calvin.erfmann/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-06-06 07:38:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

Properly paywall the new resource types

Browse Source
This commit is contained in:
Owen
2026-06-02 18:06:42 -07:00
parent 128db20755
commit f2f56dc6c2
17 changed files with 312 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
server/lib/billing/tierMatrix.ts
View File

@@ -16,18 +16,18 @@ export enum TierFeature {
SessionDurationPolicies = "sessionDurationPolicies", // handle downgrade by setting to default duration SessionDurationPolicies = "sessionDurationPolicies", // handle downgrade by setting to default duration
PasswordExpirationPolicies = "passwordExpirationPolicies", // handle downgrade by setting to default duration PasswordExpirationPolicies = "passwordExpirationPolicies", // handle downgrade by setting to default duration
AutoProvisioning = "autoProvisioning", // handle downgrade by disabling auto provisioning AutoProvisioning = "autoProvisioning", // handle downgrade by disabling auto provisioning
SshPam = "sshPam",
FullRbac = "fullRbac", FullRbac = "fullRbac",
SiteProvisioningKeys = "siteProvisioningKeys", // handle downgrade by revoking keys if needed SiteProvisioningKeys = "siteProvisioningKeys", // handle downgrade by revoking keys if needed
SIEM = "siem", // handle downgrade by disabling SIEM integrations SIEM = "siem", // handle downgrade by disabling SIEM integrations
HTTPPrivateResources = "httpPrivateResources", // handle downgrade by disabling HTTP private resources
DomainNamespaces = "domainNamespaces", // handle downgrade by removing custom domain namespaces DomainNamespaces = "domainNamespaces", // handle downgrade by removing custom domain namespaces
StandaloneHealthChecks = "standaloneHealthChecks", StandaloneHealthChecks = "standaloneHealthChecks",
AlertingRules = "alertingRules", AlertingRules = "alertingRules",
WildcardSubdomain = "wildcardSubdomain", WildcardSubdomain = "wildcardSubdomain",
Labels = "labels", Labels = "labels",
NewtAutoUpdate = "newtAutoUpdate", NewtAutoUpdate = "newtAutoUpdate",
ResourcePolicies = "resourcePolicies" ResourcePolicies = "resourcePolicies",
AdvancedPublicResources = "advancedPublicResources",
AdvancedPrivateResources = "advancedPrivateResources"
} }
export const tierMatrix: Record<TierFeature, Tier[]> = { export const tierMatrix: Record<TierFeature, Tier[]> = {
@@ -62,15 +62,25 @@ export const tierMatrix: Record<TierFeature, Tier[]> = {
"enterprise" "enterprise"
], ],
[TierFeature.AutoProvisioning]: ["tier1", "tier3", "enterprise"], [TierFeature.AutoProvisioning]: ["tier1", "tier3", "enterprise"],
[TierFeature.SshPam]: ["tier1", "tier3", "enterprise"],
[TierFeature.FullRbac]: ["tier1", "tier2", "tier3", "enterprise"], [TierFeature.FullRbac]: ["tier1", "tier2", "tier3", "enterprise"],
[TierFeature.SiteProvisioningKeys]: ["tier3", "enterprise"], [TierFeature.SiteProvisioningKeys]: ["tier3", "enterprise"],
[TierFeature.SIEM]: ["enterprise"], [TierFeature.SIEM]: ["enterprise"],
[TierFeature.HTTPPrivateResources]: ["tier3", "enterprise"],
[TierFeature.DomainNamespaces]: ["tier1", "tier2", "tier3", "enterprise"], [TierFeature.DomainNamespaces]: ["tier1", "tier2", "tier3", "enterprise"],
[TierFeature.StandaloneHealthChecks]: ["tier3", "enterprise"], [TierFeature.StandaloneHealthChecks]: ["tier3", "enterprise"],
[TierFeature.AlertingRules]: ["tier3", "enterprise"], [TierFeature.AlertingRules]: ["tier3", "enterprise"],
[TierFeature.WildcardSubdomain]: ["tier1", "tier2", "tier3", "enterprise"], [TierFeature.WildcardSubdomain]: ["tier1", "tier2", "tier3", "enterprise"],
[TierFeature.NewtAutoUpdate]: ["tier1", "tier2", "tier3", "enterprise"], [TierFeature.NewtAutoUpdate]: ["tier1", "tier2", "tier3", "enterprise"],
[TierFeature.ResourcePolicies]: ["tier3", "enterprise"] [TierFeature.ResourcePolicies]: ["tier3", "enterprise"],
[TierFeature.AdvancedPublicResources]: [
"tier1",
"tier2",
"tier3",
"enterprise"
],
[TierFeature.AdvancedPrivateResources]: [
"tier1",
"tier2",
"tier3",
"enterprise"
]
}; };

13
server/private/routers/billing/featureLifecycle.ts
View File

@@ -308,8 +308,8 @@ async function disableFeature(
await disableAutoProvisioning(orgId); await disableAutoProvisioning(orgId);
break; break;
case TierFeature.SshPam: case TierFeature.AdvancedPrivateResources:
await disableSshPam(orgId); await disableAdvancedPrivateResources(orgId);
break; break;
case TierFeature.FullRbac: case TierFeature.FullRbac:
@@ -357,10 +357,11 @@ async function disableDeviceApprovals(orgId: string): Promise<void> {
logger.info(`Disabled device approvals on all roles for org ${orgId}`); logger.info(`Disabled device approvals on all roles for org ${orgId}`);
} }
async function disableSshPam(orgId: string): Promise<void> { async function disableAdvancedPrivateResources(orgId: string): Promise<void> {
logger.info( // TODO: implement logic to disable advanced private resourcs like ssh and ssh pam
`Disabled SSH PAM options on all roles and site resources for org ${orgId}` // logger.info(
); // `Disabled advanced private resources on all roles and site resources for org ${orgId}`
// );
} }
async function disableFullRbac(orgId: string): Promise<void> { async function disableFullRbac(orgId: string): Promise<void> {

2
server/private/routers/external.ts
View File

@@ -610,7 +610,7 @@ authenticated.put(
authenticated.post( authenticated.post(
"/org/:orgId/ssh/sign-key", "/org/:orgId/ssh/sign-key",
verifyValidLicense, verifyValidLicense,
verifyValidSubscription(tierMatrix.sshPam), verifyValidSubscription(tierMatrix.advancedPrivateResources),
verifyOrgAccess, verifyOrgAccess,
verifyLimits, verifyLimits,
verifyUserHasAction(ActionsEnum.signSshKey), verifyUserHasAction(ActionsEnum.signSshKey),

2
server/private/routers/ssh/signSshKey.ts
View File

@@ -149,7 +149,7 @@ export async function signSshKey(
const isLicensed = await isLicensedOrSubscribed( const isLicensed = await isLicensedOrSubscribed(
orgId, orgId,
tierMatrix.sshPam tierMatrix.advancedPrivateResources
); );
if (!isLicensed) { if (!isLicensed) {
return next( return next(

17
server/routers/resource/createResource.ts
View File

@@ -31,7 +31,7 @@ import {
} from "@server/lib/domainUtils"; } from "@server/lib/domainUtils";
import { isSubscribed } from "#dynamic/lib/isSubscribed"; import { isSubscribed } from "#dynamic/lib/isSubscribed";
import { isLicensedOrSubscribed } from "#dynamic/lib/isLicencedOrSubscribed"; import { isLicensedOrSubscribed } from "#dynamic/lib/isLicencedOrSubscribed";
import { tierMatrix } from "@server/lib/billing/tierMatrix"; import { TierFeature, tierMatrix } from "@server/lib/billing/tierMatrix";
import { import {
getUniqueResourceName, getUniqueResourceName,
getUniqueResourcePolicyName getUniqueResourcePolicyName
@@ -342,6 +342,21 @@ async function createHttpResource(
} }
} }
if (
["ssh", "rdp", "vnc"].includes(mode!) &&
!isLicensedOrSubscribed(
orgId!,
tierMatrix[TierFeature.AdvancedPublicResources]
)
) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"Your current subscription does not support browser gateway resources. Please upgrade to access this feature."
)
);
}
// Validate domain and construct full domain // Validate domain and construct full domain
const domainResult = await validateAndConstructDomain( const domainResult = await validateAndConstructDomain(
domainId, domainId,

33
server/routers/role/createRole.ts
View File

@@ -123,23 +123,40 @@ export async function createRole(
); );
} }
const isLicensedDeviceApprovals = await isLicensedOrSubscribed(orgId, tierMatrix.deviceApprovals); const isLicensedDeviceApprovals = await isLicensedOrSubscribed(
orgId,
tierMatrix.deviceApprovals
);
if (!isLicensedDeviceApprovals) { if (!isLicensedDeviceApprovals) {
roleData.requireDeviceApproval = undefined; roleData.requireDeviceApproval = undefined;
} }
const isLicensedSshPam = await isLicensedOrSubscribed(orgId, tierMatrix.sshPam); const isLicensedSshPam = await isLicensedOrSubscribed(
orgId,
tierMatrix.advancedPrivateResources
);
const roleInsertValues: Record<string, unknown> = { const roleInsertValues: Record<string, unknown> = {
name: roleData.name, name: roleData.name,
orgId orgId
}; };
if (roleData.description !== undefined) roleInsertValues.description = roleData.description; if (roleData.description !== undefined)
if (roleData.requireDeviceApproval !== undefined) roleInsertValues.requireDeviceApproval = roleData.requireDeviceApproval; roleInsertValues.description = roleData.description;
if (roleData.requireDeviceApproval !== undefined)
roleInsertValues.requireDeviceApproval =
roleData.requireDeviceApproval;
if (isLicensedSshPam) { if (isLicensedSshPam) {
if (roleData.sshSudoMode !== undefined) roleInsertValues.sshSudoMode = roleData.sshSudoMode; if (roleData.sshSudoMode !== undefined)
if (roleData.sshSudoCommands !== undefined) roleInsertValues.sshSudoCommands = JSON.stringify(roleData.sshSudoCommands); roleInsertValues.sshSudoMode = roleData.sshSudoMode;
if (roleData.sshCreateHomeDir !== undefined) roleInsertValues.sshCreateHomeDir = roleData.sshCreateHomeDir; if (roleData.sshSudoCommands !== undefined)
if (roleData.sshUnixGroups !== undefined) roleInsertValues.sshUnixGroups = JSON.stringify(roleData.sshUnixGroups); roleInsertValues.sshSudoCommands = JSON.stringify(
roleData.sshSudoCommands
);
if (roleData.sshCreateHomeDir !== undefined)
roleInsertValues.sshCreateHomeDir = roleData.sshCreateHomeDir;
if (roleData.sshUnixGroups !== undefined)
roleInsertValues.sshUnixGroups = JSON.stringify(
roleData.sshUnixGroups
);
} }
await db.transaction(async (trx) => { await db.transaction(async (trx) => {

18
server/routers/role/updateRole.ts
View File

@@ -134,12 +134,18 @@ export async function updateRole(
); );
} }
const isLicensedDeviceApprovals = await isLicensedOrSubscribed(orgId, tierMatrix.deviceApprovals); const isLicensedDeviceApprovals = await isLicensedOrSubscribed(
orgId,
tierMatrix.deviceApprovals
);
if (!isLicensedDeviceApprovals) { if (!isLicensedDeviceApprovals) {
updateData.requireDeviceApproval = undefined; updateData.requireDeviceApproval = undefined;
} }
const isLicensedSshPam = await isLicensedOrSubscribed(orgId, tierMatrix.sshPam); const isLicensedSshPam = await isLicensedOrSubscribed(
orgId,
tierMatrix.advancedPrivateResources
);
if (!isLicensedSshPam) { if (!isLicensedSshPam) {
delete updateData.sshSudoMode; delete updateData.sshSudoMode;
delete updateData.sshSudoCommands; delete updateData.sshSudoCommands;
@@ -147,10 +153,14 @@ export async function updateRole(
delete updateData.sshUnixGroups; delete updateData.sshUnixGroups;
} else { } else {
if (Array.isArray(updateData.sshSudoCommands)) { if (Array.isArray(updateData.sshSudoCommands)) {
updateData.sshSudoCommands = JSON.stringify(updateData.sshSudoCommands); updateData.sshSudoCommands = JSON.stringify(
updateData.sshSudoCommands
);
} }
if (Array.isArray(updateData.sshUnixGroups)) { if (Array.isArray(updateData.sshUnixGroups)) {
updateData.sshUnixGroups = JSON.stringify(updateData.sshUnixGroups); updateData.sshUnixGroups = JSON.stringify(
updateData.sshUnixGroups
);
} }
} }

13
server/routers/siteResource/createSiteResource.ts
View File

@@ -293,7 +293,7 @@ export async function createSiteResource(
if (mode == "http") { if (mode == "http") {
const hasHttpFeature = await isLicensedOrSubscribed( const hasHttpFeature = await isLicensedOrSubscribed(
orgId, orgId,
tierMatrix[TierFeature.HTTPPrivateResources] tierMatrix[TierFeature.AdvancedPrivateResources]
); );
if (!hasHttpFeature) { if (!hasHttpFeature) {
return next( return next(
@@ -425,9 +425,18 @@ export async function createSiteResource(
const isLicensedSshPam = await isLicensedOrSubscribed( const isLicensedSshPam = await isLicensedOrSubscribed(
orgId, orgId,
tierMatrix.sshPam tierMatrix.advancedPrivateResources
); );
if (mode == "ssh" && !isLicensedSshPam) {
return next(
createHttpError(
HttpCode.FORBIDDEN,
"SSH private resources are not included in your current plan. Please upgrade."
)
);
}
let updatedNiceId = niceId; let updatedNiceId = niceId;
if (!niceId) { if (!niceId) {
updatedNiceId = await getUniqueSiteResourceName(orgId); updatedNiceId = await getUniqueSiteResourceName(orgId);

4
server/routers/siteResource/updateSiteResource.ts
View File

@@ -314,7 +314,7 @@ export async function updateSiteResource(
if (mode == "http") { if (mode == "http") {
const hasHttpFeature = await isLicensedOrSubscribed( const hasHttpFeature = await isLicensedOrSubscribed(
existingSiteResource.orgId, existingSiteResource.orgId,
tierMatrix[TierFeature.HTTPPrivateResources] tierMatrix[TierFeature.AdvancedPrivateResources]
); );
if (!hasHttpFeature) { if (!hasHttpFeature) {
return next( return next(
@@ -328,7 +328,7 @@ export async function updateSiteResource(
const isLicensedSshPam = await isLicensedOrSubscribed( const isLicensedSshPam = await isLicensedOrSubscribed(
existingSiteResource.orgId, existingSiteResource.orgId,
tierMatrix.sshPam tierMatrix.advancedPrivateResources
); );
const [org] = await db const [org] = await db

20
src/app/[orgId]/settings/resources/public/[niceId]/rdp/page.tsx
View File

@@ -10,11 +10,14 @@ import {
SettingsSectionTitle SettingsSectionTitle
} from "@app/components/Settings"; } from "@app/components/Settings";
import { BrowserGatewayTargetForm } from "@app/components/BrowserGatewayTargetForm"; import { BrowserGatewayTargetForm } from "@app/components/BrowserGatewayTargetForm";
import { PaidFeaturesAlert } from "@app/components/PaidFeaturesAlert";
import { type Selectedsite } from "@app/components/site-selector"; import { type Selectedsite } from "@app/components/site-selector";
import { Button } from "@app/components/ui/button"; import { Button } from "@app/components/ui/button";
import { toast } from "@app/hooks/useToast"; import { toast } from "@app/hooks/useToast";
import { useResourceContext } from "@app/hooks/useResourceContext"; import { useResourceContext } from "@app/hooks/useResourceContext";
import { useEnvContext } from "@app/hooks/useEnvContext"; import { useEnvContext } from "@app/hooks/useEnvContext";
import { usePaidStatus } from "@app/hooks/usePaidStatus";
import { tierMatrix, TierFeature } from "@server/lib/billing/tierMatrix";
import { createApiClient } from "@app/lib/api"; import { createApiClient } from "@app/lib/api";
import { formatAxiosError } from "@app/lib/api/formatAxiosError"; import { formatAxiosError } from "@app/lib/api/formatAxiosError";
import { useQuery } from "@tanstack/react-query"; import { useQuery } from "@tanstack/react-query";
@@ -48,13 +51,21 @@ export default function SshSettingsPage(props: {
}) { }) {
const params = use(props.params); const params = use(props.params);
const { resource, updateResource } = useResourceContext(); const { resource, updateResource } = useResourceContext();
const { isPaidUser } = usePaidStatus();
const disabled = !isPaidUser(
tierMatrix[TierFeature.AdvancedPublicResources]
);
return ( return (
<SettingsContainer> <SettingsContainer>
<PaidFeaturesAlert
tiers={tierMatrix[TierFeature.AdvancedPublicResources]}
/>
<SshServerForm <SshServerForm
orgId={params.orgId} orgId={params.orgId}
resource={resource} resource={resource}
updateResource={updateResource} updateResource={updateResource}
disabled={disabled}
/> />
</SettingsContainer> </SettingsContainer>
); );
@@ -63,11 +74,13 @@ export default function SshSettingsPage(props: {
function SshServerForm({ function SshServerForm({
orgId, orgId,
resource, resource,
updateResource updateResource,
disabled
}: { }: {
orgId: string; orgId: string;
resource: GetResourceResponse; resource: GetResourceResponse;
updateResource: ResourceContextType["updateResource"]; updateResource: ResourceContextType["updateResource"];
disabled: boolean;
}) { }) {
const t = useTranslations(); const t = useTranslations();
const api = createApiClient(useEnvContext()); const api = createApiClient(useEnvContext());
@@ -220,6 +233,10 @@ function SshServerForm({
{t("rdpServerDescription")} {t("rdpServerDescription")}
</SettingsSectionDescription> </SettingsSectionDescription>
</SettingsSectionHeader> </SettingsSectionHeader>
<fieldset
disabled={disabled}
className={disabled ? "opacity-50 pointer-events-none" : ""}
>
<SettingsSectionBody> <SettingsSectionBody>
<SettingsSectionForm variant="half"> <SettingsSectionForm variant="half">
<BrowserGatewayTargetForm <BrowserGatewayTargetForm
@@ -245,6 +262,7 @@ function SshServerForm({
{t("saveSettings")} {t("saveSettings")}
</Button> </Button>
</form> </form>
</fieldset>
</SettingsSection> </SettingsSection>
); );
} }

20
src/app/[orgId]/settings/resources/public/[niceId]/ssh/page.tsx
View File

@@ -11,10 +11,13 @@ import {
} from "@app/components/Settings"; } from "@app/components/Settings";
import { StrategySelect, StrategyOption } from "@app/components/StrategySelect"; import { StrategySelect, StrategyOption } from "@app/components/StrategySelect";
import { BrowserGatewayTargetForm } from "@app/components/BrowserGatewayTargetForm"; import { BrowserGatewayTargetForm } from "@app/components/BrowserGatewayTargetForm";
import { PaidFeaturesAlert } from "@app/components/PaidFeaturesAlert";
import { import {
SitesSelector, SitesSelector,
type Selectedsite type Selectedsite
} from "@app/components/site-selector"; } from "@app/components/site-selector";
import { usePaidStatus } from "@app/hooks/usePaidStatus";
import { tierMatrix, TierFeature } from "@server/lib/billing/tierMatrix";
import { Button } from "@app/components/ui/button"; import { Button } from "@app/components/ui/button";
import { Input } from "@app/components/ui/input"; import { Input } from "@app/components/ui/input";
import { import {
@@ -68,13 +71,21 @@ export default function SshSettingsPage(props: {
}) { }) {
const params = use(props.params); const params = use(props.params);
const { resource, updateResource } = useResourceContext(); const { resource, updateResource } = useResourceContext();
const { isPaidUser } = usePaidStatus();
const disabled = !isPaidUser(
tierMatrix[TierFeature.AdvancedPublicResources]
);
return ( return (
<SettingsContainer> <SettingsContainer>
<PaidFeaturesAlert
tiers={tierMatrix[TierFeature.AdvancedPublicResources]}
/>
<SshServerForm <SshServerForm
orgId={params.orgId} orgId={params.orgId}
resource={resource} resource={resource}
updateResource={updateResource} updateResource={updateResource}
disabled={disabled}
/> />
</SettingsContainer> </SettingsContainer>
); );
@@ -83,11 +94,13 @@ export default function SshSettingsPage(props: {
function SshServerForm({ function SshServerForm({
orgId, orgId,
resource, resource,
updateResource updateResource,
disabled
}: { }: {
orgId: string; orgId: string;
resource: GetResourceResponse; resource: GetResourceResponse;
updateResource: ResourceContextType["updateResource"]; updateResource: ResourceContextType["updateResource"];
disabled: boolean;
}) { }) {
const t = useTranslations(); const t = useTranslations();
const api = createApiClient(useEnvContext()); const api = createApiClient(useEnvContext());
@@ -366,6 +379,10 @@ function SshServerForm({
{t("sshServerDescription")} {t("sshServerDescription")}
</SettingsSectionDescription> </SettingsSectionDescription>
</SettingsSectionHeader> </SettingsSectionHeader>
<fieldset
disabled={disabled}
className={disabled ? "opacity-50 pointer-events-none" : ""}
>
<SettingsSectionBody> <SettingsSectionBody>
<SettingsSectionForm variant="half"> <SettingsSectionForm variant="half">
<div className="space-y-3"> <div className="space-y-3">
@@ -520,6 +537,7 @@ function SshServerForm({
{t("saveSettings")} {t("saveSettings")}
</Button> </Button>
</form> </form>
</fieldset>
</SettingsSection> </SettingsSection>
); );
} }

20
src/app/[orgId]/settings/resources/public/[niceId]/vnc/page.tsx
View File

@@ -10,11 +10,14 @@ import {
SettingsSectionTitle SettingsSectionTitle
} from "@app/components/Settings"; } from "@app/components/Settings";
import { BrowserGatewayTargetForm } from "@app/components/BrowserGatewayTargetForm"; import { BrowserGatewayTargetForm } from "@app/components/BrowserGatewayTargetForm";
import { PaidFeaturesAlert } from "@app/components/PaidFeaturesAlert";
import { type Selectedsite } from "@app/components/site-selector"; import { type Selectedsite } from "@app/components/site-selector";
import { Button } from "@app/components/ui/button"; import { Button } from "@app/components/ui/button";
import { toast } from "@app/hooks/useToast"; import { toast } from "@app/hooks/useToast";
import { useResourceContext } from "@app/hooks/useResourceContext"; import { useResourceContext } from "@app/hooks/useResourceContext";
import { useEnvContext } from "@app/hooks/useEnvContext"; import { useEnvContext } from "@app/hooks/useEnvContext";
import { usePaidStatus } from "@app/hooks/usePaidStatus";
import { tierMatrix, TierFeature } from "@server/lib/billing/tierMatrix";
import { createApiClient } from "@app/lib/api"; import { createApiClient } from "@app/lib/api";
import { formatAxiosError } from "@app/lib/api/formatAxiosError"; import { formatAxiosError } from "@app/lib/api/formatAxiosError";
import { useQuery } from "@tanstack/react-query"; import { useQuery } from "@tanstack/react-query";
@@ -46,13 +49,21 @@ export default function SshSettingsPage(props: {
}) { }) {
const params = use(props.params); const params = use(props.params);
const { resource, updateResource } = useResourceContext(); const { resource, updateResource } = useResourceContext();
const { isPaidUser } = usePaidStatus();
const disabled = !isPaidUser(
tierMatrix[TierFeature.AdvancedPublicResources]
);
return ( return (
<SettingsContainer> <SettingsContainer>
<PaidFeaturesAlert
tiers={tierMatrix[TierFeature.AdvancedPublicResources]}
/>
<SshServerForm <SshServerForm
orgId={params.orgId} orgId={params.orgId}
resource={resource} resource={resource}
updateResource={updateResource} updateResource={updateResource}
disabled={disabled}
/> />
</SettingsContainer> </SettingsContainer>
); );
@@ -61,11 +72,13 @@ export default function SshSettingsPage(props: {
function SshServerForm({ function SshServerForm({
orgId, orgId,
resource, resource,
updateResource updateResource,
disabled
}: { }: {
orgId: string; orgId: string;
resource: GetResourceResponse; resource: GetResourceResponse;
updateResource: ResourceContextType["updateResource"]; updateResource: ResourceContextType["updateResource"];
disabled: boolean;
}) { }) {
const t = useTranslations(); const t = useTranslations();
const api = createApiClient(useEnvContext()); const api = createApiClient(useEnvContext());
@@ -218,6 +231,10 @@ function SshServerForm({
{t("vncServerDescription")} {t("vncServerDescription")}
</SettingsSectionDescription> </SettingsSectionDescription>
</SettingsSectionHeader> </SettingsSectionHeader>
<fieldset
disabled={disabled}
className={disabled ? "opacity-50 pointer-events-none" : ""}
>
<SettingsSectionBody> <SettingsSectionBody>
<SettingsSectionForm variant="half"> <SettingsSectionForm variant="half">
<BrowserGatewayTargetForm <BrowserGatewayTargetForm
@@ -243,6 +260,7 @@ function SshServerForm({
{t("saveSettings")} {t("saveSettings")}
</Button> </Button>
</form> </form>
</fieldset>
</SettingsSection> </SettingsSection>
); );
} }

66
src/app/[orgId]/settings/resources/public/create/page.tsx
View File

@@ -72,7 +72,10 @@ import {
} from "@app/components/ui/tooltip"; } from "@app/components/ui/tooltip";
import { Alert, AlertDescription, AlertTitle } from "@app/components/ui/alert"; import { Alert, AlertDescription, AlertTitle } from "@app/components/ui/alert";
import { useEnvContext } from "@app/hooks/useEnvContext"; import { useEnvContext } from "@app/hooks/useEnvContext";
import { usePaidStatus } from "@app/hooks/usePaidStatus";
import { toast } from "@app/hooks/useToast"; import { toast } from "@app/hooks/useToast";
import { PaidFeaturesAlert } from "@app/components/PaidFeaturesAlert";
import { tierMatrix, TierFeature } from "@server/lib/billing/tierMatrix";
import { createApiClient, formatAxiosError } from "@app/lib/api"; import { createApiClient, formatAxiosError } from "@app/lib/api";
import { DockerManager, DockerState } from "@app/lib/docker"; import { DockerManager, DockerState } from "@app/lib/docker";
import { orgQueries } from "@app/lib/queries"; import { orgQueries } from "@app/lib/queries";
@@ -226,6 +229,8 @@ export default function Page() {
orgQueries.sites({ orgId: orgId as string }) orgQueries.sites({ orgId: orgId as string })
); );
const { isPaidUser } = usePaidStatus();
const [remoteExitNodes, setRemoteExitNodes] = useState< const [remoteExitNodes, setRemoteExitNodes] = useState<
ListRemoteExitNodesResponse["remoteExitNodes"] ListRemoteExitNodesResponse["remoteExitNodes"]
>([]); >([]);
@@ -238,6 +243,14 @@ export default function Page() {
// Resource type state // Resource type state
const [resourceType, setResourceType] = useState<NewResourceType>("http"); const [resourceType, setResourceType] = useState<NewResourceType>("http");
const isBrowserGatewayType =
resourceType === "ssh" ||
resourceType === "rdp" ||
resourceType === "vnc";
const browserGatewayDisabled =
isBrowserGatewayType &&
!isPaidUser(tierMatrix[TierFeature.AdvancedPublicResources]);
// Target management state (managed by ProxyResourceTargetsForm; mirrored here for onSubmit) // Target management state (managed by ProxyResourceTargetsForm; mirrored here for onSubmit)
const [targets, setTargets] = useState<LocalTarget[]>([]); const [targets, setTargets] = useState<LocalTarget[]>([]);
@@ -870,6 +883,14 @@ export default function Page() {
{/* SSH Server Section */} {/* SSH Server Section */}
{resourceType === "ssh" && ( {resourceType === "ssh" && (
<SettingsSection> <SettingsSection>
<PaidFeaturesAlert
tiers={
tierMatrix[
TierFeature
.AdvancedPublicResources
]
}
/>
<SettingsSectionHeader> <SettingsSectionHeader>
<SettingsSectionTitle> <SettingsSectionTitle>
{t("sshServer")} {t("sshServer")}
@@ -878,6 +899,14 @@ export default function Page() {
{t("sshServerDescription")} {t("sshServerDescription")}
</SettingsSectionDescription> </SettingsSectionDescription>
</SettingsSectionHeader> </SettingsSectionHeader>
<fieldset
disabled={browserGatewayDisabled}
className={
browserGatewayDisabled
? "opacity-50 pointer-events-none"
: ""
}
>
<SettingsSectionBody> <SettingsSectionBody>
<SettingsSectionForm variant="half"> <SettingsSectionForm variant="half">
{/* Mode */} {/* Mode */}
@@ -1098,12 +1127,21 @@ export default function Page() {
</div> </div>
</SettingsSectionForm> </SettingsSectionForm>
</SettingsSectionBody> </SettingsSectionBody>
</fieldset>
</SettingsSection> </SettingsSection>
)} )}
{/* RDP Server Section */} {/* RDP Server Section */}
{resourceType === "rdp" && ( {resourceType === "rdp" && (
<SettingsSection> <SettingsSection>
<PaidFeaturesAlert
tiers={
tierMatrix[
TierFeature
.AdvancedPublicResources
]
}
/>
<SettingsSectionHeader> <SettingsSectionHeader>
<SettingsSectionTitle> <SettingsSectionTitle>
{t("rdpServer")} {t("rdpServer")}
@@ -1112,6 +1150,14 @@ export default function Page() {
{t("rdpServerDescription")} {t("rdpServerDescription")}
</SettingsSectionDescription> </SettingsSectionDescription>
</SettingsSectionHeader> </SettingsSectionHeader>
<fieldset
disabled={browserGatewayDisabled}
className={
browserGatewayDisabled
? "opacity-50 pointer-events-none"
: ""
}
>
<SettingsSectionBody> <SettingsSectionBody>
<SettingsSectionForm variant="half"> <SettingsSectionForm variant="half">
<BrowserGatewayTargetForm <BrowserGatewayTargetForm
@@ -1136,12 +1182,21 @@ export default function Page() {
/> />
</SettingsSectionForm> </SettingsSectionForm>
</SettingsSectionBody> </SettingsSectionBody>
</fieldset>
</SettingsSection> </SettingsSection>
)} )}
{/* VNC Server Section */} {/* VNC Server Section */}
{resourceType === "vnc" && ( {resourceType === "vnc" && (
<SettingsSection> <SettingsSection>
<PaidFeaturesAlert
tiers={
tierMatrix[
TierFeature
.AdvancedPublicResources
]
}
/>
<SettingsSectionHeader> <SettingsSectionHeader>
<SettingsSectionTitle> <SettingsSectionTitle>
{t("vncServer")} {t("vncServer")}
@@ -1150,6 +1205,14 @@ export default function Page() {
{t("vncServerDescription")} {t("vncServerDescription")}
</SettingsSectionDescription> </SettingsSectionDescription>
</SettingsSectionHeader> </SettingsSectionHeader>
<fieldset
disabled={browserGatewayDisabled}
className={
browserGatewayDisabled
? "opacity-50 pointer-events-none"
: ""
}
>
<SettingsSectionBody> <SettingsSectionBody>
<SettingsSectionForm variant="half"> <SettingsSectionForm variant="half">
<BrowserGatewayTargetForm <BrowserGatewayTargetForm
@@ -1174,6 +1237,7 @@ export default function Page() {
/> />
</SettingsSectionForm> </SettingsSectionForm>
</SettingsSectionBody> </SettingsSectionBody>
</fieldset>
</SettingsSection> </SettingsSection>
)} )}
@@ -1225,7 +1289,7 @@ export default function Page() {
} }
}} }}
loading={createLoading} loading={createLoading}
disabled={!areAllTargetsValid()} disabled={!areAllTargetsValid() || browserGatewayDisabled}
> >
{t("resourceCreate")} {t("resourceCreate")}
</Button> </Button>

14
src/components/CreateRoleForm.tsx
View File

@@ -16,10 +16,7 @@ import { useOrgContext } from "@app/hooks/useOrgContext";
import { usePaidStatus } from "@app/hooks/usePaidStatus"; import { usePaidStatus } from "@app/hooks/usePaidStatus";
import { toast } from "@app/hooks/useToast"; import { toast } from "@app/hooks/useToast";
import { createApiClient, formatAxiosError } from "@app/lib/api"; import { createApiClient, formatAxiosError } from "@app/lib/api";
import type { import type { CreateRoleBody, CreateRoleResponse } from "@server/routers/role";
CreateRoleBody,
CreateRoleResponse
} from "@server/routers/role";
import { AxiosResponse } from "axios"; import { AxiosResponse } from "axios";
import { useTranslations } from "next-intl"; import { useTranslations } from "next-intl";
import { useTransition } from "react"; import { useTransition } from "react";
@@ -50,7 +47,7 @@ export default function CreateRoleForm({
requireDeviceApproval: values.requireDeviceApproval, requireDeviceApproval: values.requireDeviceApproval,
allowSsh: values.allowSsh allowSsh: values.allowSsh
}; };
if (isPaidUser(tierMatrix.sshPam)) { if (isPaidUser(tierMatrix.advancedPrivateResources)) {
payload.sshSudoMode = values.sshSudoMode; payload.sshSudoMode = values.sshSudoMode;
payload.sshCreateHomeDir = values.sshCreateHomeDir; payload.sshCreateHomeDir = values.sshCreateHomeDir;
payload.sshSudoCommands = payload.sshSudoCommands =
@@ -69,10 +66,9 @@ export default function CreateRoleForm({
} }
} }
const res = await api const res = await api
.put<AxiosResponse<CreateRoleResponse>>( .put<
`/org/${org?.org.orgId}/role`, AxiosResponse<CreateRoleResponse>
payload >(`/org/${org?.org.orgId}/role`, payload)
)
.catch((e) => { .catch((e) => {
toast({ toast({
variant: "destructive", variant: "destructive",

14
src/components/EditRoleForm.tsx
View File

@@ -16,10 +16,7 @@ import { usePaidStatus } from "@app/hooks/usePaidStatus";
import { toast } from "@app/hooks/useToast"; import { toast } from "@app/hooks/useToast";
import { createApiClient, formatAxiosError } from "@app/lib/api"; import { createApiClient, formatAxiosError } from "@app/lib/api";
import type { Role } from "@server/db"; import type { Role } from "@server/db";
import type { import type { UpdateRoleBody, UpdateRoleResponse } from "@server/routers/role";
UpdateRoleBody,
UpdateRoleResponse
} from "@server/routers/role";
import { AxiosResponse } from "axios"; import { AxiosResponse } from "axios";
import { useTranslations } from "next-intl"; import { useTranslations } from "next-intl";
import { useTransition } from "react"; import { useTransition } from "react";
@@ -53,7 +50,7 @@ export default function EditRoleForm({
payload.name = values.name; payload.name = values.name;
payload.description = values.description || undefined; payload.description = values.description || undefined;
} }
if (isPaidUser(tierMatrix.sshPam)) { if (isPaidUser(tierMatrix.advancedPrivateResources)) {
payload.sshSudoMode = values.sshSudoMode; payload.sshSudoMode = values.sshSudoMode;
payload.sshCreateHomeDir = values.sshCreateHomeDir; payload.sshCreateHomeDir = values.sshCreateHomeDir;
payload.sshSudoCommands = payload.sshSudoCommands =
@@ -72,10 +69,9 @@ export default function EditRoleForm({
} }
} }
const res = await api const res = await api
.post<AxiosResponse<UpdateRoleResponse>>( .post<
`/role/${role.roleId}`, AxiosResponse<UpdateRoleResponse>
payload >(`/role/${role.roleId}`, payload)
)
.catch((e) => { .catch((e) => {
toast({ toast({
variant: "destructive", variant: "destructive",

43
src/components/PrivateResourceForm.tsx
View File

@@ -224,8 +224,10 @@ export function PrivateResourceForm({
const { env } = useEnvContext(); const { env } = useEnvContext();
const { isPaidUser } = usePaidStatus(); const { isPaidUser } = usePaidStatus();
const disableEnterpriseFeatures = env.flags.disableEnterpriseFeatures; const disableEnterpriseFeatures = env.flags.disableEnterpriseFeatures;
const sshSectionDisabled = !isPaidUser(tierMatrix.sshPam); const sshSectionDisabled = !isPaidUser(tierMatrix.advancedPrivateResources);
const httpSectionDisabled = !isPaidUser(tierMatrix.httpPrivateResources); const httpSectionDisabled = !isPaidUser(
tierMatrix.advancedPrivateResources
);
const nameRequiredKey = const nameRequiredKey =
variant === "create" variant === "create"
@@ -594,6 +596,7 @@ export function PrivateResourceForm({
const httpConfigDomainId = form.watch("httpConfigDomainId"); const httpConfigDomainId = form.watch("httpConfigDomainId");
const httpConfigFullDomain = form.watch("httpConfigFullDomain"); const httpConfigFullDomain = form.watch("httpConfigFullDomain");
const isHttpMode = mode === "http"; const isHttpMode = mode === "http";
const isSshMode = mode === "ssh";
const authDaemonMode = form.watch("authDaemonMode") ?? "site"; const authDaemonMode = form.watch("authDaemonMode") ?? "site";
const pamMode = form.watch("pamMode") ?? "passthrough"; const pamMode = form.watch("pamMode") ?? "passthrough";
const isNative = sshServerMode === "native"; const isNative = sshServerMode === "native";
@@ -739,8 +742,17 @@ export function PrivateResourceForm({
]); ]);
useEffect(() => { useEffect(() => {
onSubmitDisabledChange?.(isHttpMode && httpSectionDisabled); onSubmitDisabledChange?.(
}, [isHttpMode, httpSectionDisabled, onSubmitDisabledChange]); (isHttpMode && httpSectionDisabled) ||
(isSshMode && sshSectionDisabled)
);
}, [
isHttpMode,
httpSectionDisabled,
isSshMode,
sshSectionDisabled,
onSubmitDisabledChange
]);
return ( return (
<Form {...form}> <Form {...form}>
@@ -1129,8 +1141,10 @@ export function PrivateResourceForm({
"" ""
} }
disabled={ disabled={
isHttpMode && (isHttpMode &&
httpSectionDisabled httpSectionDisabled) ||
(isSshMode &&
sshSectionDisabled)
} }
onChange={(e) => onChange={(e) =>
field.onChange( field.onChange(
@@ -1169,6 +1183,10 @@ export function PrivateResourceForm({
field.value ?? field.value ??
"" ""
} }
disabled={
isSshMode &&
sshSectionDisabled
}
/> />
</FormControl> </FormControl>
<FormMessage /> <FormMessage />
@@ -1202,7 +1220,10 @@ export function PrivateResourceForm({
"" ""
} }
disabled={ disabled={
httpSectionDisabled (isHttpMode &&
httpSectionDisabled) ||
(isSshMode &&
sshSectionDisabled)
} }
onChange={(e) => { onChange={(e) => {
const raw = const raw =
@@ -1237,9 +1258,9 @@ export function PrivateResourceForm({
</div> </div>
</div> </div>
{isHttpMode && ( {(isHttpMode || isSshMode) && (
<PaidFeaturesAlert <PaidFeaturesAlert
tiers={tierMatrix.httpPrivateResources} tiers={tierMatrix.advancedPrivateResources}
/> />
)} )}
@@ -1773,7 +1794,9 @@ export function PrivateResourceForm({
{/* SSH Access tab (ssh mode only) */} {/* SSH Access tab (ssh mode only) */}
{!disableEnterpriseFeatures && mode === "ssh" && ( {!disableEnterpriseFeatures && mode === "ssh" && (
<div className="space-y-4 mt-4 p-1"> <div className="space-y-4 mt-4 p-1">
<PaidFeaturesAlert tiers={tierMatrix.sshPam} /> <PaidFeaturesAlert
tiers={tierMatrix.advancedPrivateResources}
/>
{/* Mode */} {/* Mode */}
<div className="space-y-3"> <div className="space-y-3">

6
src/components/RoleForm.tsx
View File

@@ -164,7 +164,7 @@ export function RoleForm({
} }
}, [variant, role, form]); }, [variant, role, form]);
const sshDisabled = !isPaidUser(tierMatrix.sshPam); const sshDisabled = !isPaidUser(tierMatrix.advancedPrivateResources);
const sshSudoMode = form.watch("sshSudoMode"); const sshSudoMode = form.watch("sshSudoMode");
const isAdminRole = variant === "edit" && role?.isAdmin === true; const isAdminRole = variant === "edit" && role?.isAdmin === true;
@@ -319,7 +319,9 @@ export function RoleForm({
{/* SSH tab - hidden when enterprise features are disabled */} {/* SSH tab - hidden when enterprise features are disabled */}
{!env.flags.disableEnterpriseFeatures && ( {!env.flags.disableEnterpriseFeatures && (
<div className="space-y-4 mt-4"> <div className="space-y-4 mt-4">
<PaidFeaturesAlert tiers={tierMatrix.sshPam} /> <PaidFeaturesAlert
tiers={tierMatrix.advancedPrivateResources}
/>
<FormField <FormField
control={form.control} control={form.control}
name="allowSsh" name="allowSsh"