Add remote subnets back based on resources

server/db/sqlite/schema/schema.ts

@@ -93,8 +93,7 @@ export const sites = sqliteTable("sites", {
     listenPort: integer("listenPort"),
     dockerSocketEnabled: integer("dockerSocketEnabled", { mode: "boolean" })
         .notNull()
-        .default(true),
-    remoteSubnets: text("remoteSubnets") // comma-separated list of subnets that this site can access
+        .default(true)
 });
 
 export const resources = sqliteTable("resources", {
@@ -359,7 +358,7 @@ export const clients = sqliteTable("clients", {
     type: text("type").notNull(), // "olm"
     online: integer("online", { mode: "boolean" }).notNull().default(false),
     // endpoint: text("endpoint"),
-    lastHolePunch: integer("lastHolePunch"),
+    lastHolePunch: integer("lastHolePunch")
 });
 
 export const clientSites = sqliteTable("clientSites", {

server/lib/rebuildSiteClientAssociations.ts

@@ -10,6 +10,7 @@ import {
     roleSiteResources,
     Site,
     SiteResource,
+    siteResources,
     sites,
     Transaction,
     userOrgs,
@@ -324,6 +325,20 @@ async function handleMessagesForSiteClients(
                 )
             );
 
+            // TODO: should we have this here?
+            const allSiteResources = await trx
+                .select()
+                .from(siteResources)
+                .where(eq(siteResources.siteId, site.siteId));
+
+            let remoteSubnets = allSiteResources
+                .filter((sr) => sr.mode == "cidr")
+                .map((sr) => sr.destination);
+            // remove duplicates
+            remoteSubnets = Array.from(new Set(remoteSubnets));
+            const remoteSubnetsStr =
+                remoteSubnets.length > 0 ? remoteSubnets.join(",") : null;
+
             olmJobs.push(
                 olmAddPeer(
                     client.clientId,
@@ -336,7 +351,7 @@ async function handleMessagesForSiteClients(
                         publicKey: site.publicKey,
                         serverIP: site.address,
                         serverPort: site.listenPort,
-                        remoteSubnets: site.remoteSubnets
+                        remoteSubnets: remoteSubnetsStr
                     },
                     olm.olmId
                 )

server/routers/newt/handleGetConfigMessage.ts

@@ -66,7 +66,9 @@ export const handleGetConfigMessage: MessageHandler = async (context) => {
 
     // we need to wait for hole punch success
     if (!existingSite.endpoint) {
-        logger.debug(`In newt get config: existing site ${existingSite.siteId} has no endpoint, skipping`);
+        logger.debug(
+            `In newt get config: existing site ${existingSite.siteId} has no endpoint, skipping`
+        );
         return;
     }
 
@@ -181,13 +183,28 @@ export const handleGetConfigMessage: MessageHandler = async (context) => {
                         return null;
                     }
 
+                    const allSiteResources = await db
+                        .select()
+                        .from(siteResources)
+                        .where(eq(siteResources.siteId, site.siteId));
+
+                    let remoteSubnets = allSiteResources
+                        .filter((sr) => sr.mode == "cidr")
+                        .map((sr) => sr.destination);
+                    // remove duplicates
+                    remoteSubnets = Array.from(new Set(remoteSubnets));
+                    const remoteSubnetsStr =
+                        remoteSubnets.length > 0
+                            ? remoteSubnets.join(",")
+                            : null;
+
                     await updatePeer(client.clients.clientId, {
                         siteId: site.siteId,
                         endpoint: endpoint,
                         publicKey: site.publicKey,
                         serverIP: site.address,
                         serverPort: site.listenPort,
-                        remoteSubnets: site.remoteSubnets
+                        remoteSubnets: remoteSubnetsStr
                     });
                 } catch (error) {
                     logger.error(
@@ -222,7 +239,12 @@ export const handleGetConfigMessage: MessageHandler = async (context) => {
             }
 
             // Filter out invalid targets
-            if (!resource.proxyPort || !resource.destination || !resource.destinationPort || !resource.protocol) {
+            if (
+                !resource.proxyPort ||
+                !resource.destination ||
+                !resource.destinationPort ||
+                !resource.protocol
+            ) {
                 return acc;
             }
 

server/routers/olm/handleOlmRegisterMessage.ts

@@ -5,6 +5,7 @@ import {
     orgs,
     roleClients,
     roles,
+    siteResources,
     Transaction,
     userClients,
     userOrgs,
@@ -231,6 +232,16 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => {
             )
             .limit(1);
 
+        const allSiteResources = await db
+            .select()
+            .from(siteResources)
+            .where(eq(siteResources.siteId, site.siteId));
+
+        let remoteSubnets = allSiteResources.filter((sr => sr.mode == "cidr")).map(sr => sr.destination);
+        // remove duplicates
+        remoteSubnets = Array.from(new Set(remoteSubnets));
+        const remoteSubnetsStr = remoteSubnets.length > 0 ? remoteSubnets.join(",") : null;
+
         // Add the peer to the exit node for this site
         if (clientSite.endpoint) {
             logger.info(
@@ -268,7 +279,7 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => {
             publicKey: site.publicKey,
             serverIP: site.address,
             serverPort: site.listenPort,
-            remoteSubnets: site.remoteSubnets
+            remoteSubnets: remoteSubnetsStr
         });
     }