mirror of
https://github.com/fosrl/pangolin.git
synced 2026-07-13 17:29:54 +00:00
Compare commits
15 Commits
provisioni
...
dependabot
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
1f9f1ce610 | ||
|
|
e5398d441e | ||
|
|
d38f9ac2bb | ||
|
|
d4138e2141 | ||
|
|
09d5d9082e | ||
|
|
5cb316f4e9 | ||
|
|
6b6c9cf4d8 | ||
|
|
05617c63c0 | ||
|
|
d4c52bbf2f | ||
|
|
87f50bf0cc | ||
|
|
2c66da1b19 | ||
|
|
ab19955502 | ||
|
|
1db9dcec81 | ||
|
|
49c2d3163e | ||
|
|
45b9e13a13 |
10
.github/workflows/cicd.yml
vendored
10
.github/workflows/cicd.yml
vendored
@@ -77,7 +77,7 @@ jobs:
|
||||
fi
|
||||
|
||||
- name: Log in to Docker Hub
|
||||
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
|
||||
uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4.4.0
|
||||
with:
|
||||
registry: docker.io
|
||||
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
||||
@@ -149,7 +149,7 @@ jobs:
|
||||
fi
|
||||
|
||||
- name: Log in to Docker Hub
|
||||
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
|
||||
uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4.4.0
|
||||
with:
|
||||
registry: docker.io
|
||||
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
||||
@@ -204,7 +204,7 @@ jobs:
|
||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||
|
||||
- name: Log in to Docker Hub
|
||||
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
|
||||
uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4.4.0
|
||||
with:
|
||||
registry: docker.io
|
||||
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
||||
@@ -264,7 +264,7 @@ jobs:
|
||||
shell: bash
|
||||
|
||||
- name: Install Go
|
||||
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
|
||||
uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0
|
||||
with:
|
||||
go-version: 1.25
|
||||
|
||||
@@ -407,7 +407,7 @@ jobs:
|
||||
shell: bash
|
||||
|
||||
- name: Login to GitHub Container Registry (for cosign)
|
||||
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
|
||||
uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4.4.0
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
|
||||
2
.github/workflows/stale-bot.yml
vendored
2
.github/workflows/stale-bot.yml
vendored
@@ -14,7 +14,7 @@ jobs:
|
||||
stale:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/stale@eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899 # v10.3.0
|
||||
- uses: actions/stale@1e223db275d687790206a7acac4d1a11bd6fe629 # v10.4.0
|
||||
with:
|
||||
days-before-stale: 14
|
||||
days-before-close: 14
|
||||
|
||||
42
README.md
42
README.md
@@ -41,7 +41,7 @@
|
||||
</strong>
|
||||
</p>
|
||||
|
||||
Pangolin is an open-source, identity-based remote access platform built on WireGuard® that enables secure, seamless connectivity to private and public resources. Pangolin combines reverse proxy and VPN capabilities into one platform, providing browser-based access to web applications and client-based access to any private resources with NAT traversal, all with granular access controls.
|
||||
Pangolin is an open-source, identity-based remote access platform built on WireGuard® that enables secure connectivity to infrastructure anywhere. It combines reverse-proxy and VPN capabilities into one platform, providing browser-based access to web applications and client-based access to private resources with NAT traversal, all with granular access control.
|
||||
|
||||
## Installation
|
||||
|
||||
@@ -63,11 +63,26 @@ Pangolin is an open-source, identity-based remote access platform built on WireG
|
||||
|
||||
Pangolin's site connectors provide gateways into networks so you can access any networked resources. Sites use outbound tunnels and intelligent NAT traversal to make networks behind restrictive firewalls available for authorized access without public IPs or open ports. Easily deploy a site as a binary or container on any platform.
|
||||
|
||||
* Lightweight user-space connector runs anywhere
|
||||
* Punches through any firewall
|
||||
* Doesn't require open ports or a public IP
|
||||
* Strict network segmentation
|
||||
* WireGuard-based
|
||||
* Get alerts when a device or network resource goes down
|
||||
|
||||
<img src="public/screenshots/sites.png" alt="Sites" width="100%" />
|
||||
|
||||
### Browser-based reverse proxy access
|
||||
|
||||
Expose web applications through identity and context-aware tunneled reverse proxies. Users access applications through any web browser with authentication and granular access control without installing a client. Pangolin handles routing, load balancing, health checking, and automatic SSL certificates without exposing your network directly to the internet.
|
||||
Expose HTTPS web applications and connect to VNC, RDP, and SSH entirely in the browser through identity and context-aware tunneled reverse proxies. Users access resources with authentication and granular access control without installing a client. Pangolin handles routing, load balancing, health checking, and automatic SSL certificates without exposing your network directly to the internet.
|
||||
|
||||
* Expose a web panel anywhere
|
||||
* Access via any web browser
|
||||
* Single sign-on across all resources
|
||||
* HTTPS resources
|
||||
* Remote desktop in the browser with VNC and RDP
|
||||
* In-browser SSH terminal with privileged access management (PAM)
|
||||
* PIN codes, passcodes, email OTP, geoblocking, allow-lists, and more
|
||||
|
||||
<img src="public/clip.gif" alt="Reverse proxy access" width="100%" />
|
||||
|
||||
@@ -75,14 +90,35 @@ Expose web applications through identity and context-aware tunneled reverse prox
|
||||
|
||||
Access private resources like SSH servers, databases, RDP, and entire network ranges through Pangolin clients. Intelligent NAT traversal enables connections even through restrictive firewalls, while DNS aliases provide friendly names and fast connections to resources across all your sites. Add redundancy by routing traffic through multiple connectors in your network.
|
||||
|
||||
* Peer-to-peer with intelligent NAT traversal
|
||||
* Hosts/IPs and port ranges
|
||||
* Network ranges/CIDRs
|
||||
* Friendly DNS aliases for network addresses
|
||||
* Privileged access management (PAM) with SSH resources
|
||||
* Private HTTPS resources only accessible on the private network
|
||||
|
||||
<img src="public/screenshots/private-resources.png" alt="Private resources" width="100%" />
|
||||
|
||||
### Give users and roles access to resources
|
||||
|
||||
Use Pangolin's built in users or bring your own identity provider and set up role based access control (RBAC). Grant users access to specific resources, not entire networks. Unlike traditional VPNs that expose full network access, Pangolin's zero-trust model ensures users can only reach the applications, services, and routes you explicitly define.
|
||||
Use Pangolin's built-in users or bring your own identity provider and set up role-based access control (RBAC). Grant users access to specific resources, not entire networks. Unlike traditional VPNs that expose full network access, Pangolin's zero-trust model ensures users can only reach the applications, services, and routes you explicitly define.
|
||||
|
||||
* Bring your existing identity provider (IdP) or use Pangolin identities
|
||||
* Sync users and roles from your IdP
|
||||
* User- and role-based access control
|
||||
* Full network audit and access logs
|
||||
|
||||
<img src="public/screenshots/users.png" alt="Users from identity provider with roles" width="100%" />
|
||||
|
||||
### Find and launch resources from a personalized home page
|
||||
|
||||
Give users a landing page to quickly find and open the resources they can access. Resources are grouped by site or label, searchable, and filterable, with grid or list views. Saved views capture filters, grouping, and layout as personal or organization-wide defaults.
|
||||
|
||||
* Single place for admins and non-admins to see accessible resources
|
||||
* Create reusable views for common access patterns
|
||||
|
||||
<img src="public/screenshots/resource-launcher.png" alt="Resource Launcher" width="100%" />
|
||||
|
||||
## Download Clients
|
||||
|
||||
Download the Pangolin client for your platform:
|
||||
|
||||
@@ -41,7 +41,7 @@ services:
|
||||
- 80:80 # Port for traefik because of the network_mode
|
||||
|
||||
traefik:
|
||||
image: traefik:v3.6
|
||||
image: traefik:v3.7
|
||||
container_name: traefik
|
||||
restart: unless-stopped
|
||||
network_mode: service:gerbil # Ports appear on the gerbil service
|
||||
|
||||
@@ -50,7 +50,7 @@ services:
|
||||
- 80:80{{end}}
|
||||
|
||||
traefik:
|
||||
image: docker.io/traefik:v3.6
|
||||
image: docker.io/traefik:v3.7
|
||||
container_name: traefik
|
||||
restart: unless-stopped
|
||||
{{if .InstallGerbil}}network_mode: service:gerbil # Ports appear on the gerbil service{{end}}{{if not .InstallGerbil}}
|
||||
|
||||
@@ -449,14 +449,8 @@
|
||||
"provisioningManage": "Provisioning",
|
||||
"provisioningDescription": "Manage provisioning keys and review pending sites awaiting approval.",
|
||||
"pendingSites": "Pending Sites",
|
||||
"siteApproveSuccess": "Site and associated resources approved successfully",
|
||||
"siteApproveSuccess": "Site approved successfully",
|
||||
"siteApproveError": "Error approving site",
|
||||
"siteReject": "Reject Site",
|
||||
"siteQuestionReject": "Are you sure you want to reject this site?",
|
||||
"siteMessageReject": "This will permanently delete the site and any associated resources that are still pending.",
|
||||
"siteConfirmReject": "Confirm Reject Site",
|
||||
"siteRejectSuccess": "Site rejected successfully",
|
||||
"siteRejectError": "Error rejecting site",
|
||||
"provisioningKeys": "Provisioning Keys",
|
||||
"searchProvisioningKeys": "Search provisioning keys...",
|
||||
"provisioningKeysAdd": "Generate Provisioning Key",
|
||||
@@ -1426,8 +1420,6 @@
|
||||
"setupTokenDescription": "Enter the setup token from the server console.",
|
||||
"setupTokenRequired": "Setup token is required",
|
||||
"actionUpdateSite": "Update Site",
|
||||
"actionApproveSite": "Approve Site",
|
||||
"actionRejectSite": "Reject Site",
|
||||
"actionResetSiteBandwidth": "Reset Organization Bandwidth",
|
||||
"actionListSiteRoles": "List Allowed Site Roles",
|
||||
"actionCreateResource": "Create Resource",
|
||||
|
||||
BIN
public/screenshots/resource-launcher.png
Normal file
BIN
public/screenshots/resource-launcher.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 556 KiB |
@@ -21,7 +21,6 @@ export enum ActionsEnum {
|
||||
getSite = "getSite",
|
||||
listSites = "listSites",
|
||||
updateSite = "updateSite",
|
||||
updateSiteApprovals = "updateSiteApprovals",
|
||||
restartSite = "restartSite",
|
||||
resetSiteBandwidth = "resetSiteBandwidth",
|
||||
reGenerateSecret = "reGenerateSecret",
|
||||
|
||||
@@ -200,10 +200,7 @@ export const resources = pgTable(
|
||||
authDaemonMode: varchar("authDaemonMode", { length: 32 })
|
||||
.$type<"site" | "remote" | "native">()
|
||||
.default("site"),
|
||||
authDaemonPort: integer("authDaemonPort").default(22123),
|
||||
status: varchar("status")
|
||||
.$type<"pending" | "approved">()
|
||||
.default("approved")
|
||||
authDaemonPort: integer("authDaemonPort").default(22123)
|
||||
},
|
||||
(t) => [
|
||||
index("idx_resources_fulldomain")
|
||||
@@ -454,10 +451,7 @@ export const siteResources = pgTable(
|
||||
onDelete: "set null"
|
||||
}),
|
||||
subdomain: varchar("subdomain"),
|
||||
fullDomain: varchar("fullDomain"),
|
||||
status: varchar("status")
|
||||
.$type<"pending" | "approved">()
|
||||
.default("approved")
|
||||
fullDomain: varchar("fullDomain")
|
||||
},
|
||||
(t) => [index("idx_siteresources_orgid_niceid").on(t.orgId, t.niceId)]
|
||||
);
|
||||
|
||||
@@ -209,8 +209,7 @@ export const resources = sqliteTable("resources", {
|
||||
authDaemonMode: text("authDaemonMode")
|
||||
.$type<"site" | "remote" | "native">()
|
||||
.default("site"),
|
||||
authDaemonPort: integer("authDaemonPort").default(22123),
|
||||
status: text("status").$type<"pending" | "approved">().default("approved")
|
||||
authDaemonPort: integer("authDaemonPort").default(22123)
|
||||
});
|
||||
|
||||
export const labels = sqliteTable("labels", {
|
||||
@@ -448,8 +447,7 @@ export const siteResources = sqliteTable("siteResources", {
|
||||
onDelete: "set null"
|
||||
}),
|
||||
subdomain: text("subdomain"),
|
||||
fullDomain: text("fullDomain"),
|
||||
status: text("status").$type<"pending" | "approved">().default("approved")
|
||||
fullDomain: text("fullDomain")
|
||||
});
|
||||
|
||||
export const networks = sqliteTable("networks", {
|
||||
|
||||
@@ -34,6 +34,12 @@ import {
|
||||
rebuildClientAssociationsFromSiteResource,
|
||||
waitForSiteResourceRebuildIdle
|
||||
} from "../rebuildClientAssociations";
|
||||
import { build } from "@server/build";
|
||||
import HttpCode from "@server/types/HttpCode";
|
||||
import createHttpError from "http-errors";
|
||||
import next from "next";
|
||||
import { LimitId } from "../billing";
|
||||
import { usageService } from "../billing/usageService";
|
||||
|
||||
type ApplyBlueprintArgs = {
|
||||
orgId: string;
|
||||
|
||||
@@ -26,6 +26,9 @@ import { createCertificate } from "#dynamic/routers/certificates/createCertifica
|
||||
import { isLicensedOrSubscribed } from "#dynamic/lib/isLicencedOrSubscribed";
|
||||
import { tierMatrix } from "../billing/tierMatrix";
|
||||
import { build } from "@server/build";
|
||||
import HttpCode from "@server/types/HttpCode";
|
||||
import createHttpError from "http-errors";
|
||||
import next from "next";
|
||||
import { LimitId } from "../billing";
|
||||
import { usageService } from "../billing/usageService";
|
||||
|
||||
@@ -198,19 +201,17 @@ export async function updatePrivateResources(
|
||||
}
|
||||
}
|
||||
|
||||
let resourceStatusFromSite: "approved" | "pending" = "approved";
|
||||
if (siteId && allSites.length === 0) {
|
||||
// only add if there are not provided sites
|
||||
// Use the provided siteId directly, but verify it belongs to the org
|
||||
const [siteSingle] = await trx
|
||||
.select({ siteId: sites.siteId, status: sites.status })
|
||||
.select({ siteId: sites.siteId })
|
||||
.from(sites)
|
||||
.where(and(eq(sites.siteId, siteId), eq(sites.orgId, orgId)))
|
||||
.limit(1);
|
||||
if (siteSingle) {
|
||||
allSites.push(siteSingle);
|
||||
}
|
||||
resourceStatusFromSite = siteSingle.status ?? "approved";
|
||||
}
|
||||
|
||||
if (allSites.length === 0) {
|
||||
@@ -219,13 +220,6 @@ export async function updatePrivateResources(
|
||||
);
|
||||
}
|
||||
|
||||
const resourceEnabled =
|
||||
resourceData.enabled == undefined || resourceData.enabled == null
|
||||
? true
|
||||
: resourceStatusFromSite === "pending"
|
||||
? false
|
||||
: resourceData.enabled;
|
||||
|
||||
if (existingResource) {
|
||||
let domainInfo:
|
||||
| { subdomain: string | null; domainId: string }
|
||||
@@ -249,7 +243,8 @@ export async function updatePrivateResources(
|
||||
scheme: resourceData.scheme,
|
||||
destination: resourceData.destination,
|
||||
destinationPort: resourceData["destination-port"],
|
||||
enabled: resourceEnabled,
|
||||
enabled: true, // hardcoded for now
|
||||
// enabled: resourceData.enabled ?? true,
|
||||
alias: resourceData.alias || null,
|
||||
disableIcmp:
|
||||
resourceData["disable-icmp"] ||
|
||||
@@ -268,8 +263,7 @@ export async function updatePrivateResources(
|
||||
pamMode: resourceData["auth-daemon"]?.pam || "passthrough",
|
||||
authDaemonMode:
|
||||
resourceData["auth-daemon"]?.mode || "native",
|
||||
authDaemonPort: resourceData["auth-daemon"]?.port || 22123,
|
||||
status: resourceStatusFromSite
|
||||
authDaemonPort: resourceData["auth-daemon"]?.port || 22123
|
||||
})
|
||||
.where(
|
||||
eq(
|
||||
@@ -502,7 +496,8 @@ export async function updatePrivateResources(
|
||||
scheme: resourceData.scheme,
|
||||
destination: resourceData.destination,
|
||||
destinationPort: resourceData["destination-port"],
|
||||
enabled: resourceEnabled,
|
||||
enabled: true, // hardcoded for now
|
||||
// enabled: resourceData.enabled ?? true,
|
||||
alias: resourceData.alias || null,
|
||||
aliasAddress: aliasAddress,
|
||||
disableIcmp:
|
||||
@@ -522,8 +517,7 @@ export async function updatePrivateResources(
|
||||
pamMode: resourceData["auth-daemon"]?.pam || "passthrough",
|
||||
authDaemonMode:
|
||||
resourceData["auth-daemon"]?.mode || "native",
|
||||
authDaemonPort: resourceData["auth-daemon"]?.port || 22123,
|
||||
status: resourceStatusFromSite
|
||||
authDaemonPort: resourceData["auth-daemon"]?.port || 22123
|
||||
})
|
||||
.returning();
|
||||
|
||||
|
||||
@@ -25,7 +25,6 @@ import {
|
||||
rolePolicies,
|
||||
roleResources,
|
||||
roles,
|
||||
Site,
|
||||
sites,
|
||||
Target,
|
||||
TargetHealthCheck,
|
||||
@@ -75,40 +74,19 @@ export async function updatePublicResources(
|
||||
)) {
|
||||
const targetsToUpdate: Target[] = [];
|
||||
const healthchecksToUpdate: TargetHealthCheck[] = [];
|
||||
|
||||
let resource: Resource;
|
||||
let resourceStatusFromSite: "approved" | "pending" = "approved";
|
||||
let providedSite: Partial<Site> | undefined;
|
||||
if (siteId) {
|
||||
// Use the provided siteId directly, but verify it belongs to the org
|
||||
[providedSite] = await trx
|
||||
.select({
|
||||
siteId: sites.siteId,
|
||||
type: sites.type,
|
||||
status: sites.status
|
||||
})
|
||||
.from(sites)
|
||||
.where(and(eq(sites.siteId, siteId), eq(sites.orgId, orgId)))
|
||||
.limit(1);
|
||||
|
||||
resourceStatusFromSite = providedSite?.status ?? "approved";
|
||||
}
|
||||
|
||||
async function createTarget( // reusable function to create a target
|
||||
resourceId: number,
|
||||
targetData: TargetData
|
||||
) {
|
||||
const targetSiteId = targetData.site;
|
||||
let site: Partial<Site> | undefined;
|
||||
let site;
|
||||
|
||||
if (targetSiteId) {
|
||||
// Look up site by niceId
|
||||
[site] = await trx
|
||||
.select({
|
||||
siteId: sites.siteId,
|
||||
type: sites.type,
|
||||
status: sites.status
|
||||
})
|
||||
.select({ siteId: sites.siteId, type: sites.type })
|
||||
.from(sites)
|
||||
.where(
|
||||
and(
|
||||
@@ -117,9 +95,15 @@ export async function updatePublicResources(
|
||||
)
|
||||
)
|
||||
.limit(1);
|
||||
} else if (siteId && providedSite) {
|
||||
} else if (siteId) {
|
||||
// Use the provided siteId directly, but verify it belongs to the org
|
||||
site = providedSite;
|
||||
[site] = await trx
|
||||
.select({ siteId: sites.siteId, type: sites.type })
|
||||
.from(sites)
|
||||
.where(
|
||||
and(eq(sites.siteId, siteId), eq(sites.orgId, orgId))
|
||||
)
|
||||
.limit(1);
|
||||
} else {
|
||||
throw new Error(`Target site is required`);
|
||||
}
|
||||
@@ -155,7 +139,7 @@ export async function updatePublicResources(
|
||||
.insert(targets)
|
||||
.values({
|
||||
resourceId: resourceId,
|
||||
siteId: site.siteId!,
|
||||
siteId: site.siteId,
|
||||
ip: targetData.hostname,
|
||||
mode: resourceData.mode as Target["mode"],
|
||||
method: targetData.method,
|
||||
@@ -188,7 +172,7 @@ export async function updatePublicResources(
|
||||
.insert(targetHealthCheck)
|
||||
.values({
|
||||
name: `${targetData.hostname}:${targetData.port}`,
|
||||
siteId: site.siteId!,
|
||||
siteId: site.siteId,
|
||||
targetId: newTarget.targetId,
|
||||
orgId: orgId,
|
||||
hcEnabled: healthcheckData?.enabled || false,
|
||||
@@ -246,10 +230,7 @@ export async function updatePublicResources(
|
||||
const resourceEnabled =
|
||||
resourceData.enabled == undefined || resourceData.enabled == null
|
||||
? true
|
||||
: resourceStatusFromSite === "pending"
|
||||
? false
|
||||
: resourceData.enabled;
|
||||
|
||||
: resourceData.enabled;
|
||||
const resourceSsl =
|
||||
resourceData.ssl == undefined || resourceData.ssl == null
|
||||
? true
|
||||
@@ -425,8 +406,7 @@ export async function updatePublicResources(
|
||||
? (resourceData["proxy-protocol-version"] ??
|
||||
1)
|
||||
: 1,
|
||||
resourcePolicyId: sharedPolicy.resourcePolicyId,
|
||||
status: resourceStatusFromSite
|
||||
resourcePolicyId: sharedPolicy.resourcePolicyId
|
||||
})
|
||||
.where(
|
||||
eq(
|
||||
@@ -610,8 +590,7 @@ export async function updatePublicResources(
|
||||
authDaemonPort:
|
||||
resourceData["auth-daemon"]?.port || 22123,
|
||||
resourcePolicyId: null,
|
||||
defaultResourcePolicyId: inlinePolicyId,
|
||||
status: resourceStatusFromSite
|
||||
defaultResourcePolicyId: inlinePolicyId
|
||||
})
|
||||
.where(
|
||||
eq(
|
||||
@@ -1152,7 +1131,6 @@ export async function updatePublicResources(
|
||||
.values({
|
||||
orgId,
|
||||
niceId: resourceNiceId,
|
||||
status: resourceStatusFromSite,
|
||||
name: resourceData.name || "Unnamed Resource",
|
||||
mode: resourceData.mode,
|
||||
proxyPort: ["http", "ssh", "rdp", "vnc"].includes(
|
||||
|
||||
@@ -470,7 +470,7 @@ export const PrivateResourceSchema = z
|
||||
// proxyPort: z.int().positive().optional(),
|
||||
"destination-port": z.int().positive().optional(),
|
||||
destination: z.string().min(1).optional(),
|
||||
enabled: z.boolean().default(true),
|
||||
// enabled: z.boolean().default(true),
|
||||
"tcp-ports": portRangeStringSchema.optional().default("*"),
|
||||
"udp-ports": portRangeStringSchema.optional().default("*"),
|
||||
"disable-icmp": z.boolean().optional().default(false),
|
||||
|
||||
@@ -14,6 +14,8 @@ import {
|
||||
} from "@server/db";
|
||||
import logger from "@server/logger";
|
||||
import { removeTargets } from "@server/routers/newt/targets";
|
||||
import createHttpError from "http-errors";
|
||||
import HttpCode from "@server/types/HttpCode";
|
||||
|
||||
export type DeleteResourceResult = {
|
||||
deletedResource: Resource;
|
||||
@@ -115,10 +117,10 @@ export async function runResourceDeleteSideEffects(
|
||||
.limit(1);
|
||||
|
||||
if (!site) {
|
||||
logger.debug(
|
||||
`Site with ID ${target.siteId} not found during resource delete side effects; skipping target removal`
|
||||
throw createHttpError(
|
||||
HttpCode.NOT_FOUND,
|
||||
`Site with ID ${target.siteId} not found`
|
||||
);
|
||||
continue;
|
||||
}
|
||||
|
||||
if (site.pubKey && site.type === "newt") {
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
import { and, eq, inArray, sql } from "drizzle-orm";
|
||||
import { and, eq, sql } from "drizzle-orm";
|
||||
import {
|
||||
db,
|
||||
resources,
|
||||
siteNetworks,
|
||||
siteResources,
|
||||
targets,
|
||||
@@ -98,64 +97,6 @@ export function exceedsSiteAssociatedResourceDeleteLimit(
|
||||
return resourceCount > MAX_SITE_ASSOCIATED_RESOURCES_FOR_BULK_DELETE;
|
||||
}
|
||||
|
||||
export async function getPendingResourceIdsForSite(
|
||||
siteId: number,
|
||||
trx: Transaction | typeof db = db
|
||||
): Promise<number[]> {
|
||||
const resourceIds = await getResourceIdsForSite(siteId, trx);
|
||||
if (resourceIds.length === 0) {
|
||||
return [];
|
||||
}
|
||||
|
||||
const rows = await trx
|
||||
.select({ resourceId: resources.resourceId })
|
||||
.from(resources)
|
||||
.where(
|
||||
and(
|
||||
inArray(resources.resourceId, resourceIds),
|
||||
eq(resources.status, "pending")
|
||||
)
|
||||
);
|
||||
|
||||
return rows.map((row) => row.resourceId);
|
||||
}
|
||||
|
||||
export async function getPendingSiteResourceIdsForSite(
|
||||
siteId: number,
|
||||
orgId: string,
|
||||
trx: Transaction | typeof db = db
|
||||
): Promise<number[]> {
|
||||
const siteResourceIds = await getSiteResourceIdsForSite(siteId, orgId, trx);
|
||||
if (siteResourceIds.length === 0) {
|
||||
return [];
|
||||
}
|
||||
|
||||
const rows = await trx
|
||||
.select({ siteResourceId: siteResources.siteResourceId })
|
||||
.from(siteResources)
|
||||
.where(
|
||||
and(
|
||||
inArray(siteResources.siteResourceId, siteResourceIds),
|
||||
eq(siteResources.status, "pending")
|
||||
)
|
||||
);
|
||||
|
||||
return rows.map((row) => row.siteResourceId);
|
||||
}
|
||||
|
||||
export async function getPendingAssociatedResourceCountForSite(
|
||||
siteId: number,
|
||||
orgId: string,
|
||||
trx: Transaction | typeof db = db
|
||||
): Promise<number> {
|
||||
const [resourceIds, siteResourceIds] = await Promise.all([
|
||||
getPendingResourceIdsForSite(siteId, trx),
|
||||
getPendingSiteResourceIdsForSite(siteId, orgId, trx)
|
||||
]);
|
||||
|
||||
return resourceIds.length + siteResourceIds.length;
|
||||
}
|
||||
|
||||
export async function deleteAssociatedResourcesForSite(
|
||||
siteId: number,
|
||||
orgId: string,
|
||||
@@ -164,32 +105,12 @@ export async function deleteAssociatedResourcesForSite(
|
||||
const resourceIds = await getResourceIdsForSite(siteId, trx);
|
||||
const siteResourceIds = await getSiteResourceIdsForSite(siteId, orgId, trx);
|
||||
|
||||
const [deletedResources, siteResourcesDeleted] = await Promise.all([
|
||||
const [resources, siteResourcesDeleted] = await Promise.all([
|
||||
performDeleteResources(resourceIds, trx),
|
||||
performDeleteSiteResources(siteResourceIds, trx)
|
||||
]);
|
||||
|
||||
return { resources: deletedResources, siteResources: siteResourcesDeleted };
|
||||
}
|
||||
|
||||
export async function deletePendingAssociatedResourcesForSite(
|
||||
siteId: number,
|
||||
orgId: string,
|
||||
trx: Transaction | typeof db = db
|
||||
): Promise<DeleteSiteAssociatedResourcesSideEffects> {
|
||||
const resourceIds = await getPendingResourceIdsForSite(siteId, trx);
|
||||
const siteResourceIds = await getPendingSiteResourceIdsForSite(
|
||||
siteId,
|
||||
orgId,
|
||||
trx
|
||||
);
|
||||
|
||||
const [deletedResources, siteResourcesDeleted] = await Promise.all([
|
||||
performDeleteResources(resourceIds, trx),
|
||||
performDeleteSiteResources(siteResourceIds, trx)
|
||||
]);
|
||||
|
||||
return { resources: deletedResources, siteResources: siteResourcesDeleted };
|
||||
return { resources, siteResources: siteResourcesDeleted };
|
||||
}
|
||||
|
||||
export async function runDeleteSiteAssociatedResourcesSideEffects(
|
||||
|
||||
@@ -496,7 +496,6 @@ export function generateRemoteSubnets(
|
||||
): string[] {
|
||||
const remoteSubnets = allSiteResources
|
||||
.filter((sr) => {
|
||||
if (!sr.enabled) return false;
|
||||
if (!sr.destination) return false;
|
||||
|
||||
if (sr.mode === "cidr") {
|
||||
@@ -531,7 +530,6 @@ export function generateAliasConfig(allSiteResources: SiteResource[]): Alias[] {
|
||||
return allSiteResources
|
||||
.filter(
|
||||
(sr) =>
|
||||
sr.enabled &&
|
||||
sr.aliasAddress &&
|
||||
((sr.alias && (sr.mode == "host" || sr.mode == "ssh")) ||
|
||||
(sr.fullDomain && sr.mode == "http"))
|
||||
@@ -664,13 +662,6 @@ export async function generateSubnetProxyTargetV2(
|
||||
subnet: string | null;
|
||||
}[]
|
||||
): Promise<SubnetProxyTargetV2[] | undefined> {
|
||||
if (!siteResource.enabled) {
|
||||
logger.debug(
|
||||
`Site resource ${siteResource.siteResourceId} is disabled, skipping target generation.`
|
||||
);
|
||||
return;
|
||||
}
|
||||
|
||||
if (clients.length === 0) {
|
||||
logger.debug(
|
||||
`No clients have access to site resource ${siteResource.siteResourceId}, skipping target generation.`
|
||||
|
||||
@@ -1561,19 +1561,9 @@ export async function handleMessagingForUpdatedSiteResource(
|
||||
updatedSiteResource.udpPortRangeString ||
|
||||
existingSiteResource.disableIcmp !==
|
||||
updatedSiteResource.disableIcmp);
|
||||
// Toggling enabled on/off doesn't change any of the fields above, but it
|
||||
// does change whether targets/peer data should exist at all, so it needs
|
||||
// to drive the same old->new diff machinery: going enabled->disabled
|
||||
// diffs "real data" against "nothing" (a remove), and disabled->enabled
|
||||
// diffs "nothing" against "real data" (an add). generateSubnetProxyTargetV2/
|
||||
// generateRemoteSubnets/generateAliasConfig already return nothing for a
|
||||
// disabled resource, so no other changes are needed here.
|
||||
const enabledChanged =
|
||||
existingSiteResource &&
|
||||
existingSiteResource.enabled !== updatedSiteResource.enabled;
|
||||
|
||||
logger.debug(
|
||||
`handleMessagingForUpdatedSiteResource: change flags destinationChanged=${Boolean(destinationChanged)} destinationPortChanged=${Boolean(destinationPortChanged)} aliasChanged=${Boolean(aliasChanged)} fullDomainChanged=${Boolean(fullDomainChanged)} sslChanged=${Boolean(sslChanged)} portRangesChanged=${Boolean(portRangesChanged)} enabledChanged=${Boolean(enabledChanged)}`
|
||||
`handleMessagingForUpdatedSiteResource: change flags destinationChanged=${Boolean(destinationChanged)} destinationPortChanged=${Boolean(destinationPortChanged)} aliasChanged=${Boolean(aliasChanged)} fullDomainChanged=${Boolean(fullDomainChanged)} sslChanged=${Boolean(sslChanged)} portRangesChanged=${Boolean(portRangesChanged)}`
|
||||
);
|
||||
|
||||
// if the existingSiteResource is undefined (new resource) we don't need to do anything here, the rebuild above handled it all
|
||||
@@ -1584,16 +1574,14 @@ export async function handleMessagingForUpdatedSiteResource(
|
||||
fullDomainChanged ||
|
||||
sslChanged ||
|
||||
portRangesChanged ||
|
||||
destinationPortChanged ||
|
||||
enabledChanged
|
||||
destinationPortChanged
|
||||
) {
|
||||
const shouldUpdateTargets =
|
||||
destinationChanged ||
|
||||
sslChanged ||
|
||||
portRangesChanged ||
|
||||
fullDomainChanged ||
|
||||
destinationPortChanged ||
|
||||
enabledChanged;
|
||||
destinationPortChanged;
|
||||
|
||||
logger.debug(
|
||||
`handleMessagingForUpdatedSiteResource: entering unchanged-site update path shouldUpdateTargets=${shouldUpdateTargets}`
|
||||
@@ -1669,22 +1657,20 @@ export async function handleMessagingForUpdatedSiteResource(
|
||||
peerDataUpdateBatch.push({
|
||||
clientId: client.clientId,
|
||||
siteId,
|
||||
remoteSubnets:
|
||||
destinationChanged || enabledChanged
|
||||
? {
|
||||
oldRemoteSubnets:
|
||||
!oldDestinationStillInUseBySite
|
||||
? generateRemoteSubnets([
|
||||
existingSiteResource
|
||||
])
|
||||
: [],
|
||||
newRemoteSubnets: generateRemoteSubnets([
|
||||
updatedSiteResource
|
||||
])
|
||||
}
|
||||
: undefined,
|
||||
remoteSubnets: destinationChanged
|
||||
? {
|
||||
oldRemoteSubnets: !oldDestinationStillInUseBySite
|
||||
? generateRemoteSubnets([
|
||||
existingSiteResource
|
||||
])
|
||||
: [],
|
||||
newRemoteSubnets: generateRemoteSubnets([
|
||||
updatedSiteResource
|
||||
])
|
||||
}
|
||||
: undefined,
|
||||
aliases:
|
||||
aliasChanged || fullDomainChanged || enabledChanged // the full domain is sent down as an alias
|
||||
aliasChanged || fullDomainChanged // the full domain is sent down as an alias
|
||||
? {
|
||||
oldAliases: generateAliasConfig([
|
||||
existingSiteResource
|
||||
|
||||
@@ -248,22 +248,6 @@ authenticated.post(
|
||||
site.updateSite
|
||||
);
|
||||
|
||||
authenticated.post(
|
||||
"/site/:siteId/approve",
|
||||
verifySiteAccess,
|
||||
verifyUserHasAction(ActionsEnum.updateSiteApprovals),
|
||||
logActionAudit(ActionsEnum.updateSiteApprovals),
|
||||
site.approveSite
|
||||
);
|
||||
|
||||
authenticated.post(
|
||||
"/site/:siteId/reject",
|
||||
verifySiteAccess,
|
||||
verifyUserHasAction(ActionsEnum.updateSiteApprovals),
|
||||
logActionAudit(ActionsEnum.updateSiteApprovals),
|
||||
site.rejectSite
|
||||
);
|
||||
|
||||
authenticated.delete(
|
||||
"/site/:siteId",
|
||||
verifySiteAccess,
|
||||
|
||||
@@ -138,7 +138,6 @@ authenticated.post(
|
||||
logActionAudit(ActionsEnum.updateSite),
|
||||
site.updateSite
|
||||
);
|
||||
|
||||
authenticated.post(
|
||||
"/org/:orgId/reset-bandwidth",
|
||||
verifyApiKeyOrgAccess,
|
||||
|
||||
@@ -157,8 +157,7 @@ async function resolveAccessibleIdsUncached(
|
||||
.where(
|
||||
and(
|
||||
eq(userResources.userId, userId),
|
||||
eq(resources.orgId, orgId),
|
||||
eq(resources.status, "approved")
|
||||
eq(resources.orgId, orgId)
|
||||
)
|
||||
),
|
||||
userRoleIds.length > 0
|
||||
@@ -172,8 +171,7 @@ async function resolveAccessibleIdsUncached(
|
||||
.where(
|
||||
and(
|
||||
inArray(roleResources.roleId, userRoleIds),
|
||||
eq(resources.orgId, orgId),
|
||||
eq(resources.status, "approved")
|
||||
eq(resources.orgId, orgId)
|
||||
)
|
||||
)
|
||||
: Promise.resolve([]),
|
||||
@@ -185,11 +183,7 @@ async function resolveAccessibleIdsUncached(
|
||||
eq(effectiveResourcePolicyId, userPolicies.resourcePolicyId)
|
||||
)
|
||||
.where(
|
||||
and(
|
||||
eq(userPolicies.userId, userId),
|
||||
eq(resources.orgId, orgId),
|
||||
eq(resources.status, "approved")
|
||||
)
|
||||
and(eq(userPolicies.userId, userId), eq(resources.orgId, orgId))
|
||||
),
|
||||
userRoleIds.length > 0
|
||||
? db
|
||||
@@ -205,48 +199,21 @@ async function resolveAccessibleIdsUncached(
|
||||
.where(
|
||||
and(
|
||||
inArray(rolePolicies.roleId, userRoleIds),
|
||||
eq(resources.orgId, orgId),
|
||||
eq(resources.status, "approved")
|
||||
eq(resources.orgId, orgId)
|
||||
)
|
||||
)
|
||||
: Promise.resolve([]),
|
||||
db
|
||||
.select({ siteResourceId: userSiteResources.siteResourceId })
|
||||
.from(userSiteResources)
|
||||
.innerJoin(
|
||||
siteResources,
|
||||
eq(
|
||||
userSiteResources.siteResourceId,
|
||||
siteResources.siteResourceId
|
||||
)
|
||||
)
|
||||
.where(
|
||||
and(
|
||||
eq(userSiteResources.userId, userId),
|
||||
eq(siteResources.orgId, orgId),
|
||||
eq(siteResources.status, "approved")
|
||||
)
|
||||
),
|
||||
.where(eq(userSiteResources.userId, userId)),
|
||||
userRoleIds.length > 0
|
||||
? db
|
||||
.select({
|
||||
siteResourceId: roleSiteResources.siteResourceId
|
||||
})
|
||||
.from(roleSiteResources)
|
||||
.innerJoin(
|
||||
siteResources,
|
||||
eq(
|
||||
roleSiteResources.siteResourceId,
|
||||
siteResources.siteResourceId
|
||||
)
|
||||
)
|
||||
.where(
|
||||
and(
|
||||
inArray(roleSiteResources.roleId, userRoleIds),
|
||||
eq(siteResources.orgId, orgId),
|
||||
eq(siteResources.status, "approved")
|
||||
)
|
||||
)
|
||||
.where(inArray(roleSiteResources.roleId, userRoleIds))
|
||||
: Promise.resolve([])
|
||||
]);
|
||||
|
||||
@@ -398,7 +365,6 @@ async function filterPublicResourceIdsByTextSearch(
|
||||
inArray(resources.resourceId, resourceIds),
|
||||
eq(resources.orgId, orgId),
|
||||
eq(resources.enabled, true),
|
||||
eq(resources.status, "approved"),
|
||||
textMatch
|
||||
)
|
||||
);
|
||||
@@ -436,7 +402,6 @@ async function filterSiteResourceIdsByTextSearch(
|
||||
inArray(siteResources.siteResourceId, siteResourceIds),
|
||||
eq(siteResources.orgId, orgId),
|
||||
eq(siteResources.enabled, true),
|
||||
eq(siteResources.status, "approved"),
|
||||
textMatch
|
||||
)
|
||||
);
|
||||
@@ -538,8 +503,7 @@ async function listSiteGroups(
|
||||
const publicConditions = [
|
||||
inArray(resources.resourceId, accessible.resourceIds),
|
||||
eq(resources.orgId, orgId),
|
||||
eq(resources.enabled, true),
|
||||
eq(resources.status, "approved")
|
||||
eq(resources.enabled, true)
|
||||
];
|
||||
if (searchPublic) {
|
||||
publicConditions.push(searchPublic);
|
||||
@@ -594,8 +558,7 @@ async function listSiteGroups(
|
||||
const siteConditions = [
|
||||
inArray(siteResources.siteResourceId, accessible.siteResourceIds),
|
||||
eq(siteResources.orgId, orgId),
|
||||
eq(siteResources.enabled, true),
|
||||
eq(siteResources.status, "approved")
|
||||
eq(siteResources.enabled, true)
|
||||
];
|
||||
if (searchSite) {
|
||||
siteConditions.push(searchSite);
|
||||
@@ -658,8 +621,7 @@ async function listSiteGroups(
|
||||
const noSitePublicConditions = [
|
||||
inArray(resources.resourceId, accessible.resourceIds),
|
||||
eq(resources.orgId, orgId),
|
||||
eq(resources.enabled, true),
|
||||
eq(resources.status, "approved")
|
||||
eq(resources.enabled, true)
|
||||
];
|
||||
if (searchPublic) {
|
||||
noSitePublicConditions.push(searchPublic);
|
||||
@@ -693,8 +655,7 @@ async function listSiteGroups(
|
||||
const noSiteSiteConditions = [
|
||||
inArray(siteResources.siteResourceId, accessible.siteResourceIds),
|
||||
eq(siteResources.orgId, orgId),
|
||||
eq(siteResources.enabled, true),
|
||||
eq(siteResources.status, "approved")
|
||||
eq(siteResources.enabled, true)
|
||||
];
|
||||
if (searchSite) {
|
||||
noSiteSiteConditions.push(searchSite);
|
||||
@@ -785,8 +746,7 @@ async function listLabelGroups(
|
||||
const publicConditions = [
|
||||
inArray(resources.resourceId, accessible.resourceIds),
|
||||
eq(resources.orgId, orgId),
|
||||
eq(resources.enabled, true),
|
||||
eq(resources.status, "approved")
|
||||
eq(resources.enabled, true)
|
||||
];
|
||||
const searchPublic = buildSearchConditionForPublic(query.query);
|
||||
if (searchPublic) {
|
||||
@@ -850,8 +810,7 @@ async function listLabelGroups(
|
||||
const siteConditions = [
|
||||
inArray(siteResources.siteResourceId, accessible.siteResourceIds),
|
||||
eq(siteResources.orgId, orgId),
|
||||
eq(siteResources.enabled, true),
|
||||
eq(siteResources.status, "approved")
|
||||
eq(siteResources.enabled, true)
|
||||
];
|
||||
const searchSite = buildSearchConditionForSiteResource(query.query);
|
||||
if (searchSite) {
|
||||
@@ -1038,7 +997,6 @@ async function mapPublicResources(
|
||||
inArray(resources.resourceId, resourceIds),
|
||||
eq(resources.orgId, orgId),
|
||||
eq(resources.enabled, true),
|
||||
eq(resources.status, "approved"),
|
||||
siteIdFilter != null
|
||||
? eq(sites.siteId, siteIdFilter)
|
||||
: undefined
|
||||
@@ -1130,7 +1088,6 @@ async function mapSiteResources(
|
||||
inArray(siteResources.siteResourceId, siteResourceIds),
|
||||
eq(siteResources.orgId, orgId),
|
||||
eq(siteResources.enabled, true),
|
||||
eq(siteResources.status, "approved"),
|
||||
siteIdFilter != null
|
||||
? eq(sites.siteId, siteIdFilter)
|
||||
: undefined
|
||||
@@ -1425,8 +1382,7 @@ async function collectAccessibleSites(
|
||||
const publicConditions = [
|
||||
inArray(resources.resourceId, accessible.resourceIds),
|
||||
eq(resources.orgId, orgId),
|
||||
eq(resources.enabled, true),
|
||||
eq(resources.status, "approved")
|
||||
eq(resources.enabled, true)
|
||||
];
|
||||
if (siteNameSearch) {
|
||||
publicConditions.push(siteNameSearch);
|
||||
@@ -1466,8 +1422,7 @@ async function collectAccessibleSites(
|
||||
const siteConditions = [
|
||||
inArray(siteResources.siteResourceId, accessible.siteResourceIds),
|
||||
eq(siteResources.orgId, orgId),
|
||||
eq(siteResources.enabled, true),
|
||||
eq(siteResources.status, "approved")
|
||||
eq(siteResources.enabled, true)
|
||||
];
|
||||
if (siteNameSearch) {
|
||||
siteConditions.push(siteNameSearch);
|
||||
@@ -1521,7 +1476,6 @@ async function collectAccessibleLabels(
|
||||
inArray(resources.resourceId, accessible.resourceIds),
|
||||
eq(resources.orgId, orgId),
|
||||
eq(resources.enabled, true),
|
||||
eq(resources.status, "approved"),
|
||||
eq(labels.orgId, orgId)
|
||||
];
|
||||
if (labelNameSearch) {
|
||||
@@ -1557,7 +1511,6 @@ async function collectAccessibleLabels(
|
||||
inArray(siteResources.siteResourceId, accessible.siteResourceIds),
|
||||
eq(siteResources.orgId, orgId),
|
||||
eq(siteResources.enabled, true),
|
||||
eq(siteResources.status, "approved"),
|
||||
eq(labels.orgId, orgId)
|
||||
];
|
||||
if (labelNameSearch) {
|
||||
|
||||
@@ -148,12 +148,7 @@ export async function buildClientConfigurationForNewtClient(
|
||||
.from(siteResources)
|
||||
.innerJoin(networks, eq(siteResources.networkId, networks.networkId))
|
||||
.innerJoin(siteNetworks, eq(networks.networkId, siteNetworks.networkId))
|
||||
.where(
|
||||
and(
|
||||
eq(siteNetworks.siteId, siteId),
|
||||
eq(siteResources.enabled, true)
|
||||
)
|
||||
)
|
||||
.where(eq(siteNetworks.siteId, siteId))
|
||||
.then((rows) => rows.map((r) => r.siteResources));
|
||||
|
||||
const targetsToSend: SubnetProxyTargetV2[] = [];
|
||||
|
||||
@@ -16,7 +16,7 @@ import {
|
||||
generateRemoteSubnets
|
||||
} from "@server/lib/ip";
|
||||
import logger from "@server/logger";
|
||||
import { and, eq, inArray } from "drizzle-orm";
|
||||
import { eq, inArray } from "drizzle-orm";
|
||||
import { addPeer, deletePeer } from "../newt/peers";
|
||||
import config from "@server/lib/config";
|
||||
|
||||
@@ -70,13 +70,7 @@ export async function buildSiteConfigurationForOlmClient(
|
||||
.innerJoin(networks, eq(siteResources.networkId, networks.networkId))
|
||||
.innerJoin(siteNetworks, eq(networks.networkId, siteNetworks.networkId))
|
||||
.where(
|
||||
and(
|
||||
eq(
|
||||
clientSiteResourcesAssociationsCache.clientId,
|
||||
client.clientId
|
||||
),
|
||||
eq(siteResources.enabled, true)
|
||||
)
|
||||
eq(clientSiteResourcesAssociationsCache.clientId, client.clientId)
|
||||
);
|
||||
|
||||
const siteResourcesBySiteId = new Map<number, SiteResource[]>();
|
||||
|
||||
@@ -138,15 +138,6 @@ const listResourcesSchema = z.strictObject({
|
||||
description:
|
||||
"When set, only resources that have at least one target on this site are returned"
|
||||
}),
|
||||
status: z
|
||||
.enum(["pending", "approved"])
|
||||
.optional()
|
||||
.catch(undefined)
|
||||
.openapi({
|
||||
type: "string",
|
||||
enum: ["pending", "approved"],
|
||||
description: "Filter by resource status"
|
||||
}),
|
||||
labels: z
|
||||
.preprocess((val) => {
|
||||
if (val === undefined || val === null || val === "") {
|
||||
@@ -460,7 +451,6 @@ export async function listResources(
|
||||
sort_by,
|
||||
order,
|
||||
siteId,
|
||||
status,
|
||||
labels: labelFilter
|
||||
} = parsedQuery.data;
|
||||
|
||||
@@ -670,10 +660,6 @@ export async function listResources(
|
||||
}
|
||||
}
|
||||
|
||||
if (typeof status !== "undefined") {
|
||||
conditions.push(eq(resources.status, status));
|
||||
}
|
||||
|
||||
if (siteId != null) {
|
||||
const resourcesWithSite = db
|
||||
.select({ resourceId: targets.resourceId })
|
||||
|
||||
@@ -45,19 +45,18 @@ function userResourceAliasesCacheKey(
|
||||
page: number,
|
||||
pageSize: number,
|
||||
includeLabels: boolean,
|
||||
labelFilter: string[],
|
||||
status?: "pending" | "approved"
|
||||
labelFilter: string[]
|
||||
) {
|
||||
const labelsKey =
|
||||
labelFilter.length > 0 ? labelFilter.slice().sort().join(",") : "all";
|
||||
return `userResourceAliases:${orgId}:${userId}:${page}:${pageSize}:${includeLabels ? "labels" : "plain"}:${labelsKey}:${status ?? "all"}`;
|
||||
return `userResourceAliases:${orgId}:${userId}:${page}:${pageSize}:${includeLabels ? "labels" : "plain"}:${labelsKey}`;
|
||||
}
|
||||
|
||||
const listUserResourceAliasesParamsSchema = z.strictObject({
|
||||
orgId: z.string()
|
||||
});
|
||||
|
||||
const listUserResourceAliasesQuerySchema = z.object({
|
||||
const listUserResourceAliasesQuerySchema = z.strictObject({
|
||||
pageSize: z.coerce
|
||||
.number<string>()
|
||||
.int()
|
||||
@@ -97,16 +96,7 @@ const listUserResourceAliasesQuerySchema = z.object({
|
||||
type: "array",
|
||||
description:
|
||||
"Filter by resource labels. A resource matches when it has any of the given labels (OR)."
|
||||
}),
|
||||
status: z
|
||||
.enum(["pending", "approved"])
|
||||
.optional()
|
||||
.catch(undefined)
|
||||
.openapi({
|
||||
type: "string",
|
||||
enum: ["pending", "approved"],
|
||||
description: "Filter by site resource status"
|
||||
})
|
||||
})
|
||||
});
|
||||
|
||||
export type UserResourceAliasItem = {
|
||||
@@ -140,8 +130,7 @@ export async function listUserResourceAliases(
|
||||
page,
|
||||
pageSize,
|
||||
includeLabels,
|
||||
labels: labelFilter,
|
||||
status
|
||||
labels: labelFilter
|
||||
} = parsedQuery.data;
|
||||
|
||||
const parsedParams = listUserResourceAliasesParamsSchema.safeParse(
|
||||
@@ -183,8 +172,7 @@ export async function listUserResourceAliases(
|
||||
page,
|
||||
pageSize,
|
||||
includeLabels,
|
||||
labelFilter ?? [],
|
||||
status
|
||||
labelFilter ?? []
|
||||
);
|
||||
const cachedData: ListUserResourceAliasesResponse | undefined =
|
||||
await cache.get(cacheKey);
|
||||
@@ -269,10 +257,6 @@ export async function listUserResourceAliases(
|
||||
inArray(siteResources.siteResourceId, accessibleSiteResourceIds)
|
||||
];
|
||||
|
||||
if (typeof status !== "undefined") {
|
||||
whereConditions.push(eq(siteResources.status, status));
|
||||
}
|
||||
|
||||
if (labelFilter && labelFilter.length > 0) {
|
||||
whereConditions.push(
|
||||
inArray(
|
||||
|
||||
@@ -1,251 +0,0 @@
|
||||
import { Request, Response, NextFunction } from "express";
|
||||
import { z } from "zod";
|
||||
import {
|
||||
db,
|
||||
resources,
|
||||
siteNetworks,
|
||||
siteResources,
|
||||
sites,
|
||||
type Site,
|
||||
type SiteResource
|
||||
} from "@server/db";
|
||||
import { and, eq, inArray } from "drizzle-orm";
|
||||
import response from "@server/lib/response";
|
||||
import HttpCode from "@server/types/HttpCode";
|
||||
import createHttpError from "http-errors";
|
||||
import logger from "@server/logger";
|
||||
import { fromError } from "zod-validation-error";
|
||||
import { OpenAPITags, registry } from "@server/openApi";
|
||||
import {
|
||||
getResourceIdsForSite,
|
||||
getSiteResourceIdsForSite
|
||||
} from "@server/lib/deleteSiteAssociatedResources";
|
||||
import {
|
||||
handleMessagingForUpdatedSiteResource,
|
||||
rebuildClientAssociationsFromSiteResource,
|
||||
waitForSiteResourceRebuildIdle
|
||||
} from "@server/lib/rebuildClientAssociations";
|
||||
|
||||
const approveSiteParamsSchema = z.strictObject({
|
||||
siteId: z.coerce.number().int().positive()
|
||||
});
|
||||
|
||||
registry.registerPath({
|
||||
method: "post",
|
||||
path: "/site/{siteId}/approve",
|
||||
description:
|
||||
"Approve a pending site and approve (and enable when needed) its associated resources.",
|
||||
tags: [OpenAPITags.Site],
|
||||
request: {
|
||||
params: approveSiteParamsSchema
|
||||
},
|
||||
responses: {
|
||||
200: {
|
||||
description: "Successful response",
|
||||
content: {
|
||||
"application/json": {
|
||||
schema: z.object({
|
||||
data: z.record(z.string(), z.any()).nullable(),
|
||||
success: z.boolean(),
|
||||
error: z.boolean(),
|
||||
message: z.string(),
|
||||
status: z.number()
|
||||
})
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
type SiteResourceEnableSideEffect = {
|
||||
existing: SiteResource;
|
||||
updated: SiteResource;
|
||||
siteIds: number[];
|
||||
};
|
||||
|
||||
export async function approveSite(
|
||||
req: Request,
|
||||
res: Response,
|
||||
next: NextFunction
|
||||
): Promise<any> {
|
||||
try {
|
||||
const parsedParams = approveSiteParamsSchema.safeParse(req.params);
|
||||
if (!parsedParams.success) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.BAD_REQUEST,
|
||||
fromError(parsedParams.error).toString()
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
const { siteId } = parsedParams.data;
|
||||
|
||||
const [existingSite] = await db
|
||||
.select()
|
||||
.from(sites)
|
||||
.where(eq(sites.siteId, siteId))
|
||||
.limit(1);
|
||||
|
||||
if (!existingSite) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.NOT_FOUND,
|
||||
`Site with ID ${siteId} not found`
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
if (!existingSite.orgId) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.BAD_REQUEST,
|
||||
`Site with ID ${siteId} has no organization`
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
const orgId = existingSite.orgId;
|
||||
let updatedSite: Site | undefined;
|
||||
const siteResourceEnableSideEffects: SiteResourceEnableSideEffect[] =
|
||||
[];
|
||||
|
||||
await db.transaction(async (trx) => {
|
||||
[updatedSite] = await trx
|
||||
.update(sites)
|
||||
.set({ status: "approved" })
|
||||
.where(eq(sites.siteId, siteId))
|
||||
.returning();
|
||||
|
||||
const resourceIds = await getResourceIdsForSite(siteId, trx);
|
||||
const siteResourceIds = await getSiteResourceIdsForSite(
|
||||
siteId,
|
||||
orgId,
|
||||
trx
|
||||
);
|
||||
|
||||
if (resourceIds.length > 0) {
|
||||
const pendingDisabledResources = await trx
|
||||
.select({ resourceId: resources.resourceId })
|
||||
.from(resources)
|
||||
.where(
|
||||
and(
|
||||
inArray(resources.resourceId, resourceIds),
|
||||
eq(resources.status, "pending"),
|
||||
eq(resources.enabled, false)
|
||||
)
|
||||
);
|
||||
|
||||
await trx
|
||||
.update(resources)
|
||||
.set({ status: "approved" })
|
||||
.where(inArray(resources.resourceId, resourceIds));
|
||||
|
||||
if (pendingDisabledResources.length > 0) {
|
||||
await trx
|
||||
.update(resources)
|
||||
.set({ enabled: true })
|
||||
.where(
|
||||
inArray(
|
||||
resources.resourceId,
|
||||
pendingDisabledResources.map(
|
||||
(r) => r.resourceId
|
||||
)
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
if (siteResourceIds.length > 0) {
|
||||
const existingSiteResources = await trx
|
||||
.select()
|
||||
.from(siteResources)
|
||||
.where(
|
||||
inArray(siteResources.siteResourceId, siteResourceIds)
|
||||
);
|
||||
|
||||
const pendingDisabledSiteResources =
|
||||
existingSiteResources.filter(
|
||||
(sr) => sr.status === "pending" && !sr.enabled
|
||||
);
|
||||
|
||||
await trx
|
||||
.update(siteResources)
|
||||
.set({ status: "approved" })
|
||||
.where(
|
||||
inArray(siteResources.siteResourceId, siteResourceIds)
|
||||
);
|
||||
|
||||
if (pendingDisabledSiteResources.length > 0) {
|
||||
const enableIds = pendingDisabledSiteResources.map(
|
||||
(sr) => sr.siteResourceId
|
||||
);
|
||||
|
||||
const updatedEnabledSiteResources = await trx
|
||||
.update(siteResources)
|
||||
.set({ enabled: true })
|
||||
.where(inArray(siteResources.siteResourceId, enableIds))
|
||||
.returning();
|
||||
|
||||
for (const updated of updatedEnabledSiteResources) {
|
||||
const existing = pendingDisabledSiteResources.find(
|
||||
(sr) => sr.siteResourceId === updated.siteResourceId
|
||||
);
|
||||
if (!existing || !updated.networkId) {
|
||||
continue;
|
||||
}
|
||||
|
||||
const networkSites = await trx
|
||||
.select({ siteId: siteNetworks.siteId })
|
||||
.from(siteNetworks)
|
||||
.where(
|
||||
eq(siteNetworks.networkId, updated.networkId)
|
||||
);
|
||||
|
||||
siteResourceEnableSideEffects.push({
|
||||
existing,
|
||||
updated,
|
||||
siteIds: networkSites.map((s) => s.siteId)
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
for (const sideEffect of siteResourceEnableSideEffects) {
|
||||
rebuildClientAssociationsFromSiteResource(sideEffect.updated)
|
||||
.then(() =>
|
||||
waitForSiteResourceRebuildIdle(
|
||||
sideEffect.updated.siteResourceId
|
||||
)
|
||||
)
|
||||
.then(() =>
|
||||
handleMessagingForUpdatedSiteResource(
|
||||
sideEffect.existing,
|
||||
sideEffect.updated,
|
||||
sideEffect.siteIds,
|
||||
sideEffect.siteIds
|
||||
)
|
||||
)
|
||||
.catch((e) => {
|
||||
logger.error(
|
||||
`Failed to rebuild and handle messaging for site resource ${sideEffect.updated.siteResourceId} after site approval:`,
|
||||
e
|
||||
);
|
||||
});
|
||||
}
|
||||
|
||||
return response(res, {
|
||||
data: updatedSite ?? null,
|
||||
success: true,
|
||||
error: false,
|
||||
message: "Site approved successfully",
|
||||
status: HttpCode.OK
|
||||
});
|
||||
} catch (error) {
|
||||
logger.error(error);
|
||||
return next(
|
||||
createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -159,21 +159,15 @@ export async function deleteSite(
|
||||
siteResources: []
|
||||
};
|
||||
|
||||
if (deleteResources) {
|
||||
await db.transaction(async (trx) => {
|
||||
await db.transaction(async (trx) => {
|
||||
if (deleteResources) {
|
||||
resourceSideEffects = await deleteAssociatedResourcesForSite(
|
||||
siteId,
|
||||
site.orgId,
|
||||
trx
|
||||
);
|
||||
});
|
||||
}
|
||||
|
||||
await runDeleteSiteAssociatedResourcesSideEffects(
|
||||
resourceSideEffects
|
||||
);
|
||||
}
|
||||
|
||||
await db.transaction(async (trx) => {
|
||||
if (site.type == "wireguard") {
|
||||
if (site.pubKey) {
|
||||
await deletePeer(site.exitNodeId!, site.pubKey);
|
||||
@@ -186,6 +180,12 @@ export async function deleteSite(
|
||||
await usageService.add(site.orgId, LimitId.SITES, -1, trx);
|
||||
});
|
||||
|
||||
if (deleteResources) {
|
||||
await runDeleteSiteAssociatedResourcesSideEffects(
|
||||
resourceSideEffects
|
||||
);
|
||||
}
|
||||
|
||||
if (deletedNewt) {
|
||||
const payload = {
|
||||
type: `newt/wg/terminate`,
|
||||
|
||||
@@ -3,8 +3,6 @@ export * from "./getStatusHistory";
|
||||
export * from "./createSite";
|
||||
export * from "./deleteSite";
|
||||
export * from "./updateSite";
|
||||
export * from "./approveSite";
|
||||
export * from "./rejectSite";
|
||||
export * from "./listSites";
|
||||
export * from "./listSiteRoles";
|
||||
export * from "./pickSiteDefaults";
|
||||
|
||||
@@ -1,178 +0,0 @@
|
||||
import { Request, Response, NextFunction } from "express";
|
||||
import { z } from "zod";
|
||||
import { db } from "@server/db";
|
||||
import { newts, sites } from "@server/db";
|
||||
import { eq } from "drizzle-orm";
|
||||
import response from "@server/lib/response";
|
||||
import HttpCode from "@server/types/HttpCode";
|
||||
import createHttpError from "http-errors";
|
||||
import logger from "@server/logger";
|
||||
import { deletePeer } from "../gerbil/peers";
|
||||
import { fromError } from "zod-validation-error";
|
||||
import { sendToClient } from "#dynamic/routers/ws";
|
||||
import { OpenAPITags, registry } from "@server/openApi";
|
||||
import { cleanupSiteAssociations } from "@server/lib/rebuildClientAssociations";
|
||||
import { usageService } from "@server/lib/billing/usageService";
|
||||
import { LimitId } from "@server/lib/billing";
|
||||
import {
|
||||
deletePendingAssociatedResourcesForSite,
|
||||
exceedsSiteAssociatedResourceDeleteLimit,
|
||||
getPendingAssociatedResourceCountForSite,
|
||||
runDeleteSiteAssociatedResourcesSideEffects,
|
||||
MAX_SITE_ASSOCIATED_RESOURCES_FOR_BULK_DELETE,
|
||||
type DeleteSiteAssociatedResourcesSideEffects
|
||||
} from "@server/lib/deleteSiteAssociatedResources";
|
||||
|
||||
const rejectSiteParamsSchema = z.strictObject({
|
||||
siteId: z.coerce.number().int().positive()
|
||||
});
|
||||
|
||||
registry.registerPath({
|
||||
method: "post",
|
||||
path: "/site/{siteId}/reject",
|
||||
description:
|
||||
"Reject a pending site by deleting it and any associated resources that are still pending.",
|
||||
tags: [OpenAPITags.Site],
|
||||
request: {
|
||||
params: rejectSiteParamsSchema
|
||||
},
|
||||
responses: {
|
||||
200: {
|
||||
description: "Successful response",
|
||||
content: {
|
||||
"application/json": {
|
||||
schema: z.object({
|
||||
data: z.record(z.string(), z.any()).nullable(),
|
||||
success: z.boolean(),
|
||||
error: z.boolean(),
|
||||
message: z.string(),
|
||||
status: z.number()
|
||||
})
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
export async function rejectSite(
|
||||
req: Request,
|
||||
res: Response,
|
||||
next: NextFunction
|
||||
): Promise<any> {
|
||||
try {
|
||||
const parsedParams = rejectSiteParamsSchema.safeParse(req.params);
|
||||
if (!parsedParams.success) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.BAD_REQUEST,
|
||||
fromError(parsedParams.error).toString()
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
const { siteId } = parsedParams.data;
|
||||
|
||||
const [site] = await db
|
||||
.select()
|
||||
.from(sites)
|
||||
.where(eq(sites.siteId, siteId))
|
||||
.limit(1);
|
||||
|
||||
if (!site) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.NOT_FOUND,
|
||||
`Site with ID ${siteId} not found`
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
if (!site.orgId) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.BAD_REQUEST,
|
||||
`Site with ID ${siteId} has no organization`
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
const pendingAssociatedResourceCount =
|
||||
await getPendingAssociatedResourceCountForSite(siteId, site.orgId);
|
||||
|
||||
if (
|
||||
exceedsSiteAssociatedResourceDeleteLimit(
|
||||
pendingAssociatedResourceCount
|
||||
)
|
||||
) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.BAD_REQUEST,
|
||||
`Cannot reject site and associated pending resources when the site has more than ${MAX_SITE_ASSOCIATED_RESOURCES_FOR_BULK_DELETE} pending resources`
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
const [deletedNewt] = await db
|
||||
.select()
|
||||
.from(newts)
|
||||
.where(eq(newts.siteId, siteId))
|
||||
.limit(1);
|
||||
|
||||
let resourceSideEffects: DeleteSiteAssociatedResourcesSideEffects = {
|
||||
resources: [],
|
||||
siteResources: []
|
||||
};
|
||||
|
||||
await db.transaction(async (trx) => {
|
||||
resourceSideEffects = await deletePendingAssociatedResourcesForSite(
|
||||
siteId,
|
||||
site.orgId,
|
||||
trx
|
||||
);
|
||||
});
|
||||
|
||||
await runDeleteSiteAssociatedResourcesSideEffects(resourceSideEffects);
|
||||
|
||||
await db.transaction(async (trx) => {
|
||||
if (site.type == "wireguard") {
|
||||
if (site.pubKey) {
|
||||
await deletePeer(site.exitNodeId!, site.pubKey);
|
||||
}
|
||||
} else if (site.type == "newt") {
|
||||
await cleanupSiteAssociations(site, trx);
|
||||
}
|
||||
|
||||
await trx.delete(sites).where(eq(sites.siteId, siteId));
|
||||
await usageService.add(site.orgId, LimitId.SITES, -1, trx);
|
||||
});
|
||||
|
||||
if (deletedNewt) {
|
||||
const payload = {
|
||||
type: `newt/wg/terminate`,
|
||||
data: {}
|
||||
};
|
||||
sendToClient(deletedNewt.newtId, payload).catch((error) => {
|
||||
logger.error(
|
||||
"Failed to send termination message to newt:",
|
||||
error
|
||||
);
|
||||
});
|
||||
}
|
||||
|
||||
return response(res, {
|
||||
data: null,
|
||||
success: true,
|
||||
error: false,
|
||||
message: "Site rejected successfully",
|
||||
status: HttpCode.OK
|
||||
});
|
||||
} catch (error) {
|
||||
logger.error(error);
|
||||
if (createHttpError.isHttpError(error)) {
|
||||
return next(error);
|
||||
}
|
||||
return next(
|
||||
createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -21,6 +21,7 @@ const updateSiteBodySchema = z
|
||||
name: z.string().min(1).max(255).optional(),
|
||||
niceId: z.string().min(1).max(255).optional(),
|
||||
dockerSocketEnabled: z.boolean().optional(),
|
||||
status: z.enum(["pending", "approved"]).optional(),
|
||||
autoUpdateEnabled: z.boolean().optional(),
|
||||
autoUpdateOverrideOrg: z.boolean().optional()
|
||||
})
|
||||
|
||||
@@ -56,6 +56,7 @@ const createSiteResourceSchema = z
|
||||
siteId: z.number().int().positive().optional(), // DEPRECATED: for backward compatibility, we will convert this to siteIds array if provided
|
||||
destinationPort: z.int().positive().optional(),
|
||||
destination: z.string().min(1).nullish(),
|
||||
enabled: z.boolean().default(true),
|
||||
alias: z
|
||||
.string()
|
||||
.regex(
|
||||
@@ -274,6 +275,7 @@ export async function createSiteResource(
|
||||
scheme,
|
||||
destinationPort,
|
||||
destination,
|
||||
enabled,
|
||||
ssl,
|
||||
alias,
|
||||
userIds,
|
||||
@@ -537,6 +539,7 @@ export async function createSiteResource(
|
||||
destination: destination, // the ssh can be null
|
||||
scheme,
|
||||
destinationPort,
|
||||
enabled,
|
||||
alias: alias ? alias.trim() : null,
|
||||
aliasAddress,
|
||||
tcpPortRangeString: tcpPortRangeStringAdjusted,
|
||||
|
||||
@@ -86,15 +86,6 @@ const listAllSiteResourcesByOrgQuerySchema = z.strictObject({
|
||||
description:
|
||||
"When set, only site resources associated with this site (via network) are returned"
|
||||
}),
|
||||
status: z
|
||||
.enum(["pending", "approved"])
|
||||
.optional()
|
||||
.catch(undefined)
|
||||
.openapi({
|
||||
type: "string",
|
||||
enum: ["pending", "approved"],
|
||||
description: "Filter by site resource status"
|
||||
}),
|
||||
labels: z
|
||||
.preprocess((val) => {
|
||||
if (val === undefined || val === null || val === "") {
|
||||
@@ -292,7 +283,6 @@ export async function listAllSiteResourcesByOrg(
|
||||
sort_by,
|
||||
order,
|
||||
siteId,
|
||||
status,
|
||||
labels: labelFilter
|
||||
} = parsedQuery.data;
|
||||
|
||||
@@ -325,10 +315,6 @@ export async function listAllSiteResourcesByOrg(
|
||||
conditions.push(eq(siteResources.mode, mode));
|
||||
}
|
||||
|
||||
if (typeof status !== "undefined") {
|
||||
conditions.push(eq(siteResources.status, status));
|
||||
}
|
||||
|
||||
if (labelFilter && labelFilter.length > 0) {
|
||||
conditions.push(
|
||||
inArray(
|
||||
|
||||
@@ -47,15 +47,6 @@ const listSiteResourcesQuerySchema = z.strictObject({
|
||||
enum: ["asc", "desc"],
|
||||
default: "asc",
|
||||
description: "Sort order"
|
||||
}),
|
||||
status: z
|
||||
.enum(["pending", "approved"])
|
||||
.optional()
|
||||
.catch(undefined)
|
||||
.openapi({
|
||||
type: "string",
|
||||
enum: ["pending", "approved"],
|
||||
description: "Filter by site resource status"
|
||||
})
|
||||
});
|
||||
|
||||
@@ -119,7 +110,7 @@ export async function listSiteResources(
|
||||
}
|
||||
|
||||
const { siteId, orgId } = parsedParams.data;
|
||||
const { limit, offset, sort_by, order, status } = parsedQuery.data;
|
||||
const { limit, offset, sort_by, order } = parsedQuery.data;
|
||||
|
||||
// Verify the site exists and belongs to the org
|
||||
const site = await db
|
||||
@@ -133,15 +124,6 @@ export async function listSiteResources(
|
||||
}
|
||||
|
||||
// Get site resources by joining networks to siteResources via siteNetworks
|
||||
const conditions = [
|
||||
eq(siteNetworks.siteId, siteId),
|
||||
eq(siteResources.orgId, orgId)
|
||||
];
|
||||
|
||||
if (typeof status !== "undefined") {
|
||||
conditions.push(eq(siteResources.status, status));
|
||||
}
|
||||
|
||||
const siteResourcesList = await db
|
||||
.select()
|
||||
.from(siteNetworks)
|
||||
@@ -150,7 +132,12 @@ export async function listSiteResources(
|
||||
siteResources,
|
||||
eq(siteResources.networkId, networks.networkId)
|
||||
)
|
||||
.where(and(...conditions))
|
||||
.where(
|
||||
and(
|
||||
eq(siteNetworks.siteId, siteId),
|
||||
eq(siteResources.orgId, orgId)
|
||||
)
|
||||
)
|
||||
.orderBy(
|
||||
sort_by
|
||||
? order === "asc"
|
||||
|
||||
@@ -152,11 +152,6 @@ const updateSiteResourceSchema = z
|
||||
)
|
||||
.refine(
|
||||
(data) => {
|
||||
// this is a partial update; only enforce destination when the
|
||||
// caller is actually changing mode or destination
|
||||
if (data.mode === undefined && data.destination === undefined) {
|
||||
return true;
|
||||
}
|
||||
// destination is only optional for ssh mode with native authDaemonMode
|
||||
if (data.mode === "ssh" && data.authDaemonMode === "native") {
|
||||
return true;
|
||||
@@ -416,10 +411,8 @@ export async function updateSiteResource(
|
||||
: [];
|
||||
const existingSiteIds = existingSiteNetworks.map((sn) => sn.siteId);
|
||||
|
||||
// undefined means "leave unchanged" (partial update); only nulled out
|
||||
// when the mode is explicitly being changed away from http
|
||||
let fullDomain: string | null | undefined = undefined;
|
||||
let finalSubdomain: string | null | undefined = undefined;
|
||||
let fullDomain: string | null = null;
|
||||
let finalSubdomain: string | null = null;
|
||||
if (domainId) {
|
||||
// Validate domain and construct full domain
|
||||
const domainResult = await validateAndConstructDomain(
|
||||
@@ -455,11 +448,6 @@ export async function updateSiteResource(
|
||||
)
|
||||
);
|
||||
}
|
||||
} else if (mode !== undefined && mode !== "http") {
|
||||
// mode is explicitly changing away from http, so the resource
|
||||
// can no longer have a domain associated with it
|
||||
fullDomain = null;
|
||||
finalSubdomain = null;
|
||||
}
|
||||
|
||||
// make sure the alias is unique within the org if provided
|
||||
@@ -528,28 +516,15 @@ export async function updateSiteResource(
|
||||
destination: destination,
|
||||
destinationPort: destinationPort,
|
||||
enabled: enabled,
|
||||
alias:
|
||||
alias !== undefined
|
||||
? alias
|
||||
? alias.trim()
|
||||
: null
|
||||
: mode !== undefined &&
|
||||
mode !== "host" &&
|
||||
mode !== "ssh"
|
||||
? null
|
||||
: undefined,
|
||||
alias: alias ? alias.trim() : null,
|
||||
tcpPortRangeString: tcpPortRangeStringAdjusted,
|
||||
udpPortRangeString:
|
||||
mode == "http" || mode == "ssh"
|
||||
? ""
|
||||
: udpPortRangeString,
|
||||
disableIcmp:
|
||||
mode !== undefined
|
||||
? disableIcmp ||
|
||||
(mode == "http" || mode == "ssh"
|
||||
? true
|
||||
: false)
|
||||
: disableIcmp,
|
||||
disableIcmp ||
|
||||
(mode == "http" || mode == "ssh" ? true : false),
|
||||
domainId,
|
||||
subdomain: finalSubdomain,
|
||||
fullDomain,
|
||||
|
||||
@@ -23,7 +23,7 @@ import {
|
||||
import { ChevronsUpDown } from "lucide-react";
|
||||
import { useTranslations } from "next-intl";
|
||||
import type { Control, FieldPath, FieldValues } from "react-hook-form";
|
||||
import { PrivateResourceMultiSiteRoutingHelp } from "@app/components/PrivateResourceMultiSiteRoutingHelp";
|
||||
import { PrivateResourceMultiSiteRoutingHelp } from "./PrivateResourceMultiSiteRoutingHelp";
|
||||
|
||||
type PrivateResourceSitesFieldProps<T extends FieldValues> = {
|
||||
control: Control<T>;
|
||||
@@ -9,10 +9,10 @@ import {
|
||||
} from "@app/components/Settings";
|
||||
import { PaidFeaturesAlert } from "@app/components/PaidFeaturesAlert";
|
||||
import { SshServerSettingsFields } from "@app/components/SshServerSettingsFields";
|
||||
import { PrivateResourceAliasField } from "@app/components/PrivateResourceDestinationFields";
|
||||
import { PrivateResourceSitesField } from "@app/components/PrivateResourceSitesField";
|
||||
import { PrivateResourceAliasField } from "./PrivateResourceDestinationFields";
|
||||
import { PrivateResourceSitesField } from "./PrivateResourceSitesField";
|
||||
import { getSshUseMultiSiteTargetForm } from "./privateResourceUtils";
|
||||
import { inferSshPamMode } from "@app/lib/privateResourceForm";
|
||||
import { getSshUseMultiSiteTargetForm } from "@app/lib/privateResourceUtils";
|
||||
import {
|
||||
FormControl,
|
||||
FormField,
|
||||
@@ -29,7 +29,7 @@ import { useQuery, useQueryClient } from "@tanstack/react-query";
|
||||
import { useTranslations } from "next-intl";
|
||||
import { useActionState, useEffect } from "react";
|
||||
import { useForm } from "react-hook-form";
|
||||
import { PrivateResourceAccessFields } from "@app/components/PrivateResourceAccessFields";
|
||||
import { PrivateResourceAccessFields } from "../../PrivateResourceAccessFields";
|
||||
|
||||
export default function PrivateResourceAccessPage() {
|
||||
const t = useTranslations();
|
||||
|
||||
@@ -20,12 +20,12 @@ import { useTranslations } from "next-intl";
|
||||
import { useActionState, useMemo, useState } from "react";
|
||||
import { useForm } from "react-hook-form";
|
||||
import { z } from "zod";
|
||||
import { PrivateResourceSitesField } from "@app/components/PrivateResourceSitesField";
|
||||
import { PrivateResourceCidrDestinationField } from "@app/components/PrivateResourceDestinationFields";
|
||||
import { PrivateResourcePortRanges } from "@app/components/PrivateResourcePortRanges";
|
||||
import { useSaveSiteResource } from "@app/hooks/useSaveSiteResource";
|
||||
import { asAnyControl, asAnySetValue } from "@app/lib/formControlUtils";
|
||||
import { buildSelectedSitesForResource } from "@app/lib/privateResourceUtils";
|
||||
import { PrivateResourceSitesField } from "../../PrivateResourceSitesField";
|
||||
import { PrivateResourceCidrDestinationField } from "../../PrivateResourceDestinationFields";
|
||||
import { PrivateResourcePortRanges } from "../../PrivateResourcePortRanges";
|
||||
import { buildSelectedSitesForResource } from "../../privateResourceUtils";
|
||||
import { asAnyControl, asAnySetValue } from "../../formControlUtils";
|
||||
import { useSaveSiteResource } from "../../useSaveSiteResource";
|
||||
|
||||
export default function PrivateResourceCidrPage() {
|
||||
const t = useTranslations();
|
||||
|
||||
@@ -16,21 +16,19 @@ import { Button } from "@app/components/ui/button";
|
||||
import {
|
||||
Form,
|
||||
FormControl,
|
||||
FormDescription,
|
||||
FormField,
|
||||
FormItem,
|
||||
FormLabel,
|
||||
FormMessage
|
||||
} from "@app/components/ui/form";
|
||||
import { Input } from "@app/components/ui/input";
|
||||
import { SwitchInput } from "@app/components/SwitchInput";
|
||||
import { createGeneralFormSchema } from "@app/lib/privateResourceForm";
|
||||
import { zodResolver } from "@hookform/resolvers/zod";
|
||||
import { useTranslations } from "next-intl";
|
||||
import { useActionState, useMemo } from "react";
|
||||
import { useForm } from "react-hook-form";
|
||||
import { z } from "zod";
|
||||
import { useSaveSiteResource } from "@app/hooks/useSaveSiteResource";
|
||||
import { useSaveSiteResource } from "../../useSaveSiteResource";
|
||||
|
||||
export default function PrivateResourceGeneralPage() {
|
||||
const t = useTranslations();
|
||||
@@ -43,8 +41,7 @@ export default function PrivateResourceGeneralPage() {
|
||||
resolver: zodResolver(formSchema),
|
||||
defaultValues: {
|
||||
name: siteResource.name,
|
||||
niceId: siteResource.niceId,
|
||||
enabled: siteResource.enabled
|
||||
niceId: siteResource.niceId
|
||||
}
|
||||
});
|
||||
|
||||
@@ -55,8 +52,7 @@ export default function PrivateResourceGeneralPage() {
|
||||
const data = form.getValues();
|
||||
await save({
|
||||
name: data.name,
|
||||
niceId: data.niceId,
|
||||
enabled: data.enabled
|
||||
niceId: data.niceId
|
||||
});
|
||||
}, null);
|
||||
|
||||
@@ -80,42 +76,6 @@ export default function PrivateResourceGeneralPage() {
|
||||
id="private-resource-general-form"
|
||||
>
|
||||
<SettingsFormGrid>
|
||||
<SettingsFormCell span="full">
|
||||
<FormField
|
||||
control={form.control}
|
||||
name="enabled"
|
||||
render={() => (
|
||||
<FormItem>
|
||||
<FormControl>
|
||||
<SwitchInput
|
||||
id="enable-resource"
|
||||
defaultChecked={
|
||||
siteResource.enabled
|
||||
}
|
||||
label={t(
|
||||
"resourceEnable"
|
||||
)}
|
||||
onCheckedChange={(
|
||||
val
|
||||
) =>
|
||||
form.setValue(
|
||||
"enabled",
|
||||
val
|
||||
)
|
||||
}
|
||||
/>
|
||||
</FormControl>
|
||||
<FormDescription>
|
||||
{t(
|
||||
"disabledResourceDescription"
|
||||
)}
|
||||
</FormDescription>
|
||||
<FormMessage />
|
||||
</FormItem>
|
||||
)}
|
||||
/>
|
||||
</SettingsFormCell>
|
||||
|
||||
<SettingsFormCell span="half">
|
||||
<FormField
|
||||
control={form.control}
|
||||
|
||||
@@ -20,16 +20,16 @@ import { useTranslations } from "next-intl";
|
||||
import { useActionState, useMemo, useState } from "react";
|
||||
import { useForm } from "react-hook-form";
|
||||
import { z } from "zod";
|
||||
import { PrivateResourceSitesField } from "@app/components/PrivateResourceSitesField";
|
||||
import { PrivateResourceHostDestinationFields } from "@app/components/PrivateResourceDestinationFields";
|
||||
import { PrivateResourcePortRanges } from "@app/components/PrivateResourcePortRanges";
|
||||
import { useSaveSiteResource } from "@app/hooks/useSaveSiteResource";
|
||||
import { PrivateResourceSitesField } from "../../PrivateResourceSitesField";
|
||||
import { PrivateResourceHostDestinationFields } from "../../PrivateResourceDestinationFields";
|
||||
import { PrivateResourcePortRanges } from "../../PrivateResourcePortRanges";
|
||||
import { buildSelectedSitesForResource } from "../../privateResourceUtils";
|
||||
import {
|
||||
asAnyControl,
|
||||
asAnySetValue,
|
||||
asAnyWatch
|
||||
} from "@app/lib/formControlUtils";
|
||||
import { buildSelectedSitesForResource } from "@app/lib/privateResourceUtils";
|
||||
} from "../../formControlUtils";
|
||||
import { useSaveSiteResource } from "../../useSaveSiteResource";
|
||||
|
||||
export default function PrivateResourceHostPage() {
|
||||
const t = useTranslations();
|
||||
|
||||
@@ -22,15 +22,15 @@ import { useTranslations } from "next-intl";
|
||||
import { useActionState, useMemo, useState } from "react";
|
||||
import { useForm } from "react-hook-form";
|
||||
import { z } from "zod";
|
||||
import { PrivateResourceSitesField } from "@app/components/PrivateResourceSitesField";
|
||||
import { PrivateResourceHttpFields } from "@app/components/PrivateResourceHttpFields";
|
||||
import { useSaveSiteResource } from "@app/hooks/useSaveSiteResource";
|
||||
import { PrivateResourceSitesField } from "../../PrivateResourceSitesField";
|
||||
import { PrivateResourceHttpFields } from "../../PrivateResourceHttpFields";
|
||||
import { buildSelectedSitesForResource } from "../../privateResourceUtils";
|
||||
import {
|
||||
asAnyControl,
|
||||
asAnySetValue,
|
||||
asAnyWatch
|
||||
} from "@app/lib/formControlUtils";
|
||||
import { buildSelectedSitesForResource } from "@app/lib/privateResourceUtils";
|
||||
} from "../../formControlUtils";
|
||||
import { useSaveSiteResource } from "../../useSaveSiteResource";
|
||||
|
||||
export default function PrivateResourceHttpPage() {
|
||||
const t = useTranslations();
|
||||
|
||||
@@ -26,15 +26,15 @@ import { useTranslations } from "next-intl";
|
||||
import { useActionState, useMemo, useState } from "react";
|
||||
import { useForm } from "react-hook-form";
|
||||
import { z } from "zod";
|
||||
import { PrivateResourceSshFields } from "@app/components/PrivateResourceSshFields";
|
||||
import type { Selectedsite } from "@app/components/site-selector";
|
||||
import { useSaveSiteResource } from "@app/hooks/useSaveSiteResource";
|
||||
import { PrivateResourceSshFields } from "../../PrivateResourceSshFields";
|
||||
import { buildSelectedSitesForResource } from "../../privateResourceUtils";
|
||||
import {
|
||||
asAnyControl,
|
||||
asAnySetValue,
|
||||
asAnyWatch
|
||||
} from "@app/lib/formControlUtils";
|
||||
import { buildSelectedSitesForResource } from "@app/lib/privateResourceUtils";
|
||||
} from "../../formControlUtils";
|
||||
import { useSaveSiteResource } from "../../useSaveSiteResource";
|
||||
import type { Selectedsite } from "@app/components/site-selector";
|
||||
|
||||
export default function PrivateResourceSshPage() {
|
||||
const t = useTranslations();
|
||||
|
||||
@@ -50,20 +50,16 @@ import { useParams, useRouter, useSearchParams } from "next/navigation";
|
||||
import { useEffect, useMemo, useState, useTransition } from "react";
|
||||
import { useForm } from "react-hook-form";
|
||||
import { z } from "zod";
|
||||
import { PrivateResourceSitesField } from "@app/components/PrivateResourceSitesField";
|
||||
import { PrivateResourceHttpFields } from "@app/components/PrivateResourceHttpFields";
|
||||
import { PrivateResourceSshFields } from "@app/components/PrivateResourceSshFields";
|
||||
import { PrivateResourcePortRanges } from "@app/components/PrivateResourcePortRanges";
|
||||
import { PrivateResourceSitesField } from "../PrivateResourceSitesField";
|
||||
import { PrivateResourceHttpFields } from "../PrivateResourceHttpFields";
|
||||
import { PrivateResourceSshFields } from "../PrivateResourceSshFields";
|
||||
import { PrivateResourcePortRanges } from "../PrivateResourcePortRanges";
|
||||
import {
|
||||
PrivateResourceAliasField,
|
||||
PrivateResourceCidrDestinationField,
|
||||
PrivateResourceHostDestinationFields
|
||||
} from "@app/components/PrivateResourceDestinationFields";
|
||||
import {
|
||||
asAnyControl,
|
||||
asAnySetValue,
|
||||
asAnyWatch
|
||||
} from "@app/lib/formControlUtils";
|
||||
} from "../PrivateResourceDestinationFields";
|
||||
import { asAnyControl, asAnySetValue, asAnyWatch } from "../formControlUtils";
|
||||
|
||||
export default function CreatePrivateResourcePage() {
|
||||
const params = useParams();
|
||||
|
||||
@@ -27,7 +27,6 @@ export default async function ClientResourcesPage(
|
||||
const params = await props.params;
|
||||
const t = await getTranslations();
|
||||
const searchParams = new URLSearchParams(await props.searchParams);
|
||||
searchParams.set("status", "approved");
|
||||
|
||||
let siteResources: ListAllSiteResourcesByOrgResponse["siteResources"] = [];
|
||||
let pagination: ListAllSiteResourcesByOrgResponse["pagination"] = {
|
||||
|
||||
@@ -38,7 +38,6 @@ export default async function ProxyResourcesPage(
|
||||
const params = await props.params;
|
||||
const t = await getTranslations();
|
||||
const searchParams = new URLSearchParams(await props.searchParams);
|
||||
searchParams.set("status", "approved");
|
||||
|
||||
let resources: ListResourcesResponse["resources"] = [];
|
||||
let pagination: ListResourcesResponse["pagination"] = {
|
||||
|
||||
@@ -1,16 +1,6 @@
|
||||
"use client";
|
||||
|
||||
import ConfirmDeleteDialog from "@app/components/ConfirmDeleteDialog";
|
||||
import {
|
||||
Credenza,
|
||||
CredenzaBody,
|
||||
CredenzaContent,
|
||||
CredenzaDescription,
|
||||
CredenzaFooter,
|
||||
CredenzaHeader,
|
||||
CredenzaTitle
|
||||
} from "@app/components/Credenza";
|
||||
import SiteResourcesOverview from "@app/components/SiteResourcesOverview";
|
||||
import { Badge } from "@app/components/ui/badge";
|
||||
import { Button } from "@app/components/ui/button";
|
||||
import {
|
||||
@@ -34,7 +24,6 @@ import {
|
||||
ArrowUp10Icon,
|
||||
ArrowUpRight,
|
||||
Check,
|
||||
ChevronDown,
|
||||
ChevronsUpDownIcon,
|
||||
MoreHorizontal,
|
||||
X
|
||||
@@ -76,10 +65,8 @@ export default function PendingSitesTable({
|
||||
const [isRefreshing, startTransition] = useTransition();
|
||||
const [approvingIds, setApprovingIds] = useState<Set<number>>(new Set());
|
||||
const [rejectingIds, setRejectingIds] = useState<Set<number>>(new Set());
|
||||
const [isRejectModalOpen, setIsRejectModalOpen] = useState(false);
|
||||
const [isDeleteModalOpen, setIsDeleteModalOpen] = useState(false);
|
||||
const [selectedSite, setSelectedSite] = useState<SiteRow | null>(null);
|
||||
const [resourcesDialogSite, setResourcesDialogSite] =
|
||||
useState<SiteRow | null>(null);
|
||||
|
||||
const api = createApiClient(useEnvContext());
|
||||
const t = useTranslations();
|
||||
@@ -124,7 +111,7 @@ export default function PendingSitesTable({
|
||||
async function approveSite(siteId: number) {
|
||||
setApprovingIds((prev) => new Set(prev).add(siteId));
|
||||
try {
|
||||
await api.post(`/site/${siteId}/approve`);
|
||||
await api.post(`/site/${siteId}`, { status: "approved" });
|
||||
toast({
|
||||
title: t("success"),
|
||||
description: t("siteApproveSuccess"),
|
||||
@@ -149,20 +136,20 @@ export default function PendingSitesTable({
|
||||
async function rejectSite(siteId: number) {
|
||||
setRejectingIds((prev) => new Set(prev).add(siteId));
|
||||
try {
|
||||
await api.post(`/site/${siteId}/reject`);
|
||||
await api.delete(`/site/${siteId}`);
|
||||
toast({
|
||||
title: t("success"),
|
||||
description: t("siteRejectSuccess"),
|
||||
description: t("siteDeleted"),
|
||||
variant: "default"
|
||||
});
|
||||
setIsRejectModalOpen(false);
|
||||
setIsDeleteModalOpen(false);
|
||||
setSelectedSite(null);
|
||||
router.refresh();
|
||||
} catch (e) {
|
||||
toast({
|
||||
variant: "destructive",
|
||||
title: t("siteRejectError"),
|
||||
description: formatAxiosError(e, t("siteRejectError"))
|
||||
title: t("siteErrorDelete"),
|
||||
description: formatAxiosError(e, t("siteErrorDelete"))
|
||||
});
|
||||
} finally {
|
||||
setRejectingIds((prev) => {
|
||||
@@ -355,29 +342,6 @@ export default function PendingSitesTable({
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
id: "resources",
|
||||
accessorKey: "resourceCount",
|
||||
friendlyName: t("resources"),
|
||||
header: () => <span className="p-3">{t("resources")}</span>,
|
||||
cell: ({ row }) => {
|
||||
const siteRow = row.original;
|
||||
return (
|
||||
<Button
|
||||
type="button"
|
||||
variant="ghost"
|
||||
size="sm"
|
||||
onClick={() => setResourcesDialogSite(siteRow)}
|
||||
className="flex h-8 items-center gap-2 px-0 font-normal"
|
||||
>
|
||||
<span className="text-sm tabular-nums">
|
||||
{siteRow.resourceCount} {t("resources")}
|
||||
</span>
|
||||
<ChevronDown className="h-3 w-3 shrink-0" />
|
||||
</Button>
|
||||
);
|
||||
}
|
||||
},
|
||||
{
|
||||
accessorKey: "exitNode",
|
||||
friendlyName: t("exitNode"),
|
||||
@@ -481,7 +445,7 @@ export default function PendingSitesTable({
|
||||
disabled={isApproving || isRejecting}
|
||||
onClick={() => {
|
||||
setSelectedSite(siteRow);
|
||||
setIsRejectModalOpen(true);
|
||||
setIsDeleteModalOpen(true);
|
||||
}}
|
||||
>
|
||||
<X className="mr-2 w-4 h-4" />
|
||||
@@ -527,63 +491,25 @@ export default function PendingSitesTable({
|
||||
|
||||
return (
|
||||
<>
|
||||
<Credenza
|
||||
open={Boolean(resourcesDialogSite)}
|
||||
onOpenChange={(open) => {
|
||||
if (!open) setResourcesDialogSite(null);
|
||||
}}
|
||||
>
|
||||
<CredenzaContent className="md:max-w-7xl">
|
||||
<CredenzaHeader>
|
||||
<CredenzaTitle>{t("siteResourcesTab")}</CredenzaTitle>
|
||||
<CredenzaDescription>
|
||||
{t("siteResourcesDialogDescription")}
|
||||
</CredenzaDescription>
|
||||
</CredenzaHeader>
|
||||
<CredenzaBody>
|
||||
{resourcesDialogSite != null && (
|
||||
<SiteResourcesOverview
|
||||
orgIdOverride={orgId}
|
||||
siteId={resourcesDialogSite.id}
|
||||
initialPublicData={null}
|
||||
initialPrivateData={null}
|
||||
initialPublicForbidden={false}
|
||||
initialPrivateForbidden={false}
|
||||
showViewAllLinks={false}
|
||||
/>
|
||||
)}
|
||||
</CredenzaBody>
|
||||
<CredenzaFooter>
|
||||
<Button
|
||||
type="button"
|
||||
variant="outline"
|
||||
onClick={() => setResourcesDialogSite(null)}
|
||||
>
|
||||
{t("close")}
|
||||
</Button>
|
||||
</CredenzaFooter>
|
||||
</CredenzaContent>
|
||||
</Credenza>
|
||||
|
||||
{selectedSite && (
|
||||
<ConfirmDeleteDialog
|
||||
open={isRejectModalOpen}
|
||||
open={isDeleteModalOpen}
|
||||
setOpen={(val) => {
|
||||
setIsRejectModalOpen(val);
|
||||
setIsDeleteModalOpen(val);
|
||||
if (!val) {
|
||||
setSelectedSite(null);
|
||||
}
|
||||
}}
|
||||
dialog={
|
||||
<div className="space-y-2">
|
||||
<p>{t("siteQuestionReject")}</p>
|
||||
<p>{t("siteMessageReject")}</p>
|
||||
<p>{t("siteQuestionRemove")}</p>
|
||||
<p>{t("siteMessageRemove")}</p>
|
||||
</div>
|
||||
}
|
||||
buttonText={t("siteConfirmReject")}
|
||||
buttonText={t("siteConfirmDelete")}
|
||||
onConfirm={async () => rejectSite(selectedSite.id)}
|
||||
string={selectedSite.name}
|
||||
title={t("siteReject")}
|
||||
title={t("siteDelete")}
|
||||
/>
|
||||
)}
|
||||
<ControlledDataTable
|
||||
|
||||
@@ -55,7 +55,6 @@ function getActionsCategories(root: boolean) {
|
||||
[t("actionGetSite")]: "getSite",
|
||||
[t("actionListSites")]: "listSites",
|
||||
[t("actionUpdateSite")]: "updateSite",
|
||||
[t("actionUpdateSiteApprovals")]: "updateSiteApprovals",
|
||||
[t("actionListSiteRoles")]: "listSiteRoles"
|
||||
},
|
||||
|
||||
@@ -79,8 +78,7 @@ function getActionsCategories(root: boolean) {
|
||||
[t("actionGetSiteResource")]: "getSiteResource",
|
||||
[t("actionListSiteResources")]: "listSiteResources",
|
||||
[t("actionUpdateSiteResource")]: "updateSiteResource",
|
||||
[t("actionCreateResourceSessionToken")]:
|
||||
"createResourceSessionToken"
|
||||
[t("actionCreateResourceSessionToken")]: "createResourceSessionToken"
|
||||
},
|
||||
|
||||
Target: {
|
||||
|
||||
@@ -23,7 +23,6 @@ import {
|
||||
PopoverContent,
|
||||
PopoverTrigger
|
||||
} from "@app/components/ui/popover";
|
||||
import { Switch } from "@app/components/ui/switch";
|
||||
import { useEnvContext } from "@app/hooks/useEnvContext";
|
||||
import { useNavigationContext } from "@app/hooks/useNavigationContext";
|
||||
import { useOptimisticLabels } from "@app/hooks/useOptimisticLabels";
|
||||
@@ -37,9 +36,7 @@ import { getPrivateResourceSettingsHref } from "@app/lib/launcherResourceAdminHr
|
||||
import { getNextSortOrder, getSortDirection } from "@app/lib/sortColumn";
|
||||
import { build } from "@server/build";
|
||||
import { tierMatrix } from "@server/lib/billing/tierMatrix";
|
||||
import { UpdateSiteResourceResponse } from "@server/routers/siteResource";
|
||||
import type { PaginationState } from "@tanstack/react-table";
|
||||
import { AxiosResponse } from "axios";
|
||||
import {
|
||||
ArrowDown01Icon,
|
||||
ArrowRight,
|
||||
@@ -52,17 +49,8 @@ import {
|
||||
import { useTranslations } from "next-intl";
|
||||
import Link from "next/link";
|
||||
import { useRouter } from "next/navigation";
|
||||
import {
|
||||
startTransition,
|
||||
useMemo,
|
||||
useOptimistic,
|
||||
useRef,
|
||||
useState,
|
||||
useTransition,
|
||||
type ComponentRef
|
||||
} from "react";
|
||||
import { startTransition, useMemo, useState, useTransition } from "react";
|
||||
import { useDebouncedCallback } from "use-debounce";
|
||||
import z from "zod";
|
||||
import { ColumnFilterButton } from "./ColumnFilterButton";
|
||||
import { LabelColumnFilterButton } from "./LabelColumnFilterButton";
|
||||
import { LabelsTableCell } from "./LabelsTableCell";
|
||||
@@ -126,11 +114,6 @@ function isSafeUrlForLink(href: string): boolean {
|
||||
}
|
||||
}
|
||||
|
||||
const booleanSearchFilterSchema = z
|
||||
.enum(["true", "false"])
|
||||
.optional()
|
||||
.catch(undefined);
|
||||
|
||||
type ClientResourcesTableProps = {
|
||||
internalResources: InternalResourceRow[];
|
||||
orgId: string;
|
||||
@@ -191,30 +174,6 @@ export default function PrivateResourcesTable({
|
||||
});
|
||||
};
|
||||
|
||||
async function toggleInternalResourceEnabled(
|
||||
val: boolean,
|
||||
resourceId: number
|
||||
) {
|
||||
try {
|
||||
await api.post<AxiosResponse<UpdateSiteResourceResponse>>(
|
||||
`site-resource/${resourceId}`,
|
||||
{
|
||||
enabled: val
|
||||
}
|
||||
);
|
||||
router.refresh();
|
||||
} catch (e) {
|
||||
toast({
|
||||
variant: "destructive",
|
||||
title: t("resourcesErrorUpdate"),
|
||||
description: formatAxiosError(
|
||||
e,
|
||||
t("resourcesErrorUpdateDescription")
|
||||
)
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
const deleteInternalResource = async (
|
||||
resourceId: number,
|
||||
siteId: number
|
||||
@@ -470,36 +429,6 @@ export default function PrivateResourcesTable({
|
||||
);
|
||||
}
|
||||
},
|
||||
{
|
||||
accessorKey: "enabled",
|
||||
friendlyName: t("enabled"),
|
||||
header: () => (
|
||||
<ColumnFilterButton
|
||||
options={[
|
||||
{ value: "true", label: t("enabled") },
|
||||
{ value: "false", label: t("disabled") }
|
||||
]}
|
||||
selectedValue={booleanSearchFilterSchema.parse(
|
||||
searchParams.get("enabled")
|
||||
)}
|
||||
onValueChange={(value) =>
|
||||
handleFilterChange("enabled", value)
|
||||
}
|
||||
searchPlaceholder={t("searchPlaceholder")}
|
||||
emptyMessage={t("emptySearchOptions")}
|
||||
label={t("enabled")}
|
||||
className="p-3"
|
||||
/>
|
||||
),
|
||||
cell: ({ row }) => (
|
||||
<InternalResourceEnabledForm
|
||||
resource={row.original}
|
||||
onToggleInternalResourceEnabled={
|
||||
toggleInternalResourceEnabled
|
||||
}
|
||||
/>
|
||||
)
|
||||
},
|
||||
{
|
||||
id: "labels",
|
||||
accessorKey: "labels",
|
||||
@@ -714,39 +643,3 @@ function ClientResourceLabelCell({
|
||||
/>
|
||||
);
|
||||
}
|
||||
|
||||
type InternalResourceEnabledFormProps = {
|
||||
resource: InternalResourceRow;
|
||||
onToggleInternalResourceEnabled: (
|
||||
val: boolean,
|
||||
resourceId: number
|
||||
) => Promise<void>;
|
||||
};
|
||||
|
||||
function InternalResourceEnabledForm({
|
||||
resource,
|
||||
onToggleInternalResourceEnabled
|
||||
}: InternalResourceEnabledFormProps) {
|
||||
const [optimisticEnabled, setOptimisticEnabled] = useOptimistic(
|
||||
resource.enabled
|
||||
);
|
||||
|
||||
const formRef = useRef<ComponentRef<"form">>(null);
|
||||
|
||||
async function submitAction(formData: FormData) {
|
||||
const newEnabled = !(formData.get("enabled") === "on");
|
||||
setOptimisticEnabled(newEnabled);
|
||||
await onToggleInternalResourceEnabled(newEnabled, resource.id);
|
||||
}
|
||||
|
||||
return (
|
||||
<form action={submitAction} ref={formRef}>
|
||||
<Switch
|
||||
checked={optimisticEnabled}
|
||||
disabled={optimisticEnabled !== resource.enabled}
|
||||
name="enabled"
|
||||
onCheckedChange={() => formRef.current?.requestSubmit()}
|
||||
/>
|
||||
</form>
|
||||
);
|
||||
}
|
||||
|
||||
@@ -174,8 +174,8 @@ type OverviewRow = {
|
||||
type OverviewColumnProps = {
|
||||
title: string;
|
||||
description: string;
|
||||
viewAllHref?: string;
|
||||
viewAllLabel?: string;
|
||||
viewAllHref: string;
|
||||
viewAllLabel: string;
|
||||
emptyLabel: string;
|
||||
isForbidden: boolean;
|
||||
isFetching: boolean;
|
||||
@@ -212,14 +212,12 @@ function OverviewColumn({
|
||||
{description}
|
||||
</p>
|
||||
</div>
|
||||
{viewAllHref && viewAllLabel ? (
|
||||
<Link
|
||||
href={viewAllHref}
|
||||
className="shrink-0 text-muted-foreground text-sm hover:underline"
|
||||
>
|
||||
{viewAllLabel}
|
||||
</Link>
|
||||
) : null}
|
||||
<Link
|
||||
href={viewAllHref}
|
||||
className="shrink-0 text-muted-foreground text-sm hover:underline"
|
||||
>
|
||||
{viewAllLabel}
|
||||
</Link>
|
||||
</div>
|
||||
</div>
|
||||
);
|
||||
@@ -321,8 +319,6 @@ type SiteResourcesOverviewProps = {
|
||||
initialPrivateForbidden: boolean;
|
||||
/** When not under `/[orgId]/...` routes, pass org id explicitly (e.g. credenza on sites list). */
|
||||
orgIdOverride?: string;
|
||||
/** When false, hides links to the org resources tables filtered by this site. */
|
||||
showViewAllLinks?: boolean;
|
||||
};
|
||||
|
||||
export default function SiteResourcesOverview({
|
||||
@@ -331,8 +327,7 @@ export default function SiteResourcesOverview({
|
||||
initialPrivateData,
|
||||
initialPublicForbidden,
|
||||
initialPrivateForbidden,
|
||||
orgIdOverride,
|
||||
showViewAllLinks = true
|
||||
orgIdOverride
|
||||
}: SiteResourcesOverviewProps) {
|
||||
const t = useTranslations();
|
||||
const params = useParams<{ orgId: string }>();
|
||||
@@ -472,10 +467,8 @@ export default function SiteResourcesOverview({
|
||||
key="public"
|
||||
title={t("siteResourcesSectionPublic")}
|
||||
description={t("siteResourcesSectionPublicDescription")}
|
||||
viewAllHref={showViewAllLinks ? publicViewAllHref : undefined}
|
||||
viewAllLabel={
|
||||
showViewAllLinks ? t("siteResourcesViewAllPublic") : undefined
|
||||
}
|
||||
viewAllHref={publicViewAllHref}
|
||||
viewAllLabel={t("siteResourcesViewAllPublic")}
|
||||
emptyLabel={t("siteResourcesEmptyPublic")}
|
||||
isForbidden={publicForbidden}
|
||||
isFetching={publicQuery.isFetching}
|
||||
@@ -491,10 +484,8 @@ export default function SiteResourcesOverview({
|
||||
key="private"
|
||||
title={t("siteResourcesSectionPrivate")}
|
||||
description={t("siteResourcesSectionPrivateDescription")}
|
||||
viewAllHref={showViewAllLinks ? privateViewAllHref : undefined}
|
||||
viewAllLabel={
|
||||
showViewAllLinks ? t("siteResourcesViewAllPrivate") : undefined
|
||||
}
|
||||
viewAllHref={privateViewAllHref}
|
||||
viewAllLabel={t("siteResourcesViewAllPrivate")}
|
||||
emptyLabel={t("siteResourcesEmptyPrivate")}
|
||||
isForbidden={privateForbidden}
|
||||
isFetching={privateQuery.isFetching}
|
||||
|
||||
@@ -165,6 +165,7 @@ export function buildCreateSiteResourcePayload(
|
||||
siteIds: data.siteIds,
|
||||
mode: data.mode,
|
||||
destination: isNativeSsh ? undefined : (data.destination ?? undefined),
|
||||
enabled: true,
|
||||
...(data.mode === "http" && {
|
||||
scheme: data.scheme,
|
||||
ssl: data.ssl ?? false,
|
||||
@@ -341,8 +342,7 @@ export function createGeneralFormSchema(t: TranslateFn) {
|
||||
.string()
|
||||
.min(1)
|
||||
.max(255)
|
||||
.regex(/^[a-zA-Z0-9-]+$/),
|
||||
enabled: z.boolean()
|
||||
.regex(/^[a-zA-Z0-9-]+$/)
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user