Handle backward compatability

2026-06-10 17:43:15 +00:00 · 2026-06-08 21:11:57 -07:00
parent 9a7e534b10
commit 5a575c916b
3 changed files with 36 additions and 11 deletions
--- a/server/private/routers/hybrid.ts
+++ b/server/private/routers/hybrid.ts
@@ -79,7 +79,10 @@ import logger from "@server/logger";
 import { decrypt } from "@server/lib/crypto";
 import config from "@server/lib/config";
 import { exchangeSession } from "@server/routers/badger";
-import { validateResourceSessionToken } from "@server/auth/sessions/resource";
+import {
+    ResourceSessionValidationResult,
+    validateResourceSessionToken
+} from "@server/auth/sessions/resource";
 import { checkExitNodeOrg, resolveExitNodes } from "#private/lib/exitNodes";
 import { maxmindLookup } from "@server/db/maxmind";
 import { verifyResourceAccessToken } from "@server/auth/verifyResourceAccessToken";
@@ -1754,11 +1757,34 @@ hybridRouter.post(
                resourceId
            );

+            // this is for backward compatibility with nodes that did not have the policy id checking
+            const modifiedResult: ResourceSessionValidationResult = {
+                ...result,
+                resourceSession: result.resourceSession
+                    ? {
+                          ...result.resourceSession,
+                          // Prefer policy IDs, but keep legacy IDs populated for older nodes.
+                          pincodeId:
+                              result.resourceSession.policyPincodeId ??
+                              result.resourceSession.pincodeId ??
+                              null,
+                          passwordId:
+                              result.resourceSession.policyPasswordId ??
+                              result.resourceSession.passwordId ??
+                              null,
+                          whitelistId:
+                              result.resourceSession.policyWhitelistId ??
+                              result.resourceSession.whitelistId ??
+                              null
+                      }
+                    : null
+            };
+
            return response(res, {
-                data: result,
+                data: modifiedResult,
                success: true,
                error: false,
-                message: result.resourceSession
+                message: modifiedResult.resourceSession
                    ? "Resource session token is valid"
                    : "Resource session token is invalid or expired",
                status: HttpCode.OK
--- a/server/routers/badger/verifySession.ts
+++ b/server/routers/badger/verifySession.ts
@@ -20,7 +20,8 @@ import {
    ResourcePolicyPincode,
    ResourcePolicyPassword,
    ResourcePolicyHeaderAuth,
-    ResourceRule
+    ResourceRule,
+    ResourceSession
 } from "@server/db";
 import config from "@server/lib/config";
 import { isIpInCidr, stripPortFromHost } from "@server/lib/ip";
@@ -536,7 +537,8 @@ export async function verifyResourceSession(

        if (resourceSessionToken) {
            const sessionCacheKey = `session:${resourceSessionToken}`;
-            let resourceSession: any = localCache.get(sessionCacheKey);
+            let resourceSession: ResourceSession | null | undefined =
+                localCache.get(sessionCacheKey);

            if (!resourceSession) {
                const result = await validateResourceSessionToken(
@@ -671,7 +673,7 @@ export async function verifyResourceSession(
                            orgId: resource.orgId,
                            location: ipCC,
                            apiKey: {
-                                name: resourceSession.accessTokenTitle,
+                                name: null,
                                apiKeyId: resourceSession.accessTokenId
                            }
                        },
@@ -717,7 +719,7 @@ export async function verifyResourceSession(
                                location: ipCC,
                                user: {
                                    username: allowedUserData.username,
-                                    userId: resourceSession.userId
+                                    userId: allowedUserData.userId
                                }
                            },
                            parsedBody.data
--- a/src/app/[orgId]/settings/resources/private/page.tsx
+++ b/src/app/[orgId]/settings/resources/private/page.tsx
@@ -108,10 +108,7 @@ export default async function ClientResourcesPage(
                    siteNiceId: siteResource.siteNiceIds[idx],
                    online: siteResource.siteOnlines[idx]
                })),
-                mode:
-                    siteResource.pamMode && siteResource.mode === "host"
-                        ? "ssh"
-                        : siteResource.mode,
+                mode: siteResource.mode,
                scheme: siteResource.scheme,
                ssl: siteResource.ssl,
                siteNames: siteResource.siteNames,