calvin.erfmann/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-06-26 17:19:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

support delete resources associated with site

Browse Source
This commit is contained in:
miloschwartz
2026-06-24 17:45:44 -04:00
parent 6fe4eee336
commit 4eba51de72
9 changed files with 507 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

93
server/routers/resource/deleteResource.ts
View File

@@ -1,13 +1,4 @@
import { eq, inArray } from "drizzle-orm";
import {
db,
newts,
resourcePolicies,
resources,
sites,
targetHealthCheck,
targets
} from "@server/db";
import { db } from "@server/db";
import response from "@server/lib/response";
import logger from "@server/logger";
import { OpenAPITags, registry } from "@server/openApi";
@@ -16,9 +7,11 @@ import { NextFunction, Request, Response } from "express";
import createHttpError from "http-errors";
import { z } from "zod";
import { fromError } from "zod-validation-error";
import { removeTargets } from "../newt/targets";
import {
performDeleteResource,
runResourceDeleteSideEffects
} from "@server/lib/deleteResource";
// Define Zod schema for request parameters validation
const deleteResourceSchema = z.strictObject({
resourceId: z.coerce.number().int().positive()
});
@@ -67,27 +60,13 @@ export async function deleteResource(
const { resourceId } = parsedParams.data;
const targetsToBeRemoved = await db
.select()
.from(targets)
.where(eq(targets.resourceId, resourceId));
let deleteResult = null;
const healthChecksToBeRemoved = await db
.select()
.from(targetHealthCheck)
.where(
inArray(
targetHealthCheck.targetId,
targetsToBeRemoved.map((t) => t.targetId)
)
);
await db.transaction(async (trx) => {
deleteResult = await performDeleteResource(resourceId, trx);
});
const [deletedResource] = await db
.delete(resources)
.where(eq(resources.resourceId, resourceId))
.returning();
if (!deletedResource) {
if (!deleteResult) {
return next(
createHttpError(
HttpCode.NOT_FOUND,
@@ -96,54 +75,7 @@ export async function deleteResource(
);
}
for (const target of targetsToBeRemoved) {
const [site] = await db
.select()
.from(sites)
.where(eq(sites.siteId, target.siteId))
.limit(1);
if (!site) {
return next(
createHttpError(
HttpCode.NOT_FOUND,
`Site with ID ${target.siteId} not found`
)
);
}
if (site.pubKey) {
if (site.type == "newt") {
// get the newt on the site by querying the newt table for siteId
const [newt] = await db
.select()
.from(newts)
.where(eq(newts.siteId, site.siteId))
.limit(1);
await removeTargets(
newt.newtId,
// [target],
[], // deleting the target from newt causes issues because we cant unbind the port. this needs to be fixed in newt before we can do this
healthChecksToBeRemoved,
deletedResource.mode === "udp" ? "udp" : "tcp",
newt.version
);
}
}
}
// Also delete default resource policy
if (deletedResource.defaultResourcePolicyId) {
await db
.delete(resourcePolicies)
.where(
eq(
resourcePolicies.resourcePolicyId,
deletedResource.defaultResourcePolicyId
)
);
}
await runResourceDeleteSideEffects(deleteResult);
return response(res, {
data: null,
@@ -154,6 +86,9 @@ export async function deleteResource(
});
} catch (error) {
logger.error(error);
if (createHttpError.isHttpError(error)) {
return next(error);
}
return next(
createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
);

98
server/routers/site/deleteSite.ts
View File

@@ -14,18 +14,41 @@ import { OpenAPITags, registry } from "@server/openApi";
import { cleanupSiteAssociations } from "@server/lib/rebuildClientAssociations";
import { usageService } from "@server/lib/billing/usageService";
import { FeatureId } from "@server/lib/billing";
import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions";
import {
deleteAssociatedResourcesForSite,
exceedsSiteAssociatedResourceDeleteLimit,
getAssociatedResourceCountForSite,
runDeleteSiteAssociatedResourcesSideEffects,
MAX_SITE_ASSOCIATED_RESOURCES_FOR_BULK_DELETE,
type DeleteSiteAssociatedResourcesSideEffects
} from "@server/lib/deleteSiteAssociatedResources";
const deleteSiteSchema = z.strictObject({
siteId: z.coerce.number().int().positive()
});
const deleteSiteQuerySchema = z.strictObject({
deleteResources: z
.enum(["true", "false"])
.transform((v) => v === "true")
.optional()
.catch(false)
.openapi({
type: "boolean",
description:
"When true, also deletes all public and private resources associated with this site"
})
});
registry.registerPath({
method: "delete",
path: "/site/{siteId}",
description: "Delete a site and all its associated data.",
tags: [OpenAPITags.Site],
request: {
params: deleteSiteSchema
params: deleteSiteSchema,
query: deleteSiteQuerySchema
},
responses: {
200: {
@@ -61,7 +84,18 @@ export async function deleteSite(
);
}
const parsedQuery = deleteSiteQuerySchema.safeParse(req.query);
if (!parsedQuery.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedQuery.error).toString()
)
);
}
const { siteId } = parsedParams.data;
const { deleteResources } = parsedQuery.data;
const [site] = await db
.select()
@@ -78,20 +112,67 @@ export async function deleteSite(
);
}
if (deleteResources) {
const canDeletePublic = await checkUserActionPermission(
ActionsEnum.deleteResource,
req
);
const canDeletePrivate = await checkUserActionPermission(
ActionsEnum.deleteSiteResource,
req
);
if (!canDeletePublic || !canDeletePrivate) {
return next(
createHttpError(
HttpCode.FORBIDDEN,
"User does not have permission to delete associated resources"
)
);
}
const associatedResourceCount =
await getAssociatedResourceCountForSite(siteId, site.orgId);
if (
exceedsSiteAssociatedResourceDeleteLimit(
associatedResourceCount
)
) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
`Cannot delete site and associated resources when the site has more than ${MAX_SITE_ASSOCIATED_RESOURCES_FOR_BULK_DELETE} resources`
)
);
}
}
const [deletedNewt] = await db
.select()
.from(newts)
.where(eq(newts.siteId, siteId))
.limit(1);
let resourceSideEffects: DeleteSiteAssociatedResourcesSideEffects = {
resources: [],
siteResources: []
};
await db.transaction(async (trx) => {
if (deleteResources) {
resourceSideEffects = await deleteAssociatedResourcesForSite(
siteId,
site.orgId,
trx
);
}
if (site.type == "wireguard") {
if (site.pubKey) {
await deletePeer(site.exitNodeId!, site.pubKey);
}
} else if (site.type == "newt") {
// Clean up all client associations and send peer/proxy removal
// messages in a single efficient pass before deleting the row.
await cleanupSiteAssociations(site, trx);
}
@@ -99,13 +180,17 @@ export async function deleteSite(
await usageService.add(site.orgId, FeatureId.SITES, -1, trx);
});
// Send termination message outside of transaction to prevent blocking
if (deleteResources) {
await runDeleteSiteAssociatedResourcesSideEffects(
resourceSideEffects
);
}
if (deletedNewt) {
const payload = {
type: `newt/wg/terminate`,
data: {}
};
// Don't await this to prevent blocking the response
sendToClient(deletedNewt.newtId, payload).catch((error) => {
logger.error(
"Failed to send termination message to newt:",
@@ -123,6 +208,9 @@ export async function deleteSite(
});
} catch (error) {
logger.error(error);
if (createHttpError.isHttpError(error)) {
return next(error);
}
return next(
createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
);

45
server/routers/siteResource/deleteSiteResource.ts
View File

@@ -1,15 +1,17 @@
import { Request, Response, NextFunction } from "express";
import { z } from "zod";
import { db, newts, primaryDb, sites } from "@server/db";
import { siteResources } from "@server/db";
import { db, siteResources } from "@server/db";
import response from "@server/lib/response";
import HttpCode from "@server/types/HttpCode";
import createHttpError from "http-errors";
import { eq, and } from "drizzle-orm";
import { eq } from "drizzle-orm";
import { fromError } from "zod-validation-error";
import logger from "@server/logger";
import { OpenAPITags, registry } from "@server/openApi";
import { rebuildClientAssociationsFromSiteResource } from "@server/lib/rebuildClientAssociations";
import {
performDeleteSiteResource,
runSiteResourceDeleteSideEffects
} from "@server/lib/deleteSiteResource";
const deleteSiteResourceParamsSchema = z.strictObject({
siteResourceId: z.coerce.number().int().positive()
@@ -65,11 +67,10 @@ export async function deleteSiteResource(
const { siteResourceId } = parsedParams.data;
// Check if site resource exists
const [existingSiteResource] = await db
.select()
.from(siteResources)
.where(and(eq(siteResources.siteResourceId, siteResourceId)))
.where(eq(siteResources.siteResourceId, siteResourceId))
.limit(1);
if (!existingSiteResource) {
@@ -78,26 +79,22 @@ export async function deleteSiteResource(
);
}
// Delete the site resource
const [removedSiteResource] = await db
.delete(siteResources)
.where(eq(siteResources.siteResourceId, siteResourceId))
.returning();
let removedSiteResource = null;
// Run in the background after the response is sent. Wrapped in its
// own transaction so it always executes on the primary — avoiding any
// replica-lag issues while still allowing the HTTP response to return
// early.
rebuildClientAssociationsFromSiteResource(removedSiteResource).catch(
(err) => {
logger.error(
`Error rebuilding client associations for site resource ${removedSiteResource!.siteResourceId}:`,
err
);
}
);
await db.transaction(async (trx) => {
removedSiteResource = await performDeleteSiteResource(
siteResourceId,
trx
);
});
logger.info(`Deleted site resource ${siteResourceId}`);
if (!removedSiteResource) {
return next(
createHttpError(HttpCode.NOT_FOUND, "Site resource not found")
);
}
runSiteResourceDeleteSideEffects(removedSiteResource);
return response(res, {
data: { message: "Site resource deleted successfully" },