diff --git a/server/routers/resource/createResource.ts b/server/routers/resource/createResource.ts index 420cf0644..5c573618e 100644 --- a/server/routers/resource/createResource.ts +++ b/server/routers/resource/createResource.ts @@ -44,7 +44,11 @@ const createHttpResourceSchema = z domainId: z.string(), stickySession: z.boolean().optional(), postAuthPath: z.string().nullable().optional(), - browserAccessType: z.enum(["http", "ssh", "rdp", "vnc"]).optional() + browserAccessType: z.enum(["http", "ssh", "rdp", "vnc"]).optional(), + // SSH Settings + pamMode: z.enum(["passthrough", "push"]).optional(), + authDaemonPort: z.int().positive().optional(), + authDaemonMode: z.enum(["site", "remote", "native"]).optional() }) .refine( (data) => { @@ -202,7 +206,15 @@ async function createHttpResource( ); } - const { name, domainId, postAuthPath, browserAccessType } = parsedBody.data; + const { + name, + domainId, + postAuthPath, + browserAccessType, + authDaemonPort, + authDaemonMode, + pamMode + } = parsedBody.data; const subdomain = parsedBody.data.subdomain; const stickySession = parsedBody.data.stickySession; @@ -328,6 +340,9 @@ async function createHttpResource( subdomain: finalSubdomain, http: true, browserAccessType: browserAccessType, + pamMode: pamMode, + authDaemonMode: authDaemonMode, + authDaemonPort: authDaemonPort, protocol: "tcp", ssl: true, stickySession: stickySession, diff --git a/server/routers/siteResource/createSiteResource.ts b/server/routers/siteResource/createSiteResource.ts index bc80e8b41..632c5e3fd 100644 --- a/server/routers/siteResource/createSiteResource.ts +++ b/server/routers/siteResource/createSiteResource.ts @@ -68,6 +68,7 @@ const createSiteResourceSchema = z disableIcmp: z.boolean().optional(), authDaemonPort: z.int().positive().optional(), authDaemonMode: z.enum(["site", "remote"]).optional(), + pamMode: z.enum(["passthrough", "push"]).optional(), domainId: z.string().optional(), // only used for http mode, we need this to verify the alias is unique within the org subdomain: z.string().optional() // only used for http mode, we need this to verify the alias is unique within the org }) diff --git a/src/app/[orgId]/settings/resources/proxy/create/page.tsx b/src/app/[orgId]/settings/resources/proxy/create/page.tsx index c3a059314..e5a27eff2 100644 --- a/src/app/[orgId]/settings/resources/proxy/create/page.tsx +++ b/src/app/[orgId]/settings/resources/proxy/create/page.tsx @@ -393,8 +393,7 @@ export default function Page() { try { const payload: any = { name: baseData.name, - http: isHttpResource, - browserAccessType: resourceType + http: isHttpResource }; let sanitizedSubdomain: string | undefined; @@ -406,12 +405,28 @@ export default function Page() { ? finalizeSubdomainSanitize(httpData.subdomain, true) : undefined; + const effectiveMode = isNative + ? "native" + : standardDaemonLocation; + const portVal = sshDaemonPortForm.getValues().authDaemonPort; + const effectivePort = + !isNative && + standardDaemonLocation === "remote" && + pamMode === "push" && + portVal + ? Number(portVal) + : null; + Object.assign(payload, { subdomain: sanitizedSubdomain ? toASCII(sanitizedSubdomain) : undefined, domainId: httpData.domainId, - protocol: "tcp" + protocol: "tcp", + browserAccessType: resourceType, + pamMode, + authDaemonMode: effectiveMode, + authDaemonPort: effectivePort }); } else { const tcpUdpData = tcpUdpForm.getValues(); @@ -498,25 +513,6 @@ export default function Page() { `/${orgId}/settings/resources/proxy/${newNiceId}` ); } else if (resourceType === "ssh") { - const effectiveMode = isNative - ? "native" - : standardDaemonLocation; - const portVal = - sshDaemonPortForm.getValues().authDaemonPort; - const effectivePort = - !isNative && - standardDaemonLocation === "remote" && - pamMode === "push" && - portVal - ? Number(portVal) - : null; - - await api.post(`/resource/${id}`, { - pamMode, - authDaemonMode: effectiveMode, - authDaemonPort: effectivePort - }); - if (isNative) { if (nativeSelectedSite) { await api.put(