Merge branch 'dev' of https://github.com/fosrl/pangolin into dev

2026-01-28 22:00:51 +00:00 · 2025-12-19 17:06:57 -05:00
parent b5f8e8feb2 9bd66fa306
commit 5587bd9d59
9 changed files with 109 additions and 21 deletions
--- a/server/lib/ip.ts
+++ b/server/lib/ip.ts
@@ -301,6 +301,29 @@ export function isIpInCidr(ip: string, cidr: string): boolean {
    return ipBigInt >= range.start && ipBigInt <= range.end;
 }

+/**
+ * Checks if two CIDR ranges overlap
+ * @param cidr1 First CIDR string
+ * @param cidr2 Second CIDR string
+ * @returns boolean indicating if the two CIDRs overlap
+ */
+export function doCidrsOverlap(cidr1: string, cidr2: string): boolean {
+    const version1 = detectIpVersion(cidr1.split("/")[0]);
+    const version2 = detectIpVersion(cidr2.split("/")[0]);
+    if (version1 !== version2) {
+        // Different IP versions cannot overlap
+        return false;
+    }
+    const range1 = cidrToRange(cidr1);
+    const range2 = cidrToRange(cidr2);
+
+    // Overlap if the ranges intersect
+    return (
+        range1.start <= range2.end &&
+        range2.start <= range1.end
+    );
+}
+
 export async function getNextAvailableClientSubnet(
    orgId: string,
    transaction: Transaction | typeof db = db
--- a/server/lib/readConfigFile.ts
+++ b/server/lib/readConfigFile.ts
@@ -255,11 +255,11 @@ export const configSchema = z
        orgs: z
            .object({
                block_size: z.number().positive().gt(0).optional().default(24),
-                subnet_group: z.string().optional().default("100.90.128.0/24"),
+                subnet_group: z.string().optional().default("100.90.128.0/20"),
                utility_subnet_group: z
                    .string()
                    .optional()
-                    .default("100.96.128.0/24") //just hardcode this for now as well
+                    .default("100.96.128.0/20") //just hardcode this for now as well
            })
            .optional()
            .default({
--- a/server/routers/integration.ts
+++ b/server/routers/integration.ts
@@ -858,6 +858,22 @@ authenticated.put(
    blueprints.applyJSONBlueprint
 );

+
+authenticated.get(
+    "/org/:orgId/blueprint/:blueprintId",
+    verifyApiKeyOrgAccess,
+    verifyApiKeyHasAction(ActionsEnum.getBlueprint),
+    blueprints.getBlueprint
+);
+
+
+authenticated.get(
+    "/org/:orgId/blueprints",
+    verifyApiKeyOrgAccess,
+    verifyApiKeyHasAction(ActionsEnum.listBlueprints),
+    blueprints.listBlueprints
+);
+
 authenticated.get(
    "/org/:orgId/logs/request",
    verifyApiKeyOrgAccess,
--- a/server/routers/org/createOrg.ts
+++ b/server/routers/org/createOrg.ts
@@ -27,6 +27,7 @@ import { usageService } from "@server/lib/billing/usageService";
 import { FeatureId } from "@server/lib/billing";
 import { build } from "@server/build";
 import { calculateUserClientsForOrgs } from "@server/lib/calculateUserClientsForOrgs";
+import { doCidrsOverlap } from "@server/lib/ip";

 const createOrgSchema = z.strictObject({
    orgId: z.string(),
@@ -36,6 +37,11 @@ const createOrgSchema = z.strictObject({
        .union([z.cidrv4()]) // for now lets just do ipv4 until we verify ipv6 works everywhere
        .refine((val) => isValidCIDR(val), {
            message: "Invalid subnet CIDR"
+        }),
+    utilitySubnet: z
+        .union([z.cidrv4()]) // for now lets just do ipv4 until we verify ipv6 works everywhere
+        .refine((val) => isValidCIDR(val), {
+            message: "Invalid utility subnet CIDR"
        })
 });

@@ -84,7 +90,7 @@ export async function createOrg(
            );
        }

-        const { orgId, name, subnet } = parsedBody.data;
+        const { orgId, name, subnet, utilitySubnet } = parsedBody.data;

        // TODO: for now we are making all of the orgs the same subnet
        // make sure the subnet is unique
@@ -119,6 +125,15 @@ export async function createOrg(
            );
        }

+        if (doCidrsOverlap(subnet, utilitySubnet)) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    `Subnet ${subnet} overlaps with utility subnet ${utilitySubnet}`
+                )
+            );
+        }
+
        let error = "";
        let org: Org | null = null;

@@ -128,9 +143,6 @@ export async function createOrg(
                .from(domains)
                .where(eq(domains.configManaged, true));

-            const utilitySubnet =
-                config.getRawConfig().orgs.utility_subnet_group;
-
            const newOrg = await trx
                .insert(orgs)
                .values({
--- a/server/routers/org/pickOrgDefaults.ts
+++ b/server/routers/org/pickOrgDefaults.ts
@@ -8,6 +8,7 @@ import config from "@server/lib/config";

 export type PickOrgDefaultsResponse = {
    subnet: string;
+    utilitySubnet: string;
 };

 export async function pickOrgDefaults(
@@ -20,10 +21,13 @@ export async function pickOrgDefaults(
        // const subnet = await getNextAvailableOrgSubnet();
        // Just hard code the subnet for now for everyone
        const subnet = config.getRawConfig().orgs.subnet_group;
+        const utilitySubnet =
+            config.getRawConfig().orgs.utility_subnet_group;

        return response<PickOrgDefaultsResponse>(res, {
            data: {
-                subnet: subnet
+                subnet: subnet,
+                utilitySubnet: utilitySubnet
            },
            success: true,
            error: false,