calvin.erfmann/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-02-08 19:10:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix session test for olm and show proper alert for ee

Browse Source
This commit is contained in:
Owen
2025-12-05 17:18:05 -05:00
parent 4809b64f7d
commit c8ec94c307
8 changed files with 123 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
messages/en-US.json
View File

@@ -2235,7 +2235,6 @@
"endpoint": "Endpoint",
"Id": "Id",
"SecretKey": "Secret Key",
"featureDisabledTooltip": "This feature is only available in the enterprise plan and require a license to use it.",
"niceId": "Nice ID",
"niceIdUpdated": "Nice ID Updated",
"niceIdUpdatedSuccessfully": "Nice ID Updated Successfully",

2
server/db/pg/driver.ts
View File

@@ -73,7 +73,7 @@ function createDb() {
return withReplicas(
DrizzlePostgres(primaryPool, {
logger: process.env.QUERY_LOGGING === "true"
logger: process.env.QUERY_LOGGING == "true"
}),
replicas as any
);

2
server/routers/olm/handleOlmPingMessage.ts
View File

@@ -136,7 +136,7 @@ export const handleOlmPingMessage: MessageHandler = async (context) => {
const policyCheck = await checkOrgAccessPolicy({
orgId: client.orgId,
userId: olm.userId,
session: userToken // this is the user token passed in the message
sessionId: userToken // this is the user token passed in the message
});
if (!policyCheck.allowed) {

2
server/routers/olm/handleOlmRegisterMessage.ts
View File

@@ -97,7 +97,7 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => {
const policyCheck = await checkOrgAccessPolicy({
orgId: orgId,
userId: olm.userId,
session: userToken // this is the user token passed in the message
sessionId: userToken // this is the user token passed in the message
});
if (!policyCheck.allowed) {

23
server/routers/siteResource/updateSiteResource.ts
View File

@@ -2,6 +2,7 @@ import { Request, Response, NextFunction } from "express";
import { z } from "zod";
import {
clientSiteResources,
clientSiteResourcesAssociationsCache,
db,
newts,
roles,
@@ -321,7 +322,6 @@ export async function updateSiteResource(
);
}
let oldDestinationStillInUseByASite = false;
// Only update targets on newt if destination changed
if (destinationChanged) {
const oldTargets = generateSubnetProxyTargets(
@@ -337,12 +337,28 @@ export async function updateSiteResource(
oldTargets: oldTargets,
newTargets: newTargets
});
}
const olmJobs: Promise<void>[] = [];
for (const client of mergedAllClients) {
// does this client have access to another resource on this site that has the same destination still? if so we dont want to remove it from their olm yet
// todo: optimize this query if needed
const oldDestinationStillInUseSites = await trx
.select()
.from(siteResources)
.innerJoin(
clientSiteResourcesAssociationsCache,
eq(
clientSiteResourcesAssociationsCache.siteResourceId,
siteResources.siteResourceId
)
)
.where(
and(
eq(
clientSiteResourcesAssociationsCache.clientId,
client.clientId
),
eq(siteResources.siteId, site.siteId),
eq(
siteResources.destination,
@@ -355,12 +371,9 @@ export async function updateSiteResource(
)
);
oldDestinationStillInUseByASite =
const oldDestinationStillInUseByASite =
oldDestinationStillInUseSites.length > 0;
}
const olmJobs: Promise<void>[] = [];
for (const client of mergedAllClients) {
// we also need to update the remote subnets on the olms for each client that has access to this site
olmJobs.push(
updatePeerData(

80
src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx
View File

@@ -25,7 +25,13 @@ import RegenerateCredentialsModal from "@app/components/RegenerateCredentialsMod
import { useSubscriptionStatusContext } from "@app/hooks/useSubscriptionStatusContext";
import { useLicenseStatusContext } from "@app/hooks/useLicenseStatusContext";
import { build } from "@server/build";
import { Tooltip, TooltipContent, TooltipProvider, TooltipTrigger } from "@app/components/ui/tooltip";
import {
Tooltip,
TooltipContent,
TooltipProvider,
TooltipTrigger
} from "@app/components/ui/tooltip";
import { SecurityFeaturesAlert } from "@app/components/SecurityFeaturesAlert";
export default function CredentialsPage() {
const { env } = useEnvContext();
@@ -36,7 +42,8 @@ export default function CredentialsPage() {
const { remoteExitNode } = useRemoteExitNodeContext();
const [modalOpen, setModalOpen] = useState(false);
const [credentials, setCredentials] = useState<PickRemoteExitNodeDefaultsResponse | null>(null);
const [credentials, setCredentials] =
useState<PickRemoteExitNodeDefaultsResponse | null>(null);
const { licenseStatus, isUnlocked } = useLicenseStatusContext();
const subscription = useSubscriptionStatusContext();
@@ -48,12 +55,10 @@ export default function CredentialsPage() {
return isEnterpriseNotLicensed || isSaasNotSubscribed;
};
const handleConfirmRegenerate = async () => {
const response = await api.get<AxiosResponse<PickRemoteExitNodeDefaultsResponse>>(
`/org/${orgId}/pick-remote-exit-node-defaults`
);
const response = await api.get<
AxiosResponse<PickRemoteExitNodeDefaultsResponse>
>(`/org/${orgId}/pick-remote-exit-node-defaults`);
const data = response.data.data;
setCredentials(data);
@@ -62,7 +67,7 @@ export default function CredentialsPage() {
`/re-key/${orgId}/reGenerate-remote-exit-node-secret`,
{
remoteExitNodeId: remoteExitNode.remoteExitNodeId,
secret: data.secret,
secret: data.secret
}
);
@@ -85,40 +90,29 @@ export default function CredentialsPage() {
};
return (
<SettingsContainer>
<SettingsSection>
<SettingsSectionHeader>
<SettingsSectionTitle>
{t("generatedcredentials")}
</SettingsSectionTitle>
<SettingsSectionDescription>
{t("regenerateCredentials")}
</SettingsSectionDescription>
</SettingsSectionHeader>
<>
<SettingsContainer>
<SettingsSection>
<SettingsSectionHeader>
<SettingsSectionTitle>
{t("generatedcredentials")}
</SettingsSectionTitle>
<SettingsSectionDescription>
{t("regenerateCredentials")}
</SettingsSectionDescription>
</SettingsSectionHeader>
<SettingsSectionBody>
<TooltipProvider>
<Tooltip>
<TooltipTrigger asChild>
<div className="inline-block">
<Button
onClick={() => setModalOpen(true)}
disabled={isSecurityFeatureDisabled()}
>
{t("regeneratecredentials")}
</Button>
</div>
</TooltipTrigger>
{isSecurityFeatureDisabled() && (
<TooltipContent side="top">
{t("featureDisabledTooltip")}
</TooltipContent>
)}
</Tooltip>
</TooltipProvider>
</SettingsSectionBody>
</SettingsSection>
<SettingsSectionBody>
<SecurityFeaturesAlert />
<Button
onClick={() => setModalOpen(true)}
disabled={isSecurityFeatureDisabled()}
>
{t("regeneratecredentials")}
</Button>
</SettingsSectionBody>
</SettingsSection>
</SettingsContainer>
<RegenerateCredentialsModal
open={modalOpen}
@@ -128,6 +122,6 @@ export default function CredentialsPage() {
dashboardUrl={env.app.dashboardUrl}
credentials={getCredentials()}
/>
</SettingsContainer>
</>
);
}
}

58
src/app/[orgId]/settings/clients/machine/[clientId]/credentials/page.tsx
View File

@@ -1,6 +1,7 @@
"use client";
import RegenerateCredentialsModal from "@app/components/RegenerateCredentialsModal";
import { SecurityFeaturesAlert } from "@app/components/SecurityFeaturesAlert";
import {
SettingsContainer,
SettingsSection,
@@ -84,40 +85,29 @@ export default function CredentialsPage() {
};
return (
<SettingsContainer>
<SettingsSection>
<SettingsSectionHeader>
<SettingsSectionTitle>
{t("generatedcredentials")}
</SettingsSectionTitle>
<SettingsSectionDescription>
{t("regenerateCredentials")}
</SettingsSectionDescription>
</SettingsSectionHeader>
<>
<SettingsContainer>
<SettingsSection>
<SettingsSectionHeader>
<SettingsSectionTitle>
{t("generatedcredentials")}
</SettingsSectionTitle>
<SettingsSectionDescription>
{t("regenerateCredentials")}
</SettingsSectionDescription>
</SettingsSectionHeader>
<SettingsSectionBody>
<TooltipProvider>
<Tooltip>
<TooltipTrigger asChild>
<div className="inline-block">
<Button
onClick={() => setModalOpen(true)}
disabled={isSecurityFeatureDisabled()}
>
{t("regeneratecredentials")}
</Button>
</div>
</TooltipTrigger>
{isSecurityFeatureDisabled() && (
<TooltipContent side="top">
{t("featureDisabledTooltip")}
</TooltipContent>
)}
</Tooltip>
</TooltipProvider>
</SettingsSectionBody>
</SettingsSection>
<SettingsSectionBody>
<SecurityFeaturesAlert />
<Button
onClick={() => setModalOpen(true)}
disabled={isSecurityFeatureDisabled()}
>
{t("regeneratecredentials")}
</Button>
</SettingsSectionBody>
</SettingsSection>
</SettingsContainer>
<RegenerateCredentialsModal
open={modalOpen}
@@ -127,6 +117,6 @@ export default function CredentialsPage() {
dashboardUrl={env.app.dashboardUrl}
credentials={getCredentials()}
/>
</SettingsContainer>
</>
);
}

83
src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx
View File

@@ -22,7 +22,13 @@ import RegenerateCredentialsModal from "@app/components/RegenerateCredentialsMod
import { useLicenseStatusContext } from "@app/hooks/useLicenseStatusContext";
import { useSubscriptionStatusContext } from "@app/hooks/useSubscriptionStatusContext";
import { build } from "@server/build";
import { Tooltip, TooltipContent, TooltipProvider, TooltipTrigger } from "@app/components/ui/tooltip";
import {
Tooltip,
TooltipContent,
TooltipProvider,
TooltipTrigger
} from "@app/components/ui/tooltip";
import { SecurityFeaturesAlert } from "@app/components/SecurityFeaturesAlert";
export default function CredentialsPage() {
const { env } = useEnvContext();
@@ -33,7 +39,8 @@ export default function CredentialsPage() {
const { site } = useSiteContext();
const [modalOpen, setModalOpen] = useState(false);
const [siteDefaults, setSiteDefaults] = useState<PickSiteDefaultsResponse | null>(null);
const [siteDefaults, setSiteDefaults] =
useState<PickSiteDefaultsResponse | null>(null);
const [wgConfig, setWgConfig] = useState("");
const [publicKey, setPublicKey] = useState("");
@@ -47,7 +54,6 @@ export default function CredentialsPage() {
return isEnterpriseNotLicensed || isSaasNotSubscribed;
};
const hydrateWireGuardConfig = (
privateKey: string,
publicKey: string,
@@ -109,11 +115,14 @@ PersistentKeepalive = 5`;
const data = res.data.data;
setSiteDefaults(data);
await api.post(`/re-key/${site?.siteId}/regenerate-site-secret`, {
type: "newt",
newtId: data.newtId,
newtSecret: data.newtSecret
});
await api.post(
`/re-key/${site?.siteId}/regenerate-site-secret`,
{
type: "newt",
newtId: data.newtId,
newtSecret: data.newtSecret
}
);
}
}
@@ -145,40 +154,30 @@ PersistentKeepalive = 5`;
};
return (
<SettingsContainer>
<SettingsSection>
<SettingsSectionHeader>
<SettingsSectionTitle>
{t("generatedcredentials")}
</SettingsSectionTitle>
<SettingsSectionDescription>
{t("regenerateCredentials")}
</SettingsSectionDescription>
</SettingsSectionHeader>
<>
<SettingsContainer>
<SettingsSection>
<SettingsSectionHeader>
<SettingsSectionTitle>
{t("generatedcredentials")}
</SettingsSectionTitle>
<SettingsSectionDescription>
{t("regenerateCredentials")}
</SettingsSectionDescription>
</SettingsSectionHeader>
<SettingsSectionBody>
<TooltipProvider>
<Tooltip>
<TooltipTrigger asChild>
<div className="inline-block">
<Button
onClick={() => setModalOpen(true)}
disabled={isSecurityFeatureDisabled()}
>
{t("regeneratecredentials")}
</Button>
</div>
</TooltipTrigger>
<SecurityFeaturesAlert />
{isSecurityFeatureDisabled() && (
<TooltipContent side="top">
{t("featureDisabledTooltip")}
</TooltipContent>
)}
</Tooltip>
</TooltipProvider>
</SettingsSectionBody>
</SettingsSection>
<SettingsSectionBody>
<Button
onClick={() => setModalOpen(true)}
disabled={isSecurityFeatureDisabled()}
>
{t("regeneratecredentials")}
</Button>
</SettingsSectionBody>
</SettingsSection>
</SettingsContainer>
<RegenerateCredentialsModal
open={modalOpen}
@@ -188,6 +187,6 @@ PersistentKeepalive = 5`;
dashboardUrl={env.app.dashboardUrl}
credentials={getCredentials()}
/>
</SettingsContainer>
</>
);
}
}