Allow configuration of client and org subnets

2026-02-01 07:39:09 +00:00 · 2025-04-16 22:00:24 -04:00
parent 569635f3ed
commit db0328fa71
10 changed files with 218 additions and 48 deletions
--- a/server/lib/ip.ts
+++ b/server/lib/ip.ts
@@ -274,4 +274,13 @@ export async function getNextAvailableOrgSubnet(): Promise<string> {
    }

    return subnet;
+}
+
+export function isValidCidr(cidr: string): boolean {
+    try {
+        cidrToRange(cidr);
+        return true;
+    } catch (e) {
+        return false;
+    }
 }
--- a/server/routers/client/createClient.ts
+++ b/server/routers/client/createClient.ts
@@ -19,8 +19,7 @@ import { eq, and } from "drizzle-orm";
 import { fromError } from "zod-validation-error";
 import moment from "moment";
 import { hashPassword } from "@server/auth/password";
-import { getNextAvailableClientSubnet } from "@server/lib/ip";
-import config from "@server/lib/config";
+import { isValidCIDR } from "@server/lib/validators";

 const createClientParamsSchema = z
    .object({
@@ -34,6 +33,7 @@ const createClientSchema = z
        siteIds: z.array(z.number().int().positive()),
        olmId: z.string(),
        secret: z.string(),
+        subnet: z.string(),
        type: z.enum(["olm"])
    })
    .strict();
@@ -58,7 +58,7 @@ export async function createClient(
            );
        }

-        const { name, type, siteIds, olmId, secret } = parsedBody.data;
+        const { name, type, siteIds, olmId, secret, subnet } = parsedBody.data;

        const parsedParams = createClientParamsSchema.safeParse(req.params);
        if (!parsedParams.success) {
@@ -78,9 +78,14 @@ export async function createClient(
            );
        }

-        const newSubnet = await getNextAvailableClientSubnet(orgId);
-
-        const subnet = `${newSubnet.split("/")[0]}/${config.getRawConfig().orgs.block_size}`; // we want the block size of the whole org
+        if (subnet && !isValidCIDR(subnet)) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    "Invalid subnet format. Please provide a valid CIDR notation."
+                )
+            );
+        }

        await db.transaction(async (trx) => {
            // TODO: more intelligent way to pick the exit node
--- a/server/routers/client/pickClientDefaults.ts
+++ b/server/routers/client/pickClientDefaults.ts
@@ -4,25 +4,53 @@ import HttpCode from "@server/types/HttpCode";
 import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { generateId } from "@server/auth/sessions/app";
+import { getNextAvailableClientSubnet } from "@server/lib/ip";
+import config from "@server/lib/config";
+import { z } from "zod";
+import { fromError } from "zod-validation-error";

 export type PickClientDefaultsResponse = {
    olmId: string;
    olmSecret: string;
+    subnet: string;
 };

+const pickClientDefaultsSchema = z
+    .object({
+        orgId: z.string()
+    })
+    .strict();
+
 export async function pickClientDefaults(
    req: Request,
    res: Response,
    next: NextFunction
 ): Promise<any> {
    try {
+        const parsedParams = pickClientDefaultsSchema.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error).toString()
+                )
+            );
+        }
+
+        const { orgId } = parsedParams.data;
+
        const olmId = generateId(15);
        const secret = generateId(48);

+        const newSubnet = await getNextAvailableClientSubnet(orgId);
+
+        const subnet = `${newSubnet.split("/")[0]}/${config.getRawConfig().orgs.block_size}`; // we want the block size of the whole org
+
        return response<PickClientDefaultsResponse>(res, {
            data: {
                olmId: olmId,
-                olmSecret: secret
+                olmSecret: secret,
+                subnet: subnet
            },
            success: true,
            error: false,
--- a/server/routers/external.ts
+++ b/server/routers/external.ts
@@ -47,8 +47,13 @@ unauthenticated.get("/", (_, res) => {
 export const authenticated = Router();
 authenticated.use(verifySessionUserMiddleware);

+authenticated.get(
+    "/pick-org-defaults",
+    org.pickOrgDefaults
+);
 authenticated.get("/org/checkId", org.checkId);
 authenticated.put("/org", getUserOrgs, org.createOrg);
+
 authenticated.get("/orgs", getUserOrgs, org.listOrgs); // TODO we need to check the orgs here
 authenticated.get(
    "/org/:orgId",
--- a/server/routers/org/createOrg.ts
+++ b/server/routers/org/createOrg.ts
@@ -19,12 +19,13 @@ import { createAdminRole } from "@server/setup/ensureActions";
 import config from "@server/lib/config";
 import { fromError } from "zod-validation-error";
 import { defaultRoleAllowedActions } from "../role";
-import { getNextAvailableOrgSubnet } from "@server/lib/ip";
+import { isValidCIDR } from "@server/lib/validators";

 const createOrgSchema = z
    .object({
        orgId: z.string(),
-        name: z.string().min(1).max(255)
+        name: z.string().min(1).max(255),
+        subnet: z.string()
    })
    .strict();

@@ -68,7 +69,16 @@ export async function createOrg(
            );
        }

-        const { orgId, name } = parsedBody.data;
+        const { orgId, name, subnet } = parsedBody.data;
+
+        if (subnet && !isValidCIDR(subnet)) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    "Invalid subnet format. Please provide a valid CIDR notation."
+                )
+            );
+        }

        // make sure the orgId is unique
        const orgExists = await db
@@ -89,8 +99,6 @@ export async function createOrg(
        let error = "";
        let org: Org | null = null;

-        const subnet = await getNextAvailableOrgSubnet();
-
        await db.transaction(async (trx) => {
            const allDomains = await trx
                .select()
--- a/server/routers/org/index.ts
+++ b/server/routers/org/index.ts
@@ -5,3 +5,4 @@ export * from "./updateOrg";
 export * from "./listOrgs";
 export * from "./checkId";
 export * from "./getOrgOverview";
+export* from "./pickOrgDefaults";
--- a/server/routers/org/pickOrgDefaults.ts
+++ b/server/routers/org/pickOrgDefaults.ts
@@ -0,0 +1,35 @@
+import { Request, Response, NextFunction } from "express";
+import response from "@server/lib/response";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import logger from "@server/logger";
+import { getNextAvailableOrgSubnet } from "@server/lib/ip";
+
+export type PickOrgDefaultsResponse = {
+    subnet: string;
+};
+
+export async function pickOrgDefaults(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const subnet = await getNextAvailableOrgSubnet();
+
+        return response<PickOrgDefaultsResponse>(res, {
+            data: {
+                subnet: subnet
+            },
+            success: true,
+            error: false,
+            message: "Organization defaults created successfully",
+            status: HttpCode.OK
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}