From dce84b9b092bf87b4bda66741cdbf29e39d321e1 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Sun, 19 Oct 2025 17:58:52 -0700
Subject: [PATCH 01/69] Add action audit middleware and tables

---
 server/db/pg/schema/privateSchema.ts         | 20 ++++-
 server/db/sqlite/schema/privateSchema.ts     | 21 ++++-
 server/private/middlewares/index.ts          |  2 +-
 server/private/middlewares/logActionAudit.ts | 88 ++++++++++++++++++++
 4 files changed, 128 insertions(+), 3 deletions(-)
 create mode 100644 server/private/middlewares/logActionAudit.ts

diff --git a/server/db/pg/schema/privateSchema.ts b/server/db/pg/schema/privateSchema.ts
index 67fb28ec..f33b88e1 100644
--- a/server/db/pg/schema/privateSchema.ts
+++ b/server/db/pg/schema/privateSchema.ts
@@ -6,7 +6,8 @@ import {
     integer,
     bigint,
     real,
-    text
+    text,
+    index
 } from "drizzle-orm/pg-core";
 import { InferSelectModel } from "drizzle-orm";
 import { domains, orgs, targets, users, exitNodes, sessions } from "./schema";
@@ -213,6 +214,22 @@ export const sessionTransferToken = pgTable("sessionTransferToken", {
     expiresAt: bigint("expiresAt", { mode: "number" }).notNull()
 });
 
+export const actionAuditLog = pgTable("actionAuditLog", {
+    id: serial("id").primaryKey(),
+    timestamp: bigint("timestamp", { mode: "number" }).notNull(), // this is EPOCH time in seconds
+    orgId: varchar("orgId")
+        .notNull()
+        .references(() => orgs.orgId, { onDelete: "cascade" }),
+    actorType: varchar("actorType", { length: 50 }).notNull(),
+    actor: varchar("actor", { length: 255 }).notNull(),
+    actorId: varchar("actorId", { length: 255 }).notNull(),
+    action: varchar("action", { length: 100 }).notNull(),
+    metadata: text("metadata")
+}, (table) => ([
+    index("idx_actionAuditLog_timestamp").on(table.timestamp),
+    index("idx_actionAuditLog_org_timestamp").on(table.orgId, table.timestamp)
+]));
+
 export type Limit = InferSelectModel<typeof limits>;
 export type Account = InferSelectModel<typeof account>;
 export type Certificate = InferSelectModel<typeof certificates>;
@@ -230,3 +247,4 @@ export type RemoteExitNodeSession = InferSelectModel<
 >;
 export type ExitNodeOrg = InferSelectModel<typeof exitNodeOrgs>;
 export type LoginPage = InferSelectModel<typeof loginPage>;
+export type ActionAuditLog = InferSelectModel<typeof actionAuditLog>;
\ No newline at end of file
diff --git a/server/db/sqlite/schema/privateSchema.ts b/server/db/sqlite/schema/privateSchema.ts
index 557ebfd6..cbf61cc1 100644
--- a/server/db/sqlite/schema/privateSchema.ts
+++ b/server/db/sqlite/schema/privateSchema.ts
@@ -2,10 +2,12 @@ import {
     sqliteTable,
     integer,
     text,
-    real
+    real,
+    index
 } from "drizzle-orm/sqlite-core";
 import { InferSelectModel } from "drizzle-orm";
 import { domains, orgs, targets, users, exitNodes, sessions } from "./schema";
+import { metadata } from "@app/app/[orgId]/settings/layout";
 
 export const certificates = sqliteTable("certificates", {
     certId: integer("certId").primaryKey({ autoIncrement: true }),
@@ -207,6 +209,22 @@ export const sessionTransferToken = sqliteTable("sessionTransferToken", {
     expiresAt: integer("expiresAt").notNull()
 });
 
+export const actionAuditLog = sqliteTable("actionAuditLog", {
+    id: integer("id").primaryKey({ autoIncrement: true }),
+    timestamp: integer("timestamp").notNull(), // this is EPOCH time in seconds
+    orgId: text("orgId")
+        .notNull()
+        .references(() => orgs.orgId, { onDelete: "cascade" }),
+    actorType: text("actorType").notNull(),
+    actor: text("actor").notNull(),
+    actorId: text("actorId").notNull(),
+    action: text("action").notNull(),
+    metadata: text("metadata")
+}, (table) => ([
+    index("idx_actionAuditLog_timestamp").on(table.timestamp),
+    index("idx_actionAuditLog_org_timestamp").on(table.orgId, table.timestamp)
+]));
+
 export type Limit = InferSelectModel<typeof limits>;
 export type Account = InferSelectModel<typeof account>;
 export type Certificate = InferSelectModel<typeof certificates>;
@@ -224,3 +242,4 @@ export type RemoteExitNodeSession = InferSelectModel<
 >;
 export type ExitNodeOrg = InferSelectModel<typeof exitNodeOrgs>;
 export type LoginPage = InferSelectModel<typeof loginPage>;
+export type ActionAuditLog = InferSelectModel<typeof actionAuditLog>;
\ No newline at end of file
diff --git a/server/private/middlewares/index.ts b/server/private/middlewares/index.ts
index c92b0d3d..32aa1a1f 100644
--- a/server/private/middlewares/index.ts
+++ b/server/private/middlewares/index.ts
@@ -15,4 +15,4 @@ export * from "./verifyCertificateAccess";
 export * from "./verifyRemoteExitNodeAccess";
 export * from "./verifyIdpAccess";
 export * from "./verifyLoginPageAccess";
-export * from "../../lib/corsWithLoginPage";
\ No newline at end of file
+export * from "./logActionAudit";
\ No newline at end of file
diff --git a/server/private/middlewares/logActionAudit.ts b/server/private/middlewares/logActionAudit.ts
new file mode 100644
index 00000000..488aff88
--- /dev/null
+++ b/server/private/middlewares/logActionAudit.ts
@@ -0,0 +1,88 @@
+/*
+ * This file is part of a proprietary work.
+ *
+ * Copyright (c) 2025 Fossorial, Inc.
+ * All rights reserved.
+ *
+ * This file is licensed under the Fossorial Commercial License.
+ * You may not use this file except in compliance with the License.
+ * Unauthorized use, copying, modification, or distribution is strictly prohibited.
+ *
+ * This file is not licensed under the AGPLv3.
+ */
+
+import { ActionsEnum } from "@server/auth/actions";
+import { actionAuditLog, db } from "@server/db";
+import logger from "@server/logger";
+import HttpCode from "@server/types/HttpCode";
+import { Request, Response, NextFunction } from "express";
+import createHttpError from "http-errors";
+
+export function logActionAudit(action: ActionsEnum) {
+    return async function (
+        req: Request,
+        res: Response,
+        next: NextFunction
+    ): Promise<any> {
+        try {
+            let orgId;
+            let actorType;
+            let actor;
+            let actorId;
+
+            const user = req.user;
+            if (user) {
+                const userOrg = req.userOrg;
+                orgId = userOrg?.orgId;
+                actorType = "user";
+                actor = user.username;
+                actorId = user.userId;
+            }
+            const apiKey = req.apiKey;
+            if (apiKey) {
+                const apiKeyOrg = req.apiKeyOrg;
+                orgId = apiKeyOrg?.orgId;
+                actorType = "apiKey";
+                actor = apiKey.name;
+                actorId = apiKey.apiKeyId;
+            }
+
+            if (!orgId) {
+                logger.warn("logActionAudit: No organization context found");
+                return next();
+            }
+
+            if (!actorType || !actor || !actorId) {
+                logger.warn("logActionAudit: Incomplete actor information");
+                return next();
+            }
+
+            const timestamp = Math.floor(Date.now() / 1000);
+
+            let metadata = null;
+            if (req.params) {
+                metadata = JSON.stringify(req.params);
+            }
+
+            await db.insert(actionAuditLog).values({
+                timestamp,
+                orgId,
+                actorType,
+                actor,
+                actorId,
+                action,
+                metadata
+            });
+
+            return next();
+        } catch (error) {
+            logger.error(error);
+            return next(
+                createHttpError(
+                    HttpCode.INTERNAL_SERVER_ERROR,
+                    "Error verifying logging action"
+                )
+            );
+        }
+    };
+}

From 1f50bc3752d355c07f80ac9e7f90c09ccdb7f6f0 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Sun, 19 Oct 2025 21:53:00 -0700
Subject: [PATCH 02/69] Add logActionAudit and query endpoint

---
 server/db/pg/schema/privateSchema.ts          |  25 ++-
 server/db/pg/schema/schema.ts                 |  29 +++-
 server/db/sqlite/schema/privateSchema.ts      |  22 +++
 server/db/sqlite/schema/schema.ts             |  28 +++-
 server/middlewares/logActionAudit.ts          |  12 ++
 server/private/routers/auditLogs/index.ts     |   0
 .../routers/auditLogs/queryActionAuditLog.ts  | 147 ++++++++++++++++++
 server/private/routers/external.ts            |  34 ++--
 server/private/routers/integration.ts         |   7 +-
 server/routers/auditLogs/types.ts             |  14 ++
 server/routers/external.ts                    | 135 ++++++++++------
 server/routers/integration.ts                 | 143 +++++++++++------
 12 files changed, 488 insertions(+), 108 deletions(-)
 create mode 100644 server/middlewares/logActionAudit.ts
 create mode 100644 server/private/routers/auditLogs/index.ts
 create mode 100644 server/private/routers/auditLogs/queryActionAuditLog.ts
 create mode 100644 server/routers/auditLogs/types.ts

diff --git a/server/db/pg/schema/privateSchema.ts b/server/db/pg/schema/privateSchema.ts
index f33b88e1..d2bb8841 100644
--- a/server/db/pg/schema/privateSchema.ts
+++ b/server/db/pg/schema/privateSchema.ts
@@ -230,6 +230,28 @@ export const actionAuditLog = pgTable("actionAuditLog", {
     index("idx_actionAuditLog_org_timestamp").on(table.orgId, table.timestamp)
 ]));
 
+export const identityAuditLog = pgTable("identityAuditLog", {
+    id: serial("id").primaryKey(),
+    timestamp: bigint("timestamp", { mode: "number" }).notNull(), // this is EPOCH time in seconds
+    orgId: varchar("orgId")
+        .notNull()
+        .references(() => orgs.orgId, { onDelete: "cascade" }),
+    actorType: varchar("actorType", { length: 50 }).notNull(),
+    actor: varchar("actor", { length: 255 }).notNull(),
+    actorId: varchar("actorId", { length: 255 }).notNull(),
+    resourceId: integer("resourceId"),
+    ip: varchar("ip", { length: 45 }).notNull(),
+    type: varchar("type", { length: 100 }).notNull(),
+    action: varchar("action", { length: 100 }).notNull(),
+    location: text("location"),
+    path: text("path"),
+    userAgent: text("userAgent"),
+    metadata: text("details")
+}, (table) => ([
+    index("idx_identityAuditLog_timestamp").on(table.timestamp),
+    index("idx_identityAuditLog_org_timestamp").on(table.orgId, table.timestamp)
+]));
+
 export type Limit = InferSelectModel<typeof limits>;
 export type Account = InferSelectModel<typeof account>;
 export type Certificate = InferSelectModel<typeof certificates>;
@@ -247,4 +269,5 @@ export type RemoteExitNodeSession = InferSelectModel<
 >;
 export type ExitNodeOrg = InferSelectModel<typeof exitNodeOrgs>;
 export type LoginPage = InferSelectModel<typeof loginPage>;
-export type ActionAuditLog = InferSelectModel<typeof actionAuditLog>;
\ No newline at end of file
+export type ActionAuditLog = InferSelectModel<typeof actionAuditLog>;
+export type IdentityAuditLog = InferSelectModel<typeof identityAuditLog>;
\ No newline at end of file
diff --git a/server/db/pg/schema/schema.ts b/server/db/pg/schema/schema.ts
index 4bed23f8..2dc937d9 100644
--- a/server/db/pg/schema/schema.ts
+++ b/server/db/pg/schema/schema.ts
@@ -6,7 +6,8 @@ import {
     integer,
     bigint,
     real,
-    text
+    text,
+    index
 } from "drizzle-orm/pg-core";
 import { InferSelectModel } from "drizzle-orm";
 import { randomUUID } from "crypto";
@@ -671,6 +672,28 @@ export const setupTokens = pgTable("setupTokens", {
     dateUsed: varchar("dateUsed")
 });
 
+export const requestAuditLog = pgTable("requestAuditLog", {
+    id: serial("id").primaryKey(),
+    timestamp: integer("timestamp").notNull(), // this is EPOCH time in seconds
+    orgId: varchar("orgId")
+        .notNull()
+        .references(() => orgs.orgId, { onDelete: "cascade" }),
+    actorType: varchar("actorType").notNull(),
+    actor: varchar("actor").notNull(),
+    actorId: varchar("actorId").notNull(),
+    resourceId: integer("resourceId"),
+    ip: varchar("ip").notNull(),
+    type: varchar("type").notNull(),
+    action: varchar("action").notNull(),
+    event: varchar("event").notNull(),
+    location: varchar("location"),
+    userAgent: varchar("userAgent"),
+    metadata: text("details")
+}, (table) => ([
+    index("idx_actionAuditLog_timestamp").on(table.timestamp),
+    index("idx_actionAuditLog_org_timestamp").on(table.orgId, table.timestamp)
+]));
+
 export type Org = InferSelectModel<typeof orgs>;
 export type User = InferSelectModel<typeof users>;
 export type Site = InferSelectModel<typeof sites>;
@@ -722,3 +745,7 @@ export type SetupToken = InferSelectModel<typeof setupTokens>;
 export type HostMeta = InferSelectModel<typeof hostMeta>;
 export type TargetHealthCheck = InferSelectModel<typeof targetHealthCheck>;
 export type IdpOidcConfig = InferSelectModel<typeof idpOidcConfig>;
+export type LicenseKey = InferSelectModel<typeof licenseKey>;
+export type SecurityKey = InferSelectModel<typeof securityKeys>;
+export type WebauthnChallenge = InferSelectModel<typeof webauthnChallenge>;
+export type RequestAuditLog = InferSelectModel<typeof requestAuditLog>;
\ No newline at end of file
diff --git a/server/db/sqlite/schema/privateSchema.ts b/server/db/sqlite/schema/privateSchema.ts
index cbf61cc1..bbd0aa3e 100644
--- a/server/db/sqlite/schema/privateSchema.ts
+++ b/server/db/sqlite/schema/privateSchema.ts
@@ -225,6 +225,28 @@ export const actionAuditLog = sqliteTable("actionAuditLog", {
     index("idx_actionAuditLog_org_timestamp").on(table.orgId, table.timestamp)
 ]));
 
+export const identityAuditLog = sqliteTable("identityAuditLog", {
+    id: integer("id").primaryKey({ autoIncrement: true }),
+    timestamp: integer("timestamp").notNull(), // this is EPOCH time in seconds
+    orgId: text("orgId")
+        .notNull()
+        .references(() => orgs.orgId, { onDelete: "cascade" }),
+    actorType: text("actorType").notNull(),
+    actor: text("actor").notNull(),
+    actorId: text("actorId").notNull(),
+    resourceId: integer("resourceId"),
+    ip: text("ip").notNull(),
+    type: text("type").notNull(),
+    action: text("action").notNull(),
+    location: text("location"),
+    path: text("path"),
+    userAgent: text("userAgent"),
+    metadata: text("details")
+}, (table) => ([
+    index("idx_actionAuditLog_timestamp").on(table.timestamp),
+    index("idx_actionAuditLog_org_timestamp").on(table.orgId, table.timestamp)
+]));
+
 export type Limit = InferSelectModel<typeof limits>;
 export type Account = InferSelectModel<typeof account>;
 export type Certificate = InferSelectModel<typeof certificates>;
diff --git a/server/db/sqlite/schema/schema.ts b/server/db/sqlite/schema/schema.ts
index 3d6c6b0d..59b9bc2e 100644
--- a/server/db/sqlite/schema/schema.ts
+++ b/server/db/sqlite/schema/schema.ts
@@ -1,6 +1,6 @@
 import { randomUUID } from "crypto";
 import { InferSelectModel } from "drizzle-orm";
-import { sqliteTable, text, integer } from "drizzle-orm/sqlite-core";
+import { sqliteTable, text, integer, index } from "drizzle-orm/sqlite-core";
 
 export const domains = sqliteTable("domains", {
     domainId: text("domainId").primaryKey(),
@@ -710,6 +710,28 @@ export const idpOrg = sqliteTable("idpOrg", {
     orgMapping: text("orgMapping")
 });
 
+export const requestAuditLog = sqliteTable("requestAuditLog", {
+    id: integer("id").primaryKey({ autoIncrement: true }),
+    timestamp: integer("timestamp").notNull(), // this is EPOCH time in seconds
+    orgId: text("orgId")
+        .notNull()
+        .references(() => orgs.orgId, { onDelete: "cascade" }),
+    actorType: text("actorType").notNull(),
+    actor: text("actor").notNull(),
+    actorId: text("actorId").notNull(),
+    resourceId: integer("resourceId"),
+    ip: text("ip").notNull(),
+    type: text("type").notNull(),
+    action: text("action").notNull(),
+    event: text("event").notNull(),
+    location: text("location"),
+    userAgent: text("userAgent"),
+    metadata: text("details")
+}, (table) => ([
+    index("idx_actionAuditLog_timestamp").on(table.timestamp),
+    index("idx_actionAuditLog_org_timestamp").on(table.orgId, table.timestamp)
+]));
+
 export type Org = InferSelectModel<typeof orgs>;
 export type User = InferSelectModel<typeof users>;
 export type Site = InferSelectModel<typeof sites>;
@@ -761,3 +783,7 @@ export type SetupToken = InferSelectModel<typeof setupTokens>;
 export type HostMeta = InferSelectModel<typeof hostMeta>;
 export type TargetHealthCheck = InferSelectModel<typeof targetHealthCheck>;
 export type IdpOidcConfig = InferSelectModel<typeof idpOidcConfig>;
+export type LicenseKey = InferSelectModel<typeof licenseKey>;
+export type SecurityKey = InferSelectModel<typeof securityKeys>;
+export type WebauthnChallenge = InferSelectModel<typeof webauthnChallenge>;
+export type RequestAuditLog = InferSelectModel<typeof requestAuditLog>;
\ No newline at end of file
diff --git a/server/middlewares/logActionAudit.ts b/server/middlewares/logActionAudit.ts
new file mode 100644
index 00000000..a1521883
--- /dev/null
+++ b/server/middlewares/logActionAudit.ts
@@ -0,0 +1,12 @@
+import { ActionsEnum } from "@server/auth/actions";
+import { Request, Response, NextFunction } from "express";
+
+export function logActionAudit(action: ActionsEnum) {
+    return async function (
+        req: Request,
+        res: Response,
+        next: NextFunction
+    ): Promise<any> {
+        next();
+    };
+}
diff --git a/server/private/routers/auditLogs/index.ts b/server/private/routers/auditLogs/index.ts
new file mode 100644
index 00000000..e69de29b
diff --git a/server/private/routers/auditLogs/queryActionAuditLog.ts b/server/private/routers/auditLogs/queryActionAuditLog.ts
new file mode 100644
index 00000000..4c10a3f0
--- /dev/null
+++ b/server/private/routers/auditLogs/queryActionAuditLog.ts
@@ -0,0 +1,147 @@
+import { actionAuditLog, db } from "@server/db";
+import { registry } from "@server/openApi";
+import { NextFunction } from "express";
+import { Request, Response } from "express";
+import { eq, gt, lt, and, count } from "drizzle-orm";
+import { OpenAPITags } from "@server/openApi";
+import { z } from "zod";
+import createHttpError from "http-errors";
+import HttpCode from "@server/types/HttpCode";
+import { fromError } from "zod-validation-error";
+import { QueryActionAuditLogResponse } from "@server/routers/auditLogs/types";
+import response from "@server/lib/response";
+import logger from "@server/logger";
+
+export const queryAccessAuditLogsQuery = z.object({
+    // iso string just validate its a parseable date
+    timeStart: z
+        .string()
+        .refine((val) => !isNaN(Date.parse(val)), {
+            message: "timeStart must be a valid ISO date string"
+        })
+        .transform((val) => Math.floor(new Date(val).getTime() / 1000)),
+    timeEnd: z
+        .string()
+        .refine((val) => !isNaN(Date.parse(val)), {
+            message: "timeEnd must be a valid ISO date string"
+        })
+        .transform((val) => Math.floor(new Date(val).getTime() / 1000))
+        .optional()
+        .default(new Date().toISOString()),
+    limit: z
+        .string()
+        .optional()
+        .default("1000")
+        .transform(Number)
+        .pipe(z.number().int().positive()),
+    offset: z
+        .string()
+        .optional()
+        .default("0")
+        .transform(Number)
+        .pipe(z.number().int().nonnegative())
+});
+
+export const queryAccessAuditLogsParams = z.object({
+    orgId: z.string()
+});
+
+function querySites(timeStart: number, timeEnd: number, orgId: string) {
+    return db
+        .select({
+            orgId: actionAuditLog.orgId,
+            action: actionAuditLog.action,
+            actorType: actionAuditLog.actorType,
+            timestamp: actionAuditLog.timestamp,
+            actor: actionAuditLog.actor
+        })
+        .from(actionAuditLog)
+        .where(
+            and(
+                gt(actionAuditLog.timestamp, timeStart),
+                lt(actionAuditLog.timestamp, timeEnd),
+                eq(actionAuditLog.orgId, orgId)
+            )
+        )
+        .orderBy(actionAuditLog.timestamp);
+}
+
+registry.registerPath({
+    method: "get",
+    path: "/org/{orgId}/logs/action",
+    description: "Query the action audit log for an organization",
+    tags: [OpenAPITags.Org],
+    request: {
+        query: queryAccessAuditLogsQuery,
+        params: queryAccessAuditLogsParams
+    },
+    responses: {}
+});
+
+export async function queryAccessAuditLogs(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedQuery = queryAccessAuditLogsQuery.safeParse(req.query);
+        if (!parsedQuery.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedQuery.error)
+                )
+            );
+        }
+        const { timeStart, timeEnd, limit, offset } = parsedQuery.data;
+
+        const parsedParams = queryAccessAuditLogsParams.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error)
+                )
+            );
+        }
+        const { orgId } = parsedParams.data;
+
+        const baseQuery = querySites(timeStart, timeEnd, orgId);
+
+        const log = await baseQuery.limit(limit).offset(offset);
+
+        const countQuery = db
+            .select({ count: count() })
+            .from(actionAuditLog)
+            .where(
+                and(
+                    gt(actionAuditLog.timestamp, timeStart),
+                    lt(actionAuditLog.timestamp, timeEnd),
+                    eq(actionAuditLog.orgId, orgId)
+                )
+            );
+
+        const totalCountResult = await countQuery;
+        const totalCount = totalCountResult[0].count;
+
+        return response<QueryActionAuditLogResponse>(res, {
+            data: {
+                log: log,
+                pagination: {
+                    total: totalCount,
+                    limit,
+                    offset
+                }
+            },
+            success: true,
+            error: false,
+            message: "Action audit logs retrieved successfully",
+            status: HttpCode.OK
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
diff --git a/server/private/routers/external.ts b/server/private/routers/external.ts
index 74cd6b0c..a7c927f2 100644
--- a/server/private/routers/external.ts
+++ b/server/private/routers/external.ts
@@ -31,6 +31,7 @@ import {
 } from "@server/middlewares";
 import { ActionsEnum } from "@server/auth/actions";
 import {
+    logActionAudit,
     verifyCertificateAccess,
     verifyIdpAccess,
     verifyLoginPageAccess,
@@ -72,7 +73,8 @@ authenticated.put(
     verifyValidLicense,
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.createIdp),
-    orgIdp.createOrgOidcIdp
+    orgIdp.createOrgOidcIdp,
+    logActionAudit(ActionsEnum.createIdp)
 );
 
 authenticated.post(
@@ -81,7 +83,8 @@ authenticated.post(
     verifyOrgAccess,
     verifyIdpAccess,
     verifyUserHasAction(ActionsEnum.updateIdp),
-    orgIdp.updateOrgOidcIdp
+    orgIdp.updateOrgOidcIdp,
+    logActionAudit(ActionsEnum.updateIdp)
 );
 
 authenticated.delete(
@@ -90,7 +93,8 @@ authenticated.delete(
     verifyOrgAccess,
     verifyIdpAccess,
     verifyUserHasAction(ActionsEnum.deleteIdp),
-    orgIdp.deleteOrgIdp
+    orgIdp.deleteOrgIdp,
+    logActionAudit(ActionsEnum.deleteIdp)
 );
 
 authenticated.get(
@@ -127,7 +131,8 @@ authenticated.post(
     verifyOrgAccess,
     verifyCertificateAccess,
     verifyUserHasAction(ActionsEnum.restartCertificate),
-    certificates.restartCertificate
+    certificates.restartCertificate,
+    logActionAudit(ActionsEnum.restartCertificate)
 );
 
 if (build === "saas") {
@@ -152,14 +157,16 @@ if (build === "saas") {
         "/org/:orgId/billing/create-checkout-session",
         verifyOrgAccess,
         verifyUserHasAction(ActionsEnum.billing),
-        billing.createCheckoutSession
+        billing.createCheckoutSession,
+        logActionAudit(ActionsEnum.billing)
     );
 
     authenticated.post(
         "/org/:orgId/billing/create-portal-session",
         verifyOrgAccess,
         verifyUserHasAction(ActionsEnum.billing),
-        billing.createPortalSession
+        billing.createPortalSession,
+        logActionAudit(ActionsEnum.billing)
     );
 
     authenticated.get(
@@ -206,7 +213,8 @@ authenticated.put(
     verifyValidLicense,
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.createRemoteExitNode),
-    remoteExitNode.createRemoteExitNode
+    remoteExitNode.createRemoteExitNode,
+    logActionAudit(ActionsEnum.createRemoteExitNode)
 );
 
 authenticated.get(
@@ -240,7 +248,8 @@ authenticated.delete(
     verifyOrgAccess,
     verifyRemoteExitNodeAccess,
     verifyUserHasAction(ActionsEnum.deleteRemoteExitNode),
-    remoteExitNode.deleteRemoteExitNode
+    remoteExitNode.deleteRemoteExitNode,
+    logActionAudit(ActionsEnum.deleteRemoteExitNode)
 );
 
 authenticated.put(
@@ -248,7 +257,8 @@ authenticated.put(
     verifyValidLicense,
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.createLoginPage),
-    loginPage.createLoginPage
+    loginPage.createLoginPage,
+    logActionAudit(ActionsEnum.createLoginPage)
 );
 
 authenticated.post(
@@ -257,7 +267,8 @@ authenticated.post(
     verifyOrgAccess,
     verifyLoginPageAccess,
     verifyUserHasAction(ActionsEnum.updateLoginPage),
-    loginPage.updateLoginPage
+    loginPage.updateLoginPage,
+    logActionAudit(ActionsEnum.updateLoginPage)
 );
 
 authenticated.delete(
@@ -266,7 +277,8 @@ authenticated.delete(
     verifyOrgAccess,
     verifyLoginPageAccess,
     verifyUserHasAction(ActionsEnum.deleteLoginPage),
-    loginPage.deleteLoginPage
+    loginPage.deleteLoginPage,
+    logActionAudit(ActionsEnum.deleteLoginPage)
 );
 
 authenticated.get(
diff --git a/server/private/routers/integration.ts b/server/private/routers/integration.ts
index d767424a..00bc167a 100644
--- a/server/private/routers/integration.ts
+++ b/server/private/routers/integration.ts
@@ -23,6 +23,7 @@ import {
 import { ActionsEnum } from "@server/auth/actions";
 
 import { unauthenticated as ua, authenticated as a } from "@server/routers/integration";
+import { logActionAudit } from "#private/middlewares";
 
 export const unauthenticated = ua;
 export const authenticated = a;
@@ -31,12 +32,14 @@ authenticated.post(
     `/org/:orgId/send-usage-notification`,
     verifyApiKeyIsRoot, // We are the only ones who can use root key so its fine
     verifyApiKeyHasAction(ActionsEnum.sendUsageNotification),
-    org.sendUsageNotification
+    org.sendUsageNotification,
+    logActionAudit(ActionsEnum.sendUsageNotification)
 );
 
 authenticated.delete(
     "/idp/:idpId",
     verifyApiKeyIsRoot,
     verifyApiKeyHasAction(ActionsEnum.deleteIdp),
-    orgIdp.deleteOrgIdp
+    orgIdp.deleteOrgIdp,
+    logActionAudit(ActionsEnum.deleteIdp)
 );
\ No newline at end of file
diff --git a/server/routers/auditLogs/types.ts b/server/routers/auditLogs/types.ts
new file mode 100644
index 00000000..4530de79
--- /dev/null
+++ b/server/routers/auditLogs/types.ts
@@ -0,0 +1,14 @@
+export type QueryActionAuditLogResponse = {
+    log: {
+        orgId: string;
+        action: string;
+        actorType: string;
+        timestamp: number;
+        actor: string;
+    }[];
+    pagination: {
+        total: number;
+        limit: number;
+        offset: number;
+    };
+};
diff --git a/server/routers/external.ts b/server/routers/external.ts
index 8bd72f62..55b98242 100644
--- a/server/routers/external.ts
+++ b/server/routers/external.ts
@@ -44,6 +44,7 @@ import rateLimit, { ipKeyGenerator } from "express-rate-limit";
 import createHttpError from "http-errors";
 import { build } from "@server/build";
 import { createStore } from "#dynamic/lib/rateLimitStore";
+import { logActionAudit } from "#dynamic/middlewares";
 
 // Root routes
 export const unauthenticated = Router();
@@ -75,7 +76,8 @@ authenticated.post(
     "/org/:orgId",
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.updateOrg),
-    org.updateOrg
+    org.updateOrg,
+    logActionAudit(ActionsEnum.updateOrg)
 );
 
 if (build !== "saas") {
@@ -84,7 +86,8 @@ if (build !== "saas") {
         verifyOrgAccess,
         verifyUserIsOrgOwner,
         verifyUserHasAction(ActionsEnum.deleteOrg),
-        org.deleteOrg
+        org.deleteOrg,
+        logActionAudit(ActionsEnum.deleteOrg)
     );
 }
 
@@ -92,7 +95,8 @@ authenticated.put(
     "/org/:orgId/site",
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.createSite),
-    site.createSite
+    site.createSite,
+    logActionAudit(ActionsEnum.createSite)
 );
 authenticated.get(
     "/org/:orgId/sites",
@@ -149,7 +153,8 @@ authenticated.put(
     verifyClientsEnabled,
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.createClient),
-    client.createClient
+    client.createClient,
+    logActionAudit(ActionsEnum.createClient)
 );
 
 authenticated.delete(
@@ -157,7 +162,8 @@ authenticated.delete(
     verifyClientsEnabled,
     verifyClientAccess,
     verifyUserHasAction(ActionsEnum.deleteClient),
-    client.deleteClient
+    client.deleteClient,
+    logActionAudit(ActionsEnum.deleteClient)
 );
 
 authenticated.post(
@@ -165,7 +171,8 @@ authenticated.post(
     verifyClientsEnabled,
     verifyClientAccess, // this will check if the user has access to the client
     verifyUserHasAction(ActionsEnum.updateClient), // this will check if the user has permission to update the client
-    client.updateClient
+    client.updateClient,
+    logActionAudit(ActionsEnum.updateClient)
 );
 
 // authenticated.get(
@@ -178,15 +185,18 @@ authenticated.post(
     "/site/:siteId",
     verifySiteAccess,
     verifyUserHasAction(ActionsEnum.updateSite),
-    site.updateSite
+    site.updateSite,
+    logActionAudit(ActionsEnum.updateSite)
 );
 authenticated.delete(
     "/site/:siteId",
     verifySiteAccess,
     verifyUserHasAction(ActionsEnum.deleteSite),
-    site.deleteSite
+    site.deleteSite,
+    logActionAudit(ActionsEnum.deleteSite)
 );
 
+// TODO: BREAK OUT THESE ACTIONS SO THEY ARE NOT ALL "getSite"
 authenticated.get(
     "/site/:siteId/docker/status",
     verifySiteAccess,
@@ -203,13 +213,15 @@ authenticated.post(
     "/site/:siteId/docker/check",
     verifySiteAccess,
     verifyUserHasAction(ActionsEnum.getSite),
-    site.checkDockerSocket
+    site.checkDockerSocket,
+    // logActionAudit(ActionsEnum.getSite)
 );
 authenticated.post(
     "/site/:siteId/docker/trigger",
     verifySiteAccess,
     verifyUserHasAction(ActionsEnum.getSite),
-    site.triggerFetchContainers
+    site.triggerFetchContainers,
+    // logActionAudit(ActionsEnum.getSite)
 );
 authenticated.get(
     "/site/:siteId/docker/containers",
@@ -224,7 +236,8 @@ authenticated.put(
     verifyOrgAccess,
     verifySiteAccess,
     verifyUserHasAction(ActionsEnum.createSiteResource),
-    siteResource.createSiteResource
+    siteResource.createSiteResource,
+    logActionAudit(ActionsEnum.createSiteResource)
 );
 
 authenticated.get(
@@ -257,7 +270,8 @@ authenticated.post(
     verifySiteAccess,
     verifySiteResourceAccess,
     verifyUserHasAction(ActionsEnum.updateSiteResource),
-    siteResource.updateSiteResource
+    siteResource.updateSiteResource,
+    logActionAudit(ActionsEnum.updateSiteResource)
 );
 
 authenticated.delete(
@@ -266,14 +280,16 @@ authenticated.delete(
     verifySiteAccess,
     verifySiteResourceAccess,
     verifyUserHasAction(ActionsEnum.deleteSiteResource),
-    siteResource.deleteSiteResource
+    siteResource.deleteSiteResource,
+    logActionAudit(ActionsEnum.deleteSiteResource)
 );
 
 authenticated.put(
     "/org/:orgId/resource",
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.createResource),
-    resource.createResource
+    resource.createResource,
+    logActionAudit(ActionsEnum.createResource)
 );
 
 authenticated.get(
@@ -313,15 +329,18 @@ authenticated.delete(
     "/org/:orgId/invitations/:inviteId",
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.removeInvitation),
-    user.removeInvitation
+    user.removeInvitation,
+    logActionAudit(ActionsEnum.removeInvitation)
 );
 
 authenticated.post(
     "/org/:orgId/create-invite",
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.inviteUser),
-    user.inviteUser
+    user.inviteUser,
+    logActionAudit(ActionsEnum.inviteUser)
 ); // maybe make this /invite/create instead
+
 unauthenticated.post("/invite/accept", user.acceptInvite); // this is supposed to be unauthenticated
 
 authenticated.get(
@@ -354,20 +373,23 @@ authenticated.post(
     "/resource/:resourceId",
     verifyResourceAccess,
     verifyUserHasAction(ActionsEnum.updateResource),
-    resource.updateResource
+    resource.updateResource,
+    logActionAudit(ActionsEnum.updateResource)
 );
 authenticated.delete(
     "/resource/:resourceId",
     verifyResourceAccess,
     verifyUserHasAction(ActionsEnum.deleteResource),
-    resource.deleteResource
+    resource.deleteResource,
+    logActionAudit(ActionsEnum.deleteResource)
 );
 
 authenticated.put(
     "/resource/:resourceId/target",
     verifyResourceAccess,
     verifyUserHasAction(ActionsEnum.createTarget),
-    target.createTarget
+    target.createTarget,
+    logActionAudit(ActionsEnum.createTarget)
 );
 authenticated.get(
     "/resource/:resourceId/targets",
@@ -380,7 +402,8 @@ authenticated.put(
     "/resource/:resourceId/rule",
     verifyResourceAccess,
     verifyUserHasAction(ActionsEnum.createResourceRule),
-    resource.createResourceRule
+    resource.createResourceRule,
+    logActionAudit(ActionsEnum.createResourceRule)
 );
 authenticated.get(
     "/resource/:resourceId/rules",
@@ -392,13 +415,15 @@ authenticated.post(
     "/resource/:resourceId/rule/:ruleId",
     verifyResourceAccess,
     verifyUserHasAction(ActionsEnum.updateResourceRule),
-    resource.updateResourceRule
+    resource.updateResourceRule,
+    logActionAudit(ActionsEnum.updateResourceRule)
 );
 authenticated.delete(
     "/resource/:resourceId/rule/:ruleId",
     verifyResourceAccess,
     verifyUserHasAction(ActionsEnum.deleteResourceRule),
-    resource.deleteResourceRule
+    resource.deleteResourceRule,
+    logActionAudit(ActionsEnum.deleteResourceRule)
 );
 
 authenticated.get(
@@ -411,20 +436,23 @@ authenticated.post(
     "/target/:targetId",
     verifyTargetAccess,
     verifyUserHasAction(ActionsEnum.updateTarget),
-    target.updateTarget
+    target.updateTarget,
+    logActionAudit(ActionsEnum.updateTarget)
 );
 authenticated.delete(
     "/target/:targetId",
     verifyTargetAccess,
     verifyUserHasAction(ActionsEnum.deleteTarget),
-    target.deleteTarget
+    target.deleteTarget,
+    logActionAudit(ActionsEnum.deleteTarget)
 );
 
 authenticated.put(
     "/org/:orgId/role",
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.createRole),
-    role.createRole
+    role.createRole,
+    logActionAudit(ActionsEnum.createRole)
 );
 authenticated.get(
     "/org/:orgId/roles",
@@ -449,14 +477,16 @@ authenticated.delete(
     "/role/:roleId",
     verifyRoleAccess,
     verifyUserHasAction(ActionsEnum.deleteRole),
-    role.deleteRole
+    role.deleteRole,
+    logActionAudit(ActionsEnum.deleteRole)
 );
 authenticated.post(
     "/role/:roleId/add/:userId",
     verifyRoleAccess,
     verifyUserAccess,
     verifyUserHasAction(ActionsEnum.addUserRole),
-    user.addUserRole
+    user.addUserRole,
+    logActionAudit(ActionsEnum.addUserRole)
 );
 
 authenticated.post(
@@ -464,7 +494,8 @@ authenticated.post(
     verifyResourceAccess,
     verifyRoleAccess,
     verifyUserHasAction(ActionsEnum.setResourceRoles),
-    resource.setResourceRoles
+    resource.setResourceRoles,
+    logActionAudit(ActionsEnum.setResourceRoles)
 );
 
 authenticated.post(
@@ -472,35 +503,40 @@ authenticated.post(
     verifyResourceAccess,
     verifySetResourceUsers,
     verifyUserHasAction(ActionsEnum.setResourceUsers),
-    resource.setResourceUsers
+    resource.setResourceUsers,
+    logActionAudit(ActionsEnum.setResourceUsers)
 );
 
 authenticated.post(
     `/resource/:resourceId/password`,
     verifyResourceAccess,
     verifyUserHasAction(ActionsEnum.setResourcePassword),
-    resource.setResourcePassword
+    resource.setResourcePassword,
+    logActionAudit(ActionsEnum.setResourcePassword)
 );
 
 authenticated.post(
     `/resource/:resourceId/pincode`,
     verifyResourceAccess,
     verifyUserHasAction(ActionsEnum.setResourcePincode),
-    resource.setResourcePincode
+    resource.setResourcePincode,
+    logActionAudit(ActionsEnum.setResourcePincode)
 );
 
 authenticated.post(
     `/resource/:resourceId/header-auth`,
     verifyResourceAccess,
     verifyUserHasAction(ActionsEnum.setResourceHeaderAuth),
-    resource.setResourceHeaderAuth
+    resource.setResourceHeaderAuth,
+    logActionAudit(ActionsEnum.setResourceHeaderAuth)
 );
 
 authenticated.post(
     `/resource/:resourceId/whitelist`,
     verifyResourceAccess,
     verifyUserHasAction(ActionsEnum.setResourceWhitelist),
-    resource.setResourceWhitelist
+    resource.setResourceWhitelist,
+    logActionAudit(ActionsEnum.setResourceWhitelist)
 );
 
 authenticated.get(
@@ -514,14 +550,16 @@ authenticated.post(
     `/resource/:resourceId/access-token`,
     verifyResourceAccess,
     verifyUserHasAction(ActionsEnum.generateAccessToken),
-    accessToken.generateAccessToken
+    accessToken.generateAccessToken,
+    logActionAudit(ActionsEnum.generateAccessToken)
 );
 
 authenticated.delete(
     `/access-token/:accessTokenId`,
     verifyAccessTokenAccess,
     verifyUserHasAction(ActionsEnum.deleteAcessToken),
-    accessToken.deleteAccessToken
+    accessToken.deleteAccessToken,
+    logActionAudit(ActionsEnum.deleteAcessToken)
 );
 
 authenticated.get(
@@ -594,7 +632,8 @@ authenticated.put(
     "/org/:orgId/user",
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.createOrgUser),
-    user.createOrgUser
+    user.createOrgUser,
+    logActionAudit(ActionsEnum.createOrgUser)
 );
 
 authenticated.post(
@@ -602,7 +641,8 @@ authenticated.post(
     verifyOrgAccess,
     verifyUserAccess,
     verifyUserHasAction(ActionsEnum.updateOrgUser),
-    user.updateOrgUser
+    user.updateOrgUser,
+    logActionAudit(ActionsEnum.updateOrgUser)
 );
 
 authenticated.get("/org/:orgId/user/:userId", verifyOrgAccess, user.getOrgUser);
@@ -624,7 +664,8 @@ authenticated.delete(
     verifyOrgAccess,
     verifyUserAccess,
     verifyUserHasAction(ActionsEnum.removeUser),
-    user.removeUserOrg
+    user.removeUserOrg,
+    logActionAudit(ActionsEnum.removeUser)
 );
 
 // authenticated.put(
@@ -757,7 +798,8 @@ authenticated.post(
     verifyOrgAccess,
     verifyApiKeyAccess,
     verifyUserHasAction(ActionsEnum.setApiKeyActions),
-    apiKeys.setApiKeyActions
+    apiKeys.setApiKeyActions,
+    logActionAudit(ActionsEnum.setApiKeyActions)
 );
 
 authenticated.get(
@@ -772,7 +814,8 @@ authenticated.put(
     `/org/:orgId/api-key`,
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.createApiKey),
-    apiKeys.createOrgApiKey
+    apiKeys.createOrgApiKey,
+    logActionAudit(ActionsEnum.createApiKey)
 );
 
 authenticated.delete(
@@ -780,7 +823,8 @@ authenticated.delete(
     verifyOrgAccess,
     verifyApiKeyAccess,
     verifyUserHasAction(ActionsEnum.deleteApiKey),
-    apiKeys.deleteOrgApiKey
+    apiKeys.deleteOrgApiKey,
+    logActionAudit(ActionsEnum.deleteApiKey)
 );
 
 authenticated.get(
@@ -795,7 +839,8 @@ authenticated.put(
     `/org/:orgId/domain`,
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.createOrgDomain),
-    domain.createOrgDomain
+    domain.createOrgDomain,
+    logActionAudit(ActionsEnum.createOrgDomain)
 );
 
 authenticated.post(
@@ -803,7 +848,8 @@ authenticated.post(
     verifyOrgAccess,
     verifyDomainAccess,
     verifyUserHasAction(ActionsEnum.restartOrgDomain),
-    domain.restartOrgDomain
+    domain.restartOrgDomain,
+    logActionAudit(ActionsEnum.restartOrgDomain)
 );
 
 authenticated.delete(
@@ -811,7 +857,8 @@ authenticated.delete(
     verifyOrgAccess,
     verifyDomainAccess,
     verifyUserHasAction(ActionsEnum.deleteOrgDomain),
-    domain.deleteAccountDomain
+    domain.deleteAccountDomain,
+    logActionAudit(ActionsEnum.deleteOrgDomain)
 );
 
 // Auth routes
diff --git a/server/routers/integration.ts b/server/routers/integration.ts
index 8808c931..f54189e6 100644
--- a/server/routers/integration.ts
+++ b/server/routers/integration.ts
@@ -29,7 +29,7 @@ import {
 import HttpCode from "@server/types/HttpCode";
 import { Router } from "express";
 import { ActionsEnum } from "@server/auth/actions";
-import { build } from "@server/build";
+import { logActionAudit } from "#dynamic/middlewares";
 
 export const unauthenticated = Router();
 
@@ -51,7 +51,8 @@ authenticated.put(
     "/org",
     verifyApiKeyIsRoot,
     verifyApiKeyHasAction(ActionsEnum.createOrg),
-    org.createOrg
+    org.createOrg,
+    logActionAudit(ActionsEnum.createOrg)
 );
 
 authenticated.get(
@@ -72,21 +73,24 @@ authenticated.post(
     "/org/:orgId",
     verifyApiKeyOrgAccess,
     verifyApiKeyHasAction(ActionsEnum.updateOrg),
-    org.updateOrg
+    org.updateOrg,
+    logActionAudit(ActionsEnum.updateOrg)
 );
 
 authenticated.delete(
     "/org/:orgId",
     verifyApiKeyIsRoot,
     verifyApiKeyHasAction(ActionsEnum.deleteOrg),
-    org.deleteOrg
+    org.deleteOrg,
+    logActionAudit(ActionsEnum.deleteOrg)
 );
 
 authenticated.put(
     "/org/:orgId/site",
     verifyApiKeyOrgAccess,
     verifyApiKeyHasAction(ActionsEnum.createSite),
-    site.createSite
+    site.createSite,
+    logActionAudit(ActionsEnum.createSite)
 );
 
 authenticated.get(
@@ -121,14 +125,16 @@ authenticated.post(
     "/site/:siteId",
     verifyApiKeySiteAccess,
     verifyApiKeyHasAction(ActionsEnum.updateSite),
-    site.updateSite
+    site.updateSite,
+    logActionAudit(ActionsEnum.updateSite)
 );
 
 authenticated.delete(
     "/site/:siteId",
     verifyApiKeySiteAccess,
     verifyApiKeyHasAction(ActionsEnum.deleteSite),
-    site.deleteSite
+    site.deleteSite,
+    logActionAudit(ActionsEnum.deleteSite)
 );
 
 authenticated.get(
@@ -142,7 +148,8 @@ authenticated.put(
     verifyApiKeyOrgAccess,
     verifyApiKeySiteAccess,
     verifyApiKeyHasAction(ActionsEnum.createSiteResource),
-    siteResource.createSiteResource
+    siteResource.createSiteResource,
+    logActionAudit(ActionsEnum.createSiteResource)
 );
 
 authenticated.get(
@@ -175,7 +182,8 @@ authenticated.post(
     verifyApiKeySiteAccess,
     verifyApiKeySiteResourceAccess,
     verifyApiKeyHasAction(ActionsEnum.updateSiteResource),
-    siteResource.updateSiteResource
+    siteResource.updateSiteResource,
+    logActionAudit(ActionsEnum.updateSiteResource)
 );
 
 authenticated.delete(
@@ -184,21 +192,24 @@ authenticated.delete(
     verifyApiKeySiteAccess,
     verifyApiKeySiteResourceAccess,
     verifyApiKeyHasAction(ActionsEnum.deleteSiteResource),
-    siteResource.deleteSiteResource
+    siteResource.deleteSiteResource,
+    logActionAudit(ActionsEnum.deleteSiteResource)
 );
 
 authenticated.put(
     "/org/:orgId/resource",
     verifyApiKeyOrgAccess,
     verifyApiKeyHasAction(ActionsEnum.createResource),
-    resource.createResource
+    resource.createResource,
+    logActionAudit(ActionsEnum.createResource)
 );
 
 authenticated.put(
     "/org/:orgId/site/:siteId/resource",
     verifyApiKeyOrgAccess,
     verifyApiKeyHasAction(ActionsEnum.createResource),
-    resource.createResource
+    resource.createResource,
+    logActionAudit(ActionsEnum.createResource)
 );
 
 authenticated.get(
@@ -233,7 +244,8 @@ authenticated.post(
     "/org/:orgId/create-invite",
     verifyApiKeyOrgAccess,
     verifyApiKeyHasAction(ActionsEnum.inviteUser),
-    user.inviteUser
+    user.inviteUser,
+    logActionAudit(ActionsEnum.inviteUser)
 );
 
 authenticated.get(
@@ -261,21 +273,24 @@ authenticated.post(
     "/resource/:resourceId",
     verifyApiKeyResourceAccess,
     verifyApiKeyHasAction(ActionsEnum.updateResource),
-    resource.updateResource
+    resource.updateResource,
+    logActionAudit(ActionsEnum.updateResource)
 );
 
 authenticated.delete(
     "/resource/:resourceId",
     verifyApiKeyResourceAccess,
     verifyApiKeyHasAction(ActionsEnum.deleteResource),
-    resource.deleteResource
+    resource.deleteResource,
+    logActionAudit(ActionsEnum.deleteResource)
 );
 
 authenticated.put(
     "/resource/:resourceId/target",
     verifyApiKeyResourceAccess,
     verifyApiKeyHasAction(ActionsEnum.createTarget),
-    target.createTarget
+    target.createTarget,
+    logActionAudit(ActionsEnum.createTarget)
 );
 
 authenticated.get(
@@ -289,7 +304,8 @@ authenticated.put(
     "/resource/:resourceId/rule",
     verifyApiKeyResourceAccess,
     verifyApiKeyHasAction(ActionsEnum.createResourceRule),
-    resource.createResourceRule
+    resource.createResourceRule,
+    logActionAudit(ActionsEnum.createResourceRule)
 );
 
 authenticated.get(
@@ -303,14 +319,16 @@ authenticated.post(
     "/resource/:resourceId/rule/:ruleId",
     verifyApiKeyResourceAccess,
     verifyApiKeyHasAction(ActionsEnum.updateResourceRule),
-    resource.updateResourceRule
+    resource.updateResourceRule,
+    logActionAudit(ActionsEnum.updateResourceRule)
 );
 
 authenticated.delete(
     "/resource/:resourceId/rule/:ruleId",
     verifyApiKeyResourceAccess,
     verifyApiKeyHasAction(ActionsEnum.deleteResourceRule),
-    resource.deleteResourceRule
+    resource.deleteResourceRule,
+    logActionAudit(ActionsEnum.deleteResourceRule)
 );
 
 authenticated.get(
@@ -324,21 +342,24 @@ authenticated.post(
     "/target/:targetId",
     verifyApiKeyTargetAccess,
     verifyApiKeyHasAction(ActionsEnum.updateTarget),
-    target.updateTarget
+    target.updateTarget,
+    logActionAudit(ActionsEnum.updateTarget)
 );
 
 authenticated.delete(
     "/target/:targetId",
     verifyApiKeyTargetAccess,
     verifyApiKeyHasAction(ActionsEnum.deleteTarget),
-    target.deleteTarget
+    target.deleteTarget,
+    logActionAudit(ActionsEnum.deleteTarget)
 );
 
 authenticated.put(
     "/org/:orgId/role",
     verifyApiKeyOrgAccess,
     verifyApiKeyHasAction(ActionsEnum.createRole),
-    role.createRole
+    role.createRole,
+    logActionAudit(ActionsEnum.createRole)
 );
 
 authenticated.get(
@@ -352,7 +373,8 @@ authenticated.delete(
     "/role/:roleId",
     verifyApiKeyRoleAccess,
     verifyApiKeyHasAction(ActionsEnum.deleteRole),
-    role.deleteRole
+    role.deleteRole,
+    logActionAudit(ActionsEnum.deleteRole)
 );
 
 authenticated.get(
@@ -367,7 +389,8 @@ authenticated.post(
     verifyApiKeyRoleAccess,
     verifyApiKeyUserAccess,
     verifyApiKeyHasAction(ActionsEnum.addUserRole),
-    user.addUserRole
+    user.addUserRole,
+    logActionAudit(ActionsEnum.addUserRole)
 );
 
 authenticated.post(
@@ -375,7 +398,8 @@ authenticated.post(
     verifyApiKeyResourceAccess,
     verifyApiKeyRoleAccess,
     verifyApiKeyHasAction(ActionsEnum.setResourceRoles),
-    resource.setResourceRoles
+    resource.setResourceRoles,
+    logActionAudit(ActionsEnum.setResourceRoles)
 );
 
 authenticated.post(
@@ -383,35 +407,40 @@ authenticated.post(
     verifyApiKeyResourceAccess,
     verifyApiKeySetResourceUsers,
     verifyApiKeyHasAction(ActionsEnum.setResourceUsers),
-    resource.setResourceUsers
+    resource.setResourceUsers,
+    logActionAudit(ActionsEnum.setResourceUsers)
 );
 
 authenticated.post(
     `/resource/:resourceId/password`,
     verifyApiKeyResourceAccess,
     verifyApiKeyHasAction(ActionsEnum.setResourcePassword),
-    resource.setResourcePassword
+    resource.setResourcePassword,
+    logActionAudit(ActionsEnum.setResourcePassword)
 );
 
 authenticated.post(
     `/resource/:resourceId/pincode`,
     verifyApiKeyResourceAccess,
     verifyApiKeyHasAction(ActionsEnum.setResourcePincode),
-    resource.setResourcePincode
+    resource.setResourcePincode,
+    logActionAudit(ActionsEnum.setResourcePincode)
 );
 
 authenticated.post(
     `/resource/:resourceId/header-auth`,
     verifyApiKeyResourceAccess,
     verifyApiKeyHasAction(ActionsEnum.setResourceHeaderAuth),
-    resource.setResourceHeaderAuth
+    resource.setResourceHeaderAuth,
+    logActionAudit(ActionsEnum.setResourceHeaderAuth)
 );
 
 authenticated.post(
     `/resource/:resourceId/whitelist`,
     verifyApiKeyResourceAccess,
     verifyApiKeyHasAction(ActionsEnum.setResourceWhitelist),
-    resource.setResourceWhitelist
+    resource.setResourceWhitelist,
+    logActionAudit(ActionsEnum.setResourceWhitelist)
 );
 
 authenticated.get(
@@ -439,14 +468,16 @@ authenticated.post(
     `/resource/:resourceId/access-token`,
     verifyApiKeyResourceAccess,
     verifyApiKeyHasAction(ActionsEnum.generateAccessToken),
-    accessToken.generateAccessToken
+    accessToken.generateAccessToken,
+    logActionAudit(ActionsEnum.generateAccessToken)
 );
 
 authenticated.delete(
     `/access-token/:accessTokenId`,
     verifyApiKeyAccessTokenAccess,
     verifyApiKeyHasAction(ActionsEnum.deleteAcessToken),
-    accessToken.deleteAccessToken
+    accessToken.deleteAccessToken,
+    logActionAudit(ActionsEnum.deleteAcessToken)
 );
 
 authenticated.get(
@@ -474,7 +505,8 @@ authenticated.post(
     "/user/:userId/2fa",
     verifyApiKeyIsRoot,
     verifyApiKeyHasAction(ActionsEnum.updateUser),
-    user.updateUser2FA
+    user.updateUser2FA,
+    logActionAudit(ActionsEnum.updateUser)
 );
 
 authenticated.get(
@@ -495,7 +527,8 @@ authenticated.put(
     "/org/:orgId/user",
     verifyApiKeyOrgAccess,
     verifyApiKeyHasAction(ActionsEnum.createOrgUser),
-    user.createOrgUser
+    user.createOrgUser,
+    logActionAudit(ActionsEnum.createOrgUser)
 );
 
 authenticated.post(
@@ -503,7 +536,8 @@ authenticated.post(
     verifyApiKeyOrgAccess,
     verifyApiKeyUserAccess,
     verifyApiKeyHasAction(ActionsEnum.updateOrgUser),
-    user.updateOrgUser
+    user.updateOrgUser,
+    logActionAudit(ActionsEnum.updateOrgUser)
 );
 
 authenticated.delete(
@@ -511,7 +545,8 @@ authenticated.delete(
     verifyApiKeyOrgAccess,
     verifyApiKeyUserAccess,
     verifyApiKeyHasAction(ActionsEnum.removeUser),
-    user.removeUserOrg
+    user.removeUserOrg,
+    logActionAudit(ActionsEnum.removeUser)
 );
 
 // authenticated.put(
@@ -531,7 +566,8 @@ authenticated.post(
     `/org/:orgId/api-key/:apiKeyId/actions`,
     verifyApiKeyIsRoot,
     verifyApiKeyHasAction(ActionsEnum.setApiKeyActions),
-    apiKeys.setApiKeyActions
+    apiKeys.setApiKeyActions,
+    logActionAudit(ActionsEnum.setApiKeyActions)
 );
 
 authenticated.get(
@@ -545,28 +581,32 @@ authenticated.put(
     `/org/:orgId/api-key`,
     verifyApiKeyIsRoot,
     verifyApiKeyHasAction(ActionsEnum.createApiKey),
-    apiKeys.createOrgApiKey
+    apiKeys.createOrgApiKey,
+    logActionAudit(ActionsEnum.createApiKey)
 );
 
 authenticated.delete(
     `/org/:orgId/api-key/:apiKeyId`,
     verifyApiKeyIsRoot,
     verifyApiKeyHasAction(ActionsEnum.deleteApiKey),
-    apiKeys.deleteApiKey
+    apiKeys.deleteApiKey,
+    logActionAudit(ActionsEnum.deleteApiKey)
 );
 
 authenticated.put(
     "/idp/oidc",
     verifyApiKeyIsRoot,
     verifyApiKeyHasAction(ActionsEnum.createIdp),
-    idp.createOidcIdp
+    idp.createOidcIdp,
+    logActionAudit(ActionsEnum.createIdp)
 );
 
 authenticated.post(
     "/idp/:idpId/oidc",
     verifyApiKeyIsRoot,
     verifyApiKeyHasAction(ActionsEnum.updateIdp),
-    idp.updateOidcIdp
+    idp.updateOidcIdp,
+    logActionAudit(ActionsEnum.updateIdp)
 );
 
 authenticated.get(
@@ -587,21 +627,24 @@ authenticated.put(
     "/idp/:idpId/org/:orgId",
     verifyApiKeyIsRoot,
     verifyApiKeyHasAction(ActionsEnum.createIdpOrg),
-    idp.createIdpOrgPolicy
+    idp.createIdpOrgPolicy,
+    logActionAudit(ActionsEnum.createIdpOrg)
 );
 
 authenticated.post(
     "/idp/:idpId/org/:orgId",
     verifyApiKeyIsRoot,
     verifyApiKeyHasAction(ActionsEnum.updateIdpOrg),
-    idp.updateIdpOrgPolicy
+    idp.updateIdpOrgPolicy,
+    logActionAudit(ActionsEnum.updateIdpOrg)
 );
 
 authenticated.delete(
     "/idp/:idpId/org/:orgId",
     verifyApiKeyIsRoot,
     verifyApiKeyHasAction(ActionsEnum.deleteIdpOrg),
-    idp.deleteIdpOrgPolicy
+    idp.deleteIdpOrgPolicy,
+    logActionAudit(ActionsEnum.deleteIdpOrg)
 );
 
 authenticated.get(
@@ -640,7 +683,8 @@ authenticated.put(
     verifyClientsEnabled,
     verifyApiKeyOrgAccess,
     verifyApiKeyHasAction(ActionsEnum.createClient),
-    client.createClient
+    client.createClient,
+    logActionAudit(ActionsEnum.createClient)
 );
 
 authenticated.delete(
@@ -648,7 +692,8 @@ authenticated.delete(
     verifyClientsEnabled,
     verifyApiKeyClientAccess,
     verifyApiKeyHasAction(ActionsEnum.deleteClient),
-    client.deleteClient
+    client.deleteClient,
+    logActionAudit(ActionsEnum.deleteClient)
 );
 
 authenticated.post(
@@ -656,12 +701,14 @@ authenticated.post(
     verifyClientsEnabled,
     verifyApiKeyClientAccess,
     verifyApiKeyHasAction(ActionsEnum.updateClient),
-    client.updateClient
+    client.updateClient,
+    logActionAudit(ActionsEnum.updateClient)
 );
 
 authenticated.put(
     "/org/:orgId/blueprint",
     verifyApiKeyOrgAccess,
     verifyApiKeyHasAction(ActionsEnum.applyBlueprint),
-    org.applyBlueprint
+    org.applyBlueprint,
+    logActionAudit(ActionsEnum.applyBlueprint)
 );

From bc941239ecc16c89ebd4ca804ae2696571845147 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Sun, 19 Oct 2025 21:59:41 -0700
Subject: [PATCH 03/69] Fix the indexes

---
 server/db/pg/schema/schema.ts            | 4 ++--
 server/db/sqlite/schema/privateSchema.ts | 4 ++--
 server/db/sqlite/schema/schema.ts        | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/server/db/pg/schema/schema.ts b/server/db/pg/schema/schema.ts
index 2dc937d9..2170192b 100644
--- a/server/db/pg/schema/schema.ts
+++ b/server/db/pg/schema/schema.ts
@@ -690,8 +690,8 @@ export const requestAuditLog = pgTable("requestAuditLog", {
     userAgent: varchar("userAgent"),
     metadata: text("details")
 }, (table) => ([
-    index("idx_actionAuditLog_timestamp").on(table.timestamp),
-    index("idx_actionAuditLog_org_timestamp").on(table.orgId, table.timestamp)
+    index("idx_requestAuditLog_timestamp").on(table.timestamp),
+    index("idx_requestAuditLog_org_timestamp").on(table.orgId, table.timestamp)
 ]));
 
 export type Org = InferSelectModel<typeof orgs>;
diff --git a/server/db/sqlite/schema/privateSchema.ts b/server/db/sqlite/schema/privateSchema.ts
index bbd0aa3e..81c76799 100644
--- a/server/db/sqlite/schema/privateSchema.ts
+++ b/server/db/sqlite/schema/privateSchema.ts
@@ -243,8 +243,8 @@ export const identityAuditLog = sqliteTable("identityAuditLog", {
     userAgent: text("userAgent"),
     metadata: text("details")
 }, (table) => ([
-    index("idx_actionAuditLog_timestamp").on(table.timestamp),
-    index("idx_actionAuditLog_org_timestamp").on(table.orgId, table.timestamp)
+    index("idx_identityAuditLog_timestamp").on(table.timestamp),
+    index("idx_identityAuditLog_org_timestamp").on(table.orgId, table.timestamp)
 ]));
 
 export type Limit = InferSelectModel<typeof limits>;
diff --git a/server/db/sqlite/schema/schema.ts b/server/db/sqlite/schema/schema.ts
index 59b9bc2e..3dabb962 100644
--- a/server/db/sqlite/schema/schema.ts
+++ b/server/db/sqlite/schema/schema.ts
@@ -728,8 +728,8 @@ export const requestAuditLog = sqliteTable("requestAuditLog", {
     userAgent: text("userAgent"),
     metadata: text("details")
 }, (table) => ([
-    index("idx_actionAuditLog_timestamp").on(table.timestamp),
-    index("idx_actionAuditLog_org_timestamp").on(table.orgId, table.timestamp)
+    index("idx_requestAuditLog_timestamp").on(table.timestamp),
+    index("idx_requestAuditLog_org_timestamp").on(table.orgId, table.timestamp)
 ]));
 
 export type Org = InferSelectModel<typeof orgs>;

From 1ee52ad86b76c3e6a0e140e46294997db9301d00 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Sun, 19 Oct 2025 21:59:51 -0700
Subject: [PATCH 04/69] Add headers

---
 server/private/routers/auditLogs/index.ts           | 13 +++++++++++++
 .../routers/auditLogs/queryActionAuditLog.ts        | 13 +++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/server/private/routers/auditLogs/index.ts b/server/private/routers/auditLogs/index.ts
index e69de29b..de0b2d2b 100644
--- a/server/private/routers/auditLogs/index.ts
+++ b/server/private/routers/auditLogs/index.ts
@@ -0,0 +1,13 @@
+/*
+ * This file is part of a proprietary work.
+ *
+ * Copyright (c) 2025 Fossorial, Inc.
+ * All rights reserved.
+ *
+ * This file is licensed under the Fossorial Commercial License.
+ * You may not use this file except in compliance with the License.
+ * Unauthorized use, copying, modification, or distribution is strictly prohibited.
+ *
+ * This file is not licensed under the AGPLv3.
+ */
+
diff --git a/server/private/routers/auditLogs/queryActionAuditLog.ts b/server/private/routers/auditLogs/queryActionAuditLog.ts
index 4c10a3f0..27b8b658 100644
--- a/server/private/routers/auditLogs/queryActionAuditLog.ts
+++ b/server/private/routers/auditLogs/queryActionAuditLog.ts
@@ -1,3 +1,16 @@
+/*
+ * This file is part of a proprietary work.
+ *
+ * Copyright (c) 2025 Fossorial, Inc.
+ * All rights reserved.
+ *
+ * This file is licensed under the Fossorial Commercial License.
+ * You may not use this file except in compliance with the License.
+ * Unauthorized use, copying, modification, or distribution is strictly prohibited.
+ *
+ * This file is not licensed under the AGPLv3.
+ */
+
 import { actionAuditLog, db } from "@server/db";
 import { registry } from "@server/openApi";
 import { NextFunction } from "express";

From 58443ef53fadfa3a7c5fca6ef98e05753cf681cd Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Sun, 19 Oct 2025 22:25:00 -0700
Subject: [PATCH 05/69] Reorder log middleware

---
 server/private/routers/external.ts    | 23 ++++---
 server/private/routers/integration.ts |  4 +-
 server/routers/external.ts            | 88 ++++++++++++-------------
 server/routers/integration.ts         | 94 +++++++++++++--------------
 4 files changed, 103 insertions(+), 106 deletions(-)

diff --git a/server/private/routers/external.ts b/server/private/routers/external.ts
index a7c927f2..36a29788 100644
--- a/server/private/routers/external.ts
+++ b/server/private/routers/external.ts
@@ -26,7 +26,6 @@ import { Router } from "express";
 import {
     verifyOrgAccess,
     verifyUserHasAction,
-    verifyUserIsOrgOwner,
     verifyUserIsServerAdmin
 } from "@server/middlewares";
 import { ActionsEnum } from "@server/auth/actions";
@@ -73,8 +72,8 @@ authenticated.put(
     verifyValidLicense,
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.createIdp),
+    logActionAudit(ActionsEnum.createIdp),
     orgIdp.createOrgOidcIdp,
-    logActionAudit(ActionsEnum.createIdp)
 );
 
 authenticated.post(
@@ -83,8 +82,8 @@ authenticated.post(
     verifyOrgAccess,
     verifyIdpAccess,
     verifyUserHasAction(ActionsEnum.updateIdp),
+    logActionAudit(ActionsEnum.updateIdp),
     orgIdp.updateOrgOidcIdp,
-    logActionAudit(ActionsEnum.updateIdp)
 );
 
 authenticated.delete(
@@ -93,8 +92,8 @@ authenticated.delete(
     verifyOrgAccess,
     verifyIdpAccess,
     verifyUserHasAction(ActionsEnum.deleteIdp),
+    logActionAudit(ActionsEnum.deleteIdp),
     orgIdp.deleteOrgIdp,
-    logActionAudit(ActionsEnum.deleteIdp)
 );
 
 authenticated.get(
@@ -131,8 +130,8 @@ authenticated.post(
     verifyOrgAccess,
     verifyCertificateAccess,
     verifyUserHasAction(ActionsEnum.restartCertificate),
+    logActionAudit(ActionsEnum.restartCertificate),
     certificates.restartCertificate,
-    logActionAudit(ActionsEnum.restartCertificate)
 );
 
 if (build === "saas") {
@@ -157,16 +156,16 @@ if (build === "saas") {
         "/org/:orgId/billing/create-checkout-session",
         verifyOrgAccess,
         verifyUserHasAction(ActionsEnum.billing),
+        logActionAudit(ActionsEnum.billing),
         billing.createCheckoutSession,
-        logActionAudit(ActionsEnum.billing)
     );
 
     authenticated.post(
         "/org/:orgId/billing/create-portal-session",
         verifyOrgAccess,
         verifyUserHasAction(ActionsEnum.billing),
+        logActionAudit(ActionsEnum.billing),
         billing.createPortalSession,
-        logActionAudit(ActionsEnum.billing)
     );
 
     authenticated.get(
@@ -213,8 +212,8 @@ authenticated.put(
     verifyValidLicense,
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.createRemoteExitNode),
+    logActionAudit(ActionsEnum.createRemoteExitNode),
     remoteExitNode.createRemoteExitNode,
-    logActionAudit(ActionsEnum.createRemoteExitNode)
 );
 
 authenticated.get(
@@ -248,8 +247,8 @@ authenticated.delete(
     verifyOrgAccess,
     verifyRemoteExitNodeAccess,
     verifyUserHasAction(ActionsEnum.deleteRemoteExitNode),
+    logActionAudit(ActionsEnum.deleteRemoteExitNode),
     remoteExitNode.deleteRemoteExitNode,
-    logActionAudit(ActionsEnum.deleteRemoteExitNode)
 );
 
 authenticated.put(
@@ -257,8 +256,8 @@ authenticated.put(
     verifyValidLicense,
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.createLoginPage),
+    logActionAudit(ActionsEnum.createLoginPage),
     loginPage.createLoginPage,
-    logActionAudit(ActionsEnum.createLoginPage)
 );
 
 authenticated.post(
@@ -267,8 +266,8 @@ authenticated.post(
     verifyOrgAccess,
     verifyLoginPageAccess,
     verifyUserHasAction(ActionsEnum.updateLoginPage),
+    logActionAudit(ActionsEnum.updateLoginPage),
     loginPage.updateLoginPage,
-    logActionAudit(ActionsEnum.updateLoginPage)
 );
 
 authenticated.delete(
@@ -277,8 +276,8 @@ authenticated.delete(
     verifyOrgAccess,
     verifyLoginPageAccess,
     verifyUserHasAction(ActionsEnum.deleteLoginPage),
+    logActionAudit(ActionsEnum.deleteLoginPage),
     loginPage.deleteLoginPage,
-    logActionAudit(ActionsEnum.deleteLoginPage)
 );
 
 authenticated.get(
diff --git a/server/private/routers/integration.ts b/server/private/routers/integration.ts
index 00bc167a..21c74624 100644
--- a/server/private/routers/integration.ts
+++ b/server/private/routers/integration.ts
@@ -32,14 +32,14 @@ authenticated.post(
     `/org/:orgId/send-usage-notification`,
     verifyApiKeyIsRoot, // We are the only ones who can use root key so its fine
     verifyApiKeyHasAction(ActionsEnum.sendUsageNotification),
+    logActionAudit(ActionsEnum.sendUsageNotification),
     org.sendUsageNotification,
-    logActionAudit(ActionsEnum.sendUsageNotification)
 );
 
 authenticated.delete(
     "/idp/:idpId",
     verifyApiKeyIsRoot,
     verifyApiKeyHasAction(ActionsEnum.deleteIdp),
+    logActionAudit(ActionsEnum.deleteIdp),
     orgIdp.deleteOrgIdp,
-    logActionAudit(ActionsEnum.deleteIdp)
 );
\ No newline at end of file
diff --git a/server/routers/external.ts b/server/routers/external.ts
index 55b98242..ecdfe352 100644
--- a/server/routers/external.ts
+++ b/server/routers/external.ts
@@ -76,8 +76,8 @@ authenticated.post(
     "/org/:orgId",
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.updateOrg),
+    logActionAudit(ActionsEnum.updateOrg),
     org.updateOrg,
-    logActionAudit(ActionsEnum.updateOrg)
 );
 
 if (build !== "saas") {
@@ -86,8 +86,8 @@ if (build !== "saas") {
         verifyOrgAccess,
         verifyUserIsOrgOwner,
         verifyUserHasAction(ActionsEnum.deleteOrg),
+        logActionAudit(ActionsEnum.deleteOrg),
         org.deleteOrg,
-        logActionAudit(ActionsEnum.deleteOrg)
     );
 }
 
@@ -95,8 +95,8 @@ authenticated.put(
     "/org/:orgId/site",
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.createSite),
-    site.createSite,
-    logActionAudit(ActionsEnum.createSite)
+    logActionAudit(ActionsEnum.createSite),
+    site.createSite
 );
 authenticated.get(
     "/org/:orgId/sites",
@@ -153,8 +153,8 @@ authenticated.put(
     verifyClientsEnabled,
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.createClient),
+    logActionAudit(ActionsEnum.createClient),
     client.createClient,
-    logActionAudit(ActionsEnum.createClient)
 );
 
 authenticated.delete(
@@ -162,8 +162,8 @@ authenticated.delete(
     verifyClientsEnabled,
     verifyClientAccess,
     verifyUserHasAction(ActionsEnum.deleteClient),
+    logActionAudit(ActionsEnum.deleteClient),
     client.deleteClient,
-    logActionAudit(ActionsEnum.deleteClient)
 );
 
 authenticated.post(
@@ -171,8 +171,8 @@ authenticated.post(
     verifyClientsEnabled,
     verifyClientAccess, // this will check if the user has access to the client
     verifyUserHasAction(ActionsEnum.updateClient), // this will check if the user has permission to update the client
+    logActionAudit(ActionsEnum.updateClient),
     client.updateClient,
-    logActionAudit(ActionsEnum.updateClient)
 );
 
 // authenticated.get(
@@ -185,15 +185,15 @@ authenticated.post(
     "/site/:siteId",
     verifySiteAccess,
     verifyUserHasAction(ActionsEnum.updateSite),
+    logActionAudit(ActionsEnum.updateSite),
     site.updateSite,
-    logActionAudit(ActionsEnum.updateSite)
 );
 authenticated.delete(
     "/site/:siteId",
     verifySiteAccess,
     verifyUserHasAction(ActionsEnum.deleteSite),
+    logActionAudit(ActionsEnum.deleteSite),
     site.deleteSite,
-    logActionAudit(ActionsEnum.deleteSite)
 );
 
 // TODO: BREAK OUT THESE ACTIONS SO THEY ARE NOT ALL "getSite"
@@ -214,14 +214,12 @@ authenticated.post(
     verifySiteAccess,
     verifyUserHasAction(ActionsEnum.getSite),
     site.checkDockerSocket,
-    // logActionAudit(ActionsEnum.getSite)
 );
 authenticated.post(
     "/site/:siteId/docker/trigger",
     verifySiteAccess,
     verifyUserHasAction(ActionsEnum.getSite),
     site.triggerFetchContainers,
-    // logActionAudit(ActionsEnum.getSite)
 );
 authenticated.get(
     "/site/:siteId/docker/containers",
@@ -236,8 +234,8 @@ authenticated.put(
     verifyOrgAccess,
     verifySiteAccess,
     verifyUserHasAction(ActionsEnum.createSiteResource),
+    logActionAudit(ActionsEnum.createSiteResource),
     siteResource.createSiteResource,
-    logActionAudit(ActionsEnum.createSiteResource)
 );
 
 authenticated.get(
@@ -270,8 +268,8 @@ authenticated.post(
     verifySiteAccess,
     verifySiteResourceAccess,
     verifyUserHasAction(ActionsEnum.updateSiteResource),
+    logActionAudit(ActionsEnum.updateSiteResource),
     siteResource.updateSiteResource,
-    logActionAudit(ActionsEnum.updateSiteResource)
 );
 
 authenticated.delete(
@@ -280,16 +278,16 @@ authenticated.delete(
     verifySiteAccess,
     verifySiteResourceAccess,
     verifyUserHasAction(ActionsEnum.deleteSiteResource),
+    logActionAudit(ActionsEnum.deleteSiteResource),
     siteResource.deleteSiteResource,
-    logActionAudit(ActionsEnum.deleteSiteResource)
 );
 
 authenticated.put(
     "/org/:orgId/resource",
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.createResource),
+    logActionAudit(ActionsEnum.createResource),
     resource.createResource,
-    logActionAudit(ActionsEnum.createResource)
 );
 
 authenticated.get(
@@ -329,16 +327,16 @@ authenticated.delete(
     "/org/:orgId/invitations/:inviteId",
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.removeInvitation),
+    logActionAudit(ActionsEnum.removeInvitation),
     user.removeInvitation,
-    logActionAudit(ActionsEnum.removeInvitation)
 );
 
 authenticated.post(
     "/org/:orgId/create-invite",
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.inviteUser),
+    logActionAudit(ActionsEnum.inviteUser),
     user.inviteUser,
-    logActionAudit(ActionsEnum.inviteUser)
 ); // maybe make this /invite/create instead
 
 unauthenticated.post("/invite/accept", user.acceptInvite); // this is supposed to be unauthenticated
@@ -373,23 +371,23 @@ authenticated.post(
     "/resource/:resourceId",
     verifyResourceAccess,
     verifyUserHasAction(ActionsEnum.updateResource),
+    logActionAudit(ActionsEnum.updateResource),
     resource.updateResource,
-    logActionAudit(ActionsEnum.updateResource)
 );
 authenticated.delete(
     "/resource/:resourceId",
     verifyResourceAccess,
     verifyUserHasAction(ActionsEnum.deleteResource),
+    logActionAudit(ActionsEnum.deleteResource),
     resource.deleteResource,
-    logActionAudit(ActionsEnum.deleteResource)
 );
 
 authenticated.put(
     "/resource/:resourceId/target",
     verifyResourceAccess,
     verifyUserHasAction(ActionsEnum.createTarget),
+    logActionAudit(ActionsEnum.createTarget),
     target.createTarget,
-    logActionAudit(ActionsEnum.createTarget)
 );
 authenticated.get(
     "/resource/:resourceId/targets",
@@ -402,8 +400,8 @@ authenticated.put(
     "/resource/:resourceId/rule",
     verifyResourceAccess,
     verifyUserHasAction(ActionsEnum.createResourceRule),
+    logActionAudit(ActionsEnum.createResourceRule),
     resource.createResourceRule,
-    logActionAudit(ActionsEnum.createResourceRule)
 );
 authenticated.get(
     "/resource/:resourceId/rules",
@@ -415,15 +413,15 @@ authenticated.post(
     "/resource/:resourceId/rule/:ruleId",
     verifyResourceAccess,
     verifyUserHasAction(ActionsEnum.updateResourceRule),
+    logActionAudit(ActionsEnum.updateResourceRule),
     resource.updateResourceRule,
-    logActionAudit(ActionsEnum.updateResourceRule)
 );
 authenticated.delete(
     "/resource/:resourceId/rule/:ruleId",
     verifyResourceAccess,
     verifyUserHasAction(ActionsEnum.deleteResourceRule),
+    logActionAudit(ActionsEnum.deleteResourceRule),
     resource.deleteResourceRule,
-    logActionAudit(ActionsEnum.deleteResourceRule)
 );
 
 authenticated.get(
@@ -436,23 +434,23 @@ authenticated.post(
     "/target/:targetId",
     verifyTargetAccess,
     verifyUserHasAction(ActionsEnum.updateTarget),
+    logActionAudit(ActionsEnum.updateTarget),
     target.updateTarget,
-    logActionAudit(ActionsEnum.updateTarget)
 );
 authenticated.delete(
     "/target/:targetId",
     verifyTargetAccess,
     verifyUserHasAction(ActionsEnum.deleteTarget),
+    logActionAudit(ActionsEnum.deleteTarget),
     target.deleteTarget,
-    logActionAudit(ActionsEnum.deleteTarget)
 );
 
 authenticated.put(
     "/org/:orgId/role",
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.createRole),
+    logActionAudit(ActionsEnum.createRole),
     role.createRole,
-    logActionAudit(ActionsEnum.createRole)
 );
 authenticated.get(
     "/org/:orgId/roles",
@@ -477,16 +475,16 @@ authenticated.delete(
     "/role/:roleId",
     verifyRoleAccess,
     verifyUserHasAction(ActionsEnum.deleteRole),
+    logActionAudit(ActionsEnum.deleteRole),
     role.deleteRole,
-    logActionAudit(ActionsEnum.deleteRole)
 );
 authenticated.post(
     "/role/:roleId/add/:userId",
     verifyRoleAccess,
     verifyUserAccess,
     verifyUserHasAction(ActionsEnum.addUserRole),
+    logActionAudit(ActionsEnum.addUserRole),
     user.addUserRole,
-    logActionAudit(ActionsEnum.addUserRole)
 );
 
 authenticated.post(
@@ -494,8 +492,8 @@ authenticated.post(
     verifyResourceAccess,
     verifyRoleAccess,
     verifyUserHasAction(ActionsEnum.setResourceRoles),
+    logActionAudit(ActionsEnum.setResourceRoles),
     resource.setResourceRoles,
-    logActionAudit(ActionsEnum.setResourceRoles)
 );
 
 authenticated.post(
@@ -503,40 +501,40 @@ authenticated.post(
     verifyResourceAccess,
     verifySetResourceUsers,
     verifyUserHasAction(ActionsEnum.setResourceUsers),
+    logActionAudit(ActionsEnum.setResourceUsers),
     resource.setResourceUsers,
-    logActionAudit(ActionsEnum.setResourceUsers)
 );
 
 authenticated.post(
     `/resource/:resourceId/password`,
     verifyResourceAccess,
     verifyUserHasAction(ActionsEnum.setResourcePassword),
+    logActionAudit(ActionsEnum.setResourcePassword),
     resource.setResourcePassword,
-    logActionAudit(ActionsEnum.setResourcePassword)
 );
 
 authenticated.post(
     `/resource/:resourceId/pincode`,
     verifyResourceAccess,
     verifyUserHasAction(ActionsEnum.setResourcePincode),
+    logActionAudit(ActionsEnum.setResourcePincode),
     resource.setResourcePincode,
-    logActionAudit(ActionsEnum.setResourcePincode)
 );
 
 authenticated.post(
     `/resource/:resourceId/header-auth`,
     verifyResourceAccess,
     verifyUserHasAction(ActionsEnum.setResourceHeaderAuth),
+    logActionAudit(ActionsEnum.setResourceHeaderAuth),
     resource.setResourceHeaderAuth,
-    logActionAudit(ActionsEnum.setResourceHeaderAuth)
 );
 
 authenticated.post(
     `/resource/:resourceId/whitelist`,
     verifyResourceAccess,
     verifyUserHasAction(ActionsEnum.setResourceWhitelist),
+    logActionAudit(ActionsEnum.setResourceWhitelist),
     resource.setResourceWhitelist,
-    logActionAudit(ActionsEnum.setResourceWhitelist)
 );
 
 authenticated.get(
@@ -550,16 +548,16 @@ authenticated.post(
     `/resource/:resourceId/access-token`,
     verifyResourceAccess,
     verifyUserHasAction(ActionsEnum.generateAccessToken),
+    logActionAudit(ActionsEnum.generateAccessToken),
     accessToken.generateAccessToken,
-    logActionAudit(ActionsEnum.generateAccessToken)
 );
 
 authenticated.delete(
     `/access-token/:accessTokenId`,
     verifyAccessTokenAccess,
     verifyUserHasAction(ActionsEnum.deleteAcessToken),
+    logActionAudit(ActionsEnum.deleteAcessToken),
     accessToken.deleteAccessToken,
-    logActionAudit(ActionsEnum.deleteAcessToken)
 );
 
 authenticated.get(
@@ -632,8 +630,8 @@ authenticated.put(
     "/org/:orgId/user",
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.createOrgUser),
+    logActionAudit(ActionsEnum.createOrgUser),
     user.createOrgUser,
-    logActionAudit(ActionsEnum.createOrgUser)
 );
 
 authenticated.post(
@@ -641,8 +639,8 @@ authenticated.post(
     verifyOrgAccess,
     verifyUserAccess,
     verifyUserHasAction(ActionsEnum.updateOrgUser),
+    logActionAudit(ActionsEnum.updateOrgUser),
     user.updateOrgUser,
-    logActionAudit(ActionsEnum.updateOrgUser)
 );
 
 authenticated.get("/org/:orgId/user/:userId", verifyOrgAccess, user.getOrgUser);
@@ -664,8 +662,8 @@ authenticated.delete(
     verifyOrgAccess,
     verifyUserAccess,
     verifyUserHasAction(ActionsEnum.removeUser),
+    logActionAudit(ActionsEnum.removeUser),
     user.removeUserOrg,
-    logActionAudit(ActionsEnum.removeUser)
 );
 
 // authenticated.put(
@@ -798,8 +796,8 @@ authenticated.post(
     verifyOrgAccess,
     verifyApiKeyAccess,
     verifyUserHasAction(ActionsEnum.setApiKeyActions),
+    logActionAudit(ActionsEnum.setApiKeyActions),
     apiKeys.setApiKeyActions,
-    logActionAudit(ActionsEnum.setApiKeyActions)
 );
 
 authenticated.get(
@@ -814,8 +812,8 @@ authenticated.put(
     `/org/:orgId/api-key`,
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.createApiKey),
+    logActionAudit(ActionsEnum.createApiKey),
     apiKeys.createOrgApiKey,
-    logActionAudit(ActionsEnum.createApiKey)
 );
 
 authenticated.delete(
@@ -823,8 +821,8 @@ authenticated.delete(
     verifyOrgAccess,
     verifyApiKeyAccess,
     verifyUserHasAction(ActionsEnum.deleteApiKey),
+    logActionAudit(ActionsEnum.deleteApiKey),
     apiKeys.deleteOrgApiKey,
-    logActionAudit(ActionsEnum.deleteApiKey)
 );
 
 authenticated.get(
@@ -839,8 +837,8 @@ authenticated.put(
     `/org/:orgId/domain`,
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.createOrgDomain),
+    logActionAudit(ActionsEnum.createOrgDomain),
     domain.createOrgDomain,
-    logActionAudit(ActionsEnum.createOrgDomain)
 );
 
 authenticated.post(
@@ -848,8 +846,8 @@ authenticated.post(
     verifyOrgAccess,
     verifyDomainAccess,
     verifyUserHasAction(ActionsEnum.restartOrgDomain),
+    logActionAudit(ActionsEnum.restartOrgDomain),
     domain.restartOrgDomain,
-    logActionAudit(ActionsEnum.restartOrgDomain)
 );
 
 authenticated.delete(
@@ -857,8 +855,8 @@ authenticated.delete(
     verifyOrgAccess,
     verifyDomainAccess,
     verifyUserHasAction(ActionsEnum.deleteOrgDomain),
+    logActionAudit(ActionsEnum.deleteOrgDomain),
     domain.deleteAccountDomain,
-    logActionAudit(ActionsEnum.deleteOrgDomain)
 );
 
 // Auth routes
diff --git a/server/routers/integration.ts b/server/routers/integration.ts
index f54189e6..1359ea5e 100644
--- a/server/routers/integration.ts
+++ b/server/routers/integration.ts
@@ -51,8 +51,8 @@ authenticated.put(
     "/org",
     verifyApiKeyIsRoot,
     verifyApiKeyHasAction(ActionsEnum.createOrg),
+    logActionAudit(ActionsEnum.createOrg),
     org.createOrg,
-    logActionAudit(ActionsEnum.createOrg)
 );
 
 authenticated.get(
@@ -73,24 +73,24 @@ authenticated.post(
     "/org/:orgId",
     verifyApiKeyOrgAccess,
     verifyApiKeyHasAction(ActionsEnum.updateOrg),
+    logActionAudit(ActionsEnum.updateOrg),
     org.updateOrg,
-    logActionAudit(ActionsEnum.updateOrg)
 );
 
 authenticated.delete(
     "/org/:orgId",
     verifyApiKeyIsRoot,
     verifyApiKeyHasAction(ActionsEnum.deleteOrg),
+    logActionAudit(ActionsEnum.deleteOrg),
     org.deleteOrg,
-    logActionAudit(ActionsEnum.deleteOrg)
 );
 
 authenticated.put(
     "/org/:orgId/site",
     verifyApiKeyOrgAccess,
     verifyApiKeyHasAction(ActionsEnum.createSite),
+    logActionAudit(ActionsEnum.createSite),
     site.createSite,
-    logActionAudit(ActionsEnum.createSite)
 );
 
 authenticated.get(
@@ -125,16 +125,16 @@ authenticated.post(
     "/site/:siteId",
     verifyApiKeySiteAccess,
     verifyApiKeyHasAction(ActionsEnum.updateSite),
+    logActionAudit(ActionsEnum.updateSite),
     site.updateSite,
-    logActionAudit(ActionsEnum.updateSite)
 );
 
 authenticated.delete(
     "/site/:siteId",
     verifyApiKeySiteAccess,
     verifyApiKeyHasAction(ActionsEnum.deleteSite),
+    logActionAudit(ActionsEnum.deleteSite),
     site.deleteSite,
-    logActionAudit(ActionsEnum.deleteSite)
 );
 
 authenticated.get(
@@ -148,8 +148,8 @@ authenticated.put(
     verifyApiKeyOrgAccess,
     verifyApiKeySiteAccess,
     verifyApiKeyHasAction(ActionsEnum.createSiteResource),
+    logActionAudit(ActionsEnum.createSiteResource),
     siteResource.createSiteResource,
-    logActionAudit(ActionsEnum.createSiteResource)
 );
 
 authenticated.get(
@@ -182,8 +182,8 @@ authenticated.post(
     verifyApiKeySiteAccess,
     verifyApiKeySiteResourceAccess,
     verifyApiKeyHasAction(ActionsEnum.updateSiteResource),
+    logActionAudit(ActionsEnum.updateSiteResource),
     siteResource.updateSiteResource,
-    logActionAudit(ActionsEnum.updateSiteResource)
 );
 
 authenticated.delete(
@@ -192,24 +192,24 @@ authenticated.delete(
     verifyApiKeySiteAccess,
     verifyApiKeySiteResourceAccess,
     verifyApiKeyHasAction(ActionsEnum.deleteSiteResource),
+    logActionAudit(ActionsEnum.deleteSiteResource),
     siteResource.deleteSiteResource,
-    logActionAudit(ActionsEnum.deleteSiteResource)
 );
 
 authenticated.put(
     "/org/:orgId/resource",
     verifyApiKeyOrgAccess,
     verifyApiKeyHasAction(ActionsEnum.createResource),
+    logActionAudit(ActionsEnum.createResource),
     resource.createResource,
-    logActionAudit(ActionsEnum.createResource)
 );
 
 authenticated.put(
     "/org/:orgId/site/:siteId/resource",
     verifyApiKeyOrgAccess,
     verifyApiKeyHasAction(ActionsEnum.createResource),
+    logActionAudit(ActionsEnum.createResource),
     resource.createResource,
-    logActionAudit(ActionsEnum.createResource)
 );
 
 authenticated.get(
@@ -244,8 +244,8 @@ authenticated.post(
     "/org/:orgId/create-invite",
     verifyApiKeyOrgAccess,
     verifyApiKeyHasAction(ActionsEnum.inviteUser),
+    logActionAudit(ActionsEnum.inviteUser),
     user.inviteUser,
-    logActionAudit(ActionsEnum.inviteUser)
 );
 
 authenticated.get(
@@ -273,24 +273,24 @@ authenticated.post(
     "/resource/:resourceId",
     verifyApiKeyResourceAccess,
     verifyApiKeyHasAction(ActionsEnum.updateResource),
+    logActionAudit(ActionsEnum.updateResource),
     resource.updateResource,
-    logActionAudit(ActionsEnum.updateResource)
 );
 
 authenticated.delete(
     "/resource/:resourceId",
     verifyApiKeyResourceAccess,
     verifyApiKeyHasAction(ActionsEnum.deleteResource),
+    logActionAudit(ActionsEnum.deleteResource),
     resource.deleteResource,
-    logActionAudit(ActionsEnum.deleteResource)
 );
 
 authenticated.put(
     "/resource/:resourceId/target",
     verifyApiKeyResourceAccess,
     verifyApiKeyHasAction(ActionsEnum.createTarget),
+    logActionAudit(ActionsEnum.createTarget),
     target.createTarget,
-    logActionAudit(ActionsEnum.createTarget)
 );
 
 authenticated.get(
@@ -304,8 +304,8 @@ authenticated.put(
     "/resource/:resourceId/rule",
     verifyApiKeyResourceAccess,
     verifyApiKeyHasAction(ActionsEnum.createResourceRule),
+    logActionAudit(ActionsEnum.createResourceRule),
     resource.createResourceRule,
-    logActionAudit(ActionsEnum.createResourceRule)
 );
 
 authenticated.get(
@@ -319,16 +319,16 @@ authenticated.post(
     "/resource/:resourceId/rule/:ruleId",
     verifyApiKeyResourceAccess,
     verifyApiKeyHasAction(ActionsEnum.updateResourceRule),
+    logActionAudit(ActionsEnum.updateResourceRule),
     resource.updateResourceRule,
-    logActionAudit(ActionsEnum.updateResourceRule)
 );
 
 authenticated.delete(
     "/resource/:resourceId/rule/:ruleId",
     verifyApiKeyResourceAccess,
     verifyApiKeyHasAction(ActionsEnum.deleteResourceRule),
+    logActionAudit(ActionsEnum.deleteResourceRule),
     resource.deleteResourceRule,
-    logActionAudit(ActionsEnum.deleteResourceRule)
 );
 
 authenticated.get(
@@ -342,24 +342,24 @@ authenticated.post(
     "/target/:targetId",
     verifyApiKeyTargetAccess,
     verifyApiKeyHasAction(ActionsEnum.updateTarget),
+    logActionAudit(ActionsEnum.updateTarget),
     target.updateTarget,
-    logActionAudit(ActionsEnum.updateTarget)
 );
 
 authenticated.delete(
     "/target/:targetId",
     verifyApiKeyTargetAccess,
     verifyApiKeyHasAction(ActionsEnum.deleteTarget),
+    logActionAudit(ActionsEnum.deleteTarget),
     target.deleteTarget,
-    logActionAudit(ActionsEnum.deleteTarget)
 );
 
 authenticated.put(
     "/org/:orgId/role",
     verifyApiKeyOrgAccess,
     verifyApiKeyHasAction(ActionsEnum.createRole),
+    logActionAudit(ActionsEnum.createRole),
     role.createRole,
-    logActionAudit(ActionsEnum.createRole)
 );
 
 authenticated.get(
@@ -373,8 +373,8 @@ authenticated.delete(
     "/role/:roleId",
     verifyApiKeyRoleAccess,
     verifyApiKeyHasAction(ActionsEnum.deleteRole),
+    logActionAudit(ActionsEnum.deleteRole),
     role.deleteRole,
-    logActionAudit(ActionsEnum.deleteRole)
 );
 
 authenticated.get(
@@ -389,8 +389,8 @@ authenticated.post(
     verifyApiKeyRoleAccess,
     verifyApiKeyUserAccess,
     verifyApiKeyHasAction(ActionsEnum.addUserRole),
+    logActionAudit(ActionsEnum.addUserRole),
     user.addUserRole,
-    logActionAudit(ActionsEnum.addUserRole)
 );
 
 authenticated.post(
@@ -398,8 +398,8 @@ authenticated.post(
     verifyApiKeyResourceAccess,
     verifyApiKeyRoleAccess,
     verifyApiKeyHasAction(ActionsEnum.setResourceRoles),
+    logActionAudit(ActionsEnum.setResourceRoles),
     resource.setResourceRoles,
-    logActionAudit(ActionsEnum.setResourceRoles)
 );
 
 authenticated.post(
@@ -407,40 +407,40 @@ authenticated.post(
     verifyApiKeyResourceAccess,
     verifyApiKeySetResourceUsers,
     verifyApiKeyHasAction(ActionsEnum.setResourceUsers),
+    logActionAudit(ActionsEnum.setResourceUsers),
     resource.setResourceUsers,
-    logActionAudit(ActionsEnum.setResourceUsers)
 );
 
 authenticated.post(
     `/resource/:resourceId/password`,
     verifyApiKeyResourceAccess,
     verifyApiKeyHasAction(ActionsEnum.setResourcePassword),
+    logActionAudit(ActionsEnum.setResourcePassword),
     resource.setResourcePassword,
-    logActionAudit(ActionsEnum.setResourcePassword)
 );
 
 authenticated.post(
     `/resource/:resourceId/pincode`,
     verifyApiKeyResourceAccess,
     verifyApiKeyHasAction(ActionsEnum.setResourcePincode),
+    logActionAudit(ActionsEnum.setResourcePincode),
     resource.setResourcePincode,
-    logActionAudit(ActionsEnum.setResourcePincode)
 );
 
 authenticated.post(
     `/resource/:resourceId/header-auth`,
     verifyApiKeyResourceAccess,
     verifyApiKeyHasAction(ActionsEnum.setResourceHeaderAuth),
+    logActionAudit(ActionsEnum.setResourceHeaderAuth),
     resource.setResourceHeaderAuth,
-    logActionAudit(ActionsEnum.setResourceHeaderAuth)
 );
 
 authenticated.post(
     `/resource/:resourceId/whitelist`,
     verifyApiKeyResourceAccess,
     verifyApiKeyHasAction(ActionsEnum.setResourceWhitelist),
+    logActionAudit(ActionsEnum.setResourceWhitelist),
     resource.setResourceWhitelist,
-    logActionAudit(ActionsEnum.setResourceWhitelist)
 );
 
 authenticated.get(
@@ -468,16 +468,16 @@ authenticated.post(
     `/resource/:resourceId/access-token`,
     verifyApiKeyResourceAccess,
     verifyApiKeyHasAction(ActionsEnum.generateAccessToken),
+    logActionAudit(ActionsEnum.generateAccessToken),
     accessToken.generateAccessToken,
-    logActionAudit(ActionsEnum.generateAccessToken)
 );
 
 authenticated.delete(
     `/access-token/:accessTokenId`,
     verifyApiKeyAccessTokenAccess,
     verifyApiKeyHasAction(ActionsEnum.deleteAcessToken),
+    logActionAudit(ActionsEnum.deleteAcessToken),
     accessToken.deleteAccessToken,
-    logActionAudit(ActionsEnum.deleteAcessToken)
 );
 
 authenticated.get(
@@ -505,8 +505,8 @@ authenticated.post(
     "/user/:userId/2fa",
     verifyApiKeyIsRoot,
     verifyApiKeyHasAction(ActionsEnum.updateUser),
+    logActionAudit(ActionsEnum.updateUser),
     user.updateUser2FA,
-    logActionAudit(ActionsEnum.updateUser)
 );
 
 authenticated.get(
@@ -527,8 +527,8 @@ authenticated.put(
     "/org/:orgId/user",
     verifyApiKeyOrgAccess,
     verifyApiKeyHasAction(ActionsEnum.createOrgUser),
+    logActionAudit(ActionsEnum.createOrgUser),
     user.createOrgUser,
-    logActionAudit(ActionsEnum.createOrgUser)
 );
 
 authenticated.post(
@@ -536,8 +536,8 @@ authenticated.post(
     verifyApiKeyOrgAccess,
     verifyApiKeyUserAccess,
     verifyApiKeyHasAction(ActionsEnum.updateOrgUser),
+    logActionAudit(ActionsEnum.updateOrgUser),
     user.updateOrgUser,
-    logActionAudit(ActionsEnum.updateOrgUser)
 );
 
 authenticated.delete(
@@ -545,8 +545,8 @@ authenticated.delete(
     verifyApiKeyOrgAccess,
     verifyApiKeyUserAccess,
     verifyApiKeyHasAction(ActionsEnum.removeUser),
+    logActionAudit(ActionsEnum.removeUser),
     user.removeUserOrg,
-    logActionAudit(ActionsEnum.removeUser)
 );
 
 // authenticated.put(
@@ -566,8 +566,8 @@ authenticated.post(
     `/org/:orgId/api-key/:apiKeyId/actions`,
     verifyApiKeyIsRoot,
     verifyApiKeyHasAction(ActionsEnum.setApiKeyActions),
+    logActionAudit(ActionsEnum.setApiKeyActions),
     apiKeys.setApiKeyActions,
-    logActionAudit(ActionsEnum.setApiKeyActions)
 );
 
 authenticated.get(
@@ -581,32 +581,32 @@ authenticated.put(
     `/org/:orgId/api-key`,
     verifyApiKeyIsRoot,
     verifyApiKeyHasAction(ActionsEnum.createApiKey),
+    logActionAudit(ActionsEnum.createApiKey),
     apiKeys.createOrgApiKey,
-    logActionAudit(ActionsEnum.createApiKey)
 );
 
 authenticated.delete(
     `/org/:orgId/api-key/:apiKeyId`,
     verifyApiKeyIsRoot,
     verifyApiKeyHasAction(ActionsEnum.deleteApiKey),
+    logActionAudit(ActionsEnum.deleteApiKey),
     apiKeys.deleteApiKey,
-    logActionAudit(ActionsEnum.deleteApiKey)
 );
 
 authenticated.put(
     "/idp/oidc",
     verifyApiKeyIsRoot,
     verifyApiKeyHasAction(ActionsEnum.createIdp),
+    logActionAudit(ActionsEnum.createIdp),
     idp.createOidcIdp,
-    logActionAudit(ActionsEnum.createIdp)
 );
 
 authenticated.post(
     "/idp/:idpId/oidc",
     verifyApiKeyIsRoot,
     verifyApiKeyHasAction(ActionsEnum.updateIdp),
+    logActionAudit(ActionsEnum.updateIdp),
     idp.updateOidcIdp,
-    logActionAudit(ActionsEnum.updateIdp)
 );
 
 authenticated.get(
@@ -627,24 +627,24 @@ authenticated.put(
     "/idp/:idpId/org/:orgId",
     verifyApiKeyIsRoot,
     verifyApiKeyHasAction(ActionsEnum.createIdpOrg),
+    logActionAudit(ActionsEnum.createIdpOrg),
     idp.createIdpOrgPolicy,
-    logActionAudit(ActionsEnum.createIdpOrg)
 );
 
 authenticated.post(
     "/idp/:idpId/org/:orgId",
     verifyApiKeyIsRoot,
     verifyApiKeyHasAction(ActionsEnum.updateIdpOrg),
+    logActionAudit(ActionsEnum.updateIdpOrg),
     idp.updateIdpOrgPolicy,
-    logActionAudit(ActionsEnum.updateIdpOrg)
 );
 
 authenticated.delete(
     "/idp/:idpId/org/:orgId",
     verifyApiKeyIsRoot,
     verifyApiKeyHasAction(ActionsEnum.deleteIdpOrg),
+    logActionAudit(ActionsEnum.deleteIdpOrg),
     idp.deleteIdpOrgPolicy,
-    logActionAudit(ActionsEnum.deleteIdpOrg)
 );
 
 authenticated.get(
@@ -683,8 +683,8 @@ authenticated.put(
     verifyClientsEnabled,
     verifyApiKeyOrgAccess,
     verifyApiKeyHasAction(ActionsEnum.createClient),
+    logActionAudit(ActionsEnum.createClient),
     client.createClient,
-    logActionAudit(ActionsEnum.createClient)
 );
 
 authenticated.delete(
@@ -692,8 +692,8 @@ authenticated.delete(
     verifyClientsEnabled,
     verifyApiKeyClientAccess,
     verifyApiKeyHasAction(ActionsEnum.deleteClient),
+    logActionAudit(ActionsEnum.deleteClient),
     client.deleteClient,
-    logActionAudit(ActionsEnum.deleteClient)
 );
 
 authenticated.post(
@@ -701,14 +701,14 @@ authenticated.post(
     verifyClientsEnabled,
     verifyApiKeyClientAccess,
     verifyApiKeyHasAction(ActionsEnum.updateClient),
+    logActionAudit(ActionsEnum.updateClient),
     client.updateClient,
-    logActionAudit(ActionsEnum.updateClient)
 );
 
 authenticated.put(
     "/org/:orgId/blueprint",
     verifyApiKeyOrgAccess,
     verifyApiKeyHasAction(ActionsEnum.applyBlueprint),
+    logActionAudit(ActionsEnum.applyBlueprint),
     org.applyBlueprint,
-    logActionAudit(ActionsEnum.applyBlueprint)
 );

From f3149e46cd9d63cb8e3f8b4b3384a6751402d3f9 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Mon, 20 Oct 2025 20:40:04 -0700
Subject: [PATCH 06/69] Starting to create frontend

---
 messages/en-US.json                           |  4 +-
 src/app/[orgId]/settings/logs/access/page.tsx | 54 ++++++++++++++++++
 src/app/[orgId]/settings/logs/layout.tsx      | 56 +++++++++++++++++++
 src/app/[orgId]/settings/logs/page.tsx        | 54 ++++++++++++++++++
 src/app/navigation.tsx                        |  8 ++-
 5 files changed, 174 insertions(+), 2 deletions(-)
 create mode 100644 src/app/[orgId]/settings/logs/access/page.tsx
 create mode 100644 src/app/[orgId]/settings/logs/layout.tsx
 create mode 100644 src/app/[orgId]/settings/logs/page.tsx

diff --git a/messages/en-US.json b/messages/en-US.json
index 4cffaf98..79042b7e 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1891,5 +1891,7 @@
     "cannotbeUndone": "This can not be undone.",
     "toConfirm": "to confirm",
     "deleteClientQuestion": "Are you sure you want to remove the client from the site and organization?",
-    "clientMessageRemove": "Once removed, the client will no longer be able to connect to the site."
+    "clientMessageRemove": "Once removed, the client will no longer be able to connect to the site.",
+    "sidebarLogs": "Logs",
+    "request": "Request"
 }
diff --git a/src/app/[orgId]/settings/logs/access/page.tsx b/src/app/[orgId]/settings/logs/access/page.tsx
new file mode 100644
index 00000000..80e4e4a6
--- /dev/null
+++ b/src/app/[orgId]/settings/logs/access/page.tsx
@@ -0,0 +1,54 @@
+"use client";
+import ConfirmDeleteDialog from "@app/components/ConfirmDeleteDialog";
+import AuthPageSettings, {
+    AuthPageSettingsRef
+} from "@app/components/private/AuthPageSettings";
+
+import { Button } from "@app/components/ui/button";
+import { useOrgContext } from "@app/hooks/useOrgContext";
+import { userOrgUserContext } from "@app/hooks/useOrgUserContext";
+import { toast } from "@app/hooks/useToast";
+import { useState, useRef } from "react";
+import {
+    Form,
+    FormControl,
+    FormDescription,
+    FormField,
+    FormItem,
+    FormLabel,
+    FormMessage
+} from "@/components/ui/form";
+import { Input } from "@/components/ui/input";
+
+import { z } from "zod";
+import { useForm } from "react-hook-form";
+import { zodResolver } from "@hookform/resolvers/zod";
+import { createApiClient } from "@app/lib/api";
+import { useEnvContext } from "@app/hooks/useEnvContext";
+import { formatAxiosError } from "@app/lib/api";
+import { AxiosResponse } from "axios";
+import { DeleteOrgResponse, ListUserOrgsResponse } from "@server/routers/org";
+import { useRouter } from "next/navigation";
+import {
+    SettingsContainer,
+    SettingsSection,
+    SettingsSectionHeader,
+    SettingsSectionTitle,
+    SettingsSectionDescription,
+    SettingsSectionBody,
+    SettingsSectionForm,
+    SettingsSectionFooter
+} from "@app/components/Settings";
+import { useUserContext } from "@app/hooks/useUserContext";
+import { useTranslations } from "next-intl";
+import { build } from "@server/build";
+
+export default function GeneralPage() {
+    const [isDeleteModalOpen, setIsDeleteModalOpen] = useState(false);
+    const router = useRouter();
+    const api = createApiClient(useEnvContext());
+    const t = useTranslations();
+    const { env } = useEnvContext();
+
+    return <p>access</p>;
+}
diff --git a/src/app/[orgId]/settings/logs/layout.tsx b/src/app/[orgId]/settings/logs/layout.tsx
new file mode 100644
index 00000000..01e0d248
--- /dev/null
+++ b/src/app/[orgId]/settings/logs/layout.tsx
@@ -0,0 +1,56 @@
+import { internal } from "@app/lib/api";
+import { authCookieHeader } from "@app/lib/api/cookies";
+import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
+import { HorizontalTabs } from "@app/components/HorizontalTabs";
+import { verifySession } from "@app/lib/auth/verifySession";
+import OrgProvider from "@app/providers/OrgProvider";
+import OrgUserProvider from "@app/providers/OrgUserProvider";
+import { GetOrgResponse } from "@server/routers/org";
+import { GetOrgUserResponse } from "@server/routers/user";
+import { AxiosResponse } from "axios";
+import { redirect } from "next/navigation";
+import { cache } from "react";
+import { getTranslations } from "next-intl/server";
+
+type GeneralSettingsProps = {
+    children: React.ReactNode;
+    params: Promise<{ orgId: string }>;
+};
+
+export default async function GeneralSettingsPage({
+    children,
+    params
+}: GeneralSettingsProps) {
+    const { orgId } = await params;
+
+    const getUser = cache(verifySession);
+    const user = await getUser();
+
+    if (!user) {
+        redirect(`/`);
+    }
+
+    const t = await getTranslations();
+
+    const navItems = [
+        {
+            title: t("access"),
+            href: `/{orgId}/settings/logs/access`
+        },
+                {
+            title: t("request"),
+            href: `/{orgId}/settings/logs/request`
+        }
+    ];
+
+    return (
+        <>
+            <SettingsSectionTitle
+                title={t("logs")}
+                description={t("logsSettingsDescription")}
+            />
+
+            <HorizontalTabs items={navItems}>{children}</HorizontalTabs>
+        </>
+    );
+}
diff --git a/src/app/[orgId]/settings/logs/page.tsx b/src/app/[orgId]/settings/logs/page.tsx
new file mode 100644
index 00000000..45b5a7de
--- /dev/null
+++ b/src/app/[orgId]/settings/logs/page.tsx
@@ -0,0 +1,54 @@
+"use client";
+import ConfirmDeleteDialog from "@app/components/ConfirmDeleteDialog";
+import AuthPageSettings, {
+    AuthPageSettingsRef
+} from "@app/components/private/AuthPageSettings";
+
+import { Button } from "@app/components/ui/button";
+import { useOrgContext } from "@app/hooks/useOrgContext";
+import { userOrgUserContext } from "@app/hooks/useOrgUserContext";
+import { toast } from "@app/hooks/useToast";
+import { useState, useRef } from "react";
+import {
+    Form,
+    FormControl,
+    FormDescription,
+    FormField,
+    FormItem,
+    FormLabel,
+    FormMessage
+} from "@/components/ui/form";
+import { Input } from "@/components/ui/input";
+
+import { z } from "zod";
+import { useForm } from "react-hook-form";
+import { zodResolver } from "@hookform/resolvers/zod";
+import { createApiClient } from "@app/lib/api";
+import { useEnvContext } from "@app/hooks/useEnvContext";
+import { formatAxiosError } from "@app/lib/api";
+import { AxiosResponse } from "axios";
+import { DeleteOrgResponse, ListUserOrgsResponse } from "@server/routers/org";
+import { useRouter } from "next/navigation";
+import {
+    SettingsContainer,
+    SettingsSection,
+    SettingsSectionHeader,
+    SettingsSectionTitle,
+    SettingsSectionDescription,
+    SettingsSectionBody,
+    SettingsSectionForm,
+    SettingsSectionFooter
+} from "@app/components/Settings";
+import { useUserContext } from "@app/hooks/useUserContext";
+import { useTranslations } from "next-intl";
+import { build } from "@server/build";
+
+export default function GeneralPage() {
+    const [isDeleteModalOpen, setIsDeleteModalOpen] = useState(false);
+    const router = useRouter();
+    const api = createApiClient(useEnvContext());
+    const t = useTranslations();
+    const { env } = useEnvContext();
+
+    return <p>dfas</p>;
+}
diff --git a/src/app/navigation.tsx b/src/app/navigation.tsx
index 2d6aaec8..6b453811 100644
--- a/src/app/navigation.tsx
+++ b/src/app/navigation.tsx
@@ -16,7 +16,8 @@ import {
     MonitorUp, // Added from 'dev' branch
     Server,
     Zap,
-    CreditCard
+    CreditCard,
+    Logs
 } from "lucide-react";
 
 export type SidebarNavSection = {
@@ -138,6 +139,11 @@ export const orgNavSections = (
                       }
                   ]
                 : []),
+            {
+                title: "sidebarLogs",
+                href: "/{orgId}/settings/logs",
+                icon: <Logs className="h-4 w-4" />
+            },
             {
                 title: "sidebarSettings",
                 href: "/{orgId}/settings/general",

From 3f3e9cf1bb8fd280482db6e68661f516e6650858 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Mon, 6 Oct 2025 21:00:07 +0530
Subject: [PATCH 07/69] add cert resolver

---
 messages/en-US.json                      |  6 +-
 server/db/sqlite/schema/schema.ts        |  4 +-
 server/routers/domain/createOrgDomain.ts | 17 +++--
 server/routers/domain/listDomains.ts     |  4 +-
 src/components/CreateDomainForm.tsx      | 83 +++++++++++++++++++-----
 5 files changed, 92 insertions(+), 22 deletions(-)

diff --git a/messages/en-US.json b/messages/en-US.json
index 4cffaf98..2f7fd3e0 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1891,5 +1891,9 @@
     "cannotbeUndone": "This can not be undone.",
     "toConfirm": "to confirm",
     "deleteClientQuestion": "Are you sure you want to remove the client from the site and organization?",
-    "clientMessageRemove": "Once removed, the client will no longer be able to connect to the site."
+    "clientMessageRemove": "Once removed, the client will no longer be able to connect to the site.",
+    "certResolver": "Certificate Resolver",
+    "certResolverDescription": "Select the certificate resolver to use for this resource.",
+    "selectCertResolver": "Select Certificate Resolver",
+    "enterCustomResolver": "Enter Custom Resolver"
 }
diff --git a/server/db/sqlite/schema/schema.ts b/server/db/sqlite/schema/schema.ts
index 3d6c6b0d..d0d972ff 100644
--- a/server/db/sqlite/schema/schema.ts
+++ b/server/db/sqlite/schema/schema.ts
@@ -11,7 +11,9 @@ export const domains = sqliteTable("domains", {
     type: text("type"), // "ns", "cname", "wildcard"
     verified: integer("verified", { mode: "boolean" }).notNull().default(false),
     failed: integer("failed", { mode: "boolean" }).notNull().default(false),
-    tries: integer("tries").notNull().default(0)
+    tries: integer("tries").notNull().default(0),
+    certResolver: text("certResolver").default("letsencrypt"),
+    customCertResolver: text("customCertResolver")
 });
 
 export const orgs = sqliteTable("orgs", {
diff --git a/server/routers/domain/createOrgDomain.ts b/server/routers/domain/createOrgDomain.ts
index d0e8a72b..54cad172 100644
--- a/server/routers/domain/createOrgDomain.ts
+++ b/server/routers/domain/createOrgDomain.ts
@@ -24,16 +24,21 @@ const paramsSchema = z
 const bodySchema = z
     .object({
         type: z.enum(["ns", "cname", "wildcard"]),
-        baseDomain: subdomainSchema
+        baseDomain: subdomainSchema,
+        certResolver: z.enum(["letsencrypt", "custom"]).optional(), // optional, only for wildcard
+        customCertResolver: z.string().optional() // required if certResolver === "custom"
     })
     .strict();
 
+
 export type CreateDomainResponse = {
     domainId: string;
     nsRecords?: string[];
     cnameRecords?: { baseDomain: string; value: string }[];
     aRecords?: { baseDomain: string; value: string }[];
     txtRecords?: { baseDomain: string; value: string }[];
+    certResolver?: string | null;
+    customCertResolver?: string | null;
 };
 
 // Helper to check if a domain is a subdomain or equal to another domain
@@ -71,7 +76,7 @@ export async function createOrgDomain(
         }
 
         const { orgId } = parsedParams.data;
-        const { type, baseDomain } = parsedBody.data;
+        const { type, baseDomain, certResolver, customCertResolver } = parsedBody.data;
 
         if (build == "oss") {
             if (type !== "wildcard") {
@@ -254,7 +259,9 @@ export async function createOrgDomain(
                     domainId,
                     baseDomain,
                     type,
-                    verified: type === "wildcard" ? true : false
+                    verified: type === "wildcard" ? true : false,
+                    certResolver: certResolver || null,
+                    customCertResolver: customCertResolver || null
                 })
                 .returning();
 
@@ -325,7 +332,9 @@ export async function createOrgDomain(
                 cnameRecords,
                 txtRecords,
                 nsRecords,
-                aRecords
+                aRecords,
+                certResolver: returned.certResolver,
+                customCertResolver: returned.customCertResolver
             },
             success: true,
             error: false,
diff --git a/server/routers/domain/listDomains.ts b/server/routers/domain/listDomains.ts
index fe51cde6..85bc3caa 100644
--- a/server/routers/domain/listDomains.ts
+++ b/server/routers/domain/listDomains.ts
@@ -42,7 +42,9 @@ async function queryDomains(orgId: string, limit: number, offset: number) {
             type: domains.type,
             failed: domains.failed,
             tries: domains.tries,
-            configManaged: domains.configManaged
+            configManaged: domains.configManaged,
+            certResolver: domains.certResolver,
+            customCertResolver: domains.customCertResolver,
         })
         .from(orgDomains)
         .where(eq(orgDomains.orgId, orgId))
diff --git a/src/components/CreateDomainForm.tsx b/src/components/CreateDomainForm.tsx
index 258aee49..24b1d466 100644
--- a/src/components/CreateDomainForm.tsx
+++ b/src/components/CreateDomainForm.tsx
@@ -45,6 +45,7 @@ import {
 import { useOrgContext } from "@app/hooks/useOrgContext";
 import { build } from "@server/build";
 import { toASCII, toUnicode } from 'punycode';
+import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "./ui/select";
 
 
 // Helper functions for Unicode domain handling
@@ -96,7 +97,9 @@ const formSchema = z.object({
         .min(1, "Domain is required")
         .refine((val) => isValidDomainFormat(val), "Invalid domain format")
         .transform((val) => toPunycode(val)),
-    type: z.enum(["ns", "cname", "wildcard"])
+    type: z.enum(["ns", "cname", "wildcard"]),
+    certResolver: z.string().optional(),
+    customCertResolver: z.string().optional()
 });
 
 type FormValues = z.infer<typeof formSchema>;
@@ -107,6 +110,12 @@ type CreateDomainFormProps = {
     onCreated?: (domain: CreateDomainResponse) => void;
 };
 
+// Example cert resolver options (replace with real API/fetch if needed)
+const certResolverOptions = [
+    { id: "letsencrypt", title: "Let's Encrypt" },
+    { id: "custom", title: "Custom Resolver" }
+];
+
 export default function CreateDomainForm({
     open,
     setOpen,
@@ -125,15 +134,26 @@ export default function CreateDomainForm({
         resolver: zodResolver(formSchema),
         defaultValues: {
             baseDomain: "",
-            type: build == "oss" || !env.flags.usePangolinDns ? "wildcard" : "ns"
+            type: build == "oss" || !env.flags.usePangolinDns ? "wildcard" : "ns",
+            certResolver: "",
+            customCertResolver: ""
         }
     });
 
-    function reset() {
+    const baseDomain = form.watch("baseDomain");
+    const domainType = form.watch("type");
+
+    const punycodePreview = useMemo(() => {
+        if (!baseDomain) return "";
+        const punycode = toPunycode(baseDomain);
+        return punycode !== baseDomain.toLowerCase() ? punycode : "";
+    }, [baseDomain]);
+
+    const reset = () => {
         form.reset();
         setLoading(false);
         setCreatedDomain(null);
-    }
+    };
 
     async function onSubmit(values: FormValues) {
         setLoading(true);
@@ -158,17 +178,9 @@ export default function CreateDomainForm({
         } finally {
             setLoading(false);
         }
-    }
-
-    const baseDomain = form.watch("baseDomain");
-    const domainInputValue = form.watch("baseDomain") || "";
-
-    const punycodePreview = useMemo(() => {
-        if (!domainInputValue) return "";
-        const punycode = toPunycode(domainInputValue);
-        return punycode !== domainInputValue.toLowerCase() ? punycode : "";
-    }, [domainInputValue]);
+    };
 
+    // Domain type options
     let domainOptions: any = [];
     if (build != "oss" && env.flags.usePangolinDns) {
         domainOptions = [
@@ -250,7 +262,7 @@ export default function CreateDomainForm({
                                                         <AlertTitle>{t("internationaldomaindetected")}</AlertTitle>
                                                         <AlertDescription>
                                                             <div className="mt-2 space-y-1">
-                                                                <p>{t("willbestoredas")} <code className="font-mono px-1 py-0.5 rounded">{punycodePreview}</code></p>
+                                                            <p>{t("willbestoredas")} <code className="font-mono px-1 py-0.5 rounded">{punycodePreview}</code></p>
                                                             </div>
                                                         </AlertDescription>
                                                     </Alert>
@@ -260,6 +272,47 @@ export default function CreateDomainForm({
                                         </FormItem>
                                     )}
                                 />
+                                {domainType === "wildcard" && (
+                                    <FormField
+                                        control={form.control}
+                                        name="certResolver"
+                                        render={({ field }) => (
+                                            <FormItem>
+                                                <FormLabel>{t("certResolver")}</FormLabel>
+                                                <FormControl>
+                                                    <Select
+                                                        value={field.value}
+                                                        onValueChange={(val) => field.onChange(val)}
+                                                    >
+                                                        <SelectTrigger>
+                                                            <SelectValue placeholder={t("selectCertResolver")} />
+                                                        </SelectTrigger>
+                                                        <SelectContent>
+                                                            {certResolverOptions.map((opt) => (
+                                                                <SelectItem key={opt.id} value={opt.id}>
+                                                                    {opt.title}
+                                                                </SelectItem>
+                                                            ))}
+                                                        </SelectContent>
+                                                    </Select>
+                                                </FormControl>
+                                                <FormMessage />
+                                                {field.value === "custom" && (
+                                                    <FormControl className="mt-2">
+                                                        <Input
+                                                            placeholder={t("enterCustomResolver")}
+                                                            value={form.watch("customCertResolver") || ""}
+                                                            onChange={(e) =>
+                                                                form.setValue("customCertResolver", e.target.value)
+                                                            }
+                                                        />
+                                                    </FormControl>
+                                                )}
+                                            </FormItem>
+                                        )}
+                                    />
+
+                                )}
                             </form>
                         </Form>
                     ) : (

From d30e0a3c514434d537cf3caa1271826a7439ba44 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Mon, 6 Oct 2025 21:39:00 +0530
Subject: [PATCH 08/69] schema add

---
 server/db/pg/schema/schema.ts   | 4 +++-
 src/components/DomainsTable.tsx | 2 ++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/server/db/pg/schema/schema.ts b/server/db/pg/schema/schema.ts
index 4bed23f8..01fdd337 100644
--- a/server/db/pg/schema/schema.ts
+++ b/server/db/pg/schema/schema.ts
@@ -18,7 +18,9 @@ export const domains = pgTable("domains", {
     type: varchar("type"), // "ns", "cname", "wildcard"
     verified: boolean("verified").notNull().default(false),
     failed: boolean("failed").notNull().default(false),
-    tries: integer("tries").notNull().default(0)
+    tries: integer("tries").notNull().default(0),
+    certResolver: varchar("certResolver").default("letsencrypt"),
+    customCertResolver: varchar("customCertResolver")
 });
 
 export const orgs = pgTable("orgs", {
diff --git a/src/components/DomainsTable.tsx b/src/components/DomainsTable.tsx
index ca8d2a7c..87d869df 100644
--- a/src/components/DomainsTable.tsx
+++ b/src/components/DomainsTable.tsx
@@ -24,6 +24,8 @@ export type DomainRow = {
     failed: boolean;
     tries: number;
     configManaged: boolean;
+    certResolver: string;
+    customCertResolver: string;
 };
 
 type Props = {

From 2f1aec02f0f7678a59f7179bd49830dadd3672f5 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Tue, 7 Oct 2025 00:37:54 +0530
Subject: [PATCH 09/69] traefik config update for custom Cert Resolver

---
 server/db/pg/schema/schema.ts          |  2 +-
 server/db/sqlite/schema/schema.ts      |  2 +-
 server/lib/readConfigFile.ts           |  2 +
 server/lib/traefik/getTraefikConfig.ts | 84 ++++++++++++++++++++++----
 4 files changed, 77 insertions(+), 13 deletions(-)

diff --git a/server/db/pg/schema/schema.ts b/server/db/pg/schema/schema.ts
index 01fdd337..33b2ae28 100644
--- a/server/db/pg/schema/schema.ts
+++ b/server/db/pg/schema/schema.ts
@@ -19,7 +19,7 @@ export const domains = pgTable("domains", {
     verified: boolean("verified").notNull().default(false),
     failed: boolean("failed").notNull().default(false),
     tries: integer("tries").notNull().default(0),
-    certResolver: varchar("certResolver").default("letsencrypt"),
+    certResolver: varchar("certResolver"),
     customCertResolver: varchar("customCertResolver")
 });
 
diff --git a/server/db/sqlite/schema/schema.ts b/server/db/sqlite/schema/schema.ts
index d0d972ff..ebfe7bcf 100644
--- a/server/db/sqlite/schema/schema.ts
+++ b/server/db/sqlite/schema/schema.ts
@@ -12,7 +12,7 @@ export const domains = sqliteTable("domains", {
     verified: integer("verified", { mode: "boolean" }).notNull().default(false),
     failed: integer("failed", { mode: "boolean" }).notNull().default(false),
     tries: integer("tries").notNull().default(0),
-    certResolver: text("certResolver").default("letsencrypt"),
+    certResolver: text("certResolver"),
     customCertResolver: text("customCertResolver")
 });
 
diff --git a/server/lib/readConfigFile.ts b/server/lib/readConfigFile.ts
index 9aee8531..a1899f4e 100644
--- a/server/lib/readConfigFile.ts
+++ b/server/lib/readConfigFile.ts
@@ -51,6 +51,7 @@ export const configSchema = z
                         .nonempty("base_domain must not be empty")
                         .transform((url) => url.toLowerCase()),
                     cert_resolver: z.string().optional().default("letsencrypt"),
+                    custom_cert_resolver: z.string().optional(),
                     prefer_wildcard_cert: z.boolean().optional().default(false)
                 })
             )
@@ -187,6 +188,7 @@ export const configSchema = z
                 https_entrypoint: z.string().optional().default("websecure"),
                 additional_middlewares: z.array(z.string()).optional(),
                 cert_resolver: z.string().optional().default("letsencrypt"),
+                custom_cert_resolver: z.string().optional(),
                 prefer_wildcard_cert: z.boolean().optional().default(false),
                 certificates_path: z.string().default("/var/certificates"),
                 monitor_interval: z.number().default(5000),
diff --git a/server/lib/traefik/getTraefikConfig.ts b/server/lib/traefik/getTraefikConfig.ts
index 75ea907f..734327e2 100644
--- a/server/lib/traefik/getTraefikConfig.ts
+++ b/server/lib/traefik/getTraefikConfig.ts
@@ -1,4 +1,4 @@
-import { db, targetHealthCheck } from "@server/db";
+import { db, targetHealthCheck, domains } from "@server/db";
 import {
     and,
     eq,
@@ -75,11 +75,15 @@ export async function getTraefikConfig(
             siteType: sites.type,
             siteOnline: sites.online,
             subnet: sites.subnet,
-            exitNodeId: sites.exitNodeId
+            exitNodeId: sites.exitNodeId,
+            // Domain cert resolver fields
+            domainCertResolver: domains.certResolver,
+            domainCustomCertResolver: domains.customCertResolver
         })
         .from(sites)
         .innerJoin(targets, eq(targets.siteId, sites.siteId))
         .innerJoin(resources, eq(resources.resourceId, targets.resourceId))
+        .leftJoin(domains, eq(domains.domainId, resources.domainId))
         .leftJoin(
             targetHealthCheck,
             eq(targetHealthCheck.targetId, targets.targetId)
@@ -161,7 +165,10 @@ export async function getTraefikConfig(
                 pathMatchType: row.pathMatchType, // the targets will all have the same pathMatchType
                 rewritePath: row.rewritePath,
                 rewritePathType: row.rewritePathType,
-                priority: priority // may be null, we fallback later
+                priority: priority,
+                // Store domain cert resolver fields
+                domainCertResolver: row.domainCertResolver,
+                domainCustomCertResolver: row.domainCustomCertResolver
             });
         }
 
@@ -242,18 +249,73 @@ export async function getTraefikConfig(
 
             const configDomain = config.getDomain(resource.domainId);
 
-            let certResolver: string, preferWildcardCert: boolean;
-            if (!configDomain) {
-                certResolver = config.getRawConfig().traefik.cert_resolver;
-                preferWildcardCert =
-                    config.getRawConfig().traefik.prefer_wildcard_cert;
+            let certResolverFromConfig: string | undefined;
+            let preferWildcardCert = false;
+
+            const rawTraefikCfg = config.getRawConfig().traefik || {};
+            const globalDefaultResolver: string | undefined = rawTraefikCfg.cert_resolver;
+            const availableResolvers = rawTraefikCfg.custom_cert_resolver
+                ? Object.keys(rawTraefikCfg.custom_cert_resolver)
+                : [];
+
+            // Priority 1: Read from YAML config (if exists)
+            if (configDomain) {
+                certResolverFromConfig =
+                    configDomain.cert_resolver ??
+                    configDomain.custom_cert_resolver;
+                preferWildcardCert = !!(configDomain.prefer_wildcard_cert);
+            }
+
+            // Priority 2: Override with database domain settings (if exists)
+            let finalCertResolver: string | undefined;
+            let finalCustomCertResolver: string | undefined;
+
+            if (resource.domainCertResolver) {
+                finalCertResolver = resource.domainCertResolver;
+                if (resource.domainCertResolver === "custom" && resource.domainCustomCertResolver) {
+                    finalCustomCertResolver = resource.domainCustomCertResolver;
+                }
             } else {
-                certResolver = configDomain.cert_resolver;
-                preferWildcardCert = configDomain.prefer_wildcard_cert;
+                // Fall back to config
+                finalCertResolver = certResolverFromConfig;
+            }
+
+            // Resolve the final resolver name
+            let resolverName: string | undefined;
+
+            if (finalCertResolver) {
+                if (finalCertResolver === "custom") {
+                    // Check database custom resolver first, then config
+                    const customResolver = finalCustomCertResolver || configDomain?.custom_cert_resolver;
+
+                    if (customResolver && typeof customResolver === "string" && customResolver.trim()) {
+                        resolverName = customResolver.trim();
+                    } else {
+                        resolverName = globalDefaultResolver;
+                        logger.warn(
+                            `Domain ${resource.domainId} requested custom cert resolver but none set; falling back to global resolver ${resolverName}`
+                        );
+                    }
+                } else {
+                    // Validate against available resolvers
+                    if (
+                        availableResolvers.length === 0 ||
+                        availableResolvers.includes(finalCertResolver)
+                    ) {
+                        resolverName = finalCertResolver;
+                    } else {
+                        logger.warn(
+                            `Unknown cert resolver "${finalCertResolver}" for domain ${resource.domainId}; falling back to global resolver.`
+                        );
+                        resolverName = globalDefaultResolver;
+                    }
+                }
+            } else {
+                resolverName = globalDefaultResolver;
             }
 
             const tls = {
-                certResolver: certResolver,
+                certResolver: resolverName,
                 ...(preferWildcardCert
                     ? {
                           domains: [

From d6681733ddd1515a9bc70099daacd2d3960a33a4 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Tue, 7 Oct 2025 12:28:29 +0530
Subject: [PATCH 10/69] remove custom cery type form config file

---
 server/lib/readConfigFile.ts                  |  2 -
 server/lib/traefik/getTraefikConfig.ts        | 69 +++----------
 .../private/lib/traefik/getTraefikConfig.ts   | 99 +++++++++++++------
 3 files changed, 84 insertions(+), 86 deletions(-)

diff --git a/server/lib/readConfigFile.ts b/server/lib/readConfigFile.ts
index a1899f4e..9aee8531 100644
--- a/server/lib/readConfigFile.ts
+++ b/server/lib/readConfigFile.ts
@@ -51,7 +51,6 @@ export const configSchema = z
                         .nonempty("base_domain must not be empty")
                         .transform((url) => url.toLowerCase()),
                     cert_resolver: z.string().optional().default("letsencrypt"),
-                    custom_cert_resolver: z.string().optional(),
                     prefer_wildcard_cert: z.boolean().optional().default(false)
                 })
             )
@@ -188,7 +187,6 @@ export const configSchema = z
                 https_entrypoint: z.string().optional().default("websecure"),
                 additional_middlewares: z.array(z.string()).optional(),
                 cert_resolver: z.string().optional().default("letsencrypt"),
-                custom_cert_resolver: z.string().optional(),
                 prefer_wildcard_cert: z.boolean().optional().default(false),
                 certificates_path: z.string().default("/var/certificates"),
                 monitor_interval: z.number().default(5000),
diff --git a/server/lib/traefik/getTraefikConfig.ts b/server/lib/traefik/getTraefikConfig.ts
index 734327e2..436c76a6 100644
--- a/server/lib/traefik/getTraefikConfig.ts
+++ b/server/lib/traefik/getTraefikConfig.ts
@@ -248,68 +248,24 @@ export async function getTraefikConfig(
             }
 
             const configDomain = config.getDomain(resource.domainId);
-
-            let certResolverFromConfig: string | undefined;
-            let preferWildcardCert = false;
-
             const rawTraefikCfg = config.getRawConfig().traefik || {};
-            const globalDefaultResolver: string | undefined = rawTraefikCfg.cert_resolver;
-            const availableResolvers = rawTraefikCfg.custom_cert_resolver
-                ? Object.keys(rawTraefikCfg.custom_cert_resolver)
-                : [];
+            const globalDefaultResolver = rawTraefikCfg.cert_resolver;
 
-            // Priority 1: Read from YAML config (if exists)
-            if (configDomain) {
-                certResolverFromConfig =
-                    configDomain.cert_resolver ??
-                    configDomain.custom_cert_resolver;
-                preferWildcardCert = !!(configDomain.prefer_wildcard_cert);
-            }
 
-            // Priority 2: Override with database domain settings (if exists)
-            let finalCertResolver: string | undefined;
-            let finalCustomCertResolver: string | undefined;
+            const domainCertResolver =
+                resource.domainCertResolver ?? configDomain?.cert_resolver;
+            const domainCustomResolver =
+                resource.domainCustomCertResolver;
+            const preferWildcardCert =
+                resource.preferWildcardCert ?? configDomain?.prefer_wildcard_cert ?? false;
 
-            if (resource.domainCertResolver) {
-                finalCertResolver = resource.domainCertResolver;
-                if (resource.domainCertResolver === "custom" && resource.domainCustomCertResolver) {
-                    finalCustomCertResolver = resource.domainCustomCertResolver;
-                }
-            } else {
-                // Fall back to config
-                finalCertResolver = certResolverFromConfig;
-            }
-
-            // Resolve the final resolver name
             let resolverName: string | undefined;
 
-            if (finalCertResolver) {
-                if (finalCertResolver === "custom") {
-                    // Check database custom resolver first, then config
-                    const customResolver = finalCustomCertResolver || configDomain?.custom_cert_resolver;
-
-                    if (customResolver && typeof customResolver === "string" && customResolver.trim()) {
-                        resolverName = customResolver.trim();
-                    } else {
-                        resolverName = globalDefaultResolver;
-                        logger.warn(
-                            `Domain ${resource.domainId} requested custom cert resolver but none set; falling back to global resolver ${resolverName}`
-                        );
-                    }
-                } else {
-                    // Validate against available resolvers
-                    if (
-                        availableResolvers.length === 0 ||
-                        availableResolvers.includes(finalCertResolver)
-                    ) {
-                        resolverName = finalCertResolver;
-                    } else {
-                        logger.warn(
-                            `Unknown cert resolver "${finalCertResolver}" for domain ${resource.domainId}; falling back to global resolver.`
-                        );
-                        resolverName = globalDefaultResolver;
-                    }
-                }
+            // Handle both letsencrypt & custom cases
+            if (domainCertResolver === "custom") {
+                resolverName = domainCustomResolver?.trim();
+            } else if (domainCertResolver) {
+                resolverName = domainCertResolver;
             } else {
                 resolverName = globalDefaultResolver;
             }
@@ -327,6 +283,7 @@ export async function getTraefikConfig(
                     : {})
             };
 
+
             const additionalMiddlewares =
                 config.getRawConfig().traefik.additional_middlewares || [];
 
diff --git a/server/private/lib/traefik/getTraefikConfig.ts b/server/private/lib/traefik/getTraefikConfig.ts
index 5e919fda..634bc818 100644
--- a/server/private/lib/traefik/getTraefikConfig.ts
+++ b/server/private/lib/traefik/getTraefikConfig.ts
@@ -15,6 +15,7 @@ import {
     certificates,
     db,
     domainNamespaces,
+    domains,
     exitNodes,
     loginPage,
     targetHealthCheck
@@ -103,11 +104,17 @@ export async function getTraefikConfig(
             subnet: sites.subnet,
             exitNodeId: sites.exitNodeId,
             // Namespace
-            domainNamespaceId: domainNamespaces.domainNamespaceId
+            domainNamespaceId: domainNamespaces.domainNamespaceId,
+            // Certificate
+            certificateStatus: certificates.status,
+            domainCertResolver: domains.certResolver,
+            domainCustomCertResolver: domains.customCertResolver
         })
         .from(sites)
         .innerJoin(targets, eq(targets.siteId, sites.siteId))
         .innerJoin(resources, eq(resources.resourceId, targets.resourceId))
+        .leftJoin(certificates, eq(certificates.domainId, resources.domainId))
+        .leftJoin(domains, eq(domains.domainId, resources.domainId))
         .leftJoin(
             targetHealthCheck,
             eq(targetHealthCheck.targetId, targets.targetId)
@@ -197,7 +204,9 @@ export async function getTraefikConfig(
                 pathMatchType: row.pathMatchType, // the targets will all have the same pathMatchType
                 rewritePath: row.rewritePath,
                 rewritePathType: row.rewritePathType,
-                priority: priority // may be null, we fallback later
+                priority: priority, // may be null, we fallback later
+                domainCertResolver: row.domainCertResolver,
+                domainCustomCertResolver: row.domainCustomCertResolver
             });
         }
 
@@ -285,6 +294,41 @@ export async function getTraefikConfig(
                 config_output.http.services = {};
             }
 
+            const domainParts = fullDomain.split(".");
+            let wildCard;
+            if (domainParts.length <= 2) {
+                wildCard = `*.${domainParts.join(".")}`;
+            } else {
+                wildCard = `*.${domainParts.slice(1).join(".")}`;
+            }
+
+            if (!resource.subdomain) {
+                wildCard = resource.fullDomain;
+            }
+
+            const configDomain = config.getDomain(resource.domainId);
+            const rawTraefikCfg = config.getRawConfig().traefik || {};
+            const globalDefaultResolver = rawTraefikCfg.cert_resolver;
+
+
+            const domainCertResolver =
+                resource.domainCertResolver ?? configDomain?.cert_resolver;
+            const domainCustomResolver =
+                resource.domainCustomCertResolver;
+            const preferWildcardCert =
+                resource.preferWildcardCert ?? configDomain?.prefer_wildcard_cert ?? false;
+
+            let resolverName: string | undefined;
+
+            // Handle both letsencrypt & custom cases
+            if (domainCertResolver === "custom") {
+                resolverName = domainCustomResolver?.trim();
+            } else if (domainCertResolver) {
+                resolverName = domainCertResolver;
+            } else {
+                resolverName = globalDefaultResolver;
+            }
+
             let tls = {};
             if (!privateConfig.getRawPrivateConfig().flags.use_pangolin_dns) {
                 const domainParts = fullDomain.split(".");
@@ -312,16 +356,16 @@ export async function getTraefikConfig(
                 }
 
                 tls = {
-                    certResolver: certResolver,
+                    certResolver: resolverName,
                     ...(preferWildcardCert
                         ? {
-                              domains: [
-                                  {
-                                      main: wildCard
-                                  }
-                              ]
-                          }
-                        : {})
+                            domains: [
+                                {
+                                    main: wildCard,
+                                },
+                            ],
+                        }
+                        : {}),
                 };
             } else {
                 // find a cert that matches the full domain, if not continue
@@ -573,14 +617,14 @@ export async function getTraefikConfig(
                     })(),
                     ...(resource.stickySession
                         ? {
-                              sticky: {
-                                  cookie: {
-                                      name: "p_sticky", // TODO: make this configurable via config.yml like other cookies
-                                      secure: resource.ssl,
-                                      httpOnly: true
-                                  }
-                              }
-                          }
+                            sticky: {
+                                cookie: {
+                                    name: "p_sticky", // TODO: make this configurable via config.yml like other cookies
+                                    secure: resource.ssl,
+                                    httpOnly: true
+                                }
+                            }
+                        }
                         : {})
                 }
             };
@@ -681,13 +725,13 @@ export async function getTraefikConfig(
                     })(),
                     ...(resource.stickySession
                         ? {
-                              sticky: {
-                                  ipStrategy: {
-                                      depth: 0,
-                                      sourcePort: true
-                                  }
-                              }
-                          }
+                            sticky: {
+                                ipStrategy: {
+                                    depth: 0,
+                                    sourcePort: true
+                                }
+                            }
+                        }
                         : {})
                 }
             };
@@ -735,10 +779,9 @@ export async function getTraefikConfig(
                     loadBalancer: {
                         servers: [
                             {
-                                url: `http://${
-                                    config.getRawConfig().server
+                                url: `http://${config.getRawConfig().server
                                         .internal_hostname
-                                }:${config.getRawConfig().server.next_port}`
+                                    }:${config.getRawConfig().server.next_port}`
                             }
                         ]
                     }

From d938345debe8a515a8d251cdf4bd448e75ef811e Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Wed, 8 Oct 2025 14:43:24 -0700
Subject: [PATCH 11/69] Copy in config to db, remove 2nd column, + prefer

---
 messages/en-US.json                           |  3 +-
 server/db/pg/schema/schema.ts                 |  3 +-
 server/db/sqlite/schema/schema.ts             |  2 +-
 server/lib/traefik/getTraefikConfig.ts        | 65 +++++++++---------
 .../private/lib/traefik/getTraefikConfig.ts   | 25 -------
 server/routers/domain/createOrgDomain.ts      | 12 ++--
 server/routers/domain/listDomains.ts          |  2 +-
 server/setup/copyInConfig.ts                  | 12 ++--
 src/components/CreateDomainForm.tsx           | 66 ++++++++++++++-----
 9 files changed, 103 insertions(+), 87 deletions(-)

diff --git a/messages/en-US.json b/messages/en-US.json
index 2f7fd3e0..c3e93ba8 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1895,5 +1895,6 @@
     "certResolver": "Certificate Resolver",
     "certResolverDescription": "Select the certificate resolver to use for this resource.",
     "selectCertResolver": "Select Certificate Resolver",
-    "enterCustomResolver": "Enter Custom Resolver"
+    "enterCustomResolver": "Enter Custom Resolver",
+    "preferWildcardCert": "Prefer Wildcard Certificate"
 }
diff --git a/server/db/pg/schema/schema.ts b/server/db/pg/schema/schema.ts
index 33b2ae28..ae5205bb 100644
--- a/server/db/pg/schema/schema.ts
+++ b/server/db/pg/schema/schema.ts
@@ -20,7 +20,8 @@ export const domains = pgTable("domains", {
     failed: boolean("failed").notNull().default(false),
     tries: integer("tries").notNull().default(0),
     certResolver: varchar("certResolver"),
-    customCertResolver: varchar("customCertResolver")
+    customCertResolver: varchar("customCertResolver"),
+    preferWildcardCert: boolean("preferWildcardCert")
 });
 
 export const orgs = pgTable("orgs", {
diff --git a/server/db/sqlite/schema/schema.ts b/server/db/sqlite/schema/schema.ts
index ebfe7bcf..30841a4b 100644
--- a/server/db/sqlite/schema/schema.ts
+++ b/server/db/sqlite/schema/schema.ts
@@ -13,7 +13,7 @@ export const domains = sqliteTable("domains", {
     failed: integer("failed", { mode: "boolean" }).notNull().default(false),
     tries: integer("tries").notNull().default(0),
     certResolver: text("certResolver"),
-    customCertResolver: text("customCertResolver")
+    preferWildcardCert: integer("preferWildcardCert", { mode: "boolean" })
 });
 
 export const orgs = sqliteTable("orgs", {
diff --git a/server/lib/traefik/getTraefikConfig.ts b/server/lib/traefik/getTraefikConfig.ts
index 436c76a6..45729a30 100644
--- a/server/lib/traefik/getTraefikConfig.ts
+++ b/server/lib/traefik/getTraefikConfig.ts
@@ -77,8 +77,7 @@ export async function getTraefikConfig(
             subnet: sites.subnet,
             exitNodeId: sites.exitNodeId,
             // Domain cert resolver fields
-            domainCertResolver: domains.certResolver,
-            domainCustomCertResolver: domains.customCertResolver
+            domainCertResolver: domains.certResolver
         })
         .from(sites)
         .innerJoin(targets, eq(targets.siteId, sites.siteId))
@@ -167,8 +166,7 @@ export async function getTraefikConfig(
                 rewritePathType: row.rewritePathType,
                 priority: priority,
                 // Store domain cert resolver fields
-                domainCertResolver: row.domainCertResolver,
-                domainCustomCertResolver: row.domainCustomCertResolver
+                domainCertResolver: row.domainCertResolver
             });
         }
 
@@ -247,42 +245,47 @@ export async function getTraefikConfig(
                 wildCard = resource.fullDomain;
             }
 
-            const configDomain = config.getDomain(resource.domainId);
-            const rawTraefikCfg = config.getRawConfig().traefik || {};
-            const globalDefaultResolver = rawTraefikCfg.cert_resolver;
+            const globalDefaultResolver =
+                config.getRawConfig().traefik.cert_resolver;
+            const globalDefaultPreferWildcard =
+                config.getRawConfig().traefik.prefer_wildcard_cert;
 
-
-            const domainCertResolver =
-                resource.domainCertResolver ?? configDomain?.cert_resolver;
-            const domainCustomResolver =
-                resource.domainCustomCertResolver;
-            const preferWildcardCert =
-                resource.preferWildcardCert ?? configDomain?.prefer_wildcard_cert ?? false;
+            const domainCertResolver = resource.domainCertResolver;
+            const preferWildcardCert = resource.preferWildcardCert;
 
             let resolverName: string | undefined;
-
+            let preferWildcard: boolean | undefined;
             // Handle both letsencrypt & custom cases
-            if (domainCertResolver === "custom") {
-                resolverName = domainCustomResolver?.trim();
-            } else if (domainCertResolver) {
-                resolverName = domainCertResolver;
+            if (domainCertResolver) {
+                resolverName = domainCertResolver.trim();
             } else {
                 resolverName = globalDefaultResolver;
             }
 
-            const tls = {
-                certResolver: resolverName,
-                ...(preferWildcardCert
-                    ? {
-                          domains: [
-                              {
-                                  main: wildCard
-                              }
-                          ]
-                      }
-                    : {})
-            };
+            if (
+                preferWildcardCert !== undefined &&
+                preferWildcardCert !== null
+            ) {
+                preferWildcard = preferWildcardCert;
+            } else {
+                preferWildcard = globalDefaultPreferWildcard;
+            }
 
+            let tls = {};
+            if (build == "oss") {
+                tls = {
+                    certResolver: resolverName,
+                    ...(preferWildcard
+                        ? {
+                              domains: [
+                                  {
+                                      main: wildCard
+                                  }
+                              ]
+                          }
+                        : {})
+                };
+            }
 
             const additionalMiddlewares =
                 config.getRawConfig().traefik.additional_middlewares || [];
diff --git a/server/private/lib/traefik/getTraefikConfig.ts b/server/private/lib/traefik/getTraefikConfig.ts
index 634bc818..c0f934cd 100644
--- a/server/private/lib/traefik/getTraefikConfig.ts
+++ b/server/private/lib/traefik/getTraefikConfig.ts
@@ -108,7 +108,6 @@ export async function getTraefikConfig(
             // Certificate
             certificateStatus: certificates.status,
             domainCertResolver: domains.certResolver,
-            domainCustomCertResolver: domains.customCertResolver
         })
         .from(sites)
         .innerJoin(targets, eq(targets.siteId, sites.siteId))
@@ -206,7 +205,6 @@ export async function getTraefikConfig(
                 rewritePathType: row.rewritePathType,
                 priority: priority, // may be null, we fallback later
                 domainCertResolver: row.domainCertResolver,
-                domainCustomCertResolver: row.domainCustomCertResolver
             });
         }
 
@@ -306,29 +304,6 @@ export async function getTraefikConfig(
                 wildCard = resource.fullDomain;
             }
 
-            const configDomain = config.getDomain(resource.domainId);
-            const rawTraefikCfg = config.getRawConfig().traefik || {};
-            const globalDefaultResolver = rawTraefikCfg.cert_resolver;
-
-
-            const domainCertResolver =
-                resource.domainCertResolver ?? configDomain?.cert_resolver;
-            const domainCustomResolver =
-                resource.domainCustomCertResolver;
-            const preferWildcardCert =
-                resource.preferWildcardCert ?? configDomain?.prefer_wildcard_cert ?? false;
-
-            let resolverName: string | undefined;
-
-            // Handle both letsencrypt & custom cases
-            if (domainCertResolver === "custom") {
-                resolverName = domainCustomResolver?.trim();
-            } else if (domainCertResolver) {
-                resolverName = domainCertResolver;
-            } else {
-                resolverName = globalDefaultResolver;
-            }
-
             let tls = {};
             if (!privateConfig.getRawPrivateConfig().flags.use_pangolin_dns) {
                 const domainParts = fullDomain.split(".");
diff --git a/server/routers/domain/createOrgDomain.ts b/server/routers/domain/createOrgDomain.ts
index 54cad172..f9a9dcbd 100644
--- a/server/routers/domain/createOrgDomain.ts
+++ b/server/routers/domain/createOrgDomain.ts
@@ -25,8 +25,8 @@ const bodySchema = z
     .object({
         type: z.enum(["ns", "cname", "wildcard"]),
         baseDomain: subdomainSchema,
-        certResolver: z.enum(["letsencrypt", "custom"]).optional(), // optional, only for wildcard
-        customCertResolver: z.string().optional() // required if certResolver === "custom"
+        certResolver: z.string().optional().nullable(),
+        preferWildcardCert: z.boolean().optional().nullable() // optional, only for wildcard
     })
     .strict();
 
@@ -38,7 +38,7 @@ export type CreateDomainResponse = {
     aRecords?: { baseDomain: string; value: string }[];
     txtRecords?: { baseDomain: string; value: string }[];
     certResolver?: string | null;
-    customCertResolver?: string | null;
+    preferWildcardCert?: boolean;
 };
 
 // Helper to check if a domain is a subdomain or equal to another domain
@@ -76,7 +76,7 @@ export async function createOrgDomain(
         }
 
         const { orgId } = parsedParams.data;
-        const { type, baseDomain, certResolver, customCertResolver } = parsedBody.data;
+        const { type, baseDomain, certResolver, preferWildcardCert } = parsedBody.data;
 
         if (build == "oss") {
             if (type !== "wildcard") {
@@ -261,7 +261,7 @@ export async function createOrgDomain(
                     type,
                     verified: type === "wildcard" ? true : false,
                     certResolver: certResolver || null,
-                    customCertResolver: customCertResolver || null
+                    preferWildcardCert: preferWildcardCert || false
                 })
                 .returning();
 
@@ -334,7 +334,7 @@ export async function createOrgDomain(
                 nsRecords,
                 aRecords,
                 certResolver: returned.certResolver,
-                customCertResolver: returned.customCertResolver
+                preferWildcardCert: returned.preferWildcardCert
             },
             success: true,
             error: false,
diff --git a/server/routers/domain/listDomains.ts b/server/routers/domain/listDomains.ts
index 85bc3caa..55ea99cb 100644
--- a/server/routers/domain/listDomains.ts
+++ b/server/routers/domain/listDomains.ts
@@ -44,7 +44,7 @@ async function queryDomains(orgId: string, limit: number, offset: number) {
             tries: domains.tries,
             configManaged: domains.configManaged,
             certResolver: domains.certResolver,
-            customCertResolver: domains.customCertResolver,
+            preferWildcardCert: domains.preferWildcardCert
         })
         .from(orgDomains)
         .where(eq(orgDomains.orgId, orgId))
diff --git a/server/setup/copyInConfig.ts b/server/setup/copyInConfig.ts
index b8c00192..a8627d5e 100644
--- a/server/setup/copyInConfig.ts
+++ b/server/setup/copyInConfig.ts
@@ -37,7 +37,9 @@ async function copyInDomains() {
         const configDomains = Object.entries(rawDomains).map(
             ([key, value]) => ({
                 domainId: key,
-                baseDomain: value.base_domain.toLowerCase()
+                baseDomain: value.base_domain.toLowerCase(),
+                certResolver: value.cert_resolver || null,
+                preferWildcardCert: value.prefer_wildcard_cert || null
             })
         );
 
@@ -59,11 +61,11 @@ async function copyInDomains() {
             }
         }
 
-        for (const { domainId, baseDomain } of configDomains) {
+        for (const { domainId, baseDomain, certResolver, preferWildcardCert } of configDomains) {
             if (existingDomainKeys.has(domainId)) {
                 await trx
                     .update(domains)
-                    .set({ baseDomain, verified: true, type: "wildcard" })
+                    .set({ baseDomain, verified: true, type: "wildcard", certResolver, preferWildcardCert })
                     .where(eq(domains.domainId, domainId))
                     .execute();
             } else {
@@ -74,7 +76,9 @@ async function copyInDomains() {
                         baseDomain,
                         configManaged: true,
                         type: "wildcard",
-                        verified: true
+                        verified: true,
+                        certResolver,
+                        preferWildcardCert
                     })
                     .execute();
             }
diff --git a/src/components/CreateDomainForm.tsx b/src/components/CreateDomainForm.tsx
index 24b1d466..7e7fcc66 100644
--- a/src/components/CreateDomainForm.tsx
+++ b/src/components/CreateDomainForm.tsx
@@ -11,6 +11,7 @@ import {
     FormDescription
 } from "@app/components/ui/form";
 import { Input } from "@app/components/ui/input";
+import { Checkbox, CheckboxWithLabel } from "@app/components/ui/checkbox";
 import { useToast } from "@app/hooks/useToast";
 import { zodResolver } from "@hookform/resolvers/zod";
 import { useState, useMemo } from "react";
@@ -98,8 +99,8 @@ const formSchema = z.object({
         .refine((val) => isValidDomainFormat(val), "Invalid domain format")
         .transform((val) => toPunycode(val)),
     type: z.enum(["ns", "cname", "wildcard"]),
-    certResolver: z.string().optional(),
-    customCertResolver: z.string().optional()
+    certResolver: z.string().nullable().optional(),
+    preferWildcardCert: z.boolean().optional()
 });
 
 type FormValues = z.infer<typeof formSchema>;
@@ -112,7 +113,7 @@ type CreateDomainFormProps = {
 
 // Example cert resolver options (replace with real API/fetch if needed)
 const certResolverOptions = [
-    { id: "letsencrypt", title: "Let's Encrypt" },
+    { id: "default", title: "Default" },
     { id: "custom", title: "Custom Resolver" }
 ];
 
@@ -135,8 +136,8 @@ export default function CreateDomainForm({
         defaultValues: {
             baseDomain: "",
             type: build == "oss" || !env.flags.usePangolinDns ? "wildcard" : "ns",
-            certResolver: "",
-            customCertResolver: ""
+            certResolver: null,
+            preferWildcardCert: false
         }
     });
 
@@ -281,8 +282,20 @@ export default function CreateDomainForm({
                                                 <FormLabel>{t("certResolver")}</FormLabel>
                                                 <FormControl>
                                                     <Select
-                                                        value={field.value}
-                                                        onValueChange={(val) => field.onChange(val)}
+                                                        value={
+                                                            field.value === null ? "default" : 
+                                                            (field.value === "" || (field.value && field.value !== "default")) ? "custom" : 
+                                                            "default"
+                                                        }
+                                                        onValueChange={(val) => {
+                                                            if (val === "default") {
+                                                                field.onChange(null);
+                                                            } else if (val === "custom") {
+                                                                field.onChange("");
+                                                            } else {
+                                                                field.onChange(val);
+                                                            }
+                                                        }}
                                                     >
                                                         <SelectTrigger>
                                                             <SelectValue placeholder={t("selectCertResolver")} />
@@ -297,21 +310,40 @@ export default function CreateDomainForm({
                                                     </Select>
                                                 </FormControl>
                                                 <FormMessage />
-                                                {field.value === "custom" && (
-                                                    <FormControl className="mt-2">
-                                                        <Input
-                                                            placeholder={t("enterCustomResolver")}
-                                                            value={form.watch("customCertResolver") || ""}
-                                                            onChange={(e) =>
-                                                                form.setValue("customCertResolver", e.target.value)
-                                                            }
+                                                {field.value !== null && field.value !== "default" && (
+                                                    <div className="space-y-2 mt-2">
+                                                        <FormControl>
+                                                            <Input
+                                                                placeholder={t("enterCustomResolver")}
+                                                                value={field.value || ""}
+                                                                onChange={(e) => field.onChange(e.target.value)}
+                                                            />
+                                                        </FormControl>
+                                                        <FormField
+                                                            control={form.control}
+                                                            name="preferWildcardCert"
+                                                            render={({ field: checkboxField }) => (
+                                                                <FormItem className="flex flex-row items-center space-x-3 space-y-0">
+                                                                    <FormControl>
+                                                                        <CheckboxWithLabel
+                                                                            label={t("preferWildcardCert")}
+                                                                            checked={checkboxField.value}
+                                                                            onCheckedChange={checkboxField.onChange}
+                                                                        />
+                                                                    </FormControl>
+                                                                    {/* <div className="space-y-1 leading-none">
+                                                                        <FormLabel>
+                                                                            {t("preferWildcardCert")}
+                                                                        </FormLabel>
+                                                                    </div> */}
+                                                                </FormItem>
+                                                            )}
                                                         />
-                                                    </FormControl>
+                                                    </div>
                                                 )}
                                             </FormItem>
                                         )}
                                     />
-
                                 )}
                             </form>
                         </Form>

From df24525105cb25b479760d2f99ca3ee6b7a9a07b Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Wed, 8 Oct 2025 14:48:21 -0700
Subject: [PATCH 12/69] Fix type issues

---
 server/routers/domain/createOrgDomain.ts | 2 +-
 server/setup/copyInConfig.ts             | 2 +-
 src/components/DomainsTable.tsx          | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/server/routers/domain/createOrgDomain.ts b/server/routers/domain/createOrgDomain.ts
index f9a9dcbd..b35a3de8 100644
--- a/server/routers/domain/createOrgDomain.ts
+++ b/server/routers/domain/createOrgDomain.ts
@@ -38,7 +38,7 @@ export type CreateDomainResponse = {
     aRecords?: { baseDomain: string; value: string }[];
     txtRecords?: { baseDomain: string; value: string }[];
     certResolver?: string | null;
-    preferWildcardCert?: boolean;
+    preferWildcardCert?: boolean | null;
 };
 
 // Helper to check if a domain is a subdomain or equal to another domain
diff --git a/server/setup/copyInConfig.ts b/server/setup/copyInConfig.ts
index a8627d5e..e003d089 100644
--- a/server/setup/copyInConfig.ts
+++ b/server/setup/copyInConfig.ts
@@ -39,7 +39,7 @@ async function copyInDomains() {
                 domainId: key,
                 baseDomain: value.base_domain.toLowerCase(),
                 certResolver: value.cert_resolver || null,
-                preferWildcardCert: value.prefer_wildcard_cert || null
+                preferWildcardCert: value.prefer_wildcard_cert || null,
             })
         );
 
diff --git a/src/components/DomainsTable.tsx b/src/components/DomainsTable.tsx
index 87d869df..02f1854d 100644
--- a/src/components/DomainsTable.tsx
+++ b/src/components/DomainsTable.tsx
@@ -25,7 +25,7 @@ export type DomainRow = {
     tries: number;
     configManaged: boolean;
     certResolver: string;
-    customCertResolver: string;
+    preferWildcardCert: boolean;
 };
 
 type Props = {

From 156fe529b5dd19946afd97c08d3c7a66db5901c6 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Wed, 15 Oct 2025 19:38:09 +0530
Subject: [PATCH 13/69] fix code conflicts and match dev change

---
 server/lib/traefik/getTraefikConfig.ts        | 82 ++++++++++---------
 .../private/lib/traefik/getTraefikConfig.ts   |  4 +-
 2 files changed, 46 insertions(+), 40 deletions(-)

diff --git a/server/lib/traefik/getTraefikConfig.ts b/server/lib/traefik/getTraefikConfig.ts
index 45729a30..74080f6f 100644
--- a/server/lib/traefik/getTraefikConfig.ts
+++ b/server/lib/traefik/getTraefikConfig.ts
@@ -15,6 +15,7 @@ import config from "@server/lib/config";
 import { resources, sites, Target, targets } from "@server/db";
 import createPathRewriteMiddleware from "./middleware";
 import { sanitize, validatePathRewriteConfig } from "./utils";
+import { privateConfig } from "../../private/lib/config";
 
 const redirectHttpsMiddlewareName = "redirect-to-https";
 const badgerMiddlewareName = "badger";
@@ -253,36 +254,39 @@ export async function getTraefikConfig(
             const domainCertResolver = resource.domainCertResolver;
             const preferWildcardCert = resource.preferWildcardCert;
 
-            let resolverName: string | undefined;
-            let preferWildcard: boolean | undefined;
-            // Handle both letsencrypt & custom cases
-            if (domainCertResolver) {
-                resolverName = domainCertResolver.trim();
-            } else {
-                resolverName = globalDefaultResolver;
-            }
-
-            if (
-                preferWildcardCert !== undefined &&
-                preferWildcardCert !== null
-            ) {
-                preferWildcard = preferWildcardCert;
-            } else {
-                preferWildcard = globalDefaultPreferWildcard;
-            }
 
             let tls = {};
-            if (build == "oss") {
+            if (!privateConfig.getRawPrivateConfig().flags.generate_own_certificates) {
+
+                let resolverName: string | undefined;
+                let preferWildcard: boolean | undefined;
+                // Handle both letsencrypt & custom cases
+                if (domainCertResolver) {
+                    resolverName = domainCertResolver.trim();
+                } else {
+                    resolverName = globalDefaultResolver;
+                }
+
+                if (
+                    preferWildcardCert !== undefined &&
+                    preferWildcardCert !== null
+                ) {
+                    preferWildcard = preferWildcardCert;
+                } else {
+                    preferWildcard = globalDefaultPreferWildcard;
+                }
+
+
                 tls = {
                     certResolver: resolverName,
                     ...(preferWildcard
                         ? {
-                              domains: [
-                                  {
-                                      main: wildCard
-                                  }
-                              ]
-                          }
+                            domains: [
+                                {
+                                    main: wildCard
+                                }
+                            ]
+                        }
                         : {})
                 };
             }
@@ -524,14 +528,14 @@ export async function getTraefikConfig(
                     })(),
                     ...(resource.stickySession
                         ? {
-                              sticky: {
-                                  cookie: {
-                                      name: "p_sticky", // TODO: make this configurable via config.yml like other cookies
-                                      secure: resource.ssl,
-                                      httpOnly: true
-                                  }
-                              }
-                          }
+                            sticky: {
+                                cookie: {
+                                    name: "p_sticky", // TODO: make this configurable via config.yml like other cookies
+                                    secure: resource.ssl,
+                                    httpOnly: true
+                                }
+                            }
+                        }
                         : {})
                 }
             };
@@ -632,13 +636,13 @@ export async function getTraefikConfig(
                     })(),
                     ...(resource.stickySession
                         ? {
-                              sticky: {
-                                  ipStrategy: {
-                                      depth: 0,
-                                      sourcePort: true
-                                  }
-                              }
-                          }
+                            sticky: {
+                                ipStrategy: {
+                                    depth: 0,
+                                    sourcePort: true
+                                }
+                            }
+                        }
                         : {})
                 }
             };
diff --git a/server/private/lib/traefik/getTraefikConfig.ts b/server/private/lib/traefik/getTraefikConfig.ts
index c0f934cd..a74c2ec0 100644
--- a/server/private/lib/traefik/getTraefikConfig.ts
+++ b/server/private/lib/traefik/getTraefikConfig.ts
@@ -304,6 +304,8 @@ export async function getTraefikConfig(
                 wildCard = resource.fullDomain;
             }
 
+            const configDomain = config.getDomain(resource.domainId);
+
             let tls = {};
             if (!privateConfig.getRawPrivateConfig().flags.use_pangolin_dns) {
                 const domainParts = fullDomain.split(".");
@@ -331,7 +333,7 @@ export async function getTraefikConfig(
                 }
 
                 tls = {
-                    certResolver: resolverName,
+                    certResolver: certResolver,
                     ...(preferWildcardCert
                         ? {
                             domains: [

From 9d452efc7d3f996862995814efc719ab354cd370 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Wed, 15 Oct 2025 19:52:31 +0530
Subject: [PATCH 14/69] fix treafik config mismatch

---
 server/lib/traefik/getTraefikConfig.ts | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/server/lib/traefik/getTraefikConfig.ts b/server/lib/traefik/getTraefikConfig.ts
index 74080f6f..a5552c8c 100644
--- a/server/lib/traefik/getTraefikConfig.ts
+++ b/server/lib/traefik/getTraefikConfig.ts
@@ -254,11 +254,7 @@ export async function getTraefikConfig(
             const domainCertResolver = resource.domainCertResolver;
             const preferWildcardCert = resource.preferWildcardCert;
 
-
-            let tls = {};
-            if (!privateConfig.getRawPrivateConfig().flags.generate_own_certificates) {
-
-                let resolverName: string | undefined;
+             let resolverName: string | undefined;
                 let preferWildcard: boolean | undefined;
                 // Handle both letsencrypt & custom cases
                 if (domainCertResolver) {
@@ -276,8 +272,7 @@ export async function getTraefikConfig(
                     preferWildcard = globalDefaultPreferWildcard;
                 }
 
-
-                tls = {
+                const tls = {
                     certResolver: resolverName,
                     ...(preferWildcard
                         ? {
@@ -289,7 +284,7 @@ export async function getTraefikConfig(
                         }
                         : {})
                 };
-            }
+            
 
             const additionalMiddlewares =
                 config.getRawConfig().traefik.additional_middlewares || [];

From f10271890144224cba8f9e2e4025368ecd5b2b47 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Thu, 16 Oct 2025 16:27:31 +0530
Subject: [PATCH 15/69] add edit button to domain table

---
 src/app/[orgId]/settings/domains/page.tsx |  2 +-
 src/components/DomainsTable.tsx           | 54 ++++++++++++++++++++---
 2 files changed, 49 insertions(+), 7 deletions(-)

diff --git a/src/app/[orgId]/settings/domains/page.tsx b/src/app/[orgId]/settings/domains/page.tsx
index cb587d92..2c667b3a 100644
--- a/src/app/[orgId]/settings/domains/page.tsx
+++ b/src/app/[orgId]/settings/domains/page.tsx
@@ -60,7 +60,7 @@ export default async function DomainsPage(props: Props) {
                     title={t("domains")}
                     description={t("domainsDescription")}
                 />
-                <DomainsTable domains={domains} />
+                <DomainsTable domains={domains} orgId={org.org.orgId} />
             </OrgProvider>
         </>
     );
diff --git a/src/components/DomainsTable.tsx b/src/components/DomainsTable.tsx
index 02f1854d..51aa951a 100644
--- a/src/components/DomainsTable.tsx
+++ b/src/components/DomainsTable.tsx
@@ -3,7 +3,7 @@
 import { ColumnDef } from "@tanstack/react-table";
 import { DomainsDataTable } from "@app/components/DomainsDataTable";
 import { Button } from "@app/components/ui/button";
-import { ArrowUpDown } from "lucide-react";
+import { ArrowRight, ArrowUpDown, MoreHorizontal } from "lucide-react";
 import { useState } from "react";
 import ConfirmDeleteDialog from "@app/components/ConfirmDeleteDialog";
 import { formatAxiosError } from "@app/lib/api";
@@ -15,6 +15,8 @@ import { useTranslations } from "next-intl";
 import CreateDomainForm from "@app/components/CreateDomainForm";
 import { useToast } from "@app/hooks/useToast";
 import { useOrgContext } from "@app/hooks/useOrgContext";
+import { DropdownMenu, DropdownMenuContent, DropdownMenuItem, DropdownMenuTrigger } from "./ui/dropdown-menu";
+import Link from "next/link";
 
 export type DomainRow = {
     domainId: string;
@@ -30,9 +32,10 @@ export type DomainRow = {
 
 type Props = {
     domains: DomainRow[];
+    orgId: string;
 };
 
-export default function DomainsTable({ domains }: Props) {
+export default function DomainsTable({ domains, orgId }: Props) {
     const [isDeleteModalOpen, setIsDeleteModalOpen] = useState(false);
     const [isCreateModalOpen, setIsCreateModalOpen] = useState(false);
     const [selectedDomain, setSelectedDomain] = useState<DomainRow | null>(
@@ -207,12 +210,51 @@ export default function DomainsTable({ domains }: Props) {
                             >
                                 {isRestarting
                                     ? t("restarting", {
-                                          fallback: "Restarting..."
-                                      })
+                                        fallback: "Restarting..."
+                                    })
                                     : t("restart", { fallback: "Restart" })}
                             </Button>
                         )}
-                        <Button
+                        <div className="flex items-center justify-end gap-2">
+                            <DropdownMenu>
+                                <DropdownMenuTrigger asChild>
+                                    <Button variant="ghost" className="h-8 w-8 p-0">
+                                        <span className="sr-only">Open menu</span>
+                                        <MoreHorizontal className="h-4 w-4" />
+                                    </Button>
+                                </DropdownMenuTrigger>
+                                <DropdownMenuContent align="end">
+                                    <Link
+                                        className="block w-full"
+                                        href={`/${orgId}/settings/domains/${domain.domainId}`}
+                                    >
+                                        <DropdownMenuItem>
+                                            {t("viewSettings")}
+                                        </DropdownMenuItem>
+                                    </Link>
+                                    <DropdownMenuItem
+                                        onClick={() => {
+                                            setSelectedDomain(domain);
+                                            setIsDeleteModalOpen(true);
+                                        }}
+                                    >
+                                        <span className="text-red-500">
+                                            {t("delete")}
+                                        </span>
+                                    </DropdownMenuItem>
+                                </DropdownMenuContent>
+                            </DropdownMenu>
+
+                            <Link
+                                href={`/${orgId}/settings/domains/${domain.domainId}`}
+                            >
+                                <Button variant={"secondary"} size="sm">
+                                    {t("edit")}
+                                    <ArrowRight className="ml-2 w-4 h-4" />
+                                </Button>
+                            </Link>
+                        </div>
+                        {/* <Button
                             variant="secondary"
                             size="sm"
                             disabled={domain.configManaged}
@@ -222,7 +264,7 @@ export default function DomainsTable({ domains }: Props) {
                             }}
                         >
                             {t("delete")}
-                        </Button>
+                        </Button> */}
                     </div>
                 );
             }

From ae670e1eb54b3ad5fa94e43f77a89753177b4e4d Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Thu, 16 Oct 2025 19:11:29 +0530
Subject: [PATCH 16/69] initial setup for viewing domain details

---
 messages/en-US.json                           |  5 +-
 server/auth/actions.ts                        |  1 +
 server/routers/domain/getDomain.ts            | 86 +++++++++++++++++++
 server/routers/domain/index.ts                |  3 +-
 server/routers/external.ts                    |  7 ++
 .../settings/domains/[domainId]/layout.tsx    | 50 +++++++++++
 .../settings/domains/[domainId]/page.tsx      |  8 ++
 src/components/DomainInfoCard.tsx             | 59 +++++++++++++
 src/contexts/domainContext.ts                 | 11 +++
 src/hooks/useDomainContext.ts                 | 10 +++
 src/providers/DomainProvider.tsx              | 43 ++++++++++
 11 files changed, 281 insertions(+), 2 deletions(-)
 create mode 100644 server/routers/domain/getDomain.ts
 create mode 100644 src/app/[orgId]/settings/domains/[domainId]/layout.tsx
 create mode 100644 src/app/[orgId]/settings/domains/[domainId]/page.tsx
 create mode 100644 src/components/DomainInfoCard.tsx
 create mode 100644 src/contexts/domainContext.ts
 create mode 100644 src/hooks/useDomainContext.ts
 create mode 100644 src/providers/DomainProvider.tsx

diff --git a/messages/en-US.json b/messages/en-US.json
index c3e93ba8..a60e432c 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1896,5 +1896,8 @@
     "certResolverDescription": "Select the certificate resolver to use for this resource.",
     "selectCertResolver": "Select Certificate Resolver",
     "enterCustomResolver": "Enter Custom Resolver",
-    "preferWildcardCert": "Prefer Wildcard Certificate"
+    "preferWildcardCert": "Prefer Wildcard Certificate",
+    "unverified": "Unverified",
+    "domainSetting": "DomainSetting",
+    "domainSettingDescription": "Configure settings for your domain"
 }
diff --git a/server/auth/actions.ts b/server/auth/actions.ts
index e48bc502..4e2738e1 100644
--- a/server/auth/actions.ts
+++ b/server/auth/actions.ts
@@ -81,6 +81,7 @@ export enum ActionsEnum {
     listClients = "listClients",
     getClient = "getClient",
     listOrgDomains = "listOrgDomains",
+    getDomain = "getDomain",
     createNewt = "createNewt",
     createIdp = "createIdp",
     updateIdp = "updateIdp",
diff --git a/server/routers/domain/getDomain.ts b/server/routers/domain/getDomain.ts
new file mode 100644
index 00000000..77bd18ae
--- /dev/null
+++ b/server/routers/domain/getDomain.ts
@@ -0,0 +1,86 @@
+import { Request, Response, NextFunction } from "express";
+import { z } from "zod";
+import { db, domains } from "@server/db";
+import { eq, and } from "drizzle-orm";
+import response from "@server/lib/response";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import logger from "@server/logger";
+import { fromError } from "zod-validation-error";
+import { OpenAPITags, registry } from "@server/openApi";
+import { domain } from "zod/v4/core/regexes";
+
+const getDomainSchema = z
+    .object({
+        domainId: z
+            .string()
+            .optional(),
+        orgId: z.string().optional()
+    })
+    .strict();
+
+async function query(domainId?: string, orgId?: string) {
+    if (domainId) {
+        const [res] = await db
+            .select()
+            .from(domains)
+            .where(eq(domains.domainId, domainId))
+            .limit(1);
+        return res;
+    }
+}
+
+export type GetDomainResponse = NonNullable<Awaited<ReturnType<typeof query>>>;
+
+registry.registerPath({
+    method: "get",
+    path: "/org/{orgId}/domain/{domainId}",
+    description: "Get a domain by domainId.",
+    tags: [OpenAPITags.Domain],
+    request: {
+        params: z.object({
+            domainId: z.string(),
+            orgId: z.string()
+        })
+    },
+    responses: {}
+});
+
+export async function getDomain(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedParams = getDomainSchema.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error).toString()
+                )
+            );
+        }
+
+        const { orgId, domainId } = parsedParams.data;
+
+        const domain = await query(domainId, orgId);
+
+        if (!domain) {
+            return next(createHttpError(HttpCode.NOT_FOUND, "Domain not found"));
+        }
+
+        return response<GetDomainResponse>(res, {
+            data: domain,
+            success: true,
+            error: false,
+            message: "Domain retrieved successfully",
+            status: HttpCode.OK
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
diff --git a/server/routers/domain/index.ts b/server/routers/domain/index.ts
index c0cafafe..e131e6a4 100644
--- a/server/routers/domain/index.ts
+++ b/server/routers/domain/index.ts
@@ -1,4 +1,5 @@
 export * from "./listDomains";
 export * from "./createOrgDomain";
 export * from "./deleteOrgDomain";
-export * from "./restartOrgDomain";
\ No newline at end of file
+export * from "./restartOrgDomain";
+export * from "./getDomain";
\ No newline at end of file
diff --git a/server/routers/external.ts b/server/routers/external.ts
index 8bd72f62..cadbbad7 100644
--- a/server/routers/external.ts
+++ b/server/routers/external.ts
@@ -302,6 +302,13 @@ authenticated.get(
     domain.listDomains
 );
 
+authenticated.get(
+    "/org/:orgId/domain/:domainId",
+    verifyOrgAccess,
+    verifyUserHasAction(ActionsEnum.getDomain),
+    domain.getDomain
+);
+
 authenticated.get(
     "/org/:orgId/invitations",
     verifyOrgAccess,
diff --git a/src/app/[orgId]/settings/domains/[domainId]/layout.tsx b/src/app/[orgId]/settings/domains/[domainId]/layout.tsx
new file mode 100644
index 00000000..1e1fec7b
--- /dev/null
+++ b/src/app/[orgId]/settings/domains/[domainId]/layout.tsx
@@ -0,0 +1,50 @@
+import { internal } from "@app/lib/api";
+import { AxiosResponse } from "axios";
+import { redirect } from "next/navigation";
+import { authCookieHeader } from "@app/lib/api/cookies";
+import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
+import { getTranslations } from "next-intl/server";
+import { GetDomainResponse } from "@server/routers/domain/getDomain";
+import DomainProvider from "@app/providers/DomainProvider";
+import DomainInfoCard from "@app/components/DomainInfoCard";
+
+interface SettingsLayoutProps {
+    children: React.ReactNode;
+    params: Promise<{ domainId: string; orgId: string }>;
+}
+
+export default async function SettingsLayout(props: SettingsLayoutProps) {
+    const params = await props.params;
+
+    const { children } = props;
+
+    let domain = null;
+    try {
+        const res = await internal.get<AxiosResponse<GetDomainResponse>>(
+            `/org/${params.orgId}/domain/${params.domainId}`,
+            await authCookieHeader()
+        );
+        domain = res.data.data;
+        console.log(JSON.stringify(domain));
+    } catch {
+        redirect(`/${params.orgId}/settings/domains`);
+    }
+
+    const t = await getTranslations();
+
+
+    return (
+        <>
+            <SettingsSectionTitle
+                title={domain ? domain.baseDomain : t('domainSetting')}
+                description={t('domainSettingDescription')}
+            />
+
+            <DomainProvider domain={domain}>
+                <div className="space-y-6">
+                    <DomainInfoCard />
+                </div>
+            </DomainProvider>
+        </>
+    );
+}
diff --git a/src/app/[orgId]/settings/domains/[domainId]/page.tsx b/src/app/[orgId]/settings/domains/[domainId]/page.tsx
new file mode 100644
index 00000000..e8187b95
--- /dev/null
+++ b/src/app/[orgId]/settings/domains/[domainId]/page.tsx
@@ -0,0 +1,8 @@
+import { redirect } from "next/navigation";
+
+export default async function DomainPage(props: {
+    params: Promise<{ orgId: string; domainId: string }>;
+}) {
+    const params = await props.params;
+    redirect(`/${params.orgId}/settings/domains/${params.domainId}`);
+}
\ No newline at end of file
diff --git a/src/components/DomainInfoCard.tsx b/src/components/DomainInfoCard.tsx
new file mode 100644
index 00000000..951633f2
--- /dev/null
+++ b/src/components/DomainInfoCard.tsx
@@ -0,0 +1,59 @@
+"use client";
+
+import { Alert, AlertDescription, AlertTitle } from "@/components/ui/alert";
+import { InfoIcon } from "lucide-react";
+import {
+    InfoSection,
+    InfoSectionContent,
+    InfoSections,
+    InfoSectionTitle
+} from "@app/components/InfoSection";
+import { useTranslations } from "next-intl";
+import { useEnvContext } from "@app/hooks/useEnvContext";
+import { useDomainContext } from "@app/hooks/useDomainContext";
+
+type DomainInfoCardProps = {};
+
+export default function DomainInfoCard({ }: DomainInfoCardProps) {
+    const { domain, updateDomain } = useDomainContext();
+    const t = useTranslations();
+    const { env } = useEnvContext();
+
+
+    return (
+        <Alert>
+            <AlertDescription>
+                <InfoSections cols={env.flags.enableClients ? 3 : 2}>
+                    <InfoSection>
+                        <InfoSectionTitle>
+                            {t("type")}
+                        </InfoSectionTitle>
+                        <InfoSectionContent>
+                            <span>
+                                {domain.type}
+                            </span>
+                        </InfoSectionContent>
+                    </InfoSection>
+                    <InfoSection>
+                        <InfoSectionTitle>
+                            {t("status")}
+                        </InfoSectionTitle>
+                        <InfoSectionContent>
+                            {domain.verified ? (
+                                <div className="text-green-500 flex items-center space-x-2">
+                                    <div className="w-2 h-2 bg-green-500 rounded-full"></div>
+                                    <span>{t("verified")}</span>
+                                </div>
+                            ) : (   
+                                <div className="text-neutral-500 flex items-center space-x-2">
+                                    <div className="w-2 h-2 bg-gray-500 rounded-full"></div>
+                                    <span>{t("unverified")}</span>
+                                </div>
+                            )}
+                        </InfoSectionContent>
+                    </InfoSection>
+                </InfoSections>
+            </AlertDescription>
+        </Alert>
+    );
+}
diff --git a/src/contexts/domainContext.ts b/src/contexts/domainContext.ts
new file mode 100644
index 00000000..d60c4ca4
--- /dev/null
+++ b/src/contexts/domainContext.ts
@@ -0,0 +1,11 @@
+import { GetDomainResponse } from "@server/routers/domain/getDomain";
+import { createContext } from "react";
+
+interface DomainContextType {
+    domain: GetDomainResponse;
+    updateDomain: (updatedDomain: Partial<GetDomainResponse>) => void;
+}
+
+const DomainContext = createContext<DomainContextType | undefined>(undefined);
+
+export default DomainContext;
\ No newline at end of file
diff --git a/src/hooks/useDomainContext.ts b/src/hooks/useDomainContext.ts
new file mode 100644
index 00000000..36d3840f
--- /dev/null
+++ b/src/hooks/useDomainContext.ts
@@ -0,0 +1,10 @@
+import DomainContext from "@app/contexts/domainContext";
+import { useContext } from "react";
+
+export function useDomainContext() {
+    const context = useContext(DomainContext);
+    if (context === undefined) {
+        throw new Error('useDomainContext must be used within a DomainProvider');
+    }
+    return context;
+}
\ No newline at end of file
diff --git a/src/providers/DomainProvider.tsx b/src/providers/DomainProvider.tsx
new file mode 100644
index 00000000..9b014449
--- /dev/null
+++ b/src/providers/DomainProvider.tsx
@@ -0,0 +1,43 @@
+"use client";
+
+import { useState } from "react";
+import { useTranslations } from "next-intl";
+import { GetDomainResponse } from "@server/routers/domain/getDomain";
+import DomainContext from "@app/contexts/domainContext";
+
+interface DomainProviderProps {
+    children: React.ReactNode;
+    domain: GetDomainResponse;
+}
+
+export function DomainProvider({
+    children,
+    domain: serverDomain
+}: DomainProviderProps) {
+    const [domain, setDomain] = useState<GetDomainResponse>(serverDomain);
+
+    const t = useTranslations();
+
+    const updateDomain = (updatedDomain: Partial<GetDomainResponse>) => {
+        if (!domain) {
+            throw new Error(t('domainErrorNoUpdate'));
+        }
+        setDomain((prev) => {
+            if (!prev) {
+                return prev;
+            }
+            return {
+                ...prev,
+                ...updatedDomain
+            };
+        });
+    };
+
+    return (
+        <DomainContext.Provider value={{ domain, updateDomain }}>
+            {children}
+        </DomainContext.Provider>
+    );
+}
+
+export default DomainProvider;
\ No newline at end of file

From 43f907ebeccb998160256310040478142c880bc3 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Thu, 16 Oct 2025 21:32:25 +0530
Subject: [PATCH 17/69] remove import

---
 server/lib/traefik/getTraefikConfig.ts | 1 -
 1 file changed, 1 deletion(-)

diff --git a/server/lib/traefik/getTraefikConfig.ts b/server/lib/traefik/getTraefikConfig.ts
index a5552c8c..da2f2001 100644
--- a/server/lib/traefik/getTraefikConfig.ts
+++ b/server/lib/traefik/getTraefikConfig.ts
@@ -15,7 +15,6 @@ import config from "@server/lib/config";
 import { resources, sites, Target, targets } from "@server/db";
 import createPathRewriteMiddleware from "./middleware";
 import { sanitize, validatePathRewriteConfig } from "./utils";
-import { privateConfig } from "../../private/lib/config";
 
 const redirectHttpsMiddlewareName = "redirect-to-https";
 const badgerMiddlewareName = "badger";

From a9b9161c40ec2fb6b4188f531d499df540c267f3 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Thu, 16 Oct 2025 23:37:55 +0530
Subject: [PATCH 18/69] template for Domain Settings

---
 messages/en-US.json               |   5 +-
 src/components/DomainInfoCard.tsx | 269 ++++++++++++++++++++++++++----
 2 files changed, 238 insertions(+), 36 deletions(-)

diff --git a/messages/en-US.json b/messages/en-US.json
index a60e432c..b2dbb302 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1898,6 +1898,7 @@
     "enterCustomResolver": "Enter Custom Resolver",
     "preferWildcardCert": "Prefer Wildcard Certificate",
     "unverified": "Unverified",
-    "domainSetting": "DomainSetting",
-    "domainSettingDescription": "Configure settings for your domain"
+    "domainSetting": "Domain Settings",
+    "domainSettingDescription": "Configure settings for your domain",
+    "preferWildcardCertDescription": "Attempt to generate a wildcard certificate (require a properly configured certificate resolver)."
 }
diff --git a/src/components/DomainInfoCard.tsx b/src/components/DomainInfoCard.tsx
index 951633f2..8564acfa 100644
--- a/src/components/DomainInfoCard.tsx
+++ b/src/components/DomainInfoCard.tsx
@@ -11,49 +11,250 @@ import {
 import { useTranslations } from "next-intl";
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import { useDomainContext } from "@app/hooks/useDomainContext";
+import { SettingsContainer, SettingsSection, SettingsSectionBody, SettingsSectionDescription, SettingsSectionFooter, SettingsSectionForm, SettingsSectionHeader, SettingsSectionTitle } from "./Settings";
+import { Button } from "./ui/button";
+import {
+    Form,
+    FormControl,
+    FormField,
+    FormItem,
+    FormLabel,
+    FormMessage,
+    FormDescription
+} from "@app/components/ui/form";
+import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "./ui/select";
+import { Input } from "./ui/input";
+import { CheckboxWithLabel } from "./ui/checkbox";
+import { useForm } from "react-hook-form";
+import z from "zod";
+import { toASCII } from "punycode";
+import { zodResolver } from "@hookform/resolvers/zod";
+import { build } from "@server/build";
+import { Switch } from "./ui/switch";
 
 type DomainInfoCardProps = {};
 
+// Helper functions for Unicode domain handling
+function toPunycode(domain: string): string {
+    try {
+        const parts = toASCII(domain);
+        return parts;
+    } catch (error) {
+        return domain.toLowerCase();
+    }
+}
+
+
+function isValidDomainFormat(domain: string): boolean {
+    const unicodeRegex = /^(?!:\/\/)([^\s.]+\.)*[^\s.]+$/;
+
+    if (!unicodeRegex.test(domain)) {
+        return false;
+    }
+
+    const parts = domain.split('.');
+    for (const part of parts) {
+        if (part.length === 0 || part.startsWith('-') || part.endsWith('-')) {
+            return false;
+        }
+        if (part.length > 63) {
+            return false;
+        }
+    }
+
+    if (domain.length > 253) {
+        return false;
+    }
+
+    return true;
+}
+
+const formSchema = z.object({
+    baseDomain: z
+        .string()
+        .min(1, "Domain is required")
+        .refine((val) => isValidDomainFormat(val), "Invalid domain format")
+        .transform((val) => toPunycode(val)),
+    type: z.enum(["ns", "cname", "wildcard"]),
+    certResolver: z.string().nullable().optional(),
+    preferWildcardCert: z.boolean().optional()
+});
+
+type FormValues = z.infer<typeof formSchema>;
+
+const certResolverOptions = [
+    { id: "default", title: "Default" },
+    { id: "custom", title: "Custom Resolver" }
+];
+
+
 export default function DomainInfoCard({ }: DomainInfoCardProps) {
     const { domain, updateDomain } = useDomainContext();
     const t = useTranslations();
     const { env } = useEnvContext();
 
+    const form = useForm<FormValues>({
+        resolver: zodResolver(formSchema),
+        defaultValues: {
+            baseDomain: "",
+            type: build == "oss" || !env.flags.usePangolinDns ? "wildcard" : "ns",
+            certResolver: null,
+            preferWildcardCert: false
+        }
+    });
+
 
     return (
-        <Alert>
-            <AlertDescription>
-                <InfoSections cols={env.flags.enableClients ? 3 : 2}>
-                    <InfoSection>
-                        <InfoSectionTitle>
-                            {t("type")}
-                        </InfoSectionTitle>
-                        <InfoSectionContent>
-                            <span>
-                                {domain.type}
-                            </span>
-                        </InfoSectionContent>
-                    </InfoSection>
-                    <InfoSection>
-                        <InfoSectionTitle>
-                            {t("status")}
-                        </InfoSectionTitle>
-                        <InfoSectionContent>
-                            {domain.verified ? (
-                                <div className="text-green-500 flex items-center space-x-2">
-                                    <div className="w-2 h-2 bg-green-500 rounded-full"></div>
-                                    <span>{t("verified")}</span>
-                                </div>
-                            ) : (   
-                                <div className="text-neutral-500 flex items-center space-x-2">
-                                    <div className="w-2 h-2 bg-gray-500 rounded-full"></div>
-                                    <span>{t("unverified")}</span>
-                                </div>
-                            )}
-                        </InfoSectionContent>
-                    </InfoSection>
-                </InfoSections>
-            </AlertDescription>
-        </Alert>
+        <>
+            <Alert>
+                <AlertDescription>
+                    <InfoSections cols={env.flags.enableClients ? 3 : 2}>
+                        <InfoSection>
+                            <InfoSectionTitle>
+                                {t("type")}
+                            </InfoSectionTitle>
+                            <InfoSectionContent>
+                                <span>
+                                    {domain.type}
+                                </span>
+                            </InfoSectionContent>
+                        </InfoSection>
+                        <InfoSection>
+                            <InfoSectionTitle>
+                                {t("status")}
+                            </InfoSectionTitle>
+                            <InfoSectionContent>
+                                {domain.verified ? (
+                                    <div className="text-green-500 flex items-center space-x-2">
+                                        <div className="w-2 h-2 bg-green-500 rounded-full"></div>
+                                        <span>{t("verified")}</span>
+                                    </div>
+                                ) : (
+                                    <div className="text-neutral-500 flex items-center space-x-2">
+                                        <div className="w-2 h-2 bg-gray-500 rounded-full"></div>
+                                        <span>{t("unverified")}</span>
+                                    </div>
+                                )}
+                            </InfoSectionContent>
+                        </InfoSection>
+                    </InfoSections>
+                </AlertDescription>
+            </Alert>
+
+
+            
+
+
+             {/* Domain Settings */}
+             {/* Add condition later to only show when domain is wildcard */}
+            <SettingsContainer>
+                <SettingsSection>
+                    <SettingsSectionHeader>
+                        <SettingsSectionTitle>
+                            {t("domainSetting")}
+                        </SettingsSectionTitle>
+                    </SettingsSectionHeader>
+
+                    <SettingsSectionBody>
+                        <SettingsSectionForm>
+                            <Form {...form}>
+                                <form
+                                    //onSubmit={form.handleSubmit(onSubmit)}
+                                    className="space-y-4"
+                                    id="create-domain-form"
+                                >
+                                    <FormField
+                                        control={form.control}
+                                        name="certResolver"
+                                        render={({ field }) => (
+                                            <FormItem>
+                                                <FormLabel>{t("certResolver")}</FormLabel>
+                                                <FormControl>
+                                                    <Select
+                                                        value={
+                                                            field.value === null ? "default" :
+                                                                (field.value === "" || (field.value && field.value !== "default")) ? "custom" :
+                                                                    "default"
+                                                        }
+                                                        onValueChange={(val) => {
+                                                            if (val === "default") {
+                                                                field.onChange(null);
+                                                            } else if (val === "custom") {
+                                                                field.onChange("");
+                                                            } else {
+                                                                field.onChange(val);
+                                                            }
+                                                        }}
+                                                    >
+                                                        <SelectTrigger>
+                                                            <SelectValue placeholder={t("selectCertResolver")} />
+                                                        </SelectTrigger>
+                                                        <SelectContent>
+                                                            {certResolverOptions.map((opt) => (
+                                                                <SelectItem key={opt.id} value={opt.id}>
+                                                                    {opt.title}
+                                                                </SelectItem>
+                                                            ))}
+                                                        </SelectContent>
+                                                    </Select>
+                                                </FormControl>
+                                                <FormMessage />
+                                                {field.value !== null && field.value !== "default" && (
+                                                    <div className="space-y-2 mt-2">
+                                                        <FormControl>
+                                                            <Input
+                                                                placeholder={t("enterCustomResolver")}
+                                                                value={field.value || ""}
+                                                                onChange={(e) => field.onChange(e.target.value)}
+                                                            />
+                                                        </FormControl>
+                                                        <FormField
+                                                            control={form.control}
+                                                            name="preferWildcardCert"
+                                                            render={({ field: switchField }) => (
+                                                                <FormItem className="items-center space-y-2 mt-4">
+                                                                    <FormControl>
+                                                                        <div className="flex items-center space-x-2">
+                                                                            <Switch
+                                                                                defaultChecked={switchField.value}
+                                                                                onCheckedChange={switchField.onChange}
+                                                                            />
+                                                                            <FormLabel>{t("preferWildcardCert")}</FormLabel>
+                                                                        </div>
+                                                                    </FormControl>
+
+                                                                    <FormDescription>
+                                                                        {t("preferWildcardCertDescription")}
+                                                                    </FormDescription>
+                                                                    <FormMessage />
+                                                                </FormItem>
+                                                            )}
+                                                        />
+                                                    </div>
+                                                )}
+                                            </FormItem>
+                                        )}
+                                    />
+                                </form>
+                            </Form>
+                        </SettingsSectionForm>
+                    </SettingsSectionBody>
+
+                    <SettingsSectionFooter>
+                        <Button
+                            type="submit"
+                            // onClick={() => {
+                            //     console.log(form.getValues());
+                            // }}
+                            // loading={saveLoading}
+                            // disabled={saveLoading}
+                            form="general-settings-form"
+                        >
+                            {t("saveSettings")}
+                        </Button>
+                    </SettingsSectionFooter>
+                </SettingsSection>
+            </SettingsContainer >
+        </>
     );
 }

From 8fdf120ec2f04127ed8dcfa1be2998dab737ea6e Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Fri, 17 Oct 2025 22:25:19 +0530
Subject: [PATCH 19/69] backend setup to store and get DNS Records

---
 server/auth/actions.ts                   |  1 +
 server/db/sqlite/schema/schema.ts        | 13 ++++
 server/routers/domain/createOrgDomain.ts | 43 +++++++++++-
 server/routers/domain/getDNSRecords.ts   | 86 ++++++++++++++++++++++++
 server/routers/domain/index.ts           |  3 +-
 server/routers/external.ts               |  7 ++
 6 files changed, 151 insertions(+), 2 deletions(-)
 create mode 100644 server/routers/domain/getDNSRecords.ts

diff --git a/server/auth/actions.ts b/server/auth/actions.ts
index 4e2738e1..4c442d2c 100644
--- a/server/auth/actions.ts
+++ b/server/auth/actions.ts
@@ -82,6 +82,7 @@ export enum ActionsEnum {
     getClient = "getClient",
     listOrgDomains = "listOrgDomains",
     getDomain = "getDomain",
+    getDNSRecords = "getDNSRecords",
     createNewt = "createNewt",
     createIdp = "createIdp",
     updateIdp = "updateIdp",
diff --git a/server/db/sqlite/schema/schema.ts b/server/db/sqlite/schema/schema.ts
index 30841a4b..bc1ce81b 100644
--- a/server/db/sqlite/schema/schema.ts
+++ b/server/db/sqlite/schema/schema.ts
@@ -16,6 +16,18 @@ export const domains = sqliteTable("domains", {
     preferWildcardCert: integer("preferWildcardCert", { mode: "boolean" })
 });
 
+export const dnsRecords = sqliteTable("dnsRecords", {
+    id: text("id").primaryKey(),
+    domainId: text("domainId")
+        .notNull()
+        .references(() => domains.domainId, { onDelete: "cascade" }),
+
+    recordType: text("recordType").notNull(), // "NS" | "CNAME" | "A" | "TXT"
+    baseDomain: text("baseDomain"),
+    value: text("value").notNull(), 
+});
+
+
 export const orgs = sqliteTable("orgs", {
     orgId: text("orgId").primaryKey(),
     name: text("name").notNull(),
@@ -748,6 +760,7 @@ export type ResourceWhitelist = InferSelectModel<typeof resourceWhitelist>;
 export type VersionMigration = InferSelectModel<typeof versionMigrations>;
 export type ResourceRule = InferSelectModel<typeof resourceRules>;
 export type Domain = InferSelectModel<typeof domains>;
+export type DnsRecord = InferSelectModel<typeof dnsRecords>;
 export type Client = InferSelectModel<typeof clients>;
 export type ClientSite = InferSelectModel<typeof clientSites>;
 export type RoleClient = InferSelectModel<typeof roleClients>;
diff --git a/server/routers/domain/createOrgDomain.ts b/server/routers/domain/createOrgDomain.ts
index b35a3de8..1f1002af 100644
--- a/server/routers/domain/createOrgDomain.ts
+++ b/server/routers/domain/createOrgDomain.ts
@@ -1,6 +1,6 @@
 import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
-import { db, Domain, domains, OrgDomains, orgDomains } from "@server/db";
+import { db, Domain, domains, OrgDomains, orgDomains, dnsRecords } from "@server/db";
 import response from "@server/lib/response";
 import HttpCode from "@server/types/HttpCode";
 import createHttpError from "http-errors";
@@ -276,9 +276,23 @@ export async function createOrgDomain(
                 })
                 .returning();
 
+            // Prepare DNS records to insert
+            const recordsToInsert = [];
+
             // TODO: This needs to be cross region and not hardcoded
             if (type === "ns") {
                 nsRecords = config.getRawConfig().dns.nameservers as string[];
+                
+                // Save NS records to database
+                for (const nsValue of nsRecords) {
+                    recordsToInsert.push({
+                        id: generateId(15),
+                        domainId,
+                        recordType: "NS",
+                        baseDomain: baseDomain,
+                        value: nsValue
+                    });
+                }
             } else if (type === "cname") {
                 cnameRecords = [
                     {
@@ -290,6 +304,17 @@ export async function createOrgDomain(
                         baseDomain: `_acme-challenge.${baseDomain}`
                     }
                 ];
+                
+                // Save CNAME records to database
+                for (const cnameRecord of cnameRecords) {
+                    recordsToInsert.push({
+                        id: generateId(15),
+                        domainId,
+                        recordType: "CNAME",
+                        baseDomain: cnameRecord.baseDomain,
+                        value: cnameRecord.value
+                    });
+                }
             } else if (type === "wildcard") {
                 aRecords = [
                     {
@@ -301,6 +326,22 @@ export async function createOrgDomain(
                         baseDomain: `${baseDomain}`
                     }
                 ];
+                
+                // Save A records to database
+                for (const aRecord of aRecords) {
+                    recordsToInsert.push({
+                        id: generateId(15),
+                        domainId,
+                        recordType: "A",
+                        baseDomain: aRecord.baseDomain,
+                        value: aRecord.value
+                    });
+                }
+            }
+
+            // Insert all DNS records in batch
+            if (recordsToInsert.length > 0) {
+                await trx.insert(dnsRecords).values(recordsToInsert);
             }
 
             numOrgDomains = await trx
diff --git a/server/routers/domain/getDNSRecords.ts b/server/routers/domain/getDNSRecords.ts
new file mode 100644
index 00000000..ee349cdd
--- /dev/null
+++ b/server/routers/domain/getDNSRecords.ts
@@ -0,0 +1,86 @@
+import { Request, Response, NextFunction } from "express";
+import { z } from "zod";
+import { db, dnsRecords } from "@server/db";
+import { eq } from "drizzle-orm";
+import response from "@server/lib/response";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import logger from "@server/logger";
+import { fromError } from "zod-validation-error";
+import { OpenAPITags, registry } from "@server/openApi";
+
+const getDNSRecordsSchema = z
+    .object({
+        domainId: z.string(),
+        orgId: z.string()
+    })
+    .strict();
+
+async function query(domainId: string) {
+    const records = await db
+        .select()
+        .from(dnsRecords)
+        .where(eq(dnsRecords.domainId, domainId));
+    
+    return records;
+}
+
+export type GetDNSRecordsResponse = Awaited<ReturnType<typeof query>>;
+
+registry.registerPath({
+    method: "get",
+    path: "/org/{orgId}/domain/{domainId}/dns-records",
+    description: "Get all DNS records for a domain by domainId.",
+    tags: [OpenAPITags.Domain],
+    request: {
+        params: z.object({
+            domainId: z.string(),
+            orgId: z.string()
+        })
+    },
+    responses: {}
+});
+
+export async function getDNSRecords(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedParams = getDNSRecordsSchema.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error).toString()
+                )
+            );
+        }
+
+        const { domainId } = parsedParams.data;
+
+        const records = await query(domainId);
+
+        if (!records || records.length === 0) {
+            return next(
+                createHttpError(
+                    HttpCode.NOT_FOUND,
+                    "No DNS records found for this domain"
+                )
+            );
+        }
+
+        return response<GetDNSRecordsResponse>(res, {
+            data: records,
+            success: true,
+            error: false,
+            message: "DNS records retrieved successfully",
+            status: HttpCode.OK
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
\ No newline at end of file
diff --git a/server/routers/domain/index.ts b/server/routers/domain/index.ts
index e131e6a4..0bfedb41 100644
--- a/server/routers/domain/index.ts
+++ b/server/routers/domain/index.ts
@@ -2,4 +2,5 @@ export * from "./listDomains";
 export * from "./createOrgDomain";
 export * from "./deleteOrgDomain";
 export * from "./restartOrgDomain";
-export * from "./getDomain";
\ No newline at end of file
+export * from "./getDomain";
+export * from "./getDNSRecords";
\ No newline at end of file
diff --git a/server/routers/external.ts b/server/routers/external.ts
index cadbbad7..c00f1e9f 100644
--- a/server/routers/external.ts
+++ b/server/routers/external.ts
@@ -309,6 +309,13 @@ authenticated.get(
     domain.getDomain
 );
 
+authenticated.get(
+    "/org/:orgId/domain/:domainId/dns-records",
+    verifyOrgAccess,
+    verifyUserHasAction(ActionsEnum.getDNSRecords),
+    domain.getDNSRecords
+);
+
 authenticated.get(
     "/org/:orgId/invitations",
     verifyOrgAccess,

From c29ba9bb5ff04fbe1be24412c307a56e8ecfc187 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Sat, 18 Oct 2025 01:12:02 +0530
Subject: [PATCH 20/69] add DNS Records table

---
 messages/en-US.json                           |   5 +-
 server/routers/domain/createOrgDomain.ts      |   9 +-
 .../settings/domains/[domainId]/layout.tsx    |   2 +-
 src/components/DNSRecordTable.tsx             | 138 ++++++++++++
 src/components/DNSRecordsDataTable.tsx        | 209 ++++++++++++++++++
 src/components/DomainInfoCard.tsx             |  80 ++++++-
 6 files changed, 426 insertions(+), 17 deletions(-)
 create mode 100644 src/components/DNSRecordTable.tsx
 create mode 100644 src/components/DNSRecordsDataTable.tsx

diff --git a/messages/en-US.json b/messages/en-US.json
index b2dbb302..24e86a36 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1900,5 +1900,8 @@
     "unverified": "Unverified",
     "domainSetting": "Domain Settings",
     "domainSettingDescription": "Configure settings for your domain",
-    "preferWildcardCertDescription": "Attempt to generate a wildcard certificate (require a properly configured certificate resolver)."
+    "preferWildcardCertDescription": "Attempt to generate a wildcard certificate (require a properly configured certificate resolver).",
+    "recordName": "Record Name",
+    "auto": "Auto",
+    "TTL": "TTL"
 }
diff --git a/server/routers/domain/createOrgDomain.ts b/server/routers/domain/createOrgDomain.ts
index 1f1002af..d40a0cb8 100644
--- a/server/routers/domain/createOrgDomain.ts
+++ b/server/routers/domain/createOrgDomain.ts
@@ -290,7 +290,8 @@ export async function createOrgDomain(
                         domainId,
                         recordType: "NS",
                         baseDomain: baseDomain,
-                        value: nsValue
+                        value: nsValue,
+                        verified: false
                     });
                 }
             } else if (type === "cname") {
@@ -312,7 +313,8 @@ export async function createOrgDomain(
                         domainId,
                         recordType: "CNAME",
                         baseDomain: cnameRecord.baseDomain,
-                        value: cnameRecord.value
+                        value: cnameRecord.value,
+                        verified: false
                     });
                 }
             } else if (type === "wildcard") {
@@ -334,7 +336,8 @@ export async function createOrgDomain(
                         domainId,
                         recordType: "A",
                         baseDomain: aRecord.baseDomain,
-                        value: aRecord.value
+                        value: aRecord.value,
+                        verified: true
                     });
                 }
             }
diff --git a/src/app/[orgId]/settings/domains/[domainId]/layout.tsx b/src/app/[orgId]/settings/domains/[domainId]/layout.tsx
index 1e1fec7b..319ccdd5 100644
--- a/src/app/[orgId]/settings/domains/[domainId]/layout.tsx
+++ b/src/app/[orgId]/settings/domains/[domainId]/layout.tsx
@@ -42,7 +42,7 @@ export default async function SettingsLayout(props: SettingsLayoutProps) {
 
             <DomainProvider domain={domain}>
                 <div className="space-y-6">
-                    <DomainInfoCard />
+                    <DomainInfoCard orgId={params.orgId} domainId={params.domainId} />
                 </div>
             </DomainProvider>
         </>
diff --git a/src/components/DNSRecordTable.tsx b/src/components/DNSRecordTable.tsx
new file mode 100644
index 00000000..dd9bcad4
--- /dev/null
+++ b/src/components/DNSRecordTable.tsx
@@ -0,0 +1,138 @@
+"use client";
+
+import { ColumnDef } from "@tanstack/react-table";
+import { Button } from "@app/components/ui/button";
+import { useState } from "react";
+import { useTranslations } from "next-intl";
+import { useToast } from "@app/hooks/useToast";
+import { Badge } from "@app/components/ui/badge";
+import CopyToClipboard from "@app/components/CopyToClipboard";
+import { DNSRecordsDataTable } from "./DNSRecordsDataTable";
+
+export type DNSRecordRow = {
+    id: string;
+    domainId: string;
+    recordType: string; // "NS" | "CNAME" | "A" | "TXT"
+    baseDomain: string | null;
+    value: string;
+    verified?: boolean; 
+};
+
+type Props = {
+    records: DNSRecordRow[];
+    domainId: string;
+    isRefreshing?: boolean;
+};
+
+export default function DNSRecordsTable({ records, domainId, isRefreshing }: Props) {
+    const t = useTranslations();
+
+    const columns: ColumnDef<DNSRecordRow>[] = [
+        {
+            accessorKey: "baseDomain",
+            header: ({ column }) => {
+                return (
+                    <Button
+                        variant="ghost"
+                    >
+                        {t("recordName", { fallback: "Record name" })}
+                    </Button>
+                );
+            },
+            cell: ({ row }) => {
+                const baseDomain = row.original.baseDomain;
+                return (
+                    <div className="font-mono text-sm">
+                        {baseDomain || "-"}
+                    </div>
+                );
+            }
+        },
+        {
+            accessorKey: "recordType",
+            header: ({ column }) => {
+                return (
+                    <Button
+                        variant="ghost"
+                    >
+                        {t("type")}
+                    </Button>
+                );
+            },
+            cell: ({ row }) => {
+                const type = row.original.recordType;
+                return (
+                    <div className="">
+                        {type}
+                    </div>
+                );
+            }
+        },
+        {
+            accessorKey: "ttl",
+            header: ({ column }) => {
+                return (
+                    <Button
+                        variant="ghost"
+                    >
+                        {t("TTL")}
+                    </Button>
+                );
+            },
+            cell: ({ row }) => {
+                return (
+                    <div>
+                        {t("auto")}
+                    </div>
+                );
+            }
+        },
+        {
+            accessorKey: "value",
+            header: () => {
+                return <div>{t("value")}</div>;
+            },
+            cell: ({ row }) => {
+                const value = row.original.value;
+                return (
+                    <div className="flex items-center gap-2">
+                        <div className="font-mono text-sm truncate max-w-md">
+                            {value}
+                        </div>
+                    </div>
+                );
+            }
+        },
+        {
+            accessorKey: "verified",
+            header: ({ column }) => {
+                return (
+                    <Button
+                        variant="ghost"
+                    >
+                        {t("status")}
+                    </Button>
+                );
+            },
+            cell: ({ row }) => {
+                const verified = row.original.verified;
+                return (
+                    verified ? (
+                        <Badge variant="green">{t("verified")}</Badge>
+                    ) : (
+                        <Badge variant="secondary">{t("unverified")}</Badge>
+                    )
+                );
+            }
+        }
+    ];
+
+
+    return (
+        <DNSRecordsDataTable
+            columns={columns}
+            data={records}
+            isRefreshing={isRefreshing}
+        />
+    );
+}
\ No newline at end of file
diff --git a/src/components/DNSRecordsDataTable.tsx b/src/components/DNSRecordsDataTable.tsx
new file mode 100644
index 00000000..4e70a1b2
--- /dev/null
+++ b/src/components/DNSRecordsDataTable.tsx
@@ -0,0 +1,209 @@
+"use client";
+
+import {
+    ColumnDef,
+    flexRender,
+    getCoreRowModel,
+    useReactTable,
+    getPaginationRowModel,
+    getSortedRowModel,
+    getFilteredRowModel
+} from "@tanstack/react-table";
+import {
+    Table,
+    TableBody,
+    TableCell,
+    TableHead,
+    TableHeader,
+    TableRow
+} from "@/components/ui/table";
+import { Button } from "@app/components/ui/button";
+import { useMemo, useState } from "react";
+import { Plus, RefreshCw } from "lucide-react";
+import {
+    Card,
+    CardContent,
+    CardHeader,
+    CardTitle
+} from "@app/components/ui/card";
+import { Tabs, TabsList, TabsTrigger } from "@app/components/ui/tabs";
+import { useTranslations } from "next-intl";
+import { Badge } from "./ui/badge";
+
+
+type TabFilter = {
+    id: string;
+    label: string;
+    filterFn: (row: any) => boolean;
+};
+
+type DNSRecordsDataTableProps<TData, TValue> = {
+    columns: ColumnDef<TData, TValue>[];
+    data: TData[];
+    title?: string;
+    addButtonText?: string;
+    onAdd?: () => void;
+    onRefresh?: () => void;
+    isRefreshing?: boolean;
+    searchPlaceholder?: string;
+    searchColumn?: string;
+    defaultSort?: {
+        id: string;
+        desc: boolean;
+    };
+    tabs?: TabFilter[];
+    defaultTab?: string;
+    persistPageSize?: boolean | string;
+    defaultPageSize?: number;
+};
+
+export function DNSRecordsDataTable<TData, TValue>({
+    columns,
+    data,
+    title,
+    addButtonText,
+    onAdd,
+    onRefresh,
+    isRefreshing,
+    defaultSort,
+    tabs,
+    defaultTab,
+
+}: DNSRecordsDataTableProps<TData, TValue>) {
+    const t = useTranslations();
+
+    const [activeTab, setActiveTab] = useState<string>(
+        defaultTab || tabs?.[0]?.id || ""
+    );
+
+    // Apply tab filter to data
+    const filteredData = useMemo(() => {
+        if (!tabs || activeTab === "") {
+            return data;
+        }
+
+        const activeTabFilter = tabs.find((tab) => tab.id === activeTab);
+        if (!activeTabFilter) {
+            return data;
+        }
+
+        return data.filter(activeTabFilter.filterFn);
+    }, [data, tabs, activeTab]);
+
+    const table = useReactTable({
+        data: filteredData,
+        columns,
+        getCoreRowModel: getCoreRowModel(),
+        getPaginationRowModel: getPaginationRowModel(),
+
+        getSortedRowModel: getSortedRowModel(),
+        getFilteredRowModel: getFilteredRowModel(),
+    });
+
+
+
+
+    return (
+        <div className="container mx-auto max-w-12xl">
+            <Card>
+                <CardHeader className="flex flex-col space-y-4 sm:flex-row sm:items-center sm:justify-between sm:space-y-0 pb-4">
+                    <div className="flex flex-row space-y-3 w-full sm:mr-2 gap-2">
+                        <div className="relative w-full sm:max-w-sm flex flex-row gap-10 items-center">
+                            <h1 className="">DNS Records</h1>
+                            <Badge variant="secondary">Required</Badge>
+                        </div>
+                        {tabs && tabs.length > 0 && (
+                            <Tabs
+                                value={activeTab}
+                                className="w-full"
+                            >
+                                <TabsList>
+                                    {tabs.map((tab) => (
+                                        <TabsTrigger
+                                            key={tab.id}
+                                            value={tab.id}
+                                        >
+                                            {tab.label} (
+                                            {data.filter(tab.filterFn).length})
+                                        </TabsTrigger>
+                                    ))}
+                                </TabsList>
+                            </Tabs>
+                        )}
+                    </div>
+                    <div className="flex items-center gap-2 sm:justify-end">
+                        {onRefresh && (
+                            <Button
+                                variant="outline"
+                                onClick={onRefresh}
+                                disabled={isRefreshing}
+                            >
+                                <RefreshCw
+                                    className={`mr-2 h-4 w-4 ${isRefreshing ? "animate-spin" : ""}`}
+                                />
+                                {t("refresh")}
+                            </Button>
+                        )}
+                        {onAdd && addButtonText && (
+                            <Button onClick={onAdd}>
+                                <Plus className="mr-2 h-4 w-4" />
+                                {addButtonText}
+                            </Button>
+                        )}
+                    </div>
+                </CardHeader>
+                <CardContent>
+                    <Table>
+                        <TableHeader>
+                            {table.getHeaderGroups().map((headerGroup) => (
+                                <TableRow key={headerGroup.id}>
+                                    {headerGroup.headers.map((header) => (
+                                        <TableHead key={header.id}>
+                                            {header.isPlaceholder
+                                                ? null
+                                                : flexRender(
+                                                    header.column.columnDef
+                                                        .header,
+                                                    header.getContext()
+                                                )}
+                                        </TableHead>
+                                    ))}
+                                </TableRow>
+                            ))}
+                        </TableHeader>
+                        <TableBody>
+                            {table.getRowModel().rows?.length ? (
+                                table.getRowModel().rows.map((row) => (
+                                    <TableRow
+                                        key={row.id}
+                                        data-state={
+                                            row.getIsSelected() && "selected"
+                                        }
+                                    >
+                                        {row.getVisibleCells().map((cell) => (
+                                            <TableCell key={cell.id}>
+                                                {flexRender(
+                                                    cell.column.columnDef.cell,
+                                                    cell.getContext()
+                                                )}
+                                            </TableCell>
+                                        ))}
+                                    </TableRow>
+                                ))
+                            ) : (
+                                <TableRow>
+                                    <TableCell
+                                        colSpan={columns.length}
+                                        className="h-24 text-center"
+                                    >
+                                        No results found.
+                                    </TableCell>
+                                </TableRow>
+                            )}
+                        </TableBody>
+                    </Table>
+                </CardContent>
+            </Card>
+        </div>
+    );
+}
diff --git a/src/components/DomainInfoCard.tsx b/src/components/DomainInfoCard.tsx
index 8564acfa..f768a5c2 100644
--- a/src/components/DomainInfoCard.tsx
+++ b/src/components/DomainInfoCard.tsx
@@ -1,7 +1,6 @@
 "use client";
 
 import { Alert, AlertDescription, AlertTitle } from "@/components/ui/alert";
-import { InfoIcon } from "lucide-react";
 import {
     InfoSection,
     InfoSectionContent,
@@ -24,15 +23,23 @@ import {
 } from "@app/components/ui/form";
 import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "./ui/select";
 import { Input } from "./ui/input";
-import { CheckboxWithLabel } from "./ui/checkbox";
 import { useForm } from "react-hook-form";
 import z from "zod";
 import { toASCII } from "punycode";
 import { zodResolver } from "@hookform/resolvers/zod";
 import { build } from "@server/build";
 import { Switch } from "./ui/switch";
+import DNSRecordsTable, { DNSRecordRow } from "./DNSrecordTable";
+import { useEffect, useState } from "react";
+import { createApiClient } from "@app/lib/api";
+import { useToast } from "@app/hooks/useToast";
+import { formatAxiosError } from "@app/lib/api";
+import { Badge } from "./ui/badge";
 
-type DomainInfoCardProps = {};
+type DomainInfoCardProps = {
+    orgId?: string;
+    domainId?: string;
+};
 
 // Helper functions for Unicode domain handling
 function toPunycode(domain: string): string {
@@ -88,10 +95,16 @@ const certResolverOptions = [
 ];
 
 
-export default function DomainInfoCard({ }: DomainInfoCardProps) {
+export default function DomainInfoCard({ orgId, domainId }: DomainInfoCardProps) {
     const { domain, updateDomain } = useDomainContext();
     const t = useTranslations();
     const { env } = useEnvContext();
+    const api = createApiClient(useEnvContext());
+    const { toast } = useToast();
+
+    const [dnsRecords, setDnsRecords] = useState<DNSRecordRow[]>([]);
+    const [loadingRecords, setLoadingRecords] = useState(true);
+    const [isRefreshing, setIsRefreshing] = useState(false);
 
     const form = useForm<FormValues>({
         resolver: zodResolver(formSchema),
@@ -103,6 +116,40 @@ export default function DomainInfoCard({ }: DomainInfoCardProps) {
         }
     });
 
+    const fetchDNSRecords = async (showRefreshing = false) => {
+        if (showRefreshing) {
+            setIsRefreshing(true);
+        } else {
+            setLoadingRecords(true);
+        }
+
+        try {
+            const response = await api.get<{ data: DNSRecordRow[] }>(
+                `/org/${orgId}/domain/${domainId}/dns-records`
+            );
+            setDnsRecords(response.data.data);
+        } catch (error) {
+            // Only show error if records exist (not a 404)
+            const err = error as any;
+            if (err?.response?.status !== 404) {
+                toast({
+                    title: t("error"),
+                    description: formatAxiosError(error),
+                    variant: "destructive"
+                });
+            }
+        } finally {
+            setLoadingRecords(false);
+            setIsRefreshing(false);
+        }
+    };
+
+    useEffect(() => {
+        if (domain.domainId) {
+            fetchDNSRecords();
+        }
+    }, [domain.domainId]);
+
 
     return (
         <>
@@ -126,8 +173,9 @@ export default function DomainInfoCard({ }: DomainInfoCardProps) {
                             <InfoSectionContent>
                                 {domain.verified ? (
                                     <div className="text-green-500 flex items-center space-x-2">
-                                        <div className="w-2 h-2 bg-green-500 rounded-full"></div>
-                                        <span>{t("verified")}</span>
+                                        <Badge variant="green">
+                                            {t("verified")}
+                                        </Badge>
                                     </div>
                                 ) : (
                                     <div className="text-neutral-500 flex items-center space-x-2">
@@ -141,12 +189,20 @@ export default function DomainInfoCard({ }: DomainInfoCardProps) {
                 </AlertDescription>
             </Alert>
 
+            {loadingRecords ? (
+                <div className="space-y-4">
+                    loading...
+                </div>
+            ) : (
+                <DNSRecordsTable
+                    domainId={domain.domainId}
+                    records={dnsRecords}
+                    isRefreshing={isRefreshing}
+                />
+            )}
 
-            
-
-
-             {/* Domain Settings */}
-             {/* Add condition later to only show when domain is wildcard */}
+            {/* Domain Settings */}
+            {/* Add condition later to only show when domain is wildcard */}
             <SettingsContainer>
                 <SettingsSection>
                     <SettingsSectionHeader>
@@ -257,4 +313,4 @@ export default function DomainInfoCard({ }: DomainInfoCardProps) {
             </SettingsContainer >
         </>
     );
-}
+}
\ No newline at end of file

From 2c01849f2ed52824f34e206c12617c80e716b02d Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Sat, 18 Oct 2025 01:17:25 +0530
Subject: [PATCH 21/69] fix import

---
 src/components/DomainInfoCard.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/components/DomainInfoCard.tsx b/src/components/DomainInfoCard.tsx
index f768a5c2..0f967f33 100644
--- a/src/components/DomainInfoCard.tsx
+++ b/src/components/DomainInfoCard.tsx
@@ -29,8 +29,8 @@ import { toASCII } from "punycode";
 import { zodResolver } from "@hookform/resolvers/zod";
 import { build } from "@server/build";
 import { Switch } from "./ui/switch";
-import DNSRecordsTable, { DNSRecordRow } from "./DNSrecordTable";
 import { useEffect, useState } from "react";
+import DNSRecordsTable, {DNSRecordRow} from "./DNSRecordTable";
 import { createApiClient } from "@app/lib/api";
 import { useToast } from "@app/hooks/useToast";
 import { formatAxiosError } from "@app/lib/api";

From d37e28215ecc2c7535c379c3b0f5dd538c14acfc Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Sat, 18 Oct 2025 16:15:21 +0530
Subject: [PATCH 22/69] add restart button

---
 .../[domainId]/DomainSettingsLayout.tsx       | 112 ++++++++++++++++++
 .../settings/domains/[domainId]/layout.tsx    |  68 +++++------
 2 files changed, 140 insertions(+), 40 deletions(-)
 create mode 100644 src/app/[orgId]/settings/domains/[domainId]/DomainSettingsLayout.tsx

diff --git a/src/app/[orgId]/settings/domains/[domainId]/DomainSettingsLayout.tsx b/src/app/[orgId]/settings/domains/[domainId]/DomainSettingsLayout.tsx
new file mode 100644
index 00000000..3b822dc0
--- /dev/null
+++ b/src/app/[orgId]/settings/domains/[domainId]/DomainSettingsLayout.tsx
@@ -0,0 +1,112 @@
+"use client";
+
+import { useState } from "react";
+import { createApiClient, formatAxiosError } from "@app/lib/api";
+import { useEnvContext } from "@app/hooks/useEnvContext";
+import { toast } from "@app/hooks/useToast";
+import { useRouter } from "next/navigation";
+import { RefreshCw } from "lucide-react";
+import { Button } from "@app/components/ui/button";
+import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
+import DomainInfoCard from "@app/components/DomainInfoCard";
+import DomainProvider from "@app/providers/DomainProvider";
+import { useTranslations } from "next-intl";
+
+
+interface DomainSettingsLayoutProps {
+  orgId: string;
+  domain: any,
+  children: React.ReactNode;
+}
+
+export default function DomainSettingsLayout({ orgId, domain, children }: DomainSettingsLayoutProps) {
+  const router = useRouter();
+  const api = createApiClient(useEnvContext());
+  const [isRefreshing, setIsRefreshing] = useState(false);
+  const [restartingDomains, setRestartingDomains] = useState<Set<string>>(new Set());
+  const t = useTranslations();
+  const refreshData = async () => {
+    setIsRefreshing(true);
+    try {
+      await new Promise((resolve) => setTimeout(resolve, 200));
+      router.refresh();
+    } catch {
+      toast({
+        title: t("error"),
+        description: t("refreshError"),
+        variant: "destructive",
+      });
+    } finally {
+      setIsRefreshing(false);
+    }
+  };
+
+  const restartDomain = async (domainId: string) => {
+    setRestartingDomains((prev) => new Set(prev).add(domainId));
+    try {
+      await api.post(`/org/${orgId}/domain/${domainId}/restart`);
+      toast({
+        title: t("success"),
+        description: t("domainRestartedDescription", {
+          fallback: "Domain verification restarted successfully",
+        }),
+      });
+      refreshData();
+    } catch (e) {
+      toast({
+        title: t("error"),
+        description: formatAxiosError(e),
+        variant: "destructive",
+      });
+    } finally {
+      setRestartingDomains((prev) => {
+        const newSet = new Set(prev);
+        newSet.delete(domainId);
+        return newSet;
+      });
+    }
+  };
+
+  const isRestarting = restartingDomains.has(domain.domainId);
+
+  return (
+    <>
+      <div className="flex items-center justify-between mb-6">
+        <SettingsSectionTitle
+          title={domain ? domain.baseDomain : t("domainSetting")}
+          description={t("domainSettingDescription")}
+        />
+
+        <Button
+          variant="outline"
+          size="sm"
+          onClick={() => restartDomain(domain.domainId)}
+          disabled={isRestarting}
+        >
+          {isRestarting ? (
+            <>
+              <RefreshCw
+                className={`mr-2 h-4 w-4 ${isRefreshing ? "animate-spin" : ""}`}
+              />
+              {t("restarting", { fallback: "Restarting..." })}
+            </>
+          ) : (
+            <>
+              <RefreshCw
+                className={`mr-2 h-4 w-4 ${isRefreshing ? "animate-spin" : ""}`}
+              />
+              {t("restart", { fallback: "Restart" })}
+            </>
+          )}
+        </Button>
+      </div>
+
+      <DomainProvider domain={domain}>
+        <div className="space-y-6">
+          <DomainInfoCard orgId={orgId} domainId={domain.domainId} />
+        </div>
+        {children}
+      </DomainProvider>
+    </>
+  );
+}
diff --git a/src/app/[orgId]/settings/domains/[domainId]/layout.tsx b/src/app/[orgId]/settings/domains/[domainId]/layout.tsx
index 319ccdd5..c75ceaf4 100644
--- a/src/app/[orgId]/settings/domains/[domainId]/layout.tsx
+++ b/src/app/[orgId]/settings/domains/[domainId]/layout.tsx
@@ -1,50 +1,38 @@
-import { internal } from "@app/lib/api";
-import { AxiosResponse } from "axios";
 import { redirect } from "next/navigation";
 import { authCookieHeader } from "@app/lib/api/cookies";
-import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
-import { getTranslations } from "next-intl/server";
+import { internal } from "@app/lib/api";
 import { GetDomainResponse } from "@server/routers/domain/getDomain";
-import DomainProvider from "@app/providers/DomainProvider";
-import DomainInfoCard from "@app/components/DomainInfoCard";
+import { AxiosResponse } from "axios";
+import { getTranslations } from "next-intl/server";
+import SettingsLayoutClient from "./DomainSettingsLayout";
 
 interface SettingsLayoutProps {
-    children: React.ReactNode;
-    params: Promise<{ domainId: string; orgId: string }>;
+  children: React.ReactNode;
+  params: Promise<{ domainId: string; orgId: string }>;
 }
 
-export default async function SettingsLayout(props: SettingsLayoutProps) {
-    const params = await props.params;
+export default async function SettingsLayout({ children, params }: SettingsLayoutProps) {
+  const { domainId, orgId } = await params;
 
-    const { children } = props;
-
-    let domain = null;
-    try {
-        const res = await internal.get<AxiosResponse<GetDomainResponse>>(
-            `/org/${params.orgId}/domain/${params.domainId}`,
-            await authCookieHeader()
-        );
-        domain = res.data.data;
-        console.log(JSON.stringify(domain));
-    } catch {
-        redirect(`/${params.orgId}/settings/domains`);
-    }
-
-    const t = await getTranslations();
-
-
-    return (
-        <>
-            <SettingsSectionTitle
-                title={domain ? domain.baseDomain : t('domainSetting')}
-                description={t('domainSettingDescription')}
-            />
-
-            <DomainProvider domain={domain}>
-                <div className="space-y-6">
-                    <DomainInfoCard orgId={params.orgId} domainId={params.domainId} />
-                </div>
-            </DomainProvider>
-        </>
+  let domain = null;
+  try {
+    const res = await internal.get<AxiosResponse<GetDomainResponse>>(
+      `/org/${orgId}/domain/${domainId}`,
+      await authCookieHeader()
     );
+    domain = res.data.data;
+  } catch {
+    redirect(`/${orgId}/settings/domains`);
+  }
+
+  const t = await getTranslations();
+
+  return (
+    <SettingsLayoutClient
+      orgId={orgId}
+      domain={domain}
+    >
+      {children}
+    </SettingsLayoutClient>
+  );
 }

From 51af293d66a17458e0812b1d3ed826be7ec3fa1a Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Sat, 18 Oct 2025 17:53:50 +0530
Subject: [PATCH 23/69] add doc link button and fix continuous polling

---
 messages/en-US.json                           |  3 +-
 .../settings/domains/[domainId]/page.tsx      |  9 ++--
 src/components/DNSRecordTable.tsx             | 30 +++++------
 src/components/DNSRecordsDataTable.tsx        | 53 ++++---------------
 src/components/DomainInfoCard.tsx             |  2 +-
 5 files changed, 29 insertions(+), 68 deletions(-)

diff --git a/messages/en-US.json b/messages/en-US.json
index 24e86a36..4d382869 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1903,5 +1903,6 @@
     "preferWildcardCertDescription": "Attempt to generate a wildcard certificate (require a properly configured certificate resolver).",
     "recordName": "Record Name",
     "auto": "Auto",
-    "TTL": "TTL"
+    "TTL": "TTL",
+    "howToAddRecords": "How to Add Records"
 }
diff --git a/src/app/[orgId]/settings/domains/[domainId]/page.tsx b/src/app/[orgId]/settings/domains/[domainId]/page.tsx
index e8187b95..791ba96d 100644
--- a/src/app/[orgId]/settings/domains/[domainId]/page.tsx
+++ b/src/app/[orgId]/settings/domains/[domainId]/page.tsx
@@ -1,8 +1,5 @@
-import { redirect } from "next/navigation";
 
-export default async function DomainPage(props: {
-    params: Promise<{ orgId: string; domainId: string }>;
-}) {
-    const params = await props.params;
-    redirect(`/${params.orgId}/settings/domains/${params.domainId}`);
+
+export default function DomainPage({ children }: { children: React.ReactNode }) {
+  return <>{children}</>;
 }
\ No newline at end of file
diff --git a/src/components/DNSRecordTable.tsx b/src/components/DNSRecordTable.tsx
index dd9bcad4..e0760977 100644
--- a/src/components/DNSRecordTable.tsx
+++ b/src/components/DNSRecordTable.tsx
@@ -15,7 +15,7 @@ export type DNSRecordRow = {
     recordType: string; // "NS" | "CNAME" | "A" | "TXT"
     baseDomain: string | null;
     value: string;
-    verified?: boolean; 
+    verified?: boolean;
 };
 
 type Props = {
@@ -32,17 +32,16 @@ export default function DNSRecordsTable({ records, domainId, isRefreshing }: Pro
             accessorKey: "baseDomain",
             header: ({ column }) => {
                 return (
-                    <Button
-                        variant="ghost"
+                    <div
                     >
                         {t("recordName", { fallback: "Record name" })}
-                    </Button>
+                    </div>
                 );
             },
             cell: ({ row }) => {
                 const baseDomain = row.original.baseDomain;
                 return (
-                    <div className="font-mono text-sm">
+                    <div>
                         {baseDomain || "-"}
                     </div>
                 );
@@ -52,11 +51,10 @@ export default function DNSRecordsTable({ records, domainId, isRefreshing }: Pro
             accessorKey: "recordType",
             header: ({ column }) => {
                 return (
-                    <Button
-                        variant="ghost"
+                    <div
                     >
                         {t("type")}
-                    </Button>
+                    </div>
                 );
             },
             cell: ({ row }) => {
@@ -72,11 +70,10 @@ export default function DNSRecordsTable({ records, domainId, isRefreshing }: Pro
             accessorKey: "ttl",
             header: ({ column }) => {
                 return (
-                    <Button
-                        variant="ghost"
+                    <div
                     >
                         {t("TTL")}
-                    </Button>
+                    </div>
                 );
             },
             cell: ({ row }) => {
@@ -95,10 +92,8 @@ export default function DNSRecordsTable({ records, domainId, isRefreshing }: Pro
             cell: ({ row }) => {
                 const value = row.original.value;
                 return (
-                    <div className="flex items-center gap-2">
-                        <div className="font-mono text-sm truncate max-w-md">
-                            {value}
-                        </div>
+                    <div>
+                        {value}
                     </div>
                 );
             }
@@ -107,11 +102,10 @@ export default function DNSRecordsTable({ records, domainId, isRefreshing }: Pro
             accessorKey: "verified",
             header: ({ column }) => {
                 return (
-                    <Button
-                        variant="ghost"
+                    <div
                     >
                         {t("status")}
-                    </Button>
+                    </div>
                 );
             },
             cell: ({ row }) => {
diff --git a/src/components/DNSRecordsDataTable.tsx b/src/components/DNSRecordsDataTable.tsx
index 4e70a1b2..422cf318 100644
--- a/src/components/DNSRecordsDataTable.tsx
+++ b/src/components/DNSRecordsDataTable.tsx
@@ -19,7 +19,7 @@ import {
 } from "@/components/ui/table";
 import { Button } from "@app/components/ui/button";
 import { useMemo, useState } from "react";
-import { Plus, RefreshCw } from "lucide-react";
+import { ExternalLink, Plus, RefreshCw } from "lucide-react";
 import {
     Card,
     CardContent,
@@ -107,56 +107,25 @@ export function DNSRecordsDataTable<TData, TValue>({
         <div className="container mx-auto max-w-12xl">
             <Card>
                 <CardHeader className="flex flex-col space-y-4 sm:flex-row sm:items-center sm:justify-between sm:space-y-0 pb-4">
-                    <div className="flex flex-row space-y-3 w-full sm:mr-2 gap-2">
+                    <div className="flex flex-row space-y-3 w-full sm:mr-2 gap-2 justify-between">
                         <div className="relative w-full sm:max-w-sm flex flex-row gap-10 items-center">
-                            <h1 className="">DNS Records</h1>
+                            <h1 className="font-bold">DNS Records</h1>
                             <Badge variant="secondary">Required</Badge>
                         </div>
-                        {tabs && tabs.length > 0 && (
-                            <Tabs
-                                value={activeTab}
-                                className="w-full"
-                            >
-                                <TabsList>
-                                    {tabs.map((tab) => (
-                                        <TabsTrigger
-                                            key={tab.id}
-                                            value={tab.id}
-                                        >
-                                            {tab.label} (
-                                            {data.filter(tab.filterFn).length})
-                                        </TabsTrigger>
-                                    ))}
-                                </TabsList>
-                            </Tabs>
-                        )}
-                    </div>
-                    <div className="flex items-center gap-2 sm:justify-end">
-                        {onRefresh && (
-                            <Button
-                                variant="outline"
-                                onClick={onRefresh}
-                                disabled={isRefreshing}
-                            >
-                                <RefreshCw
-                                    className={`mr-2 h-4 w-4 ${isRefreshing ? "animate-spin" : ""}`}
-                                />
-                                {t("refresh")}
-                            </Button>
-                        )}
-                        {onAdd && addButtonText && (
-                            <Button onClick={onAdd}>
-                                <Plus className="mr-2 h-4 w-4" />
-                                {addButtonText}
-                            </Button>
-                        )}
+                        <Button
+                            variant="outline"
+                            size="sm"
+                        >
+                            <ExternalLink className="h-4 w-4 mr-1"/>
+                            {t("howToAddRecords")}
+                        </Button>
                     </div>
                 </CardHeader>
                 <CardContent>
                     <Table>
                         <TableHeader>
                             {table.getHeaderGroups().map((headerGroup) => (
-                                <TableRow key={headerGroup.id}>
+                                <TableRow key={headerGroup.id} className="bg-[#E8E8E8] dark:bg-transparent">
                                     {headerGroup.headers.map((header) => (
                                         <TableHead key={header.id}>
                                             {header.isPlaceholder
diff --git a/src/components/DomainInfoCard.tsx b/src/components/DomainInfoCard.tsx
index 0f967f33..df63e1df 100644
--- a/src/components/DomainInfoCard.tsx
+++ b/src/components/DomainInfoCard.tsx
@@ -155,7 +155,7 @@ export default function DomainInfoCard({ orgId, domainId }: DomainInfoCardProps)
         <>
             <Alert>
                 <AlertDescription>
-                    <InfoSections cols={env.flags.enableClients ? 3 : 2}>
+                    <InfoSections cols={2}>
                         <InfoSection>
                             <InfoSectionTitle>
                                 {t("type")}

From 7370448be99d85ab66664dd6ff5b06155c3de17a Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Sun, 19 Oct 2025 23:13:27 +0530
Subject: [PATCH 24/69] pg schema

---
 server/db/pg/schema/schema.ts | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/server/db/pg/schema/schema.ts b/server/db/pg/schema/schema.ts
index ae5205bb..0b1192f7 100644
--- a/server/db/pg/schema/schema.ts
+++ b/server/db/pg/schema/schema.ts
@@ -24,6 +24,17 @@ export const domains = pgTable("domains", {
     preferWildcardCert: boolean("preferWildcardCert")
 });
 
+
+export const dnsRecords = pgTable("dnsRecords", {
+    id: varchar("id").primaryKey(),
+    domainId: varchar("domainId")
+        .notNull()
+        .references(() => domains.domainId, { onDelete: "cascade" }),
+    recordType: varchar("recordType").notNull(), // "NS" | "CNAME" | "A" | "TXT"
+    baseDomain: varchar("baseDomain"),
+    value: varchar("value").notNull(),
+});
+
 export const orgs = pgTable("orgs", {
     orgId: varchar("orgId").primaryKey(),
     name: varchar("name").notNull(),

From edf64ae7b5090d1e4704d0c5396c55ff5ca667c6 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Sun, 19 Oct 2025 23:23:55 +0530
Subject: [PATCH 25/69] fix invalid "default"

---
 src/app/[orgId]/settings/domains/[domainId]/layout.tsx | 4 ++--
 src/app/[orgId]/settings/domains/[domainId]/page.tsx   | 8 +++-----
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/src/app/[orgId]/settings/domains/[domainId]/layout.tsx b/src/app/[orgId]/settings/domains/[domainId]/layout.tsx
index c75ceaf4..7c2c3ca5 100644
--- a/src/app/[orgId]/settings/domains/[domainId]/layout.tsx
+++ b/src/app/[orgId]/settings/domains/[domainId]/layout.tsx
@@ -8,11 +8,11 @@ import SettingsLayoutClient from "./DomainSettingsLayout";
 
 interface SettingsLayoutProps {
   children: React.ReactNode;
-  params: Promise<{ domainId: string; orgId: string }>;
+  params: { domainId: string; orgId: string };
 }
 
 export default async function SettingsLayout({ children, params }: SettingsLayoutProps) {
-  const { domainId, orgId } = await params;
+  const { domainId, orgId } = params;
 
   let domain = null;
   try {
diff --git a/src/app/[orgId]/settings/domains/[domainId]/page.tsx b/src/app/[orgId]/settings/domains/[domainId]/page.tsx
index 791ba96d..02efa517 100644
--- a/src/app/[orgId]/settings/domains/[domainId]/page.tsx
+++ b/src/app/[orgId]/settings/domains/[domainId]/page.tsx
@@ -1,5 +1,3 @@
-
-
-export default function DomainPage({ children }: { children: React.ReactNode }) {
-  return <>{children}</>;
-}
\ No newline at end of file
+export default function DomainPage() {
+  return null;
+}

From 2b05bc1f5f228382c4c9fec74d19f81f71697a20 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Mon, 20 Oct 2025 01:39:39 +0530
Subject: [PATCH 26/69] ui and layout fix

---
 messages/en-US.json                           |   4 +-
 server/db/pg/schema/schema.ts                 |   1 +
 server/db/sqlite/schema/schema.ts             |   1 +
 .../[domainId]/DomainSettingsLayout.tsx       | 112 ------------------
 .../settings/domains/[domainId]/layout.tsx    |  20 ++--
 .../settings/domains/[domainId]/page.tsx      | 108 ++++++++++++++++-
 src/components/DNSRecordTable.tsx             |   8 +-
 src/components/DNSRecordsDataTable.tsx        |   8 +-
 src/components/DomainInfoCard.tsx             |  33 ++++--
 src/contexts/domainContext.ts                 |  12 +-
 src/providers/DomainProvider.tsx              |   6 +-
 11 files changed, 159 insertions(+), 154 deletions(-)
 delete mode 100644 src/app/[orgId]/settings/domains/[domainId]/DomainSettingsLayout.tsx

diff --git a/messages/en-US.json b/messages/en-US.json
index 4d382869..d53765cf 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1904,5 +1904,7 @@
     "recordName": "Record Name",
     "auto": "Auto",
     "TTL": "TTL",
-    "howToAddRecords": "How to Add Records"
+    "howToAddRecords": "How to Add Records",
+    "dnsRecord": "DNS Records",
+    "required": "Required"
 }
diff --git a/server/db/pg/schema/schema.ts b/server/db/pg/schema/schema.ts
index 0b1192f7..36130d36 100644
--- a/server/db/pg/schema/schema.ts
+++ b/server/db/pg/schema/schema.ts
@@ -33,6 +33,7 @@ export const dnsRecords = pgTable("dnsRecords", {
     recordType: varchar("recordType").notNull(), // "NS" | "CNAME" | "A" | "TXT"
     baseDomain: varchar("baseDomain"),
     value: varchar("value").notNull(),
+    verified: boolean("verified").notNull().default(false),
 });
 
 export const orgs = pgTable("orgs", {
diff --git a/server/db/sqlite/schema/schema.ts b/server/db/sqlite/schema/schema.ts
index bc1ce81b..d3390c21 100644
--- a/server/db/sqlite/schema/schema.ts
+++ b/server/db/sqlite/schema/schema.ts
@@ -25,6 +25,7 @@ export const dnsRecords = sqliteTable("dnsRecords", {
     recordType: text("recordType").notNull(), // "NS" | "CNAME" | "A" | "TXT"
     baseDomain: text("baseDomain"),
     value: text("value").notNull(), 
+    verified: integer("verified", { mode: "boolean" }).notNull().default(false),
 });
 
 
diff --git a/src/app/[orgId]/settings/domains/[domainId]/DomainSettingsLayout.tsx b/src/app/[orgId]/settings/domains/[domainId]/DomainSettingsLayout.tsx
deleted file mode 100644
index 3b822dc0..00000000
--- a/src/app/[orgId]/settings/domains/[domainId]/DomainSettingsLayout.tsx
+++ /dev/null
@@ -1,112 +0,0 @@
-"use client";
-
-import { useState } from "react";
-import { createApiClient, formatAxiosError } from "@app/lib/api";
-import { useEnvContext } from "@app/hooks/useEnvContext";
-import { toast } from "@app/hooks/useToast";
-import { useRouter } from "next/navigation";
-import { RefreshCw } from "lucide-react";
-import { Button } from "@app/components/ui/button";
-import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
-import DomainInfoCard from "@app/components/DomainInfoCard";
-import DomainProvider from "@app/providers/DomainProvider";
-import { useTranslations } from "next-intl";
-
-
-interface DomainSettingsLayoutProps {
-  orgId: string;
-  domain: any,
-  children: React.ReactNode;
-}
-
-export default function DomainSettingsLayout({ orgId, domain, children }: DomainSettingsLayoutProps) {
-  const router = useRouter();
-  const api = createApiClient(useEnvContext());
-  const [isRefreshing, setIsRefreshing] = useState(false);
-  const [restartingDomains, setRestartingDomains] = useState<Set<string>>(new Set());
-  const t = useTranslations();
-  const refreshData = async () => {
-    setIsRefreshing(true);
-    try {
-      await new Promise((resolve) => setTimeout(resolve, 200));
-      router.refresh();
-    } catch {
-      toast({
-        title: t("error"),
-        description: t("refreshError"),
-        variant: "destructive",
-      });
-    } finally {
-      setIsRefreshing(false);
-    }
-  };
-
-  const restartDomain = async (domainId: string) => {
-    setRestartingDomains((prev) => new Set(prev).add(domainId));
-    try {
-      await api.post(`/org/${orgId}/domain/${domainId}/restart`);
-      toast({
-        title: t("success"),
-        description: t("domainRestartedDescription", {
-          fallback: "Domain verification restarted successfully",
-        }),
-      });
-      refreshData();
-    } catch (e) {
-      toast({
-        title: t("error"),
-        description: formatAxiosError(e),
-        variant: "destructive",
-      });
-    } finally {
-      setRestartingDomains((prev) => {
-        const newSet = new Set(prev);
-        newSet.delete(domainId);
-        return newSet;
-      });
-    }
-  };
-
-  const isRestarting = restartingDomains.has(domain.domainId);
-
-  return (
-    <>
-      <div className="flex items-center justify-between mb-6">
-        <SettingsSectionTitle
-          title={domain ? domain.baseDomain : t("domainSetting")}
-          description={t("domainSettingDescription")}
-        />
-
-        <Button
-          variant="outline"
-          size="sm"
-          onClick={() => restartDomain(domain.domainId)}
-          disabled={isRestarting}
-        >
-          {isRestarting ? (
-            <>
-              <RefreshCw
-                className={`mr-2 h-4 w-4 ${isRefreshing ? "animate-spin" : ""}`}
-              />
-              {t("restarting", { fallback: "Restarting..." })}
-            </>
-          ) : (
-            <>
-              <RefreshCw
-                className={`mr-2 h-4 w-4 ${isRefreshing ? "animate-spin" : ""}`}
-              />
-              {t("restart", { fallback: "Restart" })}
-            </>
-          )}
-        </Button>
-      </div>
-
-      <DomainProvider domain={domain}>
-        <div className="space-y-6">
-          <DomainInfoCard orgId={orgId} domainId={domain.domainId} />
-        </div>
-        {children}
-      </DomainProvider>
-    </>
-  );
-}
diff --git a/src/app/[orgId]/settings/domains/[domainId]/layout.tsx b/src/app/[orgId]/settings/domains/[domainId]/layout.tsx
index 7c2c3ca5..d33d666a 100644
--- a/src/app/[orgId]/settings/domains/[domainId]/layout.tsx
+++ b/src/app/[orgId]/settings/domains/[domainId]/layout.tsx
@@ -3,18 +3,17 @@ import { authCookieHeader } from "@app/lib/api/cookies";
 import { internal } from "@app/lib/api";
 import { GetDomainResponse } from "@server/routers/domain/getDomain";
 import { AxiosResponse } from "axios";
-import { getTranslations } from "next-intl/server";
-import SettingsLayoutClient from "./DomainSettingsLayout";
+import DomainProvider from "@app/providers/DomainProvider";
 
 interface SettingsLayoutProps {
   children: React.ReactNode;
-  params: { domainId: string; orgId: string };
+  params: Promise<{ domainId: string; orgId: string }>;
 }
 
 export default async function SettingsLayout({ children, params }: SettingsLayoutProps) {
-  const { domainId, orgId } = params;
-
+  const { domainId, orgId } = await params;
   let domain = null;
+
   try {
     const res = await internal.get<AxiosResponse<GetDomainResponse>>(
       `/org/${orgId}/domain/${domainId}`,
@@ -25,14 +24,9 @@ export default async function SettingsLayout({ children, params }: SettingsLayou
     redirect(`/${orgId}/settings/domains`);
   }
 
-  const t = await getTranslations();
-
   return (
-    <SettingsLayoutClient
-      orgId={orgId}
-      domain={domain}
-    >
+    <DomainProvider domain={domain} orgId={orgId}>
       {children}
-    </SettingsLayoutClient>
+    </DomainProvider>
   );
-}
+}
\ No newline at end of file
diff --git a/src/app/[orgId]/settings/domains/[domainId]/page.tsx b/src/app/[orgId]/settings/domains/[domainId]/page.tsx
index 02efa517..3051def0 100644
--- a/src/app/[orgId]/settings/domains/[domainId]/page.tsx
+++ b/src/app/[orgId]/settings/domains/[domainId]/page.tsx
@@ -1,3 +1,105 @@
-export default function DomainPage() {
-  return null;
-}
+"use client";
+import { useState } from "react";
+import { createApiClient, formatAxiosError } from "@app/lib/api";
+import { useEnvContext } from "@app/hooks/useEnvContext";
+import { toast } from "@app/hooks/useToast";
+import { useRouter } from "next/navigation";
+import { RefreshCw } from "lucide-react";
+import { Button } from "@app/components/ui/button";
+import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
+import DomainInfoCard from "@app/components/DomainInfoCard";
+import { useDomain } from "@app/contexts/domainContext";
+import { useTranslations } from "next-intl";
+
+export default function DomainSettingsPage() {
+  const { domain, orgId } = useDomain();
+  const router = useRouter();
+  const api = createApiClient(useEnvContext());
+  const [isRefreshing, setIsRefreshing] = useState(false);
+  const [restartingDomains, setRestartingDomains] = useState<Set<string>>(new Set());
+  const t = useTranslations();
+
+  const refreshData = async () => {
+    setIsRefreshing(true);
+    try {
+      await new Promise((resolve) => setTimeout(resolve, 200));
+      router.refresh();
+    } catch {
+      toast({
+        title: t("error"),
+        description: t("refreshError"),
+        variant: "destructive",
+      });
+    } finally {
+      setIsRefreshing(false);
+    }
+  };
+
+  const restartDomain = async (domainId: string) => {
+    setRestartingDomains((prev) => new Set(prev).add(domainId));
+    try {
+      await api.post(`/org/${orgId}/domain/${domainId}/restart`);
+      toast({
+        title: t("success"),
+        description: t("domainRestartedDescription", {
+          fallback: "Domain verification restarted successfully",
+        }),
+      });
+      refreshData();
+    } catch (e) {
+      toast({
+        title: t("error"),
+        description: formatAxiosError(e),
+        variant: "destructive",
+      });
+    } finally {
+      setRestartingDomains((prev) => {
+        const newSet = new Set(prev);
+        newSet.delete(domainId);
+        return newSet;
+      });
+    }
+  };
+
+  if (!domain) {
+    return null;
+  }
+
+  const isRestarting = restartingDomains.has(domain.domainId);
+
+  return (
+    <>
+      <div className="flex justify-between">
+        <SettingsSectionTitle
+          title={domain.baseDomain}
+          description={t("domainSettingDescription")}
+        />
+        <Button
+          variant="outline"
+          size="sm"
+          onClick={() => restartDomain(domain.domainId)}
+          disabled={isRestarting}
+        >
+          {isRestarting ? (
+            <>
+              <RefreshCw
+                className={`mr-2 h-4 w-4 ${isRefreshing ? "animate-spin" : ""}`}
+              />
+              {t("restarting", { fallback: "Restarting..." })}
+            </>
+          ) : (
+            <>
+              <RefreshCw
+                className={`mr-2 h-4 w-4 ${isRefreshing ? "animate-spin" : ""}`}
+              />
+              {t("restart", { fallback: "Restart" })}
+            </>
+          )}
+        </Button>
+      </div>
+      <div className="space-y-6">
+        <DomainInfoCard orgId={orgId} domainId={domain.domainId} />
+      </div>
+    </>
+  );
+}
\ No newline at end of file
diff --git a/src/components/DNSRecordTable.tsx b/src/components/DNSRecordTable.tsx
index e0760977..393f5c24 100644
--- a/src/components/DNSRecordTable.tsx
+++ b/src/components/DNSRecordTable.tsx
@@ -1,12 +1,8 @@
 "use client";
 
 import { ColumnDef } from "@tanstack/react-table";
-import { Button } from "@app/components/ui/button";
-import { useState } from "react";
 import { useTranslations } from "next-intl";
-import { useToast } from "@app/hooks/useToast";
 import { Badge } from "@app/components/ui/badge";
-import CopyToClipboard from "@app/components/CopyToClipboard";
 import { DNSRecordsDataTable } from "./DNSRecordsDataTable";
 
 export type DNSRecordRow = {
@@ -114,7 +110,9 @@ export default function DNSRecordsTable({ records, domainId, isRefreshing }: Pro
                     verified ? (
                         <Badge variant="green">{t("verified")}</Badge>
                     ) : (
-                        <Badge variant="secondary">{t("unverified")}</Badge>
+                        <Badge variant="destructive">
+                            {t("failed", { fallback: "Failed" })}
+                        </Badge>
                     )
                 );
             }
diff --git a/src/components/DNSRecordsDataTable.tsx b/src/components/DNSRecordsDataTable.tsx
index 422cf318..b29c67f8 100644
--- a/src/components/DNSRecordsDataTable.tsx
+++ b/src/components/DNSRecordsDataTable.tsx
@@ -108,9 +108,9 @@ export function DNSRecordsDataTable<TData, TValue>({
             <Card>
                 <CardHeader className="flex flex-col space-y-4 sm:flex-row sm:items-center sm:justify-between sm:space-y-0 pb-4">
                     <div className="flex flex-row space-y-3 w-full sm:mr-2 gap-2 justify-between">
-                        <div className="relative w-full sm:max-w-sm flex flex-row gap-10 items-center">
-                            <h1 className="font-bold">DNS Records</h1>
-                            <Badge variant="secondary">Required</Badge>
+                        <div className="relative w-full sm:max-w-sm flex flex-row gap-4 items-center">
+                            <h1 className="font-bold">{t("dnsRecord")}</h1>
+                            <Badge variant="secondary">{t("required")}</Badge>
                         </div>
                         <Button
                             variant="outline"
@@ -125,7 +125,7 @@ export function DNSRecordsDataTable<TData, TValue>({
                     <Table>
                         <TableHeader>
                             {table.getHeaderGroups().map((headerGroup) => (
-                                <TableRow key={headerGroup.id} className="bg-[#E8E8E8] dark:bg-transparent">
+                                <TableRow key={headerGroup.id} className="bg-secondary">
                                     {headerGroup.headers.map((header) => (
                                         <TableHead key={header.id}>
                                             {header.isPlaceholder
diff --git a/src/components/DomainInfoCard.tsx b/src/components/DomainInfoCard.tsx
index df63e1df..a53a2420 100644
--- a/src/components/DomainInfoCard.tsx
+++ b/src/components/DomainInfoCard.tsx
@@ -30,7 +30,7 @@ import { zodResolver } from "@hookform/resolvers/zod";
 import { build } from "@server/build";
 import { Switch } from "./ui/switch";
 import { useEffect, useState } from "react";
-import DNSRecordsTable, {DNSRecordRow} from "./DNSRecordTable";
+import DNSRecordsTable, { DNSRecordRow } from "./DNSRecordTable";
 import { createApiClient } from "@app/lib/api";
 import { useToast } from "@app/hooks/useToast";
 import { formatAxiosError } from "@app/lib/api";
@@ -150,19 +150,33 @@ export default function DomainInfoCard({ orgId, domainId }: DomainInfoCardProps)
         }
     }, [domain.domainId]);
 
+    const getTypeDisplay = (type: string) => {
+        switch (type) {
+            case "ns":
+                return t("selectDomainTypeNsName");
+            case "cname":
+                return t("selectDomainTypeCnameName");
+            case "wildcard":
+                return t("selectDomainTypeWildcardName");
+            default:
+                return type;
+        }
+    };
+
+
 
     return (
         <>
             <Alert>
                 <AlertDescription>
-                    <InfoSections cols={2}>
+                    <InfoSections cols={3}>
                         <InfoSection>
                             <InfoSectionTitle>
                                 {t("type")}
                             </InfoSectionTitle>
                             <InfoSectionContent>
                                 <span>
-                                    {domain.type}
+                                    {getTypeDisplay(domain.type ? domain.type : "")}
                                 </span>
                             </InfoSectionContent>
                         </InfoSection>
@@ -172,16 +186,11 @@ export default function DomainInfoCard({ orgId, domainId }: DomainInfoCardProps)
                             </InfoSectionTitle>
                             <InfoSectionContent>
                                 {domain.verified ? (
-                                    <div className="text-green-500 flex items-center space-x-2">
-                                        <Badge variant="green">
-                                            {t("verified")}
-                                        </Badge>
-                                    </div>
+                                    <Badge variant="green">{t("verified")}</Badge>
                                 ) : (
-                                    <div className="text-neutral-500 flex items-center space-x-2">
-                                        <div className="w-2 h-2 bg-gray-500 rounded-full"></div>
-                                        <span>{t("unverified")}</span>
-                                    </div>
+                                    <Badge variant="destructive">
+                                        {t("failed", { fallback: "Failed" })}
+                                    </Badge>
                                 )}
                             </InfoSectionContent>
                         </InfoSection>
diff --git a/src/contexts/domainContext.ts b/src/contexts/domainContext.ts
index d60c4ca4..e38ddefb 100644
--- a/src/contexts/domainContext.ts
+++ b/src/contexts/domainContext.ts
@@ -1,11 +1,19 @@
 import { GetDomainResponse } from "@server/routers/domain/getDomain";
-import { createContext } from "react";
-
+import { createContext, useContext } from "react";
 interface DomainContextType {
     domain: GetDomainResponse;
     updateDomain: (updatedDomain: Partial<GetDomainResponse>) => void;
+    orgId: string;
 }
 
 const DomainContext = createContext<DomainContextType | undefined>(undefined);
 
+export function useDomain() {
+    const context = useContext(DomainContext);
+    if (!context) {
+        throw new Error("useDomain must be used within DomainProvider");
+    }
+    return context;
+}
+
 export default DomainContext;
\ No newline at end of file
diff --git a/src/providers/DomainProvider.tsx b/src/providers/DomainProvider.tsx
index 9b014449..845b369f 100644
--- a/src/providers/DomainProvider.tsx
+++ b/src/providers/DomainProvider.tsx
@@ -8,11 +8,13 @@ import DomainContext from "@app/contexts/domainContext";
 interface DomainProviderProps {
     children: React.ReactNode;
     domain: GetDomainResponse;
+    orgId: string;
 }
 
 export function DomainProvider({
     children,
-    domain: serverDomain
+    domain: serverDomain,
+    orgId
 }: DomainProviderProps) {
     const [domain, setDomain] = useState<GetDomainResponse>(serverDomain);
 
@@ -34,7 +36,7 @@ export function DomainProvider({
     };
 
     return (
-        <DomainContext.Provider value={{ domain, updateDomain }}>
+        <DomainContext.Provider value={{ domain, updateDomain, orgId }}>
             {children}
         </DomainContext.Provider>
     );

From 07f5e8f21590922706975e2096a3ffb17281a2ac Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Mon, 20 Oct 2025 17:29:23 +0530
Subject: [PATCH 27/69] add update domain Settings for wildcard

---
 messages/en-US.json                    |   5 +-
 server/auth/actions.ts                 |   1 +
 server/routers/domain/index.ts         |   3 +-
 server/routers/domain/updateDomain.ts  | 161 ++++++++++++++
 server/routers/external.ts             |   7 +
 src/components/DNSRecordsDataTable.tsx |   4 +-
 src/components/DomainInfoCard.tsx      | 291 +++++++++++++++----------
 7 files changed, 352 insertions(+), 120 deletions(-)
 create mode 100644 server/routers/domain/updateDomain.ts

diff --git a/messages/en-US.json b/messages/en-US.json
index d53765cf..c4990aae 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1906,5 +1906,8 @@
     "TTL": "TTL",
     "howToAddRecords": "How to Add Records",
     "dnsRecord": "DNS Records",
-    "required": "Required"
+    "required": "Required",
+    "domainSettingsUpdated": "Domain settings updated successfully",
+    "orgOrDomainIdMissing": "Organization or Domain ID is missing",
+    "loadingDNSRecords": "Loading DNS records..."
 }
diff --git a/server/auth/actions.ts b/server/auth/actions.ts
index 4c442d2c..83582885 100644
--- a/server/auth/actions.ts
+++ b/server/auth/actions.ts
@@ -82,6 +82,7 @@ export enum ActionsEnum {
     getClient = "getClient",
     listOrgDomains = "listOrgDomains",
     getDomain = "getDomain",
+    updateOrgDomain = "updateOrgDomain",
     getDNSRecords = "getDNSRecords",
     createNewt = "createNewt",
     createIdp = "createIdp",
diff --git a/server/routers/domain/index.ts b/server/routers/domain/index.ts
index 0bfedb41..e7e0b555 100644
--- a/server/routers/domain/index.ts
+++ b/server/routers/domain/index.ts
@@ -3,4 +3,5 @@ export * from "./createOrgDomain";
 export * from "./deleteOrgDomain";
 export * from "./restartOrgDomain";
 export * from "./getDomain";
-export * from "./getDNSRecords";
\ No newline at end of file
+export * from "./getDNSRecords";
+export * from "./updateDomain";
\ No newline at end of file
diff --git a/server/routers/domain/updateDomain.ts b/server/routers/domain/updateDomain.ts
new file mode 100644
index 00000000..c684466e
--- /dev/null
+++ b/server/routers/domain/updateDomain.ts
@@ -0,0 +1,161 @@
+import { Request, Response, NextFunction } from "express";
+import { z } from "zod";
+import { db, domains, orgDomains } from "@server/db";
+import response from "@server/lib/response";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import logger from "@server/logger";
+import { fromError } from "zod-validation-error";
+import { eq, and } from "drizzle-orm";
+import { OpenAPITags, registry } from "@server/openApi";
+
+const paramsSchema = z
+    .object({
+        orgId: z.string(),
+        domainId: z.string()
+    })
+    .strict();
+
+const bodySchema = z
+    .object({
+        certResolver: z.string().optional().nullable(),
+        preferWildcardCert: z.boolean().optional().nullable()
+    })
+    .strict();
+
+export type UpdateDomainResponse = {
+    domainId: string;
+    certResolver: string | null;
+    preferWildcardCert: boolean | null;
+};
+
+
+registry.registerPath({
+    method: "patch",
+    path: "/org/{orgId}/domain/{domainId}",
+    description: "Update a domain by domainId.",
+    tags: [OpenAPITags.Domain],
+    request: {
+        params: z.object({
+            domainId: z.string(),
+            orgId: z.string()
+        })
+    },
+    responses: {}
+});
+
+export async function updateOrgDomain(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedParams = paramsSchema.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error).toString()
+                )
+            );
+        }
+
+        const parsedBody = bodySchema.safeParse(req.body);
+        if (!parsedBody.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedBody.error).toString()
+                )
+            );
+        }
+
+        const { orgId, domainId } = parsedParams.data;
+        const { certResolver, preferWildcardCert } = parsedBody.data;
+
+        const [orgDomain] = await db
+            .select()
+            .from(orgDomains)
+            .where(
+                and(
+                    eq(orgDomains.orgId, orgId),
+                    eq(orgDomains.domainId, domainId)
+                )
+            );
+
+        if (!orgDomain) {
+            return next(
+                createHttpError(
+                    HttpCode.NOT_FOUND,
+                    "Domain not found or does not belong to this organization"
+                )
+            );
+        }
+
+
+        const [existingDomain] = await db
+            .select()
+            .from(domains)
+            .where(eq(domains.domainId, domainId));
+
+        if (!existingDomain) {
+            return next(
+                createHttpError(HttpCode.NOT_FOUND, "Domain not found")
+            );
+        }
+
+        if (existingDomain.type !== "wildcard") {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    "Domain settings can only be updated for wildcard domains"
+                )
+            );
+        }
+
+        const updateData: Partial<{
+            certResolver: string | null;
+            preferWildcardCert: boolean;
+        }> = {};
+
+        if (certResolver !== undefined) {
+            updateData.certResolver = certResolver;
+        }
+
+        if (preferWildcardCert !== undefined && preferWildcardCert !== null) {
+            updateData.preferWildcardCert = preferWildcardCert;
+        }
+
+        const [updatedDomain] = await db
+            .update(domains)
+            .set(updateData)
+            .where(eq(domains.domainId, domainId))
+            .returning();
+
+        if (!updatedDomain) {
+            return next(
+                createHttpError(
+                    HttpCode.INTERNAL_SERVER_ERROR,
+                    "Failed to update domain"
+                )
+            );
+        }
+
+        return response<UpdateDomainResponse>(res, {
+            data: {
+                domainId: updatedDomain.domainId,
+                certResolver: updatedDomain.certResolver,
+                preferWildcardCert: updatedDomain.preferWildcardCert
+            },
+            success: true,
+            error: false,
+            message: "Domain updated successfully",
+            status: HttpCode.OK
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
\ No newline at end of file
diff --git a/server/routers/external.ts b/server/routers/external.ts
index c00f1e9f..fcc39ded 100644
--- a/server/routers/external.ts
+++ b/server/routers/external.ts
@@ -309,6 +309,13 @@ authenticated.get(
     domain.getDomain
 );
 
+authenticated.patch(
+    "/org/:orgId/domain/:domainId",
+    verifyOrgAccess,
+    verifyUserHasAction(ActionsEnum.updateOrgDomain),
+    domain.updateOrgDomain
+)
+
 authenticated.get(
     "/org/:orgId/domain/:domainId/dns-records",
     verifyOrgAccess,
diff --git a/src/components/DNSRecordsDataTable.tsx b/src/components/DNSRecordsDataTable.tsx
index b29c67f8..672012ae 100644
--- a/src/components/DNSRecordsDataTable.tsx
+++ b/src/components/DNSRecordsDataTable.tsx
@@ -125,7 +125,7 @@ export function DNSRecordsDataTable<TData, TValue>({
                     <Table>
                         <TableHeader>
                             {table.getHeaderGroups().map((headerGroup) => (
-                                <TableRow key={headerGroup.id} className="bg-secondary">
+                                <TableRow key={headerGroup.id} className="bg-secondary dark:bg-transparent">
                                     {headerGroup.headers.map((header) => (
                                         <TableHead key={header.id}>
                                             {header.isPlaceholder
@@ -165,7 +165,7 @@ export function DNSRecordsDataTable<TData, TValue>({
                                         colSpan={columns.length}
                                         className="h-24 text-center"
                                     >
-                                        No results found.
+                                        {t("noResults")}
                                     </TableCell>
                                 </TableRow>
                             )}
diff --git a/src/components/DomainInfoCard.tsx b/src/components/DomainInfoCard.tsx
index a53a2420..2465c608 100644
--- a/src/components/DomainInfoCard.tsx
+++ b/src/components/DomainInfoCard.tsx
@@ -105,6 +105,7 @@ export default function DomainInfoCard({ orgId, domainId }: DomainInfoCardProps)
     const [dnsRecords, setDnsRecords] = useState<DNSRecordRow[]>([]);
     const [loadingRecords, setLoadingRecords] = useState(true);
     const [isRefreshing, setIsRefreshing] = useState(false);
+    const [saveLoading, setSaveLoading] = useState(false);
 
     const form = useForm<FormValues>({
         resolver: zodResolver(formSchema),
@@ -116,6 +117,21 @@ export default function DomainInfoCard({ orgId, domainId }: DomainInfoCardProps)
         }
     });
 
+    useEffect(() => {
+        if (domain.domainId) {
+            const certResolverValue = domain.certResolver && domain.certResolver.trim() !== "" 
+                ? domain.certResolver 
+                : null;
+
+            form.reset({
+                baseDomain: domain.baseDomain || "",
+                type: (domain.type as "ns" | "cname" | "wildcard") || "wildcard",
+                certResolver: certResolverValue,
+                preferWildcardCert: domain.preferWildcardCert || false
+            });
+        }
+    }, [domain]);
+
     const fetchDNSRecords = async (showRefreshing = false) => {
         if (showRefreshing) {
             setIsRefreshing(true);
@@ -150,6 +166,49 @@ export default function DomainInfoCard({ orgId, domainId }: DomainInfoCardProps)
         }
     }, [domain.domainId]);
 
+    const onSubmit = async (values: FormValues) => {
+        if (!orgId || !domainId) {
+            toast({
+                title: t("error"),
+                description: t("orgOrDomainIdMissing", { fallback: "Organization or Domain ID is missing" }),
+                variant: "destructive"
+            });
+            return;
+        }
+
+        setSaveLoading(true);
+
+        try {
+            const response = await api.patch(
+                `/org/${orgId}/domain/${domainId}`,
+                {
+                    certResolver: values.certResolver,
+                    preferWildcardCert: values.preferWildcardCert
+                }
+            );
+
+            updateDomain({
+                ...domain,
+                certResolver: values.certResolver || null,
+                preferWildcardCert: values.preferWildcardCert || false
+            });
+
+            toast({
+                title: t("success"),
+                description: t("domainSettingsUpdated", { fallback: "Domain settings updated successfully" }),
+                variant: "default"
+            });
+        } catch (error) {
+            toast({
+                title: t("error"),
+                description: formatAxiosError(error),
+                variant: "destructive"
+            });
+        } finally {
+            setSaveLoading(false);
+        }
+    };
+
     const getTypeDisplay = (type: string) => {
         switch (type) {
             case "ns":
@@ -198,128 +257,128 @@ export default function DomainInfoCard({ orgId, domainId }: DomainInfoCardProps)
                 </AlertDescription>
             </Alert>
 
-            {loadingRecords ? (
-                <div className="space-y-4">
-                    loading...
-                </div>
-            ) : (
-                <DNSRecordsTable
-                    domainId={domain.domainId}
-                    records={dnsRecords}
-                    isRefreshing={isRefreshing}
-                />
+            {domain.type !== "wildcard" && (
+                loadingRecords ? (
+                    <div className="space-y-4">
+                        {t("loadingDNSRecords", { fallback: "Loading DNS Records..." })}
+                    </div>
+                ) : (
+                    <DNSRecordsTable
+                        domainId={domain.domainId}
+                        records={dnsRecords}
+                        isRefreshing={isRefreshing}
+                    />
+                )
             )}
 
-            {/* Domain Settings */}
-            {/* Add condition later to only show when domain is wildcard */}
-            <SettingsContainer>
-                <SettingsSection>
-                    <SettingsSectionHeader>
-                        <SettingsSectionTitle>
-                            {t("domainSetting")}
-                        </SettingsSectionTitle>
-                    </SettingsSectionHeader>
+            {/* Domain Settings - Only show for wildcard domains */}
+            {domain.type === "wildcard" && (
+                <SettingsContainer>
+                    <SettingsSection>
+                        <SettingsSectionHeader>
+                            <SettingsSectionTitle>
+                                {t("domainSetting")}
+                            </SettingsSectionTitle>
+                        </SettingsSectionHeader>
 
-                    <SettingsSectionBody>
-                        <SettingsSectionForm>
-                            <Form {...form}>
-                                <form
-                                    //onSubmit={form.handleSubmit(onSubmit)}
-                                    className="space-y-4"
-                                    id="create-domain-form"
-                                >
-                                    <FormField
-                                        control={form.control}
-                                        name="certResolver"
-                                        render={({ field }) => (
-                                            <FormItem>
-                                                <FormLabel>{t("certResolver")}</FormLabel>
-                                                <FormControl>
-                                                    <Select
-                                                        value={
-                                                            field.value === null ? "default" :
-                                                                (field.value === "" || (field.value && field.value !== "default")) ? "custom" :
-                                                                    "default"
-                                                        }
-                                                        onValueChange={(val) => {
-                                                            if (val === "default") {
-                                                                field.onChange(null);
-                                                            } else if (val === "custom") {
-                                                                field.onChange("");
-                                                            } else {
-                                                                field.onChange(val);
+                        <SettingsSectionBody>
+                            <SettingsSectionForm>
+                                <Form {...form}>
+                                    <form
+                                        onSubmit={form.handleSubmit(onSubmit)}
+                                        className="space-y-4"
+                                        id="domain-settings-form"
+                                    >
+                                        <FormField
+                                            control={form.control}
+                                            name="certResolver"
+                                            render={({ field }) => (
+                                                <FormItem>
+                                                    <FormLabel>{t("certResolver")}</FormLabel>
+                                                    <FormControl>
+                                                        <Select
+                                                            value={
+                                                                field.value === null ? "default" :
+                                                                    (field.value === "" || (field.value && field.value !== "default")) ? "custom" :
+                                                                        "default"
                                                             }
-                                                        }}
-                                                    >
-                                                        <SelectTrigger>
-                                                            <SelectValue placeholder={t("selectCertResolver")} />
-                                                        </SelectTrigger>
-                                                        <SelectContent>
-                                                            {certResolverOptions.map((opt) => (
-                                                                <SelectItem key={opt.id} value={opt.id}>
-                                                                    {opt.title}
-                                                                </SelectItem>
-                                                            ))}
-                                                        </SelectContent>
-                                                    </Select>
-                                                </FormControl>
-                                                <FormMessage />
-                                                {field.value !== null && field.value !== "default" && (
-                                                    <div className="space-y-2 mt-2">
-                                                        <FormControl>
-                                                            <Input
-                                                                placeholder={t("enterCustomResolver")}
-                                                                value={field.value || ""}
-                                                                onChange={(e) => field.onChange(e.target.value)}
+                                                            onValueChange={(val) => {
+                                                                if (val === "default") {
+                                                                    field.onChange(null);
+                                                                } else if (val === "custom") {
+                                                                    field.onChange("");
+                                                                } else {
+                                                                    field.onChange(val);
+                                                                }
+                                                            }}
+                                                        >
+                                                            <SelectTrigger>
+                                                                <SelectValue placeholder={t("selectCertResolver")} />
+                                                            </SelectTrigger>
+                                                            <SelectContent>
+                                                                {certResolverOptions.map((opt) => (
+                                                                    <SelectItem key={opt.id} value={opt.id}>
+                                                                        {opt.title}
+                                                                    </SelectItem>
+                                                                ))}
+                                                            </SelectContent>
+                                                        </Select>
+                                                    </FormControl>
+                                                    <FormMessage />
+                                                    {field.value !== null && field.value !== "default" && (
+                                                        <div className="space-y-2 mt-2">
+                                                            <FormControl>
+                                                                <Input
+                                                                    placeholder={t("enterCustomResolver")}
+                                                                    value={field.value || domain.certResolver || ""}
+                                                                    onChange={(e) => field.onChange(e.target.value)}
+                                                                />
+                                                            </FormControl>
+                                                            <FormField
+                                                                control={form.control}
+                                                                name="preferWildcardCert"
+                                                                render={({ field: switchField }) => (
+                                                                    <FormItem className="items-center space-y-2 mt-4">
+                                                                        <FormControl>
+                                                                            <div className="flex items-center space-x-2">
+                                                                                <Switch
+                                                                                    checked={switchField.value}
+                                                                                    onCheckedChange={switchField.onChange}
+                                                                                />
+                                                                                <FormLabel>{t("preferWildcardCert")}</FormLabel>
+                                                                            </div>
+                                                                        </FormControl>
+
+                                                                        <FormDescription>
+                                                                            {t("preferWildcardCertDescription")}
+                                                                        </FormDescription>
+                                                                        <FormMessage />
+                                                                    </FormItem>
+                                                                )}
                                                             />
-                                                        </FormControl>
-                                                        <FormField
-                                                            control={form.control}
-                                                            name="preferWildcardCert"
-                                                            render={({ field: switchField }) => (
-                                                                <FormItem className="items-center space-y-2 mt-4">
-                                                                    <FormControl>
-                                                                        <div className="flex items-center space-x-2">
-                                                                            <Switch
-                                                                                defaultChecked={switchField.value}
-                                                                                onCheckedChange={switchField.onChange}
-                                                                            />
-                                                                            <FormLabel>{t("preferWildcardCert")}</FormLabel>
-                                                                        </div>
-                                                                    </FormControl>
+                                                        </div>
+                                                    )}
+                                                </FormItem>
+                                            )}
+                                        />
+                                    </form>
+                                </Form>
+                            </SettingsSectionForm>
+                        </SettingsSectionBody>
 
-                                                                    <FormDescription>
-                                                                        {t("preferWildcardCertDescription")}
-                                                                    </FormDescription>
-                                                                    <FormMessage />
-                                                                </FormItem>
-                                                            )}
-                                                        />
-                                                    </div>
-                                                )}
-                                            </FormItem>
-                                        )}
-                                    />
-                                </form>
-                            </Form>
-                        </SettingsSectionForm>
-                    </SettingsSectionBody>
-
-                    <SettingsSectionFooter>
-                        <Button
-                            type="submit"
-                            // onClick={() => {
-                            //     console.log(form.getValues());
-                            // }}
-                            // loading={saveLoading}
-                            // disabled={saveLoading}
-                            form="general-settings-form"
-                        >
-                            {t("saveSettings")}
-                        </Button>
-                    </SettingsSectionFooter>
-                </SettingsSection>
-            </SettingsContainer >
+                        <SettingsSectionFooter>
+                            <Button
+                                type="submit"
+                                loading={saveLoading}
+                                disabled={saveLoading}
+                                form="domain-settings-form"
+                            >
+                                {t("saveSettings")}
+                            </Button>
+                        </SettingsSectionFooter>
+                    </SettingsSection>
+                </SettingsContainer>
+            )}
         </>
     );
 }
\ No newline at end of file

From 7a6838f5a50d29a676d06e18c3d56f614a1b8073 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Mon, 20 Oct 2025 20:29:35 +0530
Subject: [PATCH 28/69] fix lint

---
 server/routers/external.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/routers/external.ts b/server/routers/external.ts
index fcc39ded..f862e5cf 100644
--- a/server/routers/external.ts
+++ b/server/routers/external.ts
@@ -314,7 +314,7 @@ authenticated.patch(
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.updateOrgDomain),
     domain.updateOrgDomain
-)
+);
 
 authenticated.get(
     "/org/:orgId/domain/:domainId/dns-records",

From 70aeaf7b5d425959fb351af21d64c885f9d7a1eb Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Mon, 20 Oct 2025 20:11:13 -0700
Subject: [PATCH 29/69] Change badges and button size

---
 src/app/[orgId]/settings/domains/[domainId]/page.tsx | 1 -
 src/components/DNSRecordTable.tsx                    | 4 ++--
 src/components/DNSRecordsDataTable.tsx               | 1 -
 src/components/DomainInfoCard.tsx                    | 4 ++--
 4 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/app/[orgId]/settings/domains/[domainId]/page.tsx b/src/app/[orgId]/settings/domains/[domainId]/page.tsx
index 3051def0..c7e137f6 100644
--- a/src/app/[orgId]/settings/domains/[domainId]/page.tsx
+++ b/src/app/[orgId]/settings/domains/[domainId]/page.tsx
@@ -76,7 +76,6 @@ export default function DomainSettingsPage() {
         />
         <Button
           variant="outline"
-          size="sm"
           onClick={() => restartDomain(domain.domainId)}
           disabled={isRestarting}
         >
diff --git a/src/components/DNSRecordTable.tsx b/src/components/DNSRecordTable.tsx
index 393f5c24..8d8e4024 100644
--- a/src/components/DNSRecordTable.tsx
+++ b/src/components/DNSRecordTable.tsx
@@ -110,8 +110,8 @@ export default function DNSRecordsTable({ records, domainId, isRefreshing }: Pro
                     verified ? (
                         <Badge variant="green">{t("verified")}</Badge>
                     ) : (
-                        <Badge variant="destructive">
-                            {t("failed", { fallback: "Failed" })}
+                        <Badge variant="yellow">
+                            {t("pending", { fallback: "Pending" })}
                         </Badge>
                     )
                 );
diff --git a/src/components/DNSRecordsDataTable.tsx b/src/components/DNSRecordsDataTable.tsx
index 672012ae..5d179f30 100644
--- a/src/components/DNSRecordsDataTable.tsx
+++ b/src/components/DNSRecordsDataTable.tsx
@@ -114,7 +114,6 @@ export function DNSRecordsDataTable<TData, TValue>({
                         </div>
                         <Button
                             variant="outline"
-                            size="sm"
                         >
                             <ExternalLink className="h-4 w-4 mr-1"/>
                             {t("howToAddRecords")}
diff --git a/src/components/DomainInfoCard.tsx b/src/components/DomainInfoCard.tsx
index 2465c608..a56a6a90 100644
--- a/src/components/DomainInfoCard.tsx
+++ b/src/components/DomainInfoCard.tsx
@@ -247,8 +247,8 @@ export default function DomainInfoCard({ orgId, domainId }: DomainInfoCardProps)
                                 {domain.verified ? (
                                     <Badge variant="green">{t("verified")}</Badge>
                                 ) : (
-                                    <Badge variant="destructive">
-                                        {t("failed", { fallback: "Failed" })}
+                                    <Badge variant="yellow">
+                                        {t("pending", { fallback: "Pending" })}
                                     </Badge>
                                 )}
                             </InfoSectionContent>

From 5a571f19e183baff00914986a92c8253fac4fba2 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Tue, 21 Oct 2025 16:10:23 +0530
Subject: [PATCH 30/69] add each form control it's own form field/item/control

---
 src/components/CreateDomainForm.tsx | 169 +++++++++++++++-------------
 1 file changed, 92 insertions(+), 77 deletions(-)

diff --git a/src/components/CreateDomainForm.tsx b/src/components/CreateDomainForm.tsx
index 7e7fcc66..bdbf558c 100644
--- a/src/components/CreateDomainForm.tsx
+++ b/src/components/CreateDomainForm.tsx
@@ -263,7 +263,7 @@ export default function CreateDomainForm({
                                                         <AlertTitle>{t("internationaldomaindetected")}</AlertTitle>
                                                         <AlertDescription>
                                                             <div className="mt-2 space-y-1">
-                                                            <p>{t("willbestoredas")} <code className="font-mono px-1 py-0.5 rounded">{punycodePreview}</code></p>
+                                                                <p>{t("willbestoredas")} <code className="font-mono px-1 py-0.5 rounded">{punycodePreview}</code></p>
                                                             </div>
                                                         </AlertDescription>
                                                     </Alert>
@@ -274,76 +274,91 @@ export default function CreateDomainForm({
                                     )}
                                 />
                                 {domainType === "wildcard" && (
-                                    <FormField
-                                        control={form.control}
-                                        name="certResolver"
-                                        render={({ field }) => (
-                                            <FormItem>
-                                                <FormLabel>{t("certResolver")}</FormLabel>
-                                                <FormControl>
-                                                    <Select
-                                                        value={
-                                                            field.value === null ? "default" : 
-                                                            (field.value === "" || (field.value && field.value !== "default")) ? "custom" : 
-                                                            "default"
-                                                        }
-                                                        onValueChange={(val) => {
-                                                            if (val === "default") {
-                                                                field.onChange(null);
-                                                            } else if (val === "custom") {
-                                                                field.onChange("");
-                                                            } else {
-                                                                field.onChange(val);
+                                    <>
+                                        <FormField
+                                            control={form.control}
+                                            name="certResolver"
+                                            render={({ field }) => (
+                                                <FormItem>
+                                                    <FormLabel>{t("certResolver")}</FormLabel>
+                                                    <FormControl>
+                                                        <Select
+                                                            value={
+                                                                field.value === null ? "default" :
+                                                                    (field.value === "" || (field.value && field.value !== "default")) ? "custom" :
+                                                                        "default"
                                                             }
-                                                        }}
-                                                    >
-                                                        <SelectTrigger>
-                                                            <SelectValue placeholder={t("selectCertResolver")} />
-                                                        </SelectTrigger>
-                                                        <SelectContent>
-                                                            {certResolverOptions.map((opt) => (
-                                                                <SelectItem key={opt.id} value={opt.id}>
-                                                                    {opt.title}
-                                                                </SelectItem>
-                                                            ))}
-                                                        </SelectContent>
-                                                    </Select>
-                                                </FormControl>
-                                                <FormMessage />
-                                                {field.value !== null && field.value !== "default" && (
-                                                    <div className="space-y-2 mt-2">
-                                                        <FormControl>
-                                                            <Input
-                                                                placeholder={t("enterCustomResolver")}
-                                                                value={field.value || ""}
-                                                                onChange={(e) => field.onChange(e.target.value)}
-                                                            />
-                                                        </FormControl>
-                                                        <FormField
-                                                            control={form.control}
-                                                            name="preferWildcardCert"
-                                                            render={({ field: checkboxField }) => (
-                                                                <FormItem className="flex flex-row items-center space-x-3 space-y-0">
-                                                                    <FormControl>
-                                                                        <CheckboxWithLabel
-                                                                            label={t("preferWildcardCert")}
-                                                                            checked={checkboxField.value}
-                                                                            onCheckedChange={checkboxField.onChange}
-                                                                        />
-                                                                    </FormControl>
+                                                            onValueChange={(val) => {
+                                                                if (val === "default") {
+                                                                    field.onChange(null);
+                                                                } else if (val === "custom") {
+                                                                    field.onChange("");
+                                                                } else {
+                                                                    field.onChange(val);
+                                                                }
+                                                            }}
+                                                        >
+                                                            <SelectTrigger>
+                                                                <SelectValue placeholder={t("selectCertResolver")} />
+                                                            </SelectTrigger>
+                                                            <SelectContent>
+                                                                {certResolverOptions.map((opt) => (
+                                                                    <SelectItem key={opt.id} value={opt.id}>
+                                                                        {opt.title}
+                                                                    </SelectItem>
+                                                                ))}
+                                                            </SelectContent>
+                                                        </Select>
+                                                    </FormControl>
+                                                    <FormMessage />
+                                                </FormItem>
+                                            )}
+                                        />
+                                        {form.watch("certResolver") !== null &&
+                                            form.watch("certResolver") !== "default" && (
+                                                <FormField
+                                                    control={form.control}
+                                                    name="certResolver"
+                                                    render={({ field }) => (
+                                                        <FormItem>
+                                                            <FormLabel>{t("customResolver")}</FormLabel>
+                                                            <FormControl>
+                                                                <Input
+                                                                    placeholder={t("enterCustomResolver")}
+                                                                    value={field.value || ""}
+                                                                    onChange={(e) => field.onChange(e.target.value)}
+                                                                />
+                                                            </FormControl>
+                                                            <FormMessage />
+                                                        </FormItem>
+                                                    )}
+                                                />
+                                            )}
+
+                                        {form.watch("certResolver") !== null &&
+                                            form.watch("certResolver") !== "default" && (
+                                                <FormField
+                                                    control={form.control}
+                                                    name="preferWildcardCert"
+                                                    render={({ field: checkboxField }) => (
+                                                        <FormItem className="flex flex-row items-center space-x-3 space-y-0">
+                                                            <FormControl>
+                                                                <CheckboxWithLabel
+                                                                    label={t("preferWildcardCert")}
+                                                                    checked={checkboxField.value}
+                                                                    onCheckedChange={checkboxField.onChange}
+                                                                />
+                                                            </FormControl>
                                                                     {/* <div className="space-y-1 leading-none">
                                                                         <FormLabel>
                                                                             {t("preferWildcardCert")}
                                                                         </FormLabel>
                                                                     </div> */}
-                                                                </FormItem>
-                                                            )}
-                                                        />
-                                                    </div>
-                                                )}
-                                            </FormItem>
-                                        )}
-                                    />
+                                                        </FormItem>
+                                                    )}
+                                                />
+                                            )}
+                                    </>
                                 )}
                             </form>
                         </Form>
@@ -646,18 +661,18 @@ export default function CreateDomainForm({
                             </div>
 
                             {build != "oss" && env.flags.usePangolinDns && (
-                                    <Alert variant="destructive">
-                                        <AlertTriangle className="h-4 w-4" />
-                                        <AlertTitle className="font-semibold">
-                                            {t("createDomainSaveTheseRecords")}
-                                        </AlertTitle>
-                                        <AlertDescription>
-                                            {t(
-                                                "createDomainSaveTheseRecordsDescription"
-                                            )}
-                                        </AlertDescription>
-                                    </Alert>
-                                )}
+                                <Alert variant="destructive">
+                                    <AlertTriangle className="h-4 w-4" />
+                                    <AlertTitle className="font-semibold">
+                                        {t("createDomainSaveTheseRecords")}
+                                    </AlertTitle>
+                                    <AlertDescription>
+                                        {t(
+                                            "createDomainSaveTheseRecordsDescription"
+                                        )}
+                                    </AlertDescription>
+                                </Alert>
+                            )}
 
                             <Alert variant="info">
                                 <AlertTriangle className="h-4 w-4" />

From 3ae42f054ffc086ecc6ced46df84f7244faf4788 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Tue, 21 Oct 2025 17:07:34 +0530
Subject: [PATCH 31/69] show the wildcard record info

---
 src/components/CreateDomainForm.tsx |   1 -
 src/components/DomainInfoCard.tsx   | 185 +++++++++++++++-------------
 2 files changed, 99 insertions(+), 87 deletions(-)

diff --git a/src/components/CreateDomainForm.tsx b/src/components/CreateDomainForm.tsx
index bdbf558c..1fa61bd9 100644
--- a/src/components/CreateDomainForm.tsx
+++ b/src/components/CreateDomainForm.tsx
@@ -321,7 +321,6 @@ export default function CreateDomainForm({
                                                     name="certResolver"
                                                     render={({ field }) => (
                                                         <FormItem>
-                                                            <FormLabel>{t("customResolver")}</FormLabel>
                                                             <FormControl>
                                                                 <Input
                                                                     placeholder={t("enterCustomResolver")}
diff --git a/src/components/DomainInfoCard.tsx b/src/components/DomainInfoCard.tsx
index a56a6a90..15fe5ce0 100644
--- a/src/components/DomainInfoCard.tsx
+++ b/src/components/DomainInfoCard.tsx
@@ -112,15 +112,15 @@ export default function DomainInfoCard({ orgId, domainId }: DomainInfoCardProps)
         defaultValues: {
             baseDomain: "",
             type: build == "oss" || !env.flags.usePangolinDns ? "wildcard" : "ns",
-            certResolver: null,
+            certResolver: domain.certResolver ?? "",
             preferWildcardCert: false
         }
     });
 
     useEffect(() => {
         if (domain.domainId) {
-            const certResolverValue = domain.certResolver && domain.certResolver.trim() !== "" 
-                ? domain.certResolver 
+            const certResolverValue = domain.certResolver && domain.certResolver.trim() !== ""
+                ? domain.certResolver
                 : null;
 
             form.reset({
@@ -257,19 +257,18 @@ export default function DomainInfoCard({ orgId, domainId }: DomainInfoCardProps)
                 </AlertDescription>
             </Alert>
 
-            {domain.type !== "wildcard" && (
-                loadingRecords ? (
-                    <div className="space-y-4">
-                        {t("loadingDNSRecords", { fallback: "Loading DNS Records..." })}
-                    </div>
-                ) : (
-                    <DNSRecordsTable
-                        domainId={domain.domainId}
-                        records={dnsRecords}
-                        isRefreshing={isRefreshing}
-                    />
-                )
-            )}
+            {loadingRecords ? (
+                <div className="space-y-4">
+                    {t("loadingDNSRecords", { fallback: "Loading DNS Records..." })}
+                </div>
+            ) : (
+                <DNSRecordsTable
+                    domainId={domain.domainId}
+                    records={dnsRecords}
+                    isRefreshing={isRefreshing}
+                />
+            )
+            }
 
             {/* Domain Settings - Only show for wildcard domains */}
             {domain.type === "wildcard" && (
@@ -289,78 +288,92 @@ export default function DomainInfoCard({ orgId, domainId }: DomainInfoCardProps)
                                         className="space-y-4"
                                         id="domain-settings-form"
                                     >
-                                        <FormField
-                                            control={form.control}
-                                            name="certResolver"
-                                            render={({ field }) => (
-                                                <FormItem>
-                                                    <FormLabel>{t("certResolver")}</FormLabel>
-                                                    <FormControl>
-                                                        <Select
-                                                            value={
-                                                                field.value === null ? "default" :
-                                                                    (field.value === "" || (field.value && field.value !== "default")) ? "custom" :
-                                                                        "default"
-                                                            }
-                                                            onValueChange={(val) => {
-                                                                if (val === "default") {
-                                                                    field.onChange(null);
-                                                                } else if (val === "custom") {
-                                                                    field.onChange("");
-                                                                } else {
-                                                                    field.onChange(val);
+                                        <>
+                                            <FormField
+                                                control={form.control}
+                                                name="certResolver"
+                                                render={({ field }) => (
+                                                    <FormItem>
+                                                        <FormLabel>{t("certResolver")}</FormLabel>
+                                                        <FormControl>
+                                                            <Select
+                                                                value={
+                                                                    field.value === null ? "default" :
+                                                                        (field.value === "" || (field.value && field.value !== "default")) ? "custom" :
+                                                                            "default"
                                                                 }
-                                                            }}
-                                                        >
-                                                            <SelectTrigger>
-                                                                <SelectValue placeholder={t("selectCertResolver")} />
-                                                            </SelectTrigger>
-                                                            <SelectContent>
-                                                                {certResolverOptions.map((opt) => (
-                                                                    <SelectItem key={opt.id} value={opt.id}>
-                                                                        {opt.title}
-                                                                    </SelectItem>
-                                                                ))}
-                                                            </SelectContent>
-                                                        </Select>
-                                                    </FormControl>
-                                                    <FormMessage />
-                                                    {field.value !== null && field.value !== "default" && (
-                                                        <div className="space-y-2 mt-2">
-                                                            <FormControl>
-                                                                <Input
-                                                                    placeholder={t("enterCustomResolver")}
-                                                                    value={field.value || domain.certResolver || ""}
-                                                                    onChange={(e) => field.onChange(e.target.value)}
-                                                                />
-                                                            </FormControl>
-                                                            <FormField
-                                                                control={form.control}
-                                                                name="preferWildcardCert"
-                                                                render={({ field: switchField }) => (
-                                                                    <FormItem className="items-center space-y-2 mt-4">
-                                                                        <FormControl>
-                                                                            <div className="flex items-center space-x-2">
-                                                                                <Switch
-                                                                                    checked={switchField.value}
-                                                                                    onCheckedChange={switchField.onChange}
-                                                                                />
-                                                                                <FormLabel>{t("preferWildcardCert")}</FormLabel>
-                                                                            </div>
-                                                                        </FormControl>
+                                                                onValueChange={(val) => {
+                                                                    if (val === "default") {
+                                                                        field.onChange(null);
+                                                                    } else if (val === "custom") {
+                                                                        field.onChange("");
+                                                                    } else {
+                                                                        field.onChange(val);
+                                                                    }
+                                                                }}
+                                                            >
+                                                                <SelectTrigger>
+                                                                    <SelectValue placeholder={t("selectCertResolver")} />
+                                                                </SelectTrigger>
+                                                                <SelectContent>
+                                                                    {certResolverOptions.map((opt) => (
+                                                                        <SelectItem key={opt.id} value={opt.id}>
+                                                                            {opt.title}
+                                                                        </SelectItem>
+                                                                    ))}
+                                                                </SelectContent>
+                                                            </Select>
+                                                        </FormControl>
+                                                        <FormMessage />
+                                                    </FormItem>
+                                                )}
+                                            />
+                                            {form.watch("certResolver") !== null &&
+                                                form.watch("certResolver") !== "default" && (
+                                                    <FormField
+                                                        control={form.control}
+                                                        name="certResolver"
+                                                        render={({ field }) => (
+                                                            <FormItem>
+                                                                <FormControl>
+                                                                    <Input
+                                                                        placeholder={t("enterCustomResolver")}
+                                                                        value={field.value || ""}
+                                                                        onChange={(e) => field.onChange(e.target.value)}
+                                                                    />
+                                                                </FormControl>
+                                                                <FormMessage />
+                                                            </FormItem>
+                                                        )}
+                                                    />
+                                                )}
 
-                                                                        <FormDescription>
-                                                                            {t("preferWildcardCertDescription")}
-                                                                        </FormDescription>
-                                                                        <FormMessage />
-                                                                    </FormItem>
-                                                                )}
-                                                            />
-                                                        </div>
-                                                    )}
-                                                </FormItem>
-                                            )}
-                                        />
+                                            {form.watch("certResolver") !== null &&
+                                                form.watch("certResolver") !== "default" && (
+                                                    <FormField
+                                                        control={form.control}
+                                                        name="preferWildcardCert"
+                                                        render={({ field: switchField }) => (
+                                                            <FormItem className="items-center space-y-2 mt-4">
+                                                                <FormControl>
+                                                                    <div className="flex items-center space-x-2">
+                                                                        <Switch
+                                                                            checked={switchField.value}
+                                                                            onCheckedChange={switchField.onChange}
+                                                                        />
+                                                                        <FormLabel>{t("preferWildcardCert")}</FormLabel>
+                                                                    </div>
+                                                                </FormControl>
+
+                                                                <FormDescription>
+                                                                    {t("preferWildcardCertDescription")}
+                                                                </FormDescription>
+                                                                <FormMessage />
+                                                            </FormItem>
+                                                        )}
+                                                    />
+                                                )}
+                                        </>
                                     </form>
                                 </Form>
                             </SettingsSectionForm>

From 461866836e1204b91a43ab53e28bd22b3cc053c1 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Tue, 21 Oct 2025 17:41:14 +0530
Subject: [PATCH 32/69] Remove the popup after creating domain and redirect to
 domain details page

---
 src/components/CreateDomainForm.tsx | 326 +---------------------------
 1 file changed, 3 insertions(+), 323 deletions(-)

diff --git a/src/components/CreateDomainForm.tsx b/src/components/CreateDomainForm.tsx
index 1fa61bd9..7d614376 100644
--- a/src/components/CreateDomainForm.tsx
+++ b/src/components/CreateDomainForm.tsx
@@ -47,6 +47,7 @@ import { useOrgContext } from "@app/hooks/useOrgContext";
 import { build } from "@server/build";
 import { toASCII, toUnicode } from 'punycode';
 import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "./ui/select";
+import { useRouter } from "next/navigation";
 
 
 // Helper functions for Unicode domain handling
@@ -130,6 +131,7 @@ export default function CreateDomainForm({
     const { toast } = useToast();
     const { org } = useOrgContext();
     const { env } = useEnvContext();
+    const router = useRouter();
 
     const form = useForm<FormValues>({
         resolver: zodResolver(formSchema),
@@ -170,6 +172,7 @@ export default function CreateDomainForm({
                 description: t("domainCreatedDescription")
             });
             onCreated?.(domainData);
+            router.push(`/${org.org.orgId}/settings/domains/${domainData.domainId}`);
         } catch (e) {
             toast({
                 title: t("error"),
@@ -222,7 +225,6 @@ export default function CreateDomainForm({
                     </CredenzaDescription>
                 </CredenzaHeader>
                 <CredenzaBody>
-                    {!createdDomain ? (
                         <Form {...form}>
                             <form
                                 onSubmit={form.handleSubmit(onSubmit)}
@@ -361,329 +363,7 @@ export default function CreateDomainForm({
                                 )}
                             </form>
                         </Form>
-                    ) : (
-                        <div className="space-y-6">
-                            <Alert variant="default">
-                                <InfoIcon className="h-4 w-4" />
-                                <AlertTitle className="font-semibold">
-                                    {t("createDomainAddDnsRecords")}
-                                </AlertTitle>
-                                <AlertDescription>
-                                    {t("createDomainAddDnsRecordsDescription")}
-                                </AlertDescription>
-                            </Alert>
 
-                            <div className="space-y-4">
-                                {createdDomain.nsRecords &&
-                                    createdDomain.nsRecords.length > 0 && (
-                                        <div>
-                                            <h3 className="font-medium mb-3">
-                                                {t("createDomainNsRecords")}
-                                            </h3>
-                                            <InfoSections cols={1}>
-                                                <InfoSection>
-                                                    <InfoSectionTitle>
-                                                        {t("createDomainRecord")}
-                                                    </InfoSectionTitle>
-                                                    <InfoSectionContent>
-                                                        <div className="space-y-2">
-                                                            <div className="flex justify-between items-center">
-                                                                <span className="text-sm font-medium">
-                                                                    {t(
-                                                                        "createDomainType"
-                                                                    )}
-                                                                </span>
-                                                                <span className="text-sm font-mono">
-                                                                    NS
-                                                                </span>
-                                                            </div>
-                                                            <div className="flex justify-between items-center">
-                                                                <span className="text-sm font-medium">
-                                                                    {t(
-                                                                        "createDomainName"
-                                                                    )}
-                                                                </span>
-                                                                <div className="text-right">
-                                                                    <span className="text-sm font-mono block">
-                                                                        {fromPunycode(baseDomain)}
-                                                                    </span>
-                                                                    {fromPunycode(baseDomain) !== baseDomain && (
-                                                                        <span className="text-xs text-muted-foreground font-mono">
-                                                                            ({baseDomain})
-                                                                        </span>
-                                                                    )}
-                                                                </div>
-                                                            </div>
-                                                            <span className="text-sm font-medium">
-                                                                {t(
-                                                                    "createDomainValue"
-                                                                )}
-                                                            </span>
-                                                            {createdDomain.nsRecords.map(
-                                                                (
-                                                                    nsRecord,
-                                                                    index
-                                                                ) => (
-                                                                    <div
-                                                                        className="flex justify-between items-center"
-                                                                        key={index}
-                                                                    >
-                                                                        <CopyToClipboard
-                                                                            text={
-                                                                                nsRecord
-                                                                            }
-                                                                        />
-                                                                    </div>
-                                                                )
-                                                            )}
-                                                        </div>
-                                                    </InfoSectionContent>
-                                                </InfoSection>
-                                            </InfoSections>
-                                        </div>
-                                    )}
-
-                                {createdDomain.cnameRecords &&
-                                    createdDomain.cnameRecords.length > 0 && (
-                                        <div>
-                                            <h3 className="font-medium mb-3">
-                                                {t("createDomainCnameRecords")}
-                                            </h3>
-                                            <InfoSections cols={1}>
-                                                {createdDomain.cnameRecords.map(
-                                                    (cnameRecord, index) => (
-                                                        <InfoSection
-                                                            key={index}
-                                                        >
-                                                            <InfoSectionTitle>
-                                                                {t(
-                                                                    "createDomainRecordNumber",
-                                                                    {
-                                                                        number:
-                                                                            index +
-                                                                            1
-                                                                    }
-                                                                )}
-                                                            </InfoSectionTitle>
-                                                            <InfoSectionContent>
-                                                                <div className="space-y-2">
-                                                                    <div className="flex justify-between items-center">
-                                                                        <span className="text-sm font-medium">
-                                                                            {t(
-                                                                                "createDomainType"
-                                                                            )}
-                                                                        </span>
-                                                                        <span className="text-sm font-mono">
-                                                                            CNAME
-                                                                        </span>
-                                                                    </div>
-                                                                    <div className="flex justify-between items-center">
-                                                                        <span className="text-sm font-medium">
-                                                                            {t(
-                                                                                "createDomainName"
-                                                                            )}
-                                                                        </span>
-                                                                        <div className="text-right">
-                                                                            <span className="text-sm font-mono block">
-                                                                                {fromPunycode(cnameRecord.baseDomain)}
-                                                                            </span>
-                                                                            {fromPunycode(cnameRecord.baseDomain) !== cnameRecord.baseDomain && (
-                                                                                <span className="text-xs text-muted-foreground font-mono">
-                                                                                    ({cnameRecord.baseDomain})
-                                                                                </span>
-                                                                            )}
-                                                                        </div>
-                                                                    </div>
-                                                                    <div className="flex justify-between items-center">
-                                                                        <span className="text-sm font-medium">
-                                                                            {t(
-                                                                                "createDomainValue"
-                                                                            )}
-                                                                        </span>
-                                                                        <CopyToClipboard
-                                                                            text={
-                                                                                cnameRecord.value
-                                                                            }
-                                                                        />
-                                                                    </div>
-                                                                </div>
-                                                            </InfoSectionContent>
-                                                        </InfoSection>
-                                                    )
-                                                )}
-                                            </InfoSections>
-                                        </div>
-                                    )}
-
-                                {createdDomain.aRecords &&
-                                    createdDomain.aRecords.length > 0 && (
-                                        <div>
-                                            <h3 className="font-medium mb-3">
-                                                {t("createDomainARecords")}
-                                            </h3>
-                                            <InfoSections cols={1}>
-                                                {createdDomain.aRecords.map(
-                                                    (aRecord, index) => (
-                                                        <InfoSection
-                                                            key={index}
-                                                        >
-                                                            <InfoSectionTitle>
-                                                                {t(
-                                                                    "createDomainRecordNumber",
-                                                                    {
-                                                                        number:
-                                                                            index +
-                                                                            1
-                                                                    }
-                                                                )}
-                                                            </InfoSectionTitle>
-                                                            <InfoSectionContent>
-                                                                <div className="space-y-2">
-                                                                    <div className="flex justify-between items-center">
-                                                                        <span className="text-sm font-medium">
-                                                                            {t(
-                                                                                "createDomainType"
-                                                                            )}
-                                                                        </span>
-                                                                        <span className="text-sm font-mono">
-                                                                            A
-                                                                        </span>
-                                                                    </div>
-                                                                    <div className="flex justify-between items-center">
-                                                                        <span className="text-sm font-medium">
-                                                                            {t(
-                                                                                "createDomainName"
-                                                                            )}
-                                                                        </span>
-                                                                        <div className="text-right">
-                                                                            <span className="text-sm font-mono block">
-                                                                                {fromPunycode(aRecord.baseDomain)}
-                                                                            </span>
-                                                                            {fromPunycode(aRecord.baseDomain) !== aRecord.baseDomain && (
-                                                                                <span className="text-xs text-muted-foreground font-mono">
-                                                                                    ({aRecord.baseDomain})
-                                                                                </span>
-                                                                            )}
-                                                                        </div>
-                                                                    </div>
-                                                                    <div className="flex justify-between items-center">
-                                                                        <span className="text-sm font-medium">
-                                                                            {t(
-                                                                                "createDomainValue"
-                                                                            )}
-                                                                        </span>
-                                                                        <span className="text-sm font-mono">
-                                                                            {
-                                                                                aRecord.value
-                                                                            }
-                                                                        </span>
-                                                                    </div>
-                                                                </div>
-                                                            </InfoSectionContent>
-                                                        </InfoSection>
-                                                    )
-                                                )}
-                                            </InfoSections>
-                                        </div>
-                                    )}
-                                {createdDomain.txtRecords &&
-                                    createdDomain.txtRecords.length > 0 && (
-                                        <div>
-                                            <h3 className="font-medium mb-3">
-                                                {t("createDomainTxtRecords")}
-                                            </h3>
-                                            <InfoSections cols={1}>
-                                                {createdDomain.txtRecords.map(
-                                                    (txtRecord, index) => (
-                                                        <InfoSection
-                                                            key={index}
-                                                        >
-                                                            <InfoSectionTitle>
-                                                                {t(
-                                                                    "createDomainRecordNumber",
-                                                                    {
-                                                                        number:
-                                                                            index +
-                                                                            1
-                                                                    }
-                                                                )}
-                                                            </InfoSectionTitle>
-                                                            <InfoSectionContent>
-                                                                <div className="space-y-2">
-                                                                    <div className="flex justify-between items-center">
-                                                                        <span className="text-sm font-medium">
-                                                                            {t(
-                                                                                "createDomainType"
-                                                                            )}
-                                                                        </span>
-                                                                        <span className="text-sm font-mono">
-                                                                            TXT
-                                                                        </span>
-                                                                    </div>
-                                                                    <div className="flex justify-between items-center">
-                                                                        <span className="text-sm font-medium">
-                                                                            {t(
-                                                                                "createDomainName"
-                                                                            )}
-                                                                        </span>
-                                                                        <div className="text-right">
-                                                                            <span className="text-sm font-mono block">
-                                                                                {fromPunycode(txtRecord.baseDomain)}
-                                                                            </span>
-                                                                            {fromPunycode(txtRecord.baseDomain) !== txtRecord.baseDomain && (
-                                                                                <span className="text-xs text-muted-foreground font-mono">
-                                                                                    ({txtRecord.baseDomain})
-                                                                                </span>
-                                                                            )}
-                                                                        </div>
-                                                                    </div>
-                                                                    <div className="flex justify-between items-center">
-                                                                        <span className="text-sm font-medium">
-                                                                            {t(
-                                                                                "createDomainValue"
-                                                                            )}
-                                                                        </span>
-                                                                        <CopyToClipboard
-                                                                            text={
-                                                                                txtRecord.value
-                                                                            }
-                                                                        />
-                                                                    </div>
-                                                                </div>
-                                                            </InfoSectionContent>
-                                                        </InfoSection>
-                                                    )
-                                                )}
-                                            </InfoSections>
-                                        </div>
-                                    )}
-                            </div>
-
-                            {build != "oss" && env.flags.usePangolinDns && (
-                                <Alert variant="destructive">
-                                    <AlertTriangle className="h-4 w-4" />
-                                    <AlertTitle className="font-semibold">
-                                        {t("createDomainSaveTheseRecords")}
-                                    </AlertTitle>
-                                    <AlertDescription>
-                                        {t(
-                                            "createDomainSaveTheseRecordsDescription"
-                                        )}
-                                    </AlertDescription>
-                                </Alert>
-                            )}
-
-                            <Alert variant="info">
-                                <AlertTriangle className="h-4 w-4" />
-                                <AlertTitle className="font-semibold">
-                                    {t("createDomainDnsPropagation")}
-                                </AlertTitle>
-                                <AlertDescription>
-                                    {t("createDomainDnsPropagationDescription")}
-                                </AlertDescription>
-                            </Alert>
-                        </div>
-                    )}
                 </CredenzaBody>
                 <CredenzaFooter>
                     <CredenzaClose asChild>

From 6b0dd00aa5acf98b1ffb293f579b4acb162f2582 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Tue, 21 Oct 2025 20:43:42 +0530
Subject: [PATCH 33/69] show IP of the server inside DNS records

---
 server/index.ts                        |  4 +++-
 server/lib/serverIpService.ts          | 28 ++++++++++++++++++++++++++
 server/routers/domain/getDNSRecords.ts | 13 +++++++++++-
 3 files changed, 43 insertions(+), 2 deletions(-)
 create mode 100644 server/lib/serverIpService.ts

diff --git a/server/index.ts b/server/index.ts
index 8b4b3728..f80fd16e 100644
--- a/server/index.ts
+++ b/server/index.ts
@@ -20,7 +20,7 @@ import { initTelemetryClient } from "./lib/telemetry.js";
 import { TraefikConfigManager } from "./lib/traefik/TraefikConfigManager.js";
 import { initCleanup } from "#dynamic/cleanup";
 import license from "#dynamic/license/license";
-
+import { fetchServerIp } from "./lib/serverIpService.js";
 async function startServers() {
     await setHostMeta();
 
@@ -31,6 +31,8 @@ async function startServers() {
 
     await runSetupFunctions();
 
+    await fetchServerIp();
+
     initTelemetryClient();
 
     // Start all servers
diff --git a/server/lib/serverIpService.ts b/server/lib/serverIpService.ts
new file mode 100644
index 00000000..fb25c1c2
--- /dev/null
+++ b/server/lib/serverIpService.ts
@@ -0,0 +1,28 @@
+import axios from "axios";
+
+let serverIp: string | null = null;
+
+const services = [
+    "https://ifconfig.io/ip",
+    "https://api.ipify.org",
+    "https://checkip.amazonaws.com"
+];
+
+export async function fetchServerIp() {
+    for (const url of services) {
+        try {
+            const response = await axios.get(url, { timeout: 5000 });
+            serverIp = response.data.trim();
+            console.log("Detected public IP:", serverIp);
+            return; 
+        } catch (err: any) {
+            console.warn(`Failed to fetch server IP from ${url}: ${err.message || err.code}`);
+        }
+    }
+
+    console.error("All attempts to fetch server IP failed.");
+}
+
+export function getServerIp() {
+    return serverIp;
+}
diff --git a/server/routers/domain/getDNSRecords.ts b/server/routers/domain/getDNSRecords.ts
index ee349cdd..c705b4fa 100644
--- a/server/routers/domain/getDNSRecords.ts
+++ b/server/routers/domain/getDNSRecords.ts
@@ -8,6 +8,7 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
+import { getServerIp } from "@server/lib/serverIpService"; // your in-memory IP module
 
 const getDNSRecordsSchema = z
     .object({
@@ -70,8 +71,18 @@ export async function getDNSRecords(
             );
         }
 
+        const serverIp = getServerIp();
+
+        // Override value for type A or wildcard records
+        const updatedRecords = records.map(record => {
+            if ((record.recordType === "A" || record.baseDomain === "*") && serverIp) {
+                return { ...record, value: serverIp };
+            }
+            return record;
+        });
+
         return response<GetDNSRecordsResponse>(res, {
-            data: records,
+            data: updatedRecords,
             success: true,
             error: false,
             message: "DNS records retrieved successfully",

From 9a64f458150b3932e588c6eb36f34897ae34f116 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Tue, 21 Oct 2025 15:26:03 -0700
Subject: [PATCH 34/69] Basic log table there

---
 messages/en-US.json                           |   9 +-
 server/private/routers/auditLogs/index.ts     |   1 +
 server/private/routers/external.ts            |   7 +-
 src/app/[orgId]/settings/logs/access/page.tsx | 251 ++++++++++--
 src/app/navigation.tsx                        |   2 +-
 src/components/DateTimePicker.tsx             | 209 ++++++++++
 src/components/LogDataTable.tsx               | 367 ++++++++++++++++++
 7 files changed, 804 insertions(+), 42 deletions(-)
 create mode 100644 src/components/DateTimePicker.tsx
 create mode 100644 src/components/LogDataTable.tsx

diff --git a/messages/en-US.json b/messages/en-US.json
index 79042b7e..4a44ab33 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1893,5 +1893,12 @@
     "deleteClientQuestion": "Are you sure you want to remove the client from the site and organization?",
     "clientMessageRemove": "Once removed, the client will no longer be able to connect to the site.",
     "sidebarLogs": "Logs",
-    "request": "Request"
+    "request": "Request",
+    "logs": "Logs",
+    "logsSettingsDescription": "Monitor logs collected from this orginization",
+    "searchLogs": "Search logs...",
+    "action": "Action",
+    "actor": "Actor",
+    "timestamp": "Timestamp",
+    "accessLogs": "Access Logs"
 }
diff --git a/server/private/routers/auditLogs/index.ts b/server/private/routers/auditLogs/index.ts
index de0b2d2b..1a1b1408 100644
--- a/server/private/routers/auditLogs/index.ts
+++ b/server/private/routers/auditLogs/index.ts
@@ -11,3 +11,4 @@
  * This file is not licensed under the AGPLv3.
  */
 
+export * from "./queryActionAuditLog";
\ No newline at end of file
diff --git a/server/private/routers/external.ts b/server/private/routers/external.ts
index 36a29788..7e81336b 100644
--- a/server/private/routers/external.ts
+++ b/server/private/routers/external.ts
@@ -21,8 +21,8 @@ import * as domain from "#private/routers/domain";
 import * as auth from "#private/routers/auth";
 import * as license from "#private/routers/license";
 import * as generateLicense from "./generatedLicense";
+import * as logs from "#private/routers/auditLogs";
 
-import { Router } from "express";
 import {
     verifyOrgAccess,
     verifyUserHasAction,
@@ -345,3 +345,8 @@ authenticated.post(
     verifyUserIsServerAdmin,
     license.recheckStatus
 );
+
+authenticated.get(
+    "/org/:orgId/logs/action",
+    logs.queryAccessAuditLogs 
+)
\ No newline at end of file
diff --git a/src/app/[orgId]/settings/logs/access/page.tsx b/src/app/[orgId]/settings/logs/access/page.tsx
index 80e4e4a6..58479166 100644
--- a/src/app/[orgId]/settings/logs/access/page.tsx
+++ b/src/app/[orgId]/settings/logs/access/page.tsx
@@ -1,47 +1,15 @@
 "use client";
-import ConfirmDeleteDialog from "@app/components/ConfirmDeleteDialog";
-import AuthPageSettings, {
-    AuthPageSettingsRef
-} from "@app/components/private/AuthPageSettings";
-
 import { Button } from "@app/components/ui/button";
-import { useOrgContext } from "@app/hooks/useOrgContext";
-import { userOrgUserContext } from "@app/hooks/useOrgUserContext";
 import { toast } from "@app/hooks/useToast";
-import { useState, useRef } from "react";
-import {
-    Form,
-    FormControl,
-    FormDescription,
-    FormField,
-    FormItem,
-    FormLabel,
-    FormMessage
-} from "@/components/ui/form";
-import { Input } from "@/components/ui/input";
-
-import { z } from "zod";
-import { useForm } from "react-hook-form";
-import { zodResolver } from "@hookform/resolvers/zod";
+import { useState, useRef, useEffect } from "react";
 import { createApiClient } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
-import { formatAxiosError } from "@app/lib/api";
-import { AxiosResponse } from "axios";
-import { DeleteOrgResponse, ListUserOrgsResponse } from "@server/routers/org";
-import { useRouter } from "next/navigation";
-import {
-    SettingsContainer,
-    SettingsSection,
-    SettingsSectionHeader,
-    SettingsSectionTitle,
-    SettingsSectionDescription,
-    SettingsSectionBody,
-    SettingsSectionForm,
-    SettingsSectionFooter
-} from "@app/components/Settings";
-import { useUserContext } from "@app/hooks/useUserContext";
+import { useParams, useRouter } from "next/navigation";
 import { useTranslations } from "next-intl";
-import { build } from "@server/build";
+import { LogDataTable } from "@app/components/LogDataTable";
+import { ColumnDef } from "@tanstack/react-table";
+import { DateTimeValue } from "@app/components/DateTimePicker";
+import { Key, User } from "lucide-react";
 
 export default function GeneralPage() {
     const [isDeleteModalOpen, setIsDeleteModalOpen] = useState(false);
@@ -49,6 +17,211 @@ export default function GeneralPage() {
     const api = createApiClient(useEnvContext());
     const t = useTranslations();
     const { env } = useEnvContext();
+    const { orgId } = useParams();
 
-    return <p>access</p>;
+    const [rows, setRows] = useState<any[]>([]);
+    const [isRefreshing, setIsRefreshing] = useState(false);
+
+    // Set default date range to last 24 hours
+    const getDefaultDateRange = () => {
+        const now = new Date();
+        const yesterday = new Date(now.getTime() - 24 * 60 * 60 * 1000);
+        
+        return {
+            startDate: {
+                date: yesterday,
+            },
+            endDate: {
+                date: now,
+            }
+        };
+    };
+
+    const [dateRange, setDateRange] = useState<{ startDate: DateTimeValue; endDate: DateTimeValue }>(getDefaultDateRange());
+
+    // Trigger search with default values on component mount
+    useEffect(() => {
+        const defaultRange = getDefaultDateRange();
+        queryDateTime(defaultRange.startDate, defaultRange.endDate);
+    }, [orgId]); // Re-run if orgId changes
+
+    const handleDateRangeChange = (
+        startDate: DateTimeValue,
+        endDate: DateTimeValue
+    ) => {
+        setDateRange({ startDate, endDate });
+        queryDateTime(startDate, endDate);
+    };
+
+    const queryDateTime = async (
+        startDate: DateTimeValue,
+        endDate: DateTimeValue
+    ) => {
+        console.log("Date range changed:", { startDate, endDate });
+        setIsRefreshing(true);
+
+        try {
+            // Convert the date/time values to API parameters
+            let params: any = {
+                limit: 20,
+                offset: 0
+            };
+
+            if (startDate?.date) {
+                const startDateTime = new Date(startDate.date);
+                if (startDate.time) {
+                    const [hours, minutes, seconds] = startDate.time
+                        .split(":")
+                        .map(Number);
+                    startDateTime.setHours(hours, minutes, seconds || 0);
+                }
+                params.timeStart = startDateTime.toISOString();
+            }
+
+            if (endDate?.date) {
+                const endDateTime = new Date(endDate.date);
+                if (endDate.time) {
+                    const [hours, minutes, seconds] = endDate.time
+                        .split(":")
+                        .map(Number);
+                    endDateTime.setHours(hours, minutes, seconds || 0);
+                } else {
+                    // If no time is specified, set to NOW
+                    const now = new Date();
+                    endDateTime.setHours(now.getHours(), now.getMinutes(), now.getSeconds(), now.getMilliseconds());    
+                }
+                params.timeEnd = endDateTime.toISOString();
+            }
+
+            const res = await api.get(`/org/${orgId}/logs/action`, { params });
+            if (res.status === 200) {
+                setRows(res.data.data.log);
+                console.log("Fetched logs:", res.data);
+            }
+        } catch (error) {
+            toast({
+                title: t("error"),
+                description: t("Failed to filter logs"),
+                variant: "destructive"
+            });
+        } finally {
+            setIsRefreshing(false);
+        }
+    };
+
+
+    const refreshData = async () => {
+        console.log("Data refreshed");
+        setIsRefreshing(true);
+        try {
+            await new Promise((resolve) => setTimeout(resolve, 200));
+            router.refresh();
+        } catch (error) {
+            toast({
+                title: t("error"),
+                description: t("refreshError"),
+                variant: "destructive"
+            });
+        } finally {
+            setIsRefreshing(false);
+        }
+    };
+
+    const columns: ColumnDef<any>[] = [
+        {
+            accessorKey: "timestamp",
+            header: ({ column }) => {
+                return (
+                    <Button
+                        variant="ghost"
+                        onClick={() =>
+                            column.toggleSorting(column.getIsSorted() === "asc")
+                        }
+                        className="hidden md:flex whitespace-nowrap"
+                    >
+                        {t("timestamp")}
+                    </Button>
+                );
+            },
+            cell: ({ row }) => {
+                return (
+                    <div className="whitespace-nowrap"> 
+                        {new Date(
+                            row.original.timestamp * 1000
+                        ).toLocaleString()}
+                    </div>
+                );
+            }
+        },
+        {
+            accessorKey: "action",
+            header: ({ column }) => {
+                return (
+                    <Button
+                        variant="ghost"
+                        onClick={() =>
+                            column.toggleSorting(column.getIsSorted() === "asc")
+                        }
+                    >
+                        {t("action")}
+                    </Button>
+                );
+            },
+            // make the value capitalized
+            cell: ({ row }) => {
+                return (
+                    <span className="hitespace-nowrap">
+                        {row.original.action.charAt(0).toUpperCase() + row.original.action.slice(1)}
+                    </span>
+                );
+            },
+        },
+        {
+            accessorKey: "actor",
+            header: ({ column }) => {
+                return (
+                    <Button
+                        variant="ghost"
+                        onClick={() =>
+                            column.toggleSorting(column.getIsSorted() === "asc")
+                        }
+                    >
+                        {t("actor")}
+                    </Button>
+                );
+            },
+                        cell: ({ row }) => {
+                return (
+                    <span className="flex items-center gap-1">
+                        {row.original.actorType == "user" ? <User className="h-4 w-4" /> : <Key className="h-4 w-4" />}
+                        {row.original.actor}
+                    </span>
+                );
+            }
+        }
+    ];
+
+    return (
+        <>
+            <LogDataTable
+                columns={columns}
+                data={rows}
+                persistPageSize="access-logs-table"
+                title={t("accessLogs")}
+                searchPlaceholder={t("searchLogs")}
+                searchColumn="action"
+                onRefresh={refreshData}
+                isRefreshing={isRefreshing}
+                onDateRangeChange={handleDateRangeChange}
+                dateRange={{
+                    start: dateRange.startDate,
+                    end: dateRange.endDate
+                }}
+                defaultSort={{
+                    id: "timestamp",
+                    desc: false
+                }}
+            />
+        </>
+    );
 }
diff --git a/src/app/navigation.tsx b/src/app/navigation.tsx
index 6b453811..80ef2e2e 100644
--- a/src/app/navigation.tsx
+++ b/src/app/navigation.tsx
@@ -141,7 +141,7 @@ export const orgNavSections = (
                 : []),
             {
                 title: "sidebarLogs",
-                href: "/{orgId}/settings/logs",
+                href: "/{orgId}/settings/logs/access",
                 icon: <Logs className="h-4 w-4" />
             },
             {
diff --git a/src/components/DateTimePicker.tsx b/src/components/DateTimePicker.tsx
new file mode 100644
index 00000000..da6cb009
--- /dev/null
+++ b/src/components/DateTimePicker.tsx
@@ -0,0 +1,209 @@
+"use client";
+
+import { ChevronDownIcon, CalendarIcon } from "lucide-react";
+
+import { Button } from "@app/components/ui/button";
+import { Input } from "@app/components/ui/input";
+import { Label } from "@app/components/ui/label";
+import {
+  Popover,
+  PopoverContent,
+  PopoverTrigger,
+} from "@app/components/ui/popover";
+import { cn } from "@app/lib/cn";
+import { ChangeEvent, useEffect, useState } from "react";
+
+export interface DateTimeValue {
+  date?: Date;
+  time?: string;
+}
+
+export interface DateTimePickerProps {
+  label?: string;
+  value?: DateTimeValue;
+  onChange?: (value: DateTimeValue) => void;
+  placeholder?: string;
+  className?: string;
+  disabled?: boolean;
+  showTime?: boolean;
+}
+
+export function DateTimePicker({
+  label,
+  value,
+  onChange,
+  placeholder = "Select date & time",
+  className,
+  disabled = false,
+  showTime = true,
+}: DateTimePickerProps) {
+  const [open, setOpen] = useState(false);
+  const [internalDate, setInternalDate] = useState<Date | undefined>(value?.date);
+  const [internalTime, setInternalTime] = useState<string>(value?.time || "");
+
+  // Sync internal state with external value prop
+  useEffect(() => {
+    setInternalDate(value?.date);
+    setInternalTime(value?.time || "");
+  }, [value?.date, value?.time]);
+
+  const handleDateChange = (date: Date | undefined) => {
+    setInternalDate(date);
+    const newValue = { date, time: internalTime };
+    setOpen(false);
+    onChange?.(newValue);
+  };
+
+  const handleTimeChange = (event: ChangeEvent<HTMLInputElement>) => {
+    const time = event.target.value;
+    setInternalTime(time);
+    const newValue = { date: internalDate, time };
+    onChange?.(newValue);
+  };
+
+  const getDisplayText = () => {
+    if (!internalDate) return placeholder;
+    
+    const dateStr = internalDate.toLocaleDateString();
+    if (!showTime || !internalTime) return dateStr;
+    
+    return `${dateStr} ${internalTime}`;
+  };
+
+  const hasValue = internalDate || (showTime && internalTime);
+
+  return (
+    <div className={cn("flex gap-4", className)}>
+      <div className="flex flex-col gap-3">
+        {label && (
+          <Label htmlFor="date-picker" className="px-1">
+            {label}
+          </Label>
+        )}
+        <div className="flex gap-2">
+          <Popover open={open} onOpenChange={setOpen}>
+            <PopoverTrigger asChild>
+              <Button
+                variant="outline"
+                id="date-picker"
+                disabled={disabled}
+                className={cn(
+                  "justify-between font-normal",
+                  showTime ? "w-48" : "w-32",
+                  !hasValue && "text-muted-foreground"
+                )}
+              >
+                {getDisplayText()}
+                <CalendarIcon className="h-4 w-4" />
+              </Button>
+            </PopoverTrigger>
+            <PopoverContent className="w-auto overflow-hidden p-0" align="start">
+              <div className="p-3">
+                <div className="space-y-3">
+                  <div>
+                    <Label htmlFor="date-input" className="text-sm font-medium">
+                      Date
+                    </Label>
+                    <Input
+                      id="date-input"
+                      type="date"
+                      value={internalDate ? 
+                        `${internalDate.getFullYear()}-${String(internalDate.getMonth() + 1).padStart(2, '0')}-${String(internalDate.getDate()).padStart(2, '0')}` 
+                        : ''}
+                      onChange={(e) => {
+                        let dateValue = undefined;
+                        if (e.target.value) {
+                          // Create date in local timezone to avoid offset issues
+                          const parts = e.target.value.split('-');
+                          dateValue = new Date(parseInt(parts[0]), parseInt(parts[1]) - 1, parseInt(parts[2]));
+                        }
+                        handleDateChange(dateValue);
+                      }}
+                      className="mt-1"
+                    />
+                  </div>
+                  {showTime && (
+                    <div>
+                      <Label htmlFor="time-input" className="text-sm font-medium">
+                        Time
+                      </Label>
+                      <Input
+                        id="time-input"
+                        type="time"
+                        step="1"
+                        value={internalTime}
+                        onChange={handleTimeChange}
+                        className="mt-1 bg-background appearance-none [&::-webkit-calendar-picker-indicator]:hidden [&::-webkit-calendar-picker-indicator]:appearance-none"
+                      />
+                    </div>
+                  )}
+                </div>
+              </div>
+            </PopoverContent>
+          </Popover>
+        </div>
+      </div>
+    </div>
+  );
+}
+
+export interface DateRangePickerProps {
+  startLabel?: string;
+  endLabel?: string;
+  startValue?: DateTimeValue;
+  endValue?: DateTimeValue;
+  onStartChange?: (value: DateTimeValue) => void;
+  onEndChange?: (value: DateTimeValue) => void;
+  onRangeChange?: (start: DateTimeValue, end: DateTimeValue) => void;
+  className?: string;
+  disabled?: boolean;
+  showTime?: boolean;
+}
+
+export function DateRangePicker({
+//   startLabel = "From",
+//   endLabel = "To", 
+  startValue,
+  endValue,
+  onStartChange,
+  onEndChange,
+  onRangeChange,
+  className,
+  disabled = false,
+  showTime = true,
+}: DateRangePickerProps) {
+  const handleStartChange = (value: DateTimeValue) => {
+    onStartChange?.(value);
+    if (onRangeChange && endValue) {
+      onRangeChange(value, endValue);
+    }
+  };
+
+  const handleEndChange = (value: DateTimeValue) => {
+    onEndChange?.(value);
+    if (onRangeChange && startValue) {
+      onRangeChange(startValue, value);
+    }
+  };
+
+  return (
+    <div className={cn("flex gap-4", className)}>
+      <DateTimePicker
+        // label={startLabel}
+        value={startValue}
+        onChange={handleStartChange}
+        placeholder="Start date & time"
+        disabled={disabled}
+        showTime={showTime}
+      />
+      <DateTimePicker
+        // label={endLabel}
+        value={endValue}
+        onChange={handleEndChange}
+        placeholder="End date & time"
+        disabled={disabled}
+        showTime={showTime}
+      />
+    </div>
+  );
+}
\ No newline at end of file
diff --git a/src/components/LogDataTable.tsx b/src/components/LogDataTable.tsx
new file mode 100644
index 00000000..9fc3789b
--- /dev/null
+++ b/src/components/LogDataTable.tsx
@@ -0,0 +1,367 @@
+"use client";
+
+import {
+    ColumnDef,
+    flexRender,
+    getCoreRowModel,
+    useReactTable,
+    getPaginationRowModel,
+    SortingState,
+    getSortedRowModel,
+    ColumnFiltersState,
+    getFilteredRowModel
+} from "@tanstack/react-table";
+import {
+    Table,
+    TableBody,
+    TableCell,
+    TableHead,
+    TableHeader,
+    TableRow
+} from "@/components/ui/table";
+import { Button } from "@app/components/ui/button";
+import { useEffect, useMemo, useState } from "react";
+import { Input } from "@app/components/ui/input";
+import { DataTablePagination } from "@app/components/DataTablePagination";
+import { Plus, Search, RefreshCw, Filter, X } from "lucide-react";
+import {
+    Card,
+    CardContent,
+    CardHeader,
+    CardTitle
+} from "@app/components/ui/card";
+import { Tabs, TabsList, TabsTrigger } from "@app/components/ui/tabs";
+import { useTranslations } from "next-intl";
+import { DateRangePicker, DateTimeValue } from "@app/components/DateTimePicker";
+
+const STORAGE_KEYS = {
+    PAGE_SIZE: "datatable-page-size",
+    getTablePageSize: (tableId?: string) =>
+        tableId ? `${tableId}-size` : STORAGE_KEYS.PAGE_SIZE
+};
+
+const getStoredPageSize = (tableId?: string, defaultSize = 20): number => {
+    if (typeof window === "undefined") return defaultSize;
+
+    try {
+        const key = STORAGE_KEYS.getTablePageSize(tableId);
+        const stored = localStorage.getItem(key);
+        if (stored) {
+            const parsed = parseInt(stored, 10);
+            // Validate that it's a reasonable page size
+            if (parsed > 0 && parsed <= 1000) {
+                return parsed;
+            }
+        }
+    } catch (error) {
+        console.warn("Failed to read page size from localStorage:", error);
+    }
+    return defaultSize;
+};
+
+const setStoredPageSize = (pageSize: number, tableId?: string): void => {
+    if (typeof window === "undefined") return;
+
+    try {
+        const key = STORAGE_KEYS.getTablePageSize(tableId);
+        localStorage.setItem(key, pageSize.toString());
+    } catch (error) {
+        console.warn("Failed to save page size to localStorage:", error);
+    }
+};
+
+type TabFilter = {
+    id: string;
+    label: string;
+    filterFn: (row: any) => boolean;
+};
+
+type DataTableProps<TData, TValue> = {
+    columns: ColumnDef<TData, TValue>[];
+    data: TData[];
+    title?: string;
+    addButtonText?: string;
+    onRefresh?: () => void;
+    isRefreshing?: boolean;
+    searchPlaceholder?: string;
+    searchColumn?: string;
+    defaultSort?: {
+        id: string;
+        desc: boolean;
+    };
+    tabs?: TabFilter[];
+    defaultTab?: string;
+    persistPageSize?: boolean | string;
+    defaultPageSize?: number;
+    onDateRangeChange?: (
+        startDate: DateTimeValue,
+        endDate: DateTimeValue
+    ) => void;
+    dateRange?: {
+        start: DateTimeValue;
+        end: DateTimeValue;
+    };
+};
+
+export function LogDataTable<TData, TValue>({
+    columns,
+    data,
+    title,
+    onRefresh,
+    isRefreshing,
+    searchPlaceholder = "Search...",
+    searchColumn = "name",
+    defaultSort,
+    tabs,
+    defaultTab,
+    persistPageSize = false,
+    defaultPageSize = 20,
+    onDateRangeChange,
+    dateRange
+}: DataTableProps<TData, TValue>) {
+    const t = useTranslations();
+
+    // Determine table identifier for storage
+    const tableId =
+        typeof persistPageSize === "string" ? persistPageSize : undefined;
+
+    // Initialize page size from storage or default
+    const [pageSize, setPageSize] = useState<number>(() => {
+        if (persistPageSize) {
+            return getStoredPageSize(tableId, defaultPageSize);
+        }
+        return defaultPageSize;
+    });
+
+    const [sorting, setSorting] = useState<SortingState>(
+        defaultSort ? [defaultSort] : []
+    );
+    const [columnFilters, setColumnFilters] = useState<ColumnFiltersState>([]);
+    const [globalFilter, setGlobalFilter] = useState<any>([]);
+    const [activeTab, setActiveTab] = useState<string>(
+        defaultTab || tabs?.[0]?.id || ""
+    );
+
+    const [showDatePicker, setShowDatePicker] = useState(false);
+    const [startDate, setStartDate] = useState<DateTimeValue>(
+        dateRange?.start || {}
+    );
+    const [endDate, setEndDate] = useState<DateTimeValue>(dateRange?.end || {});
+
+    // Sync internal date state with external dateRange prop
+    useEffect(() => {
+        if (dateRange?.start) {
+            setStartDate(dateRange.start);
+        }
+        if (dateRange?.end) {
+            setEndDate(dateRange.end);
+        }
+    }, [dateRange?.start, dateRange?.end]);
+
+    // Apply tab filter to data
+    const filteredData = useMemo(() => {
+        if (!tabs || activeTab === "") {
+            return data;
+        }
+
+        const activeTabFilter = tabs.find((tab) => tab.id === activeTab);
+        if (!activeTabFilter) {
+            return data;
+        }
+
+        return data.filter(activeTabFilter.filterFn);
+    }, [data, tabs, activeTab]);
+
+    const table = useReactTable({
+        data: filteredData,
+        columns,
+        getCoreRowModel: getCoreRowModel(),
+        getPaginationRowModel: getPaginationRowModel(),
+        onSortingChange: setSorting,
+        getSortedRowModel: getSortedRowModel(),
+        onColumnFiltersChange: setColumnFilters,
+        getFilteredRowModel: getFilteredRowModel(),
+        onGlobalFilterChange: setGlobalFilter,
+        initialState: {
+            pagination: {
+                pageSize: pageSize,
+                pageIndex: 0
+            }
+        },
+        state: {
+            sorting,
+            columnFilters,
+            globalFilter
+        }
+    });
+
+    useEffect(() => {
+        const currentPageSize = table.getState().pagination.pageSize;
+        if (currentPageSize !== pageSize) {
+            table.setPageSize(pageSize);
+
+            // Persist to localStorage if enabled
+            if (persistPageSize) {
+                setStoredPageSize(pageSize, tableId);
+            }
+        }
+    }, [pageSize, table, persistPageSize, tableId]);
+
+    const handleTabChange = (value: string) => {
+        setActiveTab(value);
+        // Reset to first page when changing tabs
+        table.setPageIndex(0);
+    };
+
+    // Enhanced pagination component that updates our local state
+    const handlePageSizeChange = (newPageSize: number) => {
+        setPageSize(newPageSize);
+        table.setPageSize(newPageSize);
+
+        // Persist immediately when changed
+        if (persistPageSize) {
+            setStoredPageSize(newPageSize, tableId);
+        }
+    };
+
+    const handleDateRangeChange = (
+        start: DateTimeValue,
+        end: DateTimeValue
+    ) => {
+        setStartDate(start);
+        setEndDate(end);
+        onDateRangeChange?.(start, end);
+    };
+
+    const clearDateFilter = () => {
+        const emptyStart = {};
+        const emptyEnd = {};
+        setStartDate(emptyStart);
+        setEndDate(emptyEnd);
+        onDateRangeChange?.(emptyStart, emptyEnd);
+        setShowDatePicker(false);
+    };
+
+    const hasDateFilter = startDate?.date || endDate?.date;
+
+    return (
+        <div className="container mx-auto max-w-12xl">
+            <Card>
+                <CardHeader className="flex flex-col space-y-4 sm:flex-row sm:items-center sm:justify-between sm:space-y-0 pb-4">
+                    <div className="flex flex-row space-y-3 w-full sm:mr-2 gap-2">
+                        <div className="relative w-full sm:max-w-sm">
+                            <Input
+                                placeholder={searchPlaceholder}
+                                value={globalFilter ?? ""}
+                                onChange={(e) =>
+                                    table.setGlobalFilter(
+                                        String(e.target.value)
+                                    )
+                                }
+                                className="w-full pl-8"
+                            />
+                            <Search className="h-4 w-4 absolute left-2 top-1/2 transform -translate-y-1/2 text-muted-foreground" />
+                        </div>
+                        {tabs && tabs.length > 0 && (
+                            <Tabs
+                                value={activeTab}
+                                onValueChange={handleTabChange}
+                                className="w-full"
+                            >
+                                <TabsList>
+                                    {tabs.map((tab) => (
+                                        <TabsTrigger
+                                            key={tab.id}
+                                            value={tab.id}
+                                        >
+                                            {tab.label} (
+                                            {data.filter(tab.filterFn).length})
+                                        </TabsTrigger>
+                                    ))}
+                                </TabsList>
+                            </Tabs>
+                        )}
+
+                        <DateRangePicker
+                            startValue={startDate}
+                            endValue={endDate}
+                            onRangeChange={handleDateRangeChange}
+                            className="flex-wrap gap-2"
+                        />
+                    </div>
+                    <div className="flex items-center gap-2 sm:justify-end">
+                        {onRefresh && (
+                            <Button
+                                variant="outline"
+                                onClick={onRefresh}
+                                disabled={isRefreshing}
+                            >
+                                <RefreshCw
+                                    className={`mr-2 h-4 w-4 ${isRefreshing ? "animate-spin" : ""}`}
+                                />
+                                {t("refresh")}
+                            </Button>
+                        )}
+                    </div>
+                </CardHeader>
+                <CardContent>
+                    <Table>
+                        <TableHeader>
+                            {table.getHeaderGroups().map((headerGroup) => (
+                                <TableRow key={headerGroup.id}>
+                                    {headerGroup.headers.map((header) => (
+                                        <TableHead key={header.id}>
+                                            {header.isPlaceholder
+                                                ? null
+                                                : flexRender(
+                                                      header.column.columnDef
+                                                          .header,
+                                                      header.getContext()
+                                                  )}
+                                        </TableHead>
+                                    ))}
+                                </TableRow>
+                            ))}
+                        </TableHeader>
+                        <TableBody>
+                            {table.getRowModel().rows?.length ? (
+                                table.getRowModel().rows.map((row) => (
+                                    <TableRow
+                                        key={row.id}
+                                        data-state={
+                                            row.getIsSelected() && "selected"
+                                        }
+                                    >
+                                        {row.getVisibleCells().map((cell) => (
+                                            <TableCell key={cell.id}>
+                                                {flexRender(
+                                                    cell.column.columnDef.cell,
+                                                    cell.getContext()
+                                                )}
+                                            </TableCell>
+                                        ))}
+                                    </TableRow>
+                                ))
+                            ) : (
+                                <TableRow>
+                                    <TableCell
+                                        colSpan={columns.length}
+                                        className="h-24 text-center"
+                                    >
+                                        No results found.
+                                    </TableCell>
+                                </TableRow>
+                            )}
+                        </TableBody>
+                    </Table>
+                    <div className="mt-4">
+                        <DataTablePagination
+                            table={table}
+                            onPageSizeChange={handlePageSizeChange}
+                        />
+                    </div>
+                </CardContent>
+            </Card>
+        </div>
+    );
+}

From bdc3b2425b52305e724959aa38b80dd3f346f892 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Tue, 21 Oct 2025 17:35:13 -0700
Subject: [PATCH 35/69] Basic table working

---
 messages/en-US.json                           |   3 +-
 .../routers/auditLogs/exportActionAuditLog.ts | 102 ++++++++++++++++++
 server/private/routers/auditLogs/index.ts     |   3 +-
 .../routers/auditLogs/queryActionAuditLog.ts  |  29 ++---
 server/private/routers/external.ts            |   6 ++
 .../settings/logs/{access => action}/page.tsx |  37 +++++++
 src/app/navigation.tsx                        |   2 +-
 src/components/DateTimePicker.tsx             |   1 -
 src/components/LogDataTable.tsx               |  56 ++++------
 9 files changed, 186 insertions(+), 53 deletions(-)
 create mode 100644 server/private/routers/auditLogs/exportActionAuditLog.ts
 rename src/app/[orgId]/settings/logs/{access => action}/page.tsx (84%)

diff --git a/messages/en-US.json b/messages/en-US.json
index 4a44ab33..e6790e0d 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1900,5 +1900,6 @@
     "action": "Action",
     "actor": "Actor",
     "timestamp": "Timestamp",
-    "accessLogs": "Access Logs"
+    "accessLogs": "Access Logs",
+    "exportCsv": "Export CSV"
 }
diff --git a/server/private/routers/auditLogs/exportActionAuditLog.ts b/server/private/routers/auditLogs/exportActionAuditLog.ts
new file mode 100644
index 00000000..de6cf298
--- /dev/null
+++ b/server/private/routers/auditLogs/exportActionAuditLog.ts
@@ -0,0 +1,102 @@
+/*
+ * This file is part of a proprietary work.
+ *
+ * Copyright (c) 2025 Fossorial, Inc.
+ * All rights reserved.
+ *
+ * This file is licensed under the Fossorial Commercial License.
+ * You may not use this file except in compliance with the License.
+ * Unauthorized use, copying, modification, or distribution is strictly prohibited.
+ *
+ * This file is not licensed under the AGPLv3.
+ */
+
+import { actionAuditLog, db } from "@server/db";
+import { registry } from "@server/openApi";
+import { NextFunction } from "express";
+import { Request, Response } from "express";
+import { eq, gt, lt, and, count } from "drizzle-orm";
+import { OpenAPITags } from "@server/openApi";
+import { z } from "zod";
+import createHttpError from "http-errors";
+import HttpCode from "@server/types/HttpCode";
+import { fromError } from "zod-validation-error";
+import { QueryActionAuditLogResponse } from "@server/routers/auditLogs/types";
+import response from "@server/lib/response";
+import logger from "@server/logger";
+import { queryAccessAuditLogsParams, queryAccessAuditLogsQuery, querySites } from "./queryActionAuditLog";
+
+function generateCSV(data: any[]): string {
+    if (data.length === 0) {
+        return "orgId,action,actorType,timestamp,actor\n";
+    }
+    
+    const headers = Object.keys(data[0]).join(",");
+    const rows = data.map(row => 
+        Object.values(row).map(value => 
+            typeof value === 'string' && value.includes(',') 
+                ? `"${value.replace(/"/g, '""')}"` 
+                : value
+        ).join(",")
+    );
+    
+    return [headers, ...rows].join("\n");
+}
+
+registry.registerPath({
+    method: "get",
+    path: "/org/{orgId}/logs/actionk/export",
+    description: "Export the action audit log for an organization as CSV",
+    tags: [OpenAPITags.Org],
+    request: {
+        query: queryAccessAuditLogsQuery,
+        params: queryAccessAuditLogsParams
+    },
+    responses: {}
+});
+
+export async function exportAccessAuditLogs(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedQuery = queryAccessAuditLogsQuery.safeParse(req.query);
+        if (!parsedQuery.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedQuery.error)
+                )
+            );
+        }
+        const { timeStart, timeEnd, limit, offset } = parsedQuery.data;
+
+        const parsedParams = queryAccessAuditLogsParams.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error)
+                )
+            );
+        }
+        const { orgId } = parsedParams.data;
+
+        const baseQuery = querySites(timeStart, timeEnd, orgId);
+
+        const log = await baseQuery.limit(limit).offset(offset);
+
+        const csvData = generateCSV(log);
+        
+        res.setHeader('Content-Type', 'text/csv');
+        res.setHeader('Content-Disposition', `attachment; filename="audit-logs-${orgId}-${Date.now()}.csv"`);
+        
+        return res.send(csvData);
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
\ No newline at end of file
diff --git a/server/private/routers/auditLogs/index.ts b/server/private/routers/auditLogs/index.ts
index 1a1b1408..9b4a6e7f 100644
--- a/server/private/routers/auditLogs/index.ts
+++ b/server/private/routers/auditLogs/index.ts
@@ -11,4 +11,5 @@
  * This file is not licensed under the AGPLv3.
  */
 
-export * from "./queryActionAuditLog";
\ No newline at end of file
+export * from "./queryActionAuditLog";
+export * from "./exportActionAuditLog";
\ No newline at end of file
diff --git a/server/private/routers/auditLogs/queryActionAuditLog.ts b/server/private/routers/auditLogs/queryActionAuditLog.ts
index 27b8b658..6139ce4e 100644
--- a/server/private/routers/auditLogs/queryActionAuditLog.ts
+++ b/server/private/routers/auditLogs/queryActionAuditLog.ts
@@ -59,7 +59,7 @@ export const queryAccessAuditLogsParams = z.object({
     orgId: z.string()
 });
 
-function querySites(timeStart: number, timeEnd: number, orgId: string) {
+export function querySites(timeStart: number, timeEnd: number, orgId: string) {
     return db
         .select({
             orgId: actionAuditLog.orgId,
@@ -79,6 +79,20 @@ function querySites(timeStart: number, timeEnd: number, orgId: string) {
         .orderBy(actionAuditLog.timestamp);
 }
 
+export function countQuery(timeStart: number, timeEnd: number, orgId: string) {
+            const countQuery = db
+            .select({ count: count() })
+            .from(actionAuditLog)
+            .where(
+                and(
+                    gt(actionAuditLog.timestamp, timeStart),
+                    lt(actionAuditLog.timestamp, timeEnd),
+                    eq(actionAuditLog.orgId, orgId)
+                )
+            );
+    return countQuery;
+}
+
 registry.registerPath({
     method: "get",
     path: "/org/{orgId}/logs/action",
@@ -123,18 +137,7 @@ export async function queryAccessAuditLogs(
 
         const log = await baseQuery.limit(limit).offset(offset);
 
-        const countQuery = db
-            .select({ count: count() })
-            .from(actionAuditLog)
-            .where(
-                and(
-                    gt(actionAuditLog.timestamp, timeStart),
-                    lt(actionAuditLog.timestamp, timeEnd),
-                    eq(actionAuditLog.orgId, orgId)
-                )
-            );
-
-        const totalCountResult = await countQuery;
+        const totalCountResult = await countQuery(timeStart, timeEnd, orgId);
         const totalCount = totalCountResult[0].count;
 
         return response<QueryActionAuditLogResponse>(res, {
diff --git a/server/private/routers/external.ts b/server/private/routers/external.ts
index 7e81336b..566c1c55 100644
--- a/server/private/routers/external.ts
+++ b/server/private/routers/external.ts
@@ -349,4 +349,10 @@ authenticated.post(
 authenticated.get(
     "/org/:orgId/logs/action",
     logs.queryAccessAuditLogs 
+)
+
+
+authenticated.get(
+    "/org/:orgId/logs/action/export",
+    logs.exportAccessAuditLogs
 )
\ No newline at end of file
diff --git a/src/app/[orgId]/settings/logs/access/page.tsx b/src/app/[orgId]/settings/logs/action/page.tsx
similarity index 84%
rename from src/app/[orgId]/settings/logs/access/page.tsx
rename to src/app/[orgId]/settings/logs/action/page.tsx
index 58479166..2fe8acd7 100644
--- a/src/app/[orgId]/settings/logs/access/page.tsx
+++ b/src/app/[orgId]/settings/logs/action/page.tsx
@@ -21,6 +21,7 @@ export default function GeneralPage() {
 
     const [rows, setRows] = useState<any[]>([]);
     const [isRefreshing, setIsRefreshing] = useState(false);
+    const [isExporting, setIsExporting] = useState(false);
 
     // Set default date range to last 24 hours
     const getDefaultDateRange = () => {
@@ -127,6 +128,40 @@ export default function GeneralPage() {
         }
     };
 
+    const exportData = async () => {
+        try {
+            setIsExporting(true);
+            const response = await api.get(`/org/${orgId}/logs/action/export`, {
+                responseType: "blob",
+                params: {
+                    timeStart: dateRange.startDate?.date
+                        ? new Date(dateRange.startDate.date).toISOString()
+                        : undefined,
+                    timeEnd: dateRange.endDate?.date
+                        ? new Date(dateRange.endDate.date).toISOString()
+                        : undefined,
+                },
+            });
+
+            // Create a URL for the blob and trigger a download
+            const url = window.URL.createObjectURL(new Blob([response.data]));
+            const link = document.createElement("a");
+            link.href = url;
+            const epoch = Math.floor(Date.now() / 1000);
+            link.setAttribute("download", `access_audit_logs_${orgId}_${epoch}.csv`);
+            document.body.appendChild(link);
+            link.click();
+            link.parentNode?.removeChild(link);
+            setIsExporting(false);
+        } catch (error) {
+            toast({
+                title: t("error"),
+                description: t("exportError"),
+                variant: "destructive"
+            });
+        }
+    };
+
     const columns: ColumnDef<any>[] = [
         {
             accessorKey: "timestamp",
@@ -212,6 +247,8 @@ export default function GeneralPage() {
                 searchColumn="action"
                 onRefresh={refreshData}
                 isRefreshing={isRefreshing}
+                onExport={exportData}
+                isExporting={isExporting}
                 onDateRangeChange={handleDateRangeChange}
                 dateRange={{
                     start: dateRange.startDate,
diff --git a/src/app/navigation.tsx b/src/app/navigation.tsx
index 80ef2e2e..4b8cfe58 100644
--- a/src/app/navigation.tsx
+++ b/src/app/navigation.tsx
@@ -141,7 +141,7 @@ export const orgNavSections = (
                 : []),
             {
                 title: "sidebarLogs",
-                href: "/{orgId}/settings/logs/access",
+                href: "/{orgId}/settings/logs/action",
                 icon: <Logs className="h-4 w-4" />
             },
             {
diff --git a/src/components/DateTimePicker.tsx b/src/components/DateTimePicker.tsx
index da6cb009..f4efce70 100644
--- a/src/components/DateTimePicker.tsx
+++ b/src/components/DateTimePicker.tsx
@@ -50,7 +50,6 @@ export function DateTimePicker({
   const handleDateChange = (date: Date | undefined) => {
     setInternalDate(date);
     const newValue = { date, time: internalTime };
-    setOpen(false);
     onChange?.(newValue);
   };
 
diff --git a/src/components/LogDataTable.tsx b/src/components/LogDataTable.tsx
index 9fc3789b..5b9e0514 100644
--- a/src/components/LogDataTable.tsx
+++ b/src/components/LogDataTable.tsx
@@ -23,7 +23,7 @@ import { Button } from "@app/components/ui/button";
 import { useEffect, useMemo, useState } from "react";
 import { Input } from "@app/components/ui/input";
 import { DataTablePagination } from "@app/components/DataTablePagination";
-import { Plus, Search, RefreshCw, Filter, X } from "lucide-react";
+import { Plus, Search, RefreshCw, Filter, X, Download } from "lucide-react";
 import {
     Card,
     CardContent,
@@ -82,6 +82,8 @@ type DataTableProps<TData, TValue> = {
     title?: string;
     addButtonText?: string;
     onRefresh?: () => void;
+    onExport?: () => void;
+    isExporting?: boolean;
     isRefreshing?: boolean;
     searchPlaceholder?: string;
     searchColumn?: string;
@@ -109,6 +111,8 @@ export function LogDataTable<TData, TValue>({
     title,
     onRefresh,
     isRefreshing,
+    onExport,
+    isExporting,
     searchPlaceholder = "Search...",
     searchColumn = "name",
     defaultSort,
@@ -142,7 +146,6 @@ export function LogDataTable<TData, TValue>({
         defaultTab || tabs?.[0]?.id || ""
     );
 
-    const [showDatePicker, setShowDatePicker] = useState(false);
     const [startDate, setStartDate] = useState<DateTimeValue>(
         dateRange?.start || {}
     );
@@ -233,22 +236,11 @@ export function LogDataTable<TData, TValue>({
         onDateRangeChange?.(start, end);
     };
 
-    const clearDateFilter = () => {
-        const emptyStart = {};
-        const emptyEnd = {};
-        setStartDate(emptyStart);
-        setEndDate(emptyEnd);
-        onDateRangeChange?.(emptyStart, emptyEnd);
-        setShowDatePicker(false);
-    };
-
-    const hasDateFilter = startDate?.date || endDate?.date;
-
     return (
         <div className="container mx-auto max-w-12xl">
             <Card>
                 <CardHeader className="flex flex-col space-y-4 sm:flex-row sm:items-center sm:justify-between sm:space-y-0 pb-4">
-                    <div className="flex flex-row space-y-3 w-full sm:mr-2 gap-2">
+                    <div className="flex flex-row items-start w-full sm:mr-2 gap-2">
                         <div className="relative w-full sm:max-w-sm">
                             <Input
                                 placeholder={searchPlaceholder}
@@ -258,30 +250,10 @@ export function LogDataTable<TData, TValue>({
                                         String(e.target.value)
                                     )
                                 }
-                                className="w-full pl-8"
+                                className="w-full pl-8 m-0"
                             />
                             <Search className="h-4 w-4 absolute left-2 top-1/2 transform -translate-y-1/2 text-muted-foreground" />
                         </div>
-                        {tabs && tabs.length > 0 && (
-                            <Tabs
-                                value={activeTab}
-                                onValueChange={handleTabChange}
-                                className="w-full"
-                            >
-                                <TabsList>
-                                    {tabs.map((tab) => (
-                                        <TabsTrigger
-                                            key={tab.id}
-                                            value={tab.id}
-                                        >
-                                            {tab.label} (
-                                            {data.filter(tab.filterFn).length})
-                                        </TabsTrigger>
-                                    ))}
-                                </TabsList>
-                            </Tabs>
-                        )}
-
                         <DateRangePicker
                             startValue={startDate}
                             endValue={endDate}
@@ -289,7 +261,7 @@ export function LogDataTable<TData, TValue>({
                             className="flex-wrap gap-2"
                         />
                     </div>
-                    <div className="flex items-center gap-2 sm:justify-end">
+                    <div className="flex items-start gap-2 sm:justify-end">
                         {onRefresh && (
                             <Button
                                 variant="outline"
@@ -302,6 +274,18 @@ export function LogDataTable<TData, TValue>({
                                 {t("refresh")}
                             </Button>
                         )}
+                        {onExport && (
+                            <Button
+                                variant="outline"
+                                onClick={onExport}
+                                disabled={isExporting}
+                            >
+                                <Download
+                                    className={`mr-2 h-4 w-4 ${isExporting ? "animate-spin" : ""}`}
+                                />
+                                {t("exportCsv")}
+                            </Button>
+                        )}
                     </div>
                 </CardHeader>
                 <CardContent>

From 1142d6ac48ce8268e933ee4cb3589073cab79b00 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Tue, 21 Oct 2025 20:15:43 -0700
Subject: [PATCH 36/69] Date picker working

---
 messages/en-US.json                           |   3 +-
 package-lock.json                             |  77 ++++++-
 package.json                                  |   2 +
 .../routers/auditLogs/queryActionAuditLog.ts  |   1 +
 src/app/[orgId]/settings/logs/action/page.tsx | 150 +++++++-----
 src/app/[orgId]/settings/logs/layout.tsx      |   4 +-
 src/components/DataTablePagination.tsx        |  82 ++++++-
 src/components/DateTimePicker.tsx             |  73 +++---
 src/components/LogDataTable.tsx               |  59 ++++-
 src/components/ui/calendar.tsx                | 213 ++++++++++++++++++
 10 files changed, 555 insertions(+), 109 deletions(-)
 create mode 100644 src/components/ui/calendar.tsx

diff --git a/messages/en-US.json b/messages/en-US.json
index e6790e0d..521c4a39 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1901,5 +1901,6 @@
     "actor": "Actor",
     "timestamp": "Timestamp",
     "accessLogs": "Access Logs",
-    "exportCsv": "Export CSV"
+    "exportCsv": "Export CSV",
+    "actorId": "Actor ID"
 }
diff --git a/package-lock.json b/package-lock.json
index f03f5a87..3457a122 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -52,6 +52,7 @@
                 "cookies": "^0.9.1",
                 "cors": "2.8.5",
                 "crypto-js": "^4.2.0",
+                "date-fns": "4.1.0",
                 "drizzle-orm": "0.44.6",
                 "eslint": "9.37.0",
                 "eslint-config-next": "15.5.6",
@@ -81,6 +82,7 @@
                 "posthog-node": "^5.9.5",
                 "qrcode.react": "4.2.0",
                 "react": "19.2.0",
+                "react-day-picker": "9.11.1",
                 "react-dom": "19.2.0",
                 "react-easy-sort": "^1.8.0",
                 "react-hook-form": "7.65.0",
@@ -1628,6 +1630,7 @@
             "integrity": "sha512-vMqyb7XCDMPvJFFOaT9kxtiRh42GwlZEg1/uIgtZshS5a/8OaduUfCi7kynKgc3Tw/6Uo2D+db9qBttghhmxwQ==",
             "dev": true,
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "@ampproject/remapping": "^2.2.0",
                 "@babel/code-frame": "^7.26.2",
@@ -1979,6 +1982,12 @@
                 "kuler": "^2.0.0"
             }
         },
+        "node_modules/@date-fns/tz": {
+            "version": "1.4.1",
+            "resolved": "https://registry.npmjs.org/@date-fns/tz/-/tz-1.4.1.tgz",
+            "integrity": "sha512-P5LUNhtbj6YfI3iJjw5EL9eUAG6OitD0W3fWQcpQjDRc/QIsL0tRNuO1PcDvPccWL1fSTXXdE1ds+l95DV/OFA==",
+            "license": "MIT"
+        },
         "node_modules/@dotenvx/dotenvx": {
             "version": "1.51.0",
             "resolved": "https://registry.npmjs.org/@dotenvx/dotenvx/-/dotenvx-1.51.0.tgz",
@@ -4015,6 +4024,7 @@
             "integrity": "sha512-2I0gnIVPtfnMw9ee9h1dJG7tp81+8Ob3OJb3Mv37rx5L40/b0i7djjCVvGOVqc9AEIQyvyu1i6ypKdFw8R8gQw==",
             "dev": true,
             "license": "MIT",
+            "peer": true,
             "engines": {
                 "node": "^14.21.3 || >=16"
             },
@@ -6844,6 +6854,7 @@
             "integrity": "sha512-JuRQ9KXLEjaUNjTWpzuR231Z2WpIwczOkBEIvbHNCzQefFIT0L8IqE6NV6ULLyC1SI/i234JnDoMkfg+RjQj2g==",
             "dev": true,
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "csstype": "^3.0.2"
             }
@@ -7049,6 +7060,7 @@
             "integrity": "sha512-V8AVnmPIICiWpGfm6GLzCR/W5FXLchHop40W4nXBmdlEceh16rCN8O8LNWm5bh5XUX91fh7KpA+W0TgMKmgTpQ==",
             "dev": true,
             "license": "MIT",
+            "peer": true,
             "engines": {
                 "node": ">=0.10.0"
             }
@@ -7059,6 +7071,7 @@
             "integrity": "sha512-4GV5sHFG0e/0AD4X+ySy6UJd3jVl1iNsNHdpad0qhABJ11twS3TTBnseqsKurKcsNqCEFeGL3uLpVChpIO3QfQ==",
             "dev": true,
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "scheduler": "^0.25.0"
             },
@@ -8490,6 +8503,7 @@
             "integrity": "sha512-fnQmj8lELIj7BSrZQAdBMHEHX8OZLYIHXqAKT1O7tDfLxaINzf00PMjw22r3N/xXh0w/sGHlO6SVaCQ2mj78lg==",
             "devOptional": true,
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "@types/node": "*"
             }
@@ -8576,6 +8590,7 @@
             "integrity": "sha512-wGA0NX93b19/dZC1J18tKWVIYWyyF2ZjT9vin/NRu0qzzvfVzWjs04iq2rQ3H65vCTQYlRqs3YHfY7zjdV+9Kw==",
             "dev": true,
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "@types/body-parser": "*",
                 "@types/express-serve-static-core": "^5.0.0",
@@ -8669,6 +8684,7 @@
             "integrity": "sha512-alv65KGRadQVfVcG69MuB4IzdYVpRwMG/mq8KWOaoOdyY617P5ivaDiMCGOFDWD2sAn5Q0mR3mRtUOgm99hL9Q==",
             "devOptional": true,
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "undici-types": "~7.14.0"
             }
@@ -8697,6 +8713,7 @@
             "integrity": "sha512-LF7lF6zWEKxuT3/OR8wAZGzkg4ENGXFNyiV/JeOt9z5B+0ZVwbql9McqX5c/WStFq1GaGso7H1AzP/qSzmlCKQ==",
             "devOptional": true,
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "@types/node": "*",
                 "pg-protocol": "*",
@@ -8730,6 +8747,7 @@
             "integrity": "sha512-6mDvHUFSjyT2B2yeNx2nUgMxh9LtOWvkhIU3uePn2I2oyNymUAX1NIsdgviM4CH+JSrp2D2hsMvJOkxY+0wNRA==",
             "devOptional": true,
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "csstype": "^3.0.2"
             }
@@ -8740,6 +8758,7 @@
             "integrity": "sha512-9KQPoO6mZCi7jcIStSnlOWn2nEF3mNmyr3rIAsGnAbQKYbRLyqmeSc39EVgtxXVia+LMT8j3knZLAZAh+xLmrw==",
             "devOptional": true,
             "license": "MIT",
+            "peer": true,
             "peerDependencies": {
                 "@types/react": "^19.2.0"
             }
@@ -8883,6 +8902,7 @@
             "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.46.1.tgz",
             "integrity": "sha512-6JSSaBZmsKvEkbRUkf7Zj7dru/8ZCrJxAqArcLaVMee5907JdtEbKGsZ7zNiIm/UAkpGUkaSMZEXShnN2D1HZA==",
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "@typescript-eslint/scope-manager": "8.46.1",
                 "@typescript-eslint/types": "8.46.1",
@@ -9556,6 +9576,7 @@
             "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.15.0.tgz",
             "integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==",
             "license": "MIT",
+            "peer": true,
             "bin": {
                 "acorn": "bin/acorn"
             },
@@ -10086,6 +10107,7 @@
             "integrity": "sha512-mXpa5jnIKKHeoGzBrUJrc65cXFKcILGZpU3FXR0pradUEm9MA7UZz02qfEejaMcm9iXrSOCenwwYMJ/tZ1y5Ig==",
             "hasInstallScript": true,
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "bindings": "^1.5.0",
                 "prebuild-install": "^7.1.1"
@@ -10199,6 +10221,7 @@
                 }
             ],
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "baseline-browser-mapping": "^2.8.9",
                 "caniuse-lite": "^1.0.30001746",
@@ -10936,6 +10959,22 @@
                 "url": "https://github.com/sponsors/ljharb"
             }
         },
+        "node_modules/date-fns": {
+            "version": "4.1.0",
+            "resolved": "https://registry.npmjs.org/date-fns/-/date-fns-4.1.0.tgz",
+            "integrity": "sha512-Ukq0owbQXxa/U3EGtsdVBkR1w7KOQ5gIBqdH2hkvknzZPYvBxb/aa6E8L7tmjFtkwZBu3UXBbjIgPo/Ez4xaNg==",
+            "license": "MIT",
+            "funding": {
+                "type": "github",
+                "url": "https://github.com/sponsors/kossnocorp"
+            }
+        },
+        "node_modules/date-fns-jalali": {
+            "version": "4.1.0-0",
+            "resolved": "https://registry.npmjs.org/date-fns-jalali/-/date-fns-jalali-4.1.0-0.tgz",
+            "integrity": "sha512-hTIP/z+t+qKwBDcmmsnmjWTduxCg+5KfdqWQvb2X/8C9+knYY6epN/pfxdDuyVlSVeFz0sM5eEfwIUQ70U4ckg==",
+            "license": "MIT"
+        },
         "node_modules/debounce": {
             "version": "2.2.0",
             "resolved": "https://registry.npmjs.org/debounce/-/debounce-2.2.0.tgz",
@@ -11839,6 +11878,7 @@
             "dev": true,
             "hasInstallScript": true,
             "license": "MIT",
+            "peer": true,
             "bin": {
                 "esbuild": "bin/esbuild"
             },
@@ -11935,6 +11975,7 @@
             "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.37.0.tgz",
             "integrity": "sha512-XyLmROnACWqSxiGYArdef1fItQd47weqB7iwtfr9JHwRrqIXZdcFMvvEcL9xHCmL0SNsOvF0c42lWyM1U5dgig==",
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "@eslint-community/eslint-utils": "^4.8.0",
                 "@eslint-community/regexpp": "^4.12.1",
@@ -12102,6 +12143,7 @@
             "resolved": "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.32.0.tgz",
             "integrity": "sha512-whOE1HFo/qJDyX4SnXzP4N6zOWn79WhnCUY/iDR0mPfQZO8wcYE4JClzI2oZrhBnnMUCBCHZhO6VQyoBU95mZA==",
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "@rtsao/scc": "^1.1.0",
                 "array-includes": "^3.1.9",
@@ -12391,6 +12433,7 @@
             "resolved": "https://registry.npmjs.org/express/-/express-5.1.0.tgz",
             "integrity": "sha512-DT9ck5YIRU+8GYzzU5kT3eHGA5iL+1Zd0EutOmTE9Dtk+Tvuzd23VBU+ec7HPNSTxXYO55gPV/hq4pSBJDjFpA==",
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "accepts": "^2.0.0",
                 "body-parser": "^2.2.0",
@@ -17514,6 +17557,7 @@
             "version": "4.0.3",
             "inBundle": true,
             "license": "MIT",
+            "peer": true,
             "engines": {
                 "node": ">=12"
             },
@@ -18492,6 +18536,7 @@
             "resolved": "https://registry.npmjs.org/pg/-/pg-8.16.3.tgz",
             "integrity": "sha512-enxc1h0jA/aq5oSDMvqyW3q89ra6XIIDZgCX9vkMrnz5DFTw/Ny3Li2lFQ+pt3L6MCgm/5o2o8HW9hiJji+xvw==",
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "pg-connection-string": "^2.9.1",
                 "pg-pool": "^3.10.1",
@@ -18668,6 +18713,7 @@
                 }
             ],
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "nanoid": "^3.3.11",
                 "picocolors": "^1.1.1",
@@ -19119,15 +19165,38 @@
             "resolved": "https://registry.npmjs.org/react/-/react-19.2.0.tgz",
             "integrity": "sha512-tmbWg6W31tQLeB5cdIBOicJDJRR2KzXsV7uSK9iNfLWQ5bIZfxuPEHp7M8wiHyHnn0DD1i7w3Zmin0FtkrwoCQ==",
             "license": "MIT",
+            "peer": true,
             "engines": {
                 "node": ">=0.10.0"
             }
         },
+        "node_modules/react-day-picker": {
+            "version": "9.11.1",
+            "resolved": "https://registry.npmjs.org/react-day-picker/-/react-day-picker-9.11.1.tgz",
+            "integrity": "sha512-l3ub6o8NlchqIjPKrRFUCkTUEq6KwemQlfv3XZzzwpUeGwmDJ+0u0Upmt38hJyd7D/vn2dQoOoLV/qAp0o3uUw==",
+            "license": "MIT",
+            "dependencies": {
+                "@date-fns/tz": "^1.4.1",
+                "date-fns": "^4.1.0",
+                "date-fns-jalali": "^4.1.0-0"
+            },
+            "engines": {
+                "node": ">=18"
+            },
+            "funding": {
+                "type": "individual",
+                "url": "https://github.com/sponsors/gpbl"
+            },
+            "peerDependencies": {
+                "react": ">=16.8.0"
+            }
+        },
         "node_modules/react-dom": {
             "version": "19.2.0",
             "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-19.2.0.tgz",
             "integrity": "sha512-UlbRu4cAiGaIewkPyiRGJk0imDN2T3JjieT6spoL2UeSf5od4n5LB/mQ4ejmxhCFT1tYe8IvaFulzynWovsEFQ==",
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "scheduler": "^0.27.0"
             },
@@ -19419,6 +19488,7 @@
             "resolved": "https://registry.npmjs.org/react-hook-form/-/react-hook-form-7.65.0.tgz",
             "integrity": "sha512-xtOzDz063WcXvGWaHgLNrNzlsdFgtUWcb32E6WFaGTd7kPZG3EeDusjdZfUsPwKCKVXy1ZlntifaHZ4l8pAsmw==",
             "license": "MIT",
+            "peer": true,
             "engines": {
                 "node": ">=18.0.0"
             },
@@ -19903,6 +19973,7 @@
             "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==",
             "dev": true,
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "fast-deep-equal": "^3.1.3",
                 "fast-uri": "^3.0.1",
@@ -21068,7 +21139,8 @@
             "version": "4.1.14",
             "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-4.1.14.tgz",
             "integrity": "sha512-b7pCxjGO98LnxVkKjaZSDeNuljC4ueKUddjENJOADtubtdo8llTaJy7HwBMeLNSSo2N5QIAgklslK1+Ir8r6CA==",
-            "license": "MIT"
+            "license": "MIT",
+            "peer": true
         },
         "node_modules/tapable": {
             "version": "2.3.0",
@@ -21625,6 +21697,7 @@
             "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.3.tgz",
             "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==",
             "license": "Apache-2.0",
+            "peer": true,
             "bin": {
                 "tsc": "bin/tsc",
                 "tsserver": "bin/tsserver"
@@ -22130,6 +22203,7 @@
             "resolved": "https://registry.npmjs.org/winston/-/winston-3.18.3.tgz",
             "integrity": "sha512-NoBZauFNNWENgsnC9YpgyYwOVrl2m58PpQ8lNHjV3kosGs7KJ7Npk9pCUE+WJlawVSe8mykWDKWFSVfs3QO9ww==",
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "@colors/colors": "^1.6.0",
                 "@dabh/diagnostics": "^2.0.8",
@@ -22437,6 +22511,7 @@
             "resolved": "https://registry.npmjs.org/zod/-/zod-3.25.76.tgz",
             "integrity": "sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ==",
             "license": "MIT",
+            "peer": true,
             "funding": {
                 "url": "https://github.com/sponsors/colinhacks"
             }
diff --git a/package.json b/package.json
index 44985a2f..ce222a85 100644
--- a/package.json
+++ b/package.json
@@ -75,6 +75,7 @@
         "cookies": "^0.9.1",
         "cors": "2.8.5",
         "crypto-js": "^4.2.0",
+        "date-fns": "4.1.0",
         "drizzle-orm": "0.44.6",
         "eslint": "9.37.0",
         "eslint-config-next": "15.5.6",
@@ -104,6 +105,7 @@
         "posthog-node": "^5.9.5",
         "qrcode.react": "4.2.0",
         "react": "19.2.0",
+        "react-day-picker": "9.11.1",
         "react-dom": "19.2.0",
         "react-easy-sort": "^1.8.0",
         "react-hook-form": "7.65.0",
diff --git a/server/private/routers/auditLogs/queryActionAuditLog.ts b/server/private/routers/auditLogs/queryActionAuditLog.ts
index 6139ce4e..379266ae 100644
--- a/server/private/routers/auditLogs/queryActionAuditLog.ts
+++ b/server/private/routers/auditLogs/queryActionAuditLog.ts
@@ -65,6 +65,7 @@ export function querySites(timeStart: number, timeEnd: number, orgId: string) {
             orgId: actionAuditLog.orgId,
             action: actionAuditLog.action,
             actorType: actionAuditLog.actorType,
+            actorId: actionAuditLog.actorId,
             timestamp: actionAuditLog.timestamp,
             actor: actionAuditLog.actor
         })
diff --git a/src/app/[orgId]/settings/logs/action/page.tsx b/src/app/[orgId]/settings/logs/action/page.tsx
index 2fe8acd7..a681ec64 100644
--- a/src/app/[orgId]/settings/logs/action/page.tsx
+++ b/src/app/[orgId]/settings/logs/action/page.tsx
@@ -23,22 +23,31 @@ export default function GeneralPage() {
     const [isRefreshing, setIsRefreshing] = useState(false);
     const [isExporting, setIsExporting] = useState(false);
 
+    // Pagination state
+    const [totalCount, setTotalCount] = useState<number>(0);
+    const [currentPage, setCurrentPage] = useState<number>(0);
+    const [pageSize, setPageSize] = useState<number>(20);
+    const [isLoading, setIsLoading] = useState(false);
+
     // Set default date range to last 24 hours
     const getDefaultDateRange = () => {
         const now = new Date();
         const yesterday = new Date(now.getTime() - 24 * 60 * 60 * 1000);
-        
+
         return {
             startDate: {
-                date: yesterday,
+                date: yesterday
             },
             endDate: {
-                date: now,
+                date: now
             }
         };
     };
 
-    const [dateRange, setDateRange] = useState<{ startDate: DateTimeValue; endDate: DateTimeValue }>(getDefaultDateRange());
+    const [dateRange, setDateRange] = useState<{
+        startDate: DateTimeValue;
+        endDate: DateTimeValue;
+    }>(getDefaultDateRange());
 
     // Trigger search with default values on component mount
     useEffect(() => {
@@ -51,21 +60,42 @@ export default function GeneralPage() {
         endDate: DateTimeValue
     ) => {
         setDateRange({ startDate, endDate });
-        queryDateTime(startDate, endDate);
+        setCurrentPage(0); // Reset to first page when filtering
+        queryDateTime(startDate, endDate, 0, pageSize);
+    };
+
+    // Handle page changes
+    const handlePageChange = (newPage: number) => {
+        setCurrentPage(newPage);
+        queryDateTime(
+            dateRange.startDate,
+            dateRange.endDate,
+            newPage,
+            pageSize
+        );
+    };
+
+    // Handle page size changes
+    const handlePageSizeChange = (newPageSize: number) => {
+        setPageSize(newPageSize);
+        setCurrentPage(0); // Reset to first page when changing page size
+        queryDateTime(dateRange.startDate, dateRange.endDate, 0, newPageSize);
     };
 
     const queryDateTime = async (
         startDate: DateTimeValue,
-        endDate: DateTimeValue
+        endDate: DateTimeValue,
+        page: number = currentPage,
+        size: number = pageSize
     ) => {
-        console.log("Date range changed:", { startDate, endDate });
-        setIsRefreshing(true);
+        console.log("Date range changed:", { startDate, endDate, page, size });
+        setIsLoading(true);
 
         try {
             // Convert the date/time values to API parameters
             let params: any = {
-                limit: 20,
-                offset: 0
+                limit: size,
+                offset: page * size
             };
 
             if (startDate?.date) {
@@ -89,14 +119,20 @@ export default function GeneralPage() {
                 } else {
                     // If no time is specified, set to NOW
                     const now = new Date();
-                    endDateTime.setHours(now.getHours(), now.getMinutes(), now.getSeconds(), now.getMilliseconds());    
+                    endDateTime.setHours(
+                        now.getHours(),
+                        now.getMinutes(),
+                        now.getSeconds(),
+                        now.getMilliseconds()
+                    );
                 }
                 params.timeEnd = endDateTime.toISOString();
             }
 
             const res = await api.get(`/org/${orgId}/logs/action`, { params });
             if (res.status === 200) {
-                setRows(res.data.data.log);
+                setRows(res.data.data.log || []);
+                setTotalCount(res.data.data.pagination?.total || 0);
                 console.log("Fetched logs:", res.data);
             }
         } catch (error) {
@@ -106,17 +142,21 @@ export default function GeneralPage() {
                 variant: "destructive"
             });
         } finally {
-            setIsRefreshing(false);
+            setIsLoading(false);
         }
     };
 
-
     const refreshData = async () => {
         console.log("Data refreshed");
         setIsRefreshing(true);
         try {
-            await new Promise((resolve) => setTimeout(resolve, 200));
-            router.refresh();
+            // Refresh data with current date range and pagination
+            await queryDateTime(
+                dateRange.startDate,
+                dateRange.endDate,
+                currentPage,
+                pageSize
+            );
         } catch (error) {
             toast({
                 title: t("error"),
@@ -139,8 +179,8 @@ export default function GeneralPage() {
                         : undefined,
                     timeEnd: dateRange.endDate?.date
                         ? new Date(dateRange.endDate.date).toISOString()
-                        : undefined,
-                },
+                        : undefined
+                }
             });
 
             // Create a URL for the blob and trigger a download
@@ -148,7 +188,10 @@ export default function GeneralPage() {
             const link = document.createElement("a");
             link.href = url;
             const epoch = Math.floor(Date.now() / 1000);
-            link.setAttribute("download", `access_audit_logs_${orgId}_${epoch}.csv`);
+            link.setAttribute(
+                "download",
+                `access_audit_logs_${orgId}_${epoch}.csv`
+            );
             document.body.appendChild(link);
             link.click();
             link.parentNode?.removeChild(link);
@@ -166,21 +209,11 @@ export default function GeneralPage() {
         {
             accessorKey: "timestamp",
             header: ({ column }) => {
-                return (
-                    <Button
-                        variant="ghost"
-                        onClick={() =>
-                            column.toggleSorting(column.getIsSorted() === "asc")
-                        }
-                        className="hidden md:flex whitespace-nowrap"
-                    >
-                        {t("timestamp")}
-                    </Button>
-                );
+                return t("timestamp");
             },
             cell: ({ row }) => {
                 return (
-                    <div className="whitespace-nowrap"> 
+                    <div className="whitespace-nowrap">
                         {new Date(
                             row.original.timestamp * 1000
                         ).toLocaleString()}
@@ -191,48 +224,48 @@ export default function GeneralPage() {
         {
             accessorKey: "action",
             header: ({ column }) => {
-                return (
-                    <Button
-                        variant="ghost"
-                        onClick={() =>
-                            column.toggleSorting(column.getIsSorted() === "asc")
-                        }
-                    >
-                        {t("action")}
-                    </Button>
-                );
+                return t("action");
             },
             // make the value capitalized
             cell: ({ row }) => {
                 return (
                     <span className="hitespace-nowrap">
-                        {row.original.action.charAt(0).toUpperCase() + row.original.action.slice(1)}
+                        {row.original.action.charAt(0).toUpperCase() +
+                            row.original.action.slice(1)}
                     </span>
                 );
-            },
+            }
         },
         {
             accessorKey: "actor",
             header: ({ column }) => {
-                return (
-                    <Button
-                        variant="ghost"
-                        onClick={() =>
-                            column.toggleSorting(column.getIsSorted() === "asc")
-                        }
-                    >
-                        {t("actor")}
-                    </Button>
-                );
+                return t("actor");
             },
-                        cell: ({ row }) => {
+            cell: ({ row }) => {
                 return (
                     <span className="flex items-center gap-1">
-                        {row.original.actorType == "user" ? <User className="h-4 w-4" /> : <Key className="h-4 w-4" />}
+                        {row.original.actorType == "user" ? (
+                            <User className="h-4 w-4" />
+                        ) : (
+                            <Key className="h-4 w-4" />
+                        )}
                         {row.original.actor}
                     </span>
                 );
             }
+        },
+        {
+            accessorKey: "actorId",
+            header: ({ column }) => {
+                return t("actorId");
+            },
+            cell: ({ row }) => {
+                return (
+                    <span className="flex items-center gap-1">
+                        {row.original.actorId}
+                    </span>
+                );
+            }
         }
     ];
 
@@ -258,6 +291,13 @@ export default function GeneralPage() {
                     id: "timestamp",
                     desc: false
                 }}
+                // Server-side pagination props
+                totalCount={totalCount}
+                currentPage={currentPage}
+                onPageChange={handlePageChange}
+                onPageSizeChange={handlePageSizeChange}
+                isLoading={isLoading}
+                defaultPageSize={pageSize}
             />
         </>
     );
diff --git a/src/app/[orgId]/settings/logs/layout.tsx b/src/app/[orgId]/settings/logs/layout.tsx
index 01e0d248..a5cee4a2 100644
--- a/src/app/[orgId]/settings/logs/layout.tsx
+++ b/src/app/[orgId]/settings/logs/layout.tsx
@@ -34,8 +34,8 @@ export default async function GeneralSettingsPage({
 
     const navItems = [
         {
-            title: t("access"),
-            href: `/{orgId}/settings/logs/access`
+            title: t("action"),
+            href: `/{orgId}/settings/logs/action`
         },
                 {
             title: t("request"),
diff --git a/src/components/DataTablePagination.tsx b/src/components/DataTablePagination.tsx
index af0a0fe6..a07354f7 100644
--- a/src/components/DataTablePagination.tsx
+++ b/src/components/DataTablePagination.tsx
@@ -19,11 +19,19 @@ import { useTranslations } from "next-intl";
 interface DataTablePaginationProps<TData> {
     table: Table<TData>;
     onPageSizeChange?: (pageSize: number) => void;
+    onPageChange?: (pageIndex: number) => void;
+    totalCount?: number;
+    isServerPagination?: boolean;
+    isLoading?: boolean;
 }
 
 export function DataTablePagination<TData>({
     table,
-    onPageSizeChange
+    onPageSizeChange,
+    onPageChange,
+    totalCount,
+    isServerPagination = false,
+    isLoading = false
 }: DataTablePaginationProps<TData>) {
     const t = useTranslations();
 
@@ -37,6 +45,51 @@ export function DataTablePagination<TData>({
         }
     };
 
+    const handlePageNavigation = (action: 'first' | 'previous' | 'next' | 'last') => {
+        if (isServerPagination && onPageChange) {
+            const currentPage = table.getState().pagination.pageIndex;
+            const pageCount = table.getPageCount();
+            
+            let newPage: number;
+            switch (action) {
+                case 'first':
+                    newPage = 0;
+                    break;
+                case 'previous':
+                    newPage = Math.max(0, currentPage - 1);
+                    break;
+                case 'next':
+                    newPage = Math.min(pageCount - 1, currentPage + 1);
+                    break;
+                case 'last':
+                    newPage = pageCount - 1;
+                    break;
+                default:
+                    return;
+            }
+            
+            if (newPage !== currentPage) {
+                onPageChange(newPage);
+            }
+        } else {
+            // Use table's built-in navigation for client-side pagination
+            switch (action) {
+                case 'first':
+                    table.setPageIndex(0);
+                    break;
+                case 'previous':
+                    table.previousPage();
+                    break;
+                case 'next':
+                    table.nextPage();
+                    break;
+                case 'last':
+                    table.setPageIndex(table.getPageCount() - 1);
+                    break;
+            }
+        }
+    };
+
     return (
         <div className="flex items-center justify-between text-muted-foreground">
             <div className="flex items-center space-x-2">
@@ -61,14 +114,21 @@ export function DataTablePagination<TData>({
 
             <div className="flex items-center space-x-3 lg:space-x-8">
                 <div className="flex items-center justify-center text-sm font-medium">
-                    {t('paginator', {current: table.getState().pagination.pageIndex + 1, last: table.getPageCount()})}
+                    {isServerPagination && totalCount !== undefined ? (
+                        t('paginator', {
+                            current: table.getState().pagination.pageIndex + 1, 
+                            last: Math.ceil(totalCount / table.getState().pagination.pageSize)
+                        })
+                    ) : (
+                        t('paginator', {current: table.getState().pagination.pageIndex + 1, last: table.getPageCount()})
+                    )}
                 </div>
                 <div className="flex items-center space-x-2">
                     <Button
                         variant="outline"
                         className="hidden h-8 w-8 p-0 lg:flex"
-                        onClick={() => table.setPageIndex(0)}
-                        disabled={!table.getCanPreviousPage()}
+                        onClick={() => handlePageNavigation('first')}
+                        disabled={!table.getCanPreviousPage() || isLoading}
                     >
                         <span className="sr-only">{t('paginatorToFirst')}</span>
                         <DoubleArrowLeftIcon className="h-4 w-4" />
@@ -76,8 +136,8 @@ export function DataTablePagination<TData>({
                     <Button
                         variant="outline"
                         className="h-8 w-8 p-0"
-                        onClick={() => table.previousPage()}
-                        disabled={!table.getCanPreviousPage()}
+                        onClick={() => handlePageNavigation('previous')}
+                        disabled={!table.getCanPreviousPage() || isLoading}
                     >
                         <span className="sr-only">{t('paginatorToPrevious')}</span>
                         <ChevronLeftIcon className="h-4 w-4" />
@@ -85,8 +145,8 @@ export function DataTablePagination<TData>({
                     <Button
                         variant="outline"
                         className="h-8 w-8 p-0"
-                        onClick={() => table.nextPage()}
-                        disabled={!table.getCanNextPage()}
+                        onClick={() => handlePageNavigation('next')}
+                        disabled={!table.getCanNextPage() || isLoading}
                     >
                         <span className="sr-only">{t('paginatorToNext')}</span>
                         <ChevronRightIcon className="h-4 w-4" />
@@ -94,10 +154,8 @@ export function DataTablePagination<TData>({
                     <Button
                         variant="outline"
                         className="hidden h-8 w-8 p-0 lg:flex"
-                        onClick={() =>
-                            table.setPageIndex(table.getPageCount() - 1)
-                        }
-                        disabled={!table.getCanNextPage()}
+                        onClick={() => handlePageNavigation('last')}
+                        disabled={!table.getCanNextPage() || isLoading}
                     >
                         <span className="sr-only">{t('paginatorToLast')}</span>
                         <DoubleArrowRightIcon className="h-4 w-4" />
diff --git a/src/components/DateTimePicker.tsx b/src/components/DateTimePicker.tsx
index f4efce70..d079ff26 100644
--- a/src/components/DateTimePicker.tsx
+++ b/src/components/DateTimePicker.tsx
@@ -3,6 +3,7 @@
 import { ChevronDownIcon, CalendarIcon } from "lucide-react";
 
 import { Button } from "@app/components/ui/button";
+import { Calendar } from "@app/components/ui/calendar";
 import { Input } from "@app/components/ui/input";
 import { Label } from "@app/components/ui/label";
 import {
@@ -60,14 +61,20 @@ export function DateTimePicker({
     onChange?.(newValue);
   };
 
-  const getDisplayText = () => {
+const getDisplayText = () => {
     if (!internalDate) return placeholder;
     
     const dateStr = internalDate.toLocaleDateString();
     if (!showTime || !internalTime) return dateStr;
     
-    return `${dateStr} ${internalTime}`;
-  };
+    // Parse time and format in local timezone
+    const [hours, minutes, seconds] = internalTime.split(':');
+    const timeDate = new Date();
+    timeDate.setHours(parseInt(hours, 10), parseInt(minutes, 10), parseInt(seconds || '0', 10));
+    const timeStr = timeDate.toLocaleTimeString([], { hour: '2-digit', minute: '2-digit' });
+    
+    return `${dateStr} ${timeStr}`;
+};
 
   const hasValue = internalDate || (showTime && internalTime);
 
@@ -93,36 +100,26 @@ export function DateTimePicker({
                 )}
               >
                 {getDisplayText()}
-                <CalendarIcon className="h-4 w-4" />
+                <ChevronDownIcon className="h-4 w-4" />
               </Button>
             </PopoverTrigger>
             <PopoverContent className="w-auto overflow-hidden p-0" align="start">
-              <div className="p-3">
-                <div className="space-y-3">
-                  <div>
-                    <Label htmlFor="date-input" className="text-sm font-medium">
-                      Date
-                    </Label>
-                    <Input
-                      id="date-input"
-                      type="date"
-                      value={internalDate ? 
-                        `${internalDate.getFullYear()}-${String(internalDate.getMonth() + 1).padStart(2, '0')}-${String(internalDate.getDate()).padStart(2, '0')}` 
-                        : ''}
-                      onChange={(e) => {
-                        let dateValue = undefined;
-                        if (e.target.value) {
-                          // Create date in local timezone to avoid offset issues
-                          const parts = e.target.value.split('-');
-                          dateValue = new Date(parseInt(parts[0]), parseInt(parts[1]) - 1, parseInt(parts[2]));
-                        }
-                        handleDateChange(dateValue);
-                      }}
-                      className="mt-1"
-                    />
-                  </div>
-                  {showTime && (
-                    <div>
+              {showTime ? (
+                <div className="flex">
+                  <Calendar
+                    mode="single"
+                    selected={internalDate}
+                    captionLayout="dropdown"
+                    onSelect={(date) => {
+                      handleDateChange(date);
+                      if (!showTime) {
+                        setOpen(false);
+                      }
+                    }}
+                    className="flex-grow w-[250px]"
+                  />
+                  <div className="p-3 border-l">
+                    <div className="flex flex-col gap-3">
                       <Label htmlFor="time-input" className="text-sm font-medium">
                         Time
                       </Label>
@@ -132,12 +129,22 @@ export function DateTimePicker({
                         step="1"
                         value={internalTime}
                         onChange={handleTimeChange}
-                        className="mt-1 bg-background appearance-none [&::-webkit-calendar-picker-indicator]:hidden [&::-webkit-calendar-picker-indicator]:appearance-none"
+                        className="bg-background appearance-none [&::-webkit-calendar-picker-indicator]:hidden [&::-webkit-calendar-picker-indicator]:appearance-none"
                       />
                     </div>
-                  )}
+                  </div>
                 </div>
-              </div>
+              ) : (
+                <Calendar
+                  mode="single"
+                  selected={internalDate}
+                  captionLayout="dropdown"
+                  onSelect={(date) => {
+                    handleDateChange(date);
+                    setOpen(false);
+                  }}
+                />
+              )}
             </PopoverContent>
           </Popover>
         </div>
diff --git a/src/components/LogDataTable.tsx b/src/components/LogDataTable.tsx
index 5b9e0514..3de4dc19 100644
--- a/src/components/LogDataTable.tsx
+++ b/src/components/LogDataTable.tsx
@@ -103,6 +103,12 @@ type DataTableProps<TData, TValue> = {
         start: DateTimeValue;
         end: DateTimeValue;
     };
+    // Server-side pagination props
+    totalCount?: number;
+    currentPage?: number;
+    onPageChange?: (page: number) => void;
+    onPageSizeChange?: (pageSize: number) => void;
+    isLoading?: boolean;
 };
 
 export function LogDataTable<TData, TValue>({
@@ -121,7 +127,12 @@ export function LogDataTable<TData, TValue>({
     persistPageSize = false,
     defaultPageSize = 20,
     onDateRangeChange,
-    dateRange
+    dateRange,
+    totalCount,
+    currentPage = 0,
+    onPageChange,
+    onPageSizeChange: onPageSizeChangeProp,
+    isLoading = false
 }: DataTableProps<TData, TValue>) {
     const t = useTranslations();
 
@@ -175,26 +186,39 @@ export function LogDataTable<TData, TValue>({
         return data.filter(activeTabFilter.filterFn);
     }, [data, tabs, activeTab]);
 
+    // Determine if using server-side pagination
+    const isServerPagination = totalCount !== undefined;
+
     const table = useReactTable({
         data: filteredData,
         columns,
         getCoreRowModel: getCoreRowModel(),
-        getPaginationRowModel: getPaginationRowModel(),
+        // Only use client-side pagination if totalCount is not provided
+        ...(isServerPagination ? {} : { getPaginationRowModel: getPaginationRowModel() }),
         onSortingChange: setSorting,
         getSortedRowModel: getSortedRowModel(),
         onColumnFiltersChange: setColumnFilters,
         getFilteredRowModel: getFilteredRowModel(),
         onGlobalFilterChange: setGlobalFilter,
+        // Configure pagination state
+        ...(isServerPagination ? {
+            manualPagination: true,
+            pageCount: totalCount ? Math.ceil(totalCount / pageSize) : 0,
+        } : {}),
         initialState: {
             pagination: {
                 pageSize: pageSize,
-                pageIndex: 0
+                pageIndex: currentPage
             }
         },
         state: {
             sorting,
             columnFilters,
-            globalFilter
+            globalFilter,
+            pagination: {
+                pageSize: pageSize,
+                pageIndex: currentPage
+            }
         }
     });
 
@@ -210,6 +234,16 @@ export function LogDataTable<TData, TValue>({
         }
     }, [pageSize, table, persistPageSize, tableId]);
 
+    // Update table page index when currentPage prop changes (server pagination)
+    useEffect(() => {
+        if (isServerPagination) {
+            const currentPageIndex = table.getState().pagination.pageIndex;
+            if (currentPageIndex !== currentPage) {
+                table.setPageIndex(currentPage);
+            }
+        }
+    }, [currentPage, table, isServerPagination]);
+
     const handleTabChange = (value: string) => {
         setActiveTab(value);
         // Reset to first page when changing tabs
@@ -225,6 +259,18 @@ export function LogDataTable<TData, TValue>({
         if (persistPageSize) {
             setStoredPageSize(newPageSize, tableId);
         }
+
+        // For server pagination, notify parent component
+        if (isServerPagination && onPageSizeChangeProp) {
+            onPageSizeChangeProp(newPageSize);
+        }
+    };
+
+    // Handle page changes for server pagination
+    const handlePageChange = (newPageIndex: number) => {
+        if (isServerPagination && onPageChange) {
+            onPageChange(newPageIndex);
+        }
     };
 
     const handleDateRangeChange = (
@@ -276,7 +322,6 @@ export function LogDataTable<TData, TValue>({
                         )}
                         {onExport && (
                             <Button
-                                variant="outline"
                                 onClick={onExport}
                                 disabled={isExporting}
                             >
@@ -342,6 +387,10 @@ export function LogDataTable<TData, TValue>({
                         <DataTablePagination
                             table={table}
                             onPageSizeChange={handlePageSizeChange}
+                            onPageChange={isServerPagination ? handlePageChange : undefined}
+                            totalCount={totalCount}
+                            isServerPagination={isServerPagination}
+                            isLoading={isLoading}
                         />
                     </div>
                 </CardContent>
diff --git a/src/components/ui/calendar.tsx b/src/components/ui/calendar.tsx
new file mode 100644
index 00000000..a48a0f7c
--- /dev/null
+++ b/src/components/ui/calendar.tsx
@@ -0,0 +1,213 @@
+"use client"
+
+import * as React from "react"
+import {
+  ChevronDownIcon,
+  ChevronLeftIcon,
+  ChevronRightIcon,
+} from "lucide-react"
+import { DayButton, DayPicker, getDefaultClassNames } from "react-day-picker"
+
+import { Button, buttonVariants } from "@/components/ui/button"
+import { cn } from "@app/lib/cn"
+
+function Calendar({
+  className,
+  classNames,
+  showOutsideDays = true,
+  captionLayout = "label",
+  buttonVariant = "ghost",
+  formatters,
+  components,
+  ...props
+}: React.ComponentProps<typeof DayPicker> & {
+  buttonVariant?: React.ComponentProps<typeof Button>["variant"]
+}) {
+  const defaultClassNames = getDefaultClassNames()
+
+  return (
+    <DayPicker
+      showOutsideDays={showOutsideDays}
+      className={cn(
+        "bg-background group/calendar p-3 [--cell-size:2rem] [[data-slot=card-content]_&]:bg-transparent [[data-slot=popover-content]_&]:bg-transparent",
+        String.raw`rtl:**:[.rdp-button\_next>svg]:rotate-180`,
+        String.raw`rtl:**:[.rdp-button\_previous>svg]:rotate-180`,
+        className
+      )}
+      captionLayout={captionLayout}
+      formatters={{
+        formatMonthDropdown: (date) =>
+          date.toLocaleString("default", { month: "short" }),
+        ...formatters,
+      }}
+      classNames={{
+        root: cn("w-fit", defaultClassNames.root),
+        months: cn(
+          "relative flex flex-col gap-4 md:flex-row",
+          defaultClassNames.months
+        ),
+        month: cn("flex w-full flex-col gap-4", defaultClassNames.month),
+        nav: cn(
+          "absolute inset-x-0 top-0 flex w-full items-center justify-between gap-1",
+          defaultClassNames.nav
+        ),
+        button_previous: cn(
+          buttonVariants({ variant: buttonVariant }),
+          "h-[--cell-size] w-[--cell-size] select-none p-0 aria-disabled:opacity-50",
+          defaultClassNames.button_previous
+        ),
+        button_next: cn(
+          buttonVariants({ variant: buttonVariant }),
+          "h-[--cell-size] w-[--cell-size] select-none p-0 aria-disabled:opacity-50",
+          defaultClassNames.button_next
+        ),
+        month_caption: cn(
+          "flex h-[--cell-size] w-full items-center justify-center px-[--cell-size]",
+          defaultClassNames.month_caption
+        ),
+        dropdowns: cn(
+          "flex h-[--cell-size] w-full items-center justify-center gap-1.5 text-sm font-medium",
+          defaultClassNames.dropdowns
+        ),
+        dropdown_root: cn(
+          "has-focus:border-ring border-input shadow-xs has-focus:ring-ring/50 has-focus:ring-[3px] relative rounded-md border",
+          defaultClassNames.dropdown_root
+        ),
+        dropdown: cn(
+          "bg-popover absolute inset-0 opacity-0",
+          defaultClassNames.dropdown
+        ),
+        caption_label: cn(
+          "select-none font-medium",
+          captionLayout === "label"
+            ? "text-sm"
+            : "[&>svg]:text-muted-foreground flex h-8 items-center gap-1 rounded-md pl-2 pr-1 text-sm [&>svg]:size-3.5",
+          defaultClassNames.caption_label
+        ),
+        table: "w-full border-collapse",
+        weekdays: cn("flex", defaultClassNames.weekdays),
+        weekday: cn(
+          "text-muted-foreground flex-1 select-none rounded-md text-[0.8rem] font-normal",
+          defaultClassNames.weekday
+        ),
+        week: cn("mt-2 flex w-full", defaultClassNames.week),
+        week_number_header: cn(
+          "w-[--cell-size] select-none",
+          defaultClassNames.week_number_header
+        ),
+        week_number: cn(
+          "text-muted-foreground select-none text-[0.8rem]",
+          defaultClassNames.week_number
+        ),
+        day: cn(
+          "group/day relative aspect-square h-full w-full select-none p-0 text-center [&:first-child[data-selected=true]_button]:rounded-l-md [&:last-child[data-selected=true]_button]:rounded-r-md",
+          defaultClassNames.day
+        ),
+        range_start: cn(
+          "bg-accent rounded-l-md",
+          defaultClassNames.range_start
+        ),
+        range_middle: cn("rounded-none", defaultClassNames.range_middle),
+        range_end: cn("bg-accent rounded-r-md", defaultClassNames.range_end),
+        today: cn(
+          "bg-accent text-accent-foreground rounded-md data-[selected=true]:rounded-none",
+          defaultClassNames.today
+        ),
+        outside: cn(
+          "text-muted-foreground aria-selected:text-muted-foreground",
+          defaultClassNames.outside
+        ),
+        disabled: cn(
+          "text-muted-foreground opacity-50",
+          defaultClassNames.disabled
+        ),
+        hidden: cn("invisible", defaultClassNames.hidden),
+        ...classNames,
+      }}
+      components={{
+        Root: ({ className, rootRef, ...props }) => {
+          return (
+            <div
+              data-slot="calendar"
+              ref={rootRef}
+              className={cn(className)}
+              {...props}
+            />
+          )
+        },
+        Chevron: ({ className, orientation, ...props }) => {
+          if (orientation === "left") {
+            return (
+              <ChevronLeftIcon className={cn("size-4", className)} {...props} />
+            )
+          }
+
+          if (orientation === "right") {
+            return (
+              <ChevronRightIcon
+                className={cn("size-4", className)}
+                {...props}
+              />
+            )
+          }
+
+          return (
+            <ChevronDownIcon className={cn("size-4", className)} {...props} />
+          )
+        },
+        DayButton: CalendarDayButton,
+        WeekNumber: ({ children, ...props }) => {
+          return (
+            <td {...props}>
+              <div className="flex size-[--cell-size] items-center justify-center text-center">
+                {children}
+              </div>
+            </td>
+          )
+        },
+        ...components,
+      }}
+      {...props}
+    />
+  )
+}
+
+function CalendarDayButton({
+  className,
+  day,
+  modifiers,
+  ...props
+}: React.ComponentProps<typeof DayButton>) {
+  const defaultClassNames = getDefaultClassNames()
+
+  const ref = React.useRef<HTMLButtonElement>(null)
+  React.useEffect(() => {
+    if (modifiers.focused) ref.current?.focus()
+  }, [modifiers.focused])
+
+  return (
+    <Button
+      ref={ref}
+      variant="ghost"
+      size="icon"
+      data-day={day.date.toLocaleDateString()}
+      data-selected-single={
+        modifiers.selected &&
+        !modifiers.range_start &&
+        !modifiers.range_end &&
+        !modifiers.range_middle
+      }
+      data-range-start={modifiers.range_start}
+      data-range-end={modifiers.range_end}
+      data-range-middle={modifiers.range_middle}
+      className={cn(
+        "data-[selected-single=true]:bg-primary data-[selected-single=true]:text-primary-foreground data-[range-middle=true]:bg-accent data-[range-middle=true]:text-accent-foreground data-[range-start=true]:bg-primary data-[range-start=true]:text-primary-foreground data-[range-end=true]:bg-primary data-[range-end=true]:text-primary-foreground group-data-[focused=true]/day:border-ring group-data-[focused=true]/day:ring-ring/50 flex aspect-square h-auto w-full min-w-[--cell-size] flex-col gap-1 font-normal leading-none data-[range-end=true]:rounded-md data-[range-middle=true]:rounded-none data-[range-start=true]:rounded-md group-data-[focused=true]/day:relative group-data-[focused=true]/day:z-10 group-data-[focused=true]/day:ring-[3px] [&>span]:text-xs [&>span]:opacity-70",
+        defaultClassNames.day,
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+export { Calendar, CalendarDayButton }

From d392fb371eb3e05e4cda0d80ee70aaf476f1c2af Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Tue, 21 Oct 2025 21:22:56 -0700
Subject: [PATCH 37/69] Add logging for all auth

---
 server/db/pg/schema/schema.ts            |  59 +++++---
 server/db/sqlite/schema/schema.ts        |  72 +++++----
 server/routers/badger/logRequestAudit.ts | 114 ++++++++++++++
 server/routers/badger/verifySession.ts   | 180 ++++++++++++++++++++++-
 4 files changed, 377 insertions(+), 48 deletions(-)
 create mode 100644 server/routers/badger/logRequestAudit.ts

diff --git a/server/db/pg/schema/schema.ts b/server/db/pg/schema/schema.ts
index 5d76850d..b71cc7a8 100644
--- a/server/db/pg/schema/schema.ts
+++ b/server/db/pg/schema/schema.ts
@@ -672,27 +672,42 @@ export const setupTokens = pgTable("setupTokens", {
     dateUsed: varchar("dateUsed")
 });
 
-export const requestAuditLog = pgTable("requestAuditLog", {
-    id: serial("id").primaryKey(),
-    timestamp: integer("timestamp").notNull(), // this is EPOCH time in seconds
-    orgId: varchar("orgId")
-        .notNull()
-        .references(() => orgs.orgId, { onDelete: "cascade" }),
-    actorType: varchar("actorType").notNull(),
-    actor: varchar("actor").notNull(),
-    actorId: varchar("actorId").notNull(),
-    resourceId: integer("resourceId"),
-    ip: varchar("ip").notNull(),
-    type: varchar("type").notNull(),
-    action: varchar("action").notNull(),
-    event: varchar("event").notNull(),
-    location: varchar("location"),
-    userAgent: varchar("userAgent"),
-    metadata: text("details")
-}, (table) => ([
-    index("idx_requestAuditLog_timestamp").on(table.timestamp),
-    index("idx_requestAuditLog_org_timestamp").on(table.orgId, table.timestamp)
-]));
+export const requestAuditLog = pgTable(
+    "requestAuditLog",
+    {
+        id: serial("id").primaryKey(),
+        timestamp: integer("timestamp").notNull(), // this is EPOCH time in seconds
+        orgId: text("orgId")
+            .notNull()
+            .references(() => orgs.orgId, { onDelete: "cascade" }),
+        action: boolean("action").notNull(),
+        reason: integer("reason").notNull(),
+        actorType: text("actorType"),
+        actor: text("actor"),
+        actorId: text("actorId"),
+        resourceId: integer("resourceId"),
+        ip: text("ip"),
+        type: text("type"),
+        location: text("location"),
+        userAgent: text("userAgent"),
+        metadata: text("details"),
+        headers: text("headers"), // JSON blob
+        query: text("query"), // JSON blob
+        originalRequestURL: text("originalRequestURL"),
+        scheme: text("scheme"),
+        host: text("host"),
+        path: text("path"),
+        method: text("method"),
+        tls: boolean("tls")
+    },
+    (table) => [
+        index("idx_requestAuditLog_timestamp").on(table.timestamp),
+        index("idx_requestAuditLog_org_timestamp").on(
+            table.orgId,
+            table.timestamp
+        )
+    ]
+);
 
 export type Org = InferSelectModel<typeof orgs>;
 export type User = InferSelectModel<typeof users>;
@@ -748,4 +763,4 @@ export type IdpOidcConfig = InferSelectModel<typeof idpOidcConfig>;
 export type LicenseKey = InferSelectModel<typeof licenseKey>;
 export type SecurityKey = InferSelectModel<typeof securityKeys>;
 export type WebauthnChallenge = InferSelectModel<typeof webauthnChallenge>;
-export type RequestAuditLog = InferSelectModel<typeof requestAuditLog>;
\ No newline at end of file
+export type RequestAuditLog = InferSelectModel<typeof requestAuditLog>;
diff --git a/server/db/sqlite/schema/schema.ts b/server/db/sqlite/schema/schema.ts
index 1649fe97..c7102a83 100644
--- a/server/db/sqlite/schema/schema.ts
+++ b/server/db/sqlite/schema/schema.ts
@@ -1,6 +1,7 @@
 import { randomUUID } from "crypto";
 import { InferSelectModel } from "drizzle-orm";
 import { sqliteTable, text, integer, index } from "drizzle-orm/sqlite-core";
+import { boolean } from "yargs";
 
 export const domains = sqliteTable("domains", {
     domainId: text("domainId").primaryKey(),
@@ -142,11 +143,15 @@ export const targets = sqliteTable("targets", {
 });
 
 export const targetHealthCheck = sqliteTable("targetHealthCheck", {
-    targetHealthCheckId: integer("targetHealthCheckId").primaryKey({ autoIncrement: true }),
+    targetHealthCheckId: integer("targetHealthCheckId").primaryKey({
+        autoIncrement: true
+    }),
     targetId: integer("targetId")
         .notNull()
         .references(() => targets.targetId, { onDelete: "cascade" }),
-    hcEnabled: integer("hcEnabled", { mode: "boolean" }).notNull().default(false),
+    hcEnabled: integer("hcEnabled", { mode: "boolean" })
+        .notNull()
+        .default(false),
     hcPath: text("hcPath"),
     hcScheme: text("hcScheme"),
     hcMode: text("hcMode").default("http"),
@@ -156,7 +161,9 @@ export const targetHealthCheck = sqliteTable("targetHealthCheck", {
     hcUnhealthyInterval: integer("hcUnhealthyInterval").default(30), // in seconds
     hcTimeout: integer("hcTimeout").default(5), // in seconds
     hcHeaders: text("hcHeaders"),
-    hcFollowRedirects: integer("hcFollowRedirects", { mode: "boolean" }).default(true),
+    hcFollowRedirects: integer("hcFollowRedirects", {
+        mode: "boolean"
+    }).default(true),
     hcMethod: text("hcMethod").default("GET"),
     hcStatus: integer("hcStatus"), // http code
     hcHealth: text("hcHealth").default("unknown") // "unknown", "healthy", "unhealthy"
@@ -710,27 +717,42 @@ export const idpOrg = sqliteTable("idpOrg", {
     orgMapping: text("orgMapping")
 });
 
-export const requestAuditLog = sqliteTable("requestAuditLog", {
-    id: integer("id").primaryKey({ autoIncrement: true }),
-    timestamp: integer("timestamp").notNull(), // this is EPOCH time in seconds
-    orgId: text("orgId")
-        .notNull()
-        .references(() => orgs.orgId, { onDelete: "cascade" }),
-    actorType: text("actorType").notNull(),
-    actor: text("actor").notNull(),
-    actorId: text("actorId").notNull(),
-    resourceId: integer("resourceId"),
-    ip: text("ip").notNull(),
-    type: text("type").notNull(),
-    action: text("action").notNull(),
-    event: text("event").notNull(),
-    location: text("location"),
-    userAgent: text("userAgent"),
-    metadata: text("details")
-}, (table) => ([
-    index("idx_requestAuditLog_timestamp").on(table.timestamp),
-    index("idx_requestAuditLog_org_timestamp").on(table.orgId, table.timestamp)
-]));
+export const requestAuditLog = sqliteTable(
+    "requestAuditLog",
+    {
+        id: integer("id").primaryKey({ autoIncrement: true }),
+        timestamp: integer("timestamp").notNull(), // this is EPOCH time in seconds
+        orgId: text("orgId")
+            .notNull()
+            .references(() => orgs.orgId, { onDelete: "cascade" }),
+        action: integer("action", { mode: "boolean" }).notNull(),
+        reason: integer("reason").notNull(),
+        actorType: text("actorType"),
+        actor: text("actor"),
+        actorId: text("actorId"),
+        resourceId: integer("resourceId"),
+        ip: text("ip"),
+        type: text("type"),
+        location: text("location"),
+        userAgent: text("userAgent"),
+        metadata: text("details"),
+        headers: text("headers"), // JSON blob
+        query: text("query"), // JSON blob
+        originalRequestURL: text("originalRequestURL"),
+        scheme: text("scheme"),
+        host: text("host"),
+        path: text("path"),
+        method: text("method"),
+        tls: integer("tls", { mode: "boolean" })
+    },
+    (table) => [
+        index("idx_requestAuditLog_timestamp").on(table.timestamp),
+        index("idx_requestAuditLog_org_timestamp").on(
+            table.orgId,
+            table.timestamp
+        )
+    ]
+);
 
 export type Org = InferSelectModel<typeof orgs>;
 export type User = InferSelectModel<typeof users>;
@@ -786,4 +808,4 @@ export type IdpOidcConfig = InferSelectModel<typeof idpOidcConfig>;
 export type LicenseKey = InferSelectModel<typeof licenseKey>;
 export type SecurityKey = InferSelectModel<typeof securityKeys>;
 export type WebauthnChallenge = InferSelectModel<typeof webauthnChallenge>;
-export type RequestAuditLog = InferSelectModel<typeof requestAuditLog>;
\ No newline at end of file
+export type RequestAuditLog = InferSelectModel<typeof requestAuditLog>;
diff --git a/server/routers/badger/logRequestAudit.ts b/server/routers/badger/logRequestAudit.ts
new file mode 100644
index 00000000..b0e2b236
--- /dev/null
+++ b/server/routers/badger/logRequestAudit.ts
@@ -0,0 +1,114 @@
+import { db, requestAuditLog } from "@server/db";
+import logger from "@server/logger";
+
+/** 
+
+Reasons:
+100 - Allowed by Rule
+101 - Allowed No Auth
+102 - Valid Access Token
+103 - Valid header auth
+104 - Valid Pincode
+105 - Valid Password
+106 - Valid email
+107 - Valid SSO
+
+201 - Resource Not Found
+202 - Resource Blocked
+203 - Dropped by Rule
+204 - No Sessions
+205 - Temporary Request Token
+299 - No More Auth Methods
+
+ */
+
+export async function logRequestAudit(
+    data: {
+        action: boolean;
+        reason: number;
+        user?: { username: string; userId: string; orgId: string };
+        apiKey?: { name: string; apiKeyId: string; orgId: string };
+        metadata?: any;
+        resouceId?: number;
+        type?: string;
+        location?: string;
+        // userAgent?: string;
+    },
+    body: {
+        path: string;
+        originalRequestURL: string;
+        scheme: string;
+        host: string;
+        method: string;
+        tls: boolean;
+        sessions?: Record<string, string> | undefined;
+        headers?: Record<string, string> | undefined;
+        query?: Record<string, string> | undefined;
+        requestIp?: string | undefined;
+    }
+) {
+    try {
+        let orgId: string | undefined;
+        let actorType: string | undefined;
+        let actor: string | undefined;
+        let actorId: string | undefined;
+
+        const user = data.user;
+        if (user) {
+            orgId = user.orgId;
+            actorType = "user";
+            actor = user.username;
+            actorId = user.userId;
+        }
+        const apiKey = data.apiKey;
+        if (apiKey) {
+            orgId = apiKey.orgId;
+            actorType = "apiKey";
+            actor = apiKey.name;
+            actorId = apiKey.apiKeyId;
+        }
+
+        if (!orgId) {
+            logger.warn("logRequestAudit: No organization context found");
+            return;
+        }
+
+        // if (!actorType || !actor || !actorId) {
+        //     logger.warn("logRequestAudit: Incomplete actor information");
+        //     return;
+        // }
+
+        const timestamp = Math.floor(Date.now() / 1000);
+
+        let metadata = null;
+        if (metadata) {
+            metadata = JSON.stringify(metadata);
+        }
+
+        await db.insert(requestAuditLog).values({
+            timestamp,
+            orgId,
+            actorType,
+            actor,
+            actorId,
+            metadata,
+            action: data.action,
+            resourceId: data.resouceId,
+            type: data.type,
+            reason: data.reason,
+            location: data.location,
+            // userAgent: data.userAgent, // TODO: add this
+            // headers: data.body.headers,
+            // query: data.body.query,
+            originalRequestURL: body.originalRequestURL,
+            scheme: body.scheme,
+            host: body.host,
+            path: body.path,
+            method: body.method,
+            ip: body.requestIp,
+            tls: body.tls
+        });
+    } catch (error) {
+        logger.error(error);
+    }
+}
diff --git a/server/routers/badger/verifySession.ts b/server/routers/badger/verifySession.ts
index 523163e6..ba3cdc9f 100644
--- a/server/routers/badger/verifySession.ts
+++ b/server/routers/badger/verifySession.ts
@@ -37,6 +37,7 @@ import { getCountryCodeForIp } from "@server/lib/geoip";
 import { getOrgTierData } from "#dynamic/lib/billing";
 import { TierId } from "@server/lib/billing/tiers";
 import { verifyPassword } from "@server/auth/password";
+import { logRequestAudit } from "./logRequestAudit";
 
 // We'll see if this speeds anything up
 const cache = new NodeCache({
@@ -149,6 +150,15 @@ export async function verifyResourceSession(
 
             if (!result) {
                 logger.debug(`Resource not found ${cleanHost}`);
+
+                logRequestAudit(
+                    {
+                        action: false,
+                        reason: 201 //resource not found
+                    },
+                    parsedBody.data
+                );
+
                 return notAllowed(res);
             }
 
@@ -160,6 +170,15 @@ export async function verifyResourceSession(
 
         if (!resource) {
             logger.debug(`Resource not found ${cleanHost}`);
+
+            logRequestAudit(
+                {
+                    action: false,
+                    reason: 201 //resource not found
+                },
+                parsedBody.data
+            );
+
             return notAllowed(res);
         }
 
@@ -167,6 +186,15 @@ export async function verifyResourceSession(
 
         if (blockAccess) {
             logger.debug("Resource blocked", host);
+
+            logRequestAudit(
+                {
+                    action: false,
+                    reason: 202 //resource blocked
+                },
+                parsedBody.data
+            );
+
             return notAllowed(res);
         }
 
@@ -180,9 +208,28 @@ export async function verifyResourceSession(
 
             if (action == "ACCEPT") {
                 logger.debug("Resource allowed by rule");
+
+                logRequestAudit(
+                    {
+                        action: true,
+                        reason: 100 // allowed by rule
+                    },
+                    parsedBody.data
+                );
+
                 return allowed(res);
             } else if (action == "DROP") {
                 logger.debug("Resource denied by rule");
+
+                // TODO: add rules type
+                logRequestAudit(
+                    {
+                        action: false,
+                        reason: 203 // dropped by rules
+                    },
+                    parsedBody.data
+                );
+
                 return notAllowed(res);
             } else if (action == "PASS") {
                 logger.debug(
@@ -203,6 +250,15 @@ export async function verifyResourceSession(
             !headerAuth
         ) {
             logger.debug("Resource allowed because no auth");
+
+            logRequestAudit(
+                {
+                    action: true,
+                    reason: 101 // allowed no auth
+                },
+                parsedBody.data
+            );
+
             return allowed(res);
         }
 
@@ -254,6 +310,14 @@ export async function verifyResourceSession(
             }
 
             if (valid && tokenItem) {
+                logRequestAudit(
+                    {
+                        action: true,
+                        reason: 102 // valid access token
+                    },
+                    parsedBody.data
+                );
+
                 return allowed(res);
             }
         }
@@ -290,6 +354,14 @@ export async function verifyResourceSession(
             }
 
             if (valid && tokenItem) {
+                logRequestAudit(
+                    {
+                        action: true,
+                        reason: 102 // valid access token
+                    },
+                    parsedBody.data
+                );
+
                 return allowed(res);
             }
         }
@@ -301,6 +373,15 @@ export async function verifyResourceSession(
                 logger.debug(
                     "Resource allowed because header auth is valid (cached)"
                 );
+
+                logRequestAudit(
+                    {
+                        action: true,
+                        reason: 103 // valid header auth
+                    },
+                    parsedBody.data
+                );
+
                 return allowed(res);
             } else if (
                 await verifyPassword(
@@ -310,15 +391,33 @@ export async function verifyResourceSession(
             ) {
                 cache.set(clientHeaderAuthKey, clientHeaderAuth);
                 logger.debug("Resource allowed because header auth is valid");
+
+                logRequestAudit(
+                    {
+                        action: true,
+                        reason: 103 // valid header auth
+                    },
+                    parsedBody.data
+                );
+
                 return allowed(res);
             }
 
-            if ( // we dont want to redirect if this is the only auth method and we did not pass here
+            if (
+                // we dont want to redirect if this is the only auth method and we did not pass here
                 !sso &&
                 !pincode &&
                 !password &&
                 !resource.emailWhitelistEnabled
             ) {
+                logRequestAudit(
+                    {
+                        action: false,
+                        reason: 299 // no more auth methods
+                    },
+                    parsedBody.data
+                );
+
                 return notAllowed(res);
             }
         } else if (headerAuth) {
@@ -329,6 +428,14 @@ export async function verifyResourceSession(
                 !password &&
                 !resource.emailWhitelistEnabled
             ) {
+                logRequestAudit(
+                    {
+                        action: false,
+                        reason: 299 // no more auth methods
+                    },
+                    parsedBody.data
+                );
+
                 return notAllowed(res);
             }
         }
@@ -341,6 +448,15 @@ export async function verifyResourceSession(
                     }. IP: ${clientIp}.`
                 );
             }
+
+            logRequestAudit(
+                {
+                    action: false,
+                    reason: 204 // no sessions
+                },
+                parsedBody.data
+            );
+
             return notAllowed(res);
         }
 
@@ -374,6 +490,15 @@ export async function verifyResourceSession(
                         }. IP: ${clientIp}.`
                     );
                 }
+
+                logRequestAudit(
+                    {
+                        action: false,
+                        reason: 205 // temporary request token
+                    },
+                    parsedBody.data
+                );
+
                 return notAllowed(res);
             }
 
@@ -382,6 +507,15 @@ export async function verifyResourceSession(
                     logger.debug(
                         "Resource allowed because pincode session is valid"
                     );
+
+                    logRequestAudit(
+                        {
+                            action: true,
+                            reason: 104 // valid pincode
+                        },
+                        parsedBody.data
+                    );
+
                     return allowed(res);
                 }
 
@@ -389,6 +523,15 @@ export async function verifyResourceSession(
                     logger.debug(
                         "Resource allowed because password session is valid"
                     );
+
+                    logRequestAudit(
+                        {
+                            action: true,
+                            reason: 105 // valid password
+                        },
+                        parsedBody.data
+                    );
+
                     return allowed(res);
                 }
 
@@ -399,6 +542,15 @@ export async function verifyResourceSession(
                     logger.debug(
                         "Resource allowed because whitelist session is valid"
                     );
+
+                    logRequestAudit(
+                        {
+                            action: true,
+                            reason: 106 // valid email
+                        },
+                        parsedBody.data
+                    );
+
                     return allowed(res);
                 }
 
@@ -406,6 +558,15 @@ export async function verifyResourceSession(
                     logger.debug(
                         "Resource allowed because access token session is valid"
                     );
+
+                    logRequestAudit(
+                        {
+                            action: true,
+                            reason: 102 // valid access token
+                        },
+                        parsedBody.data
+                    );
+
                     return allowed(res);
                 }
 
@@ -433,6 +594,15 @@ export async function verifyResourceSession(
                         logger.debug(
                             "Resource allowed because user session is valid"
                         );
+
+                        logRequestAudit(
+                            {
+                                action: true,
+                                reason: 107 // valid sso
+                            },
+                            parsedBody.data
+                        );
+
                         return allowed(res, allowedUserData);
                     }
                 }
@@ -451,6 +621,14 @@ export async function verifyResourceSession(
 
         logger.debug(`Redirecting to login at ${redirectPath}`);
 
+        logRequestAudit(
+            {
+                action: false,
+                reason: 299 // no more auth methods
+            },
+            parsedBody.data
+        );
+
         return notAllowed(res, redirectPath, resource.orgId);
     } catch (e) {
         console.error(e);

From 3662d4237455314dde1d36b1993e3b495b84e88f Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Tue, 21 Oct 2025 21:42:53 -0700
Subject: [PATCH 38/69] Add resource id and cc

---
 server/db/pg/schema/schema.ts            |   1 -
 server/db/sqlite/schema/schema.ts        |   1 -
 server/routers/badger/logRequestAudit.ts |  14 ++-
 server/routers/badger/verifySession.ts   | 108 +++++++++++++++++------
 4 files changed, 85 insertions(+), 39 deletions(-)

diff --git a/server/db/pg/schema/schema.ts b/server/db/pg/schema/schema.ts
index b71cc7a8..00942de3 100644
--- a/server/db/pg/schema/schema.ts
+++ b/server/db/pg/schema/schema.ts
@@ -687,7 +687,6 @@ export const requestAuditLog = pgTable(
         actorId: text("actorId"),
         resourceId: integer("resourceId"),
         ip: text("ip"),
-        type: text("type"),
         location: text("location"),
         userAgent: text("userAgent"),
         metadata: text("details"),
diff --git a/server/db/sqlite/schema/schema.ts b/server/db/sqlite/schema/schema.ts
index c7102a83..f7f1913a 100644
--- a/server/db/sqlite/schema/schema.ts
+++ b/server/db/sqlite/schema/schema.ts
@@ -732,7 +732,6 @@ export const requestAuditLog = sqliteTable(
         actorId: text("actorId"),
         resourceId: integer("resourceId"),
         ip: text("ip"),
-        type: text("type"),
         location: text("location"),
         userAgent: text("userAgent"),
         metadata: text("details"),
diff --git a/server/routers/badger/logRequestAudit.ts b/server/routers/badger/logRequestAudit.ts
index b0e2b236..8ab26c6c 100644
--- a/server/routers/badger/logRequestAudit.ts
+++ b/server/routers/badger/logRequestAudit.ts
@@ -26,11 +26,10 @@ export async function logRequestAudit(
     data: {
         action: boolean;
         reason: number;
+        resourceId?: number;
         user?: { username: string; userId: string; orgId: string };
         apiKey?: { name: string; apiKeyId: string; orgId: string };
         metadata?: any;
-        resouceId?: number;
-        type?: string;
         location?: string;
         // userAgent?: string;
     },
@@ -41,10 +40,10 @@ export async function logRequestAudit(
         host: string;
         method: string;
         tls: boolean;
-        sessions?: Record<string, string> | undefined;
-        headers?: Record<string, string> | undefined;
-        query?: Record<string, string> | undefined;
-        requestIp?: string | undefined;
+        sessions?: Record<string, string>;
+        headers?: Record<string, string>;
+        query?: Record<string, string>; 
+        requestIp?: string;
     }
 ) {
     try {
@@ -93,8 +92,7 @@ export async function logRequestAudit(
             actorId,
             metadata,
             action: data.action,
-            resourceId: data.resouceId,
-            type: data.type,
+            resourceId: data.resourceId,
             reason: data.reason,
             location: data.location,
             // userAgent: data.userAgent, // TODO: add this
diff --git a/server/routers/badger/verifySession.ts b/server/routers/badger/verifySession.ts
index ba3cdc9f..d7f2943d 100644
--- a/server/routers/badger/verifySession.ts
+++ b/server/routers/badger/verifySession.ts
@@ -128,6 +128,10 @@ export async function verifyResourceSession(
 
         logger.debug("Client IP:", { clientIp });
 
+        const ipCC = clientIp
+            ? await getCountryCodeFromIp(clientIp)
+            : undefined;
+
         let cleanHost = host;
         // if the host ends with :port, strip it
         if (cleanHost.match(/:[0-9]{1,5}$/)) {
@@ -154,7 +158,8 @@ export async function verifyResourceSession(
                 logRequestAudit(
                     {
                         action: false,
-                        reason: 201 //resource not found
+                        reason: 201, //resource not found
+                        location: ipCC
                     },
                     parsedBody.data
                 );
@@ -174,7 +179,8 @@ export async function verifyResourceSession(
             logRequestAudit(
                 {
                     action: false,
-                    reason: 201 //resource not found
+                    reason: 201, //resource not found
+                    location: ipCC
                 },
                 parsedBody.data
             );
@@ -190,7 +196,8 @@ export async function verifyResourceSession(
             logRequestAudit(
                 {
                     action: false,
-                    reason: 202 //resource blocked
+                    reason: 202, //resource blocked
+                    location: ipCC
                 },
                 parsedBody.data
             );
@@ -203,7 +210,8 @@ export async function verifyResourceSession(
             const action = await checkRules(
                 resource.resourceId,
                 clientIp,
-                path
+                path,
+                ipCC
             );
 
             if (action == "ACCEPT") {
@@ -212,7 +220,9 @@ export async function verifyResourceSession(
                 logRequestAudit(
                     {
                         action: true,
-                        reason: 100 // allowed by rule
+                        reason: 100, // allowed by rule
+                        resourceId: resource.resourceId,
+                        location: ipCC
                     },
                     parsedBody.data
                 );
@@ -225,7 +235,9 @@ export async function verifyResourceSession(
                 logRequestAudit(
                     {
                         action: false,
-                        reason: 203 // dropped by rules
+                        reason: 203, // dropped by rules
+                        resourceId: resource.resourceId,
+                        location: ipCC
                     },
                     parsedBody.data
                 );
@@ -254,7 +266,9 @@ export async function verifyResourceSession(
             logRequestAudit(
                 {
                     action: true,
-                    reason: 101 // allowed no auth
+                    reason: 101, // allowed no auth
+                    resourceId: resource.resourceId,
+                    location: ipCC
                 },
                 parsedBody.data
             );
@@ -313,7 +327,9 @@ export async function verifyResourceSession(
                 logRequestAudit(
                     {
                         action: true,
-                        reason: 102 // valid access token
+                        reason: 102, // valid access token
+                        resourceId: resource.resourceId,
+                        location: ipCC
                     },
                     parsedBody.data
                 );
@@ -357,7 +373,9 @@ export async function verifyResourceSession(
                 logRequestAudit(
                     {
                         action: true,
-                        reason: 102 // valid access token
+                        reason: 102, // valid access token
+                        resourceId: resource.resourceId,
+                        location: ipCC
                     },
                     parsedBody.data
                 );
@@ -377,7 +395,9 @@ export async function verifyResourceSession(
                 logRequestAudit(
                     {
                         action: true,
-                        reason: 103 // valid header auth
+                        reason: 103, // valid header auth
+                        resourceId: resource.resourceId,
+                        location: ipCC
                     },
                     parsedBody.data
                 );
@@ -395,7 +415,9 @@ export async function verifyResourceSession(
                 logRequestAudit(
                     {
                         action: true,
-                        reason: 103 // valid header auth
+                        reason: 103, // valid header auth
+                        resourceId: resource.resourceId,
+                        location: ipCC
                     },
                     parsedBody.data
                 );
@@ -413,7 +435,9 @@ export async function verifyResourceSession(
                 logRequestAudit(
                     {
                         action: false,
-                        reason: 299 // no more auth methods
+                        reason: 299, // no more auth methods
+                        resourceId: resource.resourceId,
+                        location: ipCC
                     },
                     parsedBody.data
                 );
@@ -431,7 +455,9 @@ export async function verifyResourceSession(
                 logRequestAudit(
                     {
                         action: false,
-                        reason: 299 // no more auth methods
+                        reason: 299, // no more auth methods
+                        resourceId: resource.resourceId,
+                        location: ipCC
                     },
                     parsedBody.data
                 );
@@ -452,7 +478,9 @@ export async function verifyResourceSession(
             logRequestAudit(
                 {
                     action: false,
-                    reason: 204 // no sessions
+                    reason: 204, // no sessions
+                    resourceId: resource.resourceId,
+                    location: ipCC
                 },
                 parsedBody.data
             );
@@ -494,7 +522,9 @@ export async function verifyResourceSession(
                 logRequestAudit(
                     {
                         action: false,
-                        reason: 205 // temporary request token
+                        reason: 205, // temporary request token
+                        resourceId: resource.resourceId,
+                        location: ipCC
                     },
                     parsedBody.data
                 );
@@ -511,7 +541,9 @@ export async function verifyResourceSession(
                     logRequestAudit(
                         {
                             action: true,
-                            reason: 104 // valid pincode
+                            reason: 104, // valid pincode
+                            resourceId: resource.resourceId,
+                            location: ipCC
                         },
                         parsedBody.data
                     );
@@ -527,7 +559,9 @@ export async function verifyResourceSession(
                     logRequestAudit(
                         {
                             action: true,
-                            reason: 105 // valid password
+                            reason: 105, // valid password
+                            resourceId: resource.resourceId,
+                            location: ipCC
                         },
                         parsedBody.data
                     );
@@ -546,7 +580,9 @@ export async function verifyResourceSession(
                     logRequestAudit(
                         {
                             action: true,
-                            reason: 106 // valid email
+                            reason: 106, // valid email
+                            resourceId: resource.resourceId,
+                            location: ipCC
                         },
                         parsedBody.data
                     );
@@ -562,7 +598,9 @@ export async function verifyResourceSession(
                     logRequestAudit(
                         {
                             action: true,
-                            reason: 102 // valid access token
+                            reason: 102, // valid access token
+                            resourceId: resource.resourceId,
+                            location: ipCC
                         },
                         parsedBody.data
                     );
@@ -598,7 +636,9 @@ export async function verifyResourceSession(
                         logRequestAudit(
                             {
                                 action: true,
-                                reason: 107 // valid sso
+                                reason: 107, // valid sso
+                                resourceId: resource.resourceId,
+                                location: ipCC
                             },
                             parsedBody.data
                         );
@@ -624,7 +664,9 @@ export async function verifyResourceSession(
         logRequestAudit(
             {
                 action: false,
-                reason: 299 // no more auth methods
+                reason: 299, // no more auth methods
+                resourceId: resource.resourceId,
+                location: ipCC
             },
             parsedBody.data
         );
@@ -799,7 +841,8 @@ async function isUserAllowedToAccessResource(
 async function checkRules(
     resourceId: number,
     clientIp: string | undefined,
-    path: string | undefined
+    path: string | undefined,
+    ipCC?: string
 ): Promise<"ACCEPT" | "DROP" | "PASS" | undefined> {
     const ruleCacheKey = `rules:${resourceId}`;
 
@@ -838,9 +881,9 @@ async function checkRules(
         ) {
             return rule.action as any;
         } else if (
-            clientIp &&
+            ipCC &&
             rule.match == "GEOIP" &&
-            (await isIpInGeoIP(clientIp, rule.value))
+            (await isIpInGeoIP(ipCC, rule.value))
         ) {
             return rule.action as any;
         }
@@ -968,11 +1011,20 @@ export function isPathAllowed(pattern: string, path: string): boolean {
     return result;
 }
 
-async function isIpInGeoIP(ip: string, countryCode: string): Promise<boolean> {
-    if (countryCode == "ALL") {
+async function isIpInGeoIP(
+    ipCountryCode: string,
+    checkCountryCode: string
+): Promise<boolean> {
+    if (checkCountryCode == "ALL") {
         return true;
     }
 
+    logger.debug(`IP ${ipCountryCode} is in country: ${checkCountryCode}`);
+
+    return ipCountryCode?.toUpperCase() === checkCountryCode.toUpperCase();
+}
+
+async function getCountryCodeFromIp(ip: string): Promise<string | undefined> {
     const geoIpCacheKey = `geoip:${ip}`;
 
     let cachedCountryCode: string | undefined = cache.get(geoIpCacheKey);
@@ -983,9 +1035,7 @@ async function isIpInGeoIP(ip: string, countryCode: string): Promise<boolean> {
         cache.set(geoIpCacheKey, cachedCountryCode, 300); // 5 minutes
     }
 
-    logger.debug(`IP ${ip} is in country: ${cachedCountryCode}`);
-
-    return cachedCountryCode?.toUpperCase() === countryCode.toUpperCase();
+    return cachedCountryCode;
 }
 
 function extractBasicAuth(

From 654145be8491953d1e5478eaad674ccfd72220a5 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Tue, 21 Oct 2025 21:58:09 -0700
Subject: [PATCH 39/69] Clean up imports and ordering

---
 server/routers/badger/logRequestAudit.ts | 2 +-
 server/routers/badger/verifySession.ts   | 4 ----
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/server/routers/badger/logRequestAudit.ts b/server/routers/badger/logRequestAudit.ts
index 8ab26c6c..7212433a 100644
--- a/server/routers/badger/logRequestAudit.ts
+++ b/server/routers/badger/logRequestAudit.ts
@@ -27,10 +27,10 @@ export async function logRequestAudit(
         action: boolean;
         reason: number;
         resourceId?: number;
+        location?: string;
         user?: { username: string; userId: string; orgId: string };
         apiKey?: { name: string; apiKeyId: string; orgId: string };
         metadata?: any;
-        location?: string;
         // userAgent?: string;
     },
     body: {
diff --git a/server/routers/badger/verifySession.ts b/server/routers/badger/verifySession.ts
index d7f2943d..d5a859ab 100644
--- a/server/routers/badger/verifySession.ts
+++ b/server/routers/badger/verifySession.ts
@@ -1,7 +1,4 @@
-import { generateSessionToken } from "@server/auth/sessions/app";
 import {
-    createResourceSession,
-    serializeResourceSessionCookie,
     validateResourceSessionToken
 } from "@server/auth/sessions/resource";
 import { verifyResourceAccessToken } from "@server/auth/verifyResourceAccessToken";
@@ -17,7 +14,6 @@ import {
 import {
     LoginPage,
     Resource,
-    ResourceAccessToken,
     ResourceHeaderAuth,
     ResourcePassword,
     ResourcePincode,

From fdd4d5244f8fef81963cb05ea1e3994bffff12bc Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Wed, 22 Oct 2025 10:59:35 -0700
Subject: [PATCH 40/69] Temp dont ignore org

---
 server/lib/geoip.ts                      | 2 +-
 server/routers/badger/logRequestAudit.ts | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/server/lib/geoip.ts b/server/lib/geoip.ts
index ac739fa3..5bc29ef9 100644
--- a/server/lib/geoip.ts
+++ b/server/lib/geoip.ts
@@ -6,7 +6,7 @@ export async function getCountryCodeForIp(
 ): Promise<string | undefined> {
     try {
         if (!maxmindLookup) {
-            logger.warn(
+            logger.debug(
                 "MaxMind DB path not configured, cannot perform GeoIP lookup"
             );
             return;
diff --git a/server/routers/badger/logRequestAudit.ts b/server/routers/badger/logRequestAudit.ts
index 7212433a..39f1b3cf 100644
--- a/server/routers/badger/logRequestAudit.ts
+++ b/server/routers/badger/logRequestAudit.ts
@@ -69,7 +69,8 @@ export async function logRequestAudit(
 
         if (!orgId) {
             logger.warn("logRequestAudit: No organization context found");
-            return;
+            orgId = "unknown"; 
+            // return;
         }
 
         // if (!actorType || !actor || !actorId) {

From f748c5dbe43e9bc5702034d985359d0d87b74530 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Wed, 22 Oct 2025 12:23:48 -0700
Subject: [PATCH 41/69] Basic request log working

---
 messages/en-US.json                           |  20 +-
 .../routers/auditLogs/exportActionAuditLog.ts |  32 +-
 .../routers/auditLogs/queryActionAuditLog.ts  |  14 +-
 server/private/routers/external.ts            |   4 +-
 .../routers/auditLogs/exportRequstAuditLog.ts |  73 ++++
 server/routers/auditLogs/generateCSV.ts       |  16 +
 server/routers/auditLogs/index.ts             |   2 +
 .../routers/auditLogs/queryRequstAuditLog.ts  | 165 ++++++++
 server/routers/auditLogs/types.ts             |  31 ++
 server/routers/badger/logRequestAudit.ts      |  24 +-
 server/routers/external.ts                    |  11 +
 src/app/[orgId]/settings/logs/action/page.tsx |   6 +-
 src/app/[orgId]/settings/logs/layout.tsx      |   8 +-
 .../[orgId]/settings/logs/request/page.tsx    | 400 ++++++++++++++++++
 src/app/navigation.tsx                        |   2 +-
 src/components/LogDataTable.tsx               |  37 +-
 16 files changed, 793 insertions(+), 52 deletions(-)
 create mode 100644 server/routers/auditLogs/exportRequstAuditLog.ts
 create mode 100644 server/routers/auditLogs/generateCSV.ts
 create mode 100644 server/routers/auditLogs/index.ts
 create mode 100644 server/routers/auditLogs/queryRequstAuditLog.ts
 create mode 100644 src/app/[orgId]/settings/logs/request/page.tsx

diff --git a/messages/en-US.json b/messages/en-US.json
index 521c4a39..d1041ea1 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1902,5 +1902,23 @@
     "timestamp": "Timestamp",
     "accessLogs": "Access Logs",
     "exportCsv": "Export CSV",
-    "actorId": "Actor ID"
+    "actorId": "Actor ID",
+    "allowedByRule": "Allowed by Rule",
+    "allowedNoAuth": "Allowed No Auth",
+    "validAccessToken": "Valid Access Token",
+    "validHeaderAuth": "Valid header auth",
+    "validPincode": "Valid Pincode",
+    "validPassword": "Valid Password",
+    "validEmail": "Valid email",
+    "validSSO": "Valid SSO",
+    "resourceBlocked": "Resource Blocked",
+    "droppedByRule": "Dropped by Rule",
+    "noSessions": "No Sessions",
+    "temporaryRequestToken": "Temporary Request Token",
+    "noMoreAuthMethods": "No More Auth Methods",
+    "ip": "IP Address",
+    "reason": "Reason",
+    "requestLogs": "Request Logs",
+    "host": "Host",
+    "location": "Location"
 }
diff --git a/server/private/routers/auditLogs/exportActionAuditLog.ts b/server/private/routers/auditLogs/exportActionAuditLog.ts
index de6cf298..4d15dd55 100644
--- a/server/private/routers/auditLogs/exportActionAuditLog.ts
+++ b/server/private/routers/auditLogs/exportActionAuditLog.ts
@@ -24,24 +24,8 @@ import { fromError } from "zod-validation-error";
 import { QueryActionAuditLogResponse } from "@server/routers/auditLogs/types";
 import response from "@server/lib/response";
 import logger from "@server/logger";
-import { queryAccessAuditLogsParams, queryAccessAuditLogsQuery, querySites } from "./queryActionAuditLog";
-
-function generateCSV(data: any[]): string {
-    if (data.length === 0) {
-        return "orgId,action,actorType,timestamp,actor\n";
-    }
-    
-    const headers = Object.keys(data[0]).join(",");
-    const rows = data.map(row => 
-        Object.values(row).map(value => 
-            typeof value === 'string' && value.includes(',') 
-                ? `"${value.replace(/"/g, '""')}"` 
-                : value
-        ).join(",")
-    );
-    
-    return [headers, ...rows].join("\n");
-}
+import { queryActionAuditLogsParams, queryActionAuditLogsQuery, querySites } from "./queryActionAuditLog";
+import { generateCSV } from "@server/routers/auditLogs/generateCSV";
 
 registry.registerPath({
     method: "get",
@@ -49,19 +33,19 @@ registry.registerPath({
     description: "Export the action audit log for an organization as CSV",
     tags: [OpenAPITags.Org],
     request: {
-        query: queryAccessAuditLogsQuery,
-        params: queryAccessAuditLogsParams
+        query: queryActionAuditLogsQuery,
+        params: queryActionAuditLogsParams
     },
     responses: {}
 });
 
-export async function exportAccessAuditLogs(
+export async function exportActionAuditLogs(
     req: Request,
     res: Response,
     next: NextFunction
 ): Promise<any> {
     try {
-        const parsedQuery = queryAccessAuditLogsQuery.safeParse(req.query);
+        const parsedQuery = queryActionAuditLogsQuery.safeParse(req.query);
         if (!parsedQuery.success) {
             return next(
                 createHttpError(
@@ -72,7 +56,7 @@ export async function exportAccessAuditLogs(
         }
         const { timeStart, timeEnd, limit, offset } = parsedQuery.data;
 
-        const parsedParams = queryAccessAuditLogsParams.safeParse(req.params);
+        const parsedParams = queryActionAuditLogsParams.safeParse(req.params);
         if (!parsedParams.success) {
             return next(
                 createHttpError(
@@ -90,7 +74,7 @@ export async function exportAccessAuditLogs(
         const csvData = generateCSV(log);
         
         res.setHeader('Content-Type', 'text/csv');
-        res.setHeader('Content-Disposition', `attachment; filename="audit-logs-${orgId}-${Date.now()}.csv"`);
+        res.setHeader('Content-Disposition', `attachment; filename="action-audit-logs-${orgId}-${Date.now()}.csv"`);
         
         return res.send(csvData);
     } catch (error) {
diff --git a/server/private/routers/auditLogs/queryActionAuditLog.ts b/server/private/routers/auditLogs/queryActionAuditLog.ts
index 379266ae..dd82e21f 100644
--- a/server/private/routers/auditLogs/queryActionAuditLog.ts
+++ b/server/private/routers/auditLogs/queryActionAuditLog.ts
@@ -25,7 +25,7 @@ import { QueryActionAuditLogResponse } from "@server/routers/auditLogs/types";
 import response from "@server/lib/response";
 import logger from "@server/logger";
 
-export const queryAccessAuditLogsQuery = z.object({
+export const queryActionAuditLogsQuery = z.object({
     // iso string just validate its a parseable date
     timeStart: z
         .string()
@@ -55,7 +55,7 @@ export const queryAccessAuditLogsQuery = z.object({
         .pipe(z.number().int().nonnegative())
 });
 
-export const queryAccessAuditLogsParams = z.object({
+export const queryActionAuditLogsParams = z.object({
     orgId: z.string()
 });
 
@@ -100,19 +100,19 @@ registry.registerPath({
     description: "Query the action audit log for an organization",
     tags: [OpenAPITags.Org],
     request: {
-        query: queryAccessAuditLogsQuery,
-        params: queryAccessAuditLogsParams
+        query: queryActionAuditLogsQuery,
+        params: queryActionAuditLogsParams
     },
     responses: {}
 });
 
-export async function queryAccessAuditLogs(
+export async function queryActionAuditLogs(
     req: Request,
     res: Response,
     next: NextFunction
 ): Promise<any> {
     try {
-        const parsedQuery = queryAccessAuditLogsQuery.safeParse(req.query);
+        const parsedQuery = queryActionAuditLogsQuery.safeParse(req.query);
         if (!parsedQuery.success) {
             return next(
                 createHttpError(
@@ -123,7 +123,7 @@ export async function queryAccessAuditLogs(
         }
         const { timeStart, timeEnd, limit, offset } = parsedQuery.data;
 
-        const parsedParams = queryAccessAuditLogsParams.safeParse(req.params);
+        const parsedParams = queryActionAuditLogsParams.safeParse(req.params);
         if (!parsedParams.success) {
             return next(
                 createHttpError(
diff --git a/server/private/routers/external.ts b/server/private/routers/external.ts
index 566c1c55..d89b3294 100644
--- a/server/private/routers/external.ts
+++ b/server/private/routers/external.ts
@@ -348,11 +348,11 @@ authenticated.post(
 
 authenticated.get(
     "/org/:orgId/logs/action",
-    logs.queryAccessAuditLogs 
+    logs.queryActionAuditLogs 
 )
 
 
 authenticated.get(
     "/org/:orgId/logs/action/export",
-    logs.exportAccessAuditLogs
+    logs.exportActionAuditLogs
 )
\ No newline at end of file
diff --git a/server/routers/auditLogs/exportRequstAuditLog.ts b/server/routers/auditLogs/exportRequstAuditLog.ts
new file mode 100644
index 00000000..d8bf7916
--- /dev/null
+++ b/server/routers/auditLogs/exportRequstAuditLog.ts
@@ -0,0 +1,73 @@
+import { db, requestAuditLog } from "@server/db";
+import { registry } from "@server/openApi";
+import { NextFunction } from "express";
+import { Request, Response } from "express";
+import { eq, gt, lt, and, count } from "drizzle-orm";
+import { OpenAPITags } from "@server/openApi";
+import { z } from "zod";
+import createHttpError from "http-errors";
+import HttpCode from "@server/types/HttpCode";
+import { fromError } from "zod-validation-error";
+import { QueryRequestAuditLogResponse } from "@server/routers/auditLogs/types";
+import response from "@server/lib/response";
+import logger from "@server/logger";
+import { queryAccessAuditLogsQuery, queryRequestAuditLogsParams, querySites } from "./queryRequstAuditLog";
+import { generateCSV } from "./generateCSV";
+
+registry.registerPath({
+    method: "get",
+    path: "/org/{orgId}/logs/request",
+    description: "Query the request audit log for an organization",
+    tags: [OpenAPITags.Org],
+    request: {
+        query: queryAccessAuditLogsQuery,
+        params: queryRequestAuditLogsParams
+    },
+    responses: {}
+});
+
+export async function exportRequestAuditLogs(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedQuery = queryAccessAuditLogsQuery.safeParse(req.query);
+        if (!parsedQuery.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedQuery.error)
+                )
+            );
+        }
+        const { timeStart, timeEnd, limit, offset } = parsedQuery.data;
+
+        const parsedParams = queryRequestAuditLogsParams.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error)
+                )
+            );
+        }
+        const { orgId } = parsedParams.data;
+
+        const baseQuery = querySites(timeStart, timeEnd, orgId);
+
+        const log = await baseQuery.limit(limit).offset(offset);
+
+        const csvData = generateCSV(log);
+        
+        res.setHeader('Content-Type', 'text/csv');
+        res.setHeader('Content-Disposition', `attachment; filename="request-audit-logs-${orgId}-${Date.now()}.csv"`);
+        
+        return res.send(csvData);
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
diff --git a/server/routers/auditLogs/generateCSV.ts b/server/routers/auditLogs/generateCSV.ts
new file mode 100644
index 00000000..8a067069
--- /dev/null
+++ b/server/routers/auditLogs/generateCSV.ts
@@ -0,0 +1,16 @@
+export function generateCSV(data: any[]): string {
+    if (data.length === 0) {
+        return "orgId,action,actorType,timestamp,actor\n";
+    }
+    
+    const headers = Object.keys(data[0]).join(",");
+    const rows = data.map(row => 
+        Object.values(row).map(value => 
+            typeof value === 'string' && value.includes(',') 
+                ? `"${value.replace(/"/g, '""')}"` 
+                : value
+        ).join(",")
+    );
+    
+    return [headers, ...rows].join("\n");
+}
\ No newline at end of file
diff --git a/server/routers/auditLogs/index.ts b/server/routers/auditLogs/index.ts
new file mode 100644
index 00000000..4823831d
--- /dev/null
+++ b/server/routers/auditLogs/index.ts
@@ -0,0 +1,2 @@
+export * from "./queryRequstAuditLog";
+export * from "./exportRequstAuditLog";
\ No newline at end of file
diff --git a/server/routers/auditLogs/queryRequstAuditLog.ts b/server/routers/auditLogs/queryRequstAuditLog.ts
new file mode 100644
index 00000000..3f5d7f43
--- /dev/null
+++ b/server/routers/auditLogs/queryRequstAuditLog.ts
@@ -0,0 +1,165 @@
+import { db, requestAuditLog } from "@server/db";
+import { registry } from "@server/openApi";
+import { NextFunction } from "express";
+import { Request, Response } from "express";
+import { eq, gt, lt, and, count } from "drizzle-orm";
+import { OpenAPITags } from "@server/openApi";
+import { z } from "zod";
+import createHttpError from "http-errors";
+import HttpCode from "@server/types/HttpCode";
+import { fromError } from "zod-validation-error";
+import { QueryRequestAuditLogResponse } from "@server/routers/auditLogs/types";
+import response from "@server/lib/response";
+import logger from "@server/logger";
+
+export const queryAccessAuditLogsQuery = z.object({
+    // iso string just validate its a parseable date
+    timeStart: z
+        .string()
+        .refine((val) => !isNaN(Date.parse(val)), {
+            message: "timeStart must be a valid ISO date string"
+        })
+        .transform((val) => Math.floor(new Date(val).getTime() / 1000)),
+    timeEnd: z
+        .string()
+        .refine((val) => !isNaN(Date.parse(val)), {
+            message: "timeEnd must be a valid ISO date string"
+        })
+        .transform((val) => Math.floor(new Date(val).getTime() / 1000))
+        .optional()
+        .default(new Date().toISOString()),
+    limit: z
+        .string()
+        .optional()
+        .default("1000")
+        .transform(Number)
+        .pipe(z.number().int().positive()),
+    offset: z
+        .string()
+        .optional()
+        .default("0")
+        .transform(Number)
+        .pipe(z.number().int().nonnegative())
+});
+
+export const queryRequestAuditLogsParams = z.object({
+    orgId: z.string()
+});
+
+export function querySites(timeStart: number, timeEnd: number, orgId: string) {
+    return db
+        .select({
+            timestamp: requestAuditLog.timestamp, 
+            orgId: requestAuditLog.orgId, 
+            action: requestAuditLog.action, 
+            reason: requestAuditLog.reason, 
+            actorType: requestAuditLog.actorType, 
+            actor: requestAuditLog.actor, 
+            actorId: requestAuditLog.actorId, 
+            resourceId: requestAuditLog.resourceId, 
+            ip: requestAuditLog.ip, 
+            location: requestAuditLog.location, 
+            userAgent: requestAuditLog.userAgent, 
+            metadata: requestAuditLog.metadata, 
+            headers: requestAuditLog.headers, 
+            query: requestAuditLog.query, 
+            originalRequestURL: requestAuditLog.originalRequestURL, 
+            scheme: requestAuditLog.scheme, 
+            host: requestAuditLog.host, 
+            path: requestAuditLog.path, 
+            method: requestAuditLog.method, 
+            tls: requestAuditLog.tls, 
+        })
+        .from(requestAuditLog)
+        .where(
+            and(
+                gt(requestAuditLog.timestamp, timeStart),
+                lt(requestAuditLog.timestamp, timeEnd),
+                eq(requestAuditLog.orgId, orgId)
+            )
+        )
+        .orderBy(requestAuditLog.timestamp);
+}
+
+export function countQuery(timeStart: number, timeEnd: number, orgId: string) {
+            const countQuery = db
+            .select({ count: count() })
+            .from(requestAuditLog)
+            .where(
+                and(
+                    gt(requestAuditLog.timestamp, timeStart),
+                    lt(requestAuditLog.timestamp, timeEnd),
+                    eq(requestAuditLog.orgId, orgId)
+                )
+            );
+    return countQuery;
+}
+
+registry.registerPath({
+    method: "get",
+    path: "/org/{orgId}/logs/request",
+    description: "Query the request audit log for an organization",
+    tags: [OpenAPITags.Org],
+    request: {
+        query: queryAccessAuditLogsQuery,
+        params: queryRequestAuditLogsParams
+    },
+    responses: {}
+});
+
+export async function queryRequestAuditLogs(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedQuery = queryAccessAuditLogsQuery.safeParse(req.query);
+        if (!parsedQuery.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedQuery.error)
+                )
+            );
+        }
+        const { timeStart, timeEnd, limit, offset } = parsedQuery.data;
+
+        const parsedParams = queryRequestAuditLogsParams.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error)
+                )
+            );
+        }
+        const { orgId } = parsedParams.data;
+
+        const baseQuery = querySites(timeStart, timeEnd, orgId);
+
+        const log = await baseQuery.limit(limit).offset(offset);
+
+        const totalCountResult = await countQuery(timeStart, timeEnd, orgId);
+        const totalCount = totalCountResult[0].count;
+
+        return response<QueryRequestAuditLogResponse>(res, {
+            data: {
+                log: log,
+                pagination: {
+                    total: totalCount,
+                    limit,
+                    offset
+                }
+            },
+            success: true,
+            error: false,
+            message: "Action audit logs retrieved successfully",
+            status: HttpCode.OK
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
diff --git a/server/routers/auditLogs/types.ts b/server/routers/auditLogs/types.ts
index 4530de79..f2f6139f 100644
--- a/server/routers/auditLogs/types.ts
+++ b/server/routers/auditLogs/types.ts
@@ -3,6 +3,7 @@ export type QueryActionAuditLogResponse = {
         orgId: string;
         action: string;
         actorType: string;
+        actorId: string;
         timestamp: number;
         actor: string;
     }[];
@@ -12,3 +13,33 @@ export type QueryActionAuditLogResponse = {
         offset: number;
     };
 };
+
+export type QueryRequestAuditLogResponse = {
+    log: {
+        timestamp: number;
+        orgId: string;
+        action: boolean;
+        reason: number;
+        actorType: string | null;
+        actor: string | null;
+        actorId: string | null;
+        resourceId: number | null;
+        ip: string | null;
+        location: string | null;
+        userAgent: string | null;
+        metadata: string | null;
+        headers: string | null;
+        query: string | null;
+        originalRequestURL: string | null;
+        scheme: string | null;
+        host: string | null;
+        path: string | null;
+        method: string | null;
+        tls: boolean | null;
+    }[];
+    pagination: {
+        total: number;
+        limit: number;
+        offset: number;
+    };
+};
\ No newline at end of file
diff --git a/server/routers/badger/logRequestAudit.ts b/server/routers/badger/logRequestAudit.ts
index 39f1b3cf..2c10264c 100644
--- a/server/routers/badger/logRequestAudit.ts
+++ b/server/routers/badger/logRequestAudit.ts
@@ -69,7 +69,7 @@ export async function logRequestAudit(
 
         if (!orgId) {
             logger.warn("logRequestAudit: No organization context found");
-            orgId = "unknown"; 
+            orgId = "org_7g93l5xu7p61q14"; 
             // return;
         }
 
@@ -85,6 +85,26 @@ export async function logRequestAudit(
             metadata = JSON.stringify(metadata);
         }
 
+        const clientIp = body.requestIp
+            ? (() => {
+                  if (body.requestIp.startsWith("[") && body.requestIp.includes("]")) {
+                      // if brackets are found, extract the IPv6 address from between the brackets
+                      const ipv6Match = body.requestIp.match(/\[(.*?)\]/);
+                      if (ipv6Match) {
+                          return ipv6Match[1];
+                      }
+                  }
+
+                  // ivp4
+                  // split at last colon
+                  const lastColonIndex = body.requestIp.lastIndexOf(":");
+                  if (lastColonIndex !== -1) {
+                      return body.requestIp.substring(0, lastColonIndex);
+                  }
+                  return body.requestIp;
+              })()
+            : undefined;
+
         await db.insert(requestAuditLog).values({
             timestamp,
             orgId,
@@ -104,7 +124,7 @@ export async function logRequestAudit(
             host: body.host,
             path: body.path,
             method: body.method,
-            ip: body.requestIp,
+            ip: clientIp,
             tls: body.tls
         });
     } catch (error) {
diff --git a/server/routers/external.ts b/server/routers/external.ts
index ecdfe352..2b8c270f 100644
--- a/server/routers/external.ts
+++ b/server/routers/external.ts
@@ -14,6 +14,7 @@ import * as supporterKey from "./supporterKey";
 import * as accessToken from "./accessToken";
 import * as idp from "./idp";
 import * as apiKeys from "./apiKeys";
+import * as logs from "./auditLogs";
 import HttpCode from "@server/types/HttpCode";
 import {
     verifyAccessTokenAccess,
@@ -1180,3 +1181,13 @@ authRouter.delete(
     }),
     auth.deleteSecurityKey
 );
+
+authenticated.get(
+    "/org/:orgId/logs/request",
+    logs.queryRequestAuditLogs
+)
+
+authenticated.get(
+    "/org/:orgId/logs/request/export",
+    logs.exportRequestAuditLogs
+)
\ No newline at end of file
diff --git a/src/app/[orgId]/settings/logs/action/page.tsx b/src/app/[orgId]/settings/logs/action/page.tsx
index a681ec64..180815d8 100644
--- a/src/app/[orgId]/settings/logs/action/page.tsx
+++ b/src/app/[orgId]/settings/logs/action/page.tsx
@@ -190,7 +190,7 @@ export default function GeneralPage() {
             const epoch = Math.floor(Date.now() / 1000);
             link.setAttribute(
                 "download",
-                `access_audit_logs_${orgId}_${epoch}.csv`
+                `access-audit-logs-${orgId}-${epoch}.csv`
             );
             document.body.appendChild(link);
             link.click();
@@ -274,8 +274,8 @@ export default function GeneralPage() {
             <LogDataTable
                 columns={columns}
                 data={rows}
-                persistPageSize="access-logs-table"
-                title={t("accessLogs")}
+                persistPageSize="action-logs-table"
+                title={t("actionLogs")}
                 searchPlaceholder={t("searchLogs")}
                 searchColumn="action"
                 onRefresh={refreshData}
diff --git a/src/app/[orgId]/settings/logs/layout.tsx b/src/app/[orgId]/settings/logs/layout.tsx
index a5cee4a2..f917a5d0 100644
--- a/src/app/[orgId]/settings/logs/layout.tsx
+++ b/src/app/[orgId]/settings/logs/layout.tsx
@@ -34,12 +34,12 @@ export default async function GeneralSettingsPage({
 
     const navItems = [
         {
-            title: t("action"),
-            href: `/{orgId}/settings/logs/action`
-        },
-                {
             title: t("request"),
             href: `/{orgId}/settings/logs/request`
+        },
+        {
+            title: t("action"),
+            href: `/{orgId}/settings/logs/action`
         }
     ];
 
diff --git a/src/app/[orgId]/settings/logs/request/page.tsx b/src/app/[orgId]/settings/logs/request/page.tsx
new file mode 100644
index 00000000..3010806f
--- /dev/null
+++ b/src/app/[orgId]/settings/logs/request/page.tsx
@@ -0,0 +1,400 @@
+"use client";
+import { Button } from "@app/components/ui/button";
+import { toast } from "@app/hooks/useToast";
+import { useState, useRef, useEffect } from "react";
+import { createApiClient } from "@app/lib/api";
+import { useEnvContext } from "@app/hooks/useEnvContext";
+import { useParams, useRouter } from "next/navigation";
+import { useTranslations } from "next-intl";
+import { LogDataTable } from "@app/components/LogDataTable";
+import { ColumnDef } from "@tanstack/react-table";
+import { DateTimeValue } from "@app/components/DateTimePicker";
+import { Key, RouteOff, User, Lock, Unlock } from "lucide-react";
+
+export default function GeneralPage() {
+    const [isDeleteModalOpen, setIsDeleteModalOpen] = useState(false);
+    const router = useRouter();
+    const api = createApiClient(useEnvContext());
+    const t = useTranslations();
+    const { env } = useEnvContext();
+    const { orgId } = useParams();
+
+    const [rows, setRows] = useState<any[]>([]);
+    const [isRefreshing, setIsRefreshing] = useState(false);
+    const [isExporting, setIsExporting] = useState(false);
+
+    // Pagination state
+    const [totalCount, setTotalCount] = useState<number>(0);
+    const [currentPage, setCurrentPage] = useState<number>(0);
+    const [pageSize, setPageSize] = useState<number>(20);
+    const [isLoading, setIsLoading] = useState(false);
+
+    // Set default date range to last 24 hours
+    const getDefaultDateRange = () => {
+        const now = new Date();
+        const yesterday = new Date(now.getTime() - 24 * 60 * 60 * 1000);
+
+        return {
+            startDate: {
+                date: yesterday
+            },
+            endDate: {
+                date: now
+            }
+        };
+    };
+
+    const [dateRange, setDateRange] = useState<{
+        startDate: DateTimeValue;
+        endDate: DateTimeValue;
+    }>(getDefaultDateRange());
+
+    // Trigger search with default values on component mount
+    useEffect(() => {
+        const defaultRange = getDefaultDateRange();
+        queryDateTime(defaultRange.startDate, defaultRange.endDate);
+    }, [orgId]); // Re-run if orgId changes
+
+    const handleDateRangeChange = (
+        startDate: DateTimeValue,
+        endDate: DateTimeValue
+    ) => {
+        setDateRange({ startDate, endDate });
+        setCurrentPage(0); // Reset to first page when filtering
+        queryDateTime(startDate, endDate, 0, pageSize);
+    };
+
+    // Handle page changes
+    const handlePageChange = (newPage: number) => {
+        setCurrentPage(newPage);
+        queryDateTime(
+            dateRange.startDate,
+            dateRange.endDate,
+            newPage,
+            pageSize
+        );
+    };
+
+    // Handle page size changes
+    const handlePageSizeChange = (newPageSize: number) => {
+        setPageSize(newPageSize);
+        setCurrentPage(0); // Reset to first page when changing page size
+        queryDateTime(dateRange.startDate, dateRange.endDate, 0, newPageSize);
+    };
+
+    const queryDateTime = async (
+        startDate: DateTimeValue,
+        endDate: DateTimeValue,
+        page: number = currentPage,
+        size: number = pageSize
+    ) => {
+        console.log("Date range changed:", { startDate, endDate, page, size });
+        setIsLoading(true);
+
+        try {
+            // Convert the date/time values to API parameters
+            let params: any = {
+                limit: size,
+                offset: page * size
+            };
+
+            if (startDate?.date) {
+                const startDateTime = new Date(startDate.date);
+                if (startDate.time) {
+                    const [hours, minutes, seconds] = startDate.time
+                        .split(":")
+                        .map(Number);
+                    startDateTime.setHours(hours, minutes, seconds || 0);
+                }
+                params.timeStart = startDateTime.toISOString();
+            }
+
+            if (endDate?.date) {
+                const endDateTime = new Date(endDate.date);
+                if (endDate.time) {
+                    const [hours, minutes, seconds] = endDate.time
+                        .split(":")
+                        .map(Number);
+                    endDateTime.setHours(hours, minutes, seconds || 0);
+                } else {
+                    // If no time is specified, set to NOW
+                    const now = new Date();
+                    endDateTime.setHours(
+                        now.getHours(),
+                        now.getMinutes(),
+                        now.getSeconds(),
+                        now.getMilliseconds()
+                    );
+                }
+                params.timeEnd = endDateTime.toISOString();
+            }
+
+            const res = await api.get(`/org/${orgId}/logs/request`, { params });
+            if (res.status === 200) {
+                setRows(res.data.data.log || []);
+                setTotalCount(res.data.data.pagination?.total || 0);
+                console.log("Fetched logs:", res.data);
+            }
+        } catch (error) {
+            toast({
+                title: t("error"),
+                description: t("Failed to filter logs"),
+                variant: "destructive"
+            });
+        } finally {
+            setIsLoading(false);
+        }
+    };
+
+    const refreshData = async () => {
+        console.log("Data refreshed");
+        setIsRefreshing(true);
+        try {
+            // Refresh data with current date range and pagination
+            await queryDateTime(
+                dateRange.startDate,
+                dateRange.endDate,
+                currentPage,
+                pageSize
+            );
+        } catch (error) {
+            toast({
+                title: t("error"),
+                description: t("refreshError"),
+                variant: "destructive"
+            });
+        } finally {
+            setIsRefreshing(false);
+        }
+    };
+
+    const exportData = async () => {
+        try {
+            setIsExporting(true);
+            const response = await api.get(
+                `/org/${orgId}/logs/request/export`,
+                {
+                    responseType: "blob",
+                    params: {
+                        timeStart: dateRange.startDate?.date
+                            ? new Date(dateRange.startDate.date).toISOString()
+                            : undefined,
+                        timeEnd: dateRange.endDate?.date
+                            ? new Date(dateRange.endDate.date).toISOString()
+                            : undefined
+                    }
+                }
+            );
+
+            // Create a URL for the blob and trigger a download
+            const url = window.URL.createObjectURL(new Blob([response.data]));
+            const link = document.createElement("a");
+            link.href = url;
+            const epoch = Math.floor(Date.now() / 1000);
+            link.setAttribute(
+                "download",
+                `request-audit-logs-${orgId}-${epoch}.csv`
+            );
+            document.body.appendChild(link);
+            link.click();
+            link.parentNode?.removeChild(link);
+            setIsExporting(false);
+        } catch (error) {
+            toast({
+                title: t("error"),
+                description: t("exportError"),
+                variant: "destructive"
+            });
+        }
+    };
+
+    // 100 - Allowed by Rule
+    // 101 - Allowed No Auth
+    // 102 - Valid Access Token
+    // 103 - Valid header auth
+    // 104 - Valid Pincode
+    // 105 - Valid Password
+    // 106 - Valid email
+    // 107 - Valid SSO
+
+    // 201 - Resource Not Found
+    // 202 - Resource Blocked
+    // 203 - Dropped by Rule
+    // 204 - No Sessions
+    // 205 - Temporary Request Token
+    // 299 - No More Auth Methods
+
+    const reasonMap: any = {
+        100: t("allowedByRule"),
+        101: t("allowedNoAuth"),
+        102: t("validAccessToken"),
+        103: t("validHeaderAuth"),
+        104: t("validPincode"),
+        105: t("validPassword"),
+        106: t("validEmail"),
+        107: t("validSSO"),
+        201: t("resourceNotFound"),
+        202: t("resourceBlocked"),
+        203: t("droppedByRule"),
+        204: t("noSessions"),
+        205: t("temporaryRequestToken"),
+        299: t("noMoreAuthMethods")
+    };
+
+    // resourceId: integer("resourceId"),
+    // userAgent: text("userAgent"),
+    // metadata: text("details"),
+    // headers: text("headers"), // JSON blob
+    // query: text("query"), // JSON blob
+    // originalRequestURL: text("originalRequestURL"),
+    // scheme: text("scheme"),
+
+    const columns: ColumnDef<any>[] = [
+        {
+            accessorKey: "timestamp",
+            header: ({ column }) => {
+                return t("timestamp");
+            },
+            cell: ({ row }) => {
+                return (
+                    <div className="whitespace-nowrap">
+                        {new Date(
+                            row.original.timestamp * 1000
+                        ).toLocaleString()}
+                    </div>
+                );
+            }
+        },
+
+        {
+            accessorKey: "ip",
+            header: ({ column }) => {
+                return t("ip");
+            }
+        },
+
+        {
+            accessorKey: "location",
+            header: ({ column }) => {
+                return t("location");
+            },
+            cell: ({ row }) => {
+                return (
+                    <span className="flex items-center gap-1">
+                        {row.original.location ? (
+                            <span className="text-muted-foreground text-xs">
+                                ({row.original.location})
+                            </span>
+                        ) : (
+                            <span className="text-muted-foreground text-xs">
+                                -
+                            </span>
+                        )}
+                    </span>
+                );
+            }
+        },
+
+        {
+            accessorKey: "host",
+            header: ({ column }) => {
+                return t("host");
+            },
+            cell: ({ row }) => {
+                return (
+                    <span className="flex items-center gap-1">
+                        {row.original.tls ? (
+                            <Lock className="h-4 w-4" />
+                        ) : (
+                            <Unlock className="h-4 w-4" />
+                        )}
+                        {row.original.host}
+                    </span>
+                );
+            }
+        },
+        {
+            accessorKey: "path",
+            header: ({ column }) => {
+                return t("path");
+            }
+        },
+
+        // {
+        //     accessorKey: "scheme",
+        //     header: ({ column }) => {
+        //         return t("scheme");
+        //     },
+        // },
+        {
+            accessorKey: "method",
+            header: ({ column }) => {
+                return t("method");
+            }
+        },
+        {
+            accessorKey: "reason",
+            header: ({ column }) => {
+                return t("reason");
+            },
+            cell: ({ row }) => {
+                return (
+                    <span className="flex items-center gap-1">
+                        {reasonMap[row.original.reason]}
+                    </span>
+                );
+            }
+        },
+        {
+            accessorKey: "actor",
+            header: ({ column }) => {
+                return t("actor");
+            },
+            cell: ({ row }) => {
+                return (
+                    <span className="flex items-center gap-1">
+                        {row.original.actorType == "user" ? (
+                            <User className="h-4 w-4" />
+                        ) : (
+                            <Key className="h-4 w-4" />
+                        )}
+                        {row.original.actor}
+                    </span>
+                );
+            }
+        }
+    ];
+
+    return (
+        <>
+            <LogDataTable
+                columns={columns}
+                data={rows}
+                persistPageSize="request-logs-table"
+                title={t("requestLogs")}
+                searchPlaceholder={t("searchLogs")}
+                searchColumn="host"
+                onRefresh={refreshData}
+                isRefreshing={isRefreshing}
+                onExport={exportData}
+                isExporting={isExporting}
+                onDateRangeChange={handleDateRangeChange}
+                dateRange={{
+                    start: dateRange.startDate,
+                    end: dateRange.endDate
+                }}
+                defaultSort={{
+                    id: "timestamp",
+                    desc: false
+                }}
+                // Server-side pagination props
+                totalCount={totalCount}
+                currentPage={currentPage}
+                onPageChange={handlePageChange}
+                onPageSizeChange={handlePageSizeChange}
+                isLoading={isLoading}
+                defaultPageSize={pageSize}
+            />
+        </>
+    );
+}
diff --git a/src/app/navigation.tsx b/src/app/navigation.tsx
index 4b8cfe58..02d90f1e 100644
--- a/src/app/navigation.tsx
+++ b/src/app/navigation.tsx
@@ -141,7 +141,7 @@ export const orgNavSections = (
                 : []),
             {
                 title: "sidebarLogs",
-                href: "/{orgId}/settings/logs/action",
+                href: "/{orgId}/settings/logs/request",
                 icon: <Logs className="h-4 w-4" />
             },
             {
diff --git a/src/components/LogDataTable.tsx b/src/components/LogDataTable.tsx
index 3de4dc19..2c1a33b1 100644
--- a/src/components/LogDataTable.tsx
+++ b/src/components/LogDataTable.tsx
@@ -360,15 +360,36 @@ export function LogDataTable<TData, TValue>({
                                         data-state={
                                             row.getIsSelected() && "selected"
                                         }
+                                        className="text-xs" // made smaller
                                     >
-                                        {row.getVisibleCells().map((cell) => (
-                                            <TableCell key={cell.id}>
-                                                {flexRender(
-                                                    cell.column.columnDef.cell,
-                                                    cell.getContext()
-                                                )}
-                                            </TableCell>
-                                        ))}
+                                        {row.getVisibleCells().map((cell) => {
+                                            const originalRow =
+                                                row.original as any;
+                                            const actionValue =
+                                                originalRow?.action;
+                                            let className = "";
+
+                                            if (
+                                                typeof actionValue === "boolean"
+                                            ) {
+                                                className = actionValue
+                                                    ? "bg-green-100 dark:bg-green-900"
+                                                    : "bg-red-100 dark:bg-red-900";
+                                            }
+
+                                            return (
+                                                <TableCell
+                                                    key={cell.id}
+                                                    className={`${className} py-2`} // made smaller
+                                                >
+                                                    {flexRender(
+                                                        cell.column.columnDef
+                                                            .cell,
+                                                        cell.getContext()
+                                                    )}
+                                                </TableCell>
+                                            );
+                                        })}
                                     </TableRow>
                                 ))
                             ) : (

From 84731bdc192ac4e6c000be9233cea0dcb9a617d7 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Thu, 23 Oct 2025 00:55:48 +0530
Subject: [PATCH 42/69] client olm version show in the table

---
 messages/en-US.json                       |   4 +-
 server/routers/client/listClients.ts      | 122 ++++++++++++++++++++--
 src/app/[orgId]/settings/clients/page.tsx |   4 +-
 src/components/ClientsTable.tsx           |  45 +++++++-
 4 files changed, 165 insertions(+), 10 deletions(-)

diff --git a/messages/en-US.json b/messages/en-US.json
index 4cffaf98..ffbceb19 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1891,5 +1891,7 @@
     "cannotbeUndone": "This can not be undone.",
     "toConfirm": "to confirm",
     "deleteClientQuestion": "Are you sure you want to remove the client from the site and organization?",
-    "clientMessageRemove": "Once removed, the client will no longer be able to connect to the site."
+    "clientMessageRemove": "Once removed, the client will no longer be able to connect to the site.",
+    "olmUpdateAvailableInfo": "An updated version of Olm is available. Please update to the latest version for the best experience.",
+    "client": "Client"
 }
diff --git a/server/routers/client/listClients.ts b/server/routers/client/listClients.ts
index ff03b2e0..209b54b4 100644
--- a/server/routers/client/listClients.ts
+++ b/server/routers/client/listClients.ts
@@ -1,4 +1,4 @@
-import { db } from "@server/db";
+import { db, olms } from "@server/db";
 import {
     clients,
     orgs,
@@ -16,6 +16,67 @@ import createHttpError from "http-errors";
 import { z } from "zod";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
+import NodeCache from "node-cache";
+import semver from "semver";
+
+const olmVersionCache = new NodeCache({ stdTTL: 3600 }); 
+
+async function getLatestOlmVersion(): Promise<string | null> {
+    try {
+        const cachedVersion = olmVersionCache.get<string>("latestOlmVersion");
+        if (cachedVersion) {
+            return cachedVersion;
+        }
+
+        const controller = new AbortController();
+        const timeoutId = setTimeout(() => controller.abort(), 1500); 
+
+        const response = await fetch(
+            "https://api.github.com/repos/fosrl/olm/tags",
+            {
+                signal: controller.signal
+            }
+        );
+
+        clearTimeout(timeoutId);
+
+        if (!response.ok) {
+            logger.warn(
+                `Failed to fetch latest Olm version from GitHub: ${response.status} ${response.statusText}`
+            );
+            return null;
+        }
+
+        const tags = await response.json();
+        if (!Array.isArray(tags) || tags.length === 0) {
+            logger.warn("No tags found for Olm repository");
+            return null;
+        }
+
+        const latestVersion = tags[0].name;
+
+        olmVersionCache.set("latestOlmVersion", latestVersion);
+
+        return latestVersion;
+    } catch (error: any) {
+        if (error.name === "AbortError") {
+            logger.warn(
+                "Request to fetch latest Olm version timed out (1.5s)"
+            );
+        } else if (error.cause?.code === "UND_ERR_CONNECT_TIMEOUT") {
+            logger.warn(
+                "Connection timeout while fetching latest Olm version"
+            );
+        } else {
+            logger.warn(
+                "Error fetching latest Olm version:",
+                error.message || error
+            );
+        }
+        return null;
+    }
+}
+
 
 const listClientsParamsSchema = z
     .object({
@@ -50,10 +111,12 @@ function queryClients(orgId: string, accessibleClientIds: number[]) {
             megabytesOut: clients.megabytesOut,
             orgName: orgs.name,
             type: clients.type,
-            online: clients.online
+            online: clients.online,
+            olmVersion: olms.version
         })
         .from(clients)
         .leftJoin(orgs, eq(clients.orgId, orgs.orgId))
+        .leftJoin(olms, eq(clients.clientId, olms.clientId))
         .where(
             and(
                 inArray(clients.clientId, accessibleClientIds),
@@ -77,12 +140,20 @@ async function getSiteAssociations(clientIds: number[]) {
         .where(inArray(clientSites.clientId, clientIds));
 }
 
+type OlmWithUpdateAvailable = Awaited<ReturnType<typeof queryClients>>[0] & {
+    olmUpdateAvailable?: boolean;
+};
+
+
 export type ListClientsResponse = {
-    clients: Array<Awaited<ReturnType<typeof queryClients>>[0] & { sites: Array<{
-        siteId: number;
-        siteName: string | null;
-        siteNiceId: string | null;
-    }> }>;
+    clients: Array<Awaited<ReturnType<typeof queryClients>>[0] & {
+        sites: Array<{
+            siteId: number;
+            siteName: string | null;
+            siteNiceId: string | null;
+        }>
+        olmUpdateAvailable?: boolean;
+    }>;
     pagination: { total: number; limit: number; offset: number };
 };
 
@@ -206,6 +277,43 @@ export async function listClients(
             sites: sitesByClient[client.clientId] || []
         }));
 
+        const latestOlVersionPromise = getLatestOlmVersion();
+
+        const olmsWithUpdates: OlmWithUpdateAvailable[] = clientsWithSites.map(
+            (client) => {
+                const OlmWithUpdate: OlmWithUpdateAvailable = { ...client };
+                // Initially set to false, will be updated if version check succeeds
+                OlmWithUpdate.olmUpdateAvailable = false;
+                return OlmWithUpdate;
+            }
+        );
+
+        // Try to get the latest version, but don't block if it fails
+        try {
+            const latestOlVersion = await latestOlVersionPromise;
+
+            if (latestOlVersion) {
+                olmsWithUpdates.forEach((client) => {
+                    try {
+                        client.olmUpdateAvailable = semver.lt(
+                            client.olmVersion ? client.olmVersion : "",
+                            latestOlVersion
+                        );
+                    } catch (error) {
+                        client.olmUpdateAvailable = false;
+                    }
+
+                });
+            }
+        } catch (error) {
+            // Log the error but don't let it block the response
+            logger.warn(
+                "Failed to check for OLM updates, continuing without update info:",
+                error
+            );
+        }
+
+
         return response<ListClientsResponse>(res, {
             data: {
                 clients: clientsWithSites,
diff --git a/src/app/[orgId]/settings/clients/page.tsx b/src/app/[orgId]/settings/clients/page.tsx
index 0813ad3c..fd73b736 100644
--- a/src/app/[orgId]/settings/clients/page.tsx
+++ b/src/app/[orgId]/settings/clients/page.tsx
@@ -44,7 +44,9 @@ export default async function ClientsPage(props: ClientsPageProps) {
             mbIn: formatSize(client.megabytesIn || 0),
             mbOut: formatSize(client.megabytesOut || 0),
             orgId: params.orgId,
-            online: client.online
+            online: client.online,
+            olmVersion: client.olmVersion || undefined,
+            olmUpdateAvailable: client.olmUpdateAvailable || false,
         };
     });
 
diff --git a/src/components/ClientsTable.tsx b/src/components/ClientsTable.tsx
index 95a6b55d..471cdf28 100644
--- a/src/components/ClientsTable.tsx
+++ b/src/components/ClientsTable.tsx
@@ -26,6 +26,8 @@ import { formatAxiosError } from "@app/lib/api";
 import { createApiClient } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import { useTranslations } from "next-intl";
+import { Badge } from "./ui/badge";
+import { InfoPopup } from "./ui/info-popup";
 
 export type ClientRow = {
     id: number;
@@ -36,6 +38,8 @@ export type ClientRow = {
     mbOut: string;
     orgId: string;
     online: boolean;
+    olmVersion?: string;
+    olmUpdateAvailable: boolean;
 };
 
 type ClientTableProps = {
@@ -204,6 +208,45 @@ export default function ClientsTable({ clients, orgId }: ClientTableProps) {
                 );
             }
         },
+        {
+            accessorKey: "client",
+            header: ({ column }) => {
+                return (
+                    <Button
+                        variant="ghost"
+                        onClick={() =>
+                            column.toggleSorting(column.getIsSorted() === "asc")
+                        }
+                    >
+                        {t("client")}
+                        <ArrowUpDown className="ml-2 h-4 w-4" />
+                    </Button>
+                );
+            },
+            cell: ({ row }) => {
+                const originalRow = row.original;
+
+                return (
+                    <div className="flex items-center space-x-1">
+                        <Badge variant="secondary">
+                            <div className="flex items-center space-x-2">
+                                <span>Olm</span>
+                                {originalRow.olmVersion && (
+                                    <span className="text-xs text-gray-500">
+                                        v{originalRow.olmVersion}
+                                    </span>
+                                )}
+                            </div>
+                        </Badge>
+                        {originalRow.olmUpdateAvailable && (
+                            <InfoPopup
+                                info={t("olmUpdateAvailableInfo")}
+                            />
+                        )}
+                    </div>
+                );
+            }
+        },
         {
             accessorKey: "subnet",
             header: ({ column }) => {
@@ -282,7 +325,7 @@ export default function ClientsTable({ clients, orgId }: ClientTableProps) {
                                 {t("deleteClientQuestion")}
                             </p>
                             <p>
-                                    {t("clientMessageRemove")}
+                                {t("clientMessageRemove")}
                             </p>
                         </div>
                     }

From f2c31d3ca697f1ad72b94f0b719ade83fd2808f4 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Wed, 22 Oct 2025 14:27:21 -0700
Subject: [PATCH 43/69] Add actor data to request

---
 server/db/pg/schema/schema.ts                 |  1 -
 server/db/sqlite/schema/schema.ts             |  1 -
 server/routers/auditLogs/types.ts             |  2 +-
 server/routers/badger/logRequestAudit.ts      | 18 ++--
 server/routers/badger/verifySession.ts        | 87 ++++++++++++++-----
 .../[orgId]/settings/logs/request/page.tsx    | 14 ++-
 6 files changed, 79 insertions(+), 44 deletions(-)

diff --git a/server/db/pg/schema/schema.ts b/server/db/pg/schema/schema.ts
index 00942de3..f204d5bc 100644
--- a/server/db/pg/schema/schema.ts
+++ b/server/db/pg/schema/schema.ts
@@ -678,7 +678,6 @@ export const requestAuditLog = pgTable(
         id: serial("id").primaryKey(),
         timestamp: integer("timestamp").notNull(), // this is EPOCH time in seconds
         orgId: text("orgId")
-            .notNull()
             .references(() => orgs.orgId, { onDelete: "cascade" }),
         action: boolean("action").notNull(),
         reason: integer("reason").notNull(),
diff --git a/server/db/sqlite/schema/schema.ts b/server/db/sqlite/schema/schema.ts
index f7f1913a..28697318 100644
--- a/server/db/sqlite/schema/schema.ts
+++ b/server/db/sqlite/schema/schema.ts
@@ -723,7 +723,6 @@ export const requestAuditLog = sqliteTable(
         id: integer("id").primaryKey({ autoIncrement: true }),
         timestamp: integer("timestamp").notNull(), // this is EPOCH time in seconds
         orgId: text("orgId")
-            .notNull()
             .references(() => orgs.orgId, { onDelete: "cascade" }),
         action: integer("action", { mode: "boolean" }).notNull(),
         reason: integer("reason").notNull(),
diff --git a/server/routers/auditLogs/types.ts b/server/routers/auditLogs/types.ts
index f2f6139f..f0b1a224 100644
--- a/server/routers/auditLogs/types.ts
+++ b/server/routers/auditLogs/types.ts
@@ -17,9 +17,9 @@ export type QueryActionAuditLogResponse = {
 export type QueryRequestAuditLogResponse = {
     log: {
         timestamp: number;
-        orgId: string;
         action: boolean;
         reason: number;
+        orgId: string | null;
         actorType: string | null;
         actor: string | null;
         actorId: string | null;
diff --git a/server/routers/badger/logRequestAudit.ts b/server/routers/badger/logRequestAudit.ts
index 2c10264c..b9adc161 100644
--- a/server/routers/badger/logRequestAudit.ts
+++ b/server/routers/badger/logRequestAudit.ts
@@ -27,9 +27,10 @@ export async function logRequestAudit(
         action: boolean;
         reason: number;
         resourceId?: number;
+        orgId?: string;
         location?: string;
-        user?: { username: string; userId: string; orgId: string };
-        apiKey?: { name: string; apiKeyId: string; orgId: string };
+        user?: { username: string; userId: string; };
+        apiKey?: { name: string | null; apiKeyId: string; };
         metadata?: any;
         // userAgent?: string;
     },
@@ -47,32 +48,23 @@ export async function logRequestAudit(
     }
 ) {
     try {
-        let orgId: string | undefined;
         let actorType: string | undefined;
         let actor: string | undefined;
         let actorId: string | undefined;
 
         const user = data.user;
         if (user) {
-            orgId = user.orgId;
             actorType = "user";
             actor = user.username;
             actorId = user.userId;
         }
         const apiKey = data.apiKey;
         if (apiKey) {
-            orgId = apiKey.orgId;
             actorType = "apiKey";
-            actor = apiKey.name;
+            actor = apiKey.name || apiKey.apiKeyId;
             actorId = apiKey.apiKeyId;
         }
 
-        if (!orgId) {
-            logger.warn("logRequestAudit: No organization context found");
-            orgId = "org_7g93l5xu7p61q14"; 
-            // return;
-        }
-
         // if (!actorType || !actor || !actorId) {
         //     logger.warn("logRequestAudit: Incomplete actor information");
         //     return;
@@ -107,7 +99,7 @@ export async function logRequestAudit(
 
         await db.insert(requestAuditLog).values({
             timestamp,
-            orgId,
+            orgId: data.orgId,
             actorType,
             actor,
             actorId,
diff --git a/server/routers/badger/verifySession.ts b/server/routers/badger/verifySession.ts
index d5a859ab..db4bdf25 100644
--- a/server/routers/badger/verifySession.ts
+++ b/server/routers/badger/verifySession.ts
@@ -1,6 +1,4 @@
-import {
-    validateResourceSessionToken
-} from "@server/auth/sessions/resource";
+import { validateResourceSessionToken } from "@server/auth/sessions/resource";
 import { verifyResourceAccessToken } from "@server/auth/verifyResourceAccessToken";
 import {
     getResourceByDomain,
@@ -151,14 +149,17 @@ export async function verifyResourceSession(
             if (!result) {
                 logger.debug(`Resource not found ${cleanHost}`);
 
-                logRequestAudit(
-                    {
-                        action: false,
-                        reason: 201, //resource not found
-                        location: ipCC
-                    },
-                    parsedBody.data
-                );
+                // TODO: we cant log this for now because we dont know the org
+                // eventually it would be cool to show this for the server admin
+
+                // logRequestAudit(
+                //     {
+                //         action: false,
+                //         reason: 201, //resource not found
+                //         location: ipCC
+                //     },
+                //     parsedBody.data
+                // );
 
                 return notAllowed(res);
             }
@@ -172,14 +173,17 @@ export async function verifyResourceSession(
         if (!resource) {
             logger.debug(`Resource not found ${cleanHost}`);
 
-            logRequestAudit(
-                {
-                    action: false,
-                    reason: 201, //resource not found
-                    location: ipCC
-                },
-                parsedBody.data
-            );
+            // TODO: we cant log this for now because we dont know the org
+            // eventually it would be cool to show this for the server admin
+
+            // logRequestAudit(
+            //     {
+            //         action: false,
+            //         reason: 201, //resource not found
+            //         location: ipCC
+            //     },
+            //     parsedBody.data
+            // );
 
             return notAllowed(res);
         }
@@ -193,6 +197,8 @@ export async function verifyResourceSession(
                 {
                     action: false,
                     reason: 202, //resource blocked
+                    resourceId: resource.resourceId,
+                    orgId: resource.orgId,
                     location: ipCC
                 },
                 parsedBody.data
@@ -218,6 +224,7 @@ export async function verifyResourceSession(
                         action: true,
                         reason: 100, // allowed by rule
                         resourceId: resource.resourceId,
+                        orgId: resource.orgId,
                         location: ipCC
                     },
                     parsedBody.data
@@ -233,6 +240,7 @@ export async function verifyResourceSession(
                         action: false,
                         reason: 203, // dropped by rules
                         resourceId: resource.resourceId,
+                        orgId: resource.orgId,
                         location: ipCC
                     },
                     parsedBody.data
@@ -264,6 +272,7 @@ export async function verifyResourceSession(
                     action: true,
                     reason: 101, // allowed no auth
                     resourceId: resource.resourceId,
+                    orgId: resource.orgId,
                     location: ipCC
                 },
                 parsedBody.data
@@ -325,7 +334,12 @@ export async function verifyResourceSession(
                         action: true,
                         reason: 102, // valid access token
                         resourceId: resource.resourceId,
-                        location: ipCC
+                        orgId: resource.orgId,
+                        location: ipCC,
+                        apiKey: {
+                            name: tokenItem.title,
+                            apiKeyId: tokenItem.accessTokenId,
+                        }
                     },
                     parsedBody.data
                 );
@@ -371,7 +385,12 @@ export async function verifyResourceSession(
                         action: true,
                         reason: 102, // valid access token
                         resourceId: resource.resourceId,
-                        location: ipCC
+                        orgId: resource.orgId,
+                        location: ipCC,
+                        apiKey: {
+                            name: tokenItem.title,
+                            apiKeyId: tokenItem.accessTokenId,
+                        }
                     },
                     parsedBody.data
                 );
@@ -393,7 +412,8 @@ export async function verifyResourceSession(
                         action: true,
                         reason: 103, // valid header auth
                         resourceId: resource.resourceId,
-                        location: ipCC
+                        orgId: resource.orgId,
+                        location: ipCC,
                     },
                     parsedBody.data
                 );
@@ -413,6 +433,7 @@ export async function verifyResourceSession(
                         action: true,
                         reason: 103, // valid header auth
                         resourceId: resource.resourceId,
+                        orgId: resource.orgId,
                         location: ipCC
                     },
                     parsedBody.data
@@ -433,6 +454,7 @@ export async function verifyResourceSession(
                         action: false,
                         reason: 299, // no more auth methods
                         resourceId: resource.resourceId,
+                        orgId: resource.orgId,
                         location: ipCC
                     },
                     parsedBody.data
@@ -453,6 +475,7 @@ export async function verifyResourceSession(
                         action: false,
                         reason: 299, // no more auth methods
                         resourceId: resource.resourceId,
+                        orgId: resource.orgId,
                         location: ipCC
                     },
                     parsedBody.data
@@ -476,6 +499,7 @@ export async function verifyResourceSession(
                     action: false,
                     reason: 204, // no sessions
                     resourceId: resource.resourceId,
+                    orgId: resource.orgId,
                     location: ipCC
                 },
                 parsedBody.data
@@ -520,6 +544,7 @@ export async function verifyResourceSession(
                         action: false,
                         reason: 205, // temporary request token
                         resourceId: resource.resourceId,
+                        orgId: resource.orgId,
                         location: ipCC
                     },
                     parsedBody.data
@@ -539,6 +564,7 @@ export async function verifyResourceSession(
                             action: true,
                             reason: 104, // valid pincode
                             resourceId: resource.resourceId,
+                            orgId: resource.orgId,
                             location: ipCC
                         },
                         parsedBody.data
@@ -557,6 +583,7 @@ export async function verifyResourceSession(
                             action: true,
                             reason: 105, // valid password
                             resourceId: resource.resourceId,
+                            orgId: resource.orgId,
                             location: ipCC
                         },
                         parsedBody.data
@@ -578,6 +605,7 @@ export async function verifyResourceSession(
                             action: true,
                             reason: 106, // valid email
                             resourceId: resource.resourceId,
+                            orgId: resource.orgId,
                             location: ipCC
                         },
                         parsedBody.data
@@ -596,7 +624,12 @@ export async function verifyResourceSession(
                             action: true,
                             reason: 102, // valid access token
                             resourceId: resource.resourceId,
-                            location: ipCC
+                            orgId: resource.orgId,
+                            location: ipCC,
+                            apiKey: {
+                                name: resourceSession.accessTokenTitle,
+                                apiKeyId: resourceSession.accessTokenId,
+                            }
                         },
                         parsedBody.data
                     );
@@ -634,7 +667,12 @@ export async function verifyResourceSession(
                                 action: true,
                                 reason: 107, // valid sso
                                 resourceId: resource.resourceId,
-                                location: ipCC
+                                orgId: resource.orgId,
+                                location: ipCC,
+                                user: {
+                                    username: allowedUserData.username,
+                                    userId: resourceSession.userId
+                                }
                             },
                             parsedBody.data
                         );
@@ -662,6 +700,7 @@ export async function verifyResourceSession(
                 action: false,
                 reason: 299, // no more auth methods
                 resourceId: resource.resourceId,
+                orgId: resource.orgId,
                 location: ipCC
             },
             parsedBody.data
diff --git a/src/app/[orgId]/settings/logs/request/page.tsx b/src/app/[orgId]/settings/logs/request/page.tsx
index 3010806f..de1a2099 100644
--- a/src/app/[orgId]/settings/logs/request/page.tsx
+++ b/src/app/[orgId]/settings/logs/request/page.tsx
@@ -353,12 +353,18 @@ export default function GeneralPage() {
             cell: ({ row }) => {
                 return (
                     <span className="flex items-center gap-1">
-                        {row.original.actorType == "user" ? (
-                            <User className="h-4 w-4" />
+                        {row.original.actor ? (
+                            <>
+                                {row.original.actorType == "user" ? (
+                                    <User className="h-4 w-4" />
+                                ) : (
+                                    <Key className="h-4 w-4" />
+                                )}
+                                {row.original.actor}
+                            </>
                         ) : (
-                            <Key className="h-4 w-4" />
+                            <>-</>
                         )}
-                        {row.original.actor}
                     </span>
                 );
             }

From 7f981f05fb6400aee0bc2f90494bd714a128ce93 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Wed, 22 Oct 2025 14:58:18 -0700
Subject: [PATCH 44/69] Show resource link in table for requests

---
 .../routers/auditLogs/queryRequstAuditLog.ts  |  7 +++++--
 server/routers/auditLogs/types.ts             |  2 ++
 .../[orgId]/settings/logs/request/page.tsx    | 20 +++++++++++++++++--
 3 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/server/routers/auditLogs/queryRequstAuditLog.ts b/server/routers/auditLogs/queryRequstAuditLog.ts
index 3f5d7f43..cadda1d7 100644
--- a/server/routers/auditLogs/queryRequstAuditLog.ts
+++ b/server/routers/auditLogs/queryRequstAuditLog.ts
@@ -1,4 +1,4 @@
-import { db, requestAuditLog } from "@server/db";
+import { db, requestAuditLog, resources } from "@server/db";
 import { registry } from "@server/openApi";
 import { NextFunction } from "express";
 import { Request, Response } from "express";
@@ -68,9 +68,12 @@ export function querySites(timeStart: number, timeEnd: number, orgId: string) {
             host: requestAuditLog.host, 
             path: requestAuditLog.path, 
             method: requestAuditLog.method, 
-            tls: requestAuditLog.tls, 
+            tls: requestAuditLog.tls,
+            resourceName: resources.name,
+            resourceNiceId: resources.niceId
         })
         .from(requestAuditLog)
+        .leftJoin(resources, eq(requestAuditLog.resourceId, resources.resourceId)) // TODO: Is this efficient?
         .where(
             and(
                 gt(requestAuditLog.timestamp, timeStart),
diff --git a/server/routers/auditLogs/types.ts b/server/routers/auditLogs/types.ts
index f0b1a224..38617f44 100644
--- a/server/routers/auditLogs/types.ts
+++ b/server/routers/auditLogs/types.ts
@@ -24,6 +24,8 @@ export type QueryRequestAuditLogResponse = {
         actor: string | null;
         actorId: string | null;
         resourceId: number | null;
+        resourceNiceId: string | null;
+        resourceName: string | null;
         ip: string | null;
         location: string | null;
         userAgent: string | null;
diff --git a/src/app/[orgId]/settings/logs/request/page.tsx b/src/app/[orgId]/settings/logs/request/page.tsx
index de1a2099..3dba67d0 100644
--- a/src/app/[orgId]/settings/logs/request/page.tsx
+++ b/src/app/[orgId]/settings/logs/request/page.tsx
@@ -9,7 +9,8 @@ import { useTranslations } from "next-intl";
 import { LogDataTable } from "@app/components/LogDataTable";
 import { ColumnDef } from "@tanstack/react-table";
 import { DateTimeValue } from "@app/components/DateTimePicker";
-import { Key, RouteOff, User, Lock, Unlock } from "lucide-react";
+import { Key, RouteOff, User, Lock, Unlock, ArrowUpRight } from "lucide-react";
+import Link from "next/link";
 
 export default function GeneralPage() {
     const [isDeleteModalOpen, setIsDeleteModalOpen] = useState(false);
@@ -294,7 +295,22 @@ export default function GeneralPage() {
                 );
             }
         },
-
+        {
+            accessorKey: "resourceName",
+            header: t("resource"),
+            cell: ({ row }) => {
+                return (
+                    <Link
+                        href={`/${row.original.orgId}/settings/resources/${row.original.resourceNiceId}`}
+                    >
+                        <Button variant="outline" size="sm" className="text-xs h-6">
+                            {row.original.resourceName}
+                            <ArrowUpRight className="ml-2 h-3 w-3" />
+                        </Button>
+                    </Link>
+                );
+            }
+        },
         {
             accessorKey: "host",
             header: ({ column }) => {

From 0211f75cb65ea895283c0327cb75a00bee63fc8f Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Wed, 22 Oct 2025 17:42:27 -0700
Subject: [PATCH 45/69] Access logs working

---
 messages/en-US.json                           |   2 +-
 server/db/pg/schema/privateSchema.ts          |  17 +-
 server/db/pg/schema/schema.ts                 |   2 +-
 server/db/sqlite/schema/privateSchema.ts      |  20 +-
 server/db/sqlite/schema/schema.ts             |   2 +-
 server/private/lib/logAccessAudit.ts          | 102 +++++
 .../routers/auditLogs/exportAccessAuditLog.ts |  81 ++++
 .../routers/auditLogs/exportActionAuditLog.ts |  11 +-
 server/private/routers/auditLogs/index.ts     |   4 +-
 .../routers/auditLogs/queryAccessAuditLog.ts  | 173 ++++++++
 .../routers/auditLogs/queryActionAuditLog.ts  |   8 +-
 server/private/routers/external.ts            |  11 +-
 .../routers/auditLogs/exportRequstAuditLog.ts |   4 +-
 .../routers/auditLogs/queryRequstAuditLog.ts  |   8 +-
 server/routers/auditLogs/types.ts             |  26 +-
 server/routers/auth/login.ts                  |  66 ++-
 .../routers/resource/authWithAccessToken.ts   |  24 +-
 server/routers/resource/authWithPassword.ts   |  20 +
 server/routers/resource/authWithPincode.ts    |  20 +
 server/routers/resource/authWithWhitelist.ts  |  36 +-
 server/routers/resource/getExchangeToken.ts   |  24 +-
 src/actions/server.ts                         |   1 +
 src/app/[orgId]/settings/logs/access/page.tsx | 375 ++++++++++++++++++
 src/app/[orgId]/settings/logs/action/page.tsx |   2 +-
 src/app/[orgId]/settings/logs/layout.tsx      |  11 +-
 .../[orgId]/settings/logs/request/page.tsx    |  21 +-
 src/components/LogDataTable.tsx               |   4 +-
 src/components/LoginForm.tsx                  |   7 +-
 28 files changed, 1003 insertions(+), 79 deletions(-)
 create mode 100644 server/private/lib/logAccessAudit.ts
 create mode 100644 server/private/routers/auditLogs/exportAccessAuditLog.ts
 create mode 100644 server/private/routers/auditLogs/queryAccessAuditLog.ts
 create mode 100644 src/app/[orgId]/settings/logs/access/page.tsx

diff --git a/messages/en-US.json b/messages/en-US.json
index d1041ea1..cb470439 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1915,7 +1915,7 @@
     "droppedByRule": "Dropped by Rule",
     "noSessions": "No Sessions",
     "temporaryRequestToken": "Temporary Request Token",
-    "noMoreAuthMethods": "No More Auth Methods",
+    "noMoreAuthMethods": "No Valid Auth",
     "ip": "IP Address",
     "reason": "Reason",
     "requestLogs": "Request Logs",
diff --git a/server/db/pg/schema/privateSchema.ts b/server/db/pg/schema/privateSchema.ts
index d2bb8841..266a8646 100644
--- a/server/db/pg/schema/privateSchema.ts
+++ b/server/db/pg/schema/privateSchema.ts
@@ -230,23 +230,22 @@ export const actionAuditLog = pgTable("actionAuditLog", {
     index("idx_actionAuditLog_org_timestamp").on(table.orgId, table.timestamp)
 ]));
 
-export const identityAuditLog = pgTable("identityAuditLog", {
+export const accessAuditLog = pgTable("accessAuditLog", {
     id: serial("id").primaryKey(),
     timestamp: bigint("timestamp", { mode: "number" }).notNull(), // this is EPOCH time in seconds
     orgId: varchar("orgId")
         .notNull()
         .references(() => orgs.orgId, { onDelete: "cascade" }),
-    actorType: varchar("actorType", { length: 50 }).notNull(),
-    actor: varchar("actor", { length: 255 }).notNull(),
-    actorId: varchar("actorId", { length: 255 }).notNull(),
+    actorType: varchar("actorType", { length: 50 }),
+    actor: varchar("actor", { length: 255 }),
+    actorId: varchar("actorId", { length: 255 }),
     resourceId: integer("resourceId"),
-    ip: varchar("ip", { length: 45 }).notNull(),
+    ip: varchar("ip", { length: 45 }),
     type: varchar("type", { length: 100 }).notNull(),
-    action: varchar("action", { length: 100 }).notNull(),
+    action: boolean("action").notNull(),
     location: text("location"),
-    path: text("path"),
     userAgent: text("userAgent"),
-    metadata: text("details")
+    metadata: text("metadata")
 }, (table) => ([
     index("idx_identityAuditLog_timestamp").on(table.timestamp),
     index("idx_identityAuditLog_org_timestamp").on(table.orgId, table.timestamp)
@@ -270,4 +269,4 @@ export type RemoteExitNodeSession = InferSelectModel<
 export type ExitNodeOrg = InferSelectModel<typeof exitNodeOrgs>;
 export type LoginPage = InferSelectModel<typeof loginPage>;
 export type ActionAuditLog = InferSelectModel<typeof actionAuditLog>;
-export type IdentityAuditLog = InferSelectModel<typeof identityAuditLog>;
\ No newline at end of file
+export type AccessAuditLog = InferSelectModel<typeof accessAuditLog>;
\ No newline at end of file
diff --git a/server/db/pg/schema/schema.ts b/server/db/pg/schema/schema.ts
index f204d5bc..f5322035 100644
--- a/server/db/pg/schema/schema.ts
+++ b/server/db/pg/schema/schema.ts
@@ -688,7 +688,7 @@ export const requestAuditLog = pgTable(
         ip: text("ip"),
         location: text("location"),
         userAgent: text("userAgent"),
-        metadata: text("details"),
+        metadata: text("metadata"),
         headers: text("headers"), // JSON blob
         query: text("query"), // JSON blob
         originalRequestURL: text("originalRequestURL"),
diff --git a/server/db/sqlite/schema/privateSchema.ts b/server/db/sqlite/schema/privateSchema.ts
index 81c76799..89d11310 100644
--- a/server/db/sqlite/schema/privateSchema.ts
+++ b/server/db/sqlite/schema/privateSchema.ts
@@ -225,23 +225,22 @@ export const actionAuditLog = sqliteTable("actionAuditLog", {
     index("idx_actionAuditLog_org_timestamp").on(table.orgId, table.timestamp)
 ]));
 
-export const identityAuditLog = sqliteTable("identityAuditLog", {
+export const accessAuditLog = sqliteTable("accessAuditLog", {
     id: integer("id").primaryKey({ autoIncrement: true }),
     timestamp: integer("timestamp").notNull(), // this is EPOCH time in seconds
     orgId: text("orgId")
         .notNull()
         .references(() => orgs.orgId, { onDelete: "cascade" }),
-    actorType: text("actorType").notNull(),
-    actor: text("actor").notNull(),
-    actorId: text("actorId").notNull(),
+    actorType: text("actorType"),
+    actor: text("actor"),
+    actorId: text("actorId"),
     resourceId: integer("resourceId"),
-    ip: text("ip").notNull(),
-    type: text("type").notNull(),
-    action: text("action").notNull(),
+    ip: text("ip"),
     location: text("location"),
-    path: text("path"),
+    type: text("type").notNull(),
+    action: integer("action", { mode: "boolean" }).notNull(),
     userAgent: text("userAgent"),
-    metadata: text("details")
+    metadata: text("metadata")
 }, (table) => ([
     index("idx_identityAuditLog_timestamp").on(table.timestamp),
     index("idx_identityAuditLog_org_timestamp").on(table.orgId, table.timestamp)
@@ -264,4 +263,5 @@ export type RemoteExitNodeSession = InferSelectModel<
 >;
 export type ExitNodeOrg = InferSelectModel<typeof exitNodeOrgs>;
 export type LoginPage = InferSelectModel<typeof loginPage>;
-export type ActionAuditLog = InferSelectModel<typeof actionAuditLog>;
\ No newline at end of file
+export type ActionAuditLog = InferSelectModel<typeof actionAuditLog>;
+export type AccessAuditLog = InferSelectModel<typeof accessAuditLog>;
\ No newline at end of file
diff --git a/server/db/sqlite/schema/schema.ts b/server/db/sqlite/schema/schema.ts
index 28697318..6980dab3 100644
--- a/server/db/sqlite/schema/schema.ts
+++ b/server/db/sqlite/schema/schema.ts
@@ -733,7 +733,7 @@ export const requestAuditLog = sqliteTable(
         ip: text("ip"),
         location: text("location"),
         userAgent: text("userAgent"),
-        metadata: text("details"),
+        metadata: text("metadata"),
         headers: text("headers"), // JSON blob
         query: text("query"), // JSON blob
         originalRequestURL: text("originalRequestURL"),
diff --git a/server/private/lib/logAccessAudit.ts b/server/private/lib/logAccessAudit.ts
new file mode 100644
index 00000000..9b3ae4d5
--- /dev/null
+++ b/server/private/lib/logAccessAudit.ts
@@ -0,0 +1,102 @@
+import { accessAuditLog, db } from "@server/db";
+import { getCountryCodeForIp } from "@server/lib/geoip";
+import logger from "@server/logger";
+import NodeCache from "node-cache";
+
+const cache = new NodeCache({
+    stdTTL: 5 // seconds
+});
+
+export async function logAccessAudit(data: {
+    action: boolean;
+    type: string;
+    orgId: string;
+    resourceId?: number;
+    user?: { username: string; userId: string };
+    apiKey?: { name: string | null; apiKeyId: string };
+    metadata?: any;
+    userAgent?: string;
+    requestIp?: string;
+}) {
+    try {
+        let actorType: string | undefined;
+        let actor: string | undefined;
+        let actorId: string | undefined;
+
+        const user = data.user;
+        if (user) {
+            actorType = "user";
+            actor = user.username;
+            actorId = user.userId;
+        }
+        const apiKey = data.apiKey;
+        if (apiKey) {
+            actorType = "apiKey";
+            actor = apiKey.name || apiKey.apiKeyId;
+            actorId = apiKey.apiKeyId;
+        }
+
+        // if (!actorType || !actor || !actorId) {
+        //     logger.warn("logRequestAudit: Incomplete actor information");
+        //     return;
+        // }
+
+        const timestamp = Math.floor(Date.now() / 1000);
+
+        let metadata = null;
+        if (metadata) {
+            metadata = JSON.stringify(metadata);
+        }
+
+        const clientIp = data.requestIp
+            ? (() => {
+                  if (
+                      data.requestIp.startsWith("[") &&
+                      data.requestIp.includes("]")
+                  ) {
+                      // if brackets are found, extract the IPv6 address from between the brackets
+                      const ipv6Match = data.requestIp.match(/\[(.*?)\]/);
+                      if (ipv6Match) {
+                          return ipv6Match[1];
+                      }
+                  }
+                  return data.requestIp;
+              })()
+            : undefined;
+
+        const countryCode = data.requestIp
+            ? await getCountryCodeFromIp(data.requestIp)
+            : undefined;
+
+        await db.insert(accessAuditLog).values({
+            timestamp: timestamp,
+            orgId: data.orgId,
+            actorType,
+            actor,
+            actorId,
+            action: data.action,
+            type: data.type,
+            metadata,
+            resourceId: data.resourceId,
+            userAgent: data.userAgent,
+            ip: clientIp,
+            location: countryCode
+        });
+    } catch (error) {
+        logger.error(error);
+    }
+}
+
+async function getCountryCodeFromIp(ip: string): Promise<string | undefined> {
+    const geoIpCacheKey = `geoip_access:${ip}`;
+
+    let cachedCountryCode: string | undefined = cache.get(geoIpCacheKey);
+
+    if (!cachedCountryCode) {
+        cachedCountryCode = await getCountryCodeForIp(ip); // do it locally
+        // Cache for longer since IP geolocation doesn't change frequently
+        cache.set(geoIpCacheKey, cachedCountryCode, 300); // 5 minutes
+    }
+
+    return cachedCountryCode;
+}
diff --git a/server/private/routers/auditLogs/exportAccessAuditLog.ts b/server/private/routers/auditLogs/exportAccessAuditLog.ts
new file mode 100644
index 00000000..8a6398fa
--- /dev/null
+++ b/server/private/routers/auditLogs/exportAccessAuditLog.ts
@@ -0,0 +1,81 @@
+/*
+ * This file is part of a proprietary work.
+ *
+ * Copyright (c) 2025 Fossorial, Inc.
+ * All rights reserved.
+ *
+ * This file is licensed under the Fossorial Commercial License.
+ * You may not use this file except in compliance with the License.
+ * Unauthorized use, copying, modification, or distribution is strictly prohibited.
+ *
+ * This file is not licensed under the AGPLv3.
+ */
+
+import { registry } from "@server/openApi";
+import { NextFunction } from "express";
+import { Request, Response } from "express";
+import { OpenAPITags } from "@server/openApi";
+import createHttpError from "http-errors";
+import HttpCode from "@server/types/HttpCode";
+import { fromError } from "zod-validation-error";
+import logger from "@server/logger";
+import { queryAccessAuditLogsParams, queryAccessAuditLogsQuery, queryAccess } from "./queryAccessAuditLog";
+import { generateCSV } from "@server/routers/auditLogs/generateCSV";
+
+registry.registerPath({
+    method: "get",
+    path: "/org/{orgId}/logs/access/export",
+    description: "Export the access audit log for an organization as CSV",
+    tags: [OpenAPITags.Org],
+    request: {
+        query: queryAccessAuditLogsQuery,
+        params: queryAccessAuditLogsParams
+    },
+    responses: {}
+});
+
+export async function exportAccessAuditLogs(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedQuery = queryAccessAuditLogsQuery.safeParse(req.query);
+        if (!parsedQuery.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedQuery.error)
+                )
+            );
+        }
+        const { timeStart, timeEnd, limit, offset } = parsedQuery.data;
+
+        const parsedParams = queryAccessAuditLogsParams.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error)
+                )
+            );
+        }
+        const { orgId } = parsedParams.data;
+
+        const baseQuery = queryAccess(timeStart, timeEnd, orgId);
+
+        const log = await baseQuery.limit(limit).offset(offset);
+
+        const csvData = generateCSV(log);
+        
+        res.setHeader('Content-Type', 'text/csv');
+        res.setHeader('Content-Disposition', `attachment; filename="access-audit-logs-${orgId}-${Date.now()}.csv"`);
+        
+        return res.send(csvData);
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
\ No newline at end of file
diff --git a/server/private/routers/auditLogs/exportActionAuditLog.ts b/server/private/routers/auditLogs/exportActionAuditLog.ts
index 4d15dd55..21329879 100644
--- a/server/private/routers/auditLogs/exportActionAuditLog.ts
+++ b/server/private/routers/auditLogs/exportActionAuditLog.ts
@@ -11,25 +11,20 @@
  * This file is not licensed under the AGPLv3.
  */
 
-import { actionAuditLog, db } from "@server/db";
 import { registry } from "@server/openApi";
 import { NextFunction } from "express";
 import { Request, Response } from "express";
-import { eq, gt, lt, and, count } from "drizzle-orm";
 import { OpenAPITags } from "@server/openApi";
-import { z } from "zod";
 import createHttpError from "http-errors";
 import HttpCode from "@server/types/HttpCode";
 import { fromError } from "zod-validation-error";
-import { QueryActionAuditLogResponse } from "@server/routers/auditLogs/types";
-import response from "@server/lib/response";
 import logger from "@server/logger";
-import { queryActionAuditLogsParams, queryActionAuditLogsQuery, querySites } from "./queryActionAuditLog";
+import { queryActionAuditLogsParams, queryActionAuditLogsQuery, queryAction } from "./queryActionAuditLog";
 import { generateCSV } from "@server/routers/auditLogs/generateCSV";
 
 registry.registerPath({
     method: "get",
-    path: "/org/{orgId}/logs/actionk/export",
+    path: "/org/{orgId}/logs/action/export",
     description: "Export the action audit log for an organization as CSV",
     tags: [OpenAPITags.Org],
     request: {
@@ -67,7 +62,7 @@ export async function exportActionAuditLogs(
         }
         const { orgId } = parsedParams.data;
 
-        const baseQuery = querySites(timeStart, timeEnd, orgId);
+        const baseQuery = queryAction(timeStart, timeEnd, orgId);
 
         const log = await baseQuery.limit(limit).offset(offset);
 
diff --git a/server/private/routers/auditLogs/index.ts b/server/private/routers/auditLogs/index.ts
index 9b4a6e7f..ac623c4c 100644
--- a/server/private/routers/auditLogs/index.ts
+++ b/server/private/routers/auditLogs/index.ts
@@ -12,4 +12,6 @@
  */
 
 export * from "./queryActionAuditLog";
-export * from "./exportActionAuditLog";
\ No newline at end of file
+export * from "./exportActionAuditLog";
+export * from "./queryAccessAuditLog";
+export * from "./exportAccessAuditLog";
\ No newline at end of file
diff --git a/server/private/routers/auditLogs/queryAccessAuditLog.ts b/server/private/routers/auditLogs/queryAccessAuditLog.ts
new file mode 100644
index 00000000..cad2027f
--- /dev/null
+++ b/server/private/routers/auditLogs/queryAccessAuditLog.ts
@@ -0,0 +1,173 @@
+/*
+ * This file is part of a proprietary work.
+ *
+ * Copyright (c) 2025 Fossorial, Inc.
+ * All rights reserved.
+ *
+ * This file is licensed under the Fossorial Commercial License.
+ * You may not use this file except in compliance with the License.
+ * Unauthorized use, copying, modification, or distribution is strictly prohibited.
+ *
+ * This file is not licensed under the AGPLv3.
+ */
+
+import { accessAuditLog, db, resources } from "@server/db";
+import { registry } from "@server/openApi";
+import { NextFunction } from "express";
+import { Request, Response } from "express";
+import { eq, gt, lt, and, count } from "drizzle-orm";
+import { OpenAPITags } from "@server/openApi";
+import { z } from "zod";
+import createHttpError from "http-errors";
+import HttpCode from "@server/types/HttpCode";
+import { fromError } from "zod-validation-error";
+import { QueryAccessAuditLogResponse } from "@server/routers/auditLogs/types";
+import response from "@server/lib/response";
+import logger from "@server/logger";
+
+export const queryAccessAuditLogsQuery = z.object({
+    // iso string just validate its a parseable date
+    timeStart: z
+        .string()
+        .refine((val) => !isNaN(Date.parse(val)), {
+            message: "timeStart must be a valid ISO date string"
+        })
+        .transform((val) => Math.floor(new Date(val).getTime() / 1000)),
+    timeEnd: z
+        .string()
+        .refine((val) => !isNaN(Date.parse(val)), {
+            message: "timeEnd must be a valid ISO date string"
+        })
+        .transform((val) => Math.floor(new Date(val).getTime() / 1000))
+        .optional()
+        .default(new Date().toISOString()),
+    limit: z
+        .string()
+        .optional()
+        .default("1000")
+        .transform(Number)
+        .pipe(z.number().int().positive()),
+    offset: z
+        .string()
+        .optional()
+        .default("0")
+        .transform(Number)
+        .pipe(z.number().int().nonnegative())
+});
+
+export const queryAccessAuditLogsParams = z.object({
+    orgId: z.string()
+});
+
+export function queryAccess(timeStart: number, timeEnd: number, orgId: string) {
+    return db
+        .select({
+            orgId: accessAuditLog.orgId,
+            action: accessAuditLog.action,
+            actorType: accessAuditLog.actorType,
+            actorId: accessAuditLog.actorId,
+            resourceId: accessAuditLog.resourceId,
+            resourceName: resources.name,
+            resourceNiceId: resources.niceId,
+            ip: accessAuditLog.ip,
+            location: accessAuditLog.location,
+            userAgent: accessAuditLog.userAgent,
+            metadata: accessAuditLog.metadata,
+            type: accessAuditLog.type,
+            timestamp: accessAuditLog.timestamp,
+            actor: accessAuditLog.actor
+        })
+        .from(accessAuditLog)
+        .leftJoin(resources, eq(accessAuditLog.resourceId, resources.resourceId))
+        .where(
+            and(
+                gt(accessAuditLog.timestamp, timeStart),
+                lt(accessAuditLog.timestamp, timeEnd),
+                eq(accessAuditLog.orgId, orgId)
+            )
+        )
+        .orderBy(accessAuditLog.timestamp);
+}
+
+export function countAccessQuery(timeStart: number, timeEnd: number, orgId: string) {
+            const countQuery = db
+            .select({ count: count() })
+            .from(accessAuditLog)
+            .where(
+                and(
+                    gt(accessAuditLog.timestamp, timeStart),
+                    lt(accessAuditLog.timestamp, timeEnd),
+                    eq(accessAuditLog.orgId, orgId)
+                )
+            );
+    return countQuery;
+}
+
+registry.registerPath({
+    method: "get",
+    path: "/org/{orgId}/logs/access",
+    description: "Query the access audit log for an organization",
+    tags: [OpenAPITags.Org],
+    request: {
+        query: queryAccessAuditLogsQuery,
+        params: queryAccessAuditLogsParams
+    },
+    responses: {}
+});
+
+export async function queryAccessAuditLogs(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedQuery = queryAccessAuditLogsQuery.safeParse(req.query);
+        if (!parsedQuery.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedQuery.error)
+                )
+            );
+        }
+        const { timeStart, timeEnd, limit, offset } = parsedQuery.data;
+
+        const parsedParams = queryAccessAuditLogsParams.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error)
+                )
+            );
+        }
+        const { orgId } = parsedParams.data;
+
+        const baseQuery = queryAccess(timeStart, timeEnd, orgId);
+
+        const log = await baseQuery.limit(limit).offset(offset);
+
+        const totalCountResult = await countAccessQuery(timeStart, timeEnd, orgId);
+        const totalCount = totalCountResult[0].count;
+
+        return response<QueryAccessAuditLogResponse>(res, {
+            data: {
+                log: log,
+                pagination: {
+                    total: totalCount,
+                    limit,
+                    offset
+                }
+            },
+            success: true,
+            error: false,
+            message: "Access audit logs retrieved successfully",
+            status: HttpCode.OK
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
diff --git a/server/private/routers/auditLogs/queryActionAuditLog.ts b/server/private/routers/auditLogs/queryActionAuditLog.ts
index dd82e21f..77f3bbd8 100644
--- a/server/private/routers/auditLogs/queryActionAuditLog.ts
+++ b/server/private/routers/auditLogs/queryActionAuditLog.ts
@@ -59,7 +59,7 @@ export const queryActionAuditLogsParams = z.object({
     orgId: z.string()
 });
 
-export function querySites(timeStart: number, timeEnd: number, orgId: string) {
+export function queryAction(timeStart: number, timeEnd: number, orgId: string) {
     return db
         .select({
             orgId: actionAuditLog.orgId,
@@ -80,7 +80,7 @@ export function querySites(timeStart: number, timeEnd: number, orgId: string) {
         .orderBy(actionAuditLog.timestamp);
 }
 
-export function countQuery(timeStart: number, timeEnd: number, orgId: string) {
+export function countActionQuery(timeStart: number, timeEnd: number, orgId: string) {
             const countQuery = db
             .select({ count: count() })
             .from(actionAuditLog)
@@ -134,11 +134,11 @@ export async function queryActionAuditLogs(
         }
         const { orgId } = parsedParams.data;
 
-        const baseQuery = querySites(timeStart, timeEnd, orgId);
+        const baseQuery = queryAction(timeStart, timeEnd, orgId);
 
         const log = await baseQuery.limit(limit).offset(offset);
 
-        const totalCountResult = await countQuery(timeStart, timeEnd, orgId);
+        const totalCountResult = await countActionQuery(timeStart, timeEnd, orgId);
         const totalCount = totalCountResult[0].count;
 
         return response<QueryActionAuditLogResponse>(res, {
diff --git a/server/private/routers/external.ts b/server/private/routers/external.ts
index d89b3294..445af82f 100644
--- a/server/private/routers/external.ts
+++ b/server/private/routers/external.ts
@@ -351,8 +351,17 @@ authenticated.get(
     logs.queryActionAuditLogs 
 )
 
-
 authenticated.get(
     "/org/:orgId/logs/action/export",
     logs.exportActionAuditLogs
+)
+
+authenticated.get(
+    "/org/:orgId/logs/access",
+    logs.queryAccessAuditLogs 
+)
+
+authenticated.get(
+    "/org/:orgId/logs/access/export",
+    logs.exportAccessAuditLogs
 )
\ No newline at end of file
diff --git a/server/routers/auditLogs/exportRequstAuditLog.ts b/server/routers/auditLogs/exportRequstAuditLog.ts
index d8bf7916..759475c2 100644
--- a/server/routers/auditLogs/exportRequstAuditLog.ts
+++ b/server/routers/auditLogs/exportRequstAuditLog.ts
@@ -11,7 +11,7 @@ import { fromError } from "zod-validation-error";
 import { QueryRequestAuditLogResponse } from "@server/routers/auditLogs/types";
 import response from "@server/lib/response";
 import logger from "@server/logger";
-import { queryAccessAuditLogsQuery, queryRequestAuditLogsParams, querySites } from "./queryRequstAuditLog";
+import { queryAccessAuditLogsQuery, queryRequestAuditLogsParams, queryRequest } from "./queryRequstAuditLog";
 import { generateCSV } from "./generateCSV";
 
 registry.registerPath({
@@ -54,7 +54,7 @@ export async function exportRequestAuditLogs(
         }
         const { orgId } = parsedParams.data;
 
-        const baseQuery = querySites(timeStart, timeEnd, orgId);
+        const baseQuery = queryRequest(timeStart, timeEnd, orgId);
 
         const log = await baseQuery.limit(limit).offset(offset);
 
diff --git a/server/routers/auditLogs/queryRequstAuditLog.ts b/server/routers/auditLogs/queryRequstAuditLog.ts
index cadda1d7..b5af0e14 100644
--- a/server/routers/auditLogs/queryRequstAuditLog.ts
+++ b/server/routers/auditLogs/queryRequstAuditLog.ts
@@ -46,7 +46,7 @@ export const queryRequestAuditLogsParams = z.object({
     orgId: z.string()
 });
 
-export function querySites(timeStart: number, timeEnd: number, orgId: string) {
+export function queryRequest(timeStart: number, timeEnd: number, orgId: string) {
     return db
         .select({
             timestamp: requestAuditLog.timestamp, 
@@ -84,7 +84,7 @@ export function querySites(timeStart: number, timeEnd: number, orgId: string) {
         .orderBy(requestAuditLog.timestamp);
 }
 
-export function countQuery(timeStart: number, timeEnd: number, orgId: string) {
+export function countRequestQuery(timeStart: number, timeEnd: number, orgId: string) {
             const countQuery = db
             .select({ count: count() })
             .from(requestAuditLog)
@@ -138,11 +138,11 @@ export async function queryRequestAuditLogs(
         }
         const { orgId } = parsedParams.data;
 
-        const baseQuery = querySites(timeStart, timeEnd, orgId);
+        const baseQuery = queryRequest(timeStart, timeEnd, orgId);
 
         const log = await baseQuery.limit(limit).offset(offset);
 
-        const totalCountResult = await countQuery(timeStart, timeEnd, orgId);
+        const totalCountResult = await countRequestQuery(timeStart, timeEnd, orgId);
         const totalCount = totalCountResult[0].count;
 
         return response<QueryRequestAuditLogResponse>(res, {
diff --git a/server/routers/auditLogs/types.ts b/server/routers/auditLogs/types.ts
index 38617f44..893db5ef 100644
--- a/server/routers/auditLogs/types.ts
+++ b/server/routers/auditLogs/types.ts
@@ -44,4 +44,28 @@ export type QueryRequestAuditLogResponse = {
         limit: number;
         offset: number;
     };
-};
\ No newline at end of file
+};
+
+export type QueryAccessAuditLogResponse = {
+    log: {
+        orgId: string;
+        action: string;
+        type: string;
+        resourceId: number | null;
+        resourceName: string | null;
+        resourceNiceId: string | null;
+        ip: string | null;
+        location: string | null;
+        userAgent: string | null;
+        metadata: string | null;
+        actorType: string;
+        actorId: string;
+        timestamp: number;
+        actor: string;
+    }[];
+    pagination: {
+        total: number;
+        limit: number;
+        offset: number;
+    };
+};
diff --git a/server/routers/auth/login.ts b/server/routers/auth/login.ts
index 8dad5a42..a3fe1b54 100644
--- a/server/routers/auth/login.ts
+++ b/server/routers/auth/login.ts
@@ -3,7 +3,7 @@ import {
     generateSessionToken,
     serializeSessionCookie
 } from "@server/auth/sessions/app";
-import { db } from "@server/db";
+import { db, resources } from "@server/db";
 import { users, securityKeys } from "@server/db";
 import HttpCode from "@server/types/HttpCode";
 import response from "@server/lib/response";
@@ -18,12 +18,14 @@ import logger from "@server/logger";
 import { verifyPassword } from "@server/auth/password";
 import { verifySession } from "@server/auth/sessions/verifySession";
 import { UserType } from "@server/types/UserTypes";
+import { logAccessAudit } from "@server/private/lib/logAccessAudit";
 
 export const loginBodySchema = z
     .object({
         email: z.string().toLowerCase().email(),
         password: z.string(),
-        code: z.string().optional()
+        code: z.string().optional(),
+        resourceGuid: z.string().optional()
     })
     .strict();
 
@@ -52,7 +54,7 @@ export async function login(
         );
     }
 
-    const { email, password, code } = parsedBody.data;
+    const { email, password, code, resourceGuid } = parsedBody.data;
 
     try {
         const { session: existingSession } = await verifySession(req);
@@ -66,6 +68,28 @@ export async function login(
             });
         }
 
+        let resourceId: number | null = null;
+        let orgId: string | null = null;
+        if (resourceGuid) {
+            const [resource] = await db
+                .select()
+                .from(resources)
+                .where(eq(resources.resourceGuid, resourceGuid))
+                .limit(1);
+
+            if (!resource) {
+                return next(
+                    createHttpError(
+                        HttpCode.NOT_FOUND,
+                        `Resource with GUID ${resourceGuid} not found`
+                    )
+                );
+            }
+
+            resourceId = resource.resourceId;
+            orgId = resource.orgId;
+        }
+
         const existingUserRes = await db
             .select()
             .from(users)
@@ -78,6 +102,18 @@ export async function login(
                     `Username or password incorrect. Email: ${email}. IP: ${req.ip}.`
                 );
             }
+
+            if (resourceId && orgId) {
+                logAccessAudit({
+                    orgId: orgId,
+                    resourceId: resourceId,
+                    action: false,
+                    type: "login",
+                    userAgent: req.headers["user-agent"],
+                    requestIp: req.ip
+                });
+            }
+
             return next(
                 createHttpError(
                     HttpCode.UNAUTHORIZED,
@@ -98,6 +134,18 @@ export async function login(
                     `Username or password incorrect. Email: ${email}. IP: ${req.ip}.`
                 );
             }
+
+            if (resourceId && orgId) {
+                logAccessAudit({
+                    orgId: orgId,
+                    resourceId: resourceId,
+                    action: false,
+                    type: "login",
+                    userAgent: req.headers["user-agent"],
+                    requestIp: req.ip
+                });
+            }
+
             return next(
                 createHttpError(
                     HttpCode.UNAUTHORIZED,
@@ -158,6 +206,18 @@ export async function login(
                         `Two-factor code incorrect. Email: ${email}. IP: ${req.ip}.`
                     );
                 }
+
+                if (resourceId && orgId) {
+                    logAccessAudit({
+                        orgId: orgId,
+                        resourceId: resourceId,
+                        action: false,
+                        type: "login",
+                        userAgent: req.headers["user-agent"],
+                        requestIp: req.ip
+                    });
+                }
+
                 return next(
                     createHttpError(
                         HttpCode.UNAUTHORIZED,
diff --git a/server/routers/resource/authWithAccessToken.ts b/server/routers/resource/authWithAccessToken.ts
index 2d7fdf93..04317a73 100644
--- a/server/routers/resource/authWithAccessToken.ts
+++ b/server/routers/resource/authWithAccessToken.ts
@@ -10,11 +10,10 @@ import { z } from "zod";
 import { fromError } from "zod-validation-error";
 import { createResourceSession } from "@server/auth/sessions/resource";
 import logger from "@server/logger";
-import {
-    verifyResourceAccessToken
-} from "@server/auth/verifyResourceAccessToken";
+import { verifyResourceAccessToken } from "@server/auth/verifyResourceAccessToken";
 import config from "@server/lib/config";
 import stoi from "@server/lib/stoi";
+import { logAccessAudit } from "@server/private/lib/logAccessAudit";
 
 const authWithAccessTokenBodySchema = z
     .object({
@@ -131,6 +130,16 @@ export async function authWithAccessToken(
                     `Resource access token invalid. Resource ID: ${resource.resourceId}. IP: ${req.ip}.`
                 );
             }
+
+            logAccessAudit({
+                orgId: resource.orgId,
+                resourceId: resource.resourceId,
+                action: false,
+                type: "accessToken",
+                userAgent: req.headers["user-agent"],
+                requestIp: req.ip
+            });
+
             return next(
                 createHttpError(
                     HttpCode.UNAUTHORIZED,
@@ -150,6 +159,15 @@ export async function authWithAccessToken(
             doNotExtend: true
         });
 
+        logAccessAudit({
+            orgId: resource.orgId,
+            resourceId: resource.resourceId,
+            action: true,
+            type: "accessToken",
+            userAgent: req.headers["user-agent"],
+            requestIp: req.ip
+        });
+
         return response<AuthWithAccessTokenResponse>(res, {
             data: {
                 session: token,
diff --git a/server/routers/resource/authWithPassword.ts b/server/routers/resource/authWithPassword.ts
index 652c4e86..318c88d8 100644
--- a/server/routers/resource/authWithPassword.ts
+++ b/server/routers/resource/authWithPassword.ts
@@ -13,6 +13,7 @@ import { createResourceSession } from "@server/auth/sessions/resource";
 import logger from "@server/logger";
 import { verifyPassword } from "@server/auth/password";
 import config from "@server/lib/config";
+import { logAccessAudit } from "@server/private/lib/logAccessAudit";
 
 export const authWithPasswordBodySchema = z
     .object({
@@ -113,6 +114,16 @@ export async function authWithPassword(
                     `Resource password incorrect. Resource ID: ${resource.resourceId}. IP: ${req.ip}.`
                 );
             }
+
+            logAccessAudit({
+                orgId: org.orgId,
+                resourceId: resource.resourceId,
+                action: false,
+                type: "password",
+                userAgent: req.headers["user-agent"],
+                requestIp: req.ip
+            });
+
             return next(
                 createHttpError(HttpCode.UNAUTHORIZED, "Incorrect password")
             );
@@ -129,6 +140,15 @@ export async function authWithPassword(
             doNotExtend: true
         });
 
+        logAccessAudit({
+            orgId: org.orgId,
+            resourceId: resource.resourceId,
+            action: true,
+            type: "password",
+            userAgent: req.headers["user-agent"],
+            requestIp: req.ip
+        });
+
         return response<AuthWithPasswordResponse>(res, {
             data: {
                 session: token
diff --git a/server/routers/resource/authWithPincode.ts b/server/routers/resource/authWithPincode.ts
index d8733c18..2508b84c 100644
--- a/server/routers/resource/authWithPincode.ts
+++ b/server/routers/resource/authWithPincode.ts
@@ -12,6 +12,7 @@ import { createResourceSession } from "@server/auth/sessions/resource";
 import logger from "@server/logger";
 import { verifyPassword } from "@server/auth/password";
 import config from "@server/lib/config";
+import { logAccessAudit } from "@server/private/lib/logAccessAudit";
 
 export const authWithPincodeBodySchema = z
     .object({
@@ -112,6 +113,16 @@ export async function authWithPincode(
                     `Resource pin code incorrect. Resource ID: ${resource.resourceId}. IP: ${req.ip}.`
                 );
             }
+
+            logAccessAudit({
+                orgId: org.orgId,
+                resourceId: resource.resourceId,
+                action: false,
+                type: "pincode",
+                userAgent: req.headers["user-agent"],
+                requestIp: req.ip
+            });
+
             return next(
                 createHttpError(HttpCode.UNAUTHORIZED, "Incorrect PIN")
             );
@@ -128,6 +139,15 @@ export async function authWithPincode(
             doNotExtend: true
         });
 
+        logAccessAudit({
+            orgId: org.orgId,
+            resourceId: resource.resourceId,
+            action: true,
+            type: "pincode",
+            userAgent: req.headers["user-agent"],
+            requestIp: req.ip
+        });
+
         return response<AuthWithPincodeResponse>(res, {
             data: {
                 session: token
diff --git a/server/routers/resource/authWithWhitelist.ts b/server/routers/resource/authWithWhitelist.ts
index 07662f7f..37410b7b 100644
--- a/server/routers/resource/authWithWhitelist.ts
+++ b/server/routers/resource/authWithWhitelist.ts
@@ -1,11 +1,6 @@
 import { generateSessionToken } from "@server/auth/sessions/app";
 import { db } from "@server/db";
-import {
-    orgs,
-    resourceOtp,
-    resources,
-    resourceWhitelist
-} from "@server/db";
+import { orgs, resourceOtp, resources, resourceWhitelist } from "@server/db";
 import HttpCode from "@server/types/HttpCode";
 import response from "@server/lib/response";
 import { eq, and } from "drizzle-orm";
@@ -17,13 +12,11 @@ import { createResourceSession } from "@server/auth/sessions/resource";
 import { isValidOtp, sendResourceOtpEmail } from "@server/auth/resourceOtp";
 import logger from "@server/logger";
 import config from "@server/lib/config";
+import { logAccessAudit } from "@server/private/lib/logAccessAudit";
 
 const authWithWhitelistBodySchema = z
     .object({
-        email: z
-            .string()
-            .toLowerCase()
-            .email(),
+        email: z.string().toLowerCase().email(),
         otp: z.string().optional()
     })
     .strict();
@@ -126,6 +119,19 @@ export async function authWithWhitelist(
                         `Email is not whitelisted. Email: ${email}. IP: ${req.ip}.`
                     );
                 }
+
+                if (org && resource) {
+                    logAccessAudit({
+                        orgId: org.orgId,
+                        resourceId: resource.resourceId,
+                        action: false,
+                        type: "whitelistedEmail",
+                        metadata: { email },
+                        userAgent: req.headers["user-agent"],
+                        requestIp: req.ip
+                    });
+                }
+
                 return next(
                     createHttpError(
                         HttpCode.UNAUTHORIZED,
@@ -219,6 +225,16 @@ export async function authWithWhitelist(
             doNotExtend: true
         });
 
+        logAccessAudit({
+            orgId: org.orgId,
+            resourceId: resource.resourceId,
+            action: true,
+            metadata: { email },
+            type: "whitelistedEmail",
+            userAgent: req.headers["user-agent"],
+            requestIp: req.ip
+        });
+
         return response<AuthWithWhitelistResponse>(res, {
             data: {
                 session: token
diff --git a/server/routers/resource/getExchangeToken.ts b/server/routers/resource/getExchangeToken.ts
index 605e5ca6..aefd1885 100644
--- a/server/routers/resource/getExchangeToken.ts
+++ b/server/routers/resource/getExchangeToken.ts
@@ -10,11 +10,10 @@ import { fromError } from "zod-validation-error";
 import logger from "@server/logger";
 import { generateSessionToken } from "@server/auth/sessions/app";
 import config from "@server/lib/config";
-import {
-    encodeHexLowerCase
-} from "@oslojs/encoding";
+import { encodeHexLowerCase } from "@oslojs/encoding";
 import { sha256 } from "@oslojs/crypto/sha2";
 import { response } from "@server/lib/response";
+import { logAccessAudit } from "@server/private/lib/logAccessAudit";
 
 const getExchangeTokenParams = z
     .object({
@@ -47,13 +46,13 @@ export async function getExchangeToken(
 
         const { resourceId } = parsedParams.data;
 
-        const resource = await db
+        const [resource] = await db
             .select()
             .from(resources)
             .where(eq(resources.resourceId, resourceId))
             .limit(1);
 
-        if (resource.length === 0) {
+        if (!resource) {
             return next(
                 createHttpError(
                     HttpCode.NOT_FOUND,
@@ -89,6 +88,21 @@ export async function getExchangeToken(
             doNotExtend: true
         });
 
+        if (req.user) {
+            logAccessAudit({
+                orgId: resource.orgId,
+                resourceId: resourceId,
+                user: {
+                    username: req.user.username,
+                    userId: req.user.userId
+                },
+                action: true,
+                type: "login",
+                userAgent: req.headers["user-agent"],
+                requestIp: req.ip
+            });
+        }
+
         logger.debug("Request token created successfully");
 
         return response<GetExchangeTokenResponse>(res, {
diff --git a/src/actions/server.ts b/src/actions/server.ts
index b9dc6e55..5fbe1301 100644
--- a/src/actions/server.ts
+++ b/src/actions/server.ts
@@ -202,6 +202,7 @@ export type LoginRequest = {
     email: string;
     password: string;
     code?: string;
+    resourceGuid?: string;
 };
 
 export type LoginResponse = {
diff --git a/src/app/[orgId]/settings/logs/access/page.tsx b/src/app/[orgId]/settings/logs/access/page.tsx
new file mode 100644
index 00000000..af0bc8fc
--- /dev/null
+++ b/src/app/[orgId]/settings/logs/access/page.tsx
@@ -0,0 +1,375 @@
+"use client";
+import { Button } from "@app/components/ui/button";
+import { toast } from "@app/hooks/useToast";
+import { useState, useRef, useEffect } from "react";
+import { createApiClient } from "@app/lib/api";
+import { useEnvContext } from "@app/hooks/useEnvContext";
+import { useParams, useRouter } from "next/navigation";
+import { useTranslations } from "next-intl";
+import { LogDataTable } from "@app/components/LogDataTable";
+import { ColumnDef } from "@tanstack/react-table";
+import { DateTimeValue } from "@app/components/DateTimePicker";
+import { ArrowUpRight, Key, User } from "lucide-react";
+import Link from "next/link";
+
+export default function GeneralPage() {
+    const [isDeleteModalOpen, setIsDeleteModalOpen] = useState(false);
+    const router = useRouter();
+    const api = createApiClient(useEnvContext());
+    const t = useTranslations();
+    const { env } = useEnvContext();
+    const { orgId } = useParams();
+
+    const [rows, setRows] = useState<any[]>([]);
+    const [isRefreshing, setIsRefreshing] = useState(false);
+    const [isExporting, setIsExporting] = useState(false);
+
+    // Pagination state
+    const [totalCount, setTotalCount] = useState<number>(0);
+    const [currentPage, setCurrentPage] = useState<number>(0);
+    const [pageSize, setPageSize] = useState<number>(20);
+    const [isLoading, setIsLoading] = useState(false);
+
+    // Set default date range to last 24 hours
+    const getDefaultDateRange = () => {
+        const now = new Date();
+        const yesterday = new Date(now.getTime() - 24 * 60 * 60 * 1000);
+
+        return {
+            startDate: {
+                date: yesterday
+            },
+            endDate: {
+                date: now
+            }
+        };
+    };
+
+    const [dateRange, setDateRange] = useState<{
+        startDate: DateTimeValue;
+        endDate: DateTimeValue;
+    }>(getDefaultDateRange());
+
+    // Trigger search with default values on component mount
+    useEffect(() => {
+        const defaultRange = getDefaultDateRange();
+        queryDateTime(defaultRange.startDate, defaultRange.endDate);
+    }, [orgId]); // Re-run if orgId changes
+
+    const handleDateRangeChange = (
+        startDate: DateTimeValue,
+        endDate: DateTimeValue
+    ) => {
+        setDateRange({ startDate, endDate });
+        setCurrentPage(0); // Reset to first page when filtering
+        queryDateTime(startDate, endDate, 0, pageSize);
+    };
+
+    // Handle page changes
+    const handlePageChange = (newPage: number) => {
+        setCurrentPage(newPage);
+        queryDateTime(
+            dateRange.startDate,
+            dateRange.endDate,
+            newPage,
+            pageSize
+        );
+    };
+
+    // Handle page size changes
+    const handlePageSizeChange = (newPageSize: number) => {
+        setPageSize(newPageSize);
+        setCurrentPage(0); // Reset to first page when changing page size
+        queryDateTime(dateRange.startDate, dateRange.endDate, 0, newPageSize);
+    };
+
+    const queryDateTime = async (
+        startDate: DateTimeValue,
+        endDate: DateTimeValue,
+        page: number = currentPage,
+        size: number = pageSize
+    ) => {
+        console.log("Date range changed:", { startDate, endDate, page, size });
+        setIsLoading(true);
+
+        try {
+            // Convert the date/time values to API parameters
+            let params: any = {
+                limit: size,
+                offset: page * size
+            };
+
+            if (startDate?.date) {
+                const startDateTime = new Date(startDate.date);
+                if (startDate.time) {
+                    const [hours, minutes, seconds] = startDate.time
+                        .split(":")
+                        .map(Number);
+                    startDateTime.setHours(hours, minutes, seconds || 0);
+                }
+                params.timeStart = startDateTime.toISOString();
+            }
+
+            if (endDate?.date) {
+                const endDateTime = new Date(endDate.date);
+                if (endDate.time) {
+                    const [hours, minutes, seconds] = endDate.time
+                        .split(":")
+                        .map(Number);
+                    endDateTime.setHours(hours, minutes, seconds || 0);
+                } else {
+                    // If no time is specified, set to NOW
+                    const now = new Date();
+                    endDateTime.setHours(
+                        now.getHours(),
+                        now.getMinutes(),
+                        now.getSeconds(),
+                        now.getMilliseconds()
+                    );
+                }
+                params.timeEnd = endDateTime.toISOString();
+            }
+
+            const res = await api.get(`/org/${orgId}/logs/access`, { params });
+            if (res.status === 200) {
+                setRows(res.data.data.log || []);
+                setTotalCount(res.data.data.pagination?.total || 0);
+                console.log("Fetched logs:", res.data);
+            }
+        } catch (error) {
+            toast({
+                title: t("error"),
+                description: t("Failed to filter logs"),
+                variant: "destructive"
+            });
+        } finally {
+            setIsLoading(false);
+        }
+    };
+
+    const refreshData = async () => {
+        console.log("Data refreshed");
+        setIsRefreshing(true);
+        try {
+            // Refresh data with current date range and pagination
+            await queryDateTime(
+                dateRange.startDate,
+                dateRange.endDate,
+                currentPage,
+                pageSize
+            );
+        } catch (error) {
+            toast({
+                title: t("error"),
+                description: t("refreshError"),
+                variant: "destructive"
+            });
+        } finally {
+            setIsRefreshing(false);
+        }
+    };
+
+    const exportData = async () => {
+        try {
+            setIsExporting(true);
+            const response = await api.get(`/org/${orgId}/logs/access/export`, {
+                responseType: "blob",
+                params: {
+                    timeStart: dateRange.startDate?.date
+                        ? new Date(dateRange.startDate.date).toISOString()
+                        : undefined,
+                    timeEnd: dateRange.endDate?.date
+                        ? new Date(dateRange.endDate.date).toISOString()
+                        : undefined
+                }
+            });
+
+            // Create a URL for the blob and trigger a download
+            const url = window.URL.createObjectURL(new Blob([response.data]));
+            const link = document.createElement("a");
+            link.href = url;
+            const epoch = Math.floor(Date.now() / 1000);
+            link.setAttribute(
+                "download",
+                `access-audit-logs-${orgId}-${epoch}.csv`
+            );
+            document.body.appendChild(link);
+            link.click();
+            link.parentNode?.removeChild(link);
+            setIsExporting(false);
+        } catch (error) {
+            toast({
+                title: t("error"),
+                description: t("exportError"),
+                variant: "destructive"
+            });
+        }
+    };
+
+    const columns: ColumnDef<any>[] = [
+        {
+            accessorKey: "timestamp",
+            header: ({ column }) => {
+                return t("timestamp");
+            },
+            cell: ({ row }) => {
+                return (
+                    <div className="whitespace-nowrap">
+                        {new Date(
+                            row.original.timestamp * 1000
+                        ).toLocaleString()}
+                    </div>
+                );
+            }
+        },
+        {
+            accessorKey: "action",
+            header: ({ column }) => {
+                return t("action");
+            },
+            cell: ({ row }) => {
+                return (
+                    <span className="flex items-center gap-1">
+                        {row.original.action ? <>Allowed</> : <>Denied</>}
+                    </span>
+                );
+            }
+        },
+        {
+            accessorKey: "ip",
+            header: ({ column }) => {
+                return t("ip");
+            }
+        },
+        {
+            accessorKey: "location",
+            header: ({ column }) => {
+                return t("location");
+            },
+            cell: ({ row }) => {
+                return (
+                    <span className="flex items-center gap-1">
+                        {row.original.location ? (
+                            <span className="text-muted-foreground text-xs">
+                                ({row.original.location})
+                            </span>
+                        ) : (
+                            <span className="text-muted-foreground text-xs">
+                                -
+                            </span>
+                        )}
+                    </span>
+                );
+            }
+        },
+        {
+            accessorKey: "resourceName",
+            header: t("resource"),
+            cell: ({ row }) => {
+                return (
+                    <Link
+                        href={`/${row.original.orgId}/settings/resources/${row.original.resourceNiceId}`}
+                    >
+                        <Button
+                            variant="outline"
+                            size="sm"
+                            className="text-xs h-6"
+                        >
+                            {row.original.resourceName}
+                            <ArrowUpRight className="ml-2 h-3 w-3" />
+                        </Button>
+                    </Link>
+                );
+            }
+        },
+        {
+            accessorKey: "type",
+            header: ({ column }) => {
+                return t("type");
+            },
+            cell: ({ row }) => {
+                return (
+                    <span className="flex items-center gap-1">
+                        {/* {row.original.type == "pincode" ? (
+                            <User className="h-4 w-4" />
+                        ) : (
+                            <Key className="h-4 w-4" />
+                        )} */}
+                        {row.original.type.charAt(0).toUpperCase() +
+                            row.original.type.slice(1)}
+                    </span>
+                );
+            }
+        },
+        {
+            accessorKey: "actor",
+            header: ({ column }) => {
+                return t("actor");
+            },
+            cell: ({ row }) => {
+                return (
+                    <span className="flex items-center gap-1">
+                        {row.original.actor ? (
+                            <>
+                                {row.original.actorType == "user" ? (
+                                    <User className="h-4 w-4" />
+                                ) : (
+                                    <Key className="h-4 w-4" />
+                                )}
+                                {row.original.actor}
+                            </>
+                        ) : (
+                            <>-</>
+                        )}
+                    </span>
+                );
+            }
+        },
+        {
+            accessorKey: "actorId",
+            header: ({ column }) => {
+                return t("actorId");
+            },
+            cell: ({ row }) => {
+                return (
+                    <span className="flex items-center gap-1">
+                        {row.original.actorId || "-"}
+                    </span>
+                );
+            }
+        }
+    ];
+
+    return (
+        <>
+            <LogDataTable
+                columns={columns}
+                data={rows}
+                persistPageSize="access-logs-table"
+                title={t("accessLogs")}
+                searchPlaceholder={t("searchLogs")}
+                searchColumn="type"
+                onRefresh={refreshData}
+                isRefreshing={isRefreshing}
+                onExport={exportData}
+                isExporting={isExporting}
+                onDateRangeChange={handleDateRangeChange}
+                dateRange={{
+                    start: dateRange.startDate,
+                    end: dateRange.endDate
+                }}
+                defaultSort={{
+                    id: "timestamp",
+                    desc: false
+                }}
+                // Server-side pagination props
+                totalCount={totalCount}
+                currentPage={currentPage}
+                onPageChange={handlePageChange}
+                onPageSizeChange={handlePageSizeChange}
+                isLoading={isLoading}
+                defaultPageSize={pageSize}
+            />
+        </>
+    );
+}
diff --git a/src/app/[orgId]/settings/logs/action/page.tsx b/src/app/[orgId]/settings/logs/action/page.tsx
index 180815d8..3b693515 100644
--- a/src/app/[orgId]/settings/logs/action/page.tsx
+++ b/src/app/[orgId]/settings/logs/action/page.tsx
@@ -190,7 +190,7 @@ export default function GeneralPage() {
             const epoch = Math.floor(Date.now() / 1000);
             link.setAttribute(
                 "download",
-                `access-audit-logs-${orgId}-${epoch}.csv`
+                `action-audit-logs-${orgId}-${epoch}.csv`
             );
             document.body.appendChild(link);
             link.click();
diff --git a/src/app/[orgId]/settings/logs/layout.tsx b/src/app/[orgId]/settings/logs/layout.tsx
index f917a5d0..fb1d2071 100644
--- a/src/app/[orgId]/settings/logs/layout.tsx
+++ b/src/app/[orgId]/settings/logs/layout.tsx
@@ -1,13 +1,6 @@
-import { internal } from "@app/lib/api";
-import { authCookieHeader } from "@app/lib/api/cookies";
 import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
 import { HorizontalTabs } from "@app/components/HorizontalTabs";
 import { verifySession } from "@app/lib/auth/verifySession";
-import OrgProvider from "@app/providers/OrgProvider";
-import OrgUserProvider from "@app/providers/OrgUserProvider";
-import { GetOrgResponse } from "@server/routers/org";
-import { GetOrgUserResponse } from "@server/routers/user";
-import { AxiosResponse } from "axios";
 import { redirect } from "next/navigation";
 import { cache } from "react";
 import { getTranslations } from "next-intl/server";
@@ -37,6 +30,10 @@ export default async function GeneralSettingsPage({
             title: t("request"),
             href: `/{orgId}/settings/logs/request`
         },
+        {
+            title: t("access"),
+            href: `/{orgId}/settings/logs/access`
+        },
         {
             title: t("action"),
             href: `/{orgId}/settings/logs/action`
diff --git a/src/app/[orgId]/settings/logs/request/page.tsx b/src/app/[orgId]/settings/logs/request/page.tsx
index 3dba67d0..fe4bb9f2 100644
--- a/src/app/[orgId]/settings/logs/request/page.tsx
+++ b/src/app/[orgId]/settings/logs/request/page.tsx
@@ -266,14 +266,25 @@ export default function GeneralPage() {
                 );
             }
         },
-
+        {
+            accessorKey: "action",
+            header: ({ column }) => {
+                return t("action");
+            },
+            cell: ({ row }) => {
+                return (
+                    <span className="flex items-center gap-1">
+                        {row.original.action ? <>Allowed</> : <>Denied</>}
+                    </span>
+                );
+            }
+        },
         {
             accessorKey: "ip",
             header: ({ column }) => {
                 return t("ip");
             }
         },
-
         {
             accessorKey: "location",
             header: ({ column }) => {
@@ -303,7 +314,11 @@ export default function GeneralPage() {
                     <Link
                         href={`/${row.original.orgId}/settings/resources/${row.original.resourceNiceId}`}
                     >
-                        <Button variant="outline" size="sm" className="text-xs h-6">
+                        <Button
+                            variant="outline"
+                            size="sm"
+                            className="text-xs h-6"
+                        >
                             {row.original.resourceName}
                             <ArrowUpRight className="ml-2 h-3 w-3" />
                         </Button>
diff --git a/src/components/LogDataTable.tsx b/src/components/LogDataTable.tsx
index 2c1a33b1..b08d9856 100644
--- a/src/components/LogDataTable.tsx
+++ b/src/components/LogDataTable.tsx
@@ -373,8 +373,8 @@ export function LogDataTable<TData, TValue>({
                                                 typeof actionValue === "boolean"
                                             ) {
                                                 className = actionValue
-                                                    ? "bg-green-100 dark:bg-green-900"
-                                                    : "bg-red-100 dark:bg-red-900";
+                                                    ? "bg-green-100 dark:bg-green-900/50"
+                                                    : "bg-red-100 dark:bg-red-900/50";
                                             }
 
                                             return (
diff --git a/src/components/LoginForm.tsx b/src/components/LoginForm.tsx
index c55ad871..8149989e 100644
--- a/src/components/LoginForm.tsx
+++ b/src/components/LoginForm.tsx
@@ -22,7 +22,7 @@ import {
     CardTitle
 } from "@app/components/ui/card";
 import { Alert, AlertDescription } from "@app/components/ui/alert";
-import { useRouter } from "next/navigation";
+import { useParams, useRouter } from "next/navigation";
 import { LockIcon, FingerprintIcon } from "lucide-react";
 import { createApiClient } from "@app/lib/api";
 import {
@@ -74,6 +74,8 @@ export default function LoginForm({
     const { env } = useEnvContext();
     const api = createApiClient({ env });
 
+    const { resourceGuid } = useParams();
+
     const [error, setError] = useState<string | null>(null);
     const [loading, setLoading] = useState(false);
     const hasIdp = idps && idps.length > 0;
@@ -235,7 +237,8 @@ export default function LoginForm({
             const response = await loginProxy({
                 email,
                 password,
-                code
+                code,
+                resourceGuid: resourceGuid as string
             });
 
             try {

From eae2c37388fa5e3391e4686552baf277e6748c02 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Wed, 22 Oct 2025 18:21:54 -0700
Subject: [PATCH 46/69] Add expandable columns

---
 .../routers/auditLogs/queryActionAuditLog.ts  |   2 +
 .../routers/auditLogs/exportRequstAuditLog.ts |  10 +-
 .../routers/auditLogs/queryRequstAuditLog.ts  | 106 +++++----
 server/routers/auditLogs/types.ts             |  11 +-
 src/app/[orgId]/settings/logs/access/page.tsx |  18 ++
 src/app/[orgId]/settings/logs/action/page.tsx |  18 ++
 .../[orgId]/settings/logs/request/page.tsx    |  53 +++++
 src/components/LogDataTable.tsx               | 204 +++++++++++++-----
 8 files changed, 316 insertions(+), 106 deletions(-)

diff --git a/server/private/routers/auditLogs/queryActionAuditLog.ts b/server/private/routers/auditLogs/queryActionAuditLog.ts
index 77f3bbd8..9e357e8d 100644
--- a/server/private/routers/auditLogs/queryActionAuditLog.ts
+++ b/server/private/routers/auditLogs/queryActionAuditLog.ts
@@ -24,6 +24,7 @@ import { fromError } from "zod-validation-error";
 import { QueryActionAuditLogResponse } from "@server/routers/auditLogs/types";
 import response from "@server/lib/response";
 import logger from "@server/logger";
+import { metadata } from "@app/app/[orgId]/settings/layout";
 
 export const queryActionAuditLogsQuery = z.object({
     // iso string just validate its a parseable date
@@ -65,6 +66,7 @@ export function queryAction(timeStart: number, timeEnd: number, orgId: string) {
             orgId: actionAuditLog.orgId,
             action: actionAuditLog.action,
             actorType: actionAuditLog.actorType,
+            metadata: actionAuditLog.metadata,
             actorId: actionAuditLog.actorId,
             timestamp: actionAuditLog.timestamp,
             actor: actionAuditLog.actor
diff --git a/server/routers/auditLogs/exportRequstAuditLog.ts b/server/routers/auditLogs/exportRequstAuditLog.ts
index 759475c2..c1fb2872 100644
--- a/server/routers/auditLogs/exportRequstAuditLog.ts
+++ b/server/routers/auditLogs/exportRequstAuditLog.ts
@@ -41,7 +41,6 @@ export async function exportRequestAuditLogs(
                 )
             );
         }
-        const { timeStart, timeEnd, limit, offset } = parsedQuery.data;
 
         const parsedParams = queryRequestAuditLogsParams.safeParse(req.params);
         if (!parsedParams.success) {
@@ -52,16 +51,17 @@ export async function exportRequestAuditLogs(
                 )
             );
         }
-        const { orgId } = parsedParams.data;
 
-        const baseQuery = queryRequest(timeStart, timeEnd, orgId);
+        const data = { ...parsedQuery.data, ...parsedParams.data };
 
-        const log = await baseQuery.limit(limit).offset(offset);
+        const baseQuery = queryRequest(data);
+
+        const log = await baseQuery.limit(data.limit).offset(data.offset);
 
         const csvData = generateCSV(log);
         
         res.setHeader('Content-Type', 'text/csv');
-        res.setHeader('Content-Disposition', `attachment; filename="request-audit-logs-${orgId}-${Date.now()}.csv"`);
+        res.setHeader('Content-Disposition', `attachment; filename="request-audit-logs-${data.orgId}-${Date.now()}.csv"`);
         
         return res.send(csvData);
     } catch (error) {
diff --git a/server/routers/auditLogs/queryRequstAuditLog.ts b/server/routers/auditLogs/queryRequstAuditLog.ts
index b5af0e14..f4e24649 100644
--- a/server/routers/auditLogs/queryRequstAuditLog.ts
+++ b/server/routers/auditLogs/queryRequstAuditLog.ts
@@ -28,6 +28,11 @@ export const queryAccessAuditLogsQuery = z.object({
         .transform((val) => Math.floor(new Date(val).getTime() / 1000))
         .optional()
         .default(new Date().toISOString()),
+    action: z.boolean().optional(),
+    method: z.enum(["GET", "POST", "PUT", "DELETE", "PATCH"]).optional(),
+    reason: z.number().optional(),
+    resourceId: z.number().optional(),
+    actor: z.string().optional(),
     limit: z
         .string()
         .optional()
@@ -46,55 +51,64 @@ export const queryRequestAuditLogsParams = z.object({
     orgId: z.string()
 });
 
-export function queryRequest(timeStart: number, timeEnd: number, orgId: string) {
+export const queryRequestAuditLogsCombined =
+    queryAccessAuditLogsQuery.merge(queryRequestAuditLogsParams);
+type Q = z.infer<typeof queryRequestAuditLogsCombined>;
+
+function getWhere(data: Q) {
+    return and(
+        gt(requestAuditLog.timestamp, data.timeStart),
+        lt(requestAuditLog.timestamp, data.timeEnd),
+        eq(requestAuditLog.orgId, data.orgId),
+        data.resourceId
+            ? eq(requestAuditLog.resourceId, data.resourceId)
+            : undefined,
+        data.actor ? eq(requestAuditLog.actor, data.actor) : undefined,
+        data.method ? eq(requestAuditLog.method, data.method) : undefined,
+        data.reason ? eq(requestAuditLog.reason, data.reason) : undefined
+    );
+}
+
+export function queryRequest(data: Q) {
     return db
         .select({
-            timestamp: requestAuditLog.timestamp, 
-            orgId: requestAuditLog.orgId, 
-            action: requestAuditLog.action, 
-            reason: requestAuditLog.reason, 
-            actorType: requestAuditLog.actorType, 
-            actor: requestAuditLog.actor, 
-            actorId: requestAuditLog.actorId, 
-            resourceId: requestAuditLog.resourceId, 
-            ip: requestAuditLog.ip, 
-            location: requestAuditLog.location, 
-            userAgent: requestAuditLog.userAgent, 
-            metadata: requestAuditLog.metadata, 
-            headers: requestAuditLog.headers, 
-            query: requestAuditLog.query, 
-            originalRequestURL: requestAuditLog.originalRequestURL, 
-            scheme: requestAuditLog.scheme, 
-            host: requestAuditLog.host, 
-            path: requestAuditLog.path, 
-            method: requestAuditLog.method, 
+            timestamp: requestAuditLog.timestamp,
+            orgId: requestAuditLog.orgId,
+            action: requestAuditLog.action,
+            reason: requestAuditLog.reason,
+            actorType: requestAuditLog.actorType,
+            actor: requestAuditLog.actor,
+            actorId: requestAuditLog.actorId,
+            resourceId: requestAuditLog.resourceId,
+            ip: requestAuditLog.ip,
+            location: requestAuditLog.location,
+            userAgent: requestAuditLog.userAgent,
+            metadata: requestAuditLog.metadata,
+            headers: requestAuditLog.headers,
+            query: requestAuditLog.query,
+            originalRequestURL: requestAuditLog.originalRequestURL,
+            scheme: requestAuditLog.scheme,
+            host: requestAuditLog.host,
+            path: requestAuditLog.path,
+            method: requestAuditLog.method,
             tls: requestAuditLog.tls,
             resourceName: resources.name,
             resourceNiceId: resources.niceId
         })
         .from(requestAuditLog)
-        .leftJoin(resources, eq(requestAuditLog.resourceId, resources.resourceId)) // TODO: Is this efficient?
-        .where(
-            and(
-                gt(requestAuditLog.timestamp, timeStart),
-                lt(requestAuditLog.timestamp, timeEnd),
-                eq(requestAuditLog.orgId, orgId)
-            )
-        )
+        .leftJoin(
+            resources,
+            eq(requestAuditLog.resourceId, resources.resourceId)
+        ) // TODO: Is this efficient?
+        .where(getWhere(data))
         .orderBy(requestAuditLog.timestamp);
 }
 
-export function countRequestQuery(timeStart: number, timeEnd: number, orgId: string) {
-            const countQuery = db
-            .select({ count: count() })
-            .from(requestAuditLog)
-            .where(
-                and(
-                    gt(requestAuditLog.timestamp, timeStart),
-                    lt(requestAuditLog.timestamp, timeEnd),
-                    eq(requestAuditLog.orgId, orgId)
-                )
-            );
+export function countRequestQuery(data: Q) {
+    const countQuery = db
+        .select({ count: count() })
+        .from(requestAuditLog)
+        .where(getWhere(data));
     return countQuery;
 }
 
@@ -125,7 +139,6 @@ export async function queryRequestAuditLogs(
                 )
             );
         }
-        const { timeStart, timeEnd, limit, offset } = parsedQuery.data;
 
         const parsedParams = queryRequestAuditLogsParams.safeParse(req.params);
         if (!parsedParams.success) {
@@ -136,13 +149,14 @@ export async function queryRequestAuditLogs(
                 )
             );
         }
-        const { orgId } = parsedParams.data;
 
-        const baseQuery = queryRequest(timeStart, timeEnd, orgId);
+        const data = { ...parsedQuery.data, ...parsedParams.data };
 
-        const log = await baseQuery.limit(limit).offset(offset);
+        const baseQuery = queryRequest(data);
 
-        const totalCountResult = await countRequestQuery(timeStart, timeEnd, orgId);
+        const log = await baseQuery.limit(data.limit).offset(data.offset);
+
+        const totalCountResult = await countRequestQuery(data);
         const totalCount = totalCountResult[0].count;
 
         return response<QueryRequestAuditLogResponse>(res, {
@@ -150,8 +164,8 @@ export async function queryRequestAuditLogs(
                 log: log,
                 pagination: {
                     total: totalCount,
-                    limit,
-                    offset
+                    limit: data.limit,
+                    offset: data.offset
                 }
             },
             success: true,
diff --git a/server/routers/auditLogs/types.ts b/server/routers/auditLogs/types.ts
index 893db5ef..b35c2d9e 100644
--- a/server/routers/auditLogs/types.ts
+++ b/server/routers/auditLogs/types.ts
@@ -4,6 +4,7 @@ export type QueryActionAuditLogResponse = {
         action: string;
         actorType: string;
         actorId: string;
+        metadata: string | null;
         timestamp: number;
         actor: string;
     }[];
@@ -49,8 +50,9 @@ export type QueryRequestAuditLogResponse = {
 export type QueryAccessAuditLogResponse = {
     log: {
         orgId: string;
-        action: string;
-        type: string;
+        action: boolean;
+        actorType: string | null;
+        actorId: string | null;
         resourceId: number | null;
         resourceName: string | null;
         resourceNiceId: string | null;
@@ -58,10 +60,9 @@ export type QueryAccessAuditLogResponse = {
         location: string | null;
         userAgent: string | null;
         metadata: string | null;
-        actorType: string;
-        actorId: string;
+        type: string;
         timestamp: number;
-        actor: string;
+        actor: string | null;
     }[];
     pagination: {
         total: number;
diff --git a/src/app/[orgId]/settings/logs/access/page.tsx b/src/app/[orgId]/settings/logs/access/page.tsx
index af0bc8fc..e2b68ae0 100644
--- a/src/app/[orgId]/settings/logs/access/page.tsx
+++ b/src/app/[orgId]/settings/logs/access/page.tsx
@@ -340,6 +340,21 @@ export default function GeneralPage() {
         }
     ];
 
+    const renderExpandedRow = (row: any) => {
+        return (
+            <div className="space-y-4">
+                <div className="grid grid-cols-1 md:grid-cols-2 gap-4 text-xs">
+                    <div>
+                        <strong>Metadata:</strong>
+                        <pre className="text-muted-foreground mt-1 text-xs bg-background p-2 rounded border overflow-auto">
+                            {row.metadata ? JSON.stringify(JSON.parse(row.metadata), null, 2) : "N/A"}
+                        </pre>
+                    </div>
+                </div>
+            </div>
+        );
+    };
+
     return (
         <>
             <LogDataTable
@@ -369,6 +384,9 @@ export default function GeneralPage() {
                 onPageSizeChange={handlePageSizeChange}
                 isLoading={isLoading}
                 defaultPageSize={pageSize}
+                // Row expansion props
+                expandable={true}
+                renderExpandedRow={renderExpandedRow}
             />
         </>
     );
diff --git a/src/app/[orgId]/settings/logs/action/page.tsx b/src/app/[orgId]/settings/logs/action/page.tsx
index 3b693515..a332f0cb 100644
--- a/src/app/[orgId]/settings/logs/action/page.tsx
+++ b/src/app/[orgId]/settings/logs/action/page.tsx
@@ -269,6 +269,21 @@ export default function GeneralPage() {
         }
     ];
 
+    const renderExpandedRow = (row: any) => {
+        return (
+            <div className="space-y-4">
+                <div className="grid grid-cols-1 md:grid-cols-2 gap-4 text-xs">
+                    <div>
+                        <strong>Metadata:</strong>
+                        <pre className="text-muted-foreground mt-1 text-xs bg-background p-2 rounded border overflow-auto">
+                            {row.metadata ? JSON.stringify(JSON.parse(row.metadata), null, 2) : "N/A"}
+                        </pre>
+                    </div>
+                </div>
+            </div>
+        );
+    };
+
     return (
         <>
             <LogDataTable
@@ -298,6 +313,9 @@ export default function GeneralPage() {
                 onPageSizeChange={handlePageSizeChange}
                 isLoading={isLoading}
                 defaultPageSize={pageSize}
+                // Row expansion props
+                expandable={true}
+                renderExpandedRow={renderExpandedRow}
             />
         </>
     );
diff --git a/src/app/[orgId]/settings/logs/request/page.tsx b/src/app/[orgId]/settings/logs/request/page.tsx
index fe4bb9f2..9c7f6bd4 100644
--- a/src/app/[orgId]/settings/logs/request/page.tsx
+++ b/src/app/[orgId]/settings/logs/request/page.tsx
@@ -313,6 +313,7 @@ export default function GeneralPage() {
                 return (
                     <Link
                         href={`/${row.original.orgId}/settings/resources/${row.original.resourceNiceId}`}
+                        onClick={(e) => e.stopPropagation()}
                     >
                         <Button
                             variant="outline"
@@ -402,6 +403,55 @@ export default function GeneralPage() {
         }
     ];
 
+    const renderExpandedRow = (row: any) => {
+        return (
+            <div className="space-y-4">
+                <div className="grid grid-cols-1 md:grid-cols-2 gap-4 text-xs">
+                    <div>
+                        <strong>User Agent:</strong>
+                        <p className="text-muted-foreground mt-1 break-all">
+                            {row.userAgent || "N/A"}
+                        </p>
+                    </div>
+                    <div>
+                        <strong>Original URL:</strong>
+                        <p className="text-muted-foreground mt-1 break-all">
+                            {row.originalRequestURL || "N/A"}
+                        </p>
+                    </div>
+                    <div>
+                        <strong>Scheme:</strong>
+                        <p className="text-muted-foreground mt-1">
+                            {row.scheme || "N/A"}
+                        </p>
+                    </div>
+                    <div>
+                        <strong>Metadata:</strong>
+                        <pre className="text-muted-foreground mt-1 text-xs bg-background p-2 rounded border overflow-auto">
+                            {row.metadata ? JSON.stringify(JSON.parse(row.metadata), null, 2) : "N/A"}
+                        </pre>
+                    </div>
+                    {row.headers && (
+                        <div className="md:col-span-2">
+                            <strong>Headers:</strong>
+                            <pre className="text-muted-foreground mt-1 text-xs bg-background p-2 rounded border overflow-auto">
+                                {JSON.stringify(JSON.parse(row.headers), null, 2)}
+                            </pre>
+                        </div>
+                    )}
+                    {row.query && (
+                        <div className="md:col-span-2">
+                            <strong>Query Parameters:</strong>
+                            <pre className="text-muted-foreground mt-1 text-xs bg-background p-2 rounded border overflow-auto">
+                                {JSON.stringify(JSON.parse(row.query), null, 2)}
+                            </pre>
+                        </div>
+                    )}
+                </div>
+            </div>
+        );
+    };
+
     return (
         <>
             <LogDataTable
@@ -431,6 +481,9 @@ export default function GeneralPage() {
                 onPageSizeChange={handlePageSizeChange}
                 isLoading={isLoading}
                 defaultPageSize={pageSize}
+                // Row expansion props
+                expandable={true}
+                renderExpandedRow={renderExpandedRow}
             />
         </>
     );
diff --git a/src/components/LogDataTable.tsx b/src/components/LogDataTable.tsx
index b08d9856..30f84f2d 100644
--- a/src/components/LogDataTable.tsx
+++ b/src/components/LogDataTable.tsx
@@ -23,7 +23,16 @@ import { Button } from "@app/components/ui/button";
 import { useEffect, useMemo, useState } from "react";
 import { Input } from "@app/components/ui/input";
 import { DataTablePagination } from "@app/components/DataTablePagination";
-import { Plus, Search, RefreshCw, Filter, X, Download } from "lucide-react";
+import {
+    Plus,
+    Search,
+    RefreshCw,
+    Filter,
+    X,
+    Download,
+    ChevronRight,
+    ChevronDown
+} from "lucide-react";
 import {
     Card,
     CardContent,
@@ -109,6 +118,9 @@ type DataTableProps<TData, TValue> = {
     onPageChange?: (page: number) => void;
     onPageSizeChange?: (pageSize: number) => void;
     isLoading?: boolean;
+    // Row expansion props
+    expandable?: boolean;
+    renderExpandedRow?: (row: TData) => React.ReactNode;
 };
 
 export function LogDataTable<TData, TValue>({
@@ -132,7 +144,9 @@ export function LogDataTable<TData, TValue>({
     currentPage = 0,
     onPageChange,
     onPageSizeChange: onPageSizeChangeProp,
-    isLoading = false
+    isLoading = false,
+    expandable = false,
+    renderExpandedRow
 }: DataTableProps<TData, TValue>) {
     const t = useTranslations();
 
@@ -161,6 +175,7 @@ export function LogDataTable<TData, TValue>({
         dateRange?.start || {}
     );
     const [endDate, setEndDate] = useState<DateTimeValue>(dateRange?.end || {});
+    const [expandedRows, setExpandedRows] = useState<Set<string>>(new Set());
 
     // Sync internal date state with external dateRange prop
     useEffect(() => {
@@ -186,25 +201,77 @@ export function LogDataTable<TData, TValue>({
         return data.filter(activeTabFilter.filterFn);
     }, [data, tabs, activeTab]);
 
+    // Toggle row expansion
+    const toggleRowExpansion = (rowId: string) => {
+        setExpandedRows((prev) => {
+            const newSet = new Set(prev);
+            if (newSet.has(rowId)) {
+                newSet.delete(rowId);
+            } else {
+                newSet.add(rowId);
+            }
+            return newSet;
+        });
+    };
+
     // Determine if using server-side pagination
     const isServerPagination = totalCount !== undefined;
 
+    // Create columns with expansion column if expandable
+    const enhancedColumns = useMemo(() => {
+        if (!expandable) {
+            return columns;
+        }
+
+        const expansionColumn: ColumnDef<TData, TValue> = {
+            id: "expand",
+            header: () => null,
+            cell: ({ row }) => {
+                const isExpanded = expandedRows.has(row.id);
+                return (
+                    <Button
+                        variant="ghost"
+                        size="sm"
+                        className="h-6 w-6 p-0"
+                        onClick={(e) => {
+                            toggleRowExpansion(row.id);
+                            e.stopPropagation();
+                        }}
+                    >
+                        {isExpanded ? (
+                            <ChevronDown className="h-4 w-4" />
+                        ) : (
+                            <ChevronRight className="h-4 w-4" />
+                        )}
+                    </Button>
+                );
+            },
+            size: 40
+        };
+
+        return [expansionColumn, ...columns];
+    }, [columns, expandable, expandedRows, toggleRowExpansion]);
+
     const table = useReactTable({
         data: filteredData,
-        columns,
+        columns: enhancedColumns,
         getCoreRowModel: getCoreRowModel(),
         // Only use client-side pagination if totalCount is not provided
-        ...(isServerPagination ? {} : { getPaginationRowModel: getPaginationRowModel() }),
+        ...(isServerPagination
+            ? {}
+            : { getPaginationRowModel: getPaginationRowModel() }),
         onSortingChange: setSorting,
         getSortedRowModel: getSortedRowModel(),
         onColumnFiltersChange: setColumnFilters,
         getFilteredRowModel: getFilteredRowModel(),
         onGlobalFilterChange: setGlobalFilter,
         // Configure pagination state
-        ...(isServerPagination ? {
-            manualPagination: true,
-            pageCount: totalCount ? Math.ceil(totalCount / pageSize) : 0,
-        } : {}),
+        ...(isServerPagination
+            ? {
+                  manualPagination: true,
+                  pageCount: totalCount ? Math.ceil(totalCount / pageSize) : 0
+              }
+            : {}),
         initialState: {
             pagination: {
                 pageSize: pageSize,
@@ -321,10 +388,7 @@ export function LogDataTable<TData, TValue>({
                             </Button>
                         )}
                         {onExport && (
-                            <Button
-                                onClick={onExport}
-                                disabled={isExporting}
-                            >
+                            <Button onClick={onExport} disabled={isExporting}>
                                 <Download
                                     className={`mr-2 h-4 w-4 ${isExporting ? "animate-spin" : ""}`}
                                 />
@@ -354,48 +418,84 @@ export function LogDataTable<TData, TValue>({
                         </TableHeader>
                         <TableBody>
                             {table.getRowModel().rows?.length ? (
-                                table.getRowModel().rows.map((row) => (
-                                    <TableRow
-                                        key={row.id}
-                                        data-state={
-                                            row.getIsSelected() && "selected"
-                                        }
-                                        className="text-xs" // made smaller
-                                    >
-                                        {row.getVisibleCells().map((cell) => {
-                                            const originalRow =
-                                                row.original as any;
-                                            const actionValue =
-                                                originalRow?.action;
-                                            let className = "";
+                                table.getRowModel().rows.map((row) => {
+                                    const isExpanded =
+                                        expandable && expandedRows.has(row.id);
+                                    return (
+                                        <>
+                                            <TableRow
+                                                key={row.id}
+                                                data-state={
+                                                    row.getIsSelected() &&
+                                                    "selected"
+                                                }
+                                                onClick={() =>
+                                                    expandable
+                                                        ? toggleRowExpansion(
+                                                              row.id
+                                                          )
+                                                        : undefined
+                                                }
+                                                className="text-xs" // made smaller
+                                            >
+                                                {row
+                                                    .getVisibleCells()
+                                                    .map((cell) => {
+                                                        const originalRow =
+                                                            row.original as any;
+                                                        const actionValue =
+                                                            originalRow?.action;
+                                                        let className = "";
 
-                                            if (
-                                                typeof actionValue === "boolean"
-                                            ) {
-                                                className = actionValue
-                                                    ? "bg-green-100 dark:bg-green-900/50"
-                                                    : "bg-red-100 dark:bg-red-900/50";
-                                            }
+                                                        if (
+                                                            typeof actionValue ===
+                                                            "boolean"
+                                                        ) {
+                                                            className =
+                                                                actionValue
+                                                                    ? "bg-green-100 dark:bg-green-900/50"
+                                                                    : "bg-red-100 dark:bg-red-900/50";
+                                                        }
 
-                                            return (
-                                                <TableCell
-                                                    key={cell.id}
-                                                    className={`${className} py-2`} // made smaller
-                                                >
-                                                    {flexRender(
-                                                        cell.column.columnDef
-                                                            .cell,
-                                                        cell.getContext()
-                                                    )}
-                                                </TableCell>
-                                            );
-                                        })}
-                                    </TableRow>
-                                ))
+                                                        return (
+                                                            <TableCell
+                                                                key={cell.id}
+                                                                className={`${className} py-2`} // made smaller
+                                                            >
+                                                                {flexRender(
+                                                                    cell.column
+                                                                        .columnDef
+                                                                        .cell,
+                                                                    cell.getContext()
+                                                                )}
+                                                            </TableCell>
+                                                        );
+                                                    })}
+                                            </TableRow>
+                                            {isExpanded &&
+                                                renderExpandedRow && (
+                                                    <TableRow
+                                                        key={`${row.id}-expanded`}
+                                                    >
+                                                        <TableCell
+                                                            colSpan={
+                                                                enhancedColumns.length
+                                                            }
+                                                            className="p-4 bg-muted/50"
+                                                        >
+                                                            {renderExpandedRow(
+                                                                row.original
+                                                            )}
+                                                        </TableCell>
+                                                    </TableRow>
+                                                )}
+                                        </>
+                                    );
+                                })
                             ) : (
                                 <TableRow>
                                     <TableCell
-                                        colSpan={columns.length}
+                                        colSpan={enhancedColumns.length}
                                         className="h-24 text-center"
                                     >
                                         No results found.
@@ -408,7 +508,11 @@ export function LogDataTable<TData, TValue>({
                         <DataTablePagination
                             table={table}
                             onPageSizeChange={handlePageSizeChange}
-                            onPageChange={isServerPagination ? handlePageChange : undefined}
+                            onPageChange={
+                                isServerPagination
+                                    ? handlePageChange
+                                    : undefined
+                            }
                             totalCount={totalCount}
                             isServerPagination={isServerPagination}
                             isLoading={isLoading}

From 4e4a38f7e9f8e6a886bd8d3555e48f1760eb21d4 Mon Sep 17 00:00:00 2001
From: Lokowitz <marvinlokowitz@gmail.com>
Date: Thu, 23 Oct 2025 13:19:27 +0000
Subject: [PATCH 47/69] move to match type country instead of geoip

---
 server/setup/migrationsPg.ts                  |  4 +++-
 server/setup/migrationsSqlite.ts              |  4 +++-
 server/setup/scriptsPg/1.11.2.ts              | 24 +++++++++++++++++++
 server/setup/scriptsSqlite/1.11.2.ts          | 18 ++++++++++++++
 .../resources/[niceId]/rules/page.tsx         | 20 ++++++++--------
 5 files changed, 58 insertions(+), 12 deletions(-)
 create mode 100644 server/setup/scriptsPg/1.11.2.ts
 create mode 100644 server/setup/scriptsSqlite/1.11.2.ts

diff --git a/server/setup/migrationsPg.ts b/server/setup/migrationsPg.ts
index c8e632e0..b6d20512 100644
--- a/server/setup/migrationsPg.ts
+++ b/server/setup/migrationsPg.ts
@@ -13,6 +13,7 @@ import m5 from "./scriptsPg/1.10.0";
 import m6 from "./scriptsPg/1.10.2";
 import m7 from "./scriptsPg/1.11.0";
 import m8 from "./scriptsPg/1.11.1";
+import m9 from "./scriptsPg/1.11.2";
 
 // THIS CANNOT IMPORT ANYTHING FROM THE SERVER
 // EXCEPT FOR THE DATABASE AND THE SCHEMA
@@ -26,7 +27,8 @@ const migrations = [
     { version: "1.10.0", run: m5 },
     { version: "1.10.2", run: m6 },
     { version: "1.11.0", run: m7 },
-    { version: "1.11.1", run: m8 }
+    { version: "1.11.1", run: m8 },
+    { version: "1.11.2", run: m9 }
     // Add new migrations here as they are created
 ] as {
     version: string;
diff --git a/server/setup/migrationsSqlite.ts b/server/setup/migrationsSqlite.ts
index e65d7436..d60db7a0 100644
--- a/server/setup/migrationsSqlite.ts
+++ b/server/setup/migrationsSqlite.ts
@@ -31,6 +31,7 @@ import m26 from "./scriptsSqlite/1.10.1";
 import m27 from "./scriptsSqlite/1.10.2";
 import m28 from "./scriptsSqlite/1.11.0";
 import m29 from "./scriptsSqlite/1.11.1";
+import m30 from "./scriptsSqlite/1.11.2";
 
 // THIS CANNOT IMPORT ANYTHING FROM THE SERVER
 // EXCEPT FOR THE DATABASE AND THE SCHEMA
@@ -60,7 +61,8 @@ const migrations = [
     { version: "1.10.1", run: m26 },
     { version: "1.10.2", run: m27 },
     { version: "1.11.0", run: m28 },
-    { version: "1.11.1", run: m29 }
+    { version: "1.11.1", run: m29 },
+    { version: "1.11.2", run: m30 }
     // Add new migrations here as they are created
 ] as const;
 
diff --git a/server/setup/scriptsPg/1.11.2.ts b/server/setup/scriptsPg/1.11.2.ts
new file mode 100644
index 00000000..6f61e727
--- /dev/null
+++ b/server/setup/scriptsPg/1.11.2.ts
@@ -0,0 +1,24 @@
+import { db } from "@server/db/pg/driver";
+import { sql } from "drizzle-orm";
+
+const version = "1.11.2";
+
+export default async function migration() {
+    console.log(`Running setup script ${version}...`);
+
+    try {
+        await db.execute(sql`BEGIN`);
+
+        await db.execute(sql`UPDATE "resourceRules" SET "match" = "COUNTRY" WHERE "match" = "GEOIP"`);
+
+        await db.execute(sql`COMMIT`);
+        console.log(`Updated resource rules match value from GEOIP to COUNTRY`);
+    } catch (e) {
+        await db.execute(sql`ROLLBACK`);
+        console.log("Unable to update resource rules match value");
+        console.log(e);
+        throw e;
+    }
+
+    console.log(`${version} migration complete`);
+}
diff --git a/server/setup/scriptsSqlite/1.11.2.ts b/server/setup/scriptsSqlite/1.11.2.ts
new file mode 100644
index 00000000..dfc1b7ae
--- /dev/null
+++ b/server/setup/scriptsSqlite/1.11.2.ts
@@ -0,0 +1,18 @@
+import { APP_PATH } from "@server/lib/consts";
+import Database from "better-sqlite3";
+import path from "path";
+
+const version = "1.11.2";
+
+export default async function migration() {
+    console.log(`Running setup script ${version}...`);
+
+    const location = path.join(APP_PATH, "db", "db.sqlite");
+    const db = new Database(location);
+
+    db.transaction(() => {
+        db.prepare(`UPDATE resourceRules SET match = "COUNTRY" WHERE match = "GEOIP"`).run();
+    })();
+
+    console.log(`${version} migration complete`);
+}
diff --git a/src/app/[orgId]/settings/resources/[niceId]/rules/page.tsx b/src/app/[orgId]/settings/resources/[niceId]/rules/page.tsx
index 1cf08c82..dada372f 100644
--- a/src/app/[orgId]/settings/resources/[niceId]/rules/page.tsx
+++ b/src/app/[orgId]/settings/resources/[niceId]/rules/page.tsx
@@ -130,7 +130,7 @@ export default function ResourceRules(props: {
         PATH: t('path'),
         IP: "IP",
         CIDR: t('ipAddressRange'),
-        GEOIP: t('country')
+        COUNTRY: t('country')
     } as const;
 
     const addRuleForm = useForm({
@@ -212,7 +212,7 @@ export default function ResourceRules(props: {
             setLoading(false);
             return;
         }
-        if (data.match === "GEOIP" && !COUNTRIES.some(c => c.code === data.value)) {
+        if (data.match === "COUNTRY" && !COUNTRIES.some(c => c.code === data.value)) {
             toast({
                 variant: "destructive",
                 title: t('rulesErrorInvalidCountry'),
@@ -270,7 +270,7 @@ export default function ResourceRules(props: {
                 return t('rulesMatchIpAddress');
             case "PATH":
                 return t('rulesMatchUrl');
-            case "GEOIP":
+            case "COUNTRY":
                 return t('rulesMatchCountry');
         }
     }
@@ -492,8 +492,8 @@ export default function ResourceRules(props: {
             cell: ({ row }) => (
                 <Select
                     defaultValue={row.original.match}
-                    onValueChange={(value: "CIDR" | "IP" | "PATH" | "GEOIP") =>
-                        updateRule(row.original.ruleId, { match: value, value: value === "GEOIP" ? "US" : row.original.value })
+                    onValueChange={(value: "CIDR" | "IP" | "PATH" | "COUNTRY") =>
+                        updateRule(row.original.ruleId, { match: value, value: value === "COUNTRY" ? "US" : row.original.value })
                     }
                 >
                     <SelectTrigger className="min-w-[125px]">
@@ -504,7 +504,7 @@ export default function ResourceRules(props: {
                         <SelectItem value="IP">{RuleMatch.IP}</SelectItem>
                         <SelectItem value="CIDR">{RuleMatch.CIDR}</SelectItem>
                         {isMaxmindAvailable && (
-                            <SelectItem value="GEOIP">{RuleMatch.GEOIP}</SelectItem>
+                            <SelectItem value="COUNTRY">{RuleMatch.COUNTRY}</SelectItem>
                         )}
                     </SelectContent>
                 </Select>
@@ -514,7 +514,7 @@ export default function ResourceRules(props: {
             accessorKey: "value",
             header: t('value'),
             cell: ({ row }) => (
-                row.original.match === "GEOIP" ? (
+                row.original.match === "COUNTRY" ? (
                     <Popover>
                         <PopoverTrigger asChild>
                             <Button
@@ -748,8 +748,8 @@ export default function ResourceRules(props: {
                                                                 {RuleMatch.CIDR}
                                                             </SelectItem>
                                                             {isMaxmindAvailable && (
-                                                                <SelectItem value="GEOIP">
-                                                                    {RuleMatch.GEOIP}
+                                                                <SelectItem value="COUNTRY">
+                                                                    {RuleMatch.COUNTRY}
                                                                 </SelectItem>
                                                             )}
                                                         </SelectContent>
@@ -775,7 +775,7 @@ export default function ResourceRules(props: {
                                                     }
                                                 />
                                                 <FormControl>
-                                                    {addRuleForm.watch("match") === "GEOIP" ? (
+                                                    {addRuleForm.watch("match") === "COUNTRY" ? (
                                                         <Popover open={openAddRuleCountrySelect} onOpenChange={setOpenAddRuleCountrySelect}>
                                                             <PopoverTrigger asChild>
                                                                 <Button

From 5b6174207575ca70e124a93d5d165f5144f51d03 Mon Sep 17 00:00:00 2001
From: Lokowitz <marvinlokowitz@gmail.com>
Date: Thu, 23 Oct 2025 13:27:34 +0000
Subject: [PATCH 48/69] change geoip to country

---
 server/routers/badger/verifySession.ts        | 2 +-
 server/routers/resource/createResourceRule.ts | 2 +-
 server/routers/resource/updateResourceRule.ts | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/server/routers/badger/verifySession.ts b/server/routers/badger/verifySession.ts
index 523163e6..40b58f4c 100644
--- a/server/routers/badger/verifySession.ts
+++ b/server/routers/badger/verifySession.ts
@@ -661,7 +661,7 @@ async function checkRules(
             return rule.action as any;
         } else if (
             clientIp &&
-            rule.match == "GEOIP" &&
+            rule.match == "COUNTRY" &&
             (await isIpInGeoIP(clientIp, rule.value))
         ) {
             return rule.action as any;
diff --git a/server/routers/resource/createResourceRule.ts b/server/routers/resource/createResourceRule.ts
index 7cb83d8b..1a5c07c2 100644
--- a/server/routers/resource/createResourceRule.ts
+++ b/server/routers/resource/createResourceRule.ts
@@ -18,7 +18,7 @@ import { OpenAPITags, registry } from "@server/openApi";
 const createResourceRuleSchema = z
     .object({
         action: z.enum(["ACCEPT", "DROP", "PASS"]),
-        match: z.enum(["CIDR", "IP", "PATH", "GEOIP"]),
+        match: z.enum(["CIDR", "IP", "PATH", "COUNTRY"]),
         value: z.string().min(1),
         priority: z.number().int(),
         enabled: z.boolean().optional()
diff --git a/server/routers/resource/updateResourceRule.ts b/server/routers/resource/updateResourceRule.ts
index 06061da9..8df70c0f 100644
--- a/server/routers/resource/updateResourceRule.ts
+++ b/server/routers/resource/updateResourceRule.ts
@@ -30,7 +30,7 @@ const updateResourceRuleParamsSchema = z
 const updateResourceRuleSchema = z
     .object({
         action: z.enum(["ACCEPT", "DROP", "PASS"]).optional(),
-        match: z.enum(["CIDR", "IP", "PATH", "GEOIP"]).optional(),
+        match: z.enum(["CIDR", "IP", "PATH", "COUNTRY"]).optional(),
         value: z.string().min(1).optional(),
         priority: z.number().int(),
         enabled: z.boolean().optional()

From b5a931c96e15d6426834370d753f0d53eded9120 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Thu, 23 Oct 2025 23:07:26 +0530
Subject: [PATCH 49/69] UI and backend update to add proxy protocol support

---
 server/db/sqlite/schema/schema.ts             |   5 +-
 server/routers/resource/updateResource.ts     |   5 +-
 .../resources/[niceId]/proxy/page.tsx         | 164 +++++++++++++++---
 3 files changed, 147 insertions(+), 27 deletions(-)

diff --git a/server/db/sqlite/schema/schema.ts b/server/db/sqlite/schema/schema.ts
index 2c19a1c7..415ce80b 100644
--- a/server/db/sqlite/schema/schema.ts
+++ b/server/db/sqlite/schema/schema.ts
@@ -114,7 +114,10 @@ export const resources = sqliteTable("resources", {
     skipToIdpId: integer("skipToIdpId").references(() => idp.idpId, {
         onDelete: "cascade"
     }),
-    headers: text("headers") // comma-separated list of headers to add to the request
+    headers: text("headers"), // comma-separated list of headers to add to the request
+    proxyProtocol: integer("proxyProtocol", { mode: "boolean" }).notNull().default(false),
+    proxyProtocolVersion: integer("proxyProtocolVersion").default(1)
+
 });
 
 export const targets = sqliteTable("targets", {
diff --git a/server/routers/resource/updateResource.ts b/server/routers/resource/updateResource.ts
index a9c3b5de..13c5220d 100644
--- a/server/routers/resource/updateResource.ts
+++ b/server/routers/resource/updateResource.ts
@@ -99,8 +99,9 @@ const updateRawResourceBodySchema = z
         name: z.string().min(1).max(255).optional(),
         proxyPort: z.number().int().min(1).max(65535).optional(),
         stickySession: z.boolean().optional(),
-        enabled: z.boolean().optional()
-        // enableProxy: z.boolean().optional() // always true now
+        enabled: z.boolean().optional(),
+        proxyProtocol: z.boolean().optional(),
+        proxyProtocolVersion: z.number().int().min(1).optional()
     })
     .strict()
     .refine((data) => Object.keys(data).length > 0, {
diff --git a/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx b/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
index 9588e0c8..5af5b318 100644
--- a/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
+++ b/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
@@ -77,7 +77,8 @@ import {
     MoveRight,
     ArrowUp,
     Info,
-    ArrowDown
+    ArrowDown,
+    AlertTriangle
 } from "lucide-react";
 import { ContainersSelector } from "@app/components/ContainersSelector";
 import { useTranslations } from "next-intl";
@@ -115,6 +116,7 @@ import {
     TooltipProvider,
     TooltipTrigger
 } from "@app/components/ui/tooltip";
+import { Alert, AlertDescription } from "@app/components/ui/alert";
 
 const addTargetSchema = z
     .object({
@@ -288,7 +290,9 @@ export default function ReverseProxyTargets(props: {
             ),
         headers: z
             .array(z.object({ name: z.string(), value: z.string() }))
-            .nullable()
+            .nullable(),
+        proxyProtocol: z.boolean().optional(),
+        proxyProtocolVersion: z.number().int().min(1).max(2).optional()
     });
 
     const tlsSettingsSchema = z.object({
@@ -325,7 +329,9 @@ export default function ReverseProxyTargets(props: {
         resolver: zodResolver(proxySettingsSchema),
         defaultValues: {
             setHostHeader: resource.setHostHeader || "",
-            headers: resource.headers
+            headers: resource.headers,
+            proxyProtocol: resource.proxyProtocol || false,
+            proxyProtocolVersion: resource.proxyProtocolVersion || 1
         }
     });
 
@@ -549,11 +555,11 @@ export default function ReverseProxyTargets(props: {
                     prev.map((t) =>
                         t.targetId === target.targetId
                             ? {
-                                  ...t,
-                                  targetId: response.data.data.targetId,
-                                  new: false,
-                                  updated: false
-                              }
+                                ...t,
+                                targetId: response.data.data.targetId,
+                                new: false,
+                                updated: false
+                            }
                             : t
                     )
                 );
@@ -673,11 +679,11 @@ export default function ReverseProxyTargets(props: {
             targets.map((target) =>
                 target.targetId === targetId
                     ? {
-                          ...target,
-                          ...data,
-                          updated: true,
-                          siteType: site ? site.type : target.siteType
-                      }
+                        ...target,
+                        ...data,
+                        updated: true,
+                        siteType: site ? site.type : target.siteType
+                    }
                     : target
             )
         );
@@ -688,10 +694,10 @@ export default function ReverseProxyTargets(props: {
             targets.map((target) =>
                 target.targetId === targetId
                     ? {
-                          ...target,
-                          ...config,
-                          updated: true
-                      }
+                        ...target,
+                        ...config,
+                        updated: true
+                    }
                     : target
             )
         );
@@ -800,6 +806,22 @@ export default function ReverseProxyTargets(props: {
                     setHostHeader: proxyData.setHostHeader || null,
                     headers: proxyData.headers || null
                 });
+            } else {
+                // For TCP/UDP resources, save proxy protocol settings
+                const proxyData = proxySettingsForm.getValues();
+                
+                const payload = {
+                    proxyProtocol: proxyData.proxyProtocol || false,
+                    proxyProtocolVersion: proxyData.proxyProtocolVersion || 1
+                };
+
+                await api.post(`/resource/${resource.resourceId}`, payload);
+
+                updateResource({
+                    ...resource,
+                    proxyProtocol: proxyData.proxyProtocol || false,
+                    proxyProtocolVersion: proxyData.proxyProtocolVersion || 1
+                });
             }
 
             toast({
@@ -1064,7 +1086,7 @@ export default function ReverseProxyTargets(props: {
                                         className={cn(
                                             "w-[180px] justify-between text-sm border-r pr-4 rounded-none h-8 hover:bg-transparent",
                                             !row.original.siteId &&
-                                                "text-muted-foreground"
+                                            "text-muted-foreground"
                                         )}
                                     >
                                         <span className="truncate max-w-[150px]">
@@ -1404,12 +1426,12 @@ export default function ReverseProxyTargets(props: {
                                                                 {header.isPlaceholder
                                                                     ? null
                                                                     : flexRender(
-                                                                          header
-                                                                              .column
-                                                                              .columnDef
-                                                                              .header,
-                                                                          header.getContext()
-                                                                      )}
+                                                                        header
+                                                                            .column
+                                                                            .columnDef
+                                                                            .header,
+                                                                        header.getContext()
+                                                                    )}
                                                             </TableHead>
                                                         )
                                                     )}
@@ -1675,6 +1697,100 @@ export default function ReverseProxyTargets(props: {
                 </SettingsSection>
             )}
 
+            {!resource.http && resource.protocol && (
+                <SettingsSection>
+                    <SettingsSectionHeader>
+                        <SettingsSectionTitle>
+                            Proxy Protocol Settings
+                        </SettingsSectionTitle>
+                        <SettingsSectionDescription>
+                            Configure Proxy Protocol to preserve client IP addresses for TCP/UDP services.
+                        </SettingsSectionDescription>
+                    </SettingsSectionHeader>
+                    <SettingsSectionBody>
+                        <SettingsSectionForm>
+                            <Form {...proxySettingsForm}>
+                                <form
+                                    onSubmit={proxySettingsForm.handleSubmit(
+                                        saveAllSettings
+                                    )}
+                                    className="space-y-4"
+                                    id="proxy-protocol-settings-form"
+                                >
+                                    <FormField
+                                        control={proxySettingsForm.control}
+                                        name="proxyProtocol"
+                                        render={({ field }) => (
+                                            <FormItem>
+                                                <FormControl>
+                                                    <SwitchInput
+                                                        id="proxy-protocol-toggle"
+                                                        label="Enable Proxy Protocol"
+                                                        description="Preserve client IP addresses for TCP/UDP backends"
+                                                        defaultChecked={
+                                                            field.value || false
+                                                        }
+                                                        onCheckedChange={(val) => {
+                                                            field.onChange(val);
+                                                        }}
+                                                    />
+                                                </FormControl>
+                                            </FormItem>
+                                        )}
+                                    />
+                                    
+                                    {proxySettingsForm.watch("proxyProtocol") && (
+                                        <>
+                                            <FormField
+                                                control={proxySettingsForm.control}
+                                                name="proxyProtocolVersion"
+                                                render={({ field }) => (
+                                                    <FormItem>
+                                                        <FormLabel>Proxy Protocol Version</FormLabel>
+                                                        <FormControl>
+                                                            <Select
+                                                                value={String(field.value || 1)}
+                                                                onValueChange={(value) =>
+                                                                    field.onChange(parseInt(value, 10))
+                                                                }
+                                                            >
+                                                                <SelectTrigger>
+                                                                    <SelectValue placeholder="Select version" />
+                                                                </SelectTrigger>
+                                                                <SelectContent>
+                                                                    <SelectItem value="1">
+                                                                        Version 1 (Recommended)
+                                                                    </SelectItem>
+                                                                    <SelectItem value="2">
+                                                                        Version 2
+                                                                    </SelectItem>
+                                                                </SelectContent>
+                                                            </Select>
+                                                        </FormControl>
+                                                        <FormDescription>
+                                                            Version 1 is text-based and widely supported. Version 2 is binary and more efficient but less compatible.
+                                                        </FormDescription>
+                                                    </FormItem>
+                                                )}
+                                            />
+
+                                            <Alert>
+                                                <AlertTriangle className="h-4 w-4" />
+                                                <AlertDescription>
+                                                    <strong>Warning:</strong> Your backend application must be configured to accept Proxy Protocol connections. 
+                                                    If your backend doesn't support Proxy Protocol, enabling this will break all connections. 
+                                                    Make sure to configure your backend to trust Proxy Protocol headers from Traefik.
+                                                </AlertDescription>
+                                            </Alert>
+                                        </>
+                                    )}
+                                </form>
+                            </Form>
+                        </SettingsSectionForm>
+                    </SettingsSectionBody>
+                </SettingsSection>
+            )}
+
             <div className="flex justify-end mt-6">
                 <Button
                     onClick={saveAllSettings}

From ac683c3ff761c3eab684515fbdeddc813d50f727 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Thu, 23 Oct 2025 23:24:42 +0530
Subject: [PATCH 50/69] add pg schema for proxy protocol

---
 server/db/pg/schema/schema.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/server/db/pg/schema/schema.ts b/server/db/pg/schema/schema.ts
index 2e307c5f..1d1ca200 100644
--- a/server/db/pg/schema/schema.ts
+++ b/server/db/pg/schema/schema.ts
@@ -102,7 +102,9 @@ export const resources = pgTable("resources", {
     skipToIdpId: integer("skipToIdpId").references(() => idp.idpId, {
         onDelete: "cascade"
     }),
-    headers: text("headers") // comma-separated list of headers to add to the request
+    headers: text("headers"), // comma-separated list of headers to add to the request
+    proxyProtocol: boolean("proxyProtocol").notNull().default(false),
+    proxyProtocolVersion: integer("proxyProtocolVersion").default(1)
 });
 
 export const targets = pgTable("targets", {

From 264bf46798b56cfa65f619c2bde954c0db9d29c6 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Thu, 23 Oct 2025 14:34:56 -0700
Subject: [PATCH 51/69] Filtering working on both access and request

---
 messages/en-US.json                           |   2 +-
 .../routers/auditLogs/exportAccessAuditLog.ts |  10 +-
 .../routers/auditLogs/exportActionAuditLog.ts |  10 +-
 .../routers/auditLogs/queryAccessAuditLog.ts  | 139 ++++++--
 .../routers/auditLogs/queryActionAuditLog.ts  |  62 ++--
 .../routers/auditLogs/queryRequstAuditLog.ts  | 102 +++++-
 server/routers/auditLogs/types.ts             |  20 +-
 src/app/[orgId]/settings/logs/access/page.tsx | 275 +++++++++++++--
 .../[orgId]/settings/logs/request/page.tsx    | 330 ++++++++++++++++--
 src/components/ColumnFilter.tsx               | 104 ++++++
 src/components/DateTimePicker.tsx             |  10 +-
 src/components/LogDataTable.tsx               |   8 +-
 12 files changed, 936 insertions(+), 136 deletions(-)
 create mode 100644 src/components/ColumnFilter.tsx

diff --git a/messages/en-US.json b/messages/en-US.json
index cb470439..801b5d5b 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1916,7 +1916,7 @@
     "noSessions": "No Sessions",
     "temporaryRequestToken": "Temporary Request Token",
     "noMoreAuthMethods": "No Valid Auth",
-    "ip": "IP Address",
+    "ip": "IP",
     "reason": "Reason",
     "requestLogs": "Request Logs",
     "host": "Host",
diff --git a/server/private/routers/auditLogs/exportAccessAuditLog.ts b/server/private/routers/auditLogs/exportAccessAuditLog.ts
index 8a6398fa..89aef6cb 100644
--- a/server/private/routers/auditLogs/exportAccessAuditLog.ts
+++ b/server/private/routers/auditLogs/exportAccessAuditLog.ts
@@ -49,7 +49,6 @@ export async function exportAccessAuditLogs(
                 )
             );
         }
-        const { timeStart, timeEnd, limit, offset } = parsedQuery.data;
 
         const parsedParams = queryAccessAuditLogsParams.safeParse(req.params);
         if (!parsedParams.success) {
@@ -60,16 +59,17 @@ export async function exportAccessAuditLogs(
                 )
             );
         }
-        const { orgId } = parsedParams.data;
 
-        const baseQuery = queryAccess(timeStart, timeEnd, orgId);
+        const data = { ...parsedQuery.data, ...parsedParams.data };
 
-        const log = await baseQuery.limit(limit).offset(offset);
+        const baseQuery = queryAccess(data);
+
+        const log = await baseQuery.limit(data.limit).offset(data.offset);
 
         const csvData = generateCSV(log);
         
         res.setHeader('Content-Type', 'text/csv');
-        res.setHeader('Content-Disposition', `attachment; filename="access-audit-logs-${orgId}-${Date.now()}.csv"`);
+        res.setHeader('Content-Disposition', `attachment; filename="access-audit-logs-${data.orgId}-${Date.now()}.csv"`);
         
         return res.send(csvData);
     } catch (error) {
diff --git a/server/private/routers/auditLogs/exportActionAuditLog.ts b/server/private/routers/auditLogs/exportActionAuditLog.ts
index 21329879..12c9ff8b 100644
--- a/server/private/routers/auditLogs/exportActionAuditLog.ts
+++ b/server/private/routers/auditLogs/exportActionAuditLog.ts
@@ -49,7 +49,6 @@ export async function exportActionAuditLogs(
                 )
             );
         }
-        const { timeStart, timeEnd, limit, offset } = parsedQuery.data;
 
         const parsedParams = queryActionAuditLogsParams.safeParse(req.params);
         if (!parsedParams.success) {
@@ -60,16 +59,17 @@ export async function exportActionAuditLogs(
                 )
             );
         }
-        const { orgId } = parsedParams.data;
 
-        const baseQuery = queryAction(timeStart, timeEnd, orgId);
+    const data = { ...parsedQuery.data, ...parsedParams.data };
 
-        const log = await baseQuery.limit(limit).offset(offset);
+        const baseQuery = queryAction(data);
+
+        const log = await baseQuery.limit(data.limit).offset(data.offset);
 
         const csvData = generateCSV(log);
         
         res.setHeader('Content-Type', 'text/csv');
-        res.setHeader('Content-Disposition', `attachment; filename="action-audit-logs-${orgId}-${Date.now()}.csv"`);
+        res.setHeader('Content-Disposition', `attachment; filename="action-audit-logs-${data.orgId}-${Date.now()}.csv"`);
         
         return res.send(csvData);
     } catch (error) {
diff --git a/server/private/routers/auditLogs/queryAccessAuditLog.ts b/server/private/routers/auditLogs/queryAccessAuditLog.ts
index cad2027f..92f927fd 100644
--- a/server/private/routers/auditLogs/queryAccessAuditLog.ts
+++ b/server/private/routers/auditLogs/queryAccessAuditLog.ts
@@ -41,6 +41,20 @@ export const queryAccessAuditLogsQuery = z.object({
         .transform((val) => Math.floor(new Date(val).getTime() / 1000))
         .optional()
         .default(new Date().toISOString()),
+    action: z
+        .union([z.boolean(), z.string()])
+        .transform((val) => (typeof val === "string" ? val === "true" : val))
+        .optional(),
+    actorType: z.string().optional(),
+    actorId: z.string().optional(),
+    resourceId: z
+        .string()
+        .optional()
+        .transform(Number)
+        .pipe(z.number().int().positive())
+        .optional(),
+    actor: z.string().optional(),
+    type: z.string().optional(),
     limit: z
         .string()
         .optional()
@@ -59,7 +73,32 @@ export const queryAccessAuditLogsParams = z.object({
     orgId: z.string()
 });
 
-export function queryAccess(timeStart: number, timeEnd: number, orgId: string) {
+export const queryAccessAuditLogsCombined = queryAccessAuditLogsQuery.merge(
+    queryAccessAuditLogsParams
+);
+type Q = z.infer<typeof queryAccessAuditLogsCombined>;
+
+function getWhere(data: Q) {
+    return and(
+        gt(accessAuditLog.timestamp, data.timeStart),
+        lt(accessAuditLog.timestamp, data.timeEnd),
+        eq(accessAuditLog.orgId, data.orgId),
+        data.resourceId
+            ? eq(accessAuditLog.resourceId, data.resourceId)
+            : undefined,
+        data.actor ? eq(accessAuditLog.actor, data.actor) : undefined,
+        data.actorType
+            ? eq(accessAuditLog.actorType, data.actorType)
+            : undefined,
+        data.actorId ? eq(accessAuditLog.actorId, data.actorId) : undefined,
+        data.type ? eq(accessAuditLog.type, data.type) : undefined,
+        data.action !== undefined
+            ? eq(accessAuditLog.action, data.action)
+            : undefined
+    );
+}
+
+export function queryAccess(data: Q) {
     return db
         .select({
             orgId: accessAuditLog.orgId,
@@ -78,31 +117,69 @@ export function queryAccess(timeStart: number, timeEnd: number, orgId: string) {
             actor: accessAuditLog.actor
         })
         .from(accessAuditLog)
-        .leftJoin(resources, eq(accessAuditLog.resourceId, resources.resourceId))
-        .where(
-            and(
-                gt(accessAuditLog.timestamp, timeStart),
-                lt(accessAuditLog.timestamp, timeEnd),
-                eq(accessAuditLog.orgId, orgId)
-            )
+        .leftJoin(
+            resources,
+            eq(accessAuditLog.resourceId, resources.resourceId)
         )
+        .where(getWhere(data))
         .orderBy(accessAuditLog.timestamp);
 }
 
-export function countAccessQuery(timeStart: number, timeEnd: number, orgId: string) {
-            const countQuery = db
-            .select({ count: count() })
-            .from(accessAuditLog)
-            .where(
-                and(
-                    gt(accessAuditLog.timestamp, timeStart),
-                    lt(accessAuditLog.timestamp, timeEnd),
-                    eq(accessAuditLog.orgId, orgId)
-                )
-            );
+export function countAccessQuery(data: Q) {
+    const countQuery = db
+        .select({ count: count() })
+        .from(accessAuditLog)
+        .where(getWhere(data));
     return countQuery;
 }
 
+async function queryUniqueFilterAttributes(
+    timeStart: number,
+    timeEnd: number,
+    orgId: string
+) {
+    const baseConditions = and(
+        gt(accessAuditLog.timestamp, timeStart),
+        lt(accessAuditLog.timestamp, timeEnd),
+        eq(accessAuditLog.orgId, orgId)
+    );
+
+    // Get unique actors
+    const uniqueActors = await db
+        .selectDistinct({
+            actor: accessAuditLog.actor
+        })
+        .from(accessAuditLog)
+        .where(baseConditions);
+
+    // Get unique locations
+    const uniqueLocations = await db
+        .selectDistinct({
+            locations: accessAuditLog.location
+        })
+        .from(accessAuditLog)
+        .where(baseConditions);
+
+    // Get unique resources with names
+    const uniqueResources = await db
+        .selectDistinct({
+            id: accessAuditLog.resourceId,
+            name: resources.name
+        })
+        .from(accessAuditLog)
+        .leftJoin(
+            resources,
+            eq(accessAuditLog.resourceId, resources.resourceId)
+        )
+        .where(baseConditions);
+
+    return {
+        actors: uniqueActors.map(row => row.actor).filter((actor): actor is string => actor !== null),
+        resources: uniqueResources.filter((row): row is { id: number; name: string | null } => row.id !== null),
+        locations: uniqueLocations.map(row => row.locations).filter((location): location is string => location !== null)
+    };
+}
+
 registry.registerPath({
     method: "get",
     path: "/org/{orgId}/logs/access",
@@ -130,8 +207,6 @@ export async function queryAccessAuditLogs(
                 )
             );
         }
-        const { timeStart, timeEnd, limit, offset } = parsedQuery.data;
-
         const parsedParams = queryAccessAuditLogsParams.safeParse(req.params);
         if (!parsedParams.success) {
             return next(
@@ -141,23 +216,31 @@ export async function queryAccessAuditLogs(
                 )
             );
         }
-        const { orgId } = parsedParams.data;
 
-        const baseQuery = queryAccess(timeStart, timeEnd, orgId);
+        const data = { ...parsedQuery.data, ...parsedParams.data };
 
-        const log = await baseQuery.limit(limit).offset(offset);
+        const baseQuery = queryAccess(data);
 
-        const totalCountResult = await countAccessQuery(timeStart, timeEnd, orgId);
+        const log = await baseQuery.limit(data.limit).offset(data.offset);
+
+        const totalCountResult = await countAccessQuery(data);
         const totalCount = totalCountResult[0].count;
 
+        const filterAttributes = await queryUniqueFilterAttributes(
+            data.timeStart,
+            data.timeEnd,
+            data.orgId
+        );
+
         return response<QueryAccessAuditLogResponse>(res, {
             data: {
                 log: log,
                 pagination: {
                     total: totalCount,
-                    limit,
-                    offset
-                }
+                    limit: data.limit,
+                    offset: data.offset
+                },
+                filterAttributes
             },
             success: true,
             error: false,
diff --git a/server/private/routers/auditLogs/queryActionAuditLog.ts b/server/private/routers/auditLogs/queryActionAuditLog.ts
index 9e357e8d..6e785c76 100644
--- a/server/private/routers/auditLogs/queryActionAuditLog.ts
+++ b/server/private/routers/auditLogs/queryActionAuditLog.ts
@@ -24,7 +24,6 @@ import { fromError } from "zod-validation-error";
 import { QueryActionAuditLogResponse } from "@server/routers/auditLogs/types";
 import response from "@server/lib/response";
 import logger from "@server/logger";
-import { metadata } from "@app/app/[orgId]/settings/layout";
 
 export const queryActionAuditLogsQuery = z.object({
     // iso string just validate its a parseable date
@@ -42,6 +41,10 @@ export const queryActionAuditLogsQuery = z.object({
         .transform((val) => Math.floor(new Date(val).getTime() / 1000))
         .optional()
         .default(new Date().toISOString()),
+    action: z.string().optional(),
+    actorType: z.string().optional(),
+    actorId: z.string().optional(),
+    actor: z.string().optional(),
     limit: z
         .string()
         .optional()
@@ -60,7 +63,23 @@ export const queryActionAuditLogsParams = z.object({
     orgId: z.string()
 });
 
-export function queryAction(timeStart: number, timeEnd: number, orgId: string) {
+export const queryActionAuditLogsCombined =
+    queryActionAuditLogsQuery.merge(queryActionAuditLogsParams);
+type Q = z.infer<typeof queryActionAuditLogsCombined>;
+
+function getWhere(data: Q) {
+    return and(
+        gt(actionAuditLog.timestamp, data.timeStart),
+        lt(actionAuditLog.timestamp, data.timeEnd),
+        eq(actionAuditLog.orgId, data.orgId),
+        data.actor ? eq(actionAuditLog.actor, data.actor) : undefined,
+        data.actorType ? eq(actionAuditLog.actorType, data.actorType) : undefined,
+        data.actorId ? eq(actionAuditLog.actorId, data.actorId) : undefined,
+        data.action ? eq(actionAuditLog.action, data.action) : undefined
+    );
+}
+
+export function queryAction(data: Q) {
     return db
         .select({
             orgId: actionAuditLog.orgId,
@@ -72,27 +91,15 @@ export function queryAction(timeStart: number, timeEnd: number, orgId: string) {
             actor: actionAuditLog.actor
         })
         .from(actionAuditLog)
-        .where(
-            and(
-                gt(actionAuditLog.timestamp, timeStart),
-                lt(actionAuditLog.timestamp, timeEnd),
-                eq(actionAuditLog.orgId, orgId)
-            )
-        )
+        .where(getWhere(data))
         .orderBy(actionAuditLog.timestamp);
 }
 
-export function countActionQuery(timeStart: number, timeEnd: number, orgId: string) {
-            const countQuery = db
-            .select({ count: count() })
-            .from(actionAuditLog)
-            .where(
-                and(
-                    gt(actionAuditLog.timestamp, timeStart),
-                    lt(actionAuditLog.timestamp, timeEnd),
-                    eq(actionAuditLog.orgId, orgId)
-                )
-            );
+export function countActionQuery(data: Q) {
+    const countQuery = db
+        .select({ count: count() })
+        .from(actionAuditLog)
+        .where(getWhere(data));
     return countQuery;
 }
 
@@ -123,8 +130,6 @@ export async function queryActionAuditLogs(
                 )
             );
         }
-        const { timeStart, timeEnd, limit, offset } = parsedQuery.data;
-
         const parsedParams = queryActionAuditLogsParams.safeParse(req.params);
         if (!parsedParams.success) {
             return next(
@@ -134,13 +139,14 @@ export async function queryActionAuditLogs(
                 )
             );
         }
-        const { orgId } = parsedParams.data;
 
-        const baseQuery = queryAction(timeStart, timeEnd, orgId);
+        const data = { ...parsedQuery.data, ...parsedParams.data };
 
-        const log = await baseQuery.limit(limit).offset(offset);
+        const baseQuery = queryAction(data);
 
-        const totalCountResult = await countActionQuery(timeStart, timeEnd, orgId);
+        const log = await baseQuery.limit(data.limit).offset(data.offset);
+
+        const totalCountResult = await countActionQuery(data);
         const totalCount = totalCountResult[0].count;
 
         return response<QueryActionAuditLogResponse>(res, {
@@ -148,8 +154,8 @@ export async function queryActionAuditLogs(
                 log: log,
                 pagination: {
                     total: totalCount,
-                    limit,
-                    offset
+                    limit: data.limit,
+                    offset: data.offset
                 }
             },
             success: true,
diff --git a/server/routers/auditLogs/queryRequstAuditLog.ts b/server/routers/auditLogs/queryRequstAuditLog.ts
index f4e24649..283e3d7e 100644
--- a/server/routers/auditLogs/queryRequstAuditLog.ts
+++ b/server/routers/auditLogs/queryRequstAuditLog.ts
@@ -28,11 +28,26 @@ export const queryAccessAuditLogsQuery = z.object({
         .transform((val) => Math.floor(new Date(val).getTime() / 1000))
         .optional()
         .default(new Date().toISOString()),
-    action: z.boolean().optional(),
+    action: z
+        .union([z.boolean(), z.string()])
+        .transform((val) => (typeof val === "string" ? val === "true" : val))
+        .optional(),
     method: z.enum(["GET", "POST", "PUT", "DELETE", "PATCH"]).optional(),
-    reason: z.number().optional(),
-    resourceId: z.number().optional(),
+    reason: z
+        .string()
+        .optional()
+        .transform(Number)
+        .pipe(z.number().int().positive())
+        .optional(),
+    resourceId: z
+        .string()
+        .optional()
+        .transform(Number)
+        .pipe(z.number().int().positive())
+        .optional(),
     actor: z.string().optional(),
+    host: z.string().optional(),
+    path: z.string().optional(),
     limit: z
         .string()
         .optional()
@@ -65,7 +80,12 @@ function getWhere(data: Q) {
             : undefined,
         data.actor ? eq(requestAuditLog.actor, data.actor) : undefined,
         data.method ? eq(requestAuditLog.method, data.method) : undefined,
-        data.reason ? eq(requestAuditLog.reason, data.reason) : undefined
+        data.reason ? eq(requestAuditLog.reason, data.reason) : undefined,
+        data.host ? eq(requestAuditLog.host, data.host) : undefined,
+        data.path ? eq(requestAuditLog.path, data.path) : undefined,
+        data.action !== undefined
+            ? eq(requestAuditLog.action, data.action)
+            : undefined
     );
 }
 
@@ -124,6 +144,71 @@ registry.registerPath({
     responses: {}
 });
 
+async function queryUniqueFilterAttributes(
+    timeStart: number,
+    timeEnd: number,
+    orgId: string
+) {
+    const baseConditions = and(
+        gt(requestAuditLog.timestamp, timeStart),
+        lt(requestAuditLog.timestamp, timeEnd),
+        eq(requestAuditLog.orgId, orgId)
+    );
+
+    // Get unique actors
+    const uniqueActors = await db
+        .selectDistinct({
+            actor: requestAuditLog.actor
+        })
+        .from(requestAuditLog)
+        .where(baseConditions);
+
+    // Get unique locations
+    const uniqueLocations = await db
+        .selectDistinct({
+            locations: requestAuditLog.location
+        })
+        .from(requestAuditLog)
+        .where(baseConditions);
+
+    // Get unique actors
+    const uniqueHosts = await db
+        .selectDistinct({
+            hosts: requestAuditLog.host
+        })
+        .from(requestAuditLog)
+        .where(baseConditions);
+
+    // Get unique actors
+    const uniquePaths = await db
+        .selectDistinct({
+            paths: requestAuditLog.path
+        })
+        .from(requestAuditLog)
+        .where(baseConditions);
+
+    // Get unique resources with names
+    const uniqueResources = await db
+        .selectDistinct({
+            id: requestAuditLog.resourceId,
+            name: resources.name
+        })
+        .from(requestAuditLog)
+        .leftJoin(
+            resources,
+            eq(requestAuditLog.resourceId, resources.resourceId)
+        )
+        .where(baseConditions);
+
+    return {
+        actors: uniqueActors.map(row => row.actor).filter((actor): actor is string => actor !== null),
+        resources: uniqueResources.filter((row): row is { id: number; name: string | null } => row.id !== null),
+        locations: uniqueLocations.map(row => row.locations).filter((location): location is string => location !== null),
+        hosts: uniqueHosts.map(row => row.hosts).filter((host): host is string => host !== null),
+        paths: uniquePaths.map(row => row.paths).filter((path): path is string => path !== null)
+    };
+}
+
 export async function queryRequestAuditLogs(
     req: Request,
     res: Response,
@@ -159,6 +244,12 @@ export async function queryRequestAuditLogs(
         const totalCountResult = await countRequestQuery(data);
         const totalCount = totalCountResult[0].count;
 
+        const filterAttributes = await queryUniqueFilterAttributes(
+            data.timeStart,
+            data.timeEnd,
+            data.orgId
+        );
+
         return response<QueryRequestAuditLogResponse>(res, {
             data: {
                 log: log,
@@ -166,7 +257,8 @@ export async function queryRequestAuditLogs(
                     total: totalCount,
                     limit: data.limit,
                     offset: data.offset
-                }
+                },
+                filterAttributes
             },
             success: true,
             error: false,
diff --git a/server/routers/auditLogs/types.ts b/server/routers/auditLogs/types.ts
index b35c2d9e..8adc1750 100644
--- a/server/routers/auditLogs/types.ts
+++ b/server/routers/auditLogs/types.ts
@@ -45,6 +45,16 @@ export type QueryRequestAuditLogResponse = {
         limit: number;
         offset: number;
     };
+    filterAttributes: {
+        actors: string[];
+        resources: {
+            id: number;
+            name: string | null;
+        }[];
+        locations: string[];
+        hosts: string[];
+        paths: string[];
+    };
 };
 
 export type QueryAccessAuditLogResponse = {
@@ -69,4 +79,12 @@ export type QueryAccessAuditLogResponse = {
         limit: number;
         offset: number;
     };
-};
+    filterAttributes: {
+        actors: string[];
+        resources: {
+            id: number;
+            name: string | null;
+        }[];
+        locations: string[];
+    };
+};
\ No newline at end of file
diff --git a/src/app/[orgId]/settings/logs/access/page.tsx b/src/app/[orgId]/settings/logs/access/page.tsx
index e2b68ae0..47544ff6 100644
--- a/src/app/[orgId]/settings/logs/access/page.tsx
+++ b/src/app/[orgId]/settings/logs/access/page.tsx
@@ -4,17 +4,19 @@ import { toast } from "@app/hooks/useToast";
 import { useState, useRef, useEffect } from "react";
 import { createApiClient } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
-import { useParams, useRouter } from "next/navigation";
+import { useParams, useRouter, useSearchParams } from "next/navigation";
 import { useTranslations } from "next-intl";
 import { LogDataTable } from "@app/components/LogDataTable";
 import { ColumnDef } from "@tanstack/react-table";
 import { DateTimeValue } from "@app/components/DateTimePicker";
 import { ArrowUpRight, Key, User } from "lucide-react";
 import Link from "next/link";
+import { ColumnFilter } from "@app/components/ColumnFilter";
 
 export default function GeneralPage() {
     const [isDeleteModalOpen, setIsDeleteModalOpen] = useState(false);
     const router = useRouter();
+    const searchParams = useSearchParams();
     const api = createApiClient(useEnvContext());
     const t = useTranslations();
     const { env } = useEnvContext();
@@ -23,6 +25,33 @@ export default function GeneralPage() {
     const [rows, setRows] = useState<any[]>([]);
     const [isRefreshing, setIsRefreshing] = useState(false);
     const [isExporting, setIsExporting] = useState(false);
+    const [filterAttributes, setFilterAttributes] = useState<{
+        actors: string[];
+        resources: {
+            id: number;
+            name: string | null;
+        }[];
+        locations: string[];
+    }>({
+        actors: [],
+        resources: [],
+        locations: []
+    });
+
+    // Filter states - unified object for all filters
+    const [filters, setFilters] = useState<{
+        action?: string;
+        type?: string;
+        resourceId?: string;
+        location?: string;
+        actor?: string;
+    }>({
+        action: searchParams.get("action") || undefined,
+        type: searchParams.get("type") || undefined,
+        resourceId: searchParams.get("resourceId") || undefined,
+        location: searchParams.get("location") || undefined,
+        actor: searchParams.get("actor") || undefined
+    });
 
     // Pagination state
     const [totalCount, setTotalCount] = useState<number>(0);
@@ -32,6 +61,20 @@ export default function GeneralPage() {
 
     // Set default date range to last 24 hours
     const getDefaultDateRange = () => {
+        // if the time is in the url params, use that instead
+        const startParam = searchParams.get("start");
+        const endParam = searchParams.get("end");
+        if (startParam && endParam) {
+            return {
+                startDate: {
+                    date: new Date(startParam)
+                },
+                endDate: {
+                    date: new Date(endParam)
+                }
+            };
+        }
+
         const now = new Date();
         const yesterday = new Date(now.getTime() - 24 * 60 * 60 * 1000);
 
@@ -53,7 +96,12 @@ export default function GeneralPage() {
     // Trigger search with default values on component mount
     useEffect(() => {
         const defaultRange = getDefaultDateRange();
-        queryDateTime(defaultRange.startDate, defaultRange.endDate);
+        queryDateTime(
+            defaultRange.startDate,
+            defaultRange.endDate,
+            0,
+            pageSize
+        );
     }, [orgId]); // Re-run if orgId changes
 
     const handleDateRangeChange = (
@@ -62,6 +110,12 @@ export default function GeneralPage() {
     ) => {
         setDateRange({ startDate, endDate });
         setCurrentPage(0); // Reset to first page when filtering
+        // put the search params in the url for the time
+        updateUrlParamsForAllFilters({
+            start: startDate.date?.toISOString() || "",
+            end: endDate.date?.toISOString() || ""
+        });
+
         queryDateTime(startDate, endDate, 0, pageSize);
     };
 
@@ -83,20 +137,76 @@ export default function GeneralPage() {
         queryDateTime(dateRange.startDate, dateRange.endDate, 0, newPageSize);
     };
 
+    // Handle filter changes generically
+    const handleFilterChange = (
+        filterType: keyof typeof filters,
+        value: string | undefined
+    ) => {
+        console.log(`${filterType} filter changed:`, value);
+
+        // Create new filters object with updated value
+        const newFilters = {
+            ...filters,
+            [filterType]: value
+        };
+
+        setFilters(newFilters);
+        setCurrentPage(0); // Reset to first page when filtering
+
+        // Update URL params
+        updateUrlParamsForAllFilters(newFilters);
+
+        // Trigger new query with updated filters (pass directly to avoid async state issues)
+        queryDateTime(
+            dateRange.startDate,
+            dateRange.endDate,
+            0,
+            pageSize,
+            newFilters
+        );
+    };
+
+    const updateUrlParamsForAllFilters = (
+        newFilters:
+            | typeof filters
+            | {
+                  start: string;
+                  end: string;
+              }
+    ) => {
+        const params = new URLSearchParams(searchParams);
+        Object.entries(newFilters).forEach(([key, value]) => {
+            if (value) {
+                params.set(key, value);
+            } else {
+                params.delete(key);
+            }
+        });
+        router.replace(`?${params.toString()}`, { scroll: false });
+    };
+
     const queryDateTime = async (
         startDate: DateTimeValue,
         endDate: DateTimeValue,
         page: number = currentPage,
-        size: number = pageSize
+        size: number = pageSize,
+        filtersParam?: {
+            action?: string;
+            type?: string;
+        }
     ) => {
         console.log("Date range changed:", { startDate, endDate, page, size });
         setIsLoading(true);
 
         try {
+            // Use the provided filters or fall back to current state
+            const activeFilters = filtersParam || filters;
+
             // Convert the date/time values to API parameters
             let params: any = {
                 limit: size,
-                offset: page * size
+                offset: page * size,
+                ...activeFilters
             };
 
             if (startDate?.date) {
@@ -134,6 +244,7 @@ export default function GeneralPage() {
             if (res.status === 200) {
                 setRows(res.data.data.log || []);
                 setTotalCount(res.data.data.pagination?.total || 0);
+                setFilterAttributes(res.data.data.filterAttributes);
                 console.log("Fetched logs:", res.data);
             }
         } catch (error) {
@@ -172,16 +283,21 @@ export default function GeneralPage() {
     const exportData = async () => {
         try {
             setIsExporting(true);
+
+            // Prepare query params for export
+            let params: any = {
+                timeStart: dateRange.startDate?.date
+                    ? new Date(dateRange.startDate.date).toISOString()
+                    : undefined,
+                timeEnd: dateRange.endDate?.date
+                    ? new Date(dateRange.endDate.date).toISOString()
+                    : undefined,
+                ...filters
+            };
+
             const response = await api.get(`/org/${orgId}/logs/access/export`, {
                 responseType: "blob",
-                params: {
-                    timeStart: dateRange.startDate?.date
-                        ? new Date(dateRange.startDate.date).toISOString()
-                        : undefined,
-                    timeEnd: dateRange.endDate?.date
-                        ? new Date(dateRange.endDate.date).toISOString()
-                        : undefined
-                }
+                params
             });
 
             // Create a URL for the blob and trigger a download
@@ -225,7 +341,24 @@ export default function GeneralPage() {
         {
             accessorKey: "action",
             header: ({ column }) => {
-                return t("action");
+                return (
+                    <div className="flex items-center gap-2">
+                        <span>{t("action")}</span>
+                        <ColumnFilter
+                            options={[
+                                { value: "true", label: "Allowed" },
+                                { value: "false", label: "Denied" }
+                            ]}
+                            selectedValue={filters.action}
+                            onValueChange={(value) =>
+                                handleFilterChange("action", value)
+                            }
+                            // placeholder=""
+                            searchPlaceholder="Search..."
+                            emptyMessage="None found"
+                        />
+                    </div>
+                );
             },
             cell: ({ row }) => {
                 return (
@@ -244,7 +377,26 @@ export default function GeneralPage() {
         {
             accessorKey: "location",
             header: ({ column }) => {
-                return t("location");
+                return (
+                    <div className="flex items-center gap-2">
+                        <span>{t("location")}</span>
+                        <ColumnFilter
+                            options={filterAttributes.locations.map(
+                                (location) => ({
+                                    value: location,
+                                    label: location
+                                })
+                            )}
+                            selectedValue={filters.location}
+                            onValueChange={(value) =>
+                                handleFilterChange("location", value)
+                            }
+                            // placeholder=""
+                            searchPlaceholder="Search..."
+                            emptyMessage="None found"
+                        />
+                    </div>
+                );
             },
             cell: ({ row }) => {
                 return (
@@ -264,7 +416,26 @@ export default function GeneralPage() {
         },
         {
             accessorKey: "resourceName",
-            header: t("resource"),
+            header: ({ column }) => {
+                return (
+                    <div className="flex items-center gap-2">
+                        <span>{t("resource")}</span>
+                        <ColumnFilter
+                            options={filterAttributes.resources.map((res) => ({
+                                value: res.id.toString(),
+                                label: res.name || "Unnamed Resource"
+                            }))}
+                            selectedValue={filters.resourceId}
+                            onValueChange={(value) =>
+                                handleFilterChange("resourceId", value)
+                            }
+                            // placeholder=""
+                            searchPlaceholder="Search..."
+                            emptyMessage="None found"
+                        />
+                    </div>
+                );
+            },
             cell: ({ row }) => {
                 return (
                     <Link
@@ -285,26 +456,56 @@ export default function GeneralPage() {
         {
             accessorKey: "type",
             header: ({ column }) => {
-                return t("type");
+                return (
+                    <div className="flex items-center gap-2">
+                        <span>{t("type")}</span>
+                        <ColumnFilter
+                            options={[
+                                { value: "password", label: "Password" },
+                                { value: "pincode", label: "Pincode" },
+                                { value: "login", label: "Login" },
+                                {
+                                    value: "whitelistedEmail",
+                                    label: "Whitelisted Email"
+                                }
+                            ]}
+                            selectedValue={filters.type}
+                            onValueChange={(value) =>
+                                handleFilterChange("type", value)
+                            }
+                            // placeholder=""
+                            searchPlaceholder="Search..."
+                            emptyMessage="None found"
+                        />
+                    </div>
+                );
             },
             cell: ({ row }) => {
-                return (
-                    <span className="flex items-center gap-1">
-                        {/* {row.original.type == "pincode" ? (
-                            <User className="h-4 w-4" />
-                        ) : (
-                            <Key className="h-4 w-4" />
-                        )} */}
-                        {row.original.type.charAt(0).toUpperCase() +
-                            row.original.type.slice(1)}
-                    </span>
-                );
+                // should be capitalized first letter
+                return <span>{row.original.type.charAt(0).toUpperCase() + row.original.type.slice(1) || "-"}</span>;
             }
         },
         {
             accessorKey: "actor",
             header: ({ column }) => {
-                return t("actor");
+                return (
+                    <div className="flex items-center gap-2">
+                        <span>{t("actor")}</span>
+                        <ColumnFilter
+                            options={filterAttributes.actors.map((actor) => ({
+                                value: actor,
+                                label: actor
+                            }))}
+                            selectedValue={filters.actor}
+                            onValueChange={(value) =>
+                                handleFilterChange("actor", value)
+                            }
+                            // placeholder=""
+                            searchPlaceholder="Search..."
+                            emptyMessage="None found"
+                        />
+                    </div>
+                );
             },
             cell: ({ row }) => {
                 return (
@@ -344,10 +545,24 @@ export default function GeneralPage() {
         return (
             <div className="space-y-4">
                 <div className="grid grid-cols-1 md:grid-cols-2 gap-4 text-xs">
+                    {row.userAgent != "node" && (
+                        <div>
+                            <strong>User Agent:</strong>
+                            <p className="text-muted-foreground mt-1 break-all">
+                                {row.userAgent || "N/A"}
+                            </p>
+                        </div>
+                    )}
                     <div>
                         <strong>Metadata:</strong>
                         <pre className="text-muted-foreground mt-1 text-xs bg-background p-2 rounded border overflow-auto">
-                            {row.metadata ? JSON.stringify(JSON.parse(row.metadata), null, 2) : "N/A"}
+                            {row.metadata
+                                ? JSON.stringify(
+                                      JSON.parse(row.metadata),
+                                      null,
+                                      2
+                                  )
+                                : "N/A"}
                         </pre>
                     </div>
                 </div>
@@ -362,8 +577,6 @@ export default function GeneralPage() {
                 data={rows}
                 persistPageSize="access-logs-table"
                 title={t("accessLogs")}
-                searchPlaceholder={t("searchLogs")}
-                searchColumn="type"
                 onRefresh={refreshData}
                 isRefreshing={isRefreshing}
                 onExport={exportData}
diff --git a/src/app/[orgId]/settings/logs/request/page.tsx b/src/app/[orgId]/settings/logs/request/page.tsx
index 9c7f6bd4..50ae3740 100644
--- a/src/app/[orgId]/settings/logs/request/page.tsx
+++ b/src/app/[orgId]/settings/logs/request/page.tsx
@@ -4,21 +4,22 @@ import { toast } from "@app/hooks/useToast";
 import { useState, useRef, useEffect } from "react";
 import { createApiClient } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
-import { useParams, useRouter } from "next/navigation";
+import { useParams, useRouter, useSearchParams } from "next/navigation";
 import { useTranslations } from "next-intl";
 import { LogDataTable } from "@app/components/LogDataTable";
 import { ColumnDef } from "@tanstack/react-table";
 import { DateTimeValue } from "@app/components/DateTimePicker";
 import { Key, RouteOff, User, Lock, Unlock, ArrowUpRight } from "lucide-react";
 import Link from "next/link";
+import { ColumnFilter } from "@app/components/ColumnFilter";
 
 export default function GeneralPage() {
-    const [isDeleteModalOpen, setIsDeleteModalOpen] = useState(false);
     const router = useRouter();
     const api = createApiClient(useEnvContext());
     const t = useTranslations();
     const { env } = useEnvContext();
     const { orgId } = useParams();
+    const searchParams = useSearchParams();
 
     const [rows, setRows] = useState<any[]>([]);
     const [isRefreshing, setIsRefreshing] = useState(false);
@@ -30,8 +31,60 @@ export default function GeneralPage() {
     const [pageSize, setPageSize] = useState<number>(20);
     const [isLoading, setIsLoading] = useState(false);
 
+    const [filterAttributes, setFilterAttributes] = useState<{
+        actors: string[];
+        resources: {
+            id: number;
+            name: string | null;
+        }[];
+        locations: string[];
+        hosts: string[];
+        paths: string[];
+    }>({
+        actors: [],
+        resources: [],
+        locations: [],
+        hosts: [],
+        paths: [] 
+    });
+
+    // Filter states - unified object for all filters
+    const [filters, setFilters] = useState<{
+        action?: string;
+        resourceId?: string;
+        host?: string;
+        location?: string;
+        actor?: string;
+        method?: string;
+        reason?: string;
+        path?: string;
+    }>({
+        action: searchParams.get("action") || undefined,
+        host: searchParams.get("host") || undefined,
+        resourceId: searchParams.get("resourceId") || undefined,
+        location: searchParams.get("location") || undefined,
+        actor: searchParams.get("actor") || undefined,
+        method: searchParams.get("method") || undefined,
+        reason: searchParams.get("reason") || undefined,
+        path: searchParams.get("path") || undefined
+    });
+
     // Set default date range to last 24 hours
     const getDefaultDateRange = () => {
+        // if the time is in the url params, use that instead
+        const startParam = searchParams.get("start");
+        const endParam = searchParams.get("end");
+        if (startParam && endParam) {
+            return {
+                startDate: {
+                    date: new Date(startParam)
+                },
+                endDate: {
+                    date: new Date(endParam)
+                }
+            };
+        }
+
         const now = new Date();
         const yesterday = new Date(now.getTime() - 24 * 60 * 60 * 1000);
 
@@ -53,7 +106,12 @@ export default function GeneralPage() {
     // Trigger search with default values on component mount
     useEffect(() => {
         const defaultRange = getDefaultDateRange();
-        queryDateTime(defaultRange.startDate, defaultRange.endDate);
+        queryDateTime(
+            defaultRange.startDate,
+            defaultRange.endDate,
+            0,
+            pageSize
+        );
     }, [orgId]); // Re-run if orgId changes
 
     const handleDateRangeChange = (
@@ -62,6 +120,12 @@ export default function GeneralPage() {
     ) => {
         setDateRange({ startDate, endDate });
         setCurrentPage(0); // Reset to first page when filtering
+        // put the search params in the url for the time
+        updateUrlParamsForAllFilters({
+            start: startDate.date?.toISOString() || "",
+            end: endDate.date?.toISOString() || ""
+        });
+
         queryDateTime(startDate, endDate, 0, pageSize);
     };
 
@@ -83,20 +147,76 @@ export default function GeneralPage() {
         queryDateTime(dateRange.startDate, dateRange.endDate, 0, newPageSize);
     };
 
+    // Handle filter changes generically
+    const handleFilterChange = (
+        filterType: keyof typeof filters,
+        value: string | undefined
+    ) => {
+        console.log(`${filterType} filter changed:`, value);
+
+        // Create new filters object with updated value
+        const newFilters = {
+            ...filters,
+            [filterType]: value
+        };
+
+        setFilters(newFilters);
+        setCurrentPage(0); // Reset to first page when filtering
+
+        // Update URL params
+        updateUrlParamsForAllFilters(newFilters);
+
+        // Trigger new query with updated filters (pass directly to avoid async state issues)
+        queryDateTime(
+            dateRange.startDate,
+            dateRange.endDate,
+            0,
+            pageSize,
+            newFilters
+        );
+    };
+
+    const updateUrlParamsForAllFilters = (
+        newFilters:
+            | typeof filters
+            | {
+                  start: string;
+                  end: string;
+              }
+    ) => {
+        const params = new URLSearchParams(searchParams);
+        Object.entries(newFilters).forEach(([key, value]) => {
+            if (value) {
+                params.set(key, value);
+            } else {
+                params.delete(key);
+            }
+        });
+        router.replace(`?${params.toString()}`, { scroll: false });
+    };
+
     const queryDateTime = async (
         startDate: DateTimeValue,
         endDate: DateTimeValue,
         page: number = currentPage,
-        size: number = pageSize
+        size: number = pageSize,
+        filtersParam?: {
+            action?: string;
+            type?: string;
+        }
     ) => {
         console.log("Date range changed:", { startDate, endDate, page, size });
         setIsLoading(true);
 
         try {
+            // Use the provided filters or fall back to current state
+            const activeFilters = filtersParam || filters;
+
             // Convert the date/time values to API parameters
             let params: any = {
                 limit: size,
-                offset: page * size
+                offset: page * size,
+                ...activeFilters
             };
 
             if (startDate?.date) {
@@ -134,6 +254,7 @@ export default function GeneralPage() {
             if (res.status === 200) {
                 setRows(res.data.data.log || []);
                 setTotalCount(res.data.data.pagination?.total || 0);
+                setFilterAttributes(res.data.data.filterAttributes);
                 console.log("Fetched logs:", res.data);
             }
         } catch (error) {
@@ -172,18 +293,23 @@ export default function GeneralPage() {
     const exportData = async () => {
         try {
             setIsExporting(true);
+
+            // Prepare query params for export
+            let params: any = {
+                timeStart: dateRange.startDate?.date
+                    ? new Date(dateRange.startDate.date).toISOString()
+                    : undefined,
+                timeEnd: dateRange.endDate?.date
+                    ? new Date(dateRange.endDate.date).toISOString()
+                    : undefined,
+                ...filters
+            };
+
             const response = await api.get(
                 `/org/${orgId}/logs/request/export`,
                 {
                     responseType: "blob",
-                    params: {
-                        timeStart: dateRange.startDate?.date
-                            ? new Date(dateRange.startDate.date).toISOString()
-                            : undefined,
-                        timeEnd: dateRange.endDate?.date
-                            ? new Date(dateRange.endDate.date).toISOString()
-                            : undefined
-                    }
+                    params
                 }
             );
 
@@ -269,7 +395,24 @@ export default function GeneralPage() {
         {
             accessorKey: "action",
             header: ({ column }) => {
-                return t("action");
+                return (
+                    <div className="flex items-center gap-2">
+                        <span>{t("action")}</span>
+                        <ColumnFilter
+                            options={[
+                                { value: "true", label: "Allowed" },
+                                { value: "false", label: "Denied" }
+                            ]}
+                            selectedValue={filters.action}
+                            onValueChange={(value) =>
+                                handleFilterChange("action", value)
+                            }
+                            // placeholder=""
+                            searchPlaceholder="Search..."
+                            emptyMessage="None found"
+                        />
+                    </div>
+                );
             },
             cell: ({ row }) => {
                 return (
@@ -288,7 +431,26 @@ export default function GeneralPage() {
         {
             accessorKey: "location",
             header: ({ column }) => {
-                return t("location");
+                return (
+                    <div className="flex items-center gap-2">
+                        <span>{t("location")}</span>
+                        <ColumnFilter
+                            options={filterAttributes.locations.map(
+                                (location) => ({
+                                    value: location,
+                                    label: location
+                                })
+                            )}
+                            selectedValue={filters.location}
+                            onValueChange={(value) =>
+                                handleFilterChange("location", value)
+                            }
+                            // placeholder=""
+                            searchPlaceholder="Search..."
+                            emptyMessage="None found"
+                        />
+                    </div>
+                );
             },
             cell: ({ row }) => {
                 return (
@@ -308,7 +470,26 @@ export default function GeneralPage() {
         },
         {
             accessorKey: "resourceName",
-            header: t("resource"),
+            header: ({ column }) => {
+                return (
+                    <div className="flex items-center gap-2">
+                        <span>{t("resource")}</span>
+                        <ColumnFilter
+                            options={filterAttributes.resources.map((res) => ({
+                                value: res.id.toString(),
+                                label: res.name || "Unnamed Resource"
+                            }))}
+                            selectedValue={filters.resourceId}
+                            onValueChange={(value) =>
+                                handleFilterChange("resourceId", value)
+                            }
+                            // placeholder=""
+                            searchPlaceholder="Search..."
+                            emptyMessage="None found"
+                        />
+                    </div>
+                );
+            },
             cell: ({ row }) => {
                 return (
                     <Link
@@ -330,7 +511,24 @@ export default function GeneralPage() {
         {
             accessorKey: "host",
             header: ({ column }) => {
-                return t("host");
+                return (
+                    <div className="flex items-center gap-2">
+                        <span>{t("host")}</span>
+                        <ColumnFilter
+                            options={filterAttributes.hosts.map((host) => ({
+                                value: host,
+                                label: host
+                            }))}
+                            selectedValue={filters.host}
+                            onValueChange={(value) =>
+                                handleFilterChange("host", value)
+                            }
+                            // placeholder=""
+                            searchPlaceholder="Search..."
+                            emptyMessage="None found"
+                        />
+                    </div>
+                );
             },
             cell: ({ row }) => {
                 return (
@@ -348,8 +546,25 @@ export default function GeneralPage() {
         {
             accessorKey: "path",
             header: ({ column }) => {
-                return t("path");
-            }
+                return (
+                    <div className="flex items-center gap-2">
+                        <span>{t("path")}</span>
+                        <ColumnFilter
+                            options={filterAttributes.paths.map((path) => ({
+                                value: path,
+                                label: path
+                            }))}
+                            selectedValue={filters.path}
+                            onValueChange={(value) =>
+                                handleFilterChange("path", value)
+                            }
+                            // placeholder=""
+                            searchPlaceholder="Search..."
+                            emptyMessage="None found"
+                        />
+                    </div>
+                );
+            },
         },
 
         // {
@@ -361,13 +576,65 @@ export default function GeneralPage() {
         {
             accessorKey: "method",
             header: ({ column }) => {
-                return t("method");
-            }
+                return (
+                    <div className="flex items-center gap-2">
+                        <span>{t("method")}</span>
+                        <ColumnFilter
+                            options={[
+                                { value: "GET", label: "GET" },
+                                { value: "POST", label: "POST" },
+                                { value: "PUT", label: "PUT" },
+                                { value: "DELETE", label: "DELETE" },
+                                { value: "PATCH", label: "PATCH" },
+                                { value: "HEAD", label: "HEAD" },
+                                { value: "OPTIONS", label: "OPTIONS" }
+                            ]
+                            }
+                            selectedValue={filters.method}
+                            onValueChange={(value) =>
+                                handleFilterChange("method", value)
+                            }
+                            // placeholder=""
+                            searchPlaceholder="Search..."
+                            emptyMessage="None found"
+                        />
+                    </div>
+                );
+            },
         },
         {
             accessorKey: "reason",
             header: ({ column }) => {
-                return t("reason");
+                return (
+                    <div className="flex items-center gap-2">
+                        <span>{t("reason")}</span>
+                        <ColumnFilter
+                            options={[
+                                { value: "100", label: t("allowedByRule") },
+                                { value: "101", label: t("allowedNoAuth") },
+                                { value: "102", label: t("validAccessToken") },
+                                { value: "103", label: t("validHeaderAuth") },
+                                { value: "104", label: t("validPincode") },
+                                { value: "105", label: t("validPassword") },
+                                { value: "106", label: t("validEmail") },
+                                { value: "107", label: t("validSSO") },
+                                { value: "201", label: t("resourceNotFound") },
+                                { value: "202", label: t("resourceBlocked") },
+                                { value: "203", label: t("droppedByRule") },
+                                { value: "204", label: t("noSessions") },
+                                { value: "205", label: t("temporaryRequestToken") },
+                                { value: "299", label: t("noMoreAuthMethods") }
+                            ]}
+                            selectedValue={filters.reason}
+                            onValueChange={(value) =>
+                                handleFilterChange("reason", value)
+                            }
+                            // placeholder=""
+                            searchPlaceholder="Search..."
+                            emptyMessage="None found"
+                        />
+                    </div>
+                );
             },
             cell: ({ row }) => {
                 return (
@@ -380,7 +647,24 @@ export default function GeneralPage() {
         {
             accessorKey: "actor",
             header: ({ column }) => {
-                return t("actor");
+                return (
+                    <div className="flex items-center gap-2">
+                        <span>{t("actor")}</span>
+                        <ColumnFilter
+                            options={filterAttributes.actors.map((actor) => ({
+                                value: actor,
+                                label: actor
+                            }))}
+                            selectedValue={filters.actor}
+                            onValueChange={(value) =>
+                                handleFilterChange("actor", value)
+                            }
+                            // placeholder=""
+                            searchPlaceholder="Search..."
+                            emptyMessage="None found"
+                        />
+                    </div>
+                );
             },
             cell: ({ row }) => {
                 return (
diff --git a/src/components/ColumnFilter.tsx b/src/components/ColumnFilter.tsx
new file mode 100644
index 00000000..eee91ecc
--- /dev/null
+++ b/src/components/ColumnFilter.tsx
@@ -0,0 +1,104 @@
+import { useState } from "react";
+import { Button } from "@app/components/ui/button";
+import { Popover, PopoverContent, PopoverTrigger } from "@app/components/ui/popover";
+import { Command, CommandEmpty, CommandGroup, CommandInput, CommandItem, CommandList } from "@app/components/ui/command";
+import { CheckIcon, ChevronDownIcon, Filter } from "lucide-react";
+import { cn } from "@app/lib/cn";
+
+interface FilterOption {
+    value: string;
+    label: string;
+}
+
+interface ColumnFilterProps {
+    options: FilterOption[];
+    selectedValue?: string;
+    onValueChange: (value: string | undefined) => void;
+    placeholder?: string;
+    searchPlaceholder?: string;
+    emptyMessage?: string;
+    className?: string;
+}
+
+export function ColumnFilter({
+    options,
+    selectedValue,
+    onValueChange,
+    placeholder,
+    searchPlaceholder = "Search...",
+    emptyMessage = "No options found",
+    className
+}: ColumnFilterProps) {
+    const [open, setOpen] = useState(false);
+
+    const selectedOption = options.find(option => option.value === selectedValue);
+
+    return (
+        <Popover open={open} onOpenChange={setOpen}>
+            <PopoverTrigger asChild>
+                <Button
+                    variant="ghost"
+                    role="combobox"
+                    aria-expanded={open}
+                    className={cn(
+                        "justify-between text-sm h-8 px-2",
+                        !selectedValue && "text-muted-foreground",
+                        className
+                    )}
+                >
+                    <div className="flex items-center gap-2">
+                        <Filter className="h-4 w-4" />
+                        <span className="truncate">
+                            {selectedOption ? selectedOption.label : placeholder}
+                        </span>
+                    </div>
+                    <ChevronDownIcon className="h-4 w-4 shrink-0 opacity-50" />
+                </Button>
+            </PopoverTrigger>
+            <PopoverContent className="p-0 w-[200px]" align="start">
+                <Command>
+                    <CommandInput placeholder={searchPlaceholder} />
+                    <CommandList>
+                        <CommandEmpty>{emptyMessage}</CommandEmpty>
+                        <CommandGroup>
+                            {/* Clear filter option */}
+                            {selectedValue && (
+                                <CommandItem
+                                    onSelect={() => {
+                                        onValueChange(undefined);
+                                        setOpen(false);
+                                    }}
+                                    className="text-muted-foreground"
+                                >
+                                    Clear filter
+                                </CommandItem>
+                            )}
+                            {options.map((option) => (
+                                <CommandItem
+                                    key={option.value}
+                                    value={option.label}
+                                    onSelect={() => {
+                                        onValueChange(
+                                            selectedValue === option.value ? undefined : option.value
+                                        );
+                                        setOpen(false);
+                                    }}
+                                >
+                                    <CheckIcon
+                                        className={cn(
+                                            "mr-2 h-4 w-4",
+                                            selectedValue === option.value
+                                                ? "opacity-100"
+                                                : "opacity-0"
+                                        )}
+                                    />
+                                    {option.label}
+                                </CommandItem>
+                            ))}
+                        </CommandGroup>
+                    </CommandList>
+                </Command>
+            </PopoverContent>
+        </Popover>
+    );
+}
\ No newline at end of file
diff --git a/src/components/DateTimePicker.tsx b/src/components/DateTimePicker.tsx
index d079ff26..d0b6d40e 100644
--- a/src/components/DateTimePicker.tsx
+++ b/src/components/DateTimePicker.tsx
@@ -80,9 +80,9 @@ const getDisplayText = () => {
 
   return (
     <div className={cn("flex gap-4", className)}>
-      <div className="flex flex-col gap-3">
+      <div className="flex flex-col gap-2">
         {label && (
-          <Label htmlFor="date-picker" className="px-1">
+          <Label htmlFor="date-picker">
             {label}
           </Label>
         )}
@@ -193,9 +193,9 @@ export function DateRangePicker({
   };
 
   return (
-    <div className={cn("flex gap-4", className)}>
+    <div className={cn("flex gap-4 items-center", className)}>
       <DateTimePicker
-        // label={startLabel}
+        label="Start"
         value={startValue}
         onChange={handleStartChange}
         placeholder="Start date & time"
@@ -203,7 +203,7 @@ export function DateRangePicker({
         showTime={showTime}
       />
       <DateTimePicker
-        // label={endLabel}
+        label="End"
         value={endValue}
         onChange={handleEndChange}
         placeholder="End date & time"
diff --git a/src/components/LogDataTable.tsx b/src/components/LogDataTable.tsx
index 30f84f2d..bb5131a4 100644
--- a/src/components/LogDataTable.tsx
+++ b/src/components/LogDataTable.tsx
@@ -131,8 +131,8 @@ export function LogDataTable<TData, TValue>({
     isRefreshing,
     onExport,
     isExporting,
-    searchPlaceholder = "Search...",
-    searchColumn = "name",
+    // searchPlaceholder = "Search...",
+    // searchColumn = "name",
     defaultSort,
     tabs,
     defaultTab,
@@ -354,7 +354,7 @@ export function LogDataTable<TData, TValue>({
             <Card>
                 <CardHeader className="flex flex-col space-y-4 sm:flex-row sm:items-center sm:justify-between sm:space-y-0 pb-4">
                     <div className="flex flex-row items-start w-full sm:mr-2 gap-2">
-                        <div className="relative w-full sm:max-w-sm">
+                        {/* <div className="relative w-full sm:max-w-sm">
                             <Input
                                 placeholder={searchPlaceholder}
                                 value={globalFilter ?? ""}
@@ -366,7 +366,7 @@ export function LogDataTable<TData, TValue>({
                                 className="w-full pl-8 m-0"
                             />
                             <Search className="h-4 w-4 absolute left-2 top-1/2 transform -translate-y-1/2 text-muted-foreground" />
-                        </div>
+                        </div> */}
                         <DateRangePicker
                             startValue={startDate}
                             endValue={endDate}

From 921285e5b1807c758bc3d084292f521c41fa7c84 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Thu, 23 Oct 2025 15:33:29 -0700
Subject: [PATCH 52/69] Filtering on all tables

---
 messages/en-US.json                           |   3 +-
 .../routers/auditLogs/queryAccessAuditLog.ts  |   2 +
 .../routers/auditLogs/queryActionAuditLog.ts  |  41 +++-
 .../routers/auditLogs/queryRequstAuditLog.ts  |   2 +
 server/routers/auditLogs/types.ts             |   3 +
 src/actions/server.ts                         |   2 +
 src/app/[orgId]/settings/logs/access/page.tsx |  14 +-
 src/app/[orgId]/settings/logs/action/page.tsx | 176 ++++++++++++++++--
 .../[orgId]/settings/logs/request/page.tsx    |  30 ++-
 9 files changed, 242 insertions(+), 31 deletions(-)

diff --git a/messages/en-US.json b/messages/en-US.json
index 801b5d5b..9157e84c 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1920,5 +1920,6 @@
     "reason": "Reason",
     "requestLogs": "Request Logs",
     "host": "Host",
-    "location": "Location"
+    "location": "Location",
+    "actionLogs": "Action Logs"
 }
diff --git a/server/private/routers/auditLogs/queryAccessAuditLog.ts b/server/private/routers/auditLogs/queryAccessAuditLog.ts
index 92f927fd..d6c9dea6 100644
--- a/server/private/routers/auditLogs/queryAccessAuditLog.ts
+++ b/server/private/routers/auditLogs/queryAccessAuditLog.ts
@@ -55,6 +55,7 @@ export const queryAccessAuditLogsQuery = z.object({
         .optional(),
     actor: z.string().optional(),
     type: z.string().optional(),
+    location: z.string().optional(),
     limit: z
         .string()
         .optional()
@@ -91,6 +92,7 @@ function getWhere(data: Q) {
             ? eq(accessAuditLog.actorType, data.actorType)
             : undefined,
         data.actorId ? eq(accessAuditLog.actorId, data.actorId) : undefined,
+        data.location ? eq(accessAuditLog.location, data.location) : undefined,
         data.type ? eq(accessAuditLog.type, data.type) : undefined,
         data.action !== undefined
             ? eq(accessAuditLog.action, data.action)
diff --git a/server/private/routers/auditLogs/queryActionAuditLog.ts b/server/private/routers/auditLogs/queryActionAuditLog.ts
index 6e785c76..f9dcbbf5 100644
--- a/server/private/routers/auditLogs/queryActionAuditLog.ts
+++ b/server/private/routers/auditLogs/queryActionAuditLog.ts
@@ -103,6 +103,38 @@ export function countActionQuery(data: Q) {
     return countQuery;
 }
 
+async function queryUniqueFilterAttributes(
+    timeStart: number,
+    timeEnd: number,
+    orgId: string
+) {
+    const baseConditions = and(
+        gt(actionAuditLog.timestamp, timeStart),
+        lt(actionAuditLog.timestamp, timeEnd),
+        eq(actionAuditLog.orgId, orgId)
+    );
+
+    // Get unique actors
+    const uniqueActors = await db
+        .selectDistinct({
+            actor: actionAuditLog.actor
+        })
+        .from(actionAuditLog)
+        .where(baseConditions);
+
+    const uniqueActions = await db
+        .selectDistinct({
+            action: actionAuditLog.action
+        })
+        .from(actionAuditLog)
+        .where(baseConditions);
+
+    return {
+        actors: uniqueActors.map(row => row.actor).filter((actor): actor is string => actor !== null),
+        actions: uniqueActions.map(row => row.action).filter((action): action is string => action !== null),
+    };
+}
+
 registry.registerPath({
     method: "get",
     path: "/org/{orgId}/logs/action",
@@ -149,6 +181,12 @@ export async function queryActionAuditLogs(
         const totalCountResult = await countActionQuery(data);
         const totalCount = totalCountResult[0].count;
 
+        const filterAttributes = await queryUniqueFilterAttributes(
+            data.timeStart,
+            data.timeEnd,
+            data.orgId
+        );
+
         return response<QueryActionAuditLogResponse>(res, {
             data: {
                 log: log,
@@ -156,7 +194,8 @@ export async function queryActionAuditLogs(
                     total: totalCount,
                     limit: data.limit,
                     offset: data.offset
-                }
+                },
+                filterAttributes
             },
             success: true,
             error: false,
diff --git a/server/routers/auditLogs/queryRequstAuditLog.ts b/server/routers/auditLogs/queryRequstAuditLog.ts
index 283e3d7e..d41b14b6 100644
--- a/server/routers/auditLogs/queryRequstAuditLog.ts
+++ b/server/routers/auditLogs/queryRequstAuditLog.ts
@@ -46,6 +46,7 @@ export const queryAccessAuditLogsQuery = z.object({
         .pipe(z.number().int().positive())
         .optional(),
     actor: z.string().optional(),
+    location: z.string().optional(),
     host: z.string().optional(),
     path: z.string().optional(),
     limit: z
@@ -82,6 +83,7 @@ function getWhere(data: Q) {
         data.method ? eq(requestAuditLog.method, data.method) : undefined,
         data.reason ? eq(requestAuditLog.reason, data.reason) : undefined,
         data.host ? eq(requestAuditLog.host, data.host) : undefined,
+        data.location ? eq(requestAuditLog.location, data.location) : undefined,
         data.path ? eq(requestAuditLog.path, data.path) : undefined,
         data.action !== undefined
             ? eq(requestAuditLog.action, data.action)
diff --git a/server/routers/auditLogs/types.ts b/server/routers/auditLogs/types.ts
index 8adc1750..81cef733 100644
--- a/server/routers/auditLogs/types.ts
+++ b/server/routers/auditLogs/types.ts
@@ -13,6 +13,9 @@ export type QueryActionAuditLogResponse = {
         limit: number;
         offset: number;
     };
+    filterAttributes: {
+        actors: string[];
+    };
 };
 
 export type QueryRequestAuditLogResponse = {
diff --git a/src/actions/server.ts b/src/actions/server.ts
index 5fbe1301..b75c3ed7 100644
--- a/src/actions/server.ts
+++ b/src/actions/server.ts
@@ -80,10 +80,12 @@ async function makeApiRequest<T>(
 
     const headersList = await reqHeaders();
     const host = headersList.get("host");
+    const xForwardedFor = headersList.get("x-forwarded-for");
 
     const headers: Record<string, string> = {
         "Content-Type": "application/json",
         "X-CSRF-Token": "x-csrf-protection",
+        ...(xForwardedFor ? { "X-Forwarded-For": xForwardedFor } : {}),
         ...(cookieHeader && { Cookie: cookieHeader }),
         ...additionalHeaders
     };
diff --git a/src/app/[orgId]/settings/logs/access/page.tsx b/src/app/[orgId]/settings/logs/access/page.tsx
index 47544ff6..d58dd09d 100644
--- a/src/app/[orgId]/settings/logs/access/page.tsx
+++ b/src/app/[orgId]/settings/logs/access/page.tsx
@@ -142,8 +142,6 @@ export default function GeneralPage() {
         filterType: keyof typeof filters,
         value: string | undefined
     ) => {
-        console.log(`${filterType} filter changed:`, value);
-
         // Create new filters object with updated value
         const newFilters = {
             ...filters,
@@ -193,6 +191,9 @@ export default function GeneralPage() {
         filtersParam?: {
             action?: string;
             type?: string;
+            resourceId?: string;
+            location?: string;
+            actor?: string;
         }
     ) => {
         console.log("Date range changed:", { startDate, endDate, page, size });
@@ -403,7 +404,7 @@ export default function GeneralPage() {
                     <span className="flex items-center gap-1">
                         {row.original.location ? (
                             <span className="text-muted-foreground text-xs">
-                                ({row.original.location})
+                                {row.original.location}
                             </span>
                         ) : (
                             <span className="text-muted-foreground text-xs">
@@ -482,7 +483,12 @@ export default function GeneralPage() {
             },
             cell: ({ row }) => {
                 // should be capitalized first letter
-                return <span>{row.original.type.charAt(0).toUpperCase() + row.original.type.slice(1) || "-"}</span>;
+                return (
+                    <span>
+                        {row.original.type.charAt(0).toUpperCase() +
+                            row.original.type.slice(1) || "-"}
+                    </span>
+                );
             }
         },
         {
diff --git a/src/app/[orgId]/settings/logs/action/page.tsx b/src/app/[orgId]/settings/logs/action/page.tsx
index a332f0cb..08dffd51 100644
--- a/src/app/[orgId]/settings/logs/action/page.tsx
+++ b/src/app/[orgId]/settings/logs/action/page.tsx
@@ -4,12 +4,13 @@ import { toast } from "@app/hooks/useToast";
 import { useState, useRef, useEffect } from "react";
 import { createApiClient } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
-import { useParams, useRouter } from "next/navigation";
+import { useParams, useRouter, useSearchParams } from "next/navigation";
 import { useTranslations } from "next-intl";
 import { LogDataTable } from "@app/components/LogDataTable";
 import { ColumnDef } from "@tanstack/react-table";
 import { DateTimeValue } from "@app/components/DateTimePicker";
 import { Key, User } from "lucide-react";
+import { ColumnFilter } from "@app/components/ColumnFilter";
 
 export default function GeneralPage() {
     const [isDeleteModalOpen, setIsDeleteModalOpen] = useState(false);
@@ -18,10 +19,27 @@ export default function GeneralPage() {
     const t = useTranslations();
     const { env } = useEnvContext();
     const { orgId } = useParams();
+    const searchParams = useSearchParams();
 
     const [rows, setRows] = useState<any[]>([]);
     const [isRefreshing, setIsRefreshing] = useState(false);
     const [isExporting, setIsExporting] = useState(false);
+    const [filterAttributes, setFilterAttributes] = useState<{
+        actors: string[];
+        actions: string[];
+    }>({
+        actors: [],
+        actions: []
+    });
+
+    // Filter states - unified object for all filters
+    const [filters, setFilters] = useState<{
+        action?: string;
+        actor?: string;
+    }>({
+        action: searchParams.get("action") || undefined,
+        actor: searchParams.get("actor") || undefined
+    });
 
     // Pagination state
     const [totalCount, setTotalCount] = useState<number>(0);
@@ -31,6 +49,20 @@ export default function GeneralPage() {
 
     // Set default date range to last 24 hours
     const getDefaultDateRange = () => {
+        // if the time is in the url params, use that instead
+        const startParam = searchParams.get("start");
+        const endParam = searchParams.get("end");
+        if (startParam && endParam) {
+            return {
+                startDate: {
+                    date: new Date(startParam)
+                },
+                endDate: {
+                    date: new Date(endParam)
+                }
+            };
+        }
+
         const now = new Date();
         const yesterday = new Date(now.getTime() - 24 * 60 * 60 * 1000);
 
@@ -52,7 +84,12 @@ export default function GeneralPage() {
     // Trigger search with default values on component mount
     useEffect(() => {
         const defaultRange = getDefaultDateRange();
-        queryDateTime(defaultRange.startDate, defaultRange.endDate);
+        queryDateTime(
+            defaultRange.startDate,
+            defaultRange.endDate,
+            0,
+            pageSize
+        );
     }, [orgId]); // Re-run if orgId changes
 
     const handleDateRangeChange = (
@@ -61,6 +98,12 @@ export default function GeneralPage() {
     ) => {
         setDateRange({ startDate, endDate });
         setCurrentPage(0); // Reset to first page when filtering
+        // put the search params in the url for the time
+        updateUrlParamsForAllFilters({
+            start: startDate.date?.toISOString() || "",
+            end: endDate.date?.toISOString() || ""
+        });
+
         queryDateTime(startDate, endDate, 0, pageSize);
     };
 
@@ -82,20 +125,74 @@ export default function GeneralPage() {
         queryDateTime(dateRange.startDate, dateRange.endDate, 0, newPageSize);
     };
 
+    // Handle filter changes generically
+    const handleFilterChange = (
+        filterType: keyof typeof filters,
+        value: string | undefined
+    ) => {
+        // Create new filters object with updated value
+        const newFilters = {
+            ...filters,
+            [filterType]: value
+        };
+
+        setFilters(newFilters);
+        setCurrentPage(0); // Reset to first page when filtering
+
+        // Update URL params
+        updateUrlParamsForAllFilters(newFilters);
+
+        // Trigger new query with updated filters (pass directly to avoid async state issues)
+        queryDateTime(
+            dateRange.startDate,
+            dateRange.endDate,
+            0,
+            pageSize,
+            newFilters
+        );
+    };
+
+    const updateUrlParamsForAllFilters = (
+        newFilters:
+            | typeof filters
+            | {
+                  start: string;
+                  end: string;
+              }
+    ) => {
+        const params = new URLSearchParams(searchParams);
+        Object.entries(newFilters).forEach(([key, value]) => {
+            if (value) {
+                params.set(key, value);
+            } else {
+                params.delete(key);
+            }
+        });
+        router.replace(`?${params.toString()}`, { scroll: false });
+    };
+
     const queryDateTime = async (
         startDate: DateTimeValue,
         endDate: DateTimeValue,
         page: number = currentPage,
-        size: number = pageSize
+        size: number = pageSize,
+        filtersParam?: {
+            action?: string;
+            actor?: string;
+        }
     ) => {
         console.log("Date range changed:", { startDate, endDate, page, size });
         setIsLoading(true);
 
         try {
+            // Use the provided filters or fall back to current state
+            const activeFilters = filtersParam || filters;
+
             // Convert the date/time values to API parameters
             let params: any = {
                 limit: size,
-                offset: page * size
+                offset: page * size,
+                ...activeFilters
             };
 
             if (startDate?.date) {
@@ -133,6 +230,7 @@ export default function GeneralPage() {
             if (res.status === 200) {
                 setRows(res.data.data.log || []);
                 setTotalCount(res.data.data.pagination?.total || 0);
+                setFilterAttributes(res.data.data.filterAttributes);
                 console.log("Fetched logs:", res.data);
             }
         } catch (error) {
@@ -171,16 +269,21 @@ export default function GeneralPage() {
     const exportData = async () => {
         try {
             setIsExporting(true);
+
+            // Prepare query params for export
+            let params: any = {
+                timeStart: dateRange.startDate?.date
+                    ? new Date(dateRange.startDate.date).toISOString()
+                    : undefined,
+                timeEnd: dateRange.endDate?.date
+                    ? new Date(dateRange.endDate.date).toISOString()
+                    : undefined,
+                ...filters
+            };
+
             const response = await api.get(`/org/${orgId}/logs/action/export`, {
                 responseType: "blob",
-                params: {
-                    timeStart: dateRange.startDate?.date
-                        ? new Date(dateRange.startDate.date).toISOString()
-                        : undefined,
-                    timeEnd: dateRange.endDate?.date
-                        ? new Date(dateRange.endDate.date).toISOString()
-                        : undefined
-                }
+                params
             });
 
             // Create a URL for the blob and trigger a download
@@ -224,9 +327,27 @@ export default function GeneralPage() {
         {
             accessorKey: "action",
             header: ({ column }) => {
-                return t("action");
+                return (
+                    <div className="flex items-center gap-2">
+                        <span>{t("action")}</span>
+                        <ColumnFilter
+                            options={filterAttributes.actions.map((action) => ({
+                                label:
+                                    action.charAt(0).toUpperCase() +
+                                    action.slice(1),
+                                value: action
+                            }))}
+                            selectedValue={filters.action}
+                            onValueChange={(value) =>
+                                handleFilterChange("action", value)
+                            }
+                            // placeholder=""
+                            searchPlaceholder="Search..."
+                            emptyMessage="None found"
+                        />
+                    </div>
+                );
             },
-            // make the value capitalized
             cell: ({ row }) => {
                 return (
                     <span className="hitespace-nowrap">
@@ -239,7 +360,24 @@ export default function GeneralPage() {
         {
             accessorKey: "actor",
             header: ({ column }) => {
-                return t("actor");
+                return (
+                    <div className="flex items-center gap-2">
+                        <span>{t("actor")}</span>
+                        <ColumnFilter
+                            options={filterAttributes.actors.map((actor) => ({
+                                value: actor,
+                                label: actor
+                            }))}
+                            selectedValue={filters.actor}
+                            onValueChange={(value) =>
+                                handleFilterChange("actor", value)
+                            }
+                            // placeholder=""
+                            searchPlaceholder="Search..."
+                            emptyMessage="None found"
+                        />
+                    </div>
+                );
             },
             cell: ({ row }) => {
                 return (
@@ -276,7 +414,13 @@ export default function GeneralPage() {
                     <div>
                         <strong>Metadata:</strong>
                         <pre className="text-muted-foreground mt-1 text-xs bg-background p-2 rounded border overflow-auto">
-                            {row.metadata ? JSON.stringify(JSON.parse(row.metadata), null, 2) : "N/A"}
+                            {row.metadata
+                                ? JSON.stringify(
+                                      JSON.parse(row.metadata),
+                                      null,
+                                      2
+                                  )
+                                : "N/A"}
                         </pre>
                     </div>
                 </div>
diff --git a/src/app/[orgId]/settings/logs/request/page.tsx b/src/app/[orgId]/settings/logs/request/page.tsx
index 50ae3740..f7731129 100644
--- a/src/app/[orgId]/settings/logs/request/page.tsx
+++ b/src/app/[orgId]/settings/logs/request/page.tsx
@@ -45,7 +45,7 @@ export default function GeneralPage() {
         resources: [],
         locations: [],
         hosts: [],
-        paths: [] 
+        paths: []
     });
 
     // Filter states - unified object for all filters
@@ -457,7 +457,7 @@ export default function GeneralPage() {
                     <span className="flex items-center gap-1">
                         {row.original.location ? (
                             <span className="text-muted-foreground text-xs">
-                                ({row.original.location})
+                                {row.original.location}
                             </span>
                         ) : (
                             <span className="text-muted-foreground text-xs">
@@ -564,7 +564,7 @@ export default function GeneralPage() {
                         />
                     </div>
                 );
-            },
+            }
         },
 
         // {
@@ -588,8 +588,7 @@ export default function GeneralPage() {
                                 { value: "PATCH", label: "PATCH" },
                                 { value: "HEAD", label: "HEAD" },
                                 { value: "OPTIONS", label: "OPTIONS" }
-                            ]
-                            }
+                            ]}
                             selectedValue={filters.method}
                             onValueChange={(value) =>
                                 handleFilterChange("method", value)
@@ -600,7 +599,7 @@ export default function GeneralPage() {
                         />
                     </div>
                 );
-            },
+            }
         },
         {
             accessorKey: "reason",
@@ -622,7 +621,10 @@ export default function GeneralPage() {
                                 { value: "202", label: t("resourceBlocked") },
                                 { value: "203", label: t("droppedByRule") },
                                 { value: "204", label: t("noSessions") },
-                                { value: "205", label: t("temporaryRequestToken") },
+                                {
+                                    value: "205",
+                                    label: t("temporaryRequestToken")
+                                },
                                 { value: "299", label: t("noMoreAuthMethods") }
                             ]}
                             selectedValue={filters.reason}
@@ -712,14 +714,24 @@ export default function GeneralPage() {
                     <div>
                         <strong>Metadata:</strong>
                         <pre className="text-muted-foreground mt-1 text-xs bg-background p-2 rounded border overflow-auto">
-                            {row.metadata ? JSON.stringify(JSON.parse(row.metadata), null, 2) : "N/A"}
+                            {row.metadata
+                                ? JSON.stringify(
+                                      JSON.parse(row.metadata),
+                                      null,
+                                      2
+                                  )
+                                : "N/A"}
                         </pre>
                     </div>
                     {row.headers && (
                         <div className="md:col-span-2">
                             <strong>Headers:</strong>
                             <pre className="text-muted-foreground mt-1 text-xs bg-background p-2 rounded border overflow-auto">
-                                {JSON.stringify(JSON.parse(row.headers), null, 2)}
+                                {JSON.stringify(
+                                    JSON.parse(row.headers),
+                                    null,
+                                    2
+                                )}
                             </pre>
                         </div>
                     )}

From adefbdbeb35a3a89546ee337fb6278093fd183d9 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Thu, 23 Oct 2025 17:36:24 -0700
Subject: [PATCH 53/69] Fix various ui bugs

---
 src/app/[orgId]/settings/logs/access/page.tsx |  12 +-
 src/app/[orgId]/settings/logs/action/page.tsx |  12 +-
 .../[orgId]/settings/logs/request/page.tsx    |  14 +-
 src/components/DataTablePagination.tsx        |   2 +-
 src/components/LogDataTable.tsx               | 178 ++++++++----------
 5 files changed, 107 insertions(+), 111 deletions(-)

diff --git a/src/app/[orgId]/settings/logs/access/page.tsx b/src/app/[orgId]/settings/logs/access/page.tsx
index d58dd09d..07e33824 100644
--- a/src/app/[orgId]/settings/logs/access/page.tsx
+++ b/src/app/[orgId]/settings/logs/access/page.tsx
@@ -6,7 +6,7 @@ import { createApiClient } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import { useParams, useRouter, useSearchParams } from "next/navigation";
 import { useTranslations } from "next-intl";
-import { LogDataTable } from "@app/components/LogDataTable";
+import { getStoredPageSize, LogDataTable, setStoredPageSize } from "@app/components/LogDataTable";
 import { ColumnDef } from "@tanstack/react-table";
 import { DateTimeValue } from "@app/components/DateTimePicker";
 import { ArrowUpRight, Key, User } from "lucide-react";
@@ -56,9 +56,13 @@ export default function GeneralPage() {
     // Pagination state
     const [totalCount, setTotalCount] = useState<number>(0);
     const [currentPage, setCurrentPage] = useState<number>(0);
-    const [pageSize, setPageSize] = useState<number>(20);
     const [isLoading, setIsLoading] = useState(false);
 
+    // Initialize page size from storage or default
+    const [pageSize, setPageSize] = useState<number>(() => {
+        return getStoredPageSize("access-audit-logs", 20);
+    });
+
     // Set default date range to last 24 hours
     const getDefaultDateRange = () => {
         // if the time is in the url params, use that instead
@@ -133,6 +137,7 @@ export default function GeneralPage() {
     // Handle page size changes
     const handlePageSizeChange = (newPageSize: number) => {
         setPageSize(newPageSize);
+        setStoredPageSize(newPageSize, "access-audit-logs");
         setCurrentPage(0); // Reset to first page when changing page size
         queryDateTime(dateRange.startDate, dateRange.endDate, 0, newPageSize);
     };
@@ -581,7 +586,6 @@ export default function GeneralPage() {
             <LogDataTable
                 columns={columns}
                 data={rows}
-                persistPageSize="access-logs-table"
                 title={t("accessLogs")}
                 onRefresh={refreshData}
                 isRefreshing={isRefreshing}
@@ -599,10 +603,10 @@ export default function GeneralPage() {
                 // Server-side pagination props
                 totalCount={totalCount}
                 currentPage={currentPage}
+                pageSize={pageSize}
                 onPageChange={handlePageChange}
                 onPageSizeChange={handlePageSizeChange}
                 isLoading={isLoading}
-                defaultPageSize={pageSize}
                 // Row expansion props
                 expandable={true}
                 renderExpandedRow={renderExpandedRow}
diff --git a/src/app/[orgId]/settings/logs/action/page.tsx b/src/app/[orgId]/settings/logs/action/page.tsx
index 08dffd51..14281646 100644
--- a/src/app/[orgId]/settings/logs/action/page.tsx
+++ b/src/app/[orgId]/settings/logs/action/page.tsx
@@ -6,7 +6,7 @@ import { createApiClient } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import { useParams, useRouter, useSearchParams } from "next/navigation";
 import { useTranslations } from "next-intl";
-import { LogDataTable } from "@app/components/LogDataTable";
+import { getStoredPageSize, LogDataTable, setStoredPageSize } from "@app/components/LogDataTable";
 import { ColumnDef } from "@tanstack/react-table";
 import { DateTimeValue } from "@app/components/DateTimePicker";
 import { Key, User } from "lucide-react";
@@ -44,9 +44,13 @@ export default function GeneralPage() {
     // Pagination state
     const [totalCount, setTotalCount] = useState<number>(0);
     const [currentPage, setCurrentPage] = useState<number>(0);
-    const [pageSize, setPageSize] = useState<number>(20);
     const [isLoading, setIsLoading] = useState(false);
 
+    // Initialize page size from storage or default
+    const [pageSize, setPageSize] = useState<number>(() => {
+        return getStoredPageSize("action-audit-logs", 20);
+    });
+
     // Set default date range to last 24 hours
     const getDefaultDateRange = () => {
         // if the time is in the url params, use that instead
@@ -121,6 +125,7 @@ export default function GeneralPage() {
     // Handle page size changes
     const handlePageSizeChange = (newPageSize: number) => {
         setPageSize(newPageSize);
+        setStoredPageSize(newPageSize, "action-audit-logs");
         setCurrentPage(0); // Reset to first page when changing page size
         queryDateTime(dateRange.startDate, dateRange.endDate, 0, newPageSize);
     };
@@ -433,7 +438,6 @@ export default function GeneralPage() {
             <LogDataTable
                 columns={columns}
                 data={rows}
-                persistPageSize="action-logs-table"
                 title={t("actionLogs")}
                 searchPlaceholder={t("searchLogs")}
                 searchColumn="action"
@@ -453,10 +457,10 @@ export default function GeneralPage() {
                 // Server-side pagination props
                 totalCount={totalCount}
                 currentPage={currentPage}
+                pageSize={pageSize}
                 onPageChange={handlePageChange}
                 onPageSizeChange={handlePageSizeChange}
                 isLoading={isLoading}
-                defaultPageSize={pageSize}
                 // Row expansion props
                 expandable={true}
                 renderExpandedRow={renderExpandedRow}
diff --git a/src/app/[orgId]/settings/logs/request/page.tsx b/src/app/[orgId]/settings/logs/request/page.tsx
index f7731129..dcca97d2 100644
--- a/src/app/[orgId]/settings/logs/request/page.tsx
+++ b/src/app/[orgId]/settings/logs/request/page.tsx
@@ -6,7 +6,7 @@ import { createApiClient } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import { useParams, useRouter, useSearchParams } from "next/navigation";
 import { useTranslations } from "next-intl";
-import { LogDataTable } from "@app/components/LogDataTable";
+import { getStoredPageSize, LogDataTable, setStoredPageSize } from "@app/components/LogDataTable";
 import { ColumnDef } from "@tanstack/react-table";
 import { DateTimeValue } from "@app/components/DateTimePicker";
 import { Key, RouteOff, User, Lock, Unlock, ArrowUpRight } from "lucide-react";
@@ -28,9 +28,13 @@ export default function GeneralPage() {
     // Pagination state
     const [totalCount, setTotalCount] = useState<number>(0);
     const [currentPage, setCurrentPage] = useState<number>(0);
-    const [pageSize, setPageSize] = useState<number>(20);
     const [isLoading, setIsLoading] = useState(false);
 
+    // Initialize page size from storage or default
+    const [pageSize, setPageSize] = useState<number>(() => {
+        return getStoredPageSize("request-audit-logs", 20);
+    });
+
     const [filterAttributes, setFilterAttributes] = useState<{
         actors: string[];
         resources: {
@@ -143,6 +147,7 @@ export default function GeneralPage() {
     // Handle page size changes
     const handlePageSizeChange = (newPageSize: number) => {
         setPageSize(newPageSize);
+        setStoredPageSize(newPageSize, "request-audit-logs");
         setCurrentPage(0); // Reset to first page when changing page size
         queryDateTime(dateRange.startDate, dateRange.endDate, 0, newPageSize);
     };
@@ -753,7 +758,6 @@ export default function GeneralPage() {
             <LogDataTable
                 columns={columns}
                 data={rows}
-                persistPageSize="request-logs-table"
                 title={t("requestLogs")}
                 searchPlaceholder={t("searchLogs")}
                 searchColumn="host"
@@ -776,11 +780,11 @@ export default function GeneralPage() {
                 onPageChange={handlePageChange}
                 onPageSizeChange={handlePageSizeChange}
                 isLoading={isLoading}
-                defaultPageSize={pageSize}
+                pageSize={pageSize}
                 // Row expansion props
                 expandable={true}
                 renderExpandedRow={renderExpandedRow}
             />
         </>
     );
-}
+}
\ No newline at end of file
diff --git a/src/components/DataTablePagination.tsx b/src/components/DataTablePagination.tsx
index a07354f7..5c7af9d4 100644
--- a/src/components/DataTablePagination.tsx
+++ b/src/components/DataTablePagination.tsx
@@ -97,7 +97,7 @@ export function DataTablePagination<TData>({
                     value={`${table.getState().pagination.pageSize}`}
                     onValueChange={handlePageSizeChange}
                 >
-                    <SelectTrigger className="h-8 w-[70px]">
+                    <SelectTrigger className="h-8 w-[73px]">
                         <SelectValue
                             placeholder={table.getState().pagination.pageSize}
                         />
diff --git a/src/components/LogDataTable.tsx b/src/components/LogDataTable.tsx
index bb5131a4..566eb0fe 100644
--- a/src/components/LogDataTable.tsx
+++ b/src/components/LogDataTable.tsx
@@ -49,7 +49,7 @@ const STORAGE_KEYS = {
         tableId ? `${tableId}-size` : STORAGE_KEYS.PAGE_SIZE
 };
 
-const getStoredPageSize = (tableId?: string, defaultSize = 20): number => {
+export const getStoredPageSize = (tableId?: string, defaultSize = 20): number => {
     if (typeof window === "undefined") return defaultSize;
 
     try {
@@ -68,7 +68,7 @@ const getStoredPageSize = (tableId?: string, defaultSize = 20): number => {
     return defaultSize;
 };
 
-const setStoredPageSize = (pageSize: number, tableId?: string): void => {
+export const setStoredPageSize = (pageSize: number, tableId?: string): void => {
     if (typeof window === "undefined") return;
 
     try {
@@ -102,8 +102,6 @@ type DataTableProps<TData, TValue> = {
     };
     tabs?: TabFilter[];
     defaultTab?: string;
-    persistPageSize?: boolean | string;
-    defaultPageSize?: number;
     onDateRangeChange?: (
         startDate: DateTimeValue,
         endDate: DateTimeValue
@@ -114,6 +112,7 @@ type DataTableProps<TData, TValue> = {
     };
     // Server-side pagination props
     totalCount?: number;
+    pageSize: number;
     currentPage?: number;
     onPageChange?: (page: number) => void;
     onPageSizeChange?: (pageSize: number) => void;
@@ -136,9 +135,8 @@ export function LogDataTable<TData, TValue>({
     defaultSort,
     tabs,
     defaultTab,
-    persistPageSize = false,
-    defaultPageSize = 20,
     onDateRangeChange,
+    pageSize,
     dateRange,
     totalCount,
     currentPage = 0,
@@ -150,18 +148,6 @@ export function LogDataTable<TData, TValue>({
 }: DataTableProps<TData, TValue>) {
     const t = useTranslations();
 
-    // Determine table identifier for storage
-    const tableId =
-        typeof persistPageSize === "string" ? persistPageSize : undefined;
-
-    // Initialize page size from storage or default
-    const [pageSize, setPageSize] = useState<number>(() => {
-        if (persistPageSize) {
-            return getStoredPageSize(tableId, defaultPageSize);
-        }
-        return defaultPageSize;
-    });
-
     const [sorting, setSorting] = useState<SortingState>(
         defaultSort ? [defaultSort] : []
     );
@@ -289,17 +275,17 @@ export function LogDataTable<TData, TValue>({
         }
     });
 
-    useEffect(() => {
-        const currentPageSize = table.getState().pagination.pageSize;
-        if (currentPageSize !== pageSize) {
-            table.setPageSize(pageSize);
+    // useEffect(() => {
+    //     const currentPageSize = table.getState().pagination.pageSize;
+    //     if (currentPageSize !== pageSize) {
+    //         table.setPageSize(pageSize);
 
-            // Persist to localStorage if enabled
-            if (persistPageSize) {
-                setStoredPageSize(pageSize, tableId);
-            }
-        }
-    }, [pageSize, table, persistPageSize, tableId]);
+    //         // Persist to localStorage if enabled
+    //         if (persistPageSize) {
+    //             setStoredPageSize(pageSize, tableId);
+    //         }
+    //     }
+    // }, [pageSize, table, persistPageSize, tableId]);
 
     // Update table page index when currentPage prop changes (server pagination)
     useEffect(() => {
@@ -319,13 +305,13 @@ export function LogDataTable<TData, TValue>({
 
     // Enhanced pagination component that updates our local state
     const handlePageSizeChange = (newPageSize: number) => {
-        setPageSize(newPageSize);
+        // setPageSize(newPageSize);
         table.setPageSize(newPageSize);
 
         // Persist immediately when changed
-        if (persistPageSize) {
-            setStoredPageSize(newPageSize, tableId);
-        }
+        // if (persistPageSize) {
+        //     setStoredPageSize(newPageSize, tableId);
+        // }
 
         // For server pagination, notify parent component
         if (isServerPagination && onPageSizeChangeProp) {
@@ -421,77 +407,75 @@ export function LogDataTable<TData, TValue>({
                                 table.getRowModel().rows.map((row) => {
                                     const isExpanded =
                                         expandable && expandedRows.has(row.id);
-                                    return (
-                                        <>
-                                            <TableRow
-                                                key={row.id}
-                                                data-state={
-                                                    row.getIsSelected() &&
-                                                    "selected"
-                                                }
-                                                onClick={() =>
-                                                    expandable
-                                                        ? toggleRowExpansion(
-                                                              row.id
-                                                          )
-                                                        : undefined
-                                                }
-                                                className="text-xs" // made smaller
-                                            >
-                                                {row
-                                                    .getVisibleCells()
-                                                    .map((cell) => {
-                                                        const originalRow =
-                                                            row.original as any;
-                                                        const actionValue =
-                                                            originalRow?.action;
-                                                        let className = "";
+                                    return [
+                                        <TableRow
+                                            key={row.id}
+                                            data-state={
+                                                row.getIsSelected() &&
+                                                "selected"
+                                            }
+                                            onClick={() =>
+                                                expandable
+                                                    ? toggleRowExpansion(
+                                                          row.id
+                                                      )
+                                                    : undefined
+                                            }
+                                            className="text-xs" // made smaller
+                                        >
+                                            {row
+                                                .getVisibleCells()
+                                                .map((cell) => {
+                                                    const originalRow =
+                                                        row.original as any;
+                                                    const actionValue =
+                                                        originalRow?.action;
+                                                    let className = "";
 
-                                                        if (
-                                                            typeof actionValue ===
-                                                            "boolean"
-                                                        ) {
-                                                            className =
-                                                                actionValue
-                                                                    ? "bg-green-100 dark:bg-green-900/50"
-                                                                    : "bg-red-100 dark:bg-red-900/50";
-                                                        }
+                                                    if (
+                                                        typeof actionValue ===
+                                                        "boolean"
+                                                    ) {
+                                                        className =
+                                                            actionValue
+                                                                ? "bg-green-100 dark:bg-green-900/50"
+                                                                : "bg-red-100 dark:bg-red-900/50";
+                                                    }
 
-                                                        return (
-                                                            <TableCell
-                                                                key={cell.id}
-                                                                className={`${className} py-2`} // made smaller
-                                                            >
-                                                                {flexRender(
-                                                                    cell.column
-                                                                        .columnDef
-                                                                        .cell,
-                                                                    cell.getContext()
-                                                                )}
-                                                            </TableCell>
-                                                        );
-                                                    })}
-                                            </TableRow>
-                                            {isExpanded &&
-                                                renderExpandedRow && (
-                                                    <TableRow
-                                                        key={`${row.id}-expanded`}
-                                                    >
+                                                    return (
                                                         <TableCell
-                                                            colSpan={
-                                                                enhancedColumns.length
-                                                            }
-                                                            className="p-4 bg-muted/50"
+                                                            key={cell.id}
+                                                            className={`${className} py-2`} // made smaller
                                                         >
-                                                            {renderExpandedRow(
-                                                                row.original
+                                                            {flexRender(
+                                                                cell.column
+                                                                    .columnDef
+                                                                    .cell,
+                                                                cell.getContext()
                                                             )}
                                                         </TableCell>
-                                                    </TableRow>
-                                                )}
-                                        </>
-                                    );
-                                })
+                                                    );
+                                                })}
+                                        </TableRow>,
+                                        isExpanded &&
+                                            renderExpandedRow && (
+                                                <TableRow
+                                                    key={`${row.id}-expanded`}
+                                                >
+                                                    <TableCell
+                                                        colSpan={
+                                                            enhancedColumns.length
+                                                        }
+                                                        className="p-4 bg-muted/50"
+                                                    >
+                                                        {renderExpandedRow(
+                                                            row.original
+                                                        )}
+                                                    </TableCell>
+                                                </TableRow>
+                                            )
+                                    ].filter(Boolean);
+                                }).flat()
                             ) : (
                                 <TableRow>
                                     <TableCell

From 58b6ab26013399422dc2e31366cc27d385008f5b Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Fri, 24 Oct 2025 15:56:46 +0530
Subject: [PATCH 54/69] Implement Proxy Protocol handling in Traefik config
 generator

---
 server/lib/traefik/getTraefikConfig.ts | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/server/lib/traefik/getTraefikConfig.ts b/server/lib/traefik/getTraefikConfig.ts
index 5916d026..f7f56a9a 100644
--- a/server/lib/traefik/getTraefikConfig.ts
+++ b/server/lib/traefik/getTraefikConfig.ts
@@ -56,6 +56,8 @@ export async function getTraefikConfig(
             setHostHeader: resources.setHostHeader,
             enableProxy: resources.enableProxy,
             headers: resources.headers,
+            proxyProtocol: resources.proxyProtocol,
+            proxyProtocolVersion: resources.proxyProtocolVersion,
             // Target fields
             targetId: targets.targetId,
             targetEnabled: targets.enabled,
@@ -164,6 +166,8 @@ export async function getTraefikConfig(
                 enableProxy: row.enableProxy,
                 targets: [],
                 headers: row.headers,
+                proxyProtocol: row.proxyProtocol,
+                proxyProtocolVersion: row.proxyProtocolVersion ?? 1,
                 path: row.path, // the targets will all have the same path
                 pathMatchType: row.pathMatchType, // the targets will all have the same pathMatchType
                 rewritePath: row.rewritePath,
@@ -562,6 +566,8 @@ export async function getTraefikConfig(
                 ...(protocol === "tcp" ? { rule: "HostSNI(`*`)" } : {})
             };
 
+            const serversTransportName = `${key}-proxy-protocol-transport`;
+
             config_output[protocol].services[serviceName] = {
                 loadBalancer: {
                     servers: (() => {
@@ -615,6 +621,9 @@ export async function getTraefikConfig(
                                 }
                             });
                     })(),
+                    ...(resource.proxyProtocol
+                        ? { serversTransport: serversTransportName }
+                        : {}),
                     ...(resource.stickySession
                         ? {
                               sticky: {
@@ -627,6 +636,23 @@ export async function getTraefikConfig(
                         : {})
                 }
             };
+
+            // Add serversTransport configuration if proxy protocol is enabled
+            if (resource.proxyProtocol) {
+                if (!config_output[protocol].serversTransports) {
+                    config_output[protocol].serversTransports = {};
+                }
+                
+                config_output[protocol].serversTransports[serversTransportName] = {
+                    proxyProtocol: {
+                        version: resource.proxyProtocolVersion || 1
+                    }
+                };
+
+                logger.debug(
+                    `Enabled Proxy Protocol v${resource.proxyProtocolVersion || 1} for ${protocol} resource ${resource.resourceId} (${resource.name})`
+                );
+            }
         }
     }
     return config_output;

From 0743daf56ab8dc1b6ad6b352638e66bc37306b59 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Fri, 24 Oct 2025 16:30:34 +0530
Subject: [PATCH 55/69] add en-US for proxy protocol

---
 messages/en-US.json                           | 14 ++++++++--
 .../resources/[niceId]/proxy/page.tsx         | 28 ++++++++++---------
 2 files changed, 27 insertions(+), 15 deletions(-)

diff --git a/messages/en-US.json b/messages/en-US.json
index 4cffaf98..f9b2c4c7 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1891,5 +1891,15 @@
     "cannotbeUndone": "This can not be undone.",
     "toConfirm": "to confirm",
     "deleteClientQuestion": "Are you sure you want to remove the client from the site and organization?",
-    "clientMessageRemove": "Once removed, the client will no longer be able to connect to the site."
-}
+    "clientMessageRemove": "Once removed, the client will no longer be able to connect to the site.",
+    "proxyProtocol": "Proxy Protocol Settings",
+    "proxyProtocolDescription": "Configure Proxy Protocol to preserve client IP addresses for TCP/UDP services.",
+    "enableProxyProtocol": "Enable Proxy Protocol",
+    "proxyProtocolInfo": "Preserve client IP addresses for TCP/UDP backends",
+    "proxyProtocolVersion": "Proxy Protocol Version",
+    "version1": " Version 1 (Recommended)",
+    "version2": "Version 2",
+    "versionDescription": "Version 1 is text-based and widely supported. Version 2 is binary and more efficient but less compatible.",
+    "warning": "Warning",
+    "proxyProtocolWarning": "Your backend application must be configured to accept Proxy Protocol connections. If your backend doesn't support Proxy Protocol, enabling this will break all connections. Make sure to configure your backend to trust Proxy Protocol headers from Traefik."
+}
\ No newline at end of file
diff --git a/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx b/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
index 5af5b318..5ef2ccd5 100644
--- a/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
+++ b/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
@@ -809,7 +809,7 @@ export default function ReverseProxyTargets(props: {
             } else {
                 // For TCP/UDP resources, save proxy protocol settings
                 const proxyData = proxySettingsForm.getValues();
-                
+
                 const payload = {
                     proxyProtocol: proxyData.proxyProtocol || false,
                     proxyProtocolVersion: proxyData.proxyProtocolVersion || 1
@@ -1701,10 +1701,10 @@ export default function ReverseProxyTargets(props: {
                 <SettingsSection>
                     <SettingsSectionHeader>
                         <SettingsSectionTitle>
-                            Proxy Protocol Settings
+                            {t("proxyProtocol")}
                         </SettingsSectionTitle>
                         <SettingsSectionDescription>
-                            Configure Proxy Protocol to preserve client IP addresses for TCP/UDP services.
+                            {t("proxyProtocolDescription")}
                         </SettingsSectionDescription>
                     </SettingsSectionHeader>
                     <SettingsSectionBody>
@@ -1725,8 +1725,12 @@ export default function ReverseProxyTargets(props: {
                                                 <FormControl>
                                                     <SwitchInput
                                                         id="proxy-protocol-toggle"
-                                                        label="Enable Proxy Protocol"
-                                                        description="Preserve client IP addresses for TCP/UDP backends"
+                                                        label={t(
+                                                            "enableProxyProtocol"
+                                                        )}
+                                                        description={t(
+                                                            "proxyProtocolInfo"
+                                                        )}
                                                         defaultChecked={
                                                             field.value || false
                                                         }
@@ -1738,7 +1742,7 @@ export default function ReverseProxyTargets(props: {
                                             </FormItem>
                                         )}
                                     />
-                                    
+
                                     {proxySettingsForm.watch("proxyProtocol") && (
                                         <>
                                             <FormField
@@ -1746,7 +1750,7 @@ export default function ReverseProxyTargets(props: {
                                                 name="proxyProtocolVersion"
                                                 render={({ field }) => (
                                                     <FormItem>
-                                                        <FormLabel>Proxy Protocol Version</FormLabel>
+                                                        <FormLabel>{t("proxyProtocolVersion")}</FormLabel>
                                                         <FormControl>
                                                             <Select
                                                                 value={String(field.value || 1)}
@@ -1759,16 +1763,16 @@ export default function ReverseProxyTargets(props: {
                                                                 </SelectTrigger>
                                                                 <SelectContent>
                                                                     <SelectItem value="1">
-                                                                        Version 1 (Recommended)
+                                                                        {t("version1")}
                                                                     </SelectItem>
                                                                     <SelectItem value="2">
-                                                                        Version 2
+                                                                        {t("version2")}
                                                                     </SelectItem>
                                                                 </SelectContent>
                                                             </Select>
                                                         </FormControl>
                                                         <FormDescription>
-                                                            Version 1 is text-based and widely supported. Version 2 is binary and more efficient but less compatible.
+                                                            {t("versionDescription")}
                                                         </FormDescription>
                                                     </FormItem>
                                                 )}
@@ -1777,9 +1781,7 @@ export default function ReverseProxyTargets(props: {
                                             <Alert>
                                                 <AlertTriangle className="h-4 w-4" />
                                                 <AlertDescription>
-                                                    <strong>Warning:</strong> Your backend application must be configured to accept Proxy Protocol connections. 
-                                                    If your backend doesn't support Proxy Protocol, enabling this will break all connections. 
-                                                    Make sure to configure your backend to trust Proxy Protocol headers from Traefik.
+                                                    <strong>{t("warning")}:</strong> {t("proxyProtocolWarning")}
                                                 </AlertDescription>
                                             </Alert>
                                         </>

From 68f0c4df3af3d84cedb29087f2c8eb539a704517 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Fri, 24 Oct 2025 10:11:28 -0700
Subject: [PATCH 56/69] Working on licencing

---
 messages/en-US.json                           |  6 ++-
 server/auth/actions.ts                        |  4 +-
 server/private/middlewares/index.ts           |  3 +-
 .../private/middlewares/verifySubscription.ts | 50 +++++++++++++++++++
 server/private/routers/external.ts            | 21 +++++++-
 .../routers/auditLogs/exportRequstAuditLog.ts |  5 --
 server/routers/external.ts                    | 28 +++++++----
 src/app/[orgId]/settings/logs/layout.tsx      | 33 +-----------
 .../[orgId]/settings/logs/request/page.tsx    |  6 +++
 src/app/navigation.tsx                        | 29 ++++++++---
 src/components/HorizontalTabs.tsx             |  3 +-
 11 files changed, 129 insertions(+), 59 deletions(-)
 create mode 100644 server/private/middlewares/verifySubscription.ts

diff --git a/messages/en-US.json b/messages/en-US.json
index 9157e84c..0a62ad7e 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1921,5 +1921,9 @@
     "requestLogs": "Request Logs",
     "host": "Host",
     "location": "Location",
-    "actionLogs": "Action Logs"
+    "actionLogs": "Action Logs",
+    "sidebarLogsRequest": "Request Logs",
+    "sidebarLogsAccess": "Access Logs",
+    "sidebarLogsAction": "Action Logs",
+    "requestLogsDescription": "View detailed pre-request logs for resources in this organization"
 }
diff --git a/server/auth/actions.ts b/server/auth/actions.ts
index e48bc502..1d22cff1 100644
--- a/server/auth/actions.ts
+++ b/server/auth/actions.ts
@@ -116,7 +116,9 @@ export enum ActionsEnum {
     updateLoginPage = "updateLoginPage",
     getLoginPage = "getLoginPage",
     deleteLoginPage = "deleteLoginPage",
-    applyBlueprint = "applyBlueprint"
+    applyBlueprint = "applyBlueprint",
+    viewLogs = "viewLogs",
+    exportLogs = "exportLogs"
 }
 
 export async function checkUserActionPermission(
diff --git a/server/private/middlewares/index.ts b/server/private/middlewares/index.ts
index 32aa1a1f..bb4d9c05 100644
--- a/server/private/middlewares/index.ts
+++ b/server/private/middlewares/index.ts
@@ -15,4 +15,5 @@ export * from "./verifyCertificateAccess";
 export * from "./verifyRemoteExitNodeAccess";
 export * from "./verifyIdpAccess";
 export * from "./verifyLoginPageAccess";
-export * from "./logActionAudit";
\ No newline at end of file
+export * from "./logActionAudit";
+export * from "./verifySubscription";
\ No newline at end of file
diff --git a/server/private/middlewares/verifySubscription.ts b/server/private/middlewares/verifySubscription.ts
new file mode 100644
index 00000000..5249c026
--- /dev/null
+++ b/server/private/middlewares/verifySubscription.ts
@@ -0,0 +1,50 @@
+/*
+ * This file is part of a proprietary work.
+ *
+ * Copyright (c) 2025 Fossorial, Inc.
+ * All rights reserved.
+ *
+ * This file is licensed under the Fossorial Commercial License.
+ * You may not use this file except in compliance with the License.
+ * Unauthorized use, copying, modification, or distribution is strictly prohibited.
+ *
+ * This file is not licensed under the AGPLv3.
+ */
+
+import { Request, Response, NextFunction } from "express";
+import createHttpError from "http-errors";
+import HttpCode from "@server/types/HttpCode";
+import { build } from "@server/build";
+import { getOrgTierData } from "#private/lib/billing";
+
+export async function verifyValidSubscription(
+    req: Request,
+    res: Response,
+    next: NextFunction
+) {
+    try {
+        if (build != "saas") {
+            return next();
+        }
+
+        const tier = await getOrgTierData(req.params.orgId);
+
+        if (!tier.active) {
+            return next(
+                createHttpError(
+                    HttpCode.FORBIDDEN,
+                    "Organization does not have an active subscription"
+                )
+            );
+        }
+
+        return next();
+    } catch (e) {
+        return next(
+            createHttpError(
+                HttpCode.INTERNAL_SERVER_ERROR,
+                "Error verifying subscription"
+            )
+        );
+    }
+}
diff --git a/server/private/routers/external.ts b/server/private/routers/external.ts
index 445af82f..ddfabb30 100644
--- a/server/private/routers/external.ts
+++ b/server/private/routers/external.ts
@@ -34,7 +34,8 @@ import {
     verifyCertificateAccess,
     verifyIdpAccess,
     verifyLoginPageAccess,
-    verifyRemoteExitNodeAccess
+    verifyRemoteExitNodeAccess,
+    verifyValidSubscription
 } from "#private/middlewares";
 import rateLimit, { ipKeyGenerator } from "express-rate-limit";
 import createHttpError from "http-errors";
@@ -348,20 +349,38 @@ authenticated.post(
 
 authenticated.get(
     "/org/:orgId/logs/action",
+    verifyValidLicense,
+    verifyValidSubscription,
+    verifyOrgAccess,
+    verifyUserHasAction(ActionsEnum.exportLogs),
     logs.queryActionAuditLogs 
 )
 
 authenticated.get(
     "/org/:orgId/logs/action/export",
+    verifyValidLicense,
+    verifyValidSubscription,
+    verifyOrgAccess,
+    verifyUserHasAction(ActionsEnum.exportLogs),
+    logActionAudit(ActionsEnum.exportLogs),
     logs.exportActionAuditLogs
 )
 
 authenticated.get(
     "/org/:orgId/logs/access",
+    verifyValidLicense,
+    verifyValidSubscription,
+    verifyOrgAccess,
+    verifyUserHasAction(ActionsEnum.exportLogs),
     logs.queryAccessAuditLogs 
 )
 
 authenticated.get(
     "/org/:orgId/logs/access/export",
+    verifyValidLicense,
+    verifyValidSubscription,
+    verifyOrgAccess,
+    verifyUserHasAction(ActionsEnum.exportLogs),
+    logActionAudit(ActionsEnum.exportLogs),
     logs.exportAccessAuditLogs
 )
\ No newline at end of file
diff --git a/server/routers/auditLogs/exportRequstAuditLog.ts b/server/routers/auditLogs/exportRequstAuditLog.ts
index c1fb2872..89df2d3f 100644
--- a/server/routers/auditLogs/exportRequstAuditLog.ts
+++ b/server/routers/auditLogs/exportRequstAuditLog.ts
@@ -1,15 +1,10 @@
-import { db, requestAuditLog } from "@server/db";
 import { registry } from "@server/openApi";
 import { NextFunction } from "express";
 import { Request, Response } from "express";
-import { eq, gt, lt, and, count } from "drizzle-orm";
 import { OpenAPITags } from "@server/openApi";
-import { z } from "zod";
 import createHttpError from "http-errors";
 import HttpCode from "@server/types/HttpCode";
 import { fromError } from "zod-validation-error";
-import { QueryRequestAuditLogResponse } from "@server/routers/auditLogs/types";
-import response from "@server/lib/response";
 import logger from "@server/logger";
 import { queryAccessAuditLogsQuery, queryRequestAuditLogsParams, queryRequest } from "./queryRequstAuditLog";
 import { generateCSV } from "./generateCSV";
diff --git a/server/routers/external.ts b/server/routers/external.ts
index 2b8c270f..335bc252 100644
--- a/server/routers/external.ts
+++ b/server/routers/external.ts
@@ -46,6 +46,7 @@ import createHttpError from "http-errors";
 import { build } from "@server/build";
 import { createStore } from "#dynamic/lib/rateLimitStore";
 import { logActionAudit } from "#dynamic/middlewares";
+import { log } from "console";
 
 // Root routes
 export const unauthenticated = Router();
@@ -860,6 +861,21 @@ authenticated.delete(
     domain.deleteAccountDomain,
 );
 
+authenticated.get(
+    "/org/:orgId/logs/request",
+    verifyOrgAccess,
+    verifyUserHasAction(ActionsEnum.viewLogs),
+    logs.queryRequestAuditLogs
+)
+
+authenticated.get(
+    "/org/:orgId/logs/request/export",
+    verifyOrgAccess,
+    verifyUserHasAction(ActionsEnum.exportLogs),
+    logActionAudit(ActionsEnum.exportLogs),
+    logs.exportRequestAuditLogs
+)
+
 // Auth routes
 export const authRouter = Router();
 unauthenticated.use("/auth", authRouter);
@@ -1180,14 +1196,4 @@ authRouter.delete(
         store: createStore()
     }),
     auth.deleteSecurityKey
-);
-
-authenticated.get(
-    "/org/:orgId/logs/request",
-    logs.queryRequestAuditLogs
-)
-
-authenticated.get(
-    "/org/:orgId/logs/request/export",
-    logs.exportRequestAuditLogs
-)
\ No newline at end of file
+);
\ No newline at end of file
diff --git a/src/app/[orgId]/settings/logs/layout.tsx b/src/app/[orgId]/settings/logs/layout.tsx
index fb1d2071..96958403 100644
--- a/src/app/[orgId]/settings/logs/layout.tsx
+++ b/src/app/[orgId]/settings/logs/layout.tsx
@@ -1,9 +1,6 @@
-import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
-import { HorizontalTabs } from "@app/components/HorizontalTabs";
 import { verifySession } from "@app/lib/auth/verifySession";
 import { redirect } from "next/navigation";
 import { cache } from "react";
-import { getTranslations } from "next-intl/server";
 
 type GeneralSettingsProps = {
     children: React.ReactNode;
@@ -14,8 +11,6 @@ export default async function GeneralSettingsPage({
     children,
     params
 }: GeneralSettingsProps) {
-    const { orgId } = await params;
-
     const getUser = cache(verifySession);
     const user = await getUser();
 
@@ -23,31 +18,5 @@ export default async function GeneralSettingsPage({
         redirect(`/`);
     }
 
-    const t = await getTranslations();
-
-    const navItems = [
-        {
-            title: t("request"),
-            href: `/{orgId}/settings/logs/request`
-        },
-        {
-            title: t("access"),
-            href: `/{orgId}/settings/logs/access`
-        },
-        {
-            title: t("action"),
-            href: `/{orgId}/settings/logs/action`
-        }
-    ];
-
-    return (
-        <>
-            <SettingsSectionTitle
-                title={t("logs")}
-                description={t("logsSettingsDescription")}
-            />
-
-            <HorizontalTabs items={navItems}>{children}</HorizontalTabs>
-        </>
-    );
+    return children;
 }
diff --git a/src/app/[orgId]/settings/logs/request/page.tsx b/src/app/[orgId]/settings/logs/request/page.tsx
index dcca97d2..6a1a1659 100644
--- a/src/app/[orgId]/settings/logs/request/page.tsx
+++ b/src/app/[orgId]/settings/logs/request/page.tsx
@@ -12,6 +12,7 @@ import { DateTimeValue } from "@app/components/DateTimePicker";
 import { Key, RouteOff, User, Lock, Unlock, ArrowUpRight } from "lucide-react";
 import Link from "next/link";
 import { ColumnFilter } from "@app/components/ColumnFilter";
+import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
 
 export default function GeneralPage() {
     const router = useRouter();
@@ -755,6 +756,11 @@ export default function GeneralPage() {
 
     return (
         <>
+            <SettingsSectionTitle
+                title={t('requestLogs')}
+                description={t('requestLogsDescription')}
+            />
+
             <LogDataTable
                 columns={columns}
                 data={rows}
diff --git a/src/app/navigation.tsx b/src/app/navigation.tsx
index 02d90f1e..ed95eba3 100644
--- a/src/app/navigation.tsx
+++ b/src/app/navigation.tsx
@@ -17,7 +17,9 @@ import {
     Server,
     Zap,
     CreditCard,
-    Logs
+    Logs,
+    SquareMousePointer,
+    ScanEye
 } from "lucide-react";
 
 export type SidebarNavSection = {
@@ -113,6 +115,26 @@ export const orgNavSections = (
             }
         ]
     },
+    {
+        heading: "Analytics",
+        items: [
+            {
+                title: "sidebarLogsRequest",
+                href: "/{orgId}/settings/logs/request",
+                icon: <SquareMousePointer className="h-4 w-4" />
+            },
+            {
+                title: "sidebarLogsAccess",
+                href: "/{orgId}/settings/logs/access",
+                icon: <ScanEye className="h-4 w-4" />
+            },
+            {
+                title: "sidebarLogsAction",
+                href: "/{orgId}/settings/logs/action",
+                icon: <Logs className="h-4 w-4" />
+            },
+        ]
+    },
     {
         heading: "Organization",
         items: [
@@ -139,11 +161,6 @@ export const orgNavSections = (
                       }
                   ]
                 : []),
-            {
-                title: "sidebarLogs",
-                href: "/{orgId}/settings/logs/request",
-                icon: <Logs className="h-4 w-4" />
-            },
             {
                 title: "sidebarSettings",
                 href: "/{orgId}/settings/general",
diff --git a/src/components/HorizontalTabs.tsx b/src/components/HorizontalTabs.tsx
index b529dbba..5b0fdbab 100644
--- a/src/components/HorizontalTabs.tsx
+++ b/src/components/HorizontalTabs.tsx
@@ -4,10 +4,10 @@ import React from "react";
 import Link from "next/link";
 import { useParams, usePathname } from "next/navigation";
 import { cn } from "@app/lib/cn";
-import { buttonVariants } from "@/components/ui/button";
 import { Badge } from "@app/components/ui/badge";
 import { useLicenseStatusContext } from "@app/hooks/useLicenseStatusContext";
 import { useTranslations } from "next-intl";
+import { useSubscriptionStatusContext } from "@app/hooks/useSubscriptionStatusContext";
 
 export type HorizontalTabs = Array<{
     title: string;
@@ -30,6 +30,7 @@ export function HorizontalTabs({
     const pathname = usePathname();
     const params = useParams();
     const { licenseStatus, isUnlocked } = useLicenseStatusContext();
+    const subscription = useSubscriptionStatusContext();
     const t = useTranslations();
 
     function hydrateHref(href: string) {

From 2a644c3f88353e0b3e6b89233370da7649f87c38 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Fri, 24 Oct 2025 10:51:32 -0700
Subject: [PATCH 57/69] Working on settings

---
 server/db/pg/schema/schema.ts                | 16 +++++--
 server/db/sqlite/schema/schema.ts            | 16 +++++--
 server/private/lib/logAccessAudit.ts         | 31 ++++++++++--
 server/private/middlewares/logActionAudit.ts | 37 ++++++++++++++-
 server/routers/badger/logRequestAudit.ts     | 50 ++++++++++++++++++--
 5 files changed, 133 insertions(+), 17 deletions(-)

diff --git a/server/db/pg/schema/schema.ts b/server/db/pg/schema/schema.ts
index dab128f9..601290e0 100644
--- a/server/db/pg/schema/schema.ts
+++ b/server/db/pg/schema/schema.ts
@@ -26,7 +26,16 @@ export const orgs = pgTable("orgs", {
     orgId: varchar("orgId").primaryKey(),
     name: varchar("name").notNull(),
     subnet: varchar("subnet"),
-    createdAt: text("createdAt")
+    createdAt: text("createdAt"),
+    settingsLogRetentionDaysRequest: integer("settingsLogRetentionDaysRequest") // where 0 = dont keep logs and -1 = keep forever
+        .notNull()
+        .default(15),
+    settingsLogRetentionDaysAccess: integer("settingsLogRetentionDaysAccess")
+        .notNull()
+        .default(15),
+    settingsLogRetentionDaysAction: integer("settingsLogRetentionDaysAction")
+        .notNull()
+        .default(15),
 });
 
 export const orgDomains = pgTable("orgDomains", {
@@ -676,8 +685,9 @@ export const requestAuditLog = pgTable(
     {
         id: serial("id").primaryKey(),
         timestamp: integer("timestamp").notNull(), // this is EPOCH time in seconds
-        orgId: text("orgId")
-            .references(() => orgs.orgId, { onDelete: "cascade" }),
+        orgId: text("orgId").references(() => orgs.orgId, {
+            onDelete: "cascade"
+        }),
         action: boolean("action").notNull(),
         reason: integer("reason").notNull(),
         actorType: text("actorType"),
diff --git a/server/db/sqlite/schema/schema.ts b/server/db/sqlite/schema/schema.ts
index 4ef12a14..ede2e754 100644
--- a/server/db/sqlite/schema/schema.ts
+++ b/server/db/sqlite/schema/schema.ts
@@ -19,7 +19,16 @@ export const orgs = sqliteTable("orgs", {
     orgId: text("orgId").primaryKey(),
     name: text("name").notNull(),
     subnet: text("subnet"),
-    createdAt: text("createdAt")
+    createdAt: text("createdAt"),
+    settingsLogRetentionDaysRequest: integer("settingsLogRetentionDaysRequest") // where 0 = dont keep logs and -1 = keep forever
+        .notNull()
+        .default(15),
+    settingsLogRetentionDaysAccess: integer("settingsLogRetentionDaysAccess")
+        .notNull()
+        .default(15),
+    settingsLogRetentionDaysAction: integer("settingsLogRetentionDaysAction")
+        .notNull()
+        .default(15)
 });
 
 export const userDomains = sqliteTable("userDomains", {
@@ -721,8 +730,9 @@ export const requestAuditLog = sqliteTable(
     {
         id: integer("id").primaryKey({ autoIncrement: true }),
         timestamp: integer("timestamp").notNull(), // this is EPOCH time in seconds
-        orgId: text("orgId")
-            .references(() => orgs.orgId, { onDelete: "cascade" }),
+        orgId: text("orgId").references(() => orgs.orgId, {
+            onDelete: "cascade"
+        }),
         action: integer("action", { mode: "boolean" }).notNull(),
         reason: integer("reason").notNull(),
         actorType: text("actorType"),
diff --git a/server/private/lib/logAccessAudit.ts b/server/private/lib/logAccessAudit.ts
index 9b3ae4d5..97aef0ee 100644
--- a/server/private/lib/logAccessAudit.ts
+++ b/server/private/lib/logAccessAudit.ts
@@ -1,11 +1,32 @@
-import { accessAuditLog, db } from "@server/db";
+import { accessAuditLog, db, orgs } from "@server/db";
 import { getCountryCodeForIp } from "@server/lib/geoip";
 import logger from "@server/logger";
-import NodeCache from "node-cache";
+import { eq } from "drizzle-orm";
 
-const cache = new NodeCache({
-    stdTTL: 5 // seconds
-});
+async function getAccessDays(orgId: string): Promise<number> {
+    // check cache first
+    const cached = cache.get<number>(`org_${orgId}_accessDays`);
+    if (cached !== undefined) {
+        return cached;
+    }
+
+    const [org] = await db
+        .select({
+            settingsLogRetentionDaysAction: orgs.settingsLogRetentionDaysAction
+        })
+        .from(orgs)
+        .where(eq(orgs.orgId, orgId))
+        .limit(1);
+
+    if (!org) {
+        return 0;
+    }
+
+    // store the result in cache
+    cache.set(`org_${orgId}_accessDays`, org.settingsLogRetentionDaysAction);
+
+    return org.settingsLogRetentionDaysAction;
+}
 
 export async function logAccessAudit(data: {
     action: boolean;
diff --git a/server/private/middlewares/logActionAudit.ts b/server/private/middlewares/logActionAudit.ts
index 488aff88..af7759fc 100644
--- a/server/private/middlewares/logActionAudit.ts
+++ b/server/private/middlewares/logActionAudit.ts
@@ -12,11 +12,39 @@
  */
 
 import { ActionsEnum } from "@server/auth/actions";
-import { actionAuditLog, db } from "@server/db";
+import { actionAuditLog, db, orgs } from "@server/db";
 import logger from "@server/logger";
 import HttpCode from "@server/types/HttpCode";
 import { Request, Response, NextFunction } from "express";
 import createHttpError from "http-errors";
+import NodeCache from "node-cache";
+import { eq } from "drizzle-orm";
+
+const cache = new NodeCache({ stdTTL: 300 }); // cache for 5 minutes
+async function getActionDays(orgId: string): Promise<number> {
+    // check cache first
+    const cached = cache.get<number>(`org_${orgId}_actionDays`);
+    if (cached !== undefined) {
+        return cached;
+    }
+
+    const [org] = await db
+        .select({
+            settingsLogRetentionDaysAction: orgs.settingsLogRetentionDaysAction
+        })
+        .from(orgs)
+        .where(eq(orgs.orgId, orgId))
+        .limit(1);
+
+    if (!org) {
+        return 0;
+    }
+
+    // store the result in cache
+    cache.set(`org_${orgId}_actionDays`, org.settingsLogRetentionDaysAction);
+
+    return org.settingsLogRetentionDaysAction;
+}
 
 export function logActionAudit(action: ActionsEnum) {
     return async function (
@@ -57,6 +85,12 @@ export function logActionAudit(action: ActionsEnum) {
                 return next();
             }
 
+            const retentionDays = await getActionDays(orgId);
+            if (retentionDays === 0) {
+                // do not log
+                return next();
+            }
+
             const timestamp = Math.floor(Date.now() / 1000);
 
             let metadata = null;
@@ -86,3 +120,4 @@ export function logActionAudit(action: ActionsEnum) {
         }
     };
 }
+
diff --git a/server/routers/badger/logRequestAudit.ts b/server/routers/badger/logRequestAudit.ts
index b9adc161..77b97d96 100644
--- a/server/routers/badger/logRequestAudit.ts
+++ b/server/routers/badger/logRequestAudit.ts
@@ -1,5 +1,7 @@
-import { db, requestAuditLog } from "@server/db";
+import { db, orgs, requestAuditLog } from "@server/db";
 import logger from "@server/logger";
+import { eq } from "drizzle-orm";
+import NodeCache from "node-cache";
 
 /** 
 
@@ -22,6 +24,32 @@ Reasons:
 
  */
 
+const cache = new NodeCache({ stdTTL: 300 }); // cache for 5 minutes
+async function getRetentionDays(orgId: string): Promise<number> {
+    // check cache first
+    const cached = cache.get<number>(`org_${orgId}_retentionDays`);
+    if (cached !== undefined) {
+        return cached;
+    }
+
+    const [org] = await db
+        .select({
+            settingsLogRetentionDaysRequest: orgs.settingsLogRetentionDaysRequest
+        })
+        .from(orgs)
+        .where(eq(orgs.orgId, orgId))
+        .limit(1);
+
+    if (!org) {
+        return 0;
+    }
+
+    // store the result in cache
+    cache.set(`org_${orgId}_retentionDays`, org.settingsLogRetentionDaysRequest);
+
+    return org.settingsLogRetentionDaysRequest;
+}
+
 export async function logRequestAudit(
     data: {
         action: boolean;
@@ -29,8 +57,8 @@ export async function logRequestAudit(
         resourceId?: number;
         orgId?: string;
         location?: string;
-        user?: { username: string; userId: string; };
-        apiKey?: { name: string | null; apiKeyId: string; };
+        user?: { username: string; userId: string };
+        apiKey?: { name: string | null; apiKeyId: string };
         metadata?: any;
         // userAgent?: string;
     },
@@ -43,11 +71,20 @@ export async function logRequestAudit(
         tls: boolean;
         sessions?: Record<string, string>;
         headers?: Record<string, string>;
-        query?: Record<string, string>; 
+        query?: Record<string, string>;
         requestIp?: string;
     }
 ) {
     try {
+
+        if (data.orgId) {
+            const retentionDays = await getRetentionDays(data.orgId);
+            if (retentionDays === 0) {
+                // do not log
+                return;
+            }
+        }
+
         let actorType: string | undefined;
         let actor: string | undefined;
         let actorId: string | undefined;
@@ -79,7 +116,10 @@ export async function logRequestAudit(
 
         const clientIp = body.requestIp
             ? (() => {
-                  if (body.requestIp.startsWith("[") && body.requestIp.includes("]")) {
+                  if (
+                      body.requestIp.startsWith("[") &&
+                      body.requestIp.includes("]")
+                  ) {
                       // if brackets are found, extract the IPv6 address from between the brackets
                       const ipv6Match = body.requestIp.match(/\[(.*?)\]/);
                       if (ipv6Match) {

From b542d825539a650de9473b2df8b42241732d6407 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Fri, 24 Oct 2025 11:14:07 -0700
Subject: [PATCH 58/69] Consolidate into central cache

---
 server/lib/billing/usageService.ts          | 12 +++---------
 server/lib/cache.ts                         |  5 +++++
 server/private/lib/certificates.ts          | 11 +++++------
 server/routers/badger/verifySession.ts      | 18 ++++++------------
 server/routers/newt/dockerSocket.ts         |  5 -----
 server/routers/newt/handleSocketMessages.ts |  8 ++++----
 server/routers/site/listSites.ts            |  8 +++-----
 server/routers/site/socketIntegration.ts    | 12 ++++++------
 server/routers/user/inviteUser.ts           |  8 +++-----
 9 files changed, 35 insertions(+), 52 deletions(-)
 create mode 100644 server/lib/cache.ts

diff --git a/server/lib/billing/usageService.ts b/server/lib/billing/usageService.ts
index 999d5b63..8e6f5e9c 100644
--- a/server/lib/billing/usageService.ts
+++ b/server/lib/billing/usageService.ts
@@ -1,5 +1,4 @@
 import { eq, sql, and } from "drizzle-orm";
-import NodeCache from "node-cache";
 import { v4 as uuidv4 } from "uuid";
 import { PutObjectCommand } from "@aws-sdk/client-s3";
 import * as fs from "fs/promises";
@@ -20,6 +19,7 @@ import logger from "@server/logger";
 import { sendToClient } from "#dynamic/routers/ws";
 import { build } from "@server/build";
 import { s3Client } from "@server/lib/s3";
+import cache from "@server/lib/cache"; 
 
 interface StripeEvent {
     identifier?: string;
@@ -43,7 +43,6 @@ export function noop() {
 }
 
 export class UsageService {
-    private cache: NodeCache;
     private bucketName: string | undefined;
     private currentEventFile: string | null = null;
     private currentFileStartTime: number = 0;
@@ -51,7 +50,6 @@ export class UsageService {
     private uploadingFiles: Set<string> = new Set();
 
     constructor() {
-        this.cache = new NodeCache({ stdTTL: 300 }); // 5 minute TTL
         if (noop()) {
             return;
         }
@@ -399,7 +397,7 @@ export class UsageService {
         featureId: FeatureId
     ): Promise<string | null> {
         const cacheKey = `customer_${orgId}_${featureId}`;
-        const cached = this.cache.get<string>(cacheKey);
+        const cached = cache.get<string>(cacheKey);
 
         if (cached) {
             return cached;
@@ -422,7 +420,7 @@ export class UsageService {
             const customerId = customer.customerId;
 
             // Cache the result
-            this.cache.set(cacheKey, customerId);
+            cache.set(cacheKey, customerId, 300); // 5 minute TTL
 
             return customerId;
         } catch (error) {
@@ -700,10 +698,6 @@ export class UsageService {
         await this.uploadFileToS3();
     }
 
-    public clearCache(): void {
-        this.cache.flushAll();
-    }
-
     /**
      * Scan the events directory for files older than 1 minute and upload them if not empty.
      */
diff --git a/server/lib/cache.ts b/server/lib/cache.ts
new file mode 100644
index 00000000..efa7d201
--- /dev/null
+++ b/server/lib/cache.ts
@@ -0,0 +1,5 @@
+import NodeCache from "node-cache";
+
+export const cache = new NodeCache({ stdTTL: 3600, checkperiod: 120 });
+
+export default cache;
\ No newline at end of file
diff --git a/server/private/lib/certificates.ts b/server/private/lib/certificates.ts
index 2ca967be..ec4b73ee 100644
--- a/server/private/lib/certificates.ts
+++ b/server/private/lib/certificates.ts
@@ -16,8 +16,8 @@ import { certificates, db } from "@server/db";
 import { and, eq, isNotNull, or, inArray, sql } from "drizzle-orm";
 import { decryptData } from "@server/lib/encryption";
 import * as fs from "fs";
-import NodeCache from "node-cache";
 import logger from "@server/logger";
+import cache from "@server/lib/cache";
 
 let encryptionKeyPath = "";
 let encryptionKeyHex = "";
@@ -51,9 +51,6 @@ export type CertificateResult = {
     updatedAt?: number | null;
 };
 
-// --- In-Memory Cache Implementation ---
-const certificateCache = new NodeCache({ stdTTL: 180 }); // Cache for 3 minutes (180 seconds)
-
 export async function getValidCertificatesForDomains(
     domains: Set<string>,
     useCache: boolean = true
@@ -67,7 +64,8 @@ export async function getValidCertificatesForDomains(
     // 1. Check cache first if enabled
     if (useCache) {
         for (const domain of domains) {
-            const cachedCert = certificateCache.get<CertificateResult>(domain);
+            const cacheKey = `cert:${domain}`;
+            const cachedCert = cache.get<CertificateResult>(cacheKey);
             if (cachedCert) {
                 finalResults.push(cachedCert); // Valid cache hit
             } else {
@@ -180,7 +178,8 @@ export async function getValidCertificatesForDomains(
 
             // Add to cache for future requests, using the *requested domain* as the key
             if (useCache) {
-                certificateCache.set(domain, resultCert);
+                const cacheKey = `cert:${domain}`;
+                cache.set(cacheKey, resultCert, 180);
             }
         }
     }
diff --git a/server/routers/badger/verifySession.ts b/server/routers/badger/verifySession.ts
index 523163e6..8a33f1ea 100644
--- a/server/routers/badger/verifySession.ts
+++ b/server/routers/badger/verifySession.ts
@@ -17,7 +17,6 @@ import {
 import {
     LoginPage,
     Resource,
-    ResourceAccessToken,
     ResourceHeaderAuth,
     ResourcePassword,
     ResourcePincode,
@@ -30,18 +29,13 @@ import logger from "@server/logger";
 import HttpCode from "@server/types/HttpCode";
 import { NextFunction, Request, Response } from "express";
 import createHttpError from "http-errors";
-import NodeCache from "node-cache";
 import { z } from "zod";
 import { fromError } from "zod-validation-error";
 import { getCountryCodeForIp } from "@server/lib/geoip";
 import { getOrgTierData } from "#dynamic/lib/billing";
 import { TierId } from "@server/lib/billing/tiers";
 import { verifyPassword } from "@server/auth/password";
-
-// We'll see if this speeds anything up
-const cache = new NodeCache({
-    stdTTL: 5 // seconds
-});
+import cache from "@server/lib/cache";
 
 const verifyResourceSessionSchema = z.object({
     sessions: z.record(z.string()).optional(),
@@ -153,7 +147,7 @@ export async function verifyResourceSession(
             }
 
             resourceData = result;
-            cache.set(resourceCacheKey, resourceData);
+            cache.set(resourceCacheKey, resourceData, 5);
         }
 
         const { resource, pincode, password, headerAuth } = resourceData;
@@ -308,7 +302,7 @@ export async function verifyResourceSession(
                     headerAuth.headerAuthHash
                 )
             ) {
-                cache.set(clientHeaderAuthKey, clientHeaderAuth);
+                cache.set(clientHeaderAuthKey, clientHeaderAuth, 5);
                 logger.debug("Resource allowed because header auth is valid");
                 return allowed(res);
             }
@@ -360,7 +354,7 @@ export async function verifyResourceSession(
                 );
 
                 resourceSession = result?.resourceSession;
-                cache.set(sessionCacheKey, resourceSession);
+                cache.set(sessionCacheKey, resourceSession, 5);
             }
 
             if (resourceSession?.isRequestToken) {
@@ -423,7 +417,7 @@ export async function verifyResourceSession(
                             resource
                         );
 
-                        cache.set(userAccessCacheKey, allowedUserData);
+                        cache.set(userAccessCacheKey, allowedUserData, 5);
                     }
 
                     if (
@@ -629,7 +623,7 @@ async function checkRules(
 
     if (!rules) {
         rules = await getResourceRules(resourceId);
-        cache.set(ruleCacheKey, rules);
+        cache.set(ruleCacheKey, rules, 5);
     }
 
     if (rules.length === 0) {
diff --git a/server/routers/newt/dockerSocket.ts b/server/routers/newt/dockerSocket.ts
index 3847d9a4..41f36d3a 100644
--- a/server/routers/newt/dockerSocket.ts
+++ b/server/routers/newt/dockerSocket.ts
@@ -1,10 +1,5 @@
-import NodeCache from "node-cache";
 import { sendToClient } from "#dynamic/routers/ws";
 
-export const dockerSocketCache = new NodeCache({
-    stdTTL: 3600 // seconds
-});
-
 export function fetchContainers(newtId: string) {
     const payload = {
         type: `newt/socket/fetch`,
diff --git a/server/routers/newt/handleSocketMessages.ts b/server/routers/newt/handleSocketMessages.ts
index 0491393f..09a473b9 100644
--- a/server/routers/newt/handleSocketMessages.ts
+++ b/server/routers/newt/handleSocketMessages.ts
@@ -1,8 +1,8 @@
 import { MessageHandler } from "@server/routers/ws";
 import logger from "@server/logger";
-import { dockerSocketCache } from "./dockerSocket";
 import { Newt } from "@server/db";
 import { applyNewtDockerBlueprint } from "@server/lib/blueprints/applyNewtDockerBlueprint";
+import cache from "@server/lib/cache";
 
 export const handleDockerStatusMessage: MessageHandler = async (context) => {
     const { message, client, sendToClient } = context;
@@ -24,8 +24,8 @@ export const handleDockerStatusMessage: MessageHandler = async (context) => {
 
     if (available) {
         logger.info(`Newt ${newt.newtId} has Docker socket access`);
-        dockerSocketCache.set(`${newt.newtId}:socketPath`, socketPath, 0);
-        dockerSocketCache.set(`${newt.newtId}:isAvailable`, available, 0);
+        cache.set(`${newt.newtId}:socketPath`, socketPath, 0);
+        cache.set(`${newt.newtId}:isAvailable`, available, 0);
     } else {
         logger.warn(`Newt ${newt.newtId} does not have Docker socket access`);
     }
@@ -54,7 +54,7 @@ export const handleDockerContainersMessage: MessageHandler = async (
     );
 
     if (containers && containers.length > 0) {
-        dockerSocketCache.set(`${newt.newtId}:dockerContainers`, containers, 0);
+        cache.set(`${newt.newtId}:dockerContainers`, containers, 0);
     } else {
         logger.warn(`Newt ${newt.newtId} does not have Docker containers`);
     }
diff --git a/server/routers/site/listSites.ts b/server/routers/site/listSites.ts
index 694556f7..cddf8c4b 100644
--- a/server/routers/site/listSites.ts
+++ b/server/routers/site/listSites.ts
@@ -9,14 +9,12 @@ import createHttpError from "http-errors";
 import { z } from "zod";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
-import NodeCache from "node-cache";
 import semver from "semver";
-
-const newtVersionCache = new NodeCache({ stdTTL: 3600 }); // 1 hours in seconds
+import cache from "@server/lib/cache";
 
 async function getLatestNewtVersion(): Promise<string | null> {
     try {
-        const cachedVersion = newtVersionCache.get<string>("latestNewtVersion");
+        const cachedVersion = cache.get<string>("latestNewtVersion");
         if (cachedVersion) {
             return cachedVersion;
         }
@@ -48,7 +46,7 @@ async function getLatestNewtVersion(): Promise<string | null> {
 
         const latestVersion = tags[0].name;
 
-        newtVersionCache.set("latestNewtVersion", latestVersion);
+        cache.set("latestNewtVersion", latestVersion);
 
         return latestVersion;
     } catch (error: any) {
diff --git a/server/routers/site/socketIntegration.ts b/server/routers/site/socketIntegration.ts
index 7b5160cb..3a52dcd2 100644
--- a/server/routers/site/socketIntegration.ts
+++ b/server/routers/site/socketIntegration.ts
@@ -12,9 +12,9 @@ import stoi from "@server/lib/stoi";
 import { sendToClient } from "#dynamic/routers/ws";
 import {
     fetchContainers,
-    dockerSocketCache,
     dockerSocket
 } from "../newt/dockerSocket";
+import cache from "@server/lib/cache";
 
 export interface ContainerNetwork {
     networkId: string;
@@ -157,7 +157,7 @@ async function triggerFetch(siteId: number) {
 
     // clear the cache for this Newt ID so that the site has to keep asking for the containers
     // this is to ensure that the site always gets the latest data
-    dockerSocketCache.del(`${newt.newtId}:dockerContainers`);
+    cache.del(`${newt.newtId}:dockerContainers`);
 
     return { siteId, newtId: newt.newtId };
 }
@@ -165,7 +165,7 @@ async function triggerFetch(siteId: number) {
 async function queryContainers(siteId: number) {
     const { newt } = await getSiteAndNewt(siteId);
 
-    const result = dockerSocketCache.get(
+    const result = cache.get(
         `${newt.newtId}:dockerContainers`
     ) as Container[];
     if (!result) {
@@ -182,7 +182,7 @@ async function isDockerAvailable(siteId: number): Promise<boolean> {
     const { newt } = await getSiteAndNewt(siteId);
 
     const key = `${newt.newtId}:isAvailable`;
-    const isAvailable = dockerSocketCache.get(key);
+    const isAvailable = cache.get(key);
 
     return !!isAvailable;
 }
@@ -196,8 +196,8 @@ async function getDockerStatus(
     const mappedKeys = keys.map((x) => `${newt.newtId}:${x}`);
 
     const result = {
-        isAvailable: dockerSocketCache.get(mappedKeys[0]) as boolean,
-        socketPath: dockerSocketCache.get(mappedKeys[1]) as string | undefined
+        isAvailable: cache.get(mappedKeys[0]) as boolean,
+        socketPath: cache.get(mappedKeys[1]) as string | undefined
     };
 
     return result;
diff --git a/server/routers/user/inviteUser.ts b/server/routers/user/inviteUser.ts
index 56098bea..f35fa785 100644
--- a/server/routers/user/inviteUser.ts
+++ b/server/routers/user/inviteUser.ts
@@ -1,4 +1,3 @@
-import NodeCache from "node-cache";
 import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
 import { db } from "@server/db";
@@ -20,8 +19,7 @@ import { UserType } from "@server/types/UserTypes";
 import { usageService } from "@server/lib/billing/usageService";
 import { FeatureId } from "@server/lib/billing";
 import { build } from "@server/build";
-
-const regenerateTracker = new NodeCache({ stdTTL: 3600, checkperiod: 600 });
+import cache from "@server/lib/cache";
 
 const inviteUserParamsSchema = z
     .object({
@@ -182,7 +180,7 @@ export async function inviteUser(
         }
 
         if (existingInvite.length) {
-            const attempts = regenerateTracker.get<number>(email) || 0;
+            const attempts = cache.get<number>(email) || 0;
             if (attempts >= 3) {
                 return next(
                     createHttpError(
@@ -192,7 +190,7 @@ export async function inviteUser(
                 );
             }
 
-            regenerateTracker.set(email, attempts + 1);
+            cache.set(email, attempts + 1);
 
             const inviteId = existingInvite[0].inviteId; // Retrieve the original inviteId
             const token = generateRandomString(

From 4b40e7b8d61b26300acc089cdd83c9d4fd9680ca Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Fri, 24 Oct 2025 16:29:37 -0700
Subject: [PATCH 59/69] Restrict features

---
 messages/en-US.json                           |  21 +-
 server/db/pg/schema/schema.ts                 |   6 +-
 server/db/sqlite/schema/schema.ts             |   6 +-
 server/index.ts                               |   9 +-
 server/lib/cleanupLogs.ts                     |  62 ++++
 server/private/lib/logAccessAudit.ts          |  38 ++-
 server/private/middlewares/logActionAudit.ts  |  30 +-
 server/routers/badger/logRequestAudit.ts      |  38 ++-
 server/routers/org/getOrg.ts                  |   6 +-
 server/routers/org/updateOrg.ts               |   7 +-
 src/app/[orgId]/settings/general/page.tsx     | 314 ++++++++++++++++--
 src/app/[orgId]/settings/logs/access/page.tsx |  48 ++-
 src/app/[orgId]/settings/logs/action/page.tsx |  47 ++-
 src/app/navigation.tsx                        |  24 +-
 src/components/DataTablePagination.tsx        |  15 +-
 src/components/LogDataTable.tsx               |  36 +-
 16 files changed, 622 insertions(+), 85 deletions(-)
 create mode 100644 server/lib/cleanupLogs.ts

diff --git a/messages/en-US.json b/messages/en-US.json
index 0a62ad7e..80875b96 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1925,5 +1925,22 @@
     "sidebarLogsRequest": "Request Logs",
     "sidebarLogsAccess": "Access Logs",
     "sidebarLogsAction": "Action Logs",
-    "requestLogsDescription": "View detailed pre-request logs for resources in this organization"
-}
+    "logRetention": "Log Retention",
+    "logRetentionDescription": "Manage how long different types of logs are retained for this organization or disable them",
+    "requestLogsDescription": "View detailed request logs for resources in this organization",
+    "logRetentionRequestLabel": "Request Log Retention",
+    "logRetentionRequestDescription": "How long to retain request logs",
+    "logRetentionAccessLabel": "Access Log Retention",
+    "logRetentionAccessDescription": "How long to retain access logs",
+    "logRetentionActionLabel": "Action Log Retention",
+    "logRetentionActionDescription": "How long to retain action logs",
+    "logRetentionDisabled": "Disabled",
+    "logRetention3Days": "3 days",
+    "logRetention7Days": "7 days",
+    "logRetention14Days": "14 days",
+    "logRetention30Days": "30 days",
+    "logRetentionForever": "Forever",
+    "actionLogsDescription": "View a history of actions performed in this organization",
+    "accessLogsDescription": "View access auth requests for resources in this organization",
+    "licenseRequiredToUse": "An Enterprise license is required to use this feature."
+}
\ No newline at end of file
diff --git a/server/db/pg/schema/schema.ts b/server/db/pg/schema/schema.ts
index 601290e0..36e31804 100644
--- a/server/db/pg/schema/schema.ts
+++ b/server/db/pg/schema/schema.ts
@@ -29,13 +29,13 @@ export const orgs = pgTable("orgs", {
     createdAt: text("createdAt"),
     settingsLogRetentionDaysRequest: integer("settingsLogRetentionDaysRequest") // where 0 = dont keep logs and -1 = keep forever
         .notNull()
-        .default(15),
+        .default(7),
     settingsLogRetentionDaysAccess: integer("settingsLogRetentionDaysAccess")
         .notNull()
-        .default(15),
+        .default(0),
     settingsLogRetentionDaysAction: integer("settingsLogRetentionDaysAction")
         .notNull()
-        .default(15),
+        .default(0)
 });
 
 export const orgDomains = pgTable("orgDomains", {
diff --git a/server/db/sqlite/schema/schema.ts b/server/db/sqlite/schema/schema.ts
index ede2e754..2d3a142c 100644
--- a/server/db/sqlite/schema/schema.ts
+++ b/server/db/sqlite/schema/schema.ts
@@ -22,13 +22,13 @@ export const orgs = sqliteTable("orgs", {
     createdAt: text("createdAt"),
     settingsLogRetentionDaysRequest: integer("settingsLogRetentionDaysRequest") // where 0 = dont keep logs and -1 = keep forever
         .notNull()
-        .default(15),
+        .default(7),
     settingsLogRetentionDaysAccess: integer("settingsLogRetentionDaysAccess")
         .notNull()
-        .default(15),
+        .default(0),
     settingsLogRetentionDaysAction: integer("settingsLogRetentionDaysAction")
         .notNull()
-        .default(15)
+        .default(0)
 });
 
 export const userDomains = sqliteTable("userDomains", {
diff --git a/server/index.ts b/server/index.ts
index 8b4b3728..b84728ef 100644
--- a/server/index.ts
+++ b/server/index.ts
@@ -5,6 +5,7 @@ import { runSetupFunctions } from "./setup";
 import { createApiServer } from "./apiServer";
 import { createNextServer } from "./nextServer";
 import { createInternalServer } from "./internalServer";
+import { createIntegrationApiServer } from "./integrationApiServer";
 import {
     ApiKey,
     ApiKeyOrg,
@@ -13,13 +14,13 @@ import {
     User,
     UserOrg
 } from "@server/db";
-import { createIntegrationApiServer } from "./integrationApiServer";
 import config from "@server/lib/config";
 import { setHostMeta } from "@server/lib/hostMeta";
-import { initTelemetryClient } from "./lib/telemetry.js";
-import { TraefikConfigManager } from "./lib/traefik/TraefikConfigManager.js";
+import { initTelemetryClient } from "@server/lib/telemetry";
+import { TraefikConfigManager } from "@server/lib/traefik/TraefikConfigManager";
 import { initCleanup } from "#dynamic/cleanup";
 import license from "#dynamic/license/license";
+import { initLogCleanupInterval } from "@server/lib/cleanupLogs";
 
 async function startServers() {
     await setHostMeta();
@@ -33,6 +34,8 @@ async function startServers() {
 
     initTelemetryClient();
 
+    initLogCleanupInterval();
+
     // Start all servers
     const apiServer = createApiServer();
     const internalServer = createInternalServer();
diff --git a/server/lib/cleanupLogs.ts b/server/lib/cleanupLogs.ts
new file mode 100644
index 00000000..7cc96ff9
--- /dev/null
+++ b/server/lib/cleanupLogs.ts
@@ -0,0 +1,62 @@
+import { db, orgs } from "@server/db";
+import { cleanUpOldLogs as cleanUpOldAccessLogs } from "@server/private/lib/logAccessAudit";
+import { cleanUpOldLogs as cleanUpOldActionLogs } from "@server/private/middlewares/logActionAudit";
+import { cleanUpOldLogs as cleanUpOldRequestLogs } from "@server/routers/badger/logRequestAudit";
+import { gt, or } from "drizzle-orm";
+
+export function initLogCleanupInterval() {
+    return setInterval(
+        async () => {
+            const orgsToClean = await db
+                .select({
+                    orgId: orgs.orgId,
+                    settingsLogRetentionDaysAction:
+                        orgs.settingsLogRetentionDaysAction,
+                    settingsLogRetentionDaysAccess:
+                        orgs.settingsLogRetentionDaysAccess,
+                    settingsLogRetentionDaysRequest:
+                        orgs.settingsLogRetentionDaysRequest
+                })
+                .from(orgs)
+                .where(
+                    or(
+                        gt(orgs.settingsLogRetentionDaysAction, 0),
+                        gt(orgs.settingsLogRetentionDaysAccess, 0),
+                        gt(orgs.settingsLogRetentionDaysRequest, 0)
+                    )
+                );
+
+            for (const org of orgsToClean) {
+                const {
+                    orgId,
+                    settingsLogRetentionDaysAction,
+                    settingsLogRetentionDaysAccess,
+                    settingsLogRetentionDaysRequest
+                } = org;
+
+                if (settingsLogRetentionDaysAction > 0) {
+                    await cleanUpOldActionLogs(
+                        orgId,
+                        settingsLogRetentionDaysRequest
+                    );
+                }
+
+                if (settingsLogRetentionDaysAccess > 0) {
+                    await cleanUpOldAccessLogs(
+                        orgId,
+                        settingsLogRetentionDaysRequest
+                    );
+                }
+
+                if (settingsLogRetentionDaysRequest > 0) {
+                    await cleanUpOldRequestLogs(
+                        orgId,
+                        settingsLogRetentionDaysRequest
+                    );
+                }
+            }
+        },
+        // 3 * 60 * 60 * 1000
+        60 * 1000 // for testing
+    ); // every 3 hours
+}
diff --git a/server/private/lib/logAccessAudit.ts b/server/private/lib/logAccessAudit.ts
index 97aef0ee..cc56d94c 100644
--- a/server/private/lib/logAccessAudit.ts
+++ b/server/private/lib/logAccessAudit.ts
@@ -1,7 +1,8 @@
 import { accessAuditLog, db, orgs } from "@server/db";
 import { getCountryCodeForIp } from "@server/lib/geoip";
 import logger from "@server/logger";
-import { eq } from "drizzle-orm";
+import { and, eq, lt } from "drizzle-orm";
+import cache from "@server/lib/cache";
 
 async function getAccessDays(orgId: string): Promise<number> {
     // check cache first
@@ -23,11 +24,38 @@ async function getAccessDays(orgId: string): Promise<number> {
     }
 
     // store the result in cache
-    cache.set(`org_${orgId}_accessDays`, org.settingsLogRetentionDaysAction);
+    cache.set(
+        `org_${orgId}_accessDays`,
+        org.settingsLogRetentionDaysAction,
+        300
+    );
 
     return org.settingsLogRetentionDaysAction;
 }
 
+export async function cleanUpOldLogs(orgId: string, retentionDays: number) {
+    const now = Math.floor(Date.now() / 1000);
+
+    const cutoffTimestamp = now - retentionDays * 24 * 60 * 60;
+
+    try {
+        const deleteResult = await db
+            .delete(accessAuditLog)
+            .where(
+                and(
+                    lt(accessAuditLog.timestamp, cutoffTimestamp),
+                    eq(accessAuditLog.orgId, orgId)
+                )
+            );
+
+        logger.info(
+            `Cleaned up ${deleteResult.changes} access audit logs older than ${retentionDays} days`
+        );
+    } catch (error) {
+        logger.error("Error cleaning up old action audit logs:", error);
+    }
+}
+
 export async function logAccessAudit(data: {
     action: boolean;
     type: string;
@@ -40,6 +68,12 @@ export async function logAccessAudit(data: {
     requestIp?: string;
 }) {
     try {
+        const retentionDays = await getAccessDays(data.orgId);
+        if (retentionDays === 0) {
+            // do not log
+            return;
+        }
+
         let actorType: string | undefined;
         let actor: string | undefined;
         let actorId: string | undefined;
diff --git a/server/private/middlewares/logActionAudit.ts b/server/private/middlewares/logActionAudit.ts
index af7759fc..3dd2f084 100644
--- a/server/private/middlewares/logActionAudit.ts
+++ b/server/private/middlewares/logActionAudit.ts
@@ -17,10 +17,9 @@ import logger from "@server/logger";
 import HttpCode from "@server/types/HttpCode";
 import { Request, Response, NextFunction } from "express";
 import createHttpError from "http-errors";
-import NodeCache from "node-cache";
-import { eq } from "drizzle-orm";
+import { and, eq, lt } from "drizzle-orm";
+import cache from "@server/lib/cache";
 
-const cache = new NodeCache({ stdTTL: 300 }); // cache for 5 minutes
 async function getActionDays(orgId: string): Promise<number> {
     // check cache first
     const cached = cache.get<number>(`org_${orgId}_actionDays`);
@@ -41,11 +40,34 @@ async function getActionDays(orgId: string): Promise<number> {
     }
 
     // store the result in cache
-    cache.set(`org_${orgId}_actionDays`, org.settingsLogRetentionDaysAction);
+    cache.set(`org_${orgId}_actionDays`, org.settingsLogRetentionDaysAction, 300);
 
     return org.settingsLogRetentionDaysAction;
 }
 
+export async function cleanUpOldLogs(orgId: string, retentionDays: number) {
+    const now = Math.floor(Date.now() / 1000);
+
+    const cutoffTimestamp = now - retentionDays * 24 * 60 * 60;
+
+    try {
+        const deleteResult = await db
+            .delete(actionAuditLog)
+            .where(
+                and(
+                    lt(actionAuditLog.timestamp, cutoffTimestamp),
+                    eq(actionAuditLog.orgId, orgId)
+                )
+            );
+
+        logger.info(
+            `Cleaned up ${deleteResult.changes} action audit logs older than ${retentionDays} days`
+        );
+    } catch (error) {
+        logger.error("Error cleaning up old action audit logs:", error);
+    }
+}
+
 export function logActionAudit(action: ActionsEnum) {
     return async function (
         req: Request,
diff --git a/server/routers/badger/logRequestAudit.ts b/server/routers/badger/logRequestAudit.ts
index 77b97d96..b0754aed 100644
--- a/server/routers/badger/logRequestAudit.ts
+++ b/server/routers/badger/logRequestAudit.ts
@@ -1,7 +1,7 @@
 import { db, orgs, requestAuditLog } from "@server/db";
 import logger from "@server/logger";
-import { eq } from "drizzle-orm";
-import NodeCache from "node-cache";
+import { and, eq, lt } from "drizzle-orm";
+import cache from "@server/lib/cache";
 
 /** 
 
@@ -24,7 +24,6 @@ Reasons:
 
  */
 
-const cache = new NodeCache({ stdTTL: 300 }); // cache for 5 minutes
 async function getRetentionDays(orgId: string): Promise<number> {
     // check cache first
     const cached = cache.get<number>(`org_${orgId}_retentionDays`);
@@ -34,7 +33,8 @@ async function getRetentionDays(orgId: string): Promise<number> {
 
     const [org] = await db
         .select({
-            settingsLogRetentionDaysRequest: orgs.settingsLogRetentionDaysRequest
+            settingsLogRetentionDaysRequest:
+                orgs.settingsLogRetentionDaysRequest
         })
         .from(orgs)
         .where(eq(orgs.orgId, orgId))
@@ -45,11 +45,38 @@ async function getRetentionDays(orgId: string): Promise<number> {
     }
 
     // store the result in cache
-    cache.set(`org_${orgId}_retentionDays`, org.settingsLogRetentionDaysRequest);
+    cache.set(
+        `org_${orgId}_retentionDays`,
+        org.settingsLogRetentionDaysRequest,
+        300
+    );
 
     return org.settingsLogRetentionDaysRequest;
 }
 
+export async function cleanUpOldLogs(orgId: string, retentionDays: number) {
+    const now = Math.floor(Date.now() / 1000);
+
+    const cutoffTimestamp = now - retentionDays * 24 * 60 * 60;
+
+    try {
+        const deleteResult = await db
+            .delete(requestAuditLog)
+            .where(
+                and(
+                    lt(requestAuditLog.timestamp, cutoffTimestamp),
+                    eq(requestAuditLog.orgId, orgId)
+                )
+            );
+
+        logger.info(
+            `Cleaned up ${deleteResult.changes} request audit logs older than ${retentionDays} days`
+        );
+    } catch (error) {
+        logger.error("Error cleaning up old request audit logs:", error);
+    }
+}
+
 export async function logRequestAudit(
     data: {
         action: boolean;
@@ -76,7 +103,6 @@ export async function logRequestAudit(
     }
 ) {
     try {
-
         if (data.orgId) {
             const retentionDays = await getRetentionDays(data.orgId);
             if (retentionDays === 0) {
diff --git a/server/routers/org/getOrg.ts b/server/routers/org/getOrg.ts
index 35c1a5f7..2497f9a6 100644
--- a/server/routers/org/getOrg.ts
+++ b/server/routers/org/getOrg.ts
@@ -49,13 +49,13 @@ export async function getOrg(
 
         const { orgId } = parsedParams.data;
 
-        const org = await db
+        const [org] = await db
             .select()
             .from(orgs)
             .where(eq(orgs.orgId, orgId))
             .limit(1);
 
-        if (org.length === 0) {
+        if (!org) {
             return next(
                 createHttpError(
                     HttpCode.NOT_FOUND,
@@ -66,7 +66,7 @@ export async function getOrg(
 
         return response<GetOrgResponse>(res, {
             data: {
-                org: org[0]
+                org
             },
             success: true,
             error: false,
diff --git a/server/routers/org/updateOrg.ts b/server/routers/org/updateOrg.ts
index 64075cab..a517ed17 100644
--- a/server/routers/org/updateOrg.ts
+++ b/server/routers/org/updateOrg.ts
@@ -18,7 +18,10 @@ const updateOrgParamsSchema = z
 
 const updateOrgBodySchema = z
     .object({
-        name: z.string().min(1).max(255).optional()
+        name: z.string().min(1).max(255).optional(),
+        settingsLogRetentionDaysRequest: z.number().min(-1).optional(),
+        settingsLogRetentionDaysAccess: z.number().min(-1).optional(),
+        settingsLogRetentionDaysAction: z.number().min(-1).optional()
     })
     .strict()
     .refine((data) => Object.keys(data).length > 0, {
@@ -74,7 +77,7 @@ export async function updateOrg(
         const updatedOrg = await db
             .update(orgs)
             .set({
-                name: parsedBody.data.name
+                ...parsedBody.data
             })
             .where(eq(orgs.orgId, orgId))
             .returning();
diff --git a/src/app/[orgId]/settings/general/page.tsx b/src/app/[orgId]/settings/general/page.tsx
index b301fd32..fd5c00c2 100644
--- a/src/app/[orgId]/settings/general/page.tsx
+++ b/src/app/[orgId]/settings/general/page.tsx
@@ -42,15 +42,36 @@ import {
 import { useUserContext } from "@app/hooks/useUserContext";
 import { useTranslations } from "next-intl";
 import { build } from "@server/build";
+import {
+    DropdownMenu,
+    DropdownMenuContent,
+    DropdownMenuItem,
+    DropdownMenuTrigger
+} from "@app/components/ui/dropdown-menu";
+import { ChevronDown } from "lucide-react";
+import { useLicenseStatusContext } from "@app/hooks/useLicenseStatusContext";
+import { useSubscriptionStatusContext } from "@app/hooks/useSubscriptionStatusContext";
 
 // Schema for general organization settings
 const GeneralFormSchema = z.object({
     name: z.string(),
-    subnet: z.string().optional()
+    subnet: z.string().optional(),
+    settingsLogRetentionDaysRequest: z.number(),
+    settingsLogRetentionDaysAccess: z.number(),
+    settingsLogRetentionDaysAction: z.number()
 });
 
 type GeneralFormValues = z.infer<typeof GeneralFormSchema>;
 
+const LOG_RETENTION_OPTIONS = [
+    { label: "logRetentionDisabled", value: 0 },
+    { label: "logRetention3Days", value: 3 },
+    { label: "logRetention7Days", value: 7 },
+    { label: "logRetention14Days", value: 14 },
+    { label: "logRetention30Days", value: 30 },
+    { label: "logRetentionForever", value: -1 }
+];
+
 export default function GeneralPage() {
     const [isDeleteModalOpen, setIsDeleteModalOpen] = useState(false);
     const { orgUser } = userOrgUserContext();
@@ -60,6 +81,8 @@ export default function GeneralPage() {
     const { user } = useUserContext();
     const t = useTranslations();
     const { env } = useEnvContext();
+    const { isUnlocked } = useLicenseStatusContext();
+    const subscription = useSubscriptionStatusContext();
 
     const [loadingDelete, setLoadingDelete] = useState(false);
     const [loadingSave, setLoadingSave] = useState(false);
@@ -69,7 +92,13 @@ export default function GeneralPage() {
         resolver: zodResolver(GeneralFormSchema),
         defaultValues: {
             name: org?.org.name,
-            subnet: org?.org.subnet || "" // Add default value for subnet
+            subnet: org?.org.subnet || "", // Add default value for subnet
+            settingsLogRetentionDaysRequest:
+                org.org.settingsLogRetentionDaysRequest ?? 15,
+            settingsLogRetentionDaysAccess:
+                org.org.settingsLogRetentionDaysAccess ?? 15,
+            settingsLogRetentionDaysAction:
+                org.org.settingsLogRetentionDaysAction ?? 15
         },
         mode: "onChange"
     });
@@ -131,8 +160,14 @@ export default function GeneralPage() {
         try {
             // Update organization
             await api.post(`/org/${org?.org.orgId}`, {
-                name: data.name
+                name: data.name,
                 // subnet: data.subnet // Include subnet in the API request
+                settingsLogRetentionDaysRequest:
+                    data.settingsLogRetentionDaysRequest,
+                settingsLogRetentionDaysAccess:
+                    data.settingsLogRetentionDaysAccess,
+                settingsLogRetentionDaysAction:
+                    data.settingsLogRetentionDaysAction
             });
 
             // Also save auth page settings if they have unsaved changes
@@ -159,6 +194,11 @@ export default function GeneralPage() {
         }
     }
 
+    const getLabelForValue = (value: number) => {
+        const option = LOG_RETENTION_OPTIONS.find((opt) => opt.value === value);
+        return option ? t(option.label) : `${value} days`;
+    };
+
     return (
         <SettingsContainer>
             <ConfirmDeleteDialog
@@ -168,9 +208,7 @@ export default function GeneralPage() {
                 }}
                 dialog={
                     <div>
-                        <p>
-                            {t("orgQuestionRemove")}
-                        </p>
+                        <p>{t("orgQuestionRemove")}</p>
                         <p>{t("orgMessageRemove")}</p>
                     </div>
                 }
@@ -179,23 +217,24 @@ export default function GeneralPage() {
                 string={org?.org.name || ""}
                 title={t("orgDelete")}
             />
-            <SettingsSection>
-                <SettingsSectionHeader>
-                    <SettingsSectionTitle>
-                        {t("orgGeneralSettings")}
-                    </SettingsSectionTitle>
-                    <SettingsSectionDescription>
-                        {t("orgGeneralSettingsDescription")}
-                    </SettingsSectionDescription>
-                </SettingsSectionHeader>
-                <SettingsSectionBody>
-                    <SettingsSectionForm>
-                        <Form {...form}>
-                            <form
-                                onSubmit={form.handleSubmit(onSubmit)}
-                                className="space-y-4"
-                                id="org-settings-form"
-                            >
+
+            <Form {...form}>
+                <form
+                    onSubmit={form.handleSubmit(onSubmit)}
+                    className="space-y-4"
+                    id="org-settings-form"
+                >
+                    <SettingsSection>
+                        <SettingsSectionHeader>
+                            <SettingsSectionTitle>
+                                {t("orgGeneralSettings")}
+                            </SettingsSectionTitle>
+                            <SettingsSectionDescription>
+                                {t("orgGeneralSettingsDescription")}
+                            </SettingsSectionDescription>
+                        </SettingsSectionHeader>
+                        <SettingsSectionBody>
+                            <SettingsSectionForm>
                                 <FormField
                                     control={form.control}
                                     name="name"
@@ -235,15 +274,228 @@ export default function GeneralPage() {
                                         )}
                                     />
                                 )}
-                            </form>
-                        </Form>
-                    </SettingsSectionForm>
-                </SettingsSectionBody>
-            </SettingsSection>
+                            </SettingsSectionForm>
+                        </SettingsSectionBody>
+                    </SettingsSection>
 
-            {(build === "saas") && (
-                <AuthPageSettings ref={authPageSettingsRef} />
-            )}
+                    <SettingsSection>
+                        <SettingsSectionHeader>
+                            <SettingsSectionTitle>
+                                {t("logRetention")}
+                            </SettingsSectionTitle>
+                            <SettingsSectionDescription>
+                                {t("logRetentionDescription")}
+                            </SettingsSectionDescription>
+                        </SettingsSectionHeader>
+                        <SettingsSectionBody>
+                            {/* {build === "saas" && !subscription?.subscribed ? (
+                        <Alert variant="info" className="mb-6">
+                            <AlertDescription>
+                                {t("orgAuthPageDisabled")}{" "}
+                                {t("subscriptionRequiredToUse")}
+                            </AlertDescription>
+                        </Alert>
+                    ) : null} */}
+
+                            <SettingsSectionForm>
+                                <FormField
+                                    control={form.control}
+                                    name="settingsLogRetentionDaysRequest"
+                                    render={({ field }) => (
+                                        <FormItem>
+                                            <FormLabel>
+                                                {t("logRetentionRequestLabel")}
+                                            </FormLabel>
+                                            <FormControl>
+                                                <DropdownMenu>
+                                                    <DropdownMenuTrigger
+                                                        asChild
+                                                    >
+                                                        <Button
+                                                            variant="outline"
+                                                            className="w-full justify-between"
+                                                        >
+                                                            {getLabelForValue(
+                                                                field.value
+                                                            )}
+                                                            <ChevronDown className="h-4 w-4" />
+                                                        </Button>
+                                                    </DropdownMenuTrigger>
+                                                    <DropdownMenuContent className="w-full">
+                                                        {LOG_RETENTION_OPTIONS.map(
+                                                            (option) => (
+                                                                <DropdownMenuItem
+                                                                    key={
+                                                                        option.value
+                                                                    }
+                                                                    onClick={() =>
+                                                                        field.onChange(
+                                                                            option.value
+                                                                        )
+                                                                    }
+                                                                >
+                                                                    {t(
+                                                                        option.label
+                                                                    )}
+                                                                </DropdownMenuItem>
+                                                            )
+                                                        )}
+                                                    </DropdownMenuContent>
+                                                </DropdownMenu>
+                                            </FormControl>
+                                            <FormDescription>
+                                                {t(
+                                                    "logRetentionRequestDescription"
+                                                )}
+                                            </FormDescription>
+                                            <FormMessage />
+                                        </FormItem>
+                                    )}
+                                />
+
+                                {build != "oss" && (
+                                    <>
+                                        <FormField
+                                            control={form.control}
+                                            name="settingsLogRetentionDaysAccess"
+                                            render={({ field }) => (
+                                                <FormItem>
+                                                    <FormLabel>
+                                                        {t(
+                                                            "logRetentionAccessLabel"
+                                                        )}
+                                                    </FormLabel>
+                                                    <FormControl>
+                                                        <DropdownMenu>
+                                                            <DropdownMenuTrigger
+                                                                asChild
+                                                            >
+                                                                <Button
+                                                                    variant="outline"
+                                                                    className="w-full justify-between"
+                                                                    disabled={
+                                                                        (build ==
+                                                                            "saas" &&
+                                                                            !subscription?.subscribed) ||
+                                                                        (build ==
+                                                                            "enterprise" &&
+                                                                            !isUnlocked())
+                                                                    }
+                                                                >
+                                                                    {getLabelForValue(
+                                                                        field.value
+                                                                    )}
+                                                                    <ChevronDown className="h-4 w-4" />
+                                                                </Button>
+                                                            </DropdownMenuTrigger>
+                                                            <DropdownMenuContent className="w-full">
+                                                                {LOG_RETENTION_OPTIONS.map(
+                                                                    (
+                                                                        option
+                                                                    ) => (
+                                                                        <DropdownMenuItem
+                                                                            key={
+                                                                                option.value
+                                                                            }
+                                                                            onClick={() =>
+                                                                                field.onChange(
+                                                                                    option.value
+                                                                                )
+                                                                            }
+                                                                        >
+                                                                            {t(
+                                                                                option.label
+                                                                            )}
+                                                                        </DropdownMenuItem>
+                                                                    )
+                                                                )}
+                                                            </DropdownMenuContent>
+                                                        </DropdownMenu>
+                                                    </FormControl>
+                                                    <FormDescription>
+                                                        {t(
+                                                            "logRetentionAccessDescription"
+                                                        )}
+                                                    </FormDescription>
+                                                    <FormMessage />
+                                                </FormItem>
+                                            )}
+                                        />
+                                        <FormField
+                                            control={form.control}
+                                            name="settingsLogRetentionDaysAction"
+                                            render={({ field }) => (
+                                                <FormItem>
+                                                    <FormLabel>
+                                                        {t(
+                                                            "logRetentionActionLabel"
+                                                        )}
+                                                    </FormLabel>
+                                                    <FormControl>
+                                                        <DropdownMenu>
+                                                            <DropdownMenuTrigger
+                                                                asChild
+                                                            >
+                                                                <Button
+                                                                    variant="outline"
+                                                                    className="w-full justify-between"
+                                                                    disabled={
+                                                                        (build ==
+                                                                            "saas" &&
+                                                                            !subscription?.subscribed) ||
+                                                                        (build ==
+                                                                            "enterprise" &&
+                                                                            !isUnlocked())
+                                                                    }
+                                                                >
+                                                                    {getLabelForValue(
+                                                                        field.value
+                                                                    )}
+                                                                    <ChevronDown className="h-4 w-4" />
+                                                                </Button>
+                                                            </DropdownMenuTrigger>
+                                                            <DropdownMenuContent className="w-full">
+                                                                {LOG_RETENTION_OPTIONS.map(
+                                                                    (
+                                                                        option
+                                                                    ) => (
+                                                                        <DropdownMenuItem
+                                                                            key={
+                                                                                option.value
+                                                                            }
+                                                                            onClick={() =>
+                                                                                field.onChange(
+                                                                                    option.value
+                                                                                )
+                                                                            }
+                                                                        >
+                                                                            {t(
+                                                                                option.label
+                                                                            )}
+                                                                        </DropdownMenuItem>
+                                                                    )
+                                                                )}
+                                                            </DropdownMenuContent>
+                                                        </DropdownMenu>
+                                                    </FormControl>
+                                                    <FormDescription>
+                                                        {t(
+                                                            "logRetentionActionDescription"
+                                                        )}
+                                                    </FormDescription>
+                                                    <FormMessage />
+                                                </FormItem>
+                                            )}
+                                        />
+                                    </>
+                                )}
+                            </SettingsSectionForm>
+                        </SettingsSectionBody>
+                    </SettingsSection>
+                </form>
+            </Form>
+
+            {build === "saas" && <AuthPageSettings ref={authPageSettingsRef} />}
 
             {/* Save Button */}
             <div className="flex justify-end">
diff --git a/src/app/[orgId]/settings/logs/access/page.tsx b/src/app/[orgId]/settings/logs/access/page.tsx
index 07e33824..4244222d 100644
--- a/src/app/[orgId]/settings/logs/access/page.tsx
+++ b/src/app/[orgId]/settings/logs/access/page.tsx
@@ -6,12 +6,21 @@ import { createApiClient } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import { useParams, useRouter, useSearchParams } from "next/navigation";
 import { useTranslations } from "next-intl";
-import { getStoredPageSize, LogDataTable, setStoredPageSize } from "@app/components/LogDataTable";
+import {
+    getStoredPageSize,
+    LogDataTable,
+    setStoredPageSize
+} from "@app/components/LogDataTable";
 import { ColumnDef } from "@tanstack/react-table";
 import { DateTimeValue } from "@app/components/DateTimePicker";
 import { ArrowUpRight, Key, User } from "lucide-react";
 import Link from "next/link";
 import { ColumnFilter } from "@app/components/ColumnFilter";
+import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
+import { useSubscriptionStatusContext } from "@app/hooks/useSubscriptionStatusContext";
+import { useLicenseStatusContext } from "@app/hooks/useLicenseStatusContext";
+import { build } from "@server/build";
+import { Alert, AlertDescription } from "@app/components/ui/alert";
 
 export default function GeneralPage() {
     const [isDeleteModalOpen, setIsDeleteModalOpen] = useState(false);
@@ -21,6 +30,8 @@ export default function GeneralPage() {
     const t = useTranslations();
     const { env } = useEnvContext();
     const { orgId } = useParams();
+    const subscription = useSubscriptionStatusContext();
+    const { isUnlocked } = useLicenseStatusContext();
 
     const [rows, setRows] = useState<any[]>([]);
     const [isRefreshing, setIsRefreshing] = useState(false);
@@ -202,6 +213,16 @@ export default function GeneralPage() {
         }
     ) => {
         console.log("Date range changed:", { startDate, endDate, page, size });
+        if (
+            (build == "saas" && !subscription?.subscribed) ||
+            (build == "enterprise" && !isUnlocked())
+        ) {
+            console.log(
+                "Access denied: subscription inactive or license locked"
+            );
+            return;
+        }
+
         setIsLoading(true);
 
         try {
@@ -583,6 +604,27 @@ export default function GeneralPage() {
 
     return (
         <>
+            <SettingsSectionTitle
+                title={t("accessLogs")}
+                description={t("accessLogsDescription")}
+            />
+
+            {build == "saas" && !subscription?.subscribed ? (
+                <Alert variant="info" className="mb-6">
+                    <AlertDescription>
+                        {t("subscriptionRequiredToUse")}
+                    </AlertDescription>
+                </Alert>
+            ) : null}
+
+            {build == "enterprise" && !isUnlocked() ? (
+                <Alert variant="info" className="mb-6">
+                    <AlertDescription>
+                        {t("licenseRequiredToUse")}
+                    </AlertDescription>
+                </Alert>
+            ) : null}
+
             <LogDataTable
                 columns={columns}
                 data={rows}
@@ -610,6 +652,10 @@ export default function GeneralPage() {
                 // Row expansion props
                 expandable={true}
                 renderExpandedRow={renderExpandedRow}
+                disabled={
+                    (build == "saas" && !subscription?.subscribed) ||
+                    (build == "enterprise" && !isUnlocked())
+                }
             />
         </>
     );
diff --git a/src/app/[orgId]/settings/logs/action/page.tsx b/src/app/[orgId]/settings/logs/action/page.tsx
index 14281646..d71cc3ff 100644
--- a/src/app/[orgId]/settings/logs/action/page.tsx
+++ b/src/app/[orgId]/settings/logs/action/page.tsx
@@ -6,11 +6,20 @@ import { createApiClient } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import { useParams, useRouter, useSearchParams } from "next/navigation";
 import { useTranslations } from "next-intl";
-import { getStoredPageSize, LogDataTable, setStoredPageSize } from "@app/components/LogDataTable";
+import {
+    getStoredPageSize,
+    LogDataTable,
+    setStoredPageSize
+} from "@app/components/LogDataTable";
 import { ColumnDef } from "@tanstack/react-table";
 import { DateTimeValue } from "@app/components/DateTimePicker";
 import { Key, User } from "lucide-react";
 import { ColumnFilter } from "@app/components/ColumnFilter";
+import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
+import { useSubscriptionStatusContext } from "@app/hooks/useSubscriptionStatusContext";
+import { useLicenseStatusContext } from "@app/hooks/useLicenseStatusContext";
+import { build } from "@server/build";
+import { Alert, AlertDescription } from "@app/components/ui/alert";
 
 export default function GeneralPage() {
     const [isDeleteModalOpen, setIsDeleteModalOpen] = useState(false);
@@ -20,6 +29,8 @@ export default function GeneralPage() {
     const { env } = useEnvContext();
     const { orgId } = useParams();
     const searchParams = useSearchParams();
+    const subscription = useSubscriptionStatusContext();
+    const { isUnlocked } = useLicenseStatusContext();
 
     const [rows, setRows] = useState<any[]>([]);
     const [isRefreshing, setIsRefreshing] = useState(false);
@@ -187,6 +198,15 @@ export default function GeneralPage() {
         }
     ) => {
         console.log("Date range changed:", { startDate, endDate, page, size });
+        if (
+            (build == "saas" && !subscription?.subscribed) ||
+            (build == "enterprise" && !isUnlocked())
+        ) {
+            console.log(
+                "Access denied: subscription inactive or license locked"
+            );
+            return;
+        }
         setIsLoading(true);
 
         try {
@@ -435,6 +455,27 @@ export default function GeneralPage() {
 
     return (
         <>
+            <SettingsSectionTitle
+                title={t("actionLogs")}
+                description={t("actionLogsDescription")}
+            />
+
+            {build == "saas" && !subscription?.subscribed ? (
+                <Alert variant="info" className="mb-6">
+                    <AlertDescription>
+                        {t("subscriptionRequiredToUse")}
+                    </AlertDescription>
+                </Alert>
+            ) : null}
+
+            {build == "enterprise" && !isUnlocked() ? (
+                <Alert variant="info" className="mb-6">
+                    <AlertDescription>
+                        {t("licenseRequiredToUse")}
+                    </AlertDescription>
+                </Alert>
+            ) : null}
+
             <LogDataTable
                 columns={columns}
                 data={rows}
@@ -464,6 +505,10 @@ export default function GeneralPage() {
                 // Row expansion props
                 expandable={true}
                 renderExpandedRow={renderExpandedRow}
+                disabled={
+                    (build == "saas" && !subscription?.subscribed) ||
+                    (build == "enterprise" && !isUnlocked())
+                }
             />
         </>
     );
diff --git a/src/app/navigation.tsx b/src/app/navigation.tsx
index ed95eba3..8776c788 100644
--- a/src/app/navigation.tsx
+++ b/src/app/navigation.tsx
@@ -123,16 +123,20 @@ export const orgNavSections = (
                 href: "/{orgId}/settings/logs/request",
                 icon: <SquareMousePointer className="h-4 w-4" />
             },
-            {
-                title: "sidebarLogsAccess",
-                href: "/{orgId}/settings/logs/access",
-                icon: <ScanEye className="h-4 w-4" />
-            },
-            {
-                title: "sidebarLogsAction",
-                href: "/{orgId}/settings/logs/action",
-                icon: <Logs className="h-4 w-4" />
-            },
+            ...(build != "oss"
+                ? [
+                      {
+                          title: "sidebarLogsAccess",
+                          href: "/{orgId}/settings/logs/access",
+                          icon: <ScanEye className="h-4 w-4" />
+                      },
+                      {
+                          title: "sidebarLogsAction",
+                          href: "/{orgId}/settings/logs/action",
+                          icon: <Logs className="h-4 w-4" />
+                      }
+                  ]
+                : [])
         ]
     },
     {
diff --git a/src/components/DataTablePagination.tsx b/src/components/DataTablePagination.tsx
index 5c7af9d4..70d64f0c 100644
--- a/src/components/DataTablePagination.tsx
+++ b/src/components/DataTablePagination.tsx
@@ -23,6 +23,7 @@ interface DataTablePaginationProps<TData> {
     totalCount?: number;
     isServerPagination?: boolean;
     isLoading?: boolean;
+    disabled?: boolean;
 }
 
 export function DataTablePagination<TData>({
@@ -31,7 +32,8 @@ export function DataTablePagination<TData>({
     onPageChange,
     totalCount,
     isServerPagination = false,
-    isLoading = false
+    isLoading = false,
+    disabled = false
 }: DataTablePaginationProps<TData>) {
     const t = useTranslations();
 
@@ -96,8 +98,9 @@ export function DataTablePagination<TData>({
                 <Select
                     value={`${table.getState().pagination.pageSize}`}
                     onValueChange={handlePageSizeChange}
+                    disabled={disabled}
                 >
-                    <SelectTrigger className="h-8 w-[73px]">
+                    <SelectTrigger className="h-8 w-[73px]" disabled={disabled}>
                         <SelectValue
                             placeholder={table.getState().pagination.pageSize}
                         />
@@ -128,7 +131,7 @@ export function DataTablePagination<TData>({
                         variant="outline"
                         className="hidden h-8 w-8 p-0 lg:flex"
                         onClick={() => handlePageNavigation('first')}
-                        disabled={!table.getCanPreviousPage() || isLoading}
+                        disabled={!table.getCanPreviousPage() || isLoading || disabled}
                     >
                         <span className="sr-only">{t('paginatorToFirst')}</span>
                         <DoubleArrowLeftIcon className="h-4 w-4" />
@@ -137,7 +140,7 @@ export function DataTablePagination<TData>({
                         variant="outline"
                         className="h-8 w-8 p-0"
                         onClick={() => handlePageNavigation('previous')}
-                        disabled={!table.getCanPreviousPage() || isLoading}
+                        disabled={!table.getCanPreviousPage() || isLoading || disabled}
                     >
                         <span className="sr-only">{t('paginatorToPrevious')}</span>
                         <ChevronLeftIcon className="h-4 w-4" />
@@ -146,7 +149,7 @@ export function DataTablePagination<TData>({
                         variant="outline"
                         className="h-8 w-8 p-0"
                         onClick={() => handlePageNavigation('next')}
-                        disabled={!table.getCanNextPage() || isLoading}
+                        disabled={!table.getCanNextPage() || isLoading || disabled}
                     >
                         <span className="sr-only">{t('paginatorToNext')}</span>
                         <ChevronRightIcon className="h-4 w-4" />
@@ -155,7 +158,7 @@ export function DataTablePagination<TData>({
                         variant="outline"
                         className="hidden h-8 w-8 p-0 lg:flex"
                         onClick={() => handlePageNavigation('last')}
-                        disabled={!table.getCanNextPage() || isLoading}
+                        disabled={!table.getCanNextPage() || isLoading || disabled}
                     >
                         <span className="sr-only">{t('paginatorToLast')}</span>
                         <DoubleArrowRightIcon className="h-4 w-4" />
diff --git a/src/components/LogDataTable.tsx b/src/components/LogDataTable.tsx
index 566eb0fe..58f7623e 100644
--- a/src/components/LogDataTable.tsx
+++ b/src/components/LogDataTable.tsx
@@ -102,6 +102,7 @@ type DataTableProps<TData, TValue> = {
     };
     tabs?: TabFilter[];
     defaultTab?: string;
+    disabled?: boolean;
     onDateRangeChange?: (
         startDate: DateTimeValue,
         endDate: DateTimeValue
@@ -144,6 +145,7 @@ export function LogDataTable<TData, TValue>({
     onPageSizeChange: onPageSizeChangeProp,
     isLoading = false,
     expandable = false,
+    disabled=false,
     renderExpandedRow
 }: DataTableProps<TData, TValue>) {
     const t = useTranslations();
@@ -175,6 +177,11 @@ export function LogDataTable<TData, TValue>({
 
     // Apply tab filter to data
     const filteredData = useMemo(() => {
+        // If disabled, return empty array to prevent data loading
+        if (disabled) {
+            return [];
+        }
+
         if (!tabs || activeTab === "") {
             return data;
         }
@@ -185,7 +192,7 @@ export function LogDataTable<TData, TValue>({
         }
 
         return data.filter(activeTabFilter.filterFn);
-    }, [data, tabs, activeTab]);
+    }, [data, tabs, activeTab, disabled]);
 
     // Toggle row expansion
     const toggleRowExpansion = (rowId: string) => {
@@ -219,9 +226,12 @@ export function LogDataTable<TData, TValue>({
                         variant="ghost"
                         size="sm"
                         className="h-6 w-6 p-0"
+                        disabled={disabled}
                         onClick={(e) => {
-                            toggleRowExpansion(row.id);
-                            e.stopPropagation();
+                            if (!disabled) {
+                                toggleRowExpansion(row.id);
+                                e.stopPropagation();
+                            }
                         }}
                     >
                         {isExpanded ? (
@@ -236,7 +246,7 @@ export function LogDataTable<TData, TValue>({
         };
 
         return [expansionColumn, ...columns];
-    }, [columns, expandable, expandedRows, toggleRowExpansion]);
+    }, [columns, expandable, expandedRows, toggleRowExpansion, disabled]);
 
     const table = useReactTable({
         data: filteredData,
@@ -298,6 +308,8 @@ export function LogDataTable<TData, TValue>({
     }, [currentPage, table, isServerPagination]);
 
     const handleTabChange = (value: string) => {
+        if (disabled) return;
+        
         setActiveTab(value);
         // Reset to first page when changing tabs
         table.setPageIndex(0);
@@ -305,6 +317,8 @@ export function LogDataTable<TData, TValue>({
 
     // Enhanced pagination component that updates our local state
     const handlePageSizeChange = (newPageSize: number) => {
+        if (disabled) return;
+        
         // setPageSize(newPageSize);
         table.setPageSize(newPageSize);
 
@@ -321,6 +335,8 @@ export function LogDataTable<TData, TValue>({
 
     // Handle page changes for server pagination
     const handlePageChange = (newPageIndex: number) => {
+        if (disabled) return;
+        
         if (isServerPagination && onPageChange) {
             onPageChange(newPageIndex);
         }
@@ -330,6 +346,8 @@ export function LogDataTable<TData, TValue>({
         start: DateTimeValue,
         end: DateTimeValue
     ) => {
+        if (disabled) return;
+        
         setStartDate(start);
         setEndDate(end);
         onDateRangeChange?.(start, end);
@@ -358,14 +376,15 @@ export function LogDataTable<TData, TValue>({
                             endValue={endDate}
                             onRangeChange={handleDateRangeChange}
                             className="flex-wrap gap-2"
+                            disabled={disabled}
                         />
                     </div>
                     <div className="flex items-start gap-2 sm:justify-end">
                         {onRefresh && (
                             <Button
                                 variant="outline"
-                                onClick={onRefresh}
-                                disabled={isRefreshing}
+                                onClick={() => !disabled && onRefresh()}
+                                disabled={isRefreshing || disabled}
                             >
                                 <RefreshCw
                                     className={`mr-2 h-4 w-4 ${isRefreshing ? "animate-spin" : ""}`}
@@ -374,7 +393,7 @@ export function LogDataTable<TData, TValue>({
                             </Button>
                         )}
                         {onExport && (
-                            <Button onClick={onExport} disabled={isExporting}>
+                            <Button onClick={() => !disabled && onExport()} disabled={isExporting || disabled}>
                                 <Download
                                     className={`mr-2 h-4 w-4 ${isExporting ? "animate-spin" : ""}`}
                                 />
@@ -415,7 +434,7 @@ export function LogDataTable<TData, TValue>({
                                                 "selected"
                                             }
                                             onClick={() =>
-                                                expandable
+                                                expandable && !disabled
                                                     ? toggleRowExpansion(
                                                           row.id
                                                       )
@@ -500,6 +519,7 @@ export function LogDataTable<TData, TValue>({
                             totalCount={totalCount}
                             isServerPagination={isServerPagination}
                             isLoading={isLoading}
+                            disabled={disabled}
                         />
                     </div>
                 </CardContent>

From 5fa0ac5927a2fca7c3ac75f9dd70f68ef96b8f34 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Fri, 24 Oct 2025 17:05:05 -0700
Subject: [PATCH 60/69] Add hybrid request logs function

---
 server/private/routers/hybrid.ts | 197 ++++++++++++++++++++++++++++++-
 1 file changed, 195 insertions(+), 2 deletions(-)

diff --git a/server/private/routers/hybrid.ts b/server/private/routers/hybrid.ts
index df99df92..eedf4d2c 100644
--- a/server/private/routers/hybrid.ts
+++ b/server/private/routers/hybrid.ts
@@ -35,7 +35,9 @@ import {
     loginPageOrg,
     LoginPage,
     resourceHeaderAuth,
-    ResourceHeaderAuth
+    ResourceHeaderAuth,
+    orgs,
+    requestAuditLog
 } from "@server/db";
 import {
     resources,
@@ -300,7 +302,8 @@ function loadEncryptData() {
         return; // already loaded
     }
 
-    encryptionKeyPath = privateConfig.getRawPrivateConfig().server.encryption_key_path;
+    encryptionKeyPath =
+        privateConfig.getRawPrivateConfig().server.encryption_key_path;
 
     if (!fs.existsSync(encryptionKeyPath)) {
         throw new Error(
@@ -1582,3 +1585,193 @@ hybridRouter.post(
         }
     }
 );
+
+hybridRouter.get(
+    "/org/:orgId/get-retention-days",
+    async (req: Request, res: Response, next: NextFunction) => {
+        try {
+            const parsedParams = getOrgLoginPageParamsSchema.safeParse(
+                req.params
+            );
+            if (!parsedParams.success) {
+                return next(
+                    createHttpError(
+                        HttpCode.BAD_REQUEST,
+                        fromError(parsedParams.error).toString()
+                    )
+                );
+            }
+
+            const { orgId } = parsedParams.data;
+
+            const remoteExitNode = req.remoteExitNode;
+
+            if (!remoteExitNode || !remoteExitNode.exitNodeId) {
+                return next(
+                    createHttpError(
+                        HttpCode.BAD_REQUEST,
+                        "Remote exit node not found"
+                    )
+                );
+            }
+
+            if (await checkExitNodeOrg(remoteExitNode.exitNodeId, orgId)) {
+                // If the exit node is not allowed for the org, return an error
+                return next(
+                    createHttpError(
+                        HttpCode.FORBIDDEN,
+                        "Exit node not allowed for this organization"
+                    )
+                );
+            }
+
+            const [org] = await db
+                .select({
+                    settingsLogRetentionDaysRequest:
+                        orgs.settingsLogRetentionDaysRequest
+                })
+                .from(orgs)
+                .where(eq(orgs.orgId, orgId))
+                .limit(1);
+
+            return response(res, {
+                data: {
+                    settingsLogRetentionDaysRequest:
+                        org.settingsLogRetentionDaysRequest
+                },
+                success: true,
+                error: false,
+                message: "Log retention days retrieved successfully",
+                status: HttpCode.OK
+            });
+        } catch (error) {
+            logger.error(error);
+            return next(
+                createHttpError(
+                    HttpCode.INTERNAL_SERVER_ERROR,
+                    "An error occurred..."
+                )
+            );
+        }
+    }
+);
+
+const batchLogsSchema = z.object({
+    logs: z.array(
+        z.object({
+            timestamp: z.number(),
+            orgId: z.string().optional(),
+            actorType: z.string().optional(),
+            actor: z.string().optional(),
+            actorId: z.string().optional(),
+            metadata: z.string().nullable(),
+            action: z.boolean(),
+            resourceId: z.number().optional(),
+            reason: z.number(),
+            location: z.string().optional(),
+            originalRequestURL: z.string(),
+            scheme: z.string(),
+            host: z.string(),
+            path: z.string(),
+            method: z.string(),
+            ip: z.string().optional(),
+            tls: z.boolean()
+        })
+    )
+});
+
+hybridRouter.post(
+    "/org/:orgId/logs/batch",
+    async (req: Request, res: Response, next: NextFunction) => {
+        try {
+            const parsedParams = getOrgLoginPageParamsSchema.safeParse(
+                req.params
+            );
+            if (!parsedParams.success) {
+                return next(
+                    createHttpError(
+                        HttpCode.BAD_REQUEST,
+                        fromError(parsedParams.error).toString()
+                    )
+                );
+            }
+
+            const { orgId } = parsedParams.data;
+
+            const parsedBody = batchLogsSchema.safeParse(req.body);
+            if (!parsedBody.success) {
+                return next(
+                    createHttpError(
+                        HttpCode.BAD_REQUEST,
+                        fromError(parsedBody.error).toString()
+                    )
+                );
+            }
+
+            const { logs } = parsedBody.data;
+
+            const remoteExitNode = req.remoteExitNode;
+
+            if (!remoteExitNode || !remoteExitNode.exitNodeId) {
+                return next(
+                    createHttpError(
+                        HttpCode.BAD_REQUEST,
+                        "Remote exit node not found"
+                    )
+                );
+            }
+
+            if (await checkExitNodeOrg(remoteExitNode.exitNodeId, orgId)) {
+                // If the exit node is not allowed for the org, return an error
+                return next(
+                    createHttpError(
+                        HttpCode.FORBIDDEN,
+                        "Exit node not allowed for this organization"
+                    )
+                );
+            }
+
+            // Batch insert all logs in a single query
+            const logEntries = logs.map((logEntry) => ({
+                timestamp: logEntry.timestamp,
+                orgId: logEntry.orgId,
+                actorType: logEntry.actorType,
+                actor: logEntry.actor,
+                actorId: logEntry.actorId,
+                metadata: logEntry.metadata,
+                action: logEntry.action,
+                resourceId: logEntry.resourceId,
+                reason: logEntry.reason,
+                location: logEntry.location,
+                // userAgent: data.userAgent, // TODO: add this
+                // headers: data.body.headers,
+                // query: data.body.query,
+                originalRequestURL: logEntry.originalRequestURL,
+                scheme: logEntry.scheme,
+                host: logEntry.host,
+                path: logEntry.path,
+                method: logEntry.method,
+                ip: logEntry.ip,
+                tls: logEntry.tls
+            }));
+
+            await db.insert(requestAuditLog).values(logEntries);
+
+            return response(res, {
+                data: null,
+                success: true,
+                error: false,
+                message: "Logs saved successfully",
+                status: HttpCode.OK
+            });
+        } catch (error) {
+            logger.error(error);
+            return next(
+                createHttpError(
+                    HttpCode.INTERNAL_SERVER_ERROR,
+                    "An error occurred..."
+                )
+            );
+        }
+    }
+);

From f4a0f6a2e618cde013e40c8591cc22f324431230 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Sat, 25 Oct 2025 16:17:45 -0700
Subject: [PATCH 61/69] Update ui

---
 src/app/[orgId]/settings/general/page.tsx | 36 +++++++++++++++++------
 1 file changed, 27 insertions(+), 9 deletions(-)

diff --git a/src/app/[orgId]/settings/general/page.tsx b/src/app/[orgId]/settings/general/page.tsx
index fd5c00c2..2599ec74 100644
--- a/src/app/[orgId]/settings/general/page.tsx
+++ b/src/app/[orgId]/settings/general/page.tsx
@@ -51,6 +51,7 @@ import {
 import { ChevronDown } from "lucide-react";
 import { useLicenseStatusContext } from "@app/hooks/useLicenseStatusContext";
 import { useSubscriptionStatusContext } from "@app/hooks/useSubscriptionStatusContext";
+import { Alert, AlertDescription } from "@app/components/ui/alert";
 
 // Schema for general organization settings
 const GeneralFormSchema = z.object({
@@ -288,15 +289,6 @@ export default function GeneralPage() {
                             </SettingsSectionDescription>
                         </SettingsSectionHeader>
                         <SettingsSectionBody>
-                            {/* {build === "saas" && !subscription?.subscribed ? (
-                        <Alert variant="info" className="mb-6">
-                            <AlertDescription>
-                                {t("orgAuthPageDisabled")}{" "}
-                                {t("subscriptionRequiredToUse")}
-                            </AlertDescription>
-                        </Alert>
-                    ) : null} */}
-
                             <SettingsSectionForm>
                                 <FormField
                                     control={form.control}
@@ -355,6 +347,32 @@ export default function GeneralPage() {
 
                                 {build != "oss" && (
                                     <>
+                                        {build == "saas" &&
+                                        !subscription?.subscribed ? (
+                                            <Alert
+                                                variant="info"
+                                                className="mb-6"
+                                            >
+                                                <AlertDescription>
+                                                    {t(
+                                                        "subscriptionRequiredToUse"
+                                                    )}
+                                                </AlertDescription>
+                                            </Alert>
+                                        ) : null}
+
+                                        {build == "enterprise" &&
+                                        !isUnlocked() ? (
+                                            <Alert
+                                                variant="info"
+                                                className="mb-6"
+                                            >
+                                                <AlertDescription>
+                                                    {t("licenseRequiredToUse")}
+                                                </AlertDescription>
+                                            </Alert>
+                                        ) : null}
+
                                         <FormField
                                             control={form.control}
                                             name="settingsLogRetentionDaysAccess"

From 5940bbd49876812faaa7c5c3b2565ba87c62fd50 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Sat, 25 Oct 2025 16:20:50 -0700
Subject: [PATCH 62/69] Uppercase

---
 server/lib/blueprints/proxyResources.ts | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/server/lib/blueprints/proxyResources.ts b/server/lib/blueprints/proxyResources.ts
index a31cfb9d..37b69761 100644
--- a/server/lib/blueprints/proxyResources.ts
+++ b/server/lib/blueprints/proxyResources.ts
@@ -527,7 +527,7 @@ export async function updateProxyResources(
                     if (
                         existingRule.action !== getRuleAction(rule.action) ||
                         existingRule.match !== rule.match.toUpperCase() ||
-                        existingRule.value !== rule.value
+                        existingRule.value !== rule.value.toUpperCase()
                     ) {
                         validateRule(rule);
                         await trx
@@ -535,7 +535,7 @@ export async function updateProxyResources(
                             .set({
                                 action: getRuleAction(rule.action),
                                 match: rule.match.toUpperCase(),
-                                value: rule.value
+                                value: rule.value.toUpperCase(),
                             })
                             .where(
                                 eq(resourceRules.ruleId, existingRule.ruleId)
@@ -547,7 +547,7 @@ export async function updateProxyResources(
                         resourceId: existingResource.resourceId,
                         action: getRuleAction(rule.action),
                         match: rule.match.toUpperCase(),
-                        value: rule.value,
+                        value: rule.value.toUpperCase(),
                         priority: index + 1 // start priorities at 1
                     });
                 }
@@ -705,7 +705,7 @@ export async function updateProxyResources(
                     resourceId: newResource.resourceId,
                     action: getRuleAction(rule.action),
                     match: rule.match.toUpperCase(),
-                    value: rule.value,
+                    value: rule.value.toUpperCase(),
                     priority: index + 1 // start priorities at 1
                 });
             }

From 2041edcf300654528b48e1b9283b473a8df1ccd7 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Sun, 26 Oct 2025 15:57:12 -0700
Subject: [PATCH 63/69] Allow protocols on the same port

Fixes #1745
---
 server/lib/blueprints/types.ts | 36 ++++++++++++++++++++--------------
 1 file changed, 21 insertions(+), 15 deletions(-)

diff --git a/server/lib/blueprints/types.ts b/server/lib/blueprints/types.ts
index 02f83f9d..de5c8a70 100644
--- a/server/lib/blueprints/types.ts
+++ b/server/lib/blueprints/types.ts
@@ -275,24 +275,26 @@ export const ConfigSchema = z
         }
     )
     .refine(
-        // Enforce proxy-port uniqueness within proxy-resources
+        // Enforce proxy-port uniqueness within proxy-resources per protocol
         (config) => {
-            const proxyPortMap = new Map<number, string[]>();
+            const protocolPortMap = new Map<string, string[]>();
 
             Object.entries(config["proxy-resources"]).forEach(
                 ([resourceKey, resource]) => {
                     const proxyPort = resource["proxy-port"];
-                    if (proxyPort !== undefined) {
-                        if (!proxyPortMap.has(proxyPort)) {
-                            proxyPortMap.set(proxyPort, []);
+                    const protocol = resource.protocol;
+                    if (proxyPort !== undefined && protocol !== undefined) {
+                        const key = `${protocol}:${proxyPort}`;
+                        if (!protocolPortMap.has(key)) {
+                            protocolPortMap.set(key, []);
                         }
-                        proxyPortMap.get(proxyPort)!.push(resourceKey);
+                        protocolPortMap.get(key)!.push(resourceKey);
                     }
                 }
             );
 
             // Find duplicates
-            const duplicates = Array.from(proxyPortMap.entries()).filter(
+            const duplicates = Array.from(protocolPortMap.entries()).filter(
                 ([_, resourceKeys]) => resourceKeys.length > 1
             );
 
@@ -300,25 +302,29 @@ export const ConfigSchema = z
         },
         (config) => {
             // Extract duplicates for error message
-            const proxyPortMap = new Map<number, string[]>();
+            const protocolPortMap = new Map<string, string[]>();
 
             Object.entries(config["proxy-resources"]).forEach(
                 ([resourceKey, resource]) => {
                     const proxyPort = resource["proxy-port"];
-                    if (proxyPort !== undefined) {
-                        if (!proxyPortMap.has(proxyPort)) {
-                            proxyPortMap.set(proxyPort, []);
+                    const protocol = resource.protocol;
+                    if (proxyPort !== undefined && protocol !== undefined) {
+                        const key = `${protocol}:${proxyPort}`;
+                        if (!protocolPortMap.has(key)) {
+                            protocolPortMap.set(key, []);
                         }
-                        proxyPortMap.get(proxyPort)!.push(resourceKey);
+                        protocolPortMap.get(key)!.push(resourceKey);
                     }
                 }
             );
 
-            const duplicates = Array.from(proxyPortMap.entries())
+            const duplicates = Array.from(protocolPortMap.entries())
                 .filter(([_, resourceKeys]) => resourceKeys.length > 1)
                 .map(
-                    ([proxyPort, resourceKeys]) =>
-                        `port ${proxyPort} used by proxy-resources: ${resourceKeys.join(", ")}`
+                    ([protocolPort, resourceKeys]) => {
+                        const [protocol, port] = protocolPort.split(':');
+                        return `${protocol.toUpperCase()} port ${port} used by proxy-resources: ${resourceKeys.join(", ")}`;
+                    }
                 )
                 .join("; ");
 

From 8f3324560ad5ea864f764bf1a0305625a08c17e8 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Sun, 26 Oct 2025 16:04:19 -0700
Subject: [PATCH 64/69] Install maxmind by default

---
 install/main.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install/main.go b/install/main.go
index 72ffbac0..a1b7d901 100644
--- a/install/main.go
+++ b/install/main.go
@@ -378,7 +378,7 @@ func collectUserInput(reader *bufio.Reader) Config {
 	fmt.Println("\n=== Advanced Configuration ===")
 
 	config.EnableIPv6 = readBool(reader, "Is your server IPv6 capable?", true)
-	config.EnableGeoblocking = readBool(reader, "Do you want to download the MaxMind GeoLite2 database for geoblocking functionality?", false)
+	config.EnableGeoblocking = readBool(reader, "Do you want to download the MaxMind GeoLite2 database for geoblocking functionality?", true)
 
 	if config.DashboardDomain == "" {
 		fmt.Println("Error: Dashboard Domain name is required")

From 85270f497a0cba587f6c86c81926cdf0a7df27dc Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Sun, 26 Oct 2025 18:15:39 -0700
Subject: [PATCH 65/69] Restrict raw resources and use st from config

---
 install/config/traefik/dynamic_config.yml     |  9 ++++++
 server/lib/traefik/TraefikConfigManager.ts    | 27 +++++++++++++----
 server/lib/traefik/getTraefikConfig.ts        | 30 +++++--------------
 .../private/lib/traefik/getTraefikConfig.ts   | 10 +++++--
 server/private/routers/hybrid.ts              |  3 +-
 .../routers/traefik/traefikConfigProvider.ts  |  3 +-
 6 files changed, 50 insertions(+), 32 deletions(-)

diff --git a/install/config/traefik/dynamic_config.yml b/install/config/traefik/dynamic_config.yml
index 8fcf8e55..f795016b 100644
--- a/install/config/traefik/dynamic_config.yml
+++ b/install/config/traefik/dynamic_config.yml
@@ -51,3 +51,12 @@ http:
       loadBalancer:
         servers:
           - url: "http://pangolin:3000"  # API/WebSocket server
+
+tcp:
+  serversTransports:
+    pp-transport-v1:
+      proxyProtocol:
+        version: 1
+    pp-transport-v2:
+      proxyProtocol:
+        version: 2
\ No newline at end of file
diff --git a/server/lib/traefik/TraefikConfigManager.ts b/server/lib/traefik/TraefikConfigManager.ts
index ec4e25f4..56648559 100644
--- a/server/lib/traefik/TraefikConfigManager.ts
+++ b/server/lib/traefik/TraefikConfigManager.ts
@@ -309,10 +309,7 @@ export class TraefikConfigManager {
                 this.lastActiveDomains = new Set(domains);
             }
 
-            if (
-                process.env.USE_PANGOLIN_DNS === "true" &&
-                build != "oss"
-            ) {
+            if (process.env.USE_PANGOLIN_DNS === "true" && build != "oss") {
                 // Scan current local certificate state
                 this.lastLocalCertificateState =
                     await this.scanLocalCertificateState();
@@ -450,7 +447,8 @@ export class TraefikConfigManager {
                 currentExitNode,
                 config.getRawConfig().traefik.site_types,
                 build == "oss", // filter out the namespace domains in open source
-                build != "oss" // generate the login pages on the cloud and hybrid
+                build != "oss", // generate the login pages on the cloud and hybrid,
+                build == "saas" ? false : config.getRawConfig().traefik.allow_raw_resources // dont allow raw resources on saas otherwise use config
             );
 
             const domains = new Set<string>();
@@ -502,6 +500,25 @@ export class TraefikConfigManager {
                 };
             }
 
+            // tcp:
+            //     serversTransports:
+            //         pp-transport-v1:
+            //         proxyProtocol:
+            //             version: 1
+            //         pp-transport-v2:
+            //         proxyProtocol:
+            //             version: 2
+
+            if (build != "saas") {
+                // add the serversTransports section if not present
+                if (traefikConfig.tcp && !traefikConfig.tcp.serversTransports) {
+                    traefikConfig.tcp.serversTransports = {
+                        "pp-transport-v1": { proxyProtocol: { version: 1 } },
+                        "pp-transport-v2": { proxyProtocol: { version: 2 } }
+                    };
+                }
+            }
+
             return { domains, traefikConfig };
         } catch (error) {
             // pull data out of the axios error to log
diff --git a/server/lib/traefik/getTraefikConfig.ts b/server/lib/traefik/getTraefikConfig.ts
index f7f56a9a..39a12156 100644
--- a/server/lib/traefik/getTraefikConfig.ts
+++ b/server/lib/traefik/getTraefikConfig.ts
@@ -23,7 +23,8 @@ export async function getTraefikConfig(
     exitNodeId: number,
     siteTypes: string[],
     filterOutNamespaceDomains = false,
-    generateLoginPageRouters = false
+    generateLoginPageRouters = false,
+    allowRawResources = true
 ): Promise<any> {
     // Define extended target type with site information
     type TargetWithSite = Target & {
@@ -103,7 +104,7 @@ export async function getTraefikConfig(
                     isNull(targetHealthCheck.hcHealth) // Include targets with no health check record
                 ),
                 inArray(sites.type, siteTypes),
-                config.getRawConfig().traefik.allow_raw_resources
+                allowRawResources
                     ? isNotNull(resources.http) // ignore the http check if allow_raw_resources is true
                     : eq(resources.http, true)
             )
@@ -566,8 +567,6 @@ export async function getTraefikConfig(
                 ...(protocol === "tcp" ? { rule: "HostSNI(`*`)" } : {})
             };
 
-            const serversTransportName = `${key}-proxy-protocol-transport`;
-
             config_output[protocol].services[serviceName] = {
                 loadBalancer: {
                     servers: (() => {
@@ -621,8 +620,10 @@ export async function getTraefikConfig(
                                 }
                             });
                     })(),
-                    ...(resource.proxyProtocol
-                        ? { serversTransport: serversTransportName }
+                    ...(resource.proxyProtocol && protocol == "tcp"
+                        ? {
+                              serversTransport: `pp-transport-v${resource.proxyProtocolVersion || 1}`
+                          }
                         : {}),
                     ...(resource.stickySession
                         ? {
@@ -636,23 +637,6 @@ export async function getTraefikConfig(
                         : {})
                 }
             };
-
-            // Add serversTransport configuration if proxy protocol is enabled
-            if (resource.proxyProtocol) {
-                if (!config_output[protocol].serversTransports) {
-                    config_output[protocol].serversTransports = {};
-                }
-                
-                config_output[protocol].serversTransports[serversTransportName] = {
-                    proxyProtocol: {
-                        version: resource.proxyProtocolVersion || 1
-                    }
-                };
-
-                logger.debug(
-                    `Enabled Proxy Protocol v${resource.proxyProtocolVersion || 1} for ${protocol} resource ${resource.resourceId} (${resource.name})`
-                );
-            }
         }
     }
     return config_output;
diff --git a/server/private/lib/traefik/getTraefikConfig.ts b/server/private/lib/traefik/getTraefikConfig.ts
index 881e4632..27a980dd 100644
--- a/server/private/lib/traefik/getTraefikConfig.ts
+++ b/server/private/lib/traefik/getTraefikConfig.ts
@@ -50,7 +50,8 @@ export async function getTraefikConfig(
     exitNodeId: number,
     siteTypes: string[],
     filterOutNamespaceDomains = false,
-    generateLoginPageRouters = false
+    generateLoginPageRouters = false,
+    allowRawResources = true
 ): Promise<any> {
     // Define extended target type with site information
     type TargetWithSite = Target & {
@@ -135,7 +136,7 @@ export async function getTraefikConfig(
                     isNull(targetHealthCheck.hcHealth) // Include targets with no health check record
                 ),
                 inArray(sites.type, siteTypes),
-                config.getRawConfig().traefik.allow_raw_resources
+                allowRawResources
                     ? isNotNull(resources.http) // ignore the http check if allow_raw_resources is true
                     : eq(resources.http, true)
             )
@@ -688,6 +689,11 @@ export async function getTraefikConfig(
                                 }
                             });
                     })(),
+                    ...(resource.proxyProtocol && protocol == "tcp" // proxy protocol only works for tcp
+                        ? {
+                              serversTransport: `pp-transport-v${resource.proxyProtocolVersion || 1}`
+                          }
+                        : {}),
                     ...(resource.stickySession
                         ? {
                               sticky: {
diff --git a/server/private/routers/hybrid.ts b/server/private/routers/hybrid.ts
index df99df92..abfbd02f 100644
--- a/server/private/routers/hybrid.ts
+++ b/server/private/routers/hybrid.ts
@@ -270,7 +270,8 @@ hybridRouter.get(
                 remoteExitNode.exitNodeId,
                 ["newt", "local", "wireguard"], // Allow them to use all the site types
                 true, // But don't allow domain namespace resources
-                false // Dont include login pages
+                false, // Dont include login pages,
+                true // allow raw resources
             );
 
             return response(res, {
diff --git a/server/routers/traefik/traefikConfigProvider.ts b/server/routers/traefik/traefikConfigProvider.ts
index 6c9404e9..9b12ed8a 100644
--- a/server/routers/traefik/traefikConfigProvider.ts
+++ b/server/routers/traefik/traefikConfigProvider.ts
@@ -21,7 +21,8 @@ export async function traefikConfigProvider(
             currentExitNodeId,
             config.getRawConfig().traefik.site_types,
             build == "oss", // filter out the namespace domains in open source
-            build != "oss" // generate the login pages on the cloud and hybrid
+            build != "oss", // generate the login pages on the cloud and and enterprise,
+            config.getRawConfig().traefik.allow_raw_resources
         );
 
         if (traefikConfig?.http?.middlewares) {

From 592d085de65c47358c90ee1a8ee36ab6529cbd56 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Sun, 26 Oct 2025 18:36:09 -0700
Subject: [PATCH 66/69] Lock down days

---
 messages/en-US.json                       |  1 +
 server/routers/org/updateOrg.ts           | 32 ++++++++++++++++++++---
 src/app/[orgId]/settings/general/page.tsx | 12 ++++++---
 3 files changed, 39 insertions(+), 6 deletions(-)

diff --git a/messages/en-US.json b/messages/en-US.json
index 80875b96..34ef3d7a 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1939,6 +1939,7 @@
     "logRetention7Days": "7 days",
     "logRetention14Days": "14 days",
     "logRetention30Days": "30 days",
+    "logRetention90Days": "90 days",
     "logRetentionForever": "Forever",
     "actionLogsDescription": "View a history of actions performed in this organization",
     "accessLogsDescription": "View access auth requests for resources in this organization",
diff --git a/server/routers/org/updateOrg.ts b/server/routers/org/updateOrg.ts
index a517ed17..f96ac8a3 100644
--- a/server/routers/org/updateOrg.ts
+++ b/server/routers/org/updateOrg.ts
@@ -9,6 +9,9 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
+import { build } from "@server/build";
+import { getOrgTierData } from "@server/lib/billing";
+import { TierId } from "@server/lib/billing/tiers";
 
 const updateOrgParamsSchema = z
     .object({
@@ -19,9 +22,18 @@ const updateOrgParamsSchema = z
 const updateOrgBodySchema = z
     .object({
         name: z.string().min(1).max(255).optional(),
-        settingsLogRetentionDaysRequest: z.number().min(-1).optional(),
-        settingsLogRetentionDaysAccess: z.number().min(-1).optional(),
-        settingsLogRetentionDaysAction: z.number().min(-1).optional()
+        settingsLogRetentionDaysRequest: z
+            .number()
+            .min(build === "saas" ? 0 : -1)
+            .optional(),
+        settingsLogRetentionDaysAccess: z
+            .number()
+            .min(build === "saas" ? 0 : -1)
+            .optional(),
+        settingsLogRetentionDaysAction: z
+            .number()
+            .min(build === "saas" ? 0 : -1)
+            .optional()
     })
     .strict()
     .refine((data) => Object.keys(data).length > 0, {
@@ -74,6 +86,20 @@ export async function updateOrg(
 
         const { orgId } = parsedParams.data;
 
+        const { tier } = await getOrgTierData(orgId); // returns null in oss
+        if (
+            tier != TierId.STANDARD &&
+            parsedBody.data.settingsLogRetentionDaysRequest &&
+            parsedBody.data.settingsLogRetentionDaysRequest > 30
+        ) {
+            return next(
+                createHttpError(
+                    HttpCode.FORBIDDEN,
+                    "You are not allowed to set log retention days greater than 30 because you are not subscribed to the Standard tier"
+                )
+            );
+        }
+
         const updatedOrg = await db
             .update(orgs)
             .set({
diff --git a/src/app/[orgId]/settings/general/page.tsx b/src/app/[orgId]/settings/general/page.tsx
index 2599ec74..00d8f3a0 100644
--- a/src/app/[orgId]/settings/general/page.tsx
+++ b/src/app/[orgId]/settings/general/page.tsx
@@ -48,7 +48,7 @@ import {
     DropdownMenuItem,
     DropdownMenuTrigger
 } from "@app/components/ui/dropdown-menu";
-import { ChevronDown } from "lucide-react";
+import { ChevronDown, SubscriptIcon } from "lucide-react";
 import { useLicenseStatusContext } from "@app/hooks/useLicenseStatusContext";
 import { useSubscriptionStatusContext } from "@app/hooks/useSubscriptionStatusContext";
 import { Alert, AlertDescription } from "@app/components/ui/alert";
@@ -70,7 +70,8 @@ const LOG_RETENTION_OPTIONS = [
     { label: "logRetention7Days", value: 7 },
     { label: "logRetention14Days", value: 14 },
     { label: "logRetention30Days", value: 30 },
-    { label: "logRetentionForever", value: -1 }
+    { label: "logRetention90Days", value: 90 },
+    ...(build != "saas" ? [{ label: "logRetentionForever", value: -1 }] : [])
 ];
 
 export default function GeneralPage() {
@@ -314,7 +315,12 @@ export default function GeneralPage() {
                                                         </Button>
                                                     </DropdownMenuTrigger>
                                                     <DropdownMenuContent className="w-full">
-                                                        {LOG_RETENTION_OPTIONS.map(
+                                                        {LOG_RETENTION_OPTIONS.filter((option) => {
+                                                            if (build == "saas" && !subscription?.subscribed && option.value > 30) {
+                                                                return false
+                                                            }
+                                                            return true;
+                                                        }).map(
                                                             (option) => (
                                                                 <DropdownMenuItem
                                                                     key={

From 43e6b7de0792ec6df11a026b74077c2b61ced01f Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Mon, 27 Oct 2025 09:46:07 -0700
Subject: [PATCH 67/69] remove delete on cascade for skipToIdp on resource
 closes #1654

---
 server/db/pg/schema/schema.ts     | 2 +-
 server/db/sqlite/schema/schema.ts | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/db/pg/schema/schema.ts b/server/db/pg/schema/schema.ts
index 13761cd0..4693a6d0 100644
--- a/server/db/pg/schema/schema.ts
+++ b/server/db/pg/schema/schema.ts
@@ -114,7 +114,7 @@ export const resources = pgTable("resources", {
     setHostHeader: varchar("setHostHeader"),
     enableProxy: boolean("enableProxy").default(true),
     skipToIdpId: integer("skipToIdpId").references(() => idp.idpId, {
-        onDelete: "cascade"
+        onDelete: "set null"
     }),
     headers: text("headers"), // comma-separated list of headers to add to the request
     proxyProtocol: boolean("proxyProtocol").notNull().default(false),
diff --git a/server/db/sqlite/schema/schema.ts b/server/db/sqlite/schema/schema.ts
index 6d504b9d..a74041d8 100644
--- a/server/db/sqlite/schema/schema.ts
+++ b/server/db/sqlite/schema/schema.ts
@@ -126,7 +126,7 @@ export const resources = sqliteTable("resources", {
     setHostHeader: text("setHostHeader"),
     enableProxy: integer("enableProxy", { mode: "boolean" }).default(true),
     skipToIdpId: integer("skipToIdpId").references(() => idp.idpId, {
-        onDelete: "cascade"
+        onDelete: "set null"
     }),
     headers: text("headers"), // comma-separated list of headers to add to the request
     proxyProtocol: integer("proxyProtocol", { mode: "boolean" }).notNull().default(false),

From 80f43a9774a00e11a70d50e336c058309a1b6def Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Mon, 27 Oct 2025 10:05:31 -0700
Subject: [PATCH 68/69] Fix lint

---
 server/index.ts                               |  3 +-
 server/lib/billing/getOrgTierData.ts          |  4 +-
 .../private/lib/traefik/getTraefikConfig.ts   |  2 +-
 server/private/routers/external.ts            |  8 ++--
 server/routers/external.ts                    |  4 +-
 src/app/[orgId]/settings/general/page.tsx     |  2 +-
 src/app/[orgId]/settings/logs/access/page.tsx |  4 +-
 src/app/[orgId]/settings/logs/action/page.tsx |  4 +-
 .../[orgId]/settings/logs/request/page.tsx    |  4 +-
 src/components/ui/calendar.tsx                | 38 +++++++++----------
 10 files changed, 36 insertions(+), 37 deletions(-)

diff --git a/server/index.ts b/server/index.ts
index 68c7df4c..daa4b7d3 100644
--- a/server/index.ts
+++ b/server/index.ts
@@ -43,8 +43,7 @@ async function startServers() {
     const apiServer = createApiServer();
     const internalServer = createInternalServer();
 
-    let nextServer;
-    nextServer = await createNextServer();
+    const nextServer = await createNextServer();
     if (config.getRawConfig().traefik.file_mode) {
         const monitor = new TraefikConfigManager();
         await monitor.start();
diff --git a/server/lib/billing/getOrgTierData.ts b/server/lib/billing/getOrgTierData.ts
index 24664790..75f12559 100644
--- a/server/lib/billing/getOrgTierData.ts
+++ b/server/lib/billing/getOrgTierData.ts
@@ -1,8 +1,8 @@
 export async function getOrgTierData(
     orgId: string
 ): Promise<{ tier: string | null; active: boolean }> {
-    let tier = null;
-    let active = false;
+    const tier = null;
+    const active = false;
 
     return { tier, active };
 }
diff --git a/server/private/lib/traefik/getTraefikConfig.ts b/server/private/lib/traefik/getTraefikConfig.ts
index b8a2b32b..bbbdbcfd 100644
--- a/server/private/lib/traefik/getTraefikConfig.ts
+++ b/server/private/lib/traefik/getTraefikConfig.ts
@@ -789,7 +789,7 @@ export async function getTraefikConfig(
                     continue;
                 }
 
-                let tls = {};
+                const tls = {};
                 if (
                     !privateConfig.getRawPrivateConfig().flags.use_pangolin_dns
                 ) {
diff --git a/server/private/routers/external.ts b/server/private/routers/external.ts
index ddfabb30..b569e98f 100644
--- a/server/private/routers/external.ts
+++ b/server/private/routers/external.ts
@@ -354,7 +354,7 @@ authenticated.get(
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.exportLogs),
     logs.queryActionAuditLogs 
-)
+);
 
 authenticated.get(
     "/org/:orgId/logs/action/export",
@@ -364,7 +364,7 @@ authenticated.get(
     verifyUserHasAction(ActionsEnum.exportLogs),
     logActionAudit(ActionsEnum.exportLogs),
     logs.exportActionAuditLogs
-)
+);
 
 authenticated.get(
     "/org/:orgId/logs/access",
@@ -373,7 +373,7 @@ authenticated.get(
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.exportLogs),
     logs.queryAccessAuditLogs 
-)
+);
 
 authenticated.get(
     "/org/:orgId/logs/access/export",
@@ -383,4 +383,4 @@ authenticated.get(
     verifyUserHasAction(ActionsEnum.exportLogs),
     logActionAudit(ActionsEnum.exportLogs),
     logs.exportAccessAuditLogs
-)
\ No newline at end of file
+);
\ No newline at end of file
diff --git a/server/routers/external.ts b/server/routers/external.ts
index 380746c4..9c30c073 100644
--- a/server/routers/external.ts
+++ b/server/routers/external.ts
@@ -887,7 +887,7 @@ authenticated.get(
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.viewLogs),
     logs.queryRequestAuditLogs
-)
+);
 
 authenticated.get(
     "/org/:orgId/logs/request/export",
@@ -895,7 +895,7 @@ authenticated.get(
     verifyUserHasAction(ActionsEnum.exportLogs),
     logActionAudit(ActionsEnum.exportLogs),
     logs.exportRequestAuditLogs
-)
+);
 
 // Auth routes
 export const authRouter = Router();
diff --git a/src/app/[orgId]/settings/general/page.tsx b/src/app/[orgId]/settings/general/page.tsx
index 00d8f3a0..ff38d2cc 100644
--- a/src/app/[orgId]/settings/general/page.tsx
+++ b/src/app/[orgId]/settings/general/page.tsx
@@ -317,7 +317,7 @@ export default function GeneralPage() {
                                                     <DropdownMenuContent className="w-full">
                                                         {LOG_RETENTION_OPTIONS.filter((option) => {
                                                             if (build == "saas" && !subscription?.subscribed && option.value > 30) {
-                                                                return false
+                                                                return false;
                                                             }
                                                             return true;
                                                         }).map(
diff --git a/src/app/[orgId]/settings/logs/access/page.tsx b/src/app/[orgId]/settings/logs/access/page.tsx
index 4244222d..56071976 100644
--- a/src/app/[orgId]/settings/logs/access/page.tsx
+++ b/src/app/[orgId]/settings/logs/access/page.tsx
@@ -230,7 +230,7 @@ export default function GeneralPage() {
             const activeFilters = filtersParam || filters;
 
             // Convert the date/time values to API parameters
-            let params: any = {
+            const params: any = {
                 limit: size,
                 offset: page * size,
                 ...activeFilters
@@ -312,7 +312,7 @@ export default function GeneralPage() {
             setIsExporting(true);
 
             // Prepare query params for export
-            let params: any = {
+            const params: any = {
                 timeStart: dateRange.startDate?.date
                     ? new Date(dateRange.startDate.date).toISOString()
                     : undefined,
diff --git a/src/app/[orgId]/settings/logs/action/page.tsx b/src/app/[orgId]/settings/logs/action/page.tsx
index d71cc3ff..b9845afa 100644
--- a/src/app/[orgId]/settings/logs/action/page.tsx
+++ b/src/app/[orgId]/settings/logs/action/page.tsx
@@ -214,7 +214,7 @@ export default function GeneralPage() {
             const activeFilters = filtersParam || filters;
 
             // Convert the date/time values to API parameters
-            let params: any = {
+            const params: any = {
                 limit: size,
                 offset: page * size,
                 ...activeFilters
@@ -296,7 +296,7 @@ export default function GeneralPage() {
             setIsExporting(true);
 
             // Prepare query params for export
-            let params: any = {
+            const params: any = {
                 timeStart: dateRange.startDate?.date
                     ? new Date(dateRange.startDate.date).toISOString()
                     : undefined,
diff --git a/src/app/[orgId]/settings/logs/request/page.tsx b/src/app/[orgId]/settings/logs/request/page.tsx
index 6a1a1659..7aeef772 100644
--- a/src/app/[orgId]/settings/logs/request/page.tsx
+++ b/src/app/[orgId]/settings/logs/request/page.tsx
@@ -219,7 +219,7 @@ export default function GeneralPage() {
             const activeFilters = filtersParam || filters;
 
             // Convert the date/time values to API parameters
-            let params: any = {
+            const params: any = {
                 limit: size,
                 offset: page * size,
                 ...activeFilters
@@ -301,7 +301,7 @@ export default function GeneralPage() {
             setIsExporting(true);
 
             // Prepare query params for export
-            let params: any = {
+            const params: any = {
                 timeStart: dateRange.startDate?.date
                     ? new Date(dateRange.startDate.date).toISOString()
                     : undefined,
diff --git a/src/components/ui/calendar.tsx b/src/components/ui/calendar.tsx
index a48a0f7c..f27bab31 100644
--- a/src/components/ui/calendar.tsx
+++ b/src/components/ui/calendar.tsx
@@ -1,15 +1,15 @@
-"use client"
+"use client";
 
-import * as React from "react"
+import * as React from "react";
 import {
   ChevronDownIcon,
   ChevronLeftIcon,
   ChevronRightIcon,
-} from "lucide-react"
-import { DayButton, DayPicker, getDefaultClassNames } from "react-day-picker"
+} from "lucide-react";
+import { DayButton, DayPicker, getDefaultClassNames } from "react-day-picker";
 
-import { Button, buttonVariants } from "@/components/ui/button"
-import { cn } from "@app/lib/cn"
+import { Button, buttonVariants } from "@/components/ui/button";
+import { cn } from "@app/lib/cn";
 
 function Calendar({
   className,
@@ -23,7 +23,7 @@ function Calendar({
 }: React.ComponentProps<typeof DayPicker> & {
   buttonVariant?: React.ComponentProps<typeof Button>["variant"]
 }) {
-  const defaultClassNames = getDefaultClassNames()
+  const defaultClassNames = getDefaultClassNames();
 
   return (
     <DayPicker
@@ -133,13 +133,13 @@ function Calendar({
               className={cn(className)}
               {...props}
             />
-          )
+          );
         },
         Chevron: ({ className, orientation, ...props }) => {
           if (orientation === "left") {
             return (
               <ChevronLeftIcon className={cn("size-4", className)} {...props} />
-            )
+            );
           }
 
           if (orientation === "right") {
@@ -148,12 +148,12 @@ function Calendar({
                 className={cn("size-4", className)}
                 {...props}
               />
-            )
+            );
           }
 
           return (
             <ChevronDownIcon className={cn("size-4", className)} {...props} />
-          )
+          );
         },
         DayButton: CalendarDayButton,
         WeekNumber: ({ children, ...props }) => {
@@ -163,13 +163,13 @@ function Calendar({
                 {children}
               </div>
             </td>
-          )
+          );
         },
         ...components,
       }}
       {...props}
     />
-  )
+  );
 }
 
 function CalendarDayButton({
@@ -178,12 +178,12 @@ function CalendarDayButton({
   modifiers,
   ...props
 }: React.ComponentProps<typeof DayButton>) {
-  const defaultClassNames = getDefaultClassNames()
+  const defaultClassNames = getDefaultClassNames();
 
-  const ref = React.useRef<HTMLButtonElement>(null)
+  const ref = React.useRef<HTMLButtonElement>(null);
   React.useEffect(() => {
-    if (modifiers.focused) ref.current?.focus()
-  }, [modifiers.focused])
+    if (modifiers.focused) ref.current?.focus();
+  }, [modifiers.focused]);
 
   return (
     <Button
@@ -207,7 +207,7 @@ function CalendarDayButton({
       )}
       {...props}
     />
-  )
+  );
 }
 
-export { Calendar, CalendarDayButton }
+export { Calendar, CalendarDayButton };

From a0f05cc77b2ddd244f6077c7a4014d087fb8c926 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Mon, 27 Oct 2025 10:09:06 -0700
Subject: [PATCH 69/69] Resolve export of logActionAudit

---
 server/middlewares/index.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/server/middlewares/index.ts b/server/middlewares/index.ts
index 629cafe9..66a92809 100644
--- a/server/middlewares/index.ts
+++ b/server/middlewares/index.ts
@@ -27,3 +27,4 @@ export * from "./verifyDomainAccess";
 export * from "./verifyClientsEnabled";
 export * from "./verifyUserIsOrgOwner";
 export * from "./verifySiteResourceAccess";
+export * from "./logActionAudit";
\ No newline at end of file