying domain access"
-            )
-        );
-    }
-}

server/openApi.ts

@@ -5,20 +5,17 @@ export const registry = new OpenAPIRegistry();
 export enum OpenAPITags {
     Site = "Site",
     Org = "Organization",
-    PublicResource = "Public Resource",
-    PrivateResource = "Private Resource",
+    Resource = "Resource",
     Role = "Role",
     User = "User",
-    Invitation = "User Invitation",
-    Target = "Resource Target",
+    Invitation = "Invitation",
+    Target = "Target",
     Rule = "Rule",
     AccessToken = "Access Token",
-    GlobalIdp = "Identity Provider (Global)",
-    OrgIdp = "Identity Provider (Organization Only)",
+    Idp = "Identity Provider",
     Client = "Client",
     ApiKey = "API Key",
     Domain = "Domain",
     Blueprint = "Blueprint",
-    Ssh = "SSH",
-    Logs = "Logs"
+    Ssh = "SSH"
 }

server/private/lib/readConfigFile.ts

@@ -38,6 +38,10 @@ export const privateConfigSchema = z.object({
                 .string()
                 .optional()
                 .transform(getEnvOrYaml("SERVER_ENCRYPTION_KEY")),
+            resend_api_key: z
+                .string()
+                .optional()
+                .transform(getEnvOrYaml("RESEND_API_KEY")),
             reo_client_id: z
                 .string()
                 .optional()

server/private/lib/resend.ts

@@ -0,0 +1,127 @@
+/*
+ * This file is part of a proprietary work.
+ *
+ * Copyright (c) 2025 Fossorial, Inc.
+ * All rights reserved.
+ *
+ * This file is licensed under the Fossorial Commercial License.
+ * You may not use this file except in compliance with the License.
+ * Unauthorized use, copying, modification, or distribution is strictly prohibited.
+ *
+ * This file is not licensed under the AGPLv3.
+ */
+
+import { Resend } from "resend";
+import privateConfig from "#private/lib/config";
+import logger from "@server/logger";
+
+export enum AudienceIds {
+    SignUps = "6c4e77b2-0851-4bd6-bac8-f51f91360f1a",
+    Subscribed = "870b43fd-387f-44de-8fc1-707335f30b20",
+    Churned = "f3ae92bd-2fdb-4d77-8746-2118afd62549",
+    Newsletter = "5500c431-191c-42f0-a5d4-8b6d445b4ea0"
+}
+
+const resend = new Resend(
+    privateConfig.getRawPrivateConfig().server.resend_api_key || "missing"
+);
+
+export default resend;
+
+export async function moveEmailToAudience(
+    email: string,
+    audienceId: AudienceIds
+) {
+    if (process.env.ENVIRONMENT !== "prod") {
+        logger.debug(
+            `Skipping moving email ${email} to audience ${audienceId} in non-prod environment`
+        );
+        return;
+    }
+    const { error, data } = await retryWithBackoff(async () => {
+        const { data, error } = await resend.contacts.create({
+            email,
+            unsubscribed: false,
+            audienceId
+        });
+        if (error) {
+            throw new Error(
+                `Error adding email ${email} to audience ${audienceId}: ${error}`
+            );
+        }
+        return { error, data };
+    });
+
+    if (error) {
+        logger.error(
+            `Error adding email ${email} to audience ${audienceId}: ${error}`
+        );
+        return;
+    }
+
+    if (data) {
+        logger.debug(
+            `Added email ${email} to audience ${audienceId} with contact ID ${data.id}`
+        );
+    }
+
+    const otherAudiences = Object.values(AudienceIds).filter(
+        (id) => id !== audienceId
+    );
+
+    for (const otherAudienceId of otherAudiences) {
+        const { error, data } = await retryWithBackoff(async () => {
+            const { data, error } = await resend.contacts.remove({
+                email,
+                audienceId: otherAudienceId
+            });
+            if (error) {
+                throw new Error(
+                    `Error removing email ${email} from audience ${otherAudienceId}: ${error}`
+                );
+            }
+            return { error, data };
+        });
+
+        if (error) {
+            logger.error(
+                `Error removing email ${email} from audience ${otherAudienceId}: ${error}`
+            );
+        }
+
+        if (data) {
+            logger.info(
+                `Removed email ${email} from audience ${otherAudienceId}`
+            );
+        }
+    }
+}
+
+type RetryOptions = {
+    retries?: number;
+    initialDelayMs?: number;
+    factor?: number;
+};
+
+export async function retryWithBackoff<T>(
+    fn: () => Promise<T>,
+    options: RetryOptions = {}
+): Promise<T> {
+    const { retries = 5, initialDelayMs = 500, factor = 2 } = options;
+
+    let attempt = 0;
+    let delay = initialDelayMs;
+
+    while (true) {
+        try {
+            return await fn();
+        } catch (err) {
+            attempt++;
+
+            if (attempt > retries) throw err;
+
+            await new Promise((resolve) => setTimeout(resolve, delay));
+            delay *= factor;
+        }
+    }
+}

server/private/lib/traefik/getTraefikConfig.ts

@@ -665,10 +665,7 @@ export async function getTraefikConfig(
 
                         // TODO: HOW TO HANDLE ^^^^^^ BETTER
                         const anySitesOnline = targets.some(
-                            (target) =>
-                            target.site.online ||
-                            target.site.type === "local" ||
-                            target.site.type === "wireguard"
+                            (target) => target.site.online
                         );
 
                         return (
@@ -796,10 +793,7 @@ export async function getTraefikConfig(
                     servers: (() => {
                         // Check if any sites are online
                         const anySitesOnline = targets.some(
-                            (target) =>
-                            target.site.online ||
-                            target.site.type === "local" ||
-                            target.site.type === "wireguard"
+                            (target) => target.site.online
                         );
 
                         return targets

server/private/routers/auditLogs/exportAccessAuditLog.ts

@@ -32,7 +32,7 @@ registry.registerPath({
     method: "get",
     path: "/org/{orgId}/logs/access/export",
     description: "Export the access audit log for an organization as CSV",
-    tags: [OpenAPITags.Logs],
+    tags: [OpenAPITags.Org],
     request: {
         query: queryAccessAuditLogsQuery,
         params: queryAccessAuditLogsParams

server/private/routers/auditLogs/exportActionAuditLog.ts

@@ -32,7 +32,7 @@ registry.registerPath({
     method: "get",
     path: "/org/{orgId}/logs/action/export",
     description: "Export the action audit log for an organization as CSV",
-    tags: [OpenAPITags.Logs],
+    tags: [OpenAPITags.Org],
     request: {
         query: queryActionAuditLogsQuery,
         params: queryActionAuditLogsParams

server/private/routers/auditLogs/queryAccessAuditLog.ts

@@ -249,7 +249,7 @@ registry.registerPath({
     method: "get",
     path: "/org/{orgId}/logs/access",
     description: "Query the access audit log for an organization",
-    tags: [OpenAPITags.Logs],
+    tags: [OpenAPITags.Org],
     request: {
         query: queryAccessAuditLogsQuery,
         params: queryAccessAuditLogsParams

server/private/routers/auditLogs/queryActionAuditLog.ts

@@ -160,7 +160,7 @@ registry.registerPath({
     method: "get",
     path: "/org/{orgId}/logs/action",
     description: "Query the action audit log for an organization",
-    tags: [OpenAPITags.Logs],
+    tags: [OpenAPITags.Org],
     request: {
         query: queryActionAuditLogsQuery,
         params: queryActionAuditLogsParams

server/private/routers/billing/getOrgUsage.ts

@@ -31,16 +31,16 @@ const getOrgSchema = z.strictObject({
     orgId: z.string()
 });
 
-// registry.registerPath({
-//     method: "get",
-//     path: "/org/{orgId}/billing/usage",
-//     description: "Get an organization's billing usage",
-//     tags: [OpenAPITags.Org],
-//     request: {
-//         params: getOrgSchema
-//     },
-//     responses: {}
-// });
+registry.registerPath({
+    method: "get",
+    path: "/org/{orgId}/billing/usage",
+    description: "Get an organization's billing usage",
+    tags: [OpenAPITags.Org],
+    request: {
+        params: getOrgSchema
+    },
+    responses: {}
+});
 
 export async function getOrgUsage(
     req: Request,

server/private/routers/billing/hooks/handleSubscriptionCreated.ts

@@ -24,6 +24,7 @@ import { eq, and } from "drizzle-orm";
 import logger from "@server/logger";
 import stripe from "#private/lib/stripe";
 import { handleSubscriptionLifesycle } from "../subscriptionLifecycle";
+import { AudienceIds, moveEmailToAudience } from "#private/lib/resend";
 import { getSubType } from "./getSubType";
 import privateConfig from "#private/lib/config";
 import { getLicensePriceSet, LicenseId } from "@server/lib/billing/licenses";
@@ -171,7 +172,7 @@ export async function handleSubscriptionCreated(
                 const email = orgUserRes.user.email;
 
                 if (email) {
-                    // TODO: update user in Sendy
+                    moveEmailToAudience(email, AudienceIds.Subscribed);
                 }
             }
         } else if (type === "license") {

server/private/routers/billing/hooks/handleSubscriptionDeleted.ts

@@ -23,6 +23,7 @@ import {
 import { eq, and } from "drizzle-orm";
 import logger from "@server/logger";
 import { handleSubscriptionLifesycle } from "../subscriptionLifecycle";
+import { AudienceIds, moveEmailToAudience } from "#private/lib/resend";
 import { getSubType } from "./getSubType";
 import stripe from "#private/lib/stripe";
 import privateConfig from "#private/lib/config";
@@ -108,7 +109,7 @@ export async function handleSubscriptionDeleted(
                 const email = orgUserRes.user.email;
 
                 if (email) {
-                    // TODO: update user in Sendy
+                    moveEmailToAudience(email, AudienceIds.Churned);
                 }
             }
         } else if (type === "license") {

server/private/routers/orgIdp/createOrgOidcIdp.ts

@@ -52,7 +52,7 @@ registry.registerPath({
     method: "put",
     path: "/org/{orgId}/idp/oidc",
     description: "Create an OIDC IdP for a specific organization.",
-    tags: [OpenAPITags.OrgIdp],
+    tags: [OpenAPITags.Idp, OpenAPITags.Org],
     request: {
         params: paramsSchema,
         body: {

server/private/routers/orgIdp/deleteOrgIdp.ts

@@ -35,7 +35,7 @@ registry.registerPath({
     method: "delete",
     path: "/org/{orgId}/idp/{idpId}",
     description: "Delete IDP for a specific organization.",
-    tags: [OpenAPITags.OrgIdp],
+    tags: [OpenAPITags.Idp, OpenAPITags.Org],
     request: {
         params: paramsSchema
     },

server/private/routers/orgIdp/getOrgIdp.ts

@@ -50,9 +50,9 @@ async function query(idpId: number, orgId: string) {
 
 registry.registerPath({
     method: "get",
-    path: "/org/{orgId}/idp/{idpId}",
+    path: "/org/:orgId/idp/:idpId",
     description: "Get an IDP by its IDP ID for a specific organization.",
-    tags: [OpenAPITags.OrgIdp],
+    tags: [OpenAPITags.Idp, OpenAPITags.Org],
     request: {
         params: paramsSchema
     },

server/private/routers/orgIdp/listOrgIdps.ts

@@ -67,7 +67,7 @@ registry.registerPath({
     method: "get",
     path: "/org/{orgId}/idp",
     description: "List all IDP for a specific organization.",
-    tags: [OpenAPITags.OrgIdp],
+    tags: [OpenAPITags.Idp, OpenAPITags.Org],
     request: {
         query: querySchema,
         params: paramsSchema

server/private/routers/orgIdp/updateOrgOidcIdp.ts

@@ -59,7 +59,7 @@ registry.registerPath({
     method: "post",
     path: "/org/{orgId}/idp/{idpId}/oidc",
     description: "Update an OIDC IdP for a specific organization.",
-    tags: [OpenAPITags.OrgIdp],
+    tags: [OpenAPITags.Idp, OpenAPITags.Org],
     request: {
         params: paramsSchema,
         body: {

server/private/routers/resource/getMaintenanceInfo.ts

@@ -52,7 +52,7 @@ registry.registerPath({
     method: "get",
     path: "/maintenance/info",
     description: "Get maintenance information for a resource by domain.",
-    tags: [OpenAPITags.PublicResource],
+    tags: [OpenAPITags.Resource],
     request: {
         query: z.object({
             fullDomain: z.string()

server/private/routers/ssh/signSshKey.ts

@@ -29,6 +29,7 @@ import HttpCode from "@server/types/HttpCode";
 import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
+import { OpenAPITags, registry } from "@server/openApi";
 import { eq, or, and } from "drizzle-orm";
 import { canUserAccessSiteResource } from "@server/auth/canUserAccessSiteResource";
 import { signPublicKey, getOrgCAKeys } from "@server/lib/sshCA";

server/private/routers/ws/ws.ts

@@ -76,7 +76,7 @@ const processMessage = async (
             clientId,
             message.type, // Pass message type for granular limiting
             100, // max requests per window
-            100, // max requests per message type per window
+            20, // max requests per message type per window
             60 * 1000 // window in milliseconds
         );
         if (rateLimitResult.isLimited) {

server/routers/accessToken/generateAccessToken.ts

@@ -43,7 +43,7 @@ registry.registerPath({
     method: "post",
     path: "/resource/{resourceId}/access-token",
     description: "Generate a new access token for a resource.",
-    tags: [OpenAPITags.PublicResource, OpenAPITags.AccessToken],
+    tags: [OpenAPITags.Resource, OpenAPITags.AccessToken],
     request: {
         params: generateAccssTokenParamsSchema,
         body: {

server/routers/accessToken/listAccessTokens.ts

@@ -122,7 +122,7 @@ registry.registerPath({
     method: "get",
     path: "/org/{orgId}/access-tokens",
     description: "List all access tokens in an organization.",
-    tags: [OpenAPITags.AccessToken],
+    tags: [OpenAPITags.Org, OpenAPITags.AccessToken],
     request: {
         params: z.object({
             orgId: z.string()
@@ -135,8 +135,8 @@ registry.registerPath({
 registry.registerPath({
     method: "get",
     path: "/resource/{resourceId}/access-tokens",
-    description: "List all access tokens for a resource.",
-    tags: [OpenAPITags.PublicResource, OpenAPITags.AccessToken],
+    description: "List all access tokens in an organization.",
+    tags: [OpenAPITags.Resource, OpenAPITags.AccessToken],
     request: {
         params: z.object({
             resourceId: z.number()

server/routers/apiKeys/createOrgApiKey.ts

@@ -37,7 +37,7 @@ registry.registerPath({
     method: "put",
     path: "/org/{orgId}/api-key",
     description: "Create a new API key scoped to the organization.",
-    tags: [OpenAPITags.ApiKey],
+    tags: [OpenAPITags.Org, OpenAPITags.ApiKey],
     request: {
         params: paramsSchema,
         body: {

server/routers/apiKeys/deleteApiKey.ts

@@ -18,7 +18,7 @@ registry.registerPath({
     method: "delete",
     path: "/org/{orgId}/api-key/{apiKeyId}",
     description: "Delete an API key.",
-    tags: [OpenAPITags.ApiKey],
+    tags: [OpenAPITags.Org, OpenAPITags.ApiKey],
     request: {
         params: paramsSchema
     },

server/routers/apiKeys/listApiKeyActions.ts

@@ -48,7 +48,7 @@ registry.registerPath({
     method: "get",
     path: "/org/{orgId}/api-key/{apiKeyId}/actions",
     description: "List all actions set for an API key.",
-    tags: [OpenAPITags.ApiKey],
+    tags: [OpenAPITags.Org, OpenAPITags.ApiKey],
     request: {
         params: paramsSchema,
         query: querySchema

server/routers/apiKeys/listOrgApiKeys.ts

@@ -52,7 +52,7 @@ registry.registerPath({
     method: "get",
     path: "/org/{orgId}/api-keys",
     description: "List all API keys for an organization",
-    tags: [OpenAPITags.ApiKey],
+    tags: [OpenAPITags.Org, OpenAPITags.ApiKey],
     request: {
         params: paramsSchema,
         query: querySchema

server/routers/apiKeys/setApiKeyActions.ts

@@ -25,7 +25,7 @@ registry.registerPath({
     path: "/org/{orgId}/api-key/{apiKeyId}/actions",
     description:
         "Set actions for an API key. This will replace any existing actions.",
-    tags: [OpenAPITags.ApiKey],
+    tags: [OpenAPITags.Org, OpenAPITags.ApiKey],
     request: {
         params: paramsSchema,
         body: {

server/routers/auditLogs/exportRequestAuditLog.ts

@@ -20,7 +20,7 @@ registry.registerPath({
     method: "get",
     path: "/org/{orgId}/logs/request",
     description: "Query the request audit log for an organization",
-    tags: [OpenAPITags.Logs],
+    tags: [OpenAPITags.Org],
     request: {
         query: queryAccessAuditLogsQuery.omit({
             limit: true,

server/routers/auditLogs/queryRequestAnalytics.ts

@@ -151,7 +151,7 @@ registry.registerPath({
     method: "get",
     path: "/org/{orgId}/logs/analytics",
     description: "Query the request audit analytics for an organization",
-    tags: [OpenAPITags.Logs],
+    tags: [OpenAPITags.Org],
     request: {
         query: queryAccessAuditLogsQuery,
         params: queryRequestAuditLogsParams

server/routers/auditLogs/queryRequestAuditLog.ts

@@ -182,7 +182,7 @@ registry.registerPath({
     method: "get",
     path: "/org/{orgId}/logs/request",
     description: "Query the request audit log for an organization",
-    tags: [OpenAPITags.Logs],
+    tags: [OpenAPITags.Org],
     request: {
         query: queryAccessAuditLogsQuery,
         params: queryRequestAuditLogsParams

server/routers/auth/signup.ts

@@ -22,6 +22,7 @@ import { checkValidInvite } from "@server/auth/checkValidInvite";
 import { passwordSchema } from "@server/auth/passwordSchema";
 import { UserType } from "@server/types/UserTypes";
 import { build } from "@server/build";
+import resend, { AudienceIds, moveEmailToAudience } from "#dynamic/lib/resend";
 
 export const signupBodySchema = z.object({
     email: z.email().toLowerCase(),
@@ -188,7 +189,6 @@ export async function signup(
             dateCreated: moment().toISOString(),
             termsAcceptedTimestamp: termsAcceptedTimestamp || null,
             termsVersion: "1",
-            marketingEmailConsent: marketingEmailConsent ?? false,
             lastPasswordChange: new Date().getTime()
         });
 
@@ -212,7 +212,7 @@ export async function signup(
             logger.debug(
                 `User ${email} opted in to marketing emails during signup.`
             );
-            // TODO: update user in Sendy
+            moveEmailToAudience(email, AudienceIds.SignUps);
         }
 
         if (config.getRawConfig().flags?.require_email_verification) {

server/routers/blueprints/applyJSONBlueprint.ts

@@ -20,7 +20,7 @@ registry.registerPath({
     method: "put",
     path: "/org/{orgId}/blueprint",
     description: "Apply a base64 encoded JSON blueprint to an organization",
-    tags: [OpenAPITags.Blueprint],
+    tags: [OpenAPITags.Org, OpenAPITags.Blueprint],
     request: {
         params: applyBlueprintParamsSchema,
         body: {

server/routers/blueprints/applyYAMLBlueprint.ts

@@ -43,7 +43,7 @@ registry.registerPath({
     method: "put",
     path: "/org/{orgId}/blueprint",
     description: "Create and apply a YAML blueprint to an organization",
-    tags: [OpenAPITags.Blueprint],
+    tags: [OpenAPITags.Org, OpenAPITags.Blueprint],
     request: {
         params: applyBlueprintParamsSchema,
         body: {

server/routers/blueprints/getBlueprint.ts

@@ -53,7 +53,7 @@ registry.registerPath({
     method: "get",
     path: "/org/{orgId}/blueprint/{blueprintId}",
     description: "Get a blueprint by its blueprint ID.",
-    tags: [OpenAPITags.Blueprint],
+    tags: [OpenAPITags.Org, OpenAPITags.Blueprint],
     request: {
         params: getBlueprintSchema
     },

server/routers/blueprints/listBlueprints.ts

@@ -67,7 +67,7 @@ registry.registerPath({
     method: "get",
     path: "/org/{orgId}/blueprints",
     description: "List all blueprints for a organization.",
-    tags: [OpenAPITags.Blueprint],
+    tags: [OpenAPITags.Org, OpenAPITags.Blueprint],
     request: {
         params: z.object({
             orgId: z.string()

server/routers/client/createClient.ts

@@ -48,7 +48,7 @@ registry.registerPath({
     method: "put",
     path: "/org/{orgId}/client",
     description: "Create a new client for an organization.",
-    tags: [OpenAPITags.Client],
+    tags: [OpenAPITags.Client, OpenAPITags.Org],
     request: {
         params: createClientParamsSchema,
         body: {

server/routers/client/createUserClient.ts

@@ -49,7 +49,7 @@ registry.registerPath({
     path: "/org/{orgId}/user/{userId}/client",
     description:
         "Create a new client for a user and associate it with an existing olm.",
-    tags: [OpenAPITags.Client],
+    tags: [OpenAPITags.Client, OpenAPITags.Org, OpenAPITags.User],
     request: {
         params: paramsSchema,
         body: {

server/routers/client/getClient.ts

@@ -243,7 +243,7 @@ registry.registerPath({
     path: "/org/{orgId}/client/{niceId}",
     description:
         "Get a client by orgId and niceId. NiceId is a readable ID for the site and unique on a per org basis.",
-    tags: [OpenAPITags.Site],
+    tags: [OpenAPITags.Org, OpenAPITags.Site],
     request: {
         params: z.object({
             orgId: z.string(),

server/routers/client/listClients.ts

@@ -119,12 +119,12 @@ const listClientsSchema = z.object({
         }),
     query: z.string().optional(),
     sort_by: z
-        .enum(["name", "megabytesIn", "megabytesOut"])
+        .enum(["megabytesIn", "megabytesOut"])
         .optional()
         .catch(undefined)
         .openapi({
             type: "string",
-            enum: ["name", "megabytesIn", "megabytesOut"],
+            enum: ["megabytesIn", "megabytesOut"],
             description: "Field to sort by"
         }),
     order: z
@@ -237,7 +237,7 @@ registry.registerPath({
     method: "get",
     path: "/org/{orgId}/clients",
     description: "List all clients for an organization.",
-    tags: [OpenAPITags.Client],
+    tags: [OpenAPITags.Client, OpenAPITags.Org],
     request: {
         query: listClientsSchema,
         params: listClientsParamsSchema
@@ -363,14 +363,14 @@ export async function listClients(
         const countQuery = db.$count(baseQuery.as("filtered_clients"));
 
         const listMachinesQuery = baseQuery
-            .limit(pageSize)
+            .limit(page)
             .offset(pageSize * (page - 1))
             .orderBy(
                 sort_by
                     ? order === "asc"
                         ? asc(clients[sort_by])
                         : desc(clients[sort_by])
-                    : asc(clients.name)
+                    : asc(clients.clientId)
             );
 
         const [clientsList, totalCount] = await Promise.all([

server/routers/client/listUserDevices.ts

@@ -256,7 +256,7 @@ registry.registerPath({
     method: "get",
     path: "/org/{orgId}/user-devices",
     description: "List all user devices for an organization.",
-    tags: [OpenAPITags.Client],
+    tags: [OpenAPITags.Client, OpenAPITags.Org],
     request: {
         query: listUserDevicesSchema,
         params: listUserDevicesParamsSchema

server/routers/client/pickClientDefaults.ts

@@ -23,7 +23,7 @@ registry.registerPath({
     method: "get",
     path: "/org/{orgId}/pick-client-defaults",
     description: "Return pre-requisite data for creating a client.",
-    tags: [OpenAPITags.Client],
+    tags: [OpenAPITags.Client, OpenAPITags.Site],
     request: {
         params: pickClientDefaultsSchema
     },

server/routers/domain/listDomains.ts

@@ -59,7 +59,7 @@ registry.registerPath({
     method: "get",
     path: "/org/{orgId}/domains",
     description: "List all domains for a organization.",
-    tags: [OpenAPITags.Domain],
+    tags: [OpenAPITags.Org],
     request: {
         params: z.object({
             orgId: z.string()

server/routers/idp/createIdpOrgPolicy.ts

@@ -27,7 +27,7 @@ registry.registerPath({
     method: "put",
     path: "/idp/{idpId}/org/{orgId}",
     description: "Create an IDP policy for an existing IDP on an organization.",
-    tags: [OpenAPITags.GlobalIdp],
+    tags: [OpenAPITags.Idp],
     request: {
         params: paramsSchema,
         body: {

server/routers/idp/createOidcIdp.ts

@@ -37,7 +37,7 @@ registry.registerPath({
     method: "put",
     path: "/idp/oidc",
     description: "Create an OIDC IdP.",
-    tags: [OpenAPITags.GlobalIdp],
+    tags: [OpenAPITags.Idp],
     request: {
         body: {
             content: {

server/routers/idp/deleteIdp.ts

@@ -21,7 +21,7 @@ registry.registerPath({
     method: "delete",
     path: "/idp/{idpId}",
     description: "Delete IDP.",
-    tags: [OpenAPITags.GlobalIdp],
+    tags: [OpenAPITags.Idp],
     request: {
         params: paramsSchema
     },

server/routers/idp/deleteIdpOrgPolicy.ts

@@ -19,7 +19,7 @@ registry.registerPath({
     method: "delete",
     path: "/idp/{idpId}/org/{orgId}",
     description: "Create an OIDC IdP for an organization.",
-    tags: [OpenAPITags.GlobalIdp],
+    tags: [OpenAPITags.Idp],
     request: {
         params: paramsSchema
     },

server/routers/idp/getIdp.ts

@@ -34,7 +34,7 @@ registry.registerPath({
     method: "get",
     path: "/idp/{idpId}",
     description: "Get an IDP by its IDP ID.",
-    tags: [OpenAPITags.GlobalIdp],
+    tags: [OpenAPITags.Idp],
     request: {
         params: paramsSchema
     },

server/routers/idp/listIdpOrgPolicies.ts

@@ -48,7 +48,7 @@ registry.registerPath({
     method: "get",
     path: "/idp/{idpId}/org",
     description: "List all org policies on an IDP.",
-    tags: [OpenAPITags.GlobalIdp],
+    tags: [OpenAPITags.Idp],
     request: {
         params: paramsSchema,
         query: querySchema

server/routers/idp/listIdps.ts

@@ -58,7 +58,7 @@ registry.registerPath({
     method: "get",
     path: "/idp",
     description: "List all IDP in the system.",
-    tags: [OpenAPITags.GlobalIdp],
+    tags: [OpenAPITags.Idp],
     request: {
         query: querySchema
     },

server/routers/idp/updateIdpOrgPolicy.ts

@@ -26,7 +26,7 @@ registry.registerPath({
     method: "post",
     path: "/idp/{idpId}/org/{orgId}",
     description: "Update an IDP org policy.",
-    tags: [OpenAPITags.GlobalIdp],
+    tags: [OpenAPITags.Idp],
     request: {
         params: paramsSchema,
         body: {

server/routers/idp/updateOidcIdp.ts

@@ -42,7 +42,7 @@ registry.registerPath({
     method: "post",
     path: "/idp/{idpId}/oidc",
     description: "Update an OIDC IdP.",
-    tags: [OpenAPITags.GlobalIdp],
+    tags: [OpenAPITags.Idp],
     request: {
         params: paramsSchema,
         body: {

server/routers/integration.ts

@@ -27,8 +27,7 @@ import {
     verifyApiKeyClientAccess,
     verifyApiKeySiteResourceAccess,
     verifyApiKeySetResourceClients,
-    verifyLimits,
-    verifyApiKeyDomainAccess
+    verifyLimits
 } from "@server/middlewares";
 import HttpCode from "@server/types/HttpCode";
 import { Router } from "express";
@@ -348,56 +347,6 @@ authenticated.get(
     domain.listDomains
 );
 
-authenticated.get(
-    "/org/:orgId/domain/:domainId",
-    verifyApiKeyOrgAccess,
-    verifyApiKeyDomainAccess,
-    verifyApiKeyHasAction(ActionsEnum.getDomain),
-    domain.getDomain
-);
-
-authenticated.put(
-    "/org/:orgId/domain",
-    verifyApiKeyOrgAccess,
-    verifyApiKeyHasAction(ActionsEnum.createOrgDomain),
-    logActionAudit(ActionsEnum.createOrgDomain),
-    domain.createOrgDomain
-);
-
-authenticated.patch(
-    "/org/:orgId/domain/:domainId",
-    verifyApiKeyOrgAccess,
-    verifyApiKeyDomainAccess,
-    verifyApiKeyHasAction(ActionsEnum.updateOrgDomain),
-    domain.updateOrgDomain
-);
-
-authenticated.delete(
-    "/org/:orgId/domain/:domainId",
-    verifyApiKeyOrgAccess,
-    verifyApiKeyDomainAccess,
-    verifyApiKeyHasAction(ActionsEnum.deleteOrgDomain),
-    logActionAudit(ActionsEnum.deleteOrgDomain),
-    domain.deleteAccountDomain
-);
-
-authenticated.get(
-    "/org/:orgId/domain/:domainId/dns-records",
-    verifyApiKeyOrgAccess,
-    verifyApiKeyDomainAccess,
-    verifyApiKeyHasAction(ActionsEnum.getDNSRecords),
-    domain.getDNSRecords
-);
-
-authenticated.post(
-    "/org/:orgId/domain/:domainId/restart",
-    verifyApiKeyOrgAccess,
-    verifyApiKeyDomainAccess,
-    verifyApiKeyHasAction(ActionsEnum.restartOrgDomain),
-    logActionAudit(ActionsEnum.restartOrgDomain),
-    domain.restartOrgDomain
-);
-
 authenticated.get(
     "/org/:orgId/invitations",
     verifyApiKeyOrgAccess,

server/routers/newt/buildConfiguration.ts

@@ -230,7 +230,7 @@ export async function buildTargetConfigurationForNewtClient(siteId: number) {
             !target.hcMethod
         ) {
             logger.debug(
-                `Skipping adding target health check ${target.targetId} due to missing health check fields`
+                `Skipping target ${target.targetId} due to missing health check fields`
             );
             return null; // Skip targets with missing health check fields
         }

server/routers/olm/handleOlmRegisterMessage.ts

@@ -265,14 +265,12 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => {
         return;
     }
 
-    // // NOTE: its important that the client here is the old client and the public key is the new key
-    // const siteConfigurations = await buildSiteConfigurationForOlmClient(
-    //     client,
-    //     publicKey,
-    //     relay
-    // );
-
-    const siteConfigurations: any = [];
+    // NOTE: its important that the client here is the old client and the public key is the new key
+    const siteConfigurations = await buildSiteConfigurationForOlmClient(
+        client,
+        publicKey,
+        relay
+    );
 
     // REMOVED THIS SO IT CREATES THE INTERFACE AND JUST WAITS FOR THE SITES
     // if (siteConfigurations.length === 0) {

server/routers/olm/handleOlmRelayMessage.ts

@@ -18,7 +18,7 @@ export const handleOlmRelayMessage: MessageHandler = async (context) => {
     }
 
     if (!olm.clientId) {
-        logger.warn("Olm has no client!");
+        logger.warn("Olm has no site!"); // TODO: Maybe we create the site here?
         return;
     }
 
@@ -41,7 +41,7 @@ export const handleOlmRelayMessage: MessageHandler = async (context) => {
         return;
     }
 
-    const { siteId, chainId } = message.data;
+    const { siteId } = message.data;
 
     // Get the site
     const [site] = await db
@@ -90,8 +90,7 @@ export const handleOlmRelayMessage: MessageHandler = async (context) => {
             data: {
                 siteId: siteId,
                 relayEndpoint: exitNode.endpoint,
-                relayPort: config.getRawConfig().gerbil.clients_start_port,
-                chainId
+                relayPort: config.getRawConfig().gerbil.clients_start_port
             }
         },
         broadcast: false,

server/routers/olm/handleOlmServerInitAddPeerHandshake.ts

@@ -1,241 +0,0 @@
-import {
-    clientSiteResourcesAssociationsCache,
-    clientSitesAssociationsCache,
-    db,
-    exitNodes,
-    Site,
-    siteResources
-} from "@server/db";
-import { MessageHandler } from "@server/routers/ws";
-import { clients, Olm, sites } from "@server/db";
-import { and, eq, or } from "drizzle-orm";
-import logger from "@server/logger";
-import { initPeerAddHandshake } from "./peers";
-
-export const handleOlmServerInitAddPeerHandshake: MessageHandler = async (
-    context
-) => {
-    logger.info("Handling register olm message!");
-    const { message, client: c, sendToClient } = context;
-    const olm = c as Olm;
-
-    if (!olm) {
-        logger.warn("Olm not found");
-        return;
-    }
-
-    if (!olm.clientId) {
-        logger.warn("Olm has no client!"); // TODO: Maybe we create the site here?
-        return;
-    }
-
-    const clientId = olm.clientId;
-
-    const [client] = await db
-        .select()
-        .from(clients)
-        .where(eq(clients.clientId, clientId))
-        .limit(1);
-
-    if (!client) {
-        logger.warn("Client not found");
-        return;
-    }
-
-    const { siteId, resourceId, chainId } = message.data;
-
-    let site: Site | null = null;
-    if (siteId) {
-        // get the site
-        const [siteRes] = await db
-            .select()
-            .from(sites)
-            .where(eq(sites.siteId, siteId))
-            .limit(1);
-        if (siteRes) {
-            site = siteRes;
-        }
-    }
-
-    if (resourceId && !site) {
-        const resources = await db
-            .select()
-            .from(siteResources)
-            .where(
-                and(
-                    or(
-                        eq(siteResources.niceId, resourceId),
-                        eq(siteResources.alias, resourceId)
-                    ),
-                    eq(siteResources.orgId, client.orgId)
-                )
-            );
-
-        if (!resources || resources.length === 0) {
-            logger.error(`handleOlmServerPeerAddMessage: Resource not found`);
-            // cancel the request from the olm side to not keep doing this
-            await sendToClient(
-                olm.olmId,
-                {
-                    type: "olm/wg/peer/chain/cancel",
-                    data: {
-                        chainId
-                    }
-                },
-                { incrementConfigVersion: false }
-            ).catch((error) => {
-                logger.warn(`Error sending message:`, error);
-            });
-            return;
-        }
-
-        if (resources.length > 1) {
-            // error but this should not happen because the nice id cant contain a dot and the alias has to have a dot and both have to be unique within the org so there should never be multiple matches
-            logger.error(
-                `handleOlmServerPeerAddMessage: Multiple resources found matching the criteria`
-            );
-            return;
-        }
-
-        const resource = resources[0];
-
-        const currentResourceAssociationCaches = await db
-            .select()
-            .from(clientSiteResourcesAssociationsCache)
-            .where(
-                and(
-                    eq(
-                        clientSiteResourcesAssociationsCache.siteResourceId,
-                        resource.siteResourceId
-                    ),
-                    eq(
-                        clientSiteResourcesAssociationsCache.clientId,
-                        client.clientId
-                    )
-                )
-            );
-
-        if (currentResourceAssociationCaches.length === 0) {
-            logger.error(
-                `handleOlmServerPeerAddMessage: Client ${client.clientId} does not have access to resource ${resource.siteResourceId}`
-            );
-            // cancel the request from the olm side to not keep doing this
-            await sendToClient(
-                olm.olmId,
-                {
-                    type: "olm/wg/peer/chain/cancel",
-                    data: {
-                        chainId
-                    }
-                },
-                { incrementConfigVersion: false }
-            ).catch((error) => {
-                logger.warn(`Error sending message:`, error);
-            });
-            return;
-        }
-
-        const siteIdFromResource = resource.siteId;
-
-        // get the site
-        const [siteRes] = await db
-            .select()
-            .from(sites)
-            .where(eq(sites.siteId, siteIdFromResource));
-        if (!siteRes) {
-            logger.error(
-                `handleOlmServerPeerAddMessage: Site with ID ${site} not found`
-            );
-            return;
-        }
-
-        site = siteRes;
-    }
-
-    if (!site) {
-        logger.error(`handleOlmServerPeerAddMessage: Site not found`);
-        return;
-    }
-
-    // check if the client can access this site using the cache
-    const currentSiteAssociationCaches = await db
-        .select()
-        .from(clientSitesAssociationsCache)
-        .where(
-            and(
-                eq(clientSitesAssociationsCache.clientId, client.clientId),
-                eq(clientSitesAssociationsCache.siteId, site.siteId)
-            )
-        );
-
-    if (currentSiteAssociationCaches.length === 0) {
-        logger.error(
-            `handleOlmServerPeerAddMessage: Client ${client.clientId} does not have access to site ${site.siteId}`
-        );
-        // cancel the request from the olm side to not keep doing this
-        await sendToClient(
-            olm.olmId,
-            {
-                type: "olm/wg/peer/chain/cancel",
-                data: {
-                    chainId
-                }
-            },
-            { incrementConfigVersion: false }
-        ).catch((error) => {
-            logger.warn(`Error sending message:`, error);
-        });
-        return;
-    }
-
-    if (!site.exitNodeId) {
-        logger.error(
-            `handleOlmServerPeerAddMessage: Site with ID ${site.siteId} has no exit node`
-        );
-        // cancel the request from the olm side to not keep doing this
-        await sendToClient(
-            olm.olmId,
-            {
-                type: "olm/wg/peer/chain/cancel",
-                data: {
-                    chainId
-                }
-            },
-            { incrementConfigVersion: false }
-        ).catch((error) => {
-            logger.warn(`Error sending message:`, error);
-        });
-        return;
-    }
-
-    // get the exit node from the side
-    const [exitNode] = await db
-        .select()
-        .from(exitNodes)
-        .where(eq(exitNodes.exitNodeId, site.exitNodeId));
-
-    if (!exitNode) {
-        logger.error(
-            `handleOlmServerPeerAddMessage: Site with ID ${site.siteId} has no exit node`
-        );
-        return;
-    }
-
-    // also trigger the peer add handshake in case the peer was not already added to the olm and we need to hole punch
-    // if it has already been added this will be a no-op
-    await initPeerAddHandshake(
-        // this will kick off the add peer process for the client
-        client.clientId,
-        {
-            siteId: site.siteId,
-            exitNode: {
-                publicKey: exitNode.publicKey,
-                endpoint: exitNode.endpoint
-            }
-        },
-        olm.olmId,
-        chainId
-    );
-
-    return;
-};

server/routers/olm/handleOlmServerPeerAddMessage.ts

@@ -54,7 +54,7 @@ export const handleOlmServerPeerAddMessage: MessageHandler = async (
         return;
     }
 
-    const { siteId, chainId } = message.data;
+    const { siteId } = message.data;
 
     // get the site
     const [site] = await db
@@ -179,8 +179,7 @@ export const handleOlmServerPeerAddMessage: MessageHandler = async (
                 ),
                 aliases: generateAliasConfig(
                     allSiteResources.map(({ siteResources }) => siteResources)
-                ),
-                chainId: chainId,
+                )
             }
         },
         broadcast: false,

server/routers/olm/handleOlmUnRelayMessage.ts

@@ -17,7 +17,7 @@ export const handleOlmUnRelayMessage: MessageHandler = async (context) => {
     }
 
     if (!olm.clientId) {
-        logger.warn("Olm has no client!");
+        logger.warn("Olm has no site!"); // TODO: Maybe we create the site here?
         return;
     }
 
@@ -40,7 +40,7 @@ export const handleOlmUnRelayMessage: MessageHandler = async (context) => {
         return;
     }
 
-    const { siteId, chainId } = message.data;
+    const { siteId } = message.data;
 
     // Get the site
     const [site] = await db
@@ -87,8 +87,7 @@ export const handleOlmUnRelayMessage: MessageHandler = async (context) => {
             type: "olm/wg/peer/unrelay",
             data: {
                 siteId: siteId,
-                endpoint: site.endpoint,
-                chainId
+                endpoint: site.endpoint
             }
         },
         broadcast: false,

server/routers/olm/index.ts

@@ -11,4 +11,3 @@ export * from "./handleOlmServerPeerAddMessage";
 export * from "./handleOlmUnRelayMessage";
 export * from "./recoverOlmWithFingerprint";
 export * from "./handleOlmDisconnectingMessage";
-export * from "./handleOlmServerInitAddPeerHandshake";

server/routers/olm/peers.ts

@@ -149,8 +149,7 @@ export async function initPeerAddHandshake(
             endpoint: string;
         };
     },
-    olmId?: string,
-    chainId?: string,
+    olmId?: string
 ) {
     if (!olmId) {
         const [olm] = await db
@@ -174,8 +173,7 @@ export async function initPeerAddHandshake(
                     publicKey: peer.exitNode.publicKey,
                     relayPort: config.getRawConfig().gerbil.clients_start_port,
                     endpoint: peer.exitNode.endpoint
-                },
-                chainId,
+                }
             }
         },
         { incrementConfigVersion: true }

server/routers/resource/addEmailToResourceWhitelist.ts

@@ -29,7 +29,7 @@ registry.registerPath({
     method: "post",
     path: "/resource/{resourceId}/whitelist/add",
     description: "Add a single email to the resource whitelist.",
-    tags: [OpenAPITags.PublicResource],
+    tags: [OpenAPITags.Resource],
     request: {
         params: addEmailToResourceWhitelistParamsSchema,
         body: {

server/routers/resource/addRoleToResource.ts

@@ -29,7 +29,7 @@ registry.registerPath({
     method: "post",
     path: "/resource/{resourceId}/roles/add",
     description: "Add a single role to a resource.",
-    tags: [OpenAPITags.PublicResource, OpenAPITags.Role],
+    tags: [OpenAPITags.Resource, OpenAPITags.Role],
     request: {
         params: addRoleToResourceParamsSchema,
         body: {

server/routers/resource/addUserToResource.ts

@@ -29,7 +29,7 @@ registry.registerPath({
     method: "post",
     path: "/resource/{resourceId}/users/add",
     description: "Add a single user to a resource.",
-    tags: [OpenAPITags.PublicResource, OpenAPITags.User],
+    tags: [OpenAPITags.Resource, OpenAPITags.User],
     request: {
         params: addUserToResourceParamsSchema,
         body: {

server/routers/resource/createResource.ts

@@ -79,7 +79,7 @@ registry.registerPath({
     method: "put",
     path: "/org/{orgId}/resource",
     description: "Create a resource.",
-    tags: [OpenAPITags.PublicResource],
+    tags: [OpenAPITags.Org, OpenAPITags.Resource],
     request: {
         params: createResourceParamsSchema,
         body: {

server/routers/resource/createResourceRule.ts

@@ -31,7 +31,7 @@ registry.registerPath({
     method: "put",
     path: "/resource/{resourceId}/rule",
     description: "Create a resource rule.",
-    tags: [OpenAPITags.PublicResource, OpenAPITags.Rule],
+    tags: [OpenAPITags.Resource, OpenAPITags.Rule],
     request: {
         params: createResourceRuleParamsSchema,
         body: {

server/routers/resource/deleteResource.ts

@@ -22,7 +22,7 @@ registry.registerPath({
     method: "delete",
     path: "/resource/{resourceId}",
     description: "Delete a resource.",
-    tags: [OpenAPITags.PublicResource],
+    tags: [OpenAPITags.Resource],
     request: {
         params: deleteResourceSchema
     },

server/routers/resource/deleteResourceRule.ts

@@ -19,7 +19,7 @@ registry.registerPath({
     method: "delete",
     path: "/resource/{resourceId}/rule/{ruleId}",
     description: "Delete a resource rule.",
-    tags: [OpenAPITags.PublicResource, OpenAPITags.Rule],
+    tags: [OpenAPITags.Resource, OpenAPITags.Rule],
     request: {
         params: deleteResourceRuleSchema
     },

server/routers/resource/getResource.ts

@@ -54,7 +54,7 @@ registry.registerPath({
     path: "/org/{orgId}/resource/{niceId}",
     description:
         "Get a resource by orgId and niceId. NiceId is a readable ID for the resource and unique on a per org basis.",
-    tags: [OpenAPITags.PublicResource],
+    tags: [OpenAPITags.Org, OpenAPITags.Resource],
     request: {
         params: z.object({
             orgId: z.string(),
@@ -68,7 +68,7 @@ registry.registerPath({
     method: "get",
     path: "/resource/{resourceId}",
     description: "Get a resource by resourceId.",
-    tags: [OpenAPITags.PublicResource],
+    tags: [OpenAPITags.Resource],
     request: {
         params: z.object({
             resourceId: z.number()

server/routers/resource/getResourceWhitelist.ts

@@ -31,7 +31,7 @@ registry.registerPath({
     method: "get",
     path: "/resource/{resourceId}/whitelist",
     description: "Get the whitelist of emails for a specific resource.",
-    tags: [OpenAPITags.PublicResource],
+    tags: [OpenAPITags.Resource],
     request: {
         params: getResourceWhitelistSchema
     },

server/routers/resource/listAllResourceNames.ts

@@ -33,7 +33,7 @@ registry.registerPath({
     method: "get",
     path: "/org/{orgId}/resources-names",
     description: "List all resource names for an organization.",
-    tags: [OpenAPITags.PublicResource],
+    tags: [OpenAPITags.Org, OpenAPITags.Resource],
     request: {
         params: z.object({
             orgId: z.string()

server/routers/resource/listResourceRoles.ts

@@ -35,7 +35,7 @@ registry.registerPath({
     method: "get",
     path: "/resource/{resourceId}/roles",
     description: "List all roles for a resource.",
-    tags: [OpenAPITags.PublicResource, OpenAPITags.Role],
+    tags: [OpenAPITags.Resource, OpenAPITags.Role],
     request: {
         params: listResourceRolesSchema
     },

server/routers/resource/listResourceRules.ts

@@ -56,7 +56,7 @@ registry.registerPath({
     method: "get",
     path: "/resource/{resourceId}/rules",
     description: "List rules for a resource.",
-    tags: [OpenAPITags.PublicResource, OpenAPITags.Rule],
+    tags: [OpenAPITags.Resource, OpenAPITags.Rule],
     request: {
         params: listResourceRulesParamsSchema,
         query: listResourceRulesSchema

server/routers/resource/listResourceUsers.ts

@@ -38,7 +38,7 @@ registry.registerPath({
     method: "get",
     path: "/resource/{resourceId}/users",
     description: "List all users for a resource.",
-    tags: [OpenAPITags.PublicResource, OpenAPITags.User],
+    tags: [OpenAPITags.Resource, OpenAPITags.User],
     request: {
         params: listResourceUsersSchema
     },

server/routers/resource/listResources.ts

@@ -19,7 +19,6 @@ import {
     and,
     asc,
     count,
-    desc,
     eq,
     inArray,
     isNull,
@@ -64,26 +63,6 @@ const listResourcesSchema = z.object({
             description: "Page number to retrieve"
         }),
     query: z.string().optional(),
-    sort_by: z
-        .enum(["name"])
-        .optional()
-        .catch(undefined)
-        .openapi({
-            type: "string",
-            enum: ["name"],
-            description: "Field to sort by"
-        }),
-    order: z
-        .enum(["asc", "desc"])
-        .optional()
-        .default("asc")
-        .catch("asc")
-        .openapi({
-            type: "string",
-            enum: ["asc", "desc"],
-            default: "asc",
-            description: "Sort order"
-        }),
     enabled: z
         .enum(["true", "false"])
         .transform((v) => v === "true")
@@ -225,7 +204,7 @@ registry.registerPath({
     method: "get",
     path: "/org/{orgId}/resources",
     description: "List resources for an organization.",
-    tags: [OpenAPITags.PublicResource],
+    tags: [OpenAPITags.Org, OpenAPITags.Resource],
     request: {
         params: z.object({
             orgId: z.string()
@@ -250,16 +229,8 @@ export async function listResources(
                 )
             );
         }
-        const {
-            page,
-            pageSize,
-            authState,
-            enabled,
-            query,
-            healthStatus,
-            sort_by,
-            order
-        } = parsedQuery.data;
+        const { page, pageSize, authState, enabled, query, healthStatus } =
+            parsedQuery.data;
 
         const parsedParams = listResourcesParamsSchema.safeParse(req.params);
         if (!parsedParams.success) {
@@ -424,13 +395,7 @@ export async function listResources(
             baseQuery
                 .limit(pageSize)
                 .offset(pageSize * (page - 1))
-                .orderBy(
-                    sort_by
-                        ? order === "asc"
-                            ? asc(resources[sort_by])
-                            : desc(resources[sort_by])
-                        : asc(resources.name)
-                ),
+                .orderBy(asc(resources.resourceId)),
             countQuery
         ]);