diff --git a/server/lib/rebuildSiteClientAssociations.ts b/server/lib/rebuildSiteClientAssociations.ts index 5eee9077..bae7e436 100644 --- a/server/lib/rebuildSiteClientAssociations.ts +++ b/server/lib/rebuildSiteClientAssociations.ts @@ -70,34 +70,45 @@ export async function rebuildSiteClientAssociations( .where(inArray(userOrgs.roleId, roleIds)) .then((rows) => rows.map((row) => row.userId)); - const allUserIds = Array.from( + const newAllUserIds = Array.from( new Set([...directUserIds, ...userIdsFromRoles]) ); - const allClients = await trx + const newAllClients = await trx .select({ clientId: clients.clientId, pubKey: clients.pubKey, subnet: clients.subnet }) .from(clients) - .where(inArray(clients.userId, allUserIds)); + .where(inArray(clients.userId, newAllUserIds)); - const allClientIds = allClients.map((client) => client.clientId); + const newAllClientIds = newAllClients.map((client) => client.clientId); - const existingClientSiteIds = await trx + const existingClientSites = await trx .select({ clientId: clientSites.clientId }) .from(clientSites) - .where(eq(clientSites.siteId, siteId)) - .then((rows) => rows.map((row) => row.clientId)); + .where(eq(clientSites.siteId, siteId)); - const clientSitesToAdd = allClientIds.filter( + const existingClientSiteIds = existingClientSites.map((row) => row.clientId); + + // Get full client details for existing clients (needed for sending delete messages) + const existingClients = await trx + .select({ + clientId: clients.clientId, + pubKey: clients.pubKey, + subnet: clients.subnet + }) + .from(clients) + .where(inArray(clients.clientId, existingClientSiteIds)); + + const clientSitesToAdd = newAllClientIds.filter( (clientId) => !existingClientSiteIds.includes(clientId) ); - const clientSitesToInsert = allClientIds + const clientSitesToInsert = newAllClientIds .filter((clientId) => !existingClientSiteIds.includes(clientId)) .map((clientId) => ({ clientId, @@ -110,7 +121,7 @@ export async function rebuildSiteClientAssociations( // Now remove any client-site associations that should no longer exist const clientSitesToRemove = existingClientSiteIds.filter( - (clientId) => !allClientIds.includes(clientId) + (clientId) => !newAllClientIds.includes(clientId) ); if (clientSitesToRemove.length > 0) { @@ -128,7 +139,8 @@ export async function rebuildSiteClientAssociations( await handleMessagesForSiteClients( site, siteId, - allClients, + newAllClients, + existingClients, clientSitesToAdd, clientSitesToRemove, trx @@ -143,6 +155,11 @@ async function handleMessagesForSiteClients( pubKey: string | null; subnet: string | null; }[], + existingClients: { + clientId: number; + pubKey: string | null; + subnet: string | null; + }[], clientSitesToAdd: number[], clientSitesToRemove: number[], trx: Transaction | typeof db = db @@ -192,7 +209,29 @@ async function handleMessagesForSiteClients( let newtJobs: Promise[] = []; let olmJobs: Promise[] = []; let exitNodeJobs: Promise[] = []; + + // Combine all clients that need processing (those being added or removed) + const clientsToProcess = new Map(); + + // Add clients that are being added (from newAllClients) for (const client of allClients) { + if (clientSitesToAdd.includes(client.clientId)) { + clientsToProcess.set(client.clientId, client); + } + } + + // Add clients that are being removed (from existingClients) + for (const client of existingClients) { + if (clientSitesToRemove.includes(client.clientId)) { + clientsToProcess.set(client.clientId, client); + } + } + + for (const client of clientsToProcess.values()) { // UPDATE THE NEWT if (!client.subnet || !client.pubKey) { logger.debug("Client subnet, pubKey or endpoint is not set"); @@ -245,7 +284,7 @@ async function handleMessagesForSiteClients( siteId, { publicKey: client.pubKey, - allowedIps: [`${client.subnet.split("/")[-1]}/32`], // we want to only allow from that client + allowedIps: [`${client.subnet.split("/")[0]}/32`], // we want to only allow from that client // endpoint: isRelayed ? "" : clientSite.endpoint endpoint: isRelayed ? "" : "" // we are not HPing yet so no endpoint }, @@ -318,7 +357,7 @@ export async function updateClientSiteDestinations( } if (!site.clientSites.endpoint) { - logger.warn(`Site ${site.sites.siteId} has no endpoint, skipping`); + logger.warn(`Site ${site.sites.siteId} has no endpoint, skipping`); // if this is a new association the endpoint is not set yet // TODO: FIX THIS continue; } diff --git a/server/routers/siteResource/deleteSiteResource.ts b/server/routers/siteResource/deleteSiteResource.ts index bbd84233..c5dc7c18 100644 --- a/server/routers/siteResource/deleteSiteResource.ts +++ b/server/routers/siteResource/deleteSiteResource.ts @@ -72,7 +72,13 @@ export async function deleteSiteResource( const [existingSiteResource] = await db .select() .from(siteResources) - .where(and(eq(siteResources.siteResourceId, siteResourceId))) + .where( + and( + eq(siteResources.siteResourceId, siteResourceId), + eq(siteResources.siteId, siteId), + eq(siteResources.orgId, orgId) + ) + ) .limit(1); if (!existingSiteResource) {