From f98b4baa730fe94b68eef253e0bf7577846c69a7 Mon Sep 17 00:00:00 2001 From: Owen Date: Sat, 8 Nov 2025 12:17:33 -0800 Subject: [PATCH] Add remote subnets back based on resources --- server/db/sqlite/schema/schema.ts | 5 ++-- server/lib/rebuildSiteClientAssociations.ts | 17 ++++++++++- server/routers/newt/handleGetConfigMessage.ts | 28 +++++++++++++++++-- .../routers/olm/handleOlmRegisterMessage.ts | 13 ++++++++- 4 files changed, 55 insertions(+), 8 deletions(-) diff --git a/server/db/sqlite/schema/schema.ts b/server/db/sqlite/schema/schema.ts index 1c8a99ee..21929026 100644 --- a/server/db/sqlite/schema/schema.ts +++ b/server/db/sqlite/schema/schema.ts @@ -93,8 +93,7 @@ export const sites = sqliteTable("sites", { listenPort: integer("listenPort"), dockerSocketEnabled: integer("dockerSocketEnabled", { mode: "boolean" }) .notNull() - .default(true), - remoteSubnets: text("remoteSubnets") // comma-separated list of subnets that this site can access + .default(true) }); export const resources = sqliteTable("resources", { @@ -359,7 +358,7 @@ export const clients = sqliteTable("clients", { type: text("type").notNull(), // "olm" online: integer("online", { mode: "boolean" }).notNull().default(false), // endpoint: text("endpoint"), - lastHolePunch: integer("lastHolePunch"), + lastHolePunch: integer("lastHolePunch") }); export const clientSites = sqliteTable("clientSites", { diff --git a/server/lib/rebuildSiteClientAssociations.ts b/server/lib/rebuildSiteClientAssociations.ts index ea882d89..2b98c68d 100644 --- a/server/lib/rebuildSiteClientAssociations.ts +++ b/server/lib/rebuildSiteClientAssociations.ts @@ -10,6 +10,7 @@ import { roleSiteResources, Site, SiteResource, + siteResources, sites, Transaction, userOrgs, @@ -324,6 +325,20 @@ async function handleMessagesForSiteClients( ) ); + // TODO: should we have this here? + const allSiteResources = await trx + .select() + .from(siteResources) + .where(eq(siteResources.siteId, site.siteId)); + + let remoteSubnets = allSiteResources + .filter((sr) => sr.mode == "cidr") + .map((sr) => sr.destination); + // remove duplicates + remoteSubnets = Array.from(new Set(remoteSubnets)); + const remoteSubnetsStr = + remoteSubnets.length > 0 ? remoteSubnets.join(",") : null; + olmJobs.push( olmAddPeer( client.clientId, @@ -336,7 +351,7 @@ async function handleMessagesForSiteClients( publicKey: site.publicKey, serverIP: site.address, serverPort: site.listenPort, - remoteSubnets: site.remoteSubnets + remoteSubnets: remoteSubnetsStr }, olm.olmId ) diff --git a/server/routers/newt/handleGetConfigMessage.ts b/server/routers/newt/handleGetConfigMessage.ts index 6766bea1..3c135210 100644 --- a/server/routers/newt/handleGetConfigMessage.ts +++ b/server/routers/newt/handleGetConfigMessage.ts @@ -66,7 +66,9 @@ export const handleGetConfigMessage: MessageHandler = async (context) => { // we need to wait for hole punch success if (!existingSite.endpoint) { - logger.debug(`In newt get config: existing site ${existingSite.siteId} has no endpoint, skipping`); + logger.debug( + `In newt get config: existing site ${existingSite.siteId} has no endpoint, skipping` + ); return; } @@ -181,13 +183,28 @@ export const handleGetConfigMessage: MessageHandler = async (context) => { return null; } + const allSiteResources = await db + .select() + .from(siteResources) + .where(eq(siteResources.siteId, site.siteId)); + + let remoteSubnets = allSiteResources + .filter((sr) => sr.mode == "cidr") + .map((sr) => sr.destination); + // remove duplicates + remoteSubnets = Array.from(new Set(remoteSubnets)); + const remoteSubnetsStr = + remoteSubnets.length > 0 + ? remoteSubnets.join(",") + : null; + await updatePeer(client.clients.clientId, { siteId: site.siteId, endpoint: endpoint, publicKey: site.publicKey, serverIP: site.address, serverPort: site.listenPort, - remoteSubnets: site.remoteSubnets + remoteSubnets: remoteSubnetsStr }); } catch (error) { logger.error( @@ -222,7 +239,12 @@ export const handleGetConfigMessage: MessageHandler = async (context) => { } // Filter out invalid targets - if (!resource.proxyPort || !resource.destination || !resource.destinationPort || !resource.protocol) { + if ( + !resource.proxyPort || + !resource.destination || + !resource.destinationPort || + !resource.protocol + ) { return acc; } diff --git a/server/routers/olm/handleOlmRegisterMessage.ts b/server/routers/olm/handleOlmRegisterMessage.ts index b2375dd0..d3fa6a58 100644 --- a/server/routers/olm/handleOlmRegisterMessage.ts +++ b/server/routers/olm/handleOlmRegisterMessage.ts @@ -5,6 +5,7 @@ import { orgs, roleClients, roles, + siteResources, Transaction, userClients, userOrgs, @@ -231,6 +232,16 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => { ) .limit(1); + const allSiteResources = await db + .select() + .from(siteResources) + .where(eq(siteResources.siteId, site.siteId)); + + let remoteSubnets = allSiteResources.filter((sr => sr.mode == "cidr")).map(sr => sr.destination); + // remove duplicates + remoteSubnets = Array.from(new Set(remoteSubnets)); + const remoteSubnetsStr = remoteSubnets.length > 0 ? remoteSubnets.join(",") : null; + // Add the peer to the exit node for this site if (clientSite.endpoint) { logger.info( @@ -268,7 +279,7 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => { publicKey: site.publicKey, serverIP: site.address, serverPort: site.listenPort, - remoteSubnets: site.remoteSubnets + remoteSubnets: remoteSubnetsStr }); }