Compare commits
1474 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 813a3f07dc | |||
| 417438c209 | |||
| beaa5735ce | |||
| 83de8576bf | |||
| e9d424eb80 | |||
| 8cceed91cf | |||
| 633159fb77 | |||
| 4c8bd4db0a | |||
| d742300e82 | |||
| a521db91a2 | |||
| d4549f1c33 | |||
| 71da22328c | |||
| 0b5b732a48 | |||
| a82bae8f93 | |||
| e59176149b | |||
| 2c3151da9b | |||
| f60b8795ad | |||
| 4054976388 | |||
| 390c822bb4 | |||
| 2bfc1901a6 | |||
| 5da186b528 | |||
| 600a96c13b | |||
| e4e0da3723 | |||
| 4087d7fb6b | |||
| 9edb86fd73 | |||
| 440ebfe08e | |||
| b399d2a291 | |||
| 811119a9a6 | |||
| b53f80d317 | |||
| 1b1fba60f1 | |||
| a89509c8bd | |||
| f0546eb622 | |||
| 12f9ac94fd | |||
| 1717a99cee | |||
| b93d26f09f | |||
| fc54ad49b5 | |||
| f87e136f6b | |||
| 1bf3d2cdd6 | |||
| 5fc5a3ebca | |||
| e40f325703 | |||
| 8f377a4fb2 | |||
| 3699f8f9cb | |||
| 5a2388a1e6 | |||
| 86e6ebc8af | |||
| 005f050a81 | |||
| c82678852e | |||
| 2e3ab10f5e | |||
| 4985ed02d3 | |||
| a2fea7f714 | |||
| ddba2aff21 | |||
| da9e668fb8 | |||
| 9c2d14d8c6 | |||
| c383e74df4 | |||
| 40101f8bb0 | |||
| b20ed9efa9 | |||
| 56266e3b62 | |||
| 47eff8c948 | |||
| 15f36096ef | |||
| 064252586d | |||
| 6181d46a1e | |||
| 9747731668 | |||
| 2a478eef6f | |||
| 4ab101f8a9 | |||
| e35878ee55 | |||
| 807613f28c | |||
| 663244fa3a | |||
| bcc128aeb6 | |||
| ba33cb9895 | |||
| 69e7fedcfc | |||
| 023110b341 | |||
| 7fb95e1726 | |||
| db0a7cc1ce | |||
| 61fc2e5ea7 | |||
| 0871a211ec | |||
| 5a1d5cb66e | |||
| 5a7ca5b542 | |||
| 87e1a509ce | |||
| 75f481bc3d | |||
| 97cdb2eb5a | |||
| 297fd2caf3 | |||
| 22dd4220fe | |||
| 108cb6216c | |||
| e3ef592778 | |||
| 3c37e10638 | |||
| 561f75b6b1 | |||
| e98bcb83ac | |||
| 80284863bb | |||
| bc759c5c9e | |||
| f4854a3a74 | |||
| 376dd465b3 | |||
| 296439fd67 | |||
| 31f675f38c | |||
| 9f68be2a9b | |||
| fed4ec42c4 | |||
| f0efa4203b | |||
| cfbbdedaf5 | |||
| 686789ee4c | |||
| 3fda190ff6 | |||
| 0033f40f4d | |||
| af95052706 | |||
| 9bb2d6cdc8 | |||
| 29563a13a4 | |||
| b41c1f5b27 | |||
| e5652cdb8a | |||
| 7c2ea153c5 | |||
| ccabddc225 | |||
| 42d98fa83b | |||
| 2f2b7f43c1 | |||
| 528bbeca26 | |||
| d60c15b0ae | |||
| ff89a64453 | |||
| 4718c489d3 | |||
| d5d99a4804 | |||
| 9c18936be7 | |||
| cf07cceb5d | |||
| faee9e6330 | |||
| 31725eb3cc | |||
| 04d4e298e8 | |||
| c9cc9581b1 | |||
| eac7c67dcc | |||
| 633d9031af | |||
| 05dc558c4a | |||
| 7506c0420d | |||
| 5572822c4a | |||
| ea3f1c341b | |||
| 35dffe71cb | |||
| 5428bf4ed0 | |||
| 9a89579e08 | |||
| 784588cebc | |||
| 2e628fe0e4 | |||
| 7590e8d8a1 | |||
| 053ff1e799 | |||
| c5ffca499e | |||
| 9ae54f445d | |||
| 8183d19400 | |||
| 7425daad3f | |||
| 39d61a35eb | |||
| f3fe11c136 | |||
| 66b1b385a3 | |||
| 822a07d48e | |||
| 3c13b1ea15 | |||
| fee635b861 | |||
| 7e4dea918a | |||
| 56187d61d5 | |||
| 36460d4cc0 | |||
| 88a9b92dc3 | |||
| dd26518d6f | |||
| 60339706bb | |||
| 4b1b3d3d5b | |||
| cf21bacd9c | |||
| 80d257b94b | |||
| e0d0c5dcbf | |||
| 0f02d1bc02 | |||
| f8591f27c5 | |||
| 877985deb3 | |||
| be3877a3ce | |||
| 79de64dc07 | |||
| d0defa380a | |||
| 4eba51de72 | |||
| a48032adb3 | |||
| 6fe4eee336 | |||
| 242123b875 | |||
| 2b38658ea6 | |||
| b18a41e4aa | |||
| d303fa05cb | |||
| 75b87ffba7 | |||
| 62fc2edae9 | |||
| 80b66cf9b9 | |||
| 034bcbd271 | |||
| bc63747efe | |||
| bb7729df00 | |||
| 2a8ceeec1b | |||
| 91ef0d0153 | |||
| e104489257 | |||
| b8101402cd | |||
| 7731849a2f | |||
| c11d24e10a | |||
| a9b7cce49b | |||
| d78223b94f | |||
| 963e9da7dd | |||
| 2cbc88fa05 | |||
| 65bad456cb | |||
| f48a4f7bc0 | |||
| ce3c2f7583 | |||
| 51c357e6c7 | |||
| 7ae29612d4 | |||
| da794adb7d | |||
| 8004ae6870 | |||
| 1bff7bbc2f | |||
| 50db5695fc | |||
| babd90ae71 | |||
| f7050ef989 | |||
| b2778a2c49 | |||
| 096940a152 | |||
| 73eb07de71 | |||
| 74ef844e27 | |||
| c58968536d | |||
| 228efacfe0 | |||
| 1262030abb | |||
| b07fe6d18b | |||
| 63c3ee623b | |||
| 18ec6c8d92 | |||
| d8acccbde4 | |||
| 37eaf34e4d | |||
| cfb63f9742 | |||
| c76b4555e1 | |||
| c25bfbad27 | |||
| 44782f8963 | |||
| e6f7cd6da9 | |||
| 19faa3a29c | |||
| c284dc2e83 | |||
| 1b634955d8 | |||
| be888c3fc1 | |||
| 3f2bb42221 | |||
| 5dc3ae4c7f | |||
| ffb6c64de0 | |||
| 2cbc6fb128 | |||
| 75084028d7 | |||
| f44a7c55dd | |||
| 72fa1d6a14 | |||
| c3820a4e70 | |||
| 6b56c00782 | |||
| 60c1b572ba | |||
| 604dee9aa5 | |||
| ee42846c90 | |||
| 22ac711dc6 | |||
| d09668b20b | |||
| 16abe98fd9 | |||
| d240201361 | |||
| b7081aff11 | |||
| a55fb21e53 | |||
| e5e7b79712 | |||
| de48a0529e | |||
| 3f37408dae | |||
| a2882857ff | |||
| 476d92b3ac | |||
| bf604f25e9 | |||
| 34a0d2a68b | |||
| 62c7e0a13e | |||
| 753358a17d | |||
| c859393418 | |||
| d747b45f0b | |||
| a24091257a | |||
| 1c60041390 | |||
| 95c3f74a33 | |||
| 16c0f4eef4 | |||
| a08c6d70fe | |||
| a6568692b7 | |||
| a1196d3da6 | |||
| 70bc4c0b30 | |||
| a0fef89031 | |||
| ea1badf4e0 | |||
| f15654ed11 | |||
| 4435a669a6 | |||
| 0b41fe3d49 | |||
| 90eceb457a | |||
| f39cbc9bf4 | |||
| 50da863bb7 | |||
| c6ddd5c402 | |||
| 0fb5ace9c7 | |||
| cedccd8cdb | |||
| b9db0a4490 | |||
| 39f40e5160 | |||
| 3fd5c98def | |||
| 5a8a48f9bf | |||
| 471ae98204 | |||
| d985bfd3a6 | |||
| aab51a999c | |||
| ae4f5aa58d | |||
| 70d5f55437 | |||
| 08df4b93aa | |||
| 61f0bc95c7 | |||
| 5b0f79a8bc | |||
| 86ff272095 | |||
| ef0575cc36 | |||
| 30a6889ba8 | |||
| ce43e717d5 | |||
| 1f0361e687 | |||
| 07ae57ea72 | |||
| fc982232d6 | |||
| afaf5f976e | |||
| a8ca28acb2 | |||
| b136bd2246 | |||
| d9952b0762 | |||
| 935593885a | |||
| 3fcfd3304f | |||
| 6e271028f3 | |||
| 820f66e58f | |||
| b0fdc10e06 | |||
| b82b41ed26 | |||
| 3e977ba00d | |||
| a724b07846 | |||
| 5f0bc71bcd | |||
| aea7827c1a | |||
| 7a275c86c2 | |||
| 4b703b5c11 | |||
| d865c4c55b | |||
| 5baf0c3c09 | |||
| 1b6e9e8cfe | |||
| cfe33eb974 | |||
| 71273e1b1c | |||
| 02f6e2a8c3 | |||
| 3cc244a1d3 | |||
| 1d9c4dd9e2 | |||
| b9dd0c8e43 | |||
| cd052976eb | |||
| cc498f0e33 | |||
| 1a942937e6 | |||
| d81d1a6b7f | |||
| f64d04e827 | |||
| 540aee3fe2 | |||
| 10542d7282 | |||
| b1d52ad1a3 | |||
| ce2fbef805 | |||
| e312b31e02 | |||
| bc156c715d | |||
| 9a4c1f23c6 | |||
| fe55956079 | |||
| 4cd0b9a0bb | |||
| ab4d567af9 | |||
| 6921447fab | |||
| d47449b082 | |||
| 665806dfe8 | |||
| e248571268 | |||
| fcf03854ff | |||
| dd1fba4e45 | |||
| a1ab8d8f35 | |||
| c789e967db | |||
| d870b9ff49 | |||
| 9c09019ddb | |||
| 9d88683fc5 | |||
| dd2c9f2a02 | |||
| bdb38db5bc | |||
| 96a54fc9cc | |||
| 3a485f74f1 | |||
| 92b0340324 | |||
| 9257ac01c7 | |||
| 4d1d0d9fcb | |||
| f186e7e99e | |||
| 1aa6e3511f | |||
| fb6f5b3953 | |||
| c85a7f6ac5 | |||
| dd54be523f | |||
| d57f064d4c | |||
| 34799b7de2 | |||
| 20a66bba6f | |||
| cdb43d9658 | |||
| 6581ccafa3 | |||
| a3a45b4239 | |||
| d6634b6e8a | |||
| 1089cfbacc | |||
| 1907a3c93b | |||
| 38203e522b | |||
| 407ba567a0 | |||
| f28571629f | |||
| 5a575c916b | |||
| 9a7e534b10 | |||
| 42974d1739 | |||
| 780e8babe4 | |||
| 2c7b8006cf | |||
| 35066c1388 | |||
| 135a5d38af | |||
| 1b7c1ffa70 | |||
| 641f643d2d | |||
| b4ecfceb5e | |||
| 08a84d4bb1 | |||
| 4dbad7ab24 | |||
| 859c0c9477 | |||
| d294bf8534 | |||
| 3c8fea382f | |||
| b81bfcfcee | |||
| 56c415ca05 | |||
| 74fdcceace | |||
| 7dec8ba998 | |||
| c9dc6affe7 | |||
| 8fe45ba78c | |||
| 934886caea | |||
| fae258b145 | |||
| 9f224f655f | |||
| aea7df7dc2 | |||
| 3b675f7de1 | |||
| 8daf7c2872 | |||
| c394490473 | |||
| 92d611df9a | |||
| 3b6b78b3e1 | |||
| aa47f522ef | |||
| 8658198a93 | |||
| 4b770d1385 | |||
| cd4d7372a0 | |||
| dc8243cb51 | |||
| 7b1f8d98f3 | |||
| dd8bcbb3e3 | |||
| d1af7a153f | |||
| 13efa47db7 | |||
| 69bd61c308 | |||
| 7b7ff51289 | |||
| 772ac8af73 | |||
| 8ee520dbb5 | |||
| 8e5d9e94a9 | |||
| c9cb28af45 | |||
| a994f8ff07 | |||
| ea8eaf9736 | |||
| b78db3daef | |||
| 7cf3f8df92 | |||
| f2b5cff3f9 | |||
| 6de9ab8f05 | |||
| ad0e800d8d | |||
| 13b691fd7d | |||
| 65470fb64b | |||
| f23142336b | |||
| 2da4987cd3 | |||
| 253ba554a2 | |||
| 95ce91d94b | |||
| a4548fd874 | |||
| eb03fb7060 | |||
| add9b8dfb0 | |||
| 2adb7b64cb | |||
| 84fef5f1d6 | |||
| def1e9c851 | |||
| 67b08ca61e | |||
| 614df75880 | |||
| 676cf37ee2 | |||
| 6b96e3dce6 | |||
| b67037e2ea | |||
| 5a5b77cf62 | |||
| d2793dfad7 | |||
| ff507f1275 | |||
| 6b04bcb383 | |||
| b2f1115ef8 | |||
| 567ef23ac4 | |||
| 6affebc666 | |||
| 889f78ddb8 | |||
| 9d3f96cf83 | |||
| e5d0673bbf | |||
| 0907c0346f | |||
| 6420a90d08 | |||
| 7fa1180d10 | |||
| 769d36e289 | |||
| a7a41b820e | |||
| 33fdc9a94f | |||
| 8b50f1fb65 | |||
| 2d78a4b628 | |||
| c86026c941 | |||
| db014e3446 | |||
| feb8045643 | |||
| d485a09318 | |||
| 9cff5f66b1 | |||
| 527d4cc777 | |||
| 01361884eb | |||
| 6c4cbcab5d | |||
| aac25f0a53 | |||
| 89f3f3c8cd | |||
| 4a3c201741 | |||
| f5ab837cce | |||
| 00ec7a5c66 | |||
| 03df4d03ed | |||
| 8488edd707 | |||
| 920dbba2a3 | |||
| 71e065a8bc | |||
| e125c762b2 | |||
| 4f01f7c072 | |||
| 9a5ee9d489 | |||
| 665da931f1 | |||
| 7595cf7ac7 | |||
| aa6232d0fc | |||
| beaf5dc843 | |||
| 7158855052 | |||
| 765b2d795f | |||
| 66f00fcf94 | |||
| e408e735be | |||
| e826d0dea6 | |||
| bc6fd0b399 | |||
| d00b737412 | |||
| 1f43713986 | |||
| cc5bec1d83 | |||
| 40125c717c | |||
| 2b402f8fec | |||
| 8e9071a336 | |||
| 18bcf40174 | |||
| 42e9b913f1 | |||
| fcb73f78ea | |||
| a21569bd00 | |||
| 565727ad36 | |||
| 00dce19997 | |||
| 29717e19db | |||
| 97aeee541a | |||
| 44c16d69af | |||
| b70a2bee58 | |||
| f2f56dc6c2 | |||
| 128db20755 | |||
| 12cbd40596 | |||
| ffd0d17b58 | |||
| 33fad57bf7 | |||
| 8bcc130947 | |||
| 19feaf4bf2 | |||
| 88ea4391e0 | |||
| fba37b7ad0 | |||
| 6c1798a8c5 | |||
| b6d688f15e | |||
| 8a57d8dd9c | |||
| 8e0e32c2be | |||
| 6b3a0a2113 | |||
| 4d6ed7eec5 | |||
| 1625dd1add | |||
| 605dd2f3c9 | |||
| 51bb149fd5 | |||
| 2ae4c29418 | |||
| ba71016f87 | |||
| 85c2bd807e | |||
| 517e1d15c8 | |||
| 3d6d5f176a | |||
| 5dd19edb56 | |||
| c6a52ffc75 | |||
| 09b2671759 | |||
| d11a244caa | |||
| bf79768e05 | |||
| 08a2923cfc | |||
| b99e9a6468 | |||
| cb2ee9c489 | |||
| c1d933259a | |||
| 3cf6abdf27 | |||
| 0f2132e565 | |||
| 5cc88dc73f | |||
| ebe1c7a297 | |||
| 0943cf5d4c | |||
| 3b82ac568f | |||
| b695f34dc8 | |||
| 6df4bba3b6 | |||
| 9f83c0a0e8 | |||
| f617f93a94 | |||
| 51629247a5 | |||
| 0ab1854125 | |||
| b071fa2c9f | |||
| 8e2a79a0f5 | |||
| 71756812b6 | |||
| 76cd716caa | |||
| b0d1291cff | |||
| 9617eb2bd7 | |||
| c1ef5b4fbe | |||
| 8e14bdec95 | |||
| b26dfaf57f | |||
| 1a1c19b24e | |||
| 9d214b18af | |||
| e67b50b356 | |||
| 616caf76cb | |||
| 9a1db4948b | |||
| 1215aa8122 | |||
| d318a756a8 | |||
| b3c1e49c0c | |||
| dc12b00502 | |||
| 5b814e37c4 | |||
| 8483616b04 | |||
| ffe198839a | |||
| db5d1d4a16 | |||
| ad7dcddf24 | |||
| 94408aad21 | |||
| b84a7996a9 | |||
| a9b0bd8b47 | |||
| a32acf7c69 | |||
| 1e27acbf88 | |||
| 4012cc658d | |||
| 84d7a87609 | |||
| 9a92be532a | |||
| 18ac542e30 | |||
| 322475fb5c | |||
| 2f124bffc4 | |||
| 86367383e7 | |||
| d22ba3566d | |||
| c74b423bae | |||
| f8a757c55f | |||
| 6aea3f1643 | |||
| 073dc34522 | |||
| 3f5970a1f9 | |||
| e2f2608358 | |||
| 6d17bb04c4 | |||
| 957e7ba127 | |||
| def710cba8 | |||
| 44da854575 | |||
| d3d2474855 | |||
| d7d37c6f6e | |||
| 3c80b9a229 | |||
| a998a35482 | |||
| 20e0e5ebd0 | |||
| 4d831effe1 | |||
| 80f4dd0e60 | |||
| eafa3076d8 | |||
| fef3cd8354 | |||
| 36ada0705e | |||
| 8ae3c06df7 | |||
| ba127a8536 | |||
| 5c024f3a3a | |||
| 4fdb8583f6 | |||
| 2946df3b8e | |||
| c3b0c4e5e9 | |||
| a79d0f1677 | |||
| bfd7a7f561 | |||
| a5332bb0cc | |||
| b3963cc34b | |||
| ddb132f9fa | |||
| 64c901d91f | |||
| cd9e56fdb7 | |||
| 1b6b112e92 | |||
| 0ff0e83c9f | |||
| 6d491b7bb9 | |||
| cdc50ed47a | |||
| 06cc13c637 | |||
| 464d4990df | |||
| e2441ce284 | |||
| 0b6a3234a5 | |||
| ae8599c723 | |||
| 938e9b0d49 | |||
| 05e4ad3200 | |||
| cb90672573 | |||
| 9eb55ba68c | |||
| e19b6ebc82 | |||
| 5a6de12f74 | |||
| 6e6c91a27c | |||
| cf12ab1ac3 | |||
| aa7004b2ff | |||
| eca87b66f0 | |||
| cc8c89eeae | |||
| 6d14a4df49 | |||
| 6ea4aa1920 | |||
| f12451b8f9 | |||
| 0d4bb65a92 | |||
| d47ad9ac40 | |||
| 94949aa3fd | |||
| df098f55ba | |||
| f81ae24ba7 | |||
| facbb8f0a4 | |||
| 36fbd8818c | |||
| df1e28aabd | |||
| 91883397e6 | |||
| fd1813f3a7 | |||
| ddabfb5ca1 | |||
| ec0666a612 | |||
| bbf42c5802 | |||
| 6aa1d3b094 | |||
| 0d820df797 | |||
| f1ec1a2fb1 | |||
| 32fcf90467 | |||
| 5a53f88fd6 | |||
| 51971c7ef2 | |||
| 491096109a | |||
| 802a41b1bd | |||
| f59fbabede | |||
| 5a7d54058e | |||
| 5ef4490692 | |||
| 817e848d08 | |||
| 166c8326c5 | |||
| 673f1e93f4 | |||
| 4c1e1daf07 | |||
| 7c54df7ed1 | |||
| 9d77fcc457 | |||
| 454449ec8a | |||
| fe67e8e384 | |||
| 715b957660 | |||
| f1e4bf8d36 | |||
| 76aea311a4 | |||
| 3539b9ddb4 | |||
| 1a3cf2094b | |||
| 4530aac4f3 | |||
| 09cb20a084 | |||
| 6d4afd0953 | |||
| d1fb2e19d3 | |||
| dee0ca6864 | |||
| 2934bbdd20 | |||
| 2b46e8eaba | |||
| ed73d089d0 | |||
| 3b89104a59 | |||
| 5bf8b336c5 | |||
| 21a144753d | |||
| c1b8dfc863 | |||
| 5efcd4479a | |||
| e4e8b33e9f | |||
| 35ad235f49 | |||
| 834672c846 | |||
| af13790c93 | |||
| b8180d848a | |||
| fef7563e14 | |||
| 6337cf4359 | |||
| 87bcd8ec1b | |||
| b3cfe82dff | |||
| d65128671c | |||
| 41fdd5de74 | |||
| 2704202ba9 | |||
| 72ef0ae020 | |||
| 1442faa740 | |||
| 6aa589e612 | |||
| 4b1a8e14c4 | |||
| 1a0db10b1a | |||
| b7634086db | |||
| 73e9e830c3 | |||
| a6469e67a8 | |||
| 23ca3efbf4 | |||
| 0f9100fd3a | |||
| c47c411161 | |||
| e88e262abe | |||
| 832d45e32b | |||
| 69e3ac3cd4 | |||
| 50865f4265 | |||
| 0d1a8d9695 | |||
| 5d8486dd7f | |||
| 3c25932787 | |||
| 1d0e1eb126 | |||
| 57c0dc8618 | |||
| 526a147570 | |||
| 0938997548 | |||
| 0876b482f8 | |||
| d558c31f88 | |||
| 6010515da0 | |||
| 868bcd8e34 | |||
| 20c4904965 | |||
| 5a5536b38c | |||
| 53e2296de8 | |||
| d2423919e9 | |||
| 2250fcd177 | |||
| 2a33256d17 | |||
| 117aa750f8 | |||
| 15f161274f | |||
| 09779aca3e | |||
| 1d1f7cecf4 | |||
| dc00668cbe | |||
| 57701e13eb | |||
| 46545cb003 | |||
| a163cc3678 | |||
| 1dfb3408e8 | |||
| 67fb2beba1 | |||
| 6cacc9b83f | |||
| 1f1791feb7 | |||
| 1ba75092f9 | |||
| 08a08e73b3 | |||
| c500979099 | |||
| 2d9c082607 | |||
| 7968c4357b | |||
| 25c08e7279 | |||
| 81ed391efb | |||
| f3bee70c23 | |||
| 15a9eb28d9 | |||
| a0a093ed0b | |||
| 9cec711427 | |||
| 82745c701a | |||
| 68e775659b | |||
| 1c5e3000b6 | |||
| 3b93fd99a1 | |||
| e4fd2b656d | |||
| 159e91a07c | |||
| 530b5082bd | |||
| 3322f1ccb4 | |||
| 1b17fba19f | |||
| 987b5d580e | |||
| cb75ffc3b7 | |||
| 540f0a754d | |||
| 0f9a6fd968 | |||
| 82112abc34 | |||
| 75b5afd544 | |||
| 00e1675f7b | |||
| 2ddbdf977b | |||
| 4c8f0cc9ec | |||
| 18d380ce30 | |||
| e822b681cd | |||
| dd1f7ba544 | |||
| 8c2e6965f1 | |||
| b414f04cce | |||
| 9c71922dda | |||
| 6e4a28f227 | |||
| 64d8f035a2 | |||
| 0a5780a3b3 | |||
| d58b96f4b1 | |||
| f778f5c941 | |||
| 6422208f69 | |||
| c3ebc423b5 | |||
| 68d7b0a416 | |||
| 43546c84eb | |||
| eac36ee442 | |||
| 92f992728f | |||
| 78ad2d17c7 | |||
| 9a88394efe | |||
| 173562654b | |||
| b29bb7384d | |||
| 5a8de8210b | |||
| d5181454f4 | |||
| 0e0666cacf | |||
| e1583a58aa | |||
| 02ba2393b9 | |||
| 8f7e5ab1ed | |||
| 4334480675 | |||
| 6aa406927a | |||
| 5b50024712 | |||
| 7d922ac95f | |||
| 795a3d351e | |||
| 4b4c86b4b7 | |||
| 013af49137 | |||
| a6ae9290f2 | |||
| de70d72e0d | |||
| daf260cf61 | |||
| 92a06e0ea3 | |||
| c16d2ff2ed | |||
| 73a4d7d351 | |||
| 4e07e9c52c | |||
| 743621eb25 | |||
| e9df995e76 | |||
| 943923ff4b | |||
| 3f17f1a468 | |||
| 436996a43d | |||
| d42b6076d2 | |||
| 89cc99f915 | |||
| 1860b4b862 | |||
| efb1d69ac9 | |||
| 0601b55f22 | |||
| 107986d848 | |||
| b6c8fbe43b | |||
| 4208a9f372 | |||
| 3c82a228fb | |||
| a4aa29e48a | |||
| 0f82ba6627 | |||
| 1df5d9fac8 | |||
| 5189583d73 | |||
| b794d2aa40 | |||
| c69059b227 | |||
| b27b62d4c8 | |||
| ee8290d68c | |||
| 82e8e79b16 | |||
| 2d428d2fa0 | |||
| 0005c11a0a | |||
| 559cbeb7d5 | |||
| f91d914ec6 | |||
| e975f56445 | |||
| ce746a2a21 | |||
| 7120ab4b22 | |||
| 12e777b32e | |||
| 9378103ddd | |||
| ec794d5de2 | |||
| 12b18a3e8c | |||
| 91e8a13e59 | |||
| 931ba0f540 | |||
| b6caeda0a5 | |||
| 77d17af15b | |||
| 264c6bf4e8 | |||
| d321d7275c | |||
| 4aa72eb1a3 | |||
| a066a68e1a | |||
| 3855486a00 | |||
| ab494521b1 | |||
| 549e1ead1d | |||
| a0759a79a1 | |||
| 14e1a119d3 | |||
| 6e066d38b0 | |||
| 21f72639b6 | |||
| 8a0c2031d4 | |||
| 56d3a466e5 | |||
| 563e505cc1 | |||
| c44c02b8ba | |||
| b9ab35a05b | |||
| 9fb677e952 | |||
| e253195fdd | |||
| 88d8414eb8 | |||
| 5f3fafb1b0 | |||
| de1338a8cd | |||
| 0800aa2a61 | |||
| 4959d66ac1 | |||
| 9320df8be6 | |||
| 13ec6b6620 | |||
| 2ca3ef019c | |||
| 724e41a54f | |||
| ce5e62d216 | |||
| 874dc2b33e | |||
| 3b2622d590 | |||
| c81d855741 | |||
| 3bce8d3596 | |||
| ee2a1e2bc3 | |||
| a0f3ee74f9 | |||
| 82a36fd632 | |||
| c5084137ab | |||
| 65ec8da100 | |||
| e76e7581a5 | |||
| a97a4b6ec1 | |||
| e38bbde348 | |||
| 026260ddfb | |||
| 97be5eb7d5 | |||
| d7b96ba3f5 | |||
| b42672530f | |||
| b6b2dbd8ab | |||
| 975f3a01f5 | |||
| 4de2dfff85 | |||
| 27d230647f | |||
| 114486608e | |||
| 10fa9274d0 | |||
| 2fd519e102 | |||
| a63c1ec364 | |||
| e61ef2ca2a | |||
| 39b09b7f3f | |||
| 840cc214e3 | |||
| cbdc74768f | |||
| 10f95896aa | |||
| 5b8994d143 | |||
| c46ef2fe9c | |||
| 72524db52d | |||
| ab8fc11ab3 | |||
| 4cd025dd91 | |||
| ce04ea9720 | |||
| a3ce382725 | |||
| 4eb49e3e60 | |||
| 1831ca4e75 | |||
| 2a9481023a | |||
| 8ed01372b8 | |||
| 0611ceb5c3 | |||
| 6a7d4fd385 | |||
| 7bc08c0425 | |||
| 451f3d24a8 | |||
| 36a47c4cfb | |||
| 7dce4500ec | |||
| 72e48a56df | |||
| 293d9865b4 | |||
| 45a2a07747 | |||
| 181bcffe7d | |||
| ed35d25598 | |||
| 05e738e0f4 | |||
| c95e66d531 | |||
| cc2a416a92 | |||
| 70bb42f1fc | |||
| 10d2bc1e9e | |||
| 385f57ec93 | |||
| 9c8ffdb661 | |||
| 5a5feccc76 | |||
| 36e7054386 | |||
| 19de12b12e | |||
| d96e930679 | |||
| 5e51b8ad74 | |||
| 885b9e638d | |||
| 56ef3a934a | |||
| 98bc199c8e | |||
| 0444d3490b | |||
| 54820d1db0 | |||
| 961cbfcacc | |||
| a784cd307e | |||
| b46c948522 | |||
| 7eab2cc0bb | |||
| 5ff2569ece | |||
| c59505be8d | |||
| 2b0e6649fa | |||
| 428e9b546e | |||
| 5089660381 | |||
| 998364b09d | |||
| ac0d88d9b7 | |||
| 401f04b53e | |||
| b046ab7513 | |||
| 65ee9b9544 | |||
| 49c7319342 | |||
| ce7df5ddaa | |||
| af1739fbcb | |||
| f01c9ee41c | |||
| 19f8956218 | |||
| a8c50b8618 | |||
| e86a381ed5 | |||
| dd18375f23 | |||
| 46b72b9e8c | |||
| 7bb2a5a0a5 | |||
| 4b777b1488 | |||
| 428f91b5fa | |||
| caaae77f74 | |||
| 4df27b316c | |||
| 8f52a48937 | |||
| a53da85fb4 | |||
| 08a5785cc5 | |||
| ff928b846d | |||
| 47b3d26d0e | |||
| 6270dce86a | |||
| 864d1d5cc4 | |||
| b63eda64f4 | |||
| b8e942478d | |||
| 6d9bfbf08f | |||
| 35ce947e19 | |||
| b17ba96235 | |||
| f1bdb25497 | |||
| e11527b430 | |||
| 31d3b314e9 | |||
| 3bce57c65c | |||
| d649a83535 | |||
| 3c6b1781bc | |||
| 7dd50f65fc | |||
| 342b4aeddf | |||
| 65908fa00f | |||
| 223e0d0706 | |||
| 5426031cd4 | |||
| adf4a1ffda | |||
| 780feba19c | |||
| c4b3656fad | |||
| 3ac315b52e | |||
| 1b183d32c0 | |||
| 0c643e91a6 | |||
| 54c1dd3bae | |||
| a8f4d2b7d1 | |||
| fab53ba26a | |||
| 62e19a2f4e | |||
| 7d67fb9984 | |||
| 9f67134ce2 | |||
| 51f1693dbd | |||
| 7436aebca7 | |||
| 66fda553e4 | |||
| 432dc81875 | |||
| 2ecf076c0f | |||
| 0d04cc365f | |||
| 9b71c426c7 | |||
| e06dda27cb | |||
| 09baf2f32e | |||
| 3253d60900 | |||
| 18f6e0f75d | |||
| 3b232bcc58 | |||
| c575bb76e7 | |||
| 87e6c7ba36 | |||
| b33a6e6fac | |||
| fc2c13a686 | |||
| f4602a120e | |||
| c8e7e0ee1e | |||
| 7ccceeea0d | |||
| f81f78f294 | |||
| 6cab223f12 | |||
| 0e7aafd364 | |||
| 7b05c02508 | |||
| 5922bfb1a0 | |||
| 43f2e32231 | |||
| 20ebdc6289 | |||
| a80ae49a33 | |||
| 91f1bae3e9 | |||
| 660197eef1 | |||
| 53c138ce3e | |||
| 969db14a3c | |||
| 1ca1059673 | |||
| 9410a18404 | |||
| c1c387bdd8 | |||
| 6e83d77a87 | |||
| ba9a1efa4c | |||
| 9e046b9608 | |||
| 37794eb299 | |||
| 4e66b0e74b | |||
| 44fa873977 | |||
| 505461a533 | |||
| a88c5b1428 | |||
| 97ef1d605c | |||
| 3fc1c9d948 | |||
| 68bd37ab6c | |||
| 5c317c535b | |||
| 37c6b11899 | |||
| 45c567ffa0 | |||
| 49d22498fc | |||
| 23f4302186 | |||
| 775ea64b55 | |||
| 64ad7641af | |||
| 81274960f6 | |||
| d724f5bb5d | |||
| 30e627cca8 | |||
| 53c1e2e742 | |||
| fb4bda077b | |||
| d4f7c4a9c4 | |||
| 1cc0e9b689 | |||
| 584be4dbd2 | |||
| c33e295ce7 | |||
| 1a926a7127 | |||
| eb515a8f7f | |||
| 81b8a8a9e3 | |||
| bcd164219f | |||
| c90e405105 | |||
| 4786fc3a31 | |||
| b2c8311b26 | |||
| 2154811ffb | |||
| 1772ac220f | |||
| 9bd33072f4 | |||
| cf596d980f | |||
| 70f619b726 | |||
| 7743e3890b | |||
| d8df250555 | |||
| 45c9f217c6 | |||
| 8371692cc5 | |||
| 5377dc7a1c | |||
| 02649468e0 | |||
| c5ef00fb0e | |||
| 6f4325e9a0 | |||
| a2a031dfe7 | |||
| e34a4c82eb | |||
| 52fd7df727 | |||
| d5f08437d7 | |||
| 9ee07ba343 | |||
| 4baaa5fc14 | |||
| 61de100630 | |||
| 3694f43ae8 | |||
| 279211142d | |||
| b8822b4d25 | |||
| 0655ba9423 | |||
| e1afbc226c | |||
| 96c450fd08 | |||
| 587e4d104b | |||
| 368c5c374f | |||
| 7675b6409c | |||
| d31da1a41e | |||
| 49e259e259 | |||
| f4684c1858 | |||
| 6e223bb363 | |||
| 22e7038b2c | |||
| 76ba4c1fdf | |||
| 7f25d94a83 | |||
| 769ba27e3a | |||
| a188552ba0 | |||
| 208132082e | |||
| fcd5789221 | |||
| 2c85bcd06b | |||
| c6a8b09cff | |||
| 380ff381fc | |||
| 5eb3951f00 | |||
| c30e94da98 | |||
| 6ca24d51a1 | |||
| 13f512aed6 | |||
| 2bdbc9d688 | |||
| 8e2f30d8de | |||
| a84e1cc9e0 | |||
| 6b28f0c81e | |||
| d28d3ba6ea | |||
| 6efaf9f40d | |||
| 5379b32959 | |||
| 9bb936a40d | |||
| 960fe760f1 | |||
| 2f2105a085 | |||
| de92a28435 | |||
| d8c3484ed5 | |||
| 726e000154 | |||
| d6abe83fdc | |||
| 9df46f7014 | |||
| 908f0d54e2 | |||
| f0010ea12a | |||
| cab8be1a9a | |||
| 0a9dab7cca | |||
| 889ab1f8a8 | |||
| a9019cfb23 | |||
| 441d4bce6e | |||
| dd1e681a9c | |||
| a882619eaf | |||
| f43baaaf1f | |||
| c3dc0bd015 | |||
| 1fd2a0fae2 | |||
| 8ba5b43569 | |||
| 6deefcd003 | |||
| 4d6cea5fcd | |||
| f175ac774f | |||
| 0fe2b24f6b | |||
| 6ad06e6faf | |||
| d47faeced1 | |||
| 498f586eeb | |||
| e94fc6bc65 | |||
| 0a1fe1b725 | |||
| eb40b04b43 | |||
| 6685afdcf9 | |||
| 49232e32bf | |||
| aec0aed211 | |||
| d43b3176f5 | |||
| 190074ea0c | |||
| c5a7719239 | |||
| 5eac131d2e | |||
| 0bc3276ee2 | |||
| 5073507b90 | |||
| 805e6f856a | |||
| 412a9b5294 | |||
| fbf95c5363 | |||
| b907850344 | |||
| 22116373e3 | |||
| 9757c3d8b6 | |||
| f8b85d4b4e | |||
| 4651f19c53 | |||
| 4524bdc094 | |||
| 741850880e | |||
| 53e096f7cb | |||
| 3dfd7e8a43 | |||
| db6e60d0a3 | |||
| 54d2d689c1 | |||
| bb5853827b | |||
| 68f5512732 | |||
| 657072dd17 | |||
| 443a19165f | |||
| b4906ec9ba | |||
| 416e124c02 | |||
| d3e4d8cda8 | |||
| 81972dbb73 | |||
| 39bf64bc35 | |||
| b715786a1e | |||
| ae24eb2d2c | |||
| 20fc59dcda | |||
| 93b09de425 | |||
| bacc130453 | |||
| 79541ec7b8 | |||
| 81197f8a86 | |||
| dcfc7822f4 | |||
| 269bd9aa0f | |||
| 0a0817b860 | |||
| b7a903ab32 | |||
| ab60438aa7 | |||
| b9f3f90de6 | |||
| b53cc397be | |||
| 994fb456c2 | |||
| b36927c7a0 | |||
| 1c57473b6d | |||
| c02c3eaa4a | |||
| 3c265ee577 | |||
| 98dfd05f06 | |||
| faa2e97530 | |||
| 175f10a51d | |||
| 6284930fce | |||
| 6c93aca444 | |||
| d83318cbfc | |||
| 143f362a48 | |||
| 698cd868a8 | |||
| a55842ffff | |||
| 2ffe254879 | |||
| e173f59d89 | |||
| d3870f4920 | |||
| 227501d8f8 | |||
| a16f805709 | |||
| a029b107ae | |||
| f03389a9a0 | |||
| 78fff6bfde | |||
| bc585c24fc | |||
| 0f6c66dc67 | |||
| 6be150bafe | |||
| 1eac7741a5 | |||
| b8ca0499af | |||
| b39a2bcfb1 | |||
| d45b727dca | |||
| 5c31d35e28 | |||
| 8c645315f3 | |||
| ab6377e086 | |||
| 8685cf4208 | |||
| a3f30eff02 | |||
| 081940dff8 | |||
| 26fe1259da | |||
| 3bcbeb24f3 | |||
| 1d0a92c83e | |||
| a44100c2bd | |||
| c4cf4cdec4 | |||
| 2203ebf723 | |||
| 70958185bd | |||
| 7e374baee9 | |||
| 4cf6ca1d55 | |||
| 85f2165a1e | |||
| 1bc7175dd4 | |||
| 2957d6592d | |||
| de2a22aad8 | |||
| b96db4f133 | |||
| 2a29062659 | |||
| 8ed9adbfae | |||
| 98406f63af | |||
| 85415176ab | |||
| b81ae3d998 | |||
| 208289f498 | |||
| 8783c47a3c | |||
| 592ca64253 | |||
| 1de6e58eef | |||
| 92822a20e8 | |||
| 4a3035d597 | |||
| bd866a5fd2 | |||
| 1c6cd57c31 | |||
| a0619868be | |||
| 6c2dd4331a | |||
| 5e6171263b | |||
| d33c704f76 | |||
| 3cb1cd9f2f | |||
| 926fe5e474 | |||
| 243da6379b | |||
| 68ea7d1d98 | |||
| c0a4541455 | |||
| e4bf2da2e5 | |||
| ddaa9c32a7 | |||
| 85334f082c | |||
| c771722127 | |||
| f89b0a17ac | |||
| 81a6fb8d00 | |||
| dbee049ac8 | |||
| c03519b7f5 | |||
| 7affaf63d0 | |||
| 08e9cb862d | |||
| cbb2388a46 | |||
| 24f437e260 | |||
| 3439a3690f | |||
| b88469f901 | |||
| e573125934 | |||
| c5072bed80 | |||
| 28dd06c41f | |||
| 61aaa5a832 | |||
| 512ba2150b | |||
| d1f7a9c6df | |||
| 1cdb261f7e | |||
| 17631599a2 | |||
| 7563b37cd0 | |||
| 7318c86cca | |||
| 467cd70b72 | |||
| f286d66cbc | |||
| 8ca72a39da | |||
| 4ff811c5bd | |||
| ca2370e31d | |||
| 06af53c4d6 | |||
| 6befdfe01e | |||
| 5695137280 | |||
| e2e0936f43 | |||
| 32d8bde96d | |||
| f24f867684 | |||
| 491636851f | |||
| bf1870608b | |||
| 6f6c24b6df | |||
| 7c7d1f641e | |||
| 82212af643 | |||
| 8e16ff07a9 | |||
| 56816c7584 | |||
| 477712b73c | |||
| 27b2ec309d | |||
| 91ce8bea4b | |||
| 2ea9d27237 | |||
| 95cbaaae21 | |||
| 955aa41f53 | |||
| cb3fa028c3 | |||
| ecacb26445 | |||
| cca7cea2f1 | |||
| 07154d2a16 | |||
| b509c8aeec | |||
| a2c76cbb24 | |||
| 960ada4d66 | |||
| 34296e5f40 | |||
| 33f1662c91 | |||
| 29f26021df | |||
| 15f02cf79a | |||
| 2a5d836747 | |||
| 593a7fdd69 | |||
| 99f9b68efe | |||
| 9655f119a5 | |||
| 48ddc700a0 | |||
| 0473d5f639 | |||
| 537f9ae66b | |||
| d08f276794 | |||
| c746e1bc8d | |||
| 6a96f743aa | |||
| b4f0b4e285 | |||
| 07c7501669 | |||
| 009bac64bf | |||
| 5e293e8364 | |||
| da4dd88fdd | |||
| 1ba7fca798 | |||
| e7a9a19816 | |||
| fa117198a0 | |||
| f03d0cd47f | |||
| 925a59c080 | |||
| a7c7319407 | |||
| b9bee2836b | |||
| 230f77118a | |||
| bcb5b7b4a7 | |||
| 90a2ed2f10 | |||
| fc69364feb | |||
| 53c48e6f04 | |||
| 9db5ff9ff7 | |||
| 245755a140 | |||
| dcbd22b4ad | |||
| 8481b0a073 | |||
| f651ca84fa | |||
| 6b83d3c3f1 | |||
| d463a578c2 | |||
| 9d0a8ecb09 | |||
| af5394d464 | |||
| c956e0d401 | |||
| 2a281ec002 | |||
| 4c000c1d49 | |||
| ea4ff75552 | |||
| c78b866087 | |||
| 48b6e98bbc | |||
| 3d5260b13e | |||
| d0b0d95b9a | |||
| c2c8b7a631 | |||
| 9bc11b8717 | |||
| 1d53211fe0 | |||
| 473bce856d | |||
| 2c8b7b5ca5 | |||
| 8e1905a695 | |||
| f3eb823bc3 | |||
| 61c13db090 | |||
| ccbd793f52 | |||
| d13e6896a8 | |||
| 83a36ead10 | |||
| b61b74b0b5 | |||
| 01b068c50f | |||
| fee44ce960 | |||
| 1906504a86 | |||
| 36bcba332c | |||
| 304ab1964c | |||
| b286096c7b | |||
| a22a4b6e74 | |||
| 9a680d2374 | |||
| f80e212b07 | |||
| 8a39b3fd45 | |||
| 61ec938b00 | |||
| 6686de6788 | |||
| 79636cbb30 | |||
| 90d6178a0b | |||
| 2fa1bc6cdc | |||
| c5f6d822ca | |||
| 4de4bf9625 | |||
| 5d956080f2 | |||
| f8e18de2fc | |||
| 884482ec35 | |||
| 9b43948fa4 | |||
| bcd6cd99cc | |||
| 37ceba6b81 | |||
| dfe42e9016 | |||
| 38aa2dace8 | |||
| 136c3eff0c | |||
| 642999c8b1 | |||
| c5fc49b4fa | |||
| cd5a38b1eb | |||
| 595842c2c9 | |||
| 82d5276ade | |||
| 51eb782831 | |||
| de2980e1bc | |||
| 8a3c0d9a08 | |||
| 1a5e9f1005 | |||
| f42c013f33 | |||
| 42c9bda939 | |||
| cbce9fae3a | |||
| e44b15ecd5 | |||
| 7f6ca31757 | |||
| a1eb248474 | |||
| be2b1fd1ce | |||
| 20b65f549e | |||
| 1dc8be373c | |||
| 22b2e6b3d4 | |||
| 89e7107a47 | |||
| 0a69131c38 | |||
| 590f2c29b3 | |||
| 0ddcce6fe1 | |||
| 8a54fb7f23 | |||
| 5c280b024e | |||
| 033cc62ce7 | |||
| 4c69b7a64e | |||
| e7ab9b3f37 | |||
| 3143662f82 | |||
| 18964ba2a3 | |||
| f862404c5c | |||
| c292578f80 | |||
| 7b02d4104d | |||
| 2ef5d90e13 | |||
| d6a8021613 | |||
| c5231d37f6 | |||
| 4d803a40c9 | |||
| 1d709b551a | |||
| 335411de4c | |||
| 0e4abdf4b6 | |||
| 267b40b73c | |||
| ba9a0c5e3c | |||
| 9e0b7ff0d7 | |||
| 003bf7fdf3 | |||
| c3fdda026b | |||
| a53363d064 | |||
| ee21e1faa7 | |||
| e409a34a09 | |||
| 7177ab7f77 | |||
| 801f6fb661 | |||
| 805d82b8d9 | |||
| bd6d790495 | |||
| 2305163474 | |||
| dda53dcb16 | |||
| 2c3e768867 | |||
| 8d682ed9ad | |||
| 47fe497ca1 | |||
| 4d5f364663 | |||
| c3db8b972f | |||
| cfced63ba1 | |||
| 51aa55f963 | |||
| e7df24841e | |||
| e6fd4c32c4 | |||
| f6590aedbd | |||
| 3cb9e02533 | |||
| 4d792350ef |
@@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
alwaysApply: true
|
||||||
|
---
|
||||||
|
|
||||||
|
When adding submit buttons, don't change the text of the button during the loading state. Text should stay static and you should use the loading prop on the button.
|
||||||
@@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
alwaysApply: true
|
||||||
|
---
|
||||||
|
|
||||||
|
When creating UI for popup dialogs or modals, use the Credenza componennt. This component is mobile responsive and works on desktop and wraps the dialog component and sheet into one.
|
||||||
@@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
alwaysApply: true
|
||||||
|
---
|
||||||
|
|
||||||
|
Always localize strings and use the `t` function to convert keys to strings. Add the keys to the en-us.json file. Never edit the other language files, as en-us.json is the single source of truth.
|
||||||
@@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
alwaysApply: true
|
||||||
|
---
|
||||||
|
|
||||||
|
Don't write or edit migrations in `server/setup` unless specificall instructed to do so.
|
||||||
@@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
description:
|
||||||
|
alwaysApply: true
|
||||||
|
---
|
||||||
|
|
||||||
|
Proxy resources = public resources
|
||||||
|
Private resources = client resources = site resources
|
||||||
@@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
alwaysApply: true
|
||||||
|
---
|
||||||
|
|
||||||
|
When writing TypeScript:
|
||||||
|
|
||||||
|
Prefer to use types instead of interfaces.
|
||||||
@@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
alwaysApply: true
|
||||||
|
---
|
||||||
|
|
||||||
|
When creating forms, use React form for validation and use Zod schemas.
|
||||||
@@ -34,3 +34,5 @@ build.ts
|
|||||||
tsconfig.json
|
tsconfig.json
|
||||||
Dockerfile*
|
Dockerfile*
|
||||||
drizzle.config.ts
|
drizzle.config.ts
|
||||||
|
allowedDevOrigins.json
|
||||||
|
scratch/
|
||||||
|
|||||||
@@ -1,3 +0,0 @@
|
|||||||
# These are supported funding model platforms
|
|
||||||
|
|
||||||
github: [fosrl]
|
|
||||||
@@ -14,12 +14,13 @@ body:
|
|||||||
label: Environment
|
label: Environment
|
||||||
description: Please fill out the relevant details below for your environment.
|
description: Please fill out the relevant details below for your environment.
|
||||||
value: |
|
value: |
|
||||||
- OS Type & Version: (e.g., Ubuntu 22.04)
|
- OS Type & Version:
|
||||||
- Pangolin Version:
|
- Pangolin Version:
|
||||||
|
- Edition (Community or Enterprise):
|
||||||
- Gerbil Version:
|
- Gerbil Version:
|
||||||
- Traefik Version:
|
- Traefik Version:
|
||||||
- Newt Version:
|
- Newt Version:
|
||||||
- Olm Version: (if applicable)
|
- Client Version:
|
||||||
validations:
|
validations:
|
||||||
required: true
|
required: true
|
||||||
|
|
||||||
|
|||||||
@@ -1,52 +1,42 @@
|
|||||||
version: 2
|
version: 2
|
||||||
|
|
||||||
updates:
|
updates:
|
||||||
- package-ecosystem: "npm"
|
- package-ecosystem: "npm"
|
||||||
directory: "/"
|
directory: "/"
|
||||||
schedule:
|
schedule:
|
||||||
interval: "daily"
|
interval: "daily"
|
||||||
|
open-pull-requests-limit: 1
|
||||||
groups:
|
groups:
|
||||||
dev-patch-updates:
|
npm-dependencies:
|
||||||
dependency-type: "development"
|
patterns:
|
||||||
update-types:
|
- "*"
|
||||||
- "patch"
|
|
||||||
dev-minor-updates:
|
|
||||||
dependency-type: "development"
|
|
||||||
update-types:
|
|
||||||
- "minor"
|
|
||||||
prod-patch-updates:
|
|
||||||
dependency-type: "production"
|
|
||||||
update-types:
|
|
||||||
- "patch"
|
|
||||||
prod-minor-updates:
|
|
||||||
dependency-type: "production"
|
|
||||||
update-types:
|
|
||||||
- "minor"
|
|
||||||
|
|
||||||
- package-ecosystem: "docker"
|
- package-ecosystem: "docker"
|
||||||
directory: "/"
|
directory: "/"
|
||||||
schedule:
|
schedule:
|
||||||
interval: "daily"
|
interval: "daily"
|
||||||
|
open-pull-requests-limit: 1
|
||||||
groups:
|
groups:
|
||||||
patch-updates:
|
docker-dependencies:
|
||||||
update-types:
|
patterns:
|
||||||
- "patch"
|
- "*"
|
||||||
minor-updates:
|
|
||||||
update-types:
|
|
||||||
- "minor"
|
|
||||||
|
|
||||||
- package-ecosystem: "github-actions"
|
- package-ecosystem: "github-actions"
|
||||||
directory: "/"
|
directory: "/"
|
||||||
schedule:
|
schedule:
|
||||||
interval: "weekly"
|
interval: "weekly"
|
||||||
|
open-pull-requests-limit: 1
|
||||||
|
groups:
|
||||||
|
github-actions-dependencies:
|
||||||
|
patterns:
|
||||||
|
- "*"
|
||||||
|
|
||||||
- package-ecosystem: "gomod"
|
- package-ecosystem: "gomod"
|
||||||
directory: "/install"
|
directory: "/install"
|
||||||
schedule:
|
schedule:
|
||||||
interval: "daily"
|
interval: "daily"
|
||||||
|
open-pull-requests-limit: 1
|
||||||
groups:
|
groups:
|
||||||
patch-updates:
|
go-install-dependencies:
|
||||||
update-types:
|
patterns:
|
||||||
- "patch"
|
- "*"
|
||||||
minor-updates:
|
|
||||||
update-types:
|
|
||||||
- "minor"
|
|
||||||
|
|||||||
@@ -62,7 +62,7 @@ jobs:
|
|||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
|
|
||||||
- name: Monitor storage space
|
- name: Monitor storage space
|
||||||
run: |
|
run: |
|
||||||
@@ -77,7 +77,7 @@ jobs:
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
- name: Log in to Docker Hub
|
- name: Log in to Docker Hub
|
||||||
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
|
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
|
||||||
with:
|
with:
|
||||||
registry: docker.io
|
registry: docker.io
|
||||||
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
||||||
@@ -134,7 +134,7 @@ jobs:
|
|||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
|
|
||||||
- name: Monitor storage space
|
- name: Monitor storage space
|
||||||
run: |
|
run: |
|
||||||
@@ -149,7 +149,7 @@ jobs:
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
- name: Log in to Docker Hub
|
- name: Log in to Docker Hub
|
||||||
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
|
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
|
||||||
with:
|
with:
|
||||||
registry: docker.io
|
registry: docker.io
|
||||||
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
||||||
@@ -201,10 +201,10 @@ jobs:
|
|||||||
timeout-minutes: 30
|
timeout-minutes: 30
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
|
|
||||||
- name: Log in to Docker Hub
|
- name: Log in to Docker Hub
|
||||||
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
|
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
|
||||||
with:
|
with:
|
||||||
registry: docker.io
|
registry: docker.io
|
||||||
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
||||||
@@ -256,7 +256,7 @@ jobs:
|
|||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
|
|
||||||
- name: Extract tag name
|
- name: Extract tag name
|
||||||
id: get-tag
|
id: get-tag
|
||||||
@@ -407,35 +407,27 @@ jobs:
|
|||||||
shell: bash
|
shell: bash
|
||||||
|
|
||||||
- name: Login to GitHub Container Registry (for cosign)
|
- name: Login to GitHub Container Registry (for cosign)
|
||||||
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
|
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
|
||||||
with:
|
with:
|
||||||
registry: ghcr.io
|
registry: ghcr.io
|
||||||
username: ${{ github.actor }}
|
username: ${{ github.actor }}
|
||||||
password: ${{ secrets.GITHUB_TOKEN }}
|
password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
||||||
- name: Install cosign
|
- name: Install cosign
|
||||||
# cosign is used to sign and verify container images (key and keyless)
|
# cosign is used to sign container images using keyless (OIDC) signing
|
||||||
uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1
|
uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2
|
||||||
|
with:
|
||||||
|
cosign-release: v3.0.6
|
||||||
|
|
||||||
- name: Dual-sign and verify (GHCR & Docker Hub)
|
- name: Sign (GHCR, keyless)
|
||||||
# Sign each image by digest using keyless (OIDC) and key-based signing,
|
# Sign each GHCR image by digest using keyless (OIDC) signing via Sigstore/Rekor.
|
||||||
# then verify both the public key signature and the keyless OIDC signature.
|
# Signatures are stored in the registry alongside the image.
|
||||||
env:
|
env:
|
||||||
TAG: ${{ env.TAG }}
|
TAG: ${{ env.TAG }}
|
||||||
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
|
|
||||||
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
|
|
||||||
COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}
|
|
||||||
COSIGN_YES: "true"
|
COSIGN_YES: "true"
|
||||||
run: |
|
run: |
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
issuer="https://token.actions.githubusercontent.com"
|
|
||||||
id_regex="^https://github.com/${{ github.repository }}/.+" # accept this repo (all workflows/refs)
|
|
||||||
|
|
||||||
# Track failures
|
|
||||||
FAILED_TAGS=()
|
|
||||||
SUCCESSFUL_TAGS=()
|
|
||||||
|
|
||||||
# Determine if this is an RC release
|
# Determine if this is an RC release
|
||||||
IS_RC="false"
|
IS_RC="false"
|
||||||
if [[ "$TAG" == *"-rc."* ]]; then
|
if [[ "$TAG" == *"-rc."* ]]; then
|
||||||
@@ -463,95 +455,47 @@ jobs:
|
|||||||
)
|
)
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Sign each image variant for both registries
|
FAILED_TAGS=()
|
||||||
for BASE_IMAGE in "${GHCR_IMAGE}" "${DOCKERHUB_IMAGE}"; do
|
SUCCESSFUL_TAGS=()
|
||||||
for IMAGE_TAG in "${IMAGE_TAGS[@]}"; do
|
|
||||||
echo "Processing ${BASE_IMAGE}:${IMAGE_TAG}"
|
|
||||||
TAG_FAILED=false
|
|
||||||
|
|
||||||
# Wrap the entire tag processing in error handling
|
for IMAGE_TAG in "${IMAGE_TAGS[@]}"; do
|
||||||
(
|
echo "Processing ${GHCR_IMAGE}:${IMAGE_TAG}"
|
||||||
set -e
|
TAG_FAILED=false
|
||||||
DIGEST="$(skopeo inspect --retry-times 3 docker://${BASE_IMAGE}:${IMAGE_TAG} | jq -r '.Digest')"
|
|
||||||
REF="${BASE_IMAGE}@${DIGEST}"
|
|
||||||
echo "Resolved digest: ${REF}"
|
|
||||||
|
|
||||||
echo "==> cosign sign (keyless) --recursive ${REF}"
|
(
|
||||||
cosign sign --recursive "${REF}"
|
set -e
|
||||||
|
DIGEST="$(skopeo inspect --retry-times 3 docker://${GHCR_IMAGE}:${IMAGE_TAG} | jq -r '.Digest')"
|
||||||
|
REF="${GHCR_IMAGE}@${DIGEST}"
|
||||||
|
echo "Resolved digest: ${REF}"
|
||||||
|
|
||||||
echo "==> cosign sign (key) --recursive ${REF}"
|
echo "==> cosign sign (keyless) --recursive ${REF}"
|
||||||
cosign sign --key env://COSIGN_PRIVATE_KEY --recursive "${REF}"
|
cosign sign --recursive "${REF}"
|
||||||
|
) || TAG_FAILED=true
|
||||||
|
|
||||||
# Retry wrapper for verification to handle registry propagation delays
|
if [ "$TAG_FAILED" = "true" ]; then
|
||||||
retry_verify() {
|
echo "⚠️ WARNING: Failed to sign ${GHCR_IMAGE}:${IMAGE_TAG}"
|
||||||
local cmd="$1"
|
FAILED_TAGS+=("${GHCR_IMAGE}:${IMAGE_TAG}")
|
||||||
local attempts=6
|
else
|
||||||
local delay=5
|
echo "✓ Successfully signed ${GHCR_IMAGE}:${IMAGE_TAG}"
|
||||||
local i=1
|
SUCCESSFUL_TAGS+=("${GHCR_IMAGE}:${IMAGE_TAG}")
|
||||||
until eval "$cmd"; do
|
fi
|
||||||
if [ $i -ge $attempts ]; then
|
|
||||||
echo "Verification failed after $attempts attempts"
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
echo "Verification not yet available. Retry $i/$attempts after ${delay}s..."
|
|
||||||
sleep $delay
|
|
||||||
i=$((i+1))
|
|
||||||
delay=$((delay*2))
|
|
||||||
# Cap the delay to avoid very long waits
|
|
||||||
if [ $delay -gt 60 ]; then delay=60; fi
|
|
||||||
done
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
echo "==> cosign verify (public key) ${REF}"
|
|
||||||
if retry_verify "cosign verify --key env://COSIGN_PUBLIC_KEY '${REF}' -o text"; then
|
|
||||||
VERIFIED_INDEX=true
|
|
||||||
else
|
|
||||||
VERIFIED_INDEX=false
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "==> cosign verify (keyless policy) ${REF}"
|
|
||||||
if retry_verify "cosign verify --certificate-oidc-issuer '${issuer}' --certificate-identity-regexp '${id_regex}' '${REF}' -o text"; then
|
|
||||||
VERIFIED_INDEX_KEYLESS=true
|
|
||||||
else
|
|
||||||
VERIFIED_INDEX_KEYLESS=false
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Check if verification succeeded
|
|
||||||
if [ "${VERIFIED_INDEX}" != "true" ] && [ "${VERIFIED_INDEX_KEYLESS}" != "true" ]; then
|
|
||||||
echo "⚠️ WARNING: Verification not available for ${BASE_IMAGE}:${IMAGE_TAG}"
|
|
||||||
echo "This may be due to registry propagation delays. Continuing anyway."
|
|
||||||
fi
|
|
||||||
) || TAG_FAILED=true
|
|
||||||
|
|
||||||
if [ "$TAG_FAILED" = "true" ]; then
|
|
||||||
echo "⚠️ WARNING: Failed to sign/verify ${BASE_IMAGE}:${IMAGE_TAG}"
|
|
||||||
FAILED_TAGS+=("${BASE_IMAGE}:${IMAGE_TAG}")
|
|
||||||
else
|
|
||||||
echo "✓ Successfully signed and verified ${BASE_IMAGE}:${IMAGE_TAG}"
|
|
||||||
SUCCESSFUL_TAGS+=("${BASE_IMAGE}:${IMAGE_TAG}")
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
done
|
done
|
||||||
|
|
||||||
# Report summary
|
|
||||||
echo ""
|
echo ""
|
||||||
echo "=========================================="
|
echo "=========================================="
|
||||||
echo "Sign and Verify Summary"
|
echo "Sign Summary"
|
||||||
echo "=========================================="
|
echo "=========================================="
|
||||||
echo "Successful: ${#SUCCESSFUL_TAGS[@]}"
|
echo "Successful: ${#SUCCESSFUL_TAGS[@]}"
|
||||||
echo "Failed: ${#FAILED_TAGS[@]}"
|
echo "Failed: ${#FAILED_TAGS[@]}"
|
||||||
echo ""
|
|
||||||
|
|
||||||
if [ ${#FAILED_TAGS[@]} -gt 0 ]; then
|
if [ ${#FAILED_TAGS[@]} -gt 0 ]; then
|
||||||
echo "Failed tags:"
|
echo "Failed tags:"
|
||||||
for tag in "${FAILED_TAGS[@]}"; do
|
for tag in "${FAILED_TAGS[@]}"; do
|
||||||
echo " - $tag"
|
echo " - $tag"
|
||||||
done
|
done
|
||||||
echo ""
|
echo "⚠️ WARNING: Some tags failed to sign, but continuing anyway"
|
||||||
echo "⚠️ WARNING: Some tags failed to sign/verify, but continuing anyway"
|
|
||||||
else
|
else
|
||||||
echo "✓ All images signed and verified successfully!"
|
echo "✓ All images signed successfully!"
|
||||||
fi
|
fi
|
||||||
shell: bash
|
shell: bash
|
||||||
|
|
||||||
|
|||||||
@@ -21,10 +21,10 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
|
|
||||||
- name: Set up Node.js
|
- name: Set up Node.js
|
||||||
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
|
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
|
||||||
with:
|
with:
|
||||||
node-version: '24'
|
node-version: '24'
|
||||||
|
|
||||||
|
|||||||
@@ -23,7 +23,7 @@ jobs:
|
|||||||
skopeo --version
|
skopeo --version
|
||||||
|
|
||||||
- name: Install cosign
|
- name: Install cosign
|
||||||
uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1
|
uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2
|
||||||
|
|
||||||
- name: Input check
|
- name: Input check
|
||||||
run: |
|
run: |
|
||||||
|
|||||||
@@ -1,39 +0,0 @@
|
|||||||
name: Restart Runners
|
|
||||||
|
|
||||||
on:
|
|
||||||
schedule:
|
|
||||||
- cron: '0 0 */7 * *'
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
id-token: write
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
ec2-maintenance-prod:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
permissions: write-all
|
|
||||||
steps:
|
|
||||||
- name: Configure AWS credentials
|
|
||||||
uses: aws-actions/configure-aws-credentials@v6
|
|
||||||
with:
|
|
||||||
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ROLE_NAME }}
|
|
||||||
role-duration-seconds: 3600
|
|
||||||
aws-region: ${{ secrets.AWS_REGION }}
|
|
||||||
|
|
||||||
- name: Verify AWS identity
|
|
||||||
run: aws sts get-caller-identity
|
|
||||||
|
|
||||||
- name: Start EC2 instance
|
|
||||||
run: |
|
|
||||||
aws ec2 start-instances --instance-ids ${{ secrets.EC2_INSTANCE_ID_ARM_RUNNER }}
|
|
||||||
aws ec2 start-instances --instance-ids ${{ secrets.EC2_INSTANCE_ID_AMD_RUNNER }}
|
|
||||||
echo "EC2 instances started"
|
|
||||||
|
|
||||||
- name: Wait
|
|
||||||
run: sleep 600
|
|
||||||
|
|
||||||
- name: Stop EC2 instance
|
|
||||||
run: |
|
|
||||||
aws ec2 stop-instances --instance-ids ${{ secrets.EC2_INSTANCE_ID_ARM_RUNNER }}
|
|
||||||
aws ec2 stop-instances --instance-ids ${{ secrets.EC2_INSTANCE_ID_AMD_RUNNER }}
|
|
||||||
echo "EC2 instances stopped"
|
|
||||||
@@ -1,160 +0,0 @@
|
|||||||
name: SAAS Pipeline
|
|
||||||
|
|
||||||
# CI/CD workflow for building, publishing, mirroring, signing container images and building release binaries.
|
|
||||||
# Actions are pinned to specific SHAs to reduce supply-chain risk. This workflow triggers on tag push events.
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
packages: write # for GHCR push
|
|
||||||
id-token: write # for Cosign Keyless (OIDC) Signing
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
tags:
|
|
||||||
- "[0-9]+.[0-9]+.[0-9]+-s.[0-9]+"
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.ref }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
pre-run:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
permissions: write-all
|
|
||||||
steps:
|
|
||||||
- name: Configure AWS credentials
|
|
||||||
uses: aws-actions/configure-aws-credentials@v6
|
|
||||||
with:
|
|
||||||
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ROLE_NAME }}
|
|
||||||
role-duration-seconds: 3600
|
|
||||||
aws-region: ${{ secrets.AWS_REGION }}
|
|
||||||
|
|
||||||
- name: Verify AWS identity
|
|
||||||
run: aws sts get-caller-identity
|
|
||||||
|
|
||||||
- name: Start EC2 instances
|
|
||||||
run: |
|
|
||||||
aws ec2 start-instances --instance-ids ${{ secrets.EC2_INSTANCE_ID_ARM_RUNNER }}
|
|
||||||
echo "EC2 instances started"
|
|
||||||
|
|
||||||
|
|
||||||
release-arm:
|
|
||||||
name: Build and Release (ARM64)
|
|
||||||
runs-on: [self-hosted, linux, arm64, us-east-1]
|
|
||||||
needs: [pre-run]
|
|
||||||
if: >-
|
|
||||||
${{
|
|
||||||
needs.pre-run.result == 'success'
|
|
||||||
}}
|
|
||||||
# Job-level timeout to avoid runaway or stuck runs
|
|
||||||
timeout-minutes: 120
|
|
||||||
env:
|
|
||||||
# Target images
|
|
||||||
AWS_IMAGE: ${{ secrets.aws_account_id }}.dkr.ecr.us-east-1.amazonaws.com/${{ github.event.repository.name }}
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Checkout code
|
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
||||||
|
|
||||||
- name: Download MaxMind GeoLite2 databases
|
|
||||||
env:
|
|
||||||
MAXMIND_LICENSE_KEY: ${{ secrets.MAXMIND_LICENSE_KEY }}
|
|
||||||
run: |
|
|
||||||
echo "Downloading MaxMind GeoLite2 databases..."
|
|
||||||
|
|
||||||
# Download GeoLite2-Country
|
|
||||||
curl -L "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country&license_key=${MAXMIND_LICENSE_KEY}&suffix=tar.gz" \
|
|
||||||
-o GeoLite2-Country.tar.gz
|
|
||||||
|
|
||||||
# Download GeoLite2-ASN
|
|
||||||
curl -L "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-ASN&license_key=${MAXMIND_LICENSE_KEY}&suffix=tar.gz" \
|
|
||||||
-o GeoLite2-ASN.tar.gz
|
|
||||||
|
|
||||||
# Extract the .mmdb files
|
|
||||||
tar -xzf GeoLite2-Country.tar.gz --strip-components=1 --wildcards '*.mmdb'
|
|
||||||
tar -xzf GeoLite2-ASN.tar.gz --strip-components=1 --wildcards '*.mmdb'
|
|
||||||
|
|
||||||
# Verify files exist
|
|
||||||
if [ ! -f "GeoLite2-Country.mmdb" ]; then
|
|
||||||
echo "ERROR: Failed to download GeoLite2-Country.mmdb"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ ! -f "GeoLite2-ASN.mmdb" ]; then
|
|
||||||
echo "ERROR: Failed to download GeoLite2-ASN.mmdb"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Clean up tar files
|
|
||||||
rm -f GeoLite2-Country.tar.gz GeoLite2-ASN.tar.gz
|
|
||||||
|
|
||||||
echo "MaxMind databases downloaded successfully"
|
|
||||||
ls -lh GeoLite2-*.mmdb
|
|
||||||
|
|
||||||
- name: Monitor storage space
|
|
||||||
run: |
|
|
||||||
THRESHOLD=75
|
|
||||||
USED_SPACE=$(df / | grep / | awk '{ print $5 }' | sed 's/%//g')
|
|
||||||
echo "Used space: $USED_SPACE%"
|
|
||||||
if [ "$USED_SPACE" -ge "$THRESHOLD" ]; then
|
|
||||||
echo "Used space is below the threshold of 75% free. Running Docker system prune."
|
|
||||||
echo y | docker system prune -a
|
|
||||||
else
|
|
||||||
echo "Storage space is above the threshold. No action needed."
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Configure AWS credentials
|
|
||||||
uses: aws-actions/configure-aws-credentials@v6
|
|
||||||
with:
|
|
||||||
role-to-assume: arn:aws:iam::${{ secrets.aws_account_id }}:role/${{ secrets.AWS_ROLE_NAME }}
|
|
||||||
role-duration-seconds: 3600
|
|
||||||
aws-region: ${{ secrets.AWS_REGION }}
|
|
||||||
|
|
||||||
- name: Login to Amazon ECR
|
|
||||||
id: login-ecr
|
|
||||||
uses: aws-actions/amazon-ecr-login@v2
|
|
||||||
|
|
||||||
- name: Extract tag name
|
|
||||||
id: get-tag
|
|
||||||
run: echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
|
|
||||||
shell: bash
|
|
||||||
|
|
||||||
- name: Update version in package.json
|
|
||||||
run: |
|
|
||||||
TAG=${{ env.TAG }}
|
|
||||||
sed -i "s/export const APP_VERSION = \".*\";/export const APP_VERSION = \"$TAG\";/" server/lib/consts.ts
|
|
||||||
cat server/lib/consts.ts
|
|
||||||
shell: bash
|
|
||||||
|
|
||||||
- name: Build and push Docker images (Docker Hub - ARM64)
|
|
||||||
run: |
|
|
||||||
TAG=${{ env.TAG }}
|
|
||||||
make build-saas tag=$TAG
|
|
||||||
echo "Built & pushed ARM64 images to: ${{ env.AWS_IMAGE }}:${TAG}"
|
|
||||||
shell: bash
|
|
||||||
|
|
||||||
post-run:
|
|
||||||
needs: [pre-run, release-arm]
|
|
||||||
if: >-
|
|
||||||
${{
|
|
||||||
always() &&
|
|
||||||
needs.pre-run.result == 'success' &&
|
|
||||||
(needs.release-arm.result == 'success' || needs.release-arm.result == 'skipped' || needs.release-arm.result == 'failure')
|
|
||||||
}}
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
permissions: write-all
|
|
||||||
steps:
|
|
||||||
- name: Configure AWS credentials
|
|
||||||
uses: aws-actions/configure-aws-credentials@v6
|
|
||||||
with:
|
|
||||||
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ROLE_NAME }}
|
|
||||||
role-duration-seconds: 3600
|
|
||||||
aws-region: ${{ secrets.AWS_REGION }}
|
|
||||||
|
|
||||||
- name: Verify AWS identity
|
|
||||||
run: aws sts get-caller-identity
|
|
||||||
|
|
||||||
- name: Stop EC2 instances
|
|
||||||
run: |
|
|
||||||
aws ec2 stop-instances --instance-ids ${{ secrets.EC2_INSTANCE_ID_ARM_RUNNER }}
|
|
||||||
echo "EC2 instances stopped"
|
|
||||||
@@ -14,7 +14,7 @@ jobs:
|
|||||||
stale:
|
stale:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
|
- uses: actions/stale@eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899 # v10.3.0
|
||||||
with:
|
with:
|
||||||
days-before-stale: 14
|
days-before-stale: 14
|
||||||
days-before-close: 14
|
days-before-close: 14
|
||||||
|
|||||||
@@ -14,10 +14,10 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
|
|
||||||
- name: Install Node
|
- name: Install Node
|
||||||
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
|
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
|
||||||
with:
|
with:
|
||||||
node-version: '24'
|
node-version: '24'
|
||||||
|
|
||||||
@@ -62,7 +62,7 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
|
|
||||||
- name: Build Docker image sqlite
|
- name: Build Docker image sqlite
|
||||||
run: make dev-build-sqlite
|
run: make dev-build-sqlite
|
||||||
@@ -71,7 +71,7 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
|
|
||||||
- name: Build Docker image pg
|
- name: Build Docker image pg
|
||||||
run: make dev-build-pg
|
run: make dev-build-pg
|
||||||
|
|||||||
@@ -17,9 +17,9 @@ yarn-error.log*
|
|||||||
*.tsbuildinfo
|
*.tsbuildinfo
|
||||||
next-env.d.ts
|
next-env.d.ts
|
||||||
*.db
|
*.db
|
||||||
*.sqlite
|
*.sqlite*
|
||||||
!Dockerfile.sqlite
|
!Dockerfile.sqlite
|
||||||
*.sqlite3
|
*.sqlite3*
|
||||||
*.log
|
*.log
|
||||||
.machinelogs*.json
|
.machinelogs*.json
|
||||||
*-audit.json
|
*-audit.json
|
||||||
@@ -54,3 +54,5 @@ hydrateSaas.ts
|
|||||||
CLAUDE.md
|
CLAUDE.md
|
||||||
drizzle.config.ts
|
drizzle.config.ts
|
||||||
server/setup/migrations.ts
|
server/setup/migrations.ts
|
||||||
|
solo.yml
|
||||||
|
allowedDevOrigins.json
|
||||||
@@ -18,5 +18,8 @@
|
|||||||
"[json]": {
|
"[json]": {
|
||||||
"editor.defaultFormatter": "esbenp.prettier-vscode"
|
"editor.defaultFormatter": "esbenp.prettier-vscode"
|
||||||
},
|
},
|
||||||
"editor.formatOnSave": true
|
"editor.formatOnSave": true,
|
||||||
|
"cSpell.words": [
|
||||||
|
"nessicary"
|
||||||
|
]
|
||||||
}
|
}
|
||||||
@@ -41,7 +41,7 @@
|
|||||||
</strong>
|
</strong>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
Pangolin is an open-source, identity-based remote access platform built on WireGuard that enables secure, seamless connectivity to private and public resources. Pangolin combines reverse proxy and VPN capabilities into one platform, providing browser-based access to web applications and client-based access to any private resources with NAT traversal, all with granular access controls.
|
Pangolin is an open-source, identity-based remote access platform built on WireGuard® that enables secure, seamless connectivity to private and public resources. Pangolin combines reverse proxy and VPN capabilities into one platform, providing browser-based access to web applications and client-based access to any private resources with NAT traversal, all with granular access controls.
|
||||||
|
|
||||||
## Installation
|
## Installation
|
||||||
|
|
||||||
@@ -107,7 +107,7 @@ the docs to illustrate some basic ideas.
|
|||||||
|
|
||||||
## Licensing
|
## Licensing
|
||||||
|
|
||||||
Pangolin is dual licensed under the AGPL-3 and the [Fossorial Commercial License](https://pangolin.net/fcl.html). For inquiries about commercial licensing, please contact us at [contact@pangolin.net](mailto:contact@pangolin.net).
|
Pangolin is dual licensed under the AGPL-3 and the [Fossorial Commercial License](https://pangolin.net/fcl). For inquiries about commercial licensing, please contact us at [contact@pangolin.net](mailto:contact@pangolin.net).
|
||||||
|
|
||||||
## Contributions
|
## Contributions
|
||||||
|
|
||||||
|
|||||||
@@ -0,0 +1,28 @@
|
|||||||
|
import { CommandModule } from "yargs";
|
||||||
|
import { db, certificates } from "@server/db";
|
||||||
|
|
||||||
|
type ClearCertificatesArgs = {};
|
||||||
|
|
||||||
|
export const clearCertificates: CommandModule<{}, ClearCertificatesArgs> = {
|
||||||
|
command: "clear-certificates",
|
||||||
|
describe: "Delete all entries from the certificates table",
|
||||||
|
builder: (yargs) => {
|
||||||
|
return yargs;
|
||||||
|
},
|
||||||
|
handler: async (argv: {}) => {
|
||||||
|
try {
|
||||||
|
console.log("Clearing all certificates from the database...");
|
||||||
|
|
||||||
|
const deleted = await db.delete(certificates).returning();
|
||||||
|
|
||||||
|
console.log(
|
||||||
|
`Deleted ${deleted.length} certificate(s) from the database`
|
||||||
|
);
|
||||||
|
|
||||||
|
process.exit(0);
|
||||||
|
} catch (error) {
|
||||||
|
console.error("Error:", error);
|
||||||
|
process.exit(1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
@@ -0,0 +1,60 @@
|
|||||||
|
import { CommandModule } from "yargs";
|
||||||
|
import { db, users } from "@server/db";
|
||||||
|
import { eq } from "drizzle-orm";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Disable 2FA for a user by email address.
|
||||||
|
*/
|
||||||
|
type DisableUser2faArgs = {
|
||||||
|
email: string;
|
||||||
|
};
|
||||||
|
|
||||||
|
export const disableUser2fa: CommandModule<{}, DisableUser2faArgs> = {
|
||||||
|
command: "disable-user-2fa",
|
||||||
|
describe: "Disable 2FA for a user (sets twoFactorEnabled=false, clears secret)",
|
||||||
|
builder: (yargs) => {
|
||||||
|
return yargs.option("email", {
|
||||||
|
type: "string",
|
||||||
|
demandOption: true,
|
||||||
|
describe: "User email address"
|
||||||
|
});
|
||||||
|
},
|
||||||
|
handler: async (argv: { email: string }) => {
|
||||||
|
try {
|
||||||
|
const { email } = argv;
|
||||||
|
console.log(`Looking for user with email: ${email}`);
|
||||||
|
|
||||||
|
// Find the user by email
|
||||||
|
const [user] = await db
|
||||||
|
.select()
|
||||||
|
.from(users)
|
||||||
|
.where(eq(users.email, email))
|
||||||
|
.limit(1);
|
||||||
|
|
||||||
|
if (!user) {
|
||||||
|
console.error(`User with email '${email}' not found`);
|
||||||
|
process.exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!user.twoFactorEnabled) {
|
||||||
|
console.log(`2FA is already disabled for user '${email}'.`);
|
||||||
|
process.exit(0);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Update user: disable 2FA and clear secret
|
||||||
|
await db.update(users)
|
||||||
|
.set({
|
||||||
|
twoFactorEnabled: false,
|
||||||
|
twoFactorSecret: null,
|
||||||
|
twoFactorSetupRequested: false
|
||||||
|
})
|
||||||
|
.where(eq(users.userId, user.userId));
|
||||||
|
|
||||||
|
console.log(`2FA disabled for user '${email}'.`);
|
||||||
|
process.exit(0);
|
||||||
|
} catch (error) {
|
||||||
|
console.error("Error disabling 2FA:", error);
|
||||||
|
process.exit(1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
@@ -1,5 +1,5 @@
|
|||||||
import { CommandModule } from "yargs";
|
import { CommandModule } from "yargs";
|
||||||
import { db, idpOidcConfig, licenseKey } from "@server/db";
|
import { db, idpOidcConfig, licenseKey, certificates, eventStreamingDestinations, alertWebhookActions } from "@server/db";
|
||||||
import { encrypt, decrypt } from "@server/lib/crypto";
|
import { encrypt, decrypt } from "@server/lib/crypto";
|
||||||
import { configFilePath1, configFilePath2 } from "@server/lib/consts";
|
import { configFilePath1, configFilePath2 } from "@server/lib/consts";
|
||||||
import { eq } from "drizzle-orm";
|
import { eq } from "drizzle-orm";
|
||||||
@@ -129,9 +129,15 @@ export const rotateServerSecret: CommandModule<
|
|||||||
console.log("\nReading encrypted data from database...");
|
console.log("\nReading encrypted data from database...");
|
||||||
const idpConfigs = await db.select().from(idpOidcConfig);
|
const idpConfigs = await db.select().from(idpOidcConfig);
|
||||||
const licenseKeys = await db.select().from(licenseKey);
|
const licenseKeys = await db.select().from(licenseKey);
|
||||||
|
const certs = await db.select().from(certificates);
|
||||||
|
const streamingDestinations = await db.select().from(eventStreamingDestinations);
|
||||||
|
const webhookActions = await db.select().from(alertWebhookActions);
|
||||||
|
|
||||||
console.log(`Found ${idpConfigs.length} OIDC IdP configuration(s)`);
|
console.log(`Found ${idpConfigs.length} OIDC IdP configuration(s)`);
|
||||||
console.log(`Found ${licenseKeys.length} license key(s)`);
|
console.log(`Found ${licenseKeys.length} license key(s)`);
|
||||||
|
console.log(`Found ${certs.length} certificate(s)`);
|
||||||
|
console.log(`Found ${streamingDestinations.length} event streaming destination(s)`);
|
||||||
|
console.log(`Found ${webhookActions.length} alert webhook action(s)`);
|
||||||
|
|
||||||
// Prepare all decrypted and re-encrypted values
|
// Prepare all decrypted and re-encrypted values
|
||||||
console.log("\nDecrypting and re-encrypting values...");
|
console.log("\nDecrypting and re-encrypting values...");
|
||||||
@@ -149,8 +155,27 @@ export const rotateServerSecret: CommandModule<
|
|||||||
encryptedInstanceId: string;
|
encryptedInstanceId: string;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
type CertUpdate = {
|
||||||
|
certId: number;
|
||||||
|
encryptedCertFile: string | null;
|
||||||
|
encryptedKeyFile: string | null;
|
||||||
|
};
|
||||||
|
|
||||||
|
type StreamingDestinationUpdate = {
|
||||||
|
destinationId: number;
|
||||||
|
encryptedConfig: string;
|
||||||
|
};
|
||||||
|
|
||||||
|
type WebhookActionUpdate = {
|
||||||
|
webhookActionId: number;
|
||||||
|
encryptedConfig: string;
|
||||||
|
};
|
||||||
|
|
||||||
const idpUpdates: IdpUpdate[] = [];
|
const idpUpdates: IdpUpdate[] = [];
|
||||||
const licenseKeyUpdates: LicenseKeyUpdate[] = [];
|
const licenseKeyUpdates: LicenseKeyUpdate[] = [];
|
||||||
|
const certUpdates: CertUpdate[] = [];
|
||||||
|
const streamingDestinationUpdates: StreamingDestinationUpdate[] = [];
|
||||||
|
const webhookActionUpdates: WebhookActionUpdate[] = [];
|
||||||
|
|
||||||
// Process idpOidcConfig entries
|
// Process idpOidcConfig entries
|
||||||
for (const idpConfig of idpConfigs) {
|
for (const idpConfig of idpConfigs) {
|
||||||
@@ -217,6 +242,70 @@ export const rotateServerSecret: CommandModule<
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Process certificate entries
|
||||||
|
for (const cert of certs) {
|
||||||
|
try {
|
||||||
|
const encryptedCertFile = cert.certFile
|
||||||
|
? encrypt(decrypt(cert.certFile, oldSecret), newSecret)
|
||||||
|
: null;
|
||||||
|
const encryptedKeyFile = cert.keyFile
|
||||||
|
? encrypt(decrypt(cert.keyFile, oldSecret), newSecret)
|
||||||
|
: null;
|
||||||
|
|
||||||
|
certUpdates.push({
|
||||||
|
certId: cert.certId,
|
||||||
|
encryptedCertFile,
|
||||||
|
encryptedKeyFile
|
||||||
|
});
|
||||||
|
} catch (error) {
|
||||||
|
console.error(
|
||||||
|
`Error processing certificate ${cert.certId} (${cert.domain}):`,
|
||||||
|
error
|
||||||
|
);
|
||||||
|
throw error;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Process eventStreamingDestinations entries
|
||||||
|
for (const dest of streamingDestinations) {
|
||||||
|
try {
|
||||||
|
const decryptedConfig = decrypt(dest.config, oldSecret);
|
||||||
|
const encryptedConfig = encrypt(decryptedConfig, newSecret);
|
||||||
|
|
||||||
|
streamingDestinationUpdates.push({
|
||||||
|
destinationId: dest.destinationId,
|
||||||
|
encryptedConfig
|
||||||
|
});
|
||||||
|
} catch (error) {
|
||||||
|
console.error(
|
||||||
|
`Error processing event streaming destination ${dest.destinationId}:`,
|
||||||
|
error
|
||||||
|
);
|
||||||
|
throw error;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Process alertWebhookActions entries
|
||||||
|
for (const webhook of webhookActions) {
|
||||||
|
try {
|
||||||
|
if (webhook.config == null) continue;
|
||||||
|
|
||||||
|
const decryptedConfig = decrypt(webhook.config, oldSecret);
|
||||||
|
const encryptedConfig = encrypt(decryptedConfig, newSecret);
|
||||||
|
|
||||||
|
webhookActionUpdates.push({
|
||||||
|
webhookActionId: webhook.webhookActionId,
|
||||||
|
encryptedConfig
|
||||||
|
});
|
||||||
|
} catch (error) {
|
||||||
|
console.error(
|
||||||
|
`Error processing alert webhook action ${webhook.webhookActionId}:`,
|
||||||
|
error
|
||||||
|
);
|
||||||
|
throw error;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Perform all database updates in a single transaction
|
// Perform all database updates in a single transaction
|
||||||
console.log("\nUpdating database in transaction...");
|
console.log("\nUpdating database in transaction...");
|
||||||
await db.transaction(async (trx) => {
|
await db.transaction(async (trx) => {
|
||||||
@@ -250,10 +339,50 @@ export const rotateServerSecret: CommandModule<
|
|||||||
instanceId: update.encryptedInstanceId
|
instanceId: update.encryptedInstanceId
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Update certificate entries
|
||||||
|
for (const update of certUpdates) {
|
||||||
|
await trx
|
||||||
|
.update(certificates)
|
||||||
|
.set({
|
||||||
|
certFile: update.encryptedCertFile,
|
||||||
|
keyFile: update.encryptedKeyFile
|
||||||
|
})
|
||||||
|
.where(eq(certificates.certId, update.certId));
|
||||||
|
}
|
||||||
|
|
||||||
|
// Update event streaming destination entries
|
||||||
|
for (const update of streamingDestinationUpdates) {
|
||||||
|
await trx
|
||||||
|
.update(eventStreamingDestinations)
|
||||||
|
.set({ config: update.encryptedConfig })
|
||||||
|
.where(
|
||||||
|
eq(
|
||||||
|
eventStreamingDestinations.destinationId,
|
||||||
|
update.destinationId
|
||||||
|
)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Update alert webhook action entries
|
||||||
|
for (const update of webhookActionUpdates) {
|
||||||
|
await trx
|
||||||
|
.update(alertWebhookActions)
|
||||||
|
.set({ config: update.encryptedConfig })
|
||||||
|
.where(
|
||||||
|
eq(
|
||||||
|
alertWebhookActions.webhookActionId,
|
||||||
|
update.webhookActionId
|
||||||
|
)
|
||||||
|
);
|
||||||
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
console.log(`Rotated ${idpUpdates.length} OIDC IdP configuration(s)`);
|
console.log(`Rotated ${idpUpdates.length} OIDC IdP configuration(s)`);
|
||||||
console.log(`Rotated ${licenseKeyUpdates.length} license key(s)`);
|
console.log(`Rotated ${licenseKeyUpdates.length} license key(s)`);
|
||||||
|
console.log(`Rotated ${certUpdates.length} certificate(s)`);
|
||||||
|
console.log(`Rotated ${streamingDestinationUpdates.length} event streaming destination(s)`);
|
||||||
|
console.log(`Rotated ${webhookActionUpdates.length} alert webhook action(s)`);
|
||||||
|
|
||||||
// Update config file with new secret
|
// Update config file with new secret
|
||||||
console.log("\nUpdating config file...");
|
console.log("\nUpdating config file...");
|
||||||
@@ -270,6 +399,9 @@ export const rotateServerSecret: CommandModule<
|
|||||||
console.log(`\nSummary:`);
|
console.log(`\nSummary:`);
|
||||||
console.log(` - OIDC IdP configurations: ${idpUpdates.length}`);
|
console.log(` - OIDC IdP configurations: ${idpUpdates.length}`);
|
||||||
console.log(` - License keys: ${licenseKeyUpdates.length}`);
|
console.log(` - License keys: ${licenseKeyUpdates.length}`);
|
||||||
|
console.log(` - Certificates: ${certUpdates.length}`);
|
||||||
|
console.log(` - Event streaming destinations: ${streamingDestinationUpdates.length}`);
|
||||||
|
console.log(` - Alert webhook actions: ${webhookActionUpdates.length}`);
|
||||||
console.log(
|
console.log(
|
||||||
`\n IMPORTANT: Restart the server for the new secret to take effect.`
|
`\n IMPORTANT: Restart the server for the new secret to take effect.`
|
||||||
);
|
);
|
||||||
|
|||||||
@@ -0,0 +1,85 @@
|
|||||||
|
import { CommandModule } from "yargs";
|
||||||
|
import { db, users } from "@server/db";
|
||||||
|
import { eq } from "drizzle-orm";
|
||||||
|
|
||||||
|
type SetServerAdminArgs = {
|
||||||
|
email: string;
|
||||||
|
remove: boolean;
|
||||||
|
};
|
||||||
|
|
||||||
|
export const setServerAdmin: CommandModule<{}, SetServerAdminArgs> = {
|
||||||
|
command: "set-server-admin",
|
||||||
|
describe: "Add or remove server admin by email address",
|
||||||
|
builder: (yargs) => {
|
||||||
|
return yargs
|
||||||
|
.option("email", {
|
||||||
|
type: "string",
|
||||||
|
demandOption: true,
|
||||||
|
describe: "User email address"
|
||||||
|
})
|
||||||
|
.option("remove", {
|
||||||
|
type: "boolean",
|
||||||
|
default: false,
|
||||||
|
describe: "Remove server admin status from the user"
|
||||||
|
});
|
||||||
|
},
|
||||||
|
handler: async (argv: SetServerAdminArgs) => {
|
||||||
|
try {
|
||||||
|
const email = argv.email.trim().toLowerCase();
|
||||||
|
|
||||||
|
const [user] = await db
|
||||||
|
.select()
|
||||||
|
.from(users)
|
||||||
|
.where(eq(users.email, email))
|
||||||
|
.limit(1);
|
||||||
|
|
||||||
|
if (!user) {
|
||||||
|
console.error(`User with email '${email}' not found`);
|
||||||
|
process.exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (argv.remove) {
|
||||||
|
if (!user.serverAdmin) {
|
||||||
|
console.log(`User '${email}' is not a server admin`);
|
||||||
|
process.exit(0);
|
||||||
|
}
|
||||||
|
|
||||||
|
const serverAdmins = await db
|
||||||
|
.select()
|
||||||
|
.from(users)
|
||||||
|
.where(eq(users.serverAdmin, true));
|
||||||
|
|
||||||
|
if (serverAdmins.length <= 1) {
|
||||||
|
console.error(
|
||||||
|
"Cannot remove server admin: at least one server admin must exist"
|
||||||
|
);
|
||||||
|
process.exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
await db
|
||||||
|
.update(users)
|
||||||
|
.set({ serverAdmin: false })
|
||||||
|
.where(eq(users.userId, user.userId));
|
||||||
|
|
||||||
|
console.log(`Server admin status removed from user '${email}'`);
|
||||||
|
process.exit(0);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (user.serverAdmin) {
|
||||||
|
console.log(`User '${email}' is already a server admin`);
|
||||||
|
process.exit(0);
|
||||||
|
}
|
||||||
|
|
||||||
|
await db
|
||||||
|
.update(users)
|
||||||
|
.set({ serverAdmin: true })
|
||||||
|
.where(eq(users.userId, user.userId));
|
||||||
|
|
||||||
|
console.log(`User '${email}' has been marked as a server admin`);
|
||||||
|
process.exit(0);
|
||||||
|
} catch (error) {
|
||||||
|
console.error("Error:", error);
|
||||||
|
process.exit(1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
@@ -9,6 +9,9 @@ import { rotateServerSecret } from "./commands/rotateServerSecret";
|
|||||||
import { clearLicenseKeys } from "./commands/clearLicenseKeys";
|
import { clearLicenseKeys } from "./commands/clearLicenseKeys";
|
||||||
import { deleteClient } from "./commands/deleteClient";
|
import { deleteClient } from "./commands/deleteClient";
|
||||||
import { generateOrgCaKeys } from "./commands/generateOrgCaKeys";
|
import { generateOrgCaKeys } from "./commands/generateOrgCaKeys";
|
||||||
|
import { clearCertificates } from "./commands/clearCertificates";
|
||||||
|
import { disableUser2fa } from "./commands/disableUser2fa";
|
||||||
|
import { setServerAdmin } from "./commands/setServerAdmin";
|
||||||
|
|
||||||
yargs(hideBin(process.argv))
|
yargs(hideBin(process.argv))
|
||||||
.scriptName("pangctl")
|
.scriptName("pangctl")
|
||||||
@@ -19,5 +22,8 @@ yargs(hideBin(process.argv))
|
|||||||
.command(clearLicenseKeys)
|
.command(clearLicenseKeys)
|
||||||
.command(deleteClient)
|
.command(deleteClient)
|
||||||
.command(generateOrgCaKeys)
|
.command(generateOrgCaKeys)
|
||||||
|
.command(clearCertificates)
|
||||||
|
.command(disableUser2fa)
|
||||||
|
.command(setServerAdmin)
|
||||||
.demandCommand()
|
.demandCommand()
|
||||||
.help().argv;
|
.help().argv;
|
||||||
|
|||||||
@@ -0,0 +1,12 @@
|
|||||||
|
services:
|
||||||
|
mailer:
|
||||||
|
image: axllent/mailpit
|
||||||
|
ports:
|
||||||
|
- 8025:8025
|
||||||
|
- 1025:1025
|
||||||
|
volumes:
|
||||||
|
- mailpit-storage:/data
|
||||||
|
environment:
|
||||||
|
- MP_DATABASE=/data/mailpit.db
|
||||||
|
volumes:
|
||||||
|
mailpit-storage:
|
||||||
@@ -1,54 +1,47 @@
|
|||||||
api:
|
api:
|
||||||
insecure: true
|
insecure: true
|
||||||
dashboard: true
|
dashboard: true
|
||||||
|
|
||||||
providers:
|
providers:
|
||||||
http:
|
http:
|
||||||
endpoint: "http://pangolin:3001/api/v1/traefik-config"
|
endpoint: http://pangolin:3001/api/v1/traefik-config
|
||||||
pollInterval: "5s"
|
pollInterval: 5s
|
||||||
file:
|
file:
|
||||||
filename: "/etc/traefik/dynamic_config.yml"
|
filename: /etc/traefik/dynamic_config.yml
|
||||||
|
|
||||||
experimental:
|
experimental:
|
||||||
plugins:
|
plugins:
|
||||||
badger:
|
badger:
|
||||||
moduleName: "github.com/fosrl/badger"
|
moduleName: github.com/fosrl/badger
|
||||||
version: "{{.BadgerVersion}}"
|
version: v1.4.1
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: "INFO"
|
level: INFO
|
||||||
format: "common"
|
format: common
|
||||||
maxSize: 100
|
maxSize: 100
|
||||||
maxBackups: 3
|
maxBackups: 3
|
||||||
maxAge: 3
|
maxAge: 3
|
||||||
compress: true
|
compress: true
|
||||||
|
|
||||||
certificatesResolvers:
|
certificatesResolvers:
|
||||||
letsencrypt:
|
letsencrypt:
|
||||||
acme:
|
acme:
|
||||||
httpChallenge:
|
httpChallenge:
|
||||||
entryPoint: web
|
entryPoint: web
|
||||||
email: "{{.LetsEncryptEmail}}"
|
email: '{{.LetsEncryptEmail}}'
|
||||||
storage: "/letsencrypt/acme.json"
|
storage: /letsencrypt/acme.json
|
||||||
caServer: "https://acme-v02.api.letsencrypt.org/directory"
|
caServer: https://acme-v02.api.letsencrypt.org/directory
|
||||||
|
|
||||||
entryPoints:
|
entryPoints:
|
||||||
web:
|
web:
|
||||||
address: ":80"
|
address: ':80'
|
||||||
websecure:
|
websecure:
|
||||||
address: ":443"
|
address: ':443'
|
||||||
transport:
|
transport:
|
||||||
respondingTimeouts:
|
respondingTimeouts:
|
||||||
readTimeout: "30m"
|
readTimeout: 30m
|
||||||
http:
|
http:
|
||||||
tls:
|
tls:
|
||||||
certResolver: "letsencrypt"
|
certResolver: letsencrypt
|
||||||
encodedCharacters:
|
encodedCharacters:
|
||||||
allowEncodedSlash: true
|
allowEncodedSlash: true
|
||||||
allowEncodedQuestionMark: true
|
allowEncodedQuestionMark: true
|
||||||
|
|
||||||
serversTransport:
|
serversTransport:
|
||||||
insecureSkipVerify: true
|
insecureSkipVerify: true
|
||||||
|
|
||||||
ping:
|
ping:
|
||||||
entryPoint: "web"
|
entryPoint: web
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
import { APP_PATH } from "@server/lib/consts";
|
import { APP_PATH } from "./server/lib/consts";
|
||||||
import { defineConfig } from "drizzle-kit";
|
import { defineConfig } from "drizzle-kit";
|
||||||
import path from "path";
|
import path from "path";
|
||||||
|
|
||||||
|
|||||||
@@ -22,7 +22,8 @@ server:
|
|||||||
methods: ["GET", "POST", "PUT", "DELETE", "PATCH"]
|
methods: ["GET", "POST", "PUT", "DELETE", "PATCH"]
|
||||||
allowed_headers: ["X-CSRF-Token", "Content-Type"]
|
allowed_headers: ["X-CSRF-Token", "Content-Type"]
|
||||||
credentials: false
|
credentials: false
|
||||||
{{if .EnableGeoblocking}}maxmind_db_path: "./config/GeoLite2-Country.mmdb"{{end}}
|
{{if .EnableMaxMind}}maxmind_db_path: "./config/GeoLite2-Country.mmdb"{{end}}
|
||||||
|
{{if .EnableMaxMind}}maxmind_asn_path: "./config/GeoLite2-ASN.mmdb"{{end}}
|
||||||
{{if .EnableEmail}}
|
{{if .EnableEmail}}
|
||||||
email:
|
email:
|
||||||
smtp_host: "{{.EmailSMTPHost}}"
|
smtp_host: "{{.EmailSMTPHost}}"
|
||||||
@@ -36,3 +37,6 @@ flags:
|
|||||||
disable_signup_without_invite: true
|
disable_signup_without_invite: true
|
||||||
disable_user_create_org: false
|
disable_user_create_org: false
|
||||||
allow_raw_resources: true
|
allow_raw_resources: true
|
||||||
|
|
||||||
|
{{if .IsPostgreSQL}}postgres:
|
||||||
|
connection_string: postgresql://pangolin:{{.IsPostgreSQLPass}}@postgres:5432/pangolin{{end}}
|
||||||
|
|||||||
@@ -1,15 +1,23 @@
|
|||||||
name: pangolin
|
name: pangolin
|
||||||
services:
|
services:
|
||||||
pangolin:
|
pangolin:
|
||||||
image: docker.io/fosrl/pangolin:{{if .IsEnterprise}}ee-{{end}}{{.PangolinVersion}}
|
image: docker.io/fosrl/pangolin:{{if .IsEnterprise}}ee-{{end}}{{if .IsPostgreSQL}}postgresql-{{end}}{{.PangolinVersion}}
|
||||||
container_name: pangolin
|
container_name: pangolin
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
deploy:
|
deploy:
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
memory: 1g
|
memory: 2g
|
||||||
reservations:
|
reservations:
|
||||||
memory: 256m
|
memory: 512m
|
||||||
|
{{if or .IsPostgreSQL .IsRedis}}depends_on:
|
||||||
|
{{if .IsPostgreSQL}}postgres:
|
||||||
|
condition: service_healthy{{end}}
|
||||||
|
{{if .IsRedis}}redis:
|
||||||
|
condition: service_healthy{{end}}
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- backend{{end}}
|
||||||
volumes:
|
volumes:
|
||||||
- ./config:/app/config
|
- ./config:/app/config
|
||||||
healthcheck:
|
healthcheck:
|
||||||
@@ -17,8 +25,8 @@ services:
|
|||||||
interval: "10s"
|
interval: "10s"
|
||||||
timeout: "10s"
|
timeout: "10s"
|
||||||
retries: 15
|
retries: 15
|
||||||
{{if .InstallGerbil}}
|
|
||||||
gerbil:
|
{{if .InstallGerbil}}gerbil:
|
||||||
image: docker.io/fosrl/gerbil:{{.GerbilVersion}}
|
image: docker.io/fosrl/gerbil:{{.GerbilVersion}}
|
||||||
container_name: gerbil
|
container_name: gerbil
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -39,17 +47,16 @@ services:
|
|||||||
- 21820:21820/udp
|
- 21820:21820/udp
|
||||||
- 443:443
|
- 443:443
|
||||||
- 443:443/udp # For http3 QUIC if desired
|
- 443:443/udp # For http3 QUIC if desired
|
||||||
- 80:80
|
- 80:80{{end}}
|
||||||
{{end}}
|
|
||||||
traefik:
|
traefik:
|
||||||
image: docker.io/traefik:v3.6
|
image: docker.io/traefik:v3.6
|
||||||
container_name: traefik
|
container_name: traefik
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
{{if .InstallGerbil}} network_mode: service:gerbil # Ports appear on the gerbil service{{end}}{{if not .InstallGerbil}}
|
{{if .InstallGerbil}}network_mode: service:gerbil # Ports appear on the gerbil service{{end}}{{if not .InstallGerbil}}
|
||||||
ports:
|
ports:
|
||||||
- 443:443
|
- 443:443
|
||||||
- 80:80
|
- 80:80{{end}}
|
||||||
{{end}}
|
|
||||||
depends_on:
|
depends_on:
|
||||||
pangolin:
|
pangolin:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
@@ -60,8 +67,50 @@ services:
|
|||||||
- ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates
|
- ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates
|
||||||
- ./config/traefik/logs:/var/log/traefik # Volume to store Traefik logs
|
- ./config/traefik/logs:/var/log/traefik # Volume to store Traefik logs
|
||||||
|
|
||||||
|
{{if .IsPostgreSQL}}postgres:
|
||||||
|
image: postgres:18
|
||||||
|
container_name: postgres
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
POSTGRES_USER: pangolin
|
||||||
|
POSTGRES_PASSWORD: {{.IsPostgreSQLPass}}
|
||||||
|
POSTGRES_DB: pangolin
|
||||||
|
volumes:
|
||||||
|
- ./postgres18:/var/lib/postgresql
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD-SHELL", "pg_isready -U pangolin"]
|
||||||
|
interval: 10s
|
||||||
|
timeout: 5s
|
||||||
|
retries: 5
|
||||||
|
networks:
|
||||||
|
- backend{{end}}
|
||||||
|
|
||||||
|
{{if .IsRedis}}redis:
|
||||||
|
image: redis:8-trixie
|
||||||
|
container_name: redis
|
||||||
|
restart: unless-stopped
|
||||||
|
command: >
|
||||||
|
redis-server
|
||||||
|
--save 3600 1000
|
||||||
|
--appendonly yes
|
||||||
|
--requirepass {{.IsRedisPass}}
|
||||||
|
volumes:
|
||||||
|
- ./redis8:/data
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "redis-cli", "-a", "{{.IsRedisPass}}", "ping"]
|
||||||
|
interval: 10s
|
||||||
|
timeout: 3s
|
||||||
|
retries: 3
|
||||||
|
start_period: 10s
|
||||||
|
networks:
|
||||||
|
- backend{{end}}
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
default:
|
default:
|
||||||
driver: bridge
|
driver: bridge
|
||||||
name: pangolin
|
name: pangolin_frontend
|
||||||
{{if .EnableIPv6}} enable_ipv6: true{{end}}
|
{{if .EnableIPv6}} enable_ipv6: true{{end}}
|
||||||
|
{{if or .IsPostgreSQL .IsRedis}} backend:
|
||||||
|
driver: bridge
|
||||||
|
name: pangolin_backend
|
||||||
|
internal: true{{end}}
|
||||||
|
|||||||
@@ -0,0 +1,4 @@
|
|||||||
|
{{if .IsRedis}}redis:
|
||||||
|
host: "redis"
|
||||||
|
port: 6379
|
||||||
|
password: "{{.IsRedisPass}}"{{end}}
|
||||||
@@ -6,12 +6,13 @@ import (
|
|||||||
"log"
|
"log"
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
|
"path/filepath"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"gopkg.in/yaml.v3"
|
"gopkg.in/yaml.v3"
|
||||||
)
|
)
|
||||||
|
|
||||||
func installCrowdsec(config Config) error {
|
func installCrowdsec(config Config, installDir string) error {
|
||||||
|
|
||||||
if err := stopContainers(config.InstallationContainerType); err != nil {
|
if err := stopContainers(config.InstallationContainerType); err != nil {
|
||||||
return fmt.Errorf("failed to stop containers: %v", err)
|
return fmt.Errorf("failed to stop containers: %v", err)
|
||||||
@@ -40,6 +41,8 @@ func installCrowdsec(config Config) error {
|
|||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
setupTraefikLogRotate(installDir)
|
||||||
|
|
||||||
if err := copyDockerService("config/crowdsec/docker-compose.yml", "docker-compose.yml", "crowdsec"); err != nil {
|
if err := copyDockerService("config/crowdsec/docker-compose.yml", "docker-compose.yml", "crowdsec"); err != nil {
|
||||||
fmt.Printf("Error copying docker service: %v\n", err)
|
fmt.Printf("Error copying docker service: %v\n", err)
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
@@ -208,3 +211,69 @@ func CheckAndAddCrowdsecDependency(composePath string) error {
|
|||||||
fmt.Println("Added dependency of crowdsec to traefik")
|
fmt.Println("Added dependency of crowdsec to traefik")
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// setupTraefikLogRotate writes a logrotate config for the Traefik access log
|
||||||
|
// that CrowdSec depends on. This is only needed when CrowdSec is installed
|
||||||
|
// because the default Pangolin install does not enable Traefik access logs.
|
||||||
|
//
|
||||||
|
// copytruncate is used so Traefik does not need to be restarted or sent a
|
||||||
|
// signal after rotation — it keeps writing to the same file descriptor while
|
||||||
|
// the rotated copy is made and the original is truncated in place.
|
||||||
|
func setupTraefikLogRotate(installDir string) {
|
||||||
|
const logrotateDir = "/etc/logrotate.d"
|
||||||
|
const logrotateFile = "/etc/logrotate.d/pangolin-traefik"
|
||||||
|
|
||||||
|
logPath := filepath.Join(installDir, "config/traefik/logs/access.log")
|
||||||
|
|
||||||
|
if os.Geteuid() != 0 {
|
||||||
|
fmt.Println("\n[logrotate] Skipping automatic logrotate setup: not running as root.")
|
||||||
|
fmt.Println("[logrotate] To prevent unbounded growth of the Traefik access log used by CrowdSec,")
|
||||||
|
fmt.Println("[logrotate] create the file /etc/logrotate.d/pangolin-traefik manually with:")
|
||||||
|
printLogrotateConfig(logPath)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
config := fmt.Sprintf(`# Logrotate config for Traefik access logs used by CrowdSec.
|
||||||
|
# Generated by the Pangolin installer. Safe to edit.
|
||||||
|
%s {
|
||||||
|
daily
|
||||||
|
rotate 7
|
||||||
|
compress
|
||||||
|
delaycompress
|
||||||
|
missingok
|
||||||
|
notifempty
|
||||||
|
copytruncate
|
||||||
|
}
|
||||||
|
`, logPath)
|
||||||
|
|
||||||
|
if err := os.MkdirAll(logrotateDir, 0755); err != nil {
|
||||||
|
fmt.Printf("[logrotate] Warning: could not create %s: %v\n", logrotateDir, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := os.WriteFile(logrotateFile, []byte(config), 0644); err != nil {
|
||||||
|
fmt.Printf("[logrotate] Warning: could not write %s: %v\n", logrotateFile, err)
|
||||||
|
fmt.Println("[logrotate] Set it up manually:")
|
||||||
|
printLogrotateConfig(logPath)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
fmt.Printf("[logrotate] Wrote logrotate config to %s\n", logrotateFile)
|
||||||
|
fmt.Println("[logrotate] Traefik access logs will be rotated daily, keeping 7 compressed copies.")
|
||||||
|
}
|
||||||
|
|
||||||
|
// printLogrotateConfig prints a logrotate config block to stdout so users can
|
||||||
|
// set it up manually when the installer cannot write to /etc.
|
||||||
|
func printLogrotateConfig(logPath string) {
|
||||||
|
fmt.Printf(`
|
||||||
|
%s {
|
||||||
|
daily
|
||||||
|
rotate 7
|
||||||
|
compress
|
||||||
|
delaycompress
|
||||||
|
missingok
|
||||||
|
notifempty
|
||||||
|
copytruncate
|
||||||
|
}
|
||||||
|
`, logPath)
|
||||||
|
}
|
||||||
|
|||||||
@@ -5,7 +5,7 @@ go 1.25.0
|
|||||||
require (
|
require (
|
||||||
github.com/charmbracelet/huh v1.0.0
|
github.com/charmbracelet/huh v1.0.0
|
||||||
github.com/charmbracelet/lipgloss v1.1.0
|
github.com/charmbracelet/lipgloss v1.1.0
|
||||||
golang.org/x/term v0.42.0
|
golang.org/x/term v0.44.0
|
||||||
gopkg.in/yaml.v3 v3.0.1
|
gopkg.in/yaml.v3 v3.0.1
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -33,6 +33,6 @@ require (
|
|||||||
github.com/rivo/uniseg v0.4.7 // indirect
|
github.com/rivo/uniseg v0.4.7 // indirect
|
||||||
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
|
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
|
||||||
golang.org/x/sync v0.15.0 // indirect
|
golang.org/x/sync v0.15.0 // indirect
|
||||||
golang.org/x/sys v0.43.0 // indirect
|
golang.org/x/sys v0.46.0 // indirect
|
||||||
golang.org/x/text v0.23.0 // indirect
|
golang.org/x/text v0.23.0 // indirect
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -69,10 +69,10 @@ golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8=
|
|||||||
golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
|
golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
|
||||||
golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||||
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||||
golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI=
|
golang.org/x/sys v0.46.0 h1:noSf2Fq6F8DBgS+LysIkx7rIExoNHJsxOAtPp4rthXw=
|
||||||
golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
|
golang.org/x/sys v0.46.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
|
||||||
golang.org/x/term v0.42.0 h1:UiKe+zDFmJobeJ5ggPwOshJIVt6/Ft0rcfrXZDLWAWY=
|
golang.org/x/term v0.44.0 h1:0rLvDRCtNj0gZkyIXhCyOb2OAzEhLVqc4B+hrsBhrmc=
|
||||||
golang.org/x/term v0.42.0/go.mod h1:Dq/D+snpsbazcBG5+F9Q1n2rXV8Ma+71xEjTRufARgY=
|
golang.org/x/term v0.44.0/go.mod h1:7ze4MdzUzLXpSAoFP1H0bOI9aXDqveSvatT5vKcFh2Y=
|
||||||
golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
|
golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
|
||||||
golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
|
golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
|
||||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
|
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
|
||||||
|
|||||||
@@ -4,6 +4,7 @@ import (
|
|||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"embed"
|
"embed"
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
|
"flag"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"io/fs"
|
"io/fs"
|
||||||
@@ -53,9 +54,13 @@ type Config struct {
|
|||||||
InstallGerbil bool
|
InstallGerbil bool
|
||||||
TraefikBouncerKey string
|
TraefikBouncerKey string
|
||||||
DoCrowdsecInstall bool
|
DoCrowdsecInstall bool
|
||||||
EnableGeoblocking bool
|
EnableMaxMind bool
|
||||||
Secret string
|
Secret string
|
||||||
IsEnterprise bool
|
IsEnterprise bool
|
||||||
|
IsPostgreSQL bool
|
||||||
|
IsPostgreSQLPass string
|
||||||
|
IsRedis bool
|
||||||
|
IsRedisPass string
|
||||||
}
|
}
|
||||||
|
|
||||||
type SupportedContainer string
|
type SupportedContainer string
|
||||||
@@ -66,8 +71,14 @@ const (
|
|||||||
Undefined SupportedContainer = "undefined"
|
Undefined SupportedContainer = "undefined"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
var redisFlag *bool
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
|
|
||||||
|
crowdsecFlag := flag.Bool("crowdsec", false, "Enable the CrowdSec installation prompt")
|
||||||
|
redisFlag = flag.Bool("redis", false, "Install Redis as cacheing solution. Required for HA. Not required for the Enterprise version.")
|
||||||
|
flag.Parse()
|
||||||
|
|
||||||
// print a banner about prerequisites - opening port 80, 443, 51820, and 21820 on the VPS and firewall and pointing your domain to the VPS IP with a records. Docs are at http://localhost:3000/Getting%20Started/dns-networking
|
// print a banner about prerequisites - opening port 80, 443, 51820, and 21820 on the VPS and firewall and pointing your domain to the VPS IP with a records. Docs are at http://localhost:3000/Getting%20Started/dns-networking
|
||||||
|
|
||||||
fmt.Println("Welcome to the Pangolin installer!")
|
fmt.Println("Welcome to the Pangolin installer!")
|
||||||
@@ -119,11 +130,11 @@ func main() {
|
|||||||
|
|
||||||
fmt.Println("\nConfiguration files created successfully!")
|
fmt.Println("\nConfiguration files created successfully!")
|
||||||
|
|
||||||
// Download MaxMind database if requested
|
// Download MaxMind Country / ASN database if requested
|
||||||
if config.EnableGeoblocking {
|
if config.EnableMaxMind {
|
||||||
fmt.Println("\n=== Downloading MaxMind Database ===")
|
fmt.Println("\n=== Downloading MaxMind Country and ASN Databases ===")
|
||||||
if err := downloadMaxMindDatabase(); err != nil {
|
if err := downloadMaxMindDatabase(); err != nil {
|
||||||
fmt.Printf("Error downloading MaxMind database: %v\n", err)
|
fmt.Printf("Error downloading MaxMind databases: %v\n", err)
|
||||||
fmt.Println("You can download it manually later if needed.")
|
fmt.Println("You can download it manually later if needed.")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -184,15 +195,15 @@ func main() {
|
|||||||
fmt.Println("\n=== MaxMind Database Update ===")
|
fmt.Println("\n=== MaxMind Database Update ===")
|
||||||
if _, err := os.Stat("config/GeoLite2-Country.mmdb"); err == nil {
|
if _, err := os.Stat("config/GeoLite2-Country.mmdb"); err == nil {
|
||||||
fmt.Println("MaxMind GeoLite2 Country database found.")
|
fmt.Println("MaxMind GeoLite2 Country database found.")
|
||||||
if readBool("Would you like to update the MaxMind database to the latest version?", false) {
|
if readBool("Would you like to update the MaxMind databases (Country and ASN) to the latest version?", false) {
|
||||||
if err := downloadMaxMindDatabase(); err != nil {
|
if err := downloadMaxMindDatabase(); err != nil {
|
||||||
fmt.Printf("Error updating MaxMind database: %v\n", err)
|
fmt.Printf("Error updating MaxMind database: %v\n", err)
|
||||||
fmt.Println("You can try updating it manually later if needed.")
|
fmt.Println("You can try updating it manually later if needed.")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
fmt.Println("MaxMind GeoLite2 Country database not found.")
|
fmt.Println("MaxMind GeoLite2 Country and ASN databases not found.")
|
||||||
if readBool("Would you like to download the MaxMind GeoLite2 database for geoblocking functionality?", false) {
|
if readBool("Would you like to download the MaxMind GeoLite2 databases for blocking functionality?", false) {
|
||||||
if err := downloadMaxMindDatabase(); err != nil {
|
if err := downloadMaxMindDatabase(); err != nil {
|
||||||
fmt.Printf("Error downloading MaxMind database: %v\n", err)
|
fmt.Printf("Error downloading MaxMind database: %v\n", err)
|
||||||
fmt.Println("You can try downloading it manually later if needed.")
|
fmt.Println("You can try downloading it manually later if needed.")
|
||||||
@@ -200,13 +211,15 @@ func main() {
|
|||||||
// Now you need to update your config file accordingly to enable geoblocking
|
// Now you need to update your config file accordingly to enable geoblocking
|
||||||
fmt.Print("Please remember to update your config/config.yml file to enable geoblocking! \n\n")
|
fmt.Print("Please remember to update your config/config.yml file to enable geoblocking! \n\n")
|
||||||
// add maxmind_db_path: "./config/GeoLite2-Country.mmdb" under server
|
// add maxmind_db_path: "./config/GeoLite2-Country.mmdb" under server
|
||||||
fmt.Println("Add the following line under the 'server' section:")
|
// add maxmind_asn_path: "./config/GeoLite2-ASN.mmdb" under server
|
||||||
|
fmt.Println("Add the following lines under the 'server' section:")
|
||||||
fmt.Println(" maxmind_db_path: \"./config/GeoLite2-Country.mmdb\"")
|
fmt.Println(" maxmind_db_path: \"./config/GeoLite2-Country.mmdb\"")
|
||||||
|
fmt.Println(" maxmind_asn_path: \"./config/GeoLite2-ASN.mmdb\"")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if !checkIsCrowdsecInstalledInCompose() {
|
if *crowdsecFlag && !checkIsCrowdsecInstalledInCompose() {
|
||||||
fmt.Println("\n=== CrowdSec Install ===")
|
fmt.Println("\n=== CrowdSec Install ===")
|
||||||
// check if crowdsec is installed
|
// check if crowdsec is installed
|
||||||
if readBool("Would you like to install CrowdSec?", false) {
|
if readBool("Would you like to install CrowdSec?", false) {
|
||||||
@@ -259,7 +272,7 @@ func main() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
config.DoCrowdsecInstall = true
|
config.DoCrowdsecInstall = true
|
||||||
err := installCrowdsec(config)
|
err := installCrowdsec(config, installDir)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Printf("Error installing CrowdSec: %v\n", err)
|
fmt.Printf("Error installing CrowdSec: %v\n", err)
|
||||||
return
|
return
|
||||||
@@ -480,6 +493,17 @@ func collectUserInput() Config {
|
|||||||
fmt.Println("\n=== Basic Configuration ===")
|
fmt.Println("\n=== Basic Configuration ===")
|
||||||
|
|
||||||
config.IsEnterprise = readBoolNoDefault("Do you want to install the Enterprise version of Pangolin? The EE is free for personal use or for businesses making less than 100k USD annually.")
|
config.IsEnterprise = readBoolNoDefault("Do you want to install the Enterprise version of Pangolin? The EE is free for personal use or for businesses making less than 100k USD annually.")
|
||||||
|
if config.IsEnterprise {
|
||||||
|
if *redisFlag {
|
||||||
|
config.IsRedis = true
|
||||||
|
config.IsRedisPass = readPassword("Enter a unique password for the Redis service.")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
config.IsPostgreSQL = readBool("Do you want to use PostgreSQL (not recommended for most users)?", false)
|
||||||
|
if config.IsPostgreSQL {
|
||||||
|
config.IsPostgreSQLPass = readPassword("Enter a unique password for the PostgreSQL pangolin user.")
|
||||||
|
}
|
||||||
|
|
||||||
config.BaseDomain = readString("Enter your base domain (no subdomain e.g. example.com)", "")
|
config.BaseDomain = readString("Enter your base domain (no subdomain e.g. example.com)", "")
|
||||||
|
|
||||||
@@ -523,7 +547,7 @@ func collectUserInput() Config {
|
|||||||
fmt.Println("\n=== Advanced Configuration ===")
|
fmt.Println("\n=== Advanced Configuration ===")
|
||||||
|
|
||||||
config.EnableIPv6 = readBool("Is your server IPv6 capable?", true)
|
config.EnableIPv6 = readBool("Is your server IPv6 capable?", true)
|
||||||
config.EnableGeoblocking = readBool("Do you want to download the MaxMind GeoLite2 database for geoblocking functionality?", true)
|
config.EnableMaxMind = readBool("Do you want to download the MaxMind GeoLite2 Country and ASN databases for blocking functionality?", true)
|
||||||
|
|
||||||
if config.DashboardDomain == "" {
|
if config.DashboardDomain == "" {
|
||||||
fmt.Println("Error: Dashboard Domain name is required")
|
fmt.Println("Error: Dashboard Domain name is required")
|
||||||
@@ -776,29 +800,42 @@ func checkPortsAvailable(port int) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func downloadMaxMindDatabase() error {
|
func downloadMaxMindDatabase() error {
|
||||||
fmt.Println("Downloading MaxMind GeoLite2 Country database...")
|
fmt.Println("Downloading MaxMind GeoLite2 Country and ASN databases...")
|
||||||
|
|
||||||
// Download the GeoLite2 Country database
|
// Download the GeoLite2 Country databases
|
||||||
if err := run("curl", "-L", "-o", "GeoLite2-Country.tar.gz",
|
if err := run("curl", "-L", "-o", "GeoLite2-Country.tar.gz",
|
||||||
"https://github.com/GitSquared/node-geolite2-redist/raw/refs/heads/master/redist/GeoLite2-Country.tar.gz"); err != nil {
|
"https://github.com/GitSquared/node-geolite2-redist/raw/refs/heads/master/redist/GeoLite2-Country.tar.gz"); err != nil {
|
||||||
return fmt.Errorf("failed to download GeoLite2 database: %v", err)
|
return fmt.Errorf("failed to download GeoLite2 Country database: %v", err)
|
||||||
|
}
|
||||||
|
if err := run("curl", "-L", "-o", "GeoLite2-ASN.tar.gz",
|
||||||
|
"https://github.com/GitSquared/node-geolite2-redist/raw/refs/heads/master/redist/GeoLite2-ASN.tar.gz"); err != nil {
|
||||||
|
return fmt.Errorf("failed to download GeoLite2 ASN database: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Extract the database
|
// Extract the Country database
|
||||||
if err := run("tar", "-xzf", "GeoLite2-Country.tar.gz"); err != nil {
|
if err := run("tar", "-xzf", "GeoLite2-Country.tar.gz"); err != nil {
|
||||||
return fmt.Errorf("failed to extract GeoLite2 database: %v", err)
|
return fmt.Errorf("failed to extract GeoLite2 Country database: %v", err)
|
||||||
|
}
|
||||||
|
if err := run("tar", "-xzf", "GeoLite2-ASN.tar.gz"); err != nil {
|
||||||
|
return fmt.Errorf("failed to extract GeoLite2 ASN database: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Find the .mmdb file and move it to the config directory
|
// Find the .mmdb file and move it to the config directory
|
||||||
if err := run("bash", "-c", "mv GeoLite2-Country_*/GeoLite2-Country.mmdb config/"); err != nil {
|
if err := run("bash", "-c", "mv GeoLite2-Country_*/GeoLite2-Country.mmdb config/"); err != nil {
|
||||||
return fmt.Errorf("failed to move GeoLite2 database to config directory: %v", err)
|
return fmt.Errorf("failed to move GeoLite2 Country database to config directory: %v", err)
|
||||||
|
}
|
||||||
|
if err := run("bash", "-c", "mv GeoLite2-ASN_*/GeoLite2-ASN.mmdb config/"); err != nil {
|
||||||
|
return fmt.Errorf("failed to move GeoLite2 ASN database to config directory: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Clean up the downloaded files
|
// Clean up the downloaded files
|
||||||
if err := run("rm", "-rf", "GeoLite2-Country.tar.gz", "GeoLite2-Country_*"); err != nil {
|
if err := run("sh", "-c", "rm -rf GeoLite2-Country.tar.gz GeoLite2-Country_*"); err != nil {
|
||||||
fmt.Printf("Warning: failed to clean up temporary files: %v\n", err)
|
fmt.Printf("Warning: failed to clean up temporary country files: %v\n", err)
|
||||||
|
}
|
||||||
|
if err := run("sh", "-c", "rm -rf GeoLite2-ASN.tar.gz GeoLite2-ASN_*"); err != nil {
|
||||||
|
fmt.Printf("Warning: failed to clean up temporary ASN files: %v\n", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
fmt.Println("MaxMind GeoLite2 Country database downloaded successfully!")
|
fmt.Println("MaxMind GeoLite2 Country and ASN database downloaded successfully!")
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -152,8 +152,8 @@
|
|||||||
"shareErrorSelectResource": "請選擇一個資源",
|
"shareErrorSelectResource": "請選擇一個資源",
|
||||||
"proxyResourceTitle": "管理公開資源",
|
"proxyResourceTitle": "管理公開資源",
|
||||||
"proxyResourceDescription": "建立和管理可透過網頁瀏覽器公開存取的資源",
|
"proxyResourceDescription": "建立和管理可透過網頁瀏覽器公開存取的資源",
|
||||||
"proxyResourcesBannerTitle": "基於網頁的公開存取",
|
"publicResourcesBannerTitle": "基於網頁的公開存取",
|
||||||
"proxyResourcesBannerDescription": "公開資源是任何人都可以透過網頁瀏覽器存取的 HTTPS 或 TCP/UDP 代理。與私有資源不同,它們不需要客戶端軟體,並且可以包含基於身份和情境感知的存取策略。",
|
"publicResourcesBannerDescription": "公開資源是任何人都可以透過網頁瀏覽器存取的 HTTPS 或 TCP/UDP 代理。與私有資源不同,它們不需要客戶端軟體,並且可以包含基於身份和情境感知的存取策略。",
|
||||||
"clientResourceTitle": "管理私有資源",
|
"clientResourceTitle": "管理私有資源",
|
||||||
"clientResourceDescription": "建立和管理只能透過已連接的客戶端存取的資源",
|
"clientResourceDescription": "建立和管理只能透過已連接的客戶端存取的資源",
|
||||||
"privateResourcesBannerTitle": "零信任私有存取",
|
"privateResourcesBannerTitle": "零信任私有存取",
|
||||||
@@ -489,7 +489,7 @@
|
|||||||
"createdAt": "創建於",
|
"createdAt": "創建於",
|
||||||
"proxyErrorInvalidHeader": "無效的自訂主機 Header。使用域名格式,或將空保存為取消自訂 Header。",
|
"proxyErrorInvalidHeader": "無效的自訂主機 Header。使用域名格式,或將空保存為取消自訂 Header。",
|
||||||
"proxyErrorTls": "無效的 TLS 伺服器名稱。使用域名格式,或保存空以刪除 TLS 伺服器名稱。",
|
"proxyErrorTls": "無效的 TLS 伺服器名稱。使用域名格式,或保存空以刪除 TLS 伺服器名稱。",
|
||||||
"proxyEnableSSL": "啟用 SSL",
|
"proxyEnableSSL": "啟用 TLS",
|
||||||
"proxyEnableSSLDescription": "啟用 SSL/TLS 加密以確保您目標的 HTTPS 連接。",
|
"proxyEnableSSLDescription": "啟用 SSL/TLS 加密以確保您目標的 HTTPS 連接。",
|
||||||
"target": "目標",
|
"target": "目標",
|
||||||
"configureTarget": "配置目標",
|
"configureTarget": "配置目標",
|
||||||
@@ -1763,7 +1763,7 @@
|
|||||||
"description": "更可靠、維護成本更低的自架 Pangolin 伺服器,並附帶額外的附加功能",
|
"description": "更可靠、維護成本更低的自架 Pangolin 伺服器,並附帶額外的附加功能",
|
||||||
"introTitle": "託管式自架 Pangolin",
|
"introTitle": "託管式自架 Pangolin",
|
||||||
"introDescription": "這是一種部署選擇,為那些希望簡潔和額外可靠的人設計,同時仍然保持他們的數據的私密性和自我託管性。",
|
"introDescription": "這是一種部署選擇,為那些希望簡潔和額外可靠的人設計,同時仍然保持他們的數據的私密性和自我託管性。",
|
||||||
"introDetail": "通過此選項,您仍然運行您自己的 Pangolin 節點 - - 您的隧道、SSL 終止,並且流量在您的伺服器上保持所有狀態。 不同之處在於,管理和監測是通過我們的雲層儀錶板進行的,該儀錶板開啟了一些好處:",
|
"introDetail": "通過此選項,您仍然運行您自己的 Pangolin 節點 - - 您的隧道、TLS 終止,並且流量在您的伺服器上保持所有狀態。 不同之處在於,管理和監測是通過我們的雲層儀錶板進行的,該儀錶板開啟了一些好處:",
|
||||||
"benefitSimplerOperations": {
|
"benefitSimplerOperations": {
|
||||||
"title": "簡單的操作",
|
"title": "簡單的操作",
|
||||||
"description": "無需運行您自己的郵件伺服器或設置複雜的警報。您將從方框中獲得健康檢查和下限提醒。"
|
"description": "無需運行您自己的郵件伺服器或設置複雜的警報。您將從方框中獲得健康檢查和下限提醒。"
|
||||||
|
|||||||
@@ -1,17 +1,42 @@
|
|||||||
import type { NextConfig } from "next";
|
import type { NextConfig } from "next";
|
||||||
import createNextIntlPlugin from "next-intl/plugin";
|
import createNextIntlPlugin from "next-intl/plugin";
|
||||||
|
import fs from "fs";
|
||||||
|
import path from "path";
|
||||||
|
|
||||||
const withNextIntl = createNextIntlPlugin();
|
const withNextIntl = createNextIntlPlugin();
|
||||||
|
// read allowedDevOrigins.json if it exists
|
||||||
|
let allowedDevOrigins: string[] = [];
|
||||||
|
const allowedDevOriginsPath = path.join(
|
||||||
|
process.cwd(),
|
||||||
|
"allowedDevOrigins.json"
|
||||||
|
);
|
||||||
|
if (fs.existsSync(allowedDevOriginsPath)) {
|
||||||
|
try {
|
||||||
|
const data = fs.readFileSync(allowedDevOriginsPath, "utf-8");
|
||||||
|
allowedDevOrigins = JSON.parse(data);
|
||||||
|
} catch {}
|
||||||
|
}
|
||||||
|
|
||||||
const nextConfig: NextConfig = {
|
const nextConfig: NextConfig = {
|
||||||
reactStrictMode: false,
|
reactStrictMode: false,
|
||||||
eslint: {
|
reactCompiler: true,
|
||||||
ignoreDuringBuilds: true
|
transpilePackages: ["@novnc/novnc"],
|
||||||
},
|
output: "standalone",
|
||||||
experimental: {
|
allowedDevOrigins,
|
||||||
reactCompiler: true
|
async redirects() {
|
||||||
},
|
return [
|
||||||
output: "standalone"
|
{
|
||||||
|
source: "/:orgId/settings/resources/proxy/:path*",
|
||||||
|
destination: "/:orgId/settings/resources/public/:path*",
|
||||||
|
permanent: true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
source: "/:orgId/settings/resources/client/:path*",
|
||||||
|
destination: "/:orgId/settings/resources/private/:path*",
|
||||||
|
permanent: true
|
||||||
|
}
|
||||||
|
];
|
||||||
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
export default withNextIntl(nextConfig);
|
export default withNextIntl(nextConfig);
|
||||||
|
|||||||
@@ -32,13 +32,15 @@
|
|||||||
"format": "prettier --write ."
|
"format": "prettier --write ."
|
||||||
},
|
},
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@asteasolutions/zod-to-openapi": "8.4.1",
|
"@asteasolutions/zod-to-openapi": "8.5.0",
|
||||||
"@aws-sdk/client-s3": "3.1011.0",
|
"@devolutions/iron-remote-desktop": "https://static.pangolin.net/packages/devolutions-iron-remote-desktop-0.0.0.tgz",
|
||||||
"@faker-js/faker": "10.3.0",
|
"@devolutions/iron-remote-desktop-rdp": "https://static.pangolin.net/packages/devolutions-iron-remote-desktop-rdp-0.0.0.tgz",
|
||||||
"@headlessui/react": "2.2.9",
|
"@aws-sdk/client-s3": "3.1056.0",
|
||||||
"@hookform/resolvers": "5.2.2",
|
"@headlessui/react": "2.2.10",
|
||||||
|
"@hookform/resolvers": "5.4.0",
|
||||||
"@monaco-editor/react": "4.7.0",
|
"@monaco-editor/react": "4.7.0",
|
||||||
"@node-rs/argon2": "2.0.2",
|
"@node-rs/argon2": "2.0.2",
|
||||||
|
"@novnc/novnc": "^1.7.0",
|
||||||
"@oslojs/crypto": "1.0.1",
|
"@oslojs/crypto": "1.0.1",
|
||||||
"@oslojs/encoding": "1.1.0",
|
"@oslojs/encoding": "1.1.0",
|
||||||
"@radix-ui/react-avatar": "1.1.11",
|
"@radix-ui/react-avatar": "1.1.11",
|
||||||
@@ -59,16 +61,20 @@
|
|||||||
"@radix-ui/react-tabs": "1.1.13",
|
"@radix-ui/react-tabs": "1.1.13",
|
||||||
"@radix-ui/react-toast": "1.2.15",
|
"@radix-ui/react-toast": "1.2.15",
|
||||||
"@radix-ui/react-tooltip": "1.2.8",
|
"@radix-ui/react-tooltip": "1.2.8",
|
||||||
"@react-email/components": "1.0.8",
|
"@react-email/body": "0.3.0",
|
||||||
"@react-email/render": "2.0.4",
|
"@react-email/components": "1.0.12",
|
||||||
"@react-email/tailwind": "2.0.5",
|
"@react-email/render": "2.0.8",
|
||||||
|
"@react-email/tailwind": "2.0.7",
|
||||||
"@simplewebauthn/browser": "13.3.0",
|
"@simplewebauthn/browser": "13.3.0",
|
||||||
"@simplewebauthn/server": "13.3.0",
|
"@simplewebauthn/server": "13.3.1",
|
||||||
"@tailwindcss/forms": "0.5.11",
|
"@tailwindcss/forms": "0.5.11",
|
||||||
"@tanstack/react-query": "5.90.21",
|
"@tanstack/react-query": "5.100.14",
|
||||||
"@tanstack/react-table": "8.21.3",
|
"@tanstack/react-table": "8.21.3",
|
||||||
|
"@xterm/addon-fit": "^0.11.0",
|
||||||
|
"@xterm/addon-web-links": "^0.12.0",
|
||||||
|
"@xterm/xterm": "^6.0.0",
|
||||||
"arctic": "3.7.0",
|
"arctic": "3.7.0",
|
||||||
"axios": "1.15.0",
|
"axios": "1.16.1",
|
||||||
"better-sqlite3": "11.9.1",
|
"better-sqlite3": "11.9.1",
|
||||||
"canvas-confetti": "1.9.4",
|
"canvas-confetti": "1.9.4",
|
||||||
"class-variance-authority": "0.7.1",
|
"class-variance-authority": "0.7.1",
|
||||||
@@ -80,77 +86,76 @@
|
|||||||
"d3": "7.9.0",
|
"d3": "7.9.0",
|
||||||
"drizzle-orm": "0.45.2",
|
"drizzle-orm": "0.45.2",
|
||||||
"express": "5.2.1",
|
"express": "5.2.1",
|
||||||
"express-rate-limit": "8.3.0",
|
"express-rate-limit": "8.5.2",
|
||||||
"glob": "13.0.6",
|
"glob": "13.0.6",
|
||||||
"helmet": "8.1.0",
|
"helmet": "8.2.0",
|
||||||
"http-errors": "2.0.1",
|
"http-errors": "2.0.1",
|
||||||
"input-otp": "1.4.2",
|
"input-otp": "1.4.2",
|
||||||
"ioredis": "5.10.0",
|
"ioredis": "5.11.0",
|
||||||
"jmespath": "0.16.0",
|
"jmespath": "0.16.0",
|
||||||
"js-yaml": "4.1.1",
|
"js-yaml": "4.2.0",
|
||||||
"jsonwebtoken": "9.0.3",
|
"jsonwebtoken": "9.0.3",
|
||||||
"lucide-react": "0.577.0",
|
"lucide-react": "1.17.0",
|
||||||
"maxmind": "5.0.5",
|
"maxmind": "5.0.6",
|
||||||
"moment": "2.30.1",
|
"moment": "2.30.1",
|
||||||
"next": "15.5.15",
|
"next": "16.2.6",
|
||||||
"next-intl": "4.8.3",
|
"next-intl": "4.13.0",
|
||||||
"next-themes": "0.4.6",
|
"next-themes": "0.4.6",
|
||||||
"nextjs-toploader": "3.9.17",
|
"nextjs-toploader": "3.9.17",
|
||||||
"node-cache": "5.1.2",
|
"node-cache": "5.1.2",
|
||||||
"nodemailer": "8.0.5",
|
"nodemailer": "9.0.1",
|
||||||
"oslo": "1.2.1",
|
"oslo": "1.2.1",
|
||||||
"pg": "8.20.0",
|
"pg": "8.21.0",
|
||||||
"posthog-node": "5.28.0",
|
"posthog-node": "5.35.6",
|
||||||
"qrcode.react": "4.2.0",
|
"qrcode.react": "4.2.0",
|
||||||
"react": "19.2.4",
|
"react": "19.2.6",
|
||||||
"react-day-picker": "9.14.0",
|
"react-day-picker": "9.14.0",
|
||||||
"react-dom": "19.2.4",
|
"react-dom": "19.2.6",
|
||||||
"react-easy-sort": "1.8.0",
|
"react-easy-sort": "1.8.0",
|
||||||
"react-hook-form": "7.71.2",
|
"react-hook-form": "7.76.1",
|
||||||
"react-icons": "5.6.0",
|
"react-icons": "5.6.0",
|
||||||
"recharts": "2.15.4",
|
"recharts": "3.8.1",
|
||||||
"reodotdev": "1.1.0",
|
"reodotdev": "1.1.0",
|
||||||
"resend": "6.9.2",
|
"semver": "7.8.1",
|
||||||
"semver": "7.7.4",
|
|
||||||
"sshpk": "1.18.0",
|
"sshpk": "1.18.0",
|
||||||
"stripe": "20.4.1",
|
"stripe": "22.2.0",
|
||||||
"swagger-ui-express": "5.0.1",
|
"swagger-ui-express": "5.0.1",
|
||||||
"tailwind-merge": "3.5.0",
|
"tailwind-merge": "3.6.0",
|
||||||
"topojson-client": "3.1.0",
|
"topojson-client": "3.1.0",
|
||||||
"tw-animate-css": "1.4.0",
|
"tw-animate-css": "1.4.0",
|
||||||
"use-debounce": "10.1.0",
|
"use-debounce": "10.1.1",
|
||||||
"uuid": "13.0.0",
|
"uuid": "14.0.0",
|
||||||
"vaul": "1.1.2",
|
"vaul": "1.1.2",
|
||||||
"visionscarto-world-atlas": "1.0.0",
|
"visionscarto-world-atlas": "1.0.0",
|
||||||
"winston": "3.19.0",
|
"winston": "3.19.0",
|
||||||
"winston-daily-rotate-file": "5.0.0",
|
"winston-daily-rotate-file": "5.0.0",
|
||||||
"ws": "8.19.0",
|
"ws": "8.21.0",
|
||||||
"yaml": "2.8.3",
|
"yaml": "2.9.0",
|
||||||
"yargs": "18.0.0",
|
"yargs": "18.0.0",
|
||||||
"zod": "4.3.6",
|
"zod": "4.4.3",
|
||||||
"zod-validation-error": "5.0.0"
|
"zod-validation-error": "5.0.0"
|
||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
"@dotenvx/dotenvx": "1.54.1",
|
"@dotenvx/dotenvx": "1.69.1",
|
||||||
"@esbuild-plugins/tsconfig-paths": "0.1.2",
|
"@esbuild-plugins/tsconfig-paths": "0.1.2",
|
||||||
"@react-email/preview-server": "5.2.10",
|
"@react-email/ui": "^6.5.0",
|
||||||
"@tailwindcss/postcss": "4.2.2",
|
"@tailwindcss/postcss": "4.3.0",
|
||||||
"@tanstack/react-query-devtools": "5.91.3",
|
"@tanstack/react-query-devtools": "5.100.14",
|
||||||
"@types/better-sqlite3": "7.6.13",
|
"@types/better-sqlite3": "7.6.13",
|
||||||
"@types/cookie-parser": "1.4.10",
|
"@types/cookie-parser": "1.4.10",
|
||||||
"@types/cors": "2.8.19",
|
"@types/cors": "2.8.19",
|
||||||
"@types/crypto-js": "4.2.2",
|
"@types/crypto-js": "4.2.2",
|
||||||
"@types/d3": "7.4.3",
|
"@types/d3": "7.4.3",
|
||||||
"@types/express": "5.0.6",
|
"@types/express": "5.0.6",
|
||||||
"@types/express-session": "1.18.2",
|
"@types/express-session": "1.19.0",
|
||||||
"@types/jmespath": "0.15.2",
|
"@types/jmespath": "0.15.2",
|
||||||
"@types/js-yaml": "4.0.9",
|
"@types/js-yaml": "4.0.9",
|
||||||
"@types/jsonwebtoken": "9.0.10",
|
"@types/jsonwebtoken": "9.0.10",
|
||||||
"@types/node": "25.3.5",
|
"@types/node": "25.9.1",
|
||||||
"@types/nodemailer": "7.0.11",
|
"@types/nodemailer": "8.0.0",
|
||||||
"@types/nprogress": "0.2.3",
|
"@types/nprogress": "0.2.3",
|
||||||
"@types/pg": "8.18.0",
|
"@types/pg": "8.20.0",
|
||||||
"@types/react": "19.2.14",
|
"@types/react": "19.2.15",
|
||||||
"@types/react-dom": "19.2.3",
|
"@types/react-dom": "19.2.3",
|
||||||
"@types/semver": "7.7.1",
|
"@types/semver": "7.7.1",
|
||||||
"@types/sshpk": "1.17.4",
|
"@types/sshpk": "1.17.4",
|
||||||
@@ -160,21 +165,22 @@
|
|||||||
"@types/yargs": "17.0.35",
|
"@types/yargs": "17.0.35",
|
||||||
"babel-plugin-react-compiler": "1.0.0",
|
"babel-plugin-react-compiler": "1.0.0",
|
||||||
"drizzle-kit": "0.31.10",
|
"drizzle-kit": "0.31.10",
|
||||||
"esbuild": "0.27.4",
|
"esbuild": "0.28.1",
|
||||||
"esbuild-node-externals": "1.20.1",
|
"esbuild-node-externals": "1.22.0",
|
||||||
"eslint": "10.0.3",
|
"eslint": "10.4.0",
|
||||||
"eslint-config-next": "16.1.7",
|
"eslint-config-next": "16.2.6",
|
||||||
"postcss": "8.5.8",
|
"postcss": "8.5.15",
|
||||||
"prettier": "3.8.1",
|
"prettier": "3.8.3",
|
||||||
"react-email": "5.2.10",
|
"react-email": "6.5.0",
|
||||||
"tailwindcss": "4.2.2",
|
"tailwindcss": "4.3.0",
|
||||||
"tsc-alias": "1.8.16",
|
"tsc-alias": "1.8.17",
|
||||||
"tsx": "4.21.0",
|
"tsx": "4.22.3",
|
||||||
"typescript": "5.9.3",
|
"typescript": "6.0.3",
|
||||||
"typescript-eslint": "8.56.1"
|
"typescript-eslint": "8.60.0"
|
||||||
},
|
},
|
||||||
"overrides": {
|
"overrides": {
|
||||||
"esbuild": "0.27.4",
|
"esbuild": "0.28.1",
|
||||||
"dompurify": "3.3.2"
|
"dompurify": "3.4.0",
|
||||||
|
"postcss": "8.5.15"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
|
Before Width: | Height: | Size: 588 KiB After Width: | Height: | Size: 621 KiB |
|
Before Width: | Height: | Size: 569 KiB After Width: | Height: | Size: 532 KiB |
|
Before Width: | Height: | Size: 588 KiB After Width: | Height: | Size: 621 KiB |
|
Before Width: | Height: | Size: 2.4 MiB After Width: | Height: | Size: 574 KiB |
|
Before Width: | Height: | Size: 434 KiB After Width: | Height: | Size: 410 KiB |
|
Before Width: | Height: | Size: 274 KiB After Width: | Height: | Size: 516 KiB |
@@ -5,6 +5,7 @@ import { and, eq, inArray } from "drizzle-orm";
|
|||||||
import createHttpError from "http-errors";
|
import createHttpError from "http-errors";
|
||||||
import HttpCode from "@server/types/HttpCode";
|
import HttpCode from "@server/types/HttpCode";
|
||||||
import { getUserOrgRoleIds } from "@server/lib/userOrgRoles";
|
import { getUserOrgRoleIds } from "@server/lib/userOrgRoles";
|
||||||
|
import logger from "@server/logger";
|
||||||
|
|
||||||
export enum ActionsEnum {
|
export enum ActionsEnum {
|
||||||
createOrgUser = "createOrgUser",
|
createOrgUser = "createOrgUser",
|
||||||
@@ -20,6 +21,7 @@ export enum ActionsEnum {
|
|||||||
getSite = "getSite",
|
getSite = "getSite",
|
||||||
listSites = "listSites",
|
listSites = "listSites",
|
||||||
updateSite = "updateSite",
|
updateSite = "updateSite",
|
||||||
|
restartSite = "restartSite",
|
||||||
resetSiteBandwidth = "resetSiteBandwidth",
|
resetSiteBandwidth = "resetSiteBandwidth",
|
||||||
reGenerateSecret = "reGenerateSecret",
|
reGenerateSecret = "reGenerateSecret",
|
||||||
createResource = "createResource",
|
createResource = "createResource",
|
||||||
@@ -122,8 +124,6 @@ export enum ActionsEnum {
|
|||||||
createOrgDomain = "createOrgDomain",
|
createOrgDomain = "createOrgDomain",
|
||||||
deleteOrgDomain = "deleteOrgDomain",
|
deleteOrgDomain = "deleteOrgDomain",
|
||||||
restartOrgDomain = "restartOrgDomain",
|
restartOrgDomain = "restartOrgDomain",
|
||||||
sendUsageNotification = "sendUsageNotification",
|
|
||||||
sendTrialNotification = "sendTrialNotification",
|
|
||||||
createRemoteExitNode = "createRemoteExitNode",
|
createRemoteExitNode = "createRemoteExitNode",
|
||||||
updateRemoteExitNode = "updateRemoteExitNode",
|
updateRemoteExitNode = "updateRemoteExitNode",
|
||||||
getRemoteExitNode = "getRemoteExitNode",
|
getRemoteExitNode = "getRemoteExitNode",
|
||||||
@@ -150,14 +150,37 @@ export enum ActionsEnum {
|
|||||||
updateAlertRule = "updateAlertRule",
|
updateAlertRule = "updateAlertRule",
|
||||||
deleteAlertRule = "deleteAlertRule",
|
deleteAlertRule = "deleteAlertRule",
|
||||||
listAlertRules = "listAlertRules",
|
listAlertRules = "listAlertRules",
|
||||||
|
listOrgLabels = "listOrgLabels",
|
||||||
|
createOrgLabel = "createOrgLabel",
|
||||||
|
updateOrgLabel = "updateOrgLabel",
|
||||||
|
deleteOrgLabel = "deleteOrgLabel",
|
||||||
|
attachLabelToItem = "attachLabelToItem",
|
||||||
|
detachLabelFromItem = "detachLabelFromItem",
|
||||||
getAlertRule = "getAlertRule",
|
getAlertRule = "getAlertRule",
|
||||||
createHealthCheck = "createHealthCheck",
|
createHealthCheck = "createHealthCheck",
|
||||||
updateHealthCheck = "updateHealthCheck",
|
updateHealthCheck = "updateHealthCheck",
|
||||||
deleteHealthCheck = "deleteHealthCheck",
|
deleteHealthCheck = "deleteHealthCheck",
|
||||||
listHealthChecks = "listHealthChecks",
|
listHealthChecks = "listHealthChecks",
|
||||||
triggerSiteAlert = "triggerSiteAlert",
|
createBrowserGatewayTarget = "createBrowserGatewayTarget",
|
||||||
triggerResourceAlert = "triggerResourceAlert",
|
updateBrowserGatewayTarget = "updateBrowserGatewayTarget",
|
||||||
triggerHealthCheckAlert = "triggerHealthCheckAlert"
|
deleteBrowserGatewayTarget = "deleteBrowserGatewayTarget",
|
||||||
|
getBrowserGatewayTarget = "getBrowserGatewayTarget",
|
||||||
|
listBrowserGatewayTargets = "listBrowserGatewayTargets",
|
||||||
|
listResourcePolicies = "listResourcePolicies",
|
||||||
|
getResourcePolicy = "getResourcePolicy",
|
||||||
|
createResourcePolicy = "createResourcePolicy",
|
||||||
|
updateResourcePolicy = "updateResourcePolicy",
|
||||||
|
deleteResourcePolicy = "deleteResourcePolicy",
|
||||||
|
listResourcePolicyRoles = "listResourcePolicyRoles",
|
||||||
|
setResourcePolicyRoles = "setResourcePolicyRoles",
|
||||||
|
listResourcePolicyUsers = "listResourcePolicyUsers",
|
||||||
|
setResourcePolicyUsers = "setResourcePolicyUsers",
|
||||||
|
setResourcePolicyPassword = "setResourcePolicyPassword",
|
||||||
|
setResourcePolicyPincode = "setResourcePolicyPincode",
|
||||||
|
setResourcePolicyHeaderAuth = "setResourcePolicyHeaderAuth",
|
||||||
|
setResourcePolicyWhitelist = "setResourcePolicyWhitelist",
|
||||||
|
setResourcePolicyRules = "setResourcePolicyRules",
|
||||||
|
createOrgWideLauncherView = "createOrgWideLauncherView"
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function checkUserActionPermission(
|
export async function checkUserActionPermission(
|
||||||
@@ -190,6 +213,23 @@ export async function checkUserActionPermission(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// If no direct permission, check role-based permission (any of user's roles)
|
||||||
|
const roleActionPermission = await db
|
||||||
|
.select()
|
||||||
|
.from(roleActions)
|
||||||
|
.where(
|
||||||
|
and(
|
||||||
|
eq(roleActions.actionId, actionId),
|
||||||
|
inArray(roleActions.roleId, userOrgRoleIds),
|
||||||
|
eq(roleActions.orgId, req.userOrgId!)
|
||||||
|
)
|
||||||
|
)
|
||||||
|
.limit(1);
|
||||||
|
|
||||||
|
if (roleActionPermission.length > 0) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
// Check if the user has direct permission for the action in the current org
|
// Check if the user has direct permission for the action in the current org
|
||||||
const userActionPermission = await db
|
const userActionPermission = await db
|
||||||
.select()
|
.select()
|
||||||
@@ -207,20 +247,7 @@ export async function checkUserActionPermission(
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// If no direct permission, check role-based permission (any of user's roles)
|
return false;
|
||||||
const roleActionPermission = await db
|
|
||||||
.select()
|
|
||||||
.from(roleActions)
|
|
||||||
.where(
|
|
||||||
and(
|
|
||||||
eq(roleActions.actionId, actionId),
|
|
||||||
inArray(roleActions.roleId, userOrgRoleIds),
|
|
||||||
eq(roleActions.orgId, req.userOrgId!)
|
|
||||||
)
|
|
||||||
)
|
|
||||||
.limit(1);
|
|
||||||
|
|
||||||
return roleActionPermission.length > 0;
|
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
console.error("Error checking user action permission:", error);
|
console.error("Error checking user action permission:", error);
|
||||||
throw createHttpError(
|
throw createHttpError(
|
||||||
|
|||||||
@@ -1,6 +1,12 @@
|
|||||||
import { db } from "@server/db";
|
import { db } from "@server/db";
|
||||||
import { and, eq, inArray } from "drizzle-orm";
|
import { and, eq, inArray, isNull, or } from "drizzle-orm";
|
||||||
import { roleResources, userResources } from "@server/db";
|
import {
|
||||||
|
rolePolicies,
|
||||||
|
roleResources,
|
||||||
|
resources,
|
||||||
|
userPolicies,
|
||||||
|
userResources
|
||||||
|
} from "@server/db";
|
||||||
|
|
||||||
export async function canUserAccessResource({
|
export async function canUserAccessResource({
|
||||||
userId,
|
userId,
|
||||||
@@ -11,9 +17,14 @@ export async function canUserAccessResource({
|
|||||||
resourceId: number;
|
resourceId: number;
|
||||||
roleIds: number[];
|
roleIds: number[];
|
||||||
}): Promise<boolean> {
|
}): Promise<boolean> {
|
||||||
const roleResourceAccess =
|
const [
|
||||||
|
roleResourceAccess,
|
||||||
|
rolePolicyAccess,
|
||||||
|
userResourceAccess,
|
||||||
|
userPolicyAccess
|
||||||
|
] = await Promise.all([
|
||||||
roleIds.length > 0
|
roleIds.length > 0
|
||||||
? await db
|
? db
|
||||||
.select()
|
.select()
|
||||||
.from(roleResources)
|
.from(roleResources)
|
||||||
.where(
|
.where(
|
||||||
@@ -23,26 +34,87 @@ export async function canUserAccessResource({
|
|||||||
)
|
)
|
||||||
)
|
)
|
||||||
.limit(1)
|
.limit(1)
|
||||||
: [];
|
: [],
|
||||||
|
roleIds.length > 0
|
||||||
if (roleResourceAccess.length > 0) {
|
? db
|
||||||
return true;
|
.select({
|
||||||
}
|
roleId: rolePolicies.roleId,
|
||||||
|
resourcePolicyId: rolePolicies.resourcePolicyId
|
||||||
const userResourceAccess = await db
|
})
|
||||||
.select()
|
.from(rolePolicies)
|
||||||
.from(userResources)
|
.innerJoin(
|
||||||
.where(
|
resources,
|
||||||
and(
|
// Shared policy wins; only use default policy when no shared
|
||||||
eq(userResources.userId, userId),
|
// policy is assigned to the resource.
|
||||||
eq(userResources.resourceId, resourceId)
|
or(
|
||||||
|
eq(
|
||||||
|
resources.resourcePolicyId,
|
||||||
|
rolePolicies.resourcePolicyId
|
||||||
|
),
|
||||||
|
and(
|
||||||
|
isNull(resources.resourcePolicyId),
|
||||||
|
eq(
|
||||||
|
resources.defaultResourcePolicyId,
|
||||||
|
rolePolicies.resourcePolicyId
|
||||||
|
)
|
||||||
|
)
|
||||||
|
)
|
||||||
|
)
|
||||||
|
.where(
|
||||||
|
and(
|
||||||
|
eq(resources.resourceId, resourceId),
|
||||||
|
inArray(rolePolicies.roleId, roleIds)
|
||||||
|
)
|
||||||
|
)
|
||||||
|
.limit(1)
|
||||||
|
: [],
|
||||||
|
db
|
||||||
|
.select()
|
||||||
|
.from(userResources)
|
||||||
|
.where(
|
||||||
|
and(
|
||||||
|
eq(userResources.userId, userId),
|
||||||
|
eq(userResources.resourceId, resourceId)
|
||||||
|
)
|
||||||
)
|
)
|
||||||
)
|
.limit(1),
|
||||||
.limit(1);
|
db
|
||||||
|
.select({
|
||||||
|
userId: userPolicies.userId,
|
||||||
|
resourcePolicyId: userPolicies.resourcePolicyId
|
||||||
|
})
|
||||||
|
.from(userPolicies)
|
||||||
|
.innerJoin(
|
||||||
|
resources,
|
||||||
|
// Shared policy wins; only use default policy when no shared
|
||||||
|
// policy is assigned to the resource.
|
||||||
|
or(
|
||||||
|
eq(
|
||||||
|
resources.resourcePolicyId,
|
||||||
|
userPolicies.resourcePolicyId
|
||||||
|
),
|
||||||
|
and(
|
||||||
|
isNull(resources.resourcePolicyId),
|
||||||
|
eq(
|
||||||
|
resources.defaultResourcePolicyId,
|
||||||
|
userPolicies.resourcePolicyId
|
||||||
|
)
|
||||||
|
)
|
||||||
|
)
|
||||||
|
)
|
||||||
|
.where(
|
||||||
|
and(
|
||||||
|
eq(resources.resourceId, resourceId),
|
||||||
|
eq(userPolicies.userId, userId)
|
||||||
|
)
|
||||||
|
)
|
||||||
|
.limit(1)
|
||||||
|
]);
|
||||||
|
|
||||||
if (userResourceAccess.length > 0) {
|
return (
|
||||||
return true;
|
roleResourceAccess.length > 0 ||
|
||||||
}
|
rolePolicyAccess.length > 0 ||
|
||||||
|
userResourceAccess.length > 0 ||
|
||||||
return false;
|
userPolicyAccess.length > 0
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -12,7 +12,7 @@ import {
|
|||||||
users
|
users
|
||||||
} from "@server/db";
|
} from "@server/db";
|
||||||
import { db } from "@server/db";
|
import { db } from "@server/db";
|
||||||
import { eq, inArray } from "drizzle-orm";
|
import { and, eq, inArray, ne } from "drizzle-orm";
|
||||||
import config from "@server/lib/config";
|
import config from "@server/lib/config";
|
||||||
import type { RandomReader } from "@oslojs/crypto/random";
|
import type { RandomReader } from "@oslojs/crypto/random";
|
||||||
import { generateRandomString } from "@oslojs/crypto/random";
|
import { generateRandomString } from "@oslojs/crypto/random";
|
||||||
@@ -136,6 +136,45 @@ export async function invalidateAllSessions(userId: string): Promise<void> {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
export async function invalidateAllSessionsExceptCurrent(
|
||||||
|
userId: string,
|
||||||
|
currentSessionId: string
|
||||||
|
): Promise<void> {
|
||||||
|
try {
|
||||||
|
await db.transaction(async (trx) => {
|
||||||
|
const userSessions = await trx
|
||||||
|
.select()
|
||||||
|
.from(sessions)
|
||||||
|
.where(
|
||||||
|
and(
|
||||||
|
eq(sessions.userId, userId),
|
||||||
|
ne(sessions.sessionId, currentSessionId)
|
||||||
|
)
|
||||||
|
);
|
||||||
|
|
||||||
|
if (userSessions.length > 0) {
|
||||||
|
await trx.delete(resourceSessions).where(
|
||||||
|
inArray(
|
||||||
|
resourceSessions.userSessionId,
|
||||||
|
userSessions.map((s) => s.sessionId)
|
||||||
|
)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
await trx
|
||||||
|
.delete(sessions)
|
||||||
|
.where(
|
||||||
|
and(
|
||||||
|
eq(sessions.userId, userId),
|
||||||
|
ne(sessions.sessionId, currentSessionId)
|
||||||
|
)
|
||||||
|
);
|
||||||
|
});
|
||||||
|
} catch (e) {
|
||||||
|
logger.error("Failed to invalidate user sessions except current", e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
export function serializeSessionCookie(
|
export function serializeSessionCookie(
|
||||||
token: string,
|
token: string,
|
||||||
isSecure: boolean,
|
isSecure: boolean,
|
||||||
|
|||||||
@@ -19,6 +19,9 @@ export async function createResourceSession(opts: {
|
|||||||
userSessionId?: string | null;
|
userSessionId?: string | null;
|
||||||
whitelistId?: number | null;
|
whitelistId?: number | null;
|
||||||
accessTokenId?: string | null;
|
accessTokenId?: string | null;
|
||||||
|
policyPasswordId?: number | null;
|
||||||
|
policyPincodeId?: number | null;
|
||||||
|
policyWhitelistId?: number | null;
|
||||||
doNotExtend?: boolean;
|
doNotExtend?: boolean;
|
||||||
expiresAt?: number | null;
|
expiresAt?: number | null;
|
||||||
sessionLength?: number | null;
|
sessionLength?: number | null;
|
||||||
@@ -28,7 +31,10 @@ export async function createResourceSession(opts: {
|
|||||||
!opts.pincodeId &&
|
!opts.pincodeId &&
|
||||||
!opts.whitelistId &&
|
!opts.whitelistId &&
|
||||||
!opts.accessTokenId &&
|
!opts.accessTokenId &&
|
||||||
!opts.userSessionId
|
!opts.userSessionId &&
|
||||||
|
!opts.policyPasswordId &&
|
||||||
|
!opts.policyPincodeId &&
|
||||||
|
!opts.policyWhitelistId
|
||||||
) {
|
) {
|
||||||
throw new Error("Auth method must be provided");
|
throw new Error("Auth method must be provided");
|
||||||
}
|
}
|
||||||
@@ -49,6 +55,9 @@ export async function createResourceSession(opts: {
|
|||||||
whitelistId: opts.whitelistId || null,
|
whitelistId: opts.whitelistId || null,
|
||||||
doNotExtend: opts.doNotExtend || false,
|
doNotExtend: opts.doNotExtend || false,
|
||||||
accessTokenId: opts.accessTokenId || null,
|
accessTokenId: opts.accessTokenId || null,
|
||||||
|
policyPasswordId: opts.policyPasswordId || null,
|
||||||
|
policyPincodeId: opts.policyPincodeId || null,
|
||||||
|
policyWhitelistId: opts.policyWhitelistId || null,
|
||||||
isRequestToken: opts.isRequestToken || false,
|
isRequestToken: opts.isRequestToken || false,
|
||||||
userSessionId: opts.userSessionId || null,
|
userSessionId: opts.userSessionId || null,
|
||||||
issuedAt: new Date().getTime()
|
issuedAt: new Date().getTime()
|
||||||
|
|||||||
@@ -795,10 +795,13 @@ export const COUNTRIES = [
|
|||||||
name: "Serbia",
|
name: "Serbia",
|
||||||
code: "RS"
|
code: "RS"
|
||||||
},
|
},
|
||||||
{
|
// Removed as this is a deprecated ISO country code, not supported anymore
|
||||||
name: "Serbia and Montenegro",
|
// Also the individual flags for Serbia & Montenegro are already included in the list
|
||||||
code: "CS"
|
// more details: https://en.wikipedia.org/wiki/ISO_3166-2:CS
|
||||||
},
|
// {
|
||||||
|
// name: "Serbia and Montenegro",
|
||||||
|
// code: "CS"
|
||||||
|
// },
|
||||||
{
|
{
|
||||||
name: "Seychelles",
|
name: "Seychelles",
|
||||||
code: "SC"
|
code: "SC"
|
||||||
|
|||||||
@@ -1,94 +1,53 @@
|
|||||||
{
|
{
|
||||||
"PowerMac4,4": "eMac",
|
|
||||||
"PowerMac6,4": "eMac",
|
|
||||||
"PowerBook2,1": "iBook",
|
|
||||||
"PowerBook2,2": "iBook",
|
|
||||||
"PowerBook4,1": "iBook",
|
|
||||||
"PowerBook4,2": "iBook",
|
|
||||||
"PowerBook4,3": "iBook",
|
|
||||||
"PowerBook6,3": "iBook",
|
|
||||||
"PowerBook6,5": "iBook",
|
|
||||||
"PowerBook6,7": "iBook",
|
|
||||||
"iMac,1": "iMac",
|
|
||||||
"PowerMac2,1": "iMac",
|
|
||||||
"PowerMac2,2": "iMac",
|
|
||||||
"PowerMac4,1": "iMac",
|
|
||||||
"PowerMac4,2": "iMac",
|
|
||||||
"PowerMac4,5": "iMac",
|
|
||||||
"PowerMac6,1": "iMac",
|
|
||||||
"PowerMac6,3*": "iMac",
|
|
||||||
"PowerMac6,3": "iMac",
|
|
||||||
"PowerMac8,1": "iMac",
|
|
||||||
"PowerMac8,2": "iMac",
|
|
||||||
"PowerMac12,1": "iMac",
|
|
||||||
"iMac4,1": "iMac",
|
|
||||||
"iMac4,2": "iMac",
|
|
||||||
"iMac5,2": "iMac",
|
|
||||||
"iMac5,1": "iMac",
|
|
||||||
"iMac6,1": "iMac",
|
|
||||||
"iMac7,1": "iMac",
|
|
||||||
"iMac8,1": "iMac",
|
|
||||||
"iMac9,1": "iMac",
|
|
||||||
"iMac10,1": "iMac",
|
|
||||||
"iMac11,1": "iMac",
|
|
||||||
"iMac11,2": "iMac",
|
|
||||||
"iMac11,3": "iMac",
|
|
||||||
"iMac12,1": "iMac",
|
|
||||||
"iMac12,2": "iMac",
|
|
||||||
"iMac13,1": "iMac",
|
|
||||||
"iMac13,2": "iMac",
|
|
||||||
"iMac14,1": "iMac",
|
|
||||||
"iMac14,3": "iMac",
|
|
||||||
"iMac14,2": "iMac",
|
|
||||||
"iMac14,4": "iMac",
|
|
||||||
"iMac15,1": "iMac",
|
|
||||||
"iMac16,1": "iMac",
|
|
||||||
"iMac16,2": "iMac",
|
|
||||||
"iMac17,1": "iMac",
|
|
||||||
"iMac18,1": "iMac",
|
|
||||||
"iMac18,2": "iMac",
|
|
||||||
"iMac18,3": "iMac",
|
|
||||||
"iMac19,2": "iMac",
|
|
||||||
"iMac19,1": "iMac",
|
|
||||||
"iMac20,1": "iMac",
|
|
||||||
"iMac20,2": "iMac",
|
|
||||||
"iMac21,2": "iMac",
|
|
||||||
"iMac21,1": "iMac",
|
|
||||||
"iMacPro1,1": "iMac Pro",
|
|
||||||
"PowerMac10,1": "Mac mini",
|
|
||||||
"PowerMac10,2": "Mac mini",
|
|
||||||
"Macmini1,1": "Mac mini",
|
|
||||||
"Macmini2,1": "Mac mini",
|
|
||||||
"Macmini3,1": "Mac mini",
|
|
||||||
"Macmini4,1": "Mac mini",
|
|
||||||
"Macmini5,1": "Mac mini",
|
|
||||||
"Macmini5,2": "Mac mini",
|
|
||||||
"Macmini5,3": "Mac mini",
|
|
||||||
"Macmini6,1": "Mac mini",
|
|
||||||
"Macmini6,2": "Mac mini",
|
|
||||||
"Macmini7,1": "Mac mini",
|
|
||||||
"Macmini8,1": "Mac mini",
|
|
||||||
"ADP3,2": "Mac mini",
|
"ADP3,2": "Mac mini",
|
||||||
"Macmini9,1": "Mac mini",
|
|
||||||
"Mac14,3": "Mac mini",
|
|
||||||
"Mac14,12": "Mac mini",
|
|
||||||
"MacPro1,1*": "Mac Pro",
|
|
||||||
"MacPro2,1": "Mac Pro",
|
|
||||||
"MacPro3,1": "Mac Pro",
|
|
||||||
"MacPro4,1": "Mac Pro",
|
|
||||||
"MacPro5,1": "Mac Pro",
|
|
||||||
"MacPro6,1": "Mac Pro",
|
|
||||||
"MacPro7,1": "Mac Pro",
|
|
||||||
"N/A*": "Power Macintosh",
|
|
||||||
"PowerMac1,1": "Power Macintosh",
|
|
||||||
"PowerMac3,1": "Power Macintosh",
|
|
||||||
"PowerMac3,3": "Power Macintosh",
|
|
||||||
"PowerMac3,4": "Power Macintosh",
|
|
||||||
"PowerMac3,5": "Power Macintosh",
|
|
||||||
"PowerMac3,6": "Power Macintosh",
|
|
||||||
"Mac13,1": "Mac Studio",
|
"Mac13,1": "Mac Studio",
|
||||||
"Mac13,2": "Mac Studio",
|
"Mac13,2": "Mac Studio",
|
||||||
|
"Mac14,10": "MacBook Pro",
|
||||||
|
"Mac14,12": "Mac mini",
|
||||||
|
"Mac14,13": "Mac Studio",
|
||||||
|
"Mac14,14": "Mac Studio",
|
||||||
|
"Mac14,15": "MacBook Air",
|
||||||
|
"Mac14,2": "MacBook Air",
|
||||||
|
"Mac14,3": "Mac mini",
|
||||||
|
"Mac14,5": "MacBook Pro",
|
||||||
|
"Mac14,6": "MacBook Pro",
|
||||||
|
"Mac14,7": "MacBook Pro",
|
||||||
|
"Mac14,8": "Mac Pro",
|
||||||
|
"Mac14,9": "MacBook Pro",
|
||||||
|
"Mac15,10": "MacBook Pro",
|
||||||
|
"Mac15,11": "MacBook Pro",
|
||||||
|
"Mac15,12": "MacBook Air",
|
||||||
|
"Mac15,13": "MacBook Air",
|
||||||
|
"Mac15,14": "Mac Studio",
|
||||||
|
"Mac15,3": "MacBook Pro",
|
||||||
|
"Mac15,4": "iMac",
|
||||||
|
"Mac15,5": "iMac",
|
||||||
|
"Mac15,6": "MacBook Pro",
|
||||||
|
"Mac15,7": "MacBook Pro",
|
||||||
|
"Mac15,8": "MacBook Pro",
|
||||||
|
"Mac15,9": "MacBook Pro",
|
||||||
|
"Mac16,1": "MacBook Pro",
|
||||||
|
"Mac16,10": "Mac mini",
|
||||||
|
"Mac16,11": "Mac mini",
|
||||||
|
"Mac16,12": "MacBook Air",
|
||||||
|
"Mac16,13": "MacBook Air",
|
||||||
|
"Mac16,2": "iMac",
|
||||||
|
"Mac16,3": "iMac",
|
||||||
|
"Mac16,5": "MacBook Pro",
|
||||||
|
"Mac16,6": "MacBook Pro",
|
||||||
|
"Mac16,7": "MacBook Pro",
|
||||||
|
"Mac16,8": "MacBook Pro",
|
||||||
|
"Mac16,9": "Mac Studio",
|
||||||
|
"Mac17,2": "MacBook Pro",
|
||||||
|
"Mac17,3": "MacBook Air",
|
||||||
|
"Mac17,4": "MacBook Air",
|
||||||
|
"Mac17,5": "MacBook Neo",
|
||||||
|
"Mac17,6": "MacBook Pro",
|
||||||
|
"Mac17,7": "MacBook Pro",
|
||||||
|
"Mac17,8": "MacBook Pro",
|
||||||
|
"Mac17,9": "MacBook Pro",
|
||||||
"MacBook1,1": "MacBook",
|
"MacBook1,1": "MacBook",
|
||||||
|
"MacBook10,1": "MacBook",
|
||||||
"MacBook2,1": "MacBook",
|
"MacBook2,1": "MacBook",
|
||||||
"MacBook3,1": "MacBook",
|
"MacBook3,1": "MacBook",
|
||||||
"MacBook4,1": "MacBook",
|
"MacBook4,1": "MacBook",
|
||||||
@@ -98,8 +57,8 @@
|
|||||||
"MacBook7,1": "MacBook",
|
"MacBook7,1": "MacBook",
|
||||||
"MacBook8,1": "MacBook",
|
"MacBook8,1": "MacBook",
|
||||||
"MacBook9,1": "MacBook",
|
"MacBook9,1": "MacBook",
|
||||||
"MacBook10,1": "MacBook",
|
|
||||||
"MacBookAir1,1": "MacBook Air",
|
"MacBookAir1,1": "MacBook Air",
|
||||||
|
"MacBookAir10,1": "MacBook Air",
|
||||||
"MacBookAir2,1": "MacBook Air",
|
"MacBookAir2,1": "MacBook Air",
|
||||||
"MacBookAir3,1": "MacBook Air",
|
"MacBookAir3,1": "MacBook Air",
|
||||||
"MacBookAir3,2": "MacBook Air",
|
"MacBookAir3,2": "MacBook Air",
|
||||||
@@ -114,88 +73,163 @@
|
|||||||
"MacBookAir8,1": "MacBook Air",
|
"MacBookAir8,1": "MacBook Air",
|
||||||
"MacBookAir8,2": "MacBook Air",
|
"MacBookAir8,2": "MacBook Air",
|
||||||
"MacBookAir9,1": "MacBook Air",
|
"MacBookAir9,1": "MacBook Air",
|
||||||
"MacBookAir10,1": "MacBook Air",
|
|
||||||
"Mac14,2": "MacBook Air",
|
|
||||||
"MacBookPro1,1": "MacBook Pro",
|
"MacBookPro1,1": "MacBook Pro",
|
||||||
"MacBookPro1,2": "MacBook Pro",
|
"MacBookPro1,2": "MacBook Pro",
|
||||||
"MacBookPro2,2": "MacBook Pro",
|
|
||||||
"MacBookPro2,1": "MacBook Pro",
|
|
||||||
"MacBookPro3,1": "MacBook Pro",
|
|
||||||
"MacBookPro4,1": "MacBook Pro",
|
|
||||||
"MacBookPro5,1": "MacBook Pro",
|
|
||||||
"MacBookPro5,2": "MacBook Pro",
|
|
||||||
"MacBookPro5,5": "MacBook Pro",
|
|
||||||
"MacBookPro5,4": "MacBook Pro",
|
|
||||||
"MacBookPro5,3": "MacBook Pro",
|
|
||||||
"MacBookPro7,1": "MacBook Pro",
|
|
||||||
"MacBookPro6,2": "MacBook Pro",
|
|
||||||
"MacBookPro6,1": "MacBook Pro",
|
|
||||||
"MacBookPro8,1": "MacBook Pro",
|
|
||||||
"MacBookPro8,2": "MacBook Pro",
|
|
||||||
"MacBookPro8,3": "MacBook Pro",
|
|
||||||
"MacBookPro9,2": "MacBook Pro",
|
|
||||||
"MacBookPro9,1": "MacBook Pro",
|
|
||||||
"MacBookPro10,1": "MacBook Pro",
|
"MacBookPro10,1": "MacBook Pro",
|
||||||
"MacBookPro10,2": "MacBook Pro",
|
"MacBookPro10,2": "MacBook Pro",
|
||||||
"MacBookPro11,1": "MacBook Pro",
|
"MacBookPro11,1": "MacBook Pro",
|
||||||
"MacBookPro11,2": "MacBook Pro",
|
"MacBookPro11,2": "MacBook Pro",
|
||||||
"MacBookPro11,3": "MacBook Pro",
|
"MacBookPro11,3": "MacBook Pro",
|
||||||
"MacBookPro12,1": "MacBook Pro",
|
|
||||||
"MacBookPro11,4": "MacBook Pro",
|
"MacBookPro11,4": "MacBook Pro",
|
||||||
"MacBookPro11,5": "MacBook Pro",
|
"MacBookPro11,5": "MacBook Pro",
|
||||||
|
"MacBookPro12,1": "MacBook Pro",
|
||||||
"MacBookPro13,1": "MacBook Pro",
|
"MacBookPro13,1": "MacBook Pro",
|
||||||
"MacBookPro13,2": "MacBook Pro",
|
"MacBookPro13,2": "MacBook Pro",
|
||||||
"MacBookPro13,3": "MacBook Pro",
|
"MacBookPro13,3": "MacBook Pro",
|
||||||
"MacBookPro14,1": "MacBook Pro",
|
"MacBookPro14,1": "MacBook Pro",
|
||||||
"MacBookPro14,2": "MacBook Pro",
|
"MacBookPro14,2": "MacBook Pro",
|
||||||
"MacBookPro14,3": "MacBook Pro",
|
"MacBookPro14,3": "MacBook Pro",
|
||||||
"MacBookPro15,2": "MacBook Pro",
|
|
||||||
"MacBookPro15,1": "MacBook Pro",
|
"MacBookPro15,1": "MacBook Pro",
|
||||||
|
"MacBookPro15,2": "MacBook Pro",
|
||||||
"MacBookPro15,3": "MacBook Pro",
|
"MacBookPro15,3": "MacBook Pro",
|
||||||
"MacBookPro15,4": "MacBook Pro",
|
"MacBookPro15,4": "MacBook Pro",
|
||||||
"MacBookPro16,1": "MacBook Pro",
|
"MacBookPro16,1": "MacBook Pro",
|
||||||
"MacBookPro16,3": "MacBook Pro",
|
|
||||||
"MacBookPro16,2": "MacBook Pro",
|
"MacBookPro16,2": "MacBook Pro",
|
||||||
|
"MacBookPro16,3": "MacBook Pro",
|
||||||
"MacBookPro16,4": "MacBook Pro",
|
"MacBookPro16,4": "MacBook Pro",
|
||||||
"MacBookPro17,1": "MacBook Pro",
|
"MacBookPro17,1": "MacBook Pro",
|
||||||
"MacBookPro18,3": "MacBook Pro",
|
|
||||||
"MacBookPro18,4": "MacBook Pro",
|
|
||||||
"MacBookPro18,1": "MacBook Pro",
|
"MacBookPro18,1": "MacBook Pro",
|
||||||
"MacBookPro18,2": "MacBook Pro",
|
"MacBookPro18,2": "MacBook Pro",
|
||||||
"Mac14,7": "MacBook Pro",
|
"MacBookPro18,3": "MacBook Pro",
|
||||||
"Mac14,9": "MacBook Pro",
|
"MacBookPro18,4": "MacBook Pro",
|
||||||
"Mac14,5": "MacBook Pro",
|
"MacBookPro2,1": "MacBook Pro",
|
||||||
"Mac14,10": "MacBook Pro",
|
"MacBookPro2,2": "MacBook Pro",
|
||||||
"Mac14,6": "MacBook Pro",
|
"MacBookPro3,1": "MacBook Pro",
|
||||||
"PowerMac1,2": "Power Macintosh",
|
"MacBookPro4,1": "MacBook Pro",
|
||||||
"PowerMac5,1": "Power Macintosh",
|
"MacBookPro5,1": "MacBook Pro",
|
||||||
"PowerMac7,2": "Power Macintosh",
|
"MacBookPro5,2": "MacBook Pro",
|
||||||
"PowerMac7,3": "Power Macintosh",
|
"MacBookPro5,3": "MacBook Pro",
|
||||||
"PowerMac9,1": "Power Macintosh",
|
"MacBookPro5,4": "MacBook Pro",
|
||||||
"PowerMac11,2": "Power Macintosh",
|
"MacBookPro5,5": "MacBook Pro",
|
||||||
|
"MacBookPro6,1": "MacBook Pro",
|
||||||
|
"MacBookPro6,2": "MacBook Pro",
|
||||||
|
"MacBookPro7,1": "MacBook Pro",
|
||||||
|
"MacBookPro8,1": "MacBook Pro",
|
||||||
|
"MacBookPro8,2": "MacBook Pro",
|
||||||
|
"MacBookPro8,3": "MacBook Pro",
|
||||||
|
"MacBookPro9,1": "MacBook Pro",
|
||||||
|
"MacBookPro9,2": "MacBook Pro",
|
||||||
|
"MacPro1,1": "Mac Pro",
|
||||||
|
"MacPro2,1": "Mac Pro",
|
||||||
|
"MacPro3,1": "Mac Pro",
|
||||||
|
"MacPro4,1": "Mac Pro",
|
||||||
|
"MacPro5,1": "Mac Pro",
|
||||||
|
"MacPro6,1": "Mac Pro",
|
||||||
|
"MacPro7,1": "Mac Pro",
|
||||||
|
"Macmini1,1": "Mac mini",
|
||||||
|
"Macmini2,1": "Mac mini",
|
||||||
|
"Macmini3,1": "Mac mini",
|
||||||
|
"Macmini4,1": "Mac mini",
|
||||||
|
"Macmini5,1": "Mac mini",
|
||||||
|
"Macmini5,2": "Mac mini",
|
||||||
|
"Macmini5,3": "Mac mini",
|
||||||
|
"Macmini6,1": "Mac mini",
|
||||||
|
"Macmini6,2": "Mac mini",
|
||||||
|
"Macmini7,1": "Mac mini",
|
||||||
|
"Macmini8,1": "Mac mini",
|
||||||
|
"Macmini9,1": "Mac mini",
|
||||||
"PowerBook1,1": "PowerBook",
|
"PowerBook1,1": "PowerBook",
|
||||||
|
"PowerBook2,1": "iBook",
|
||||||
|
"PowerBook2,2": "iBook",
|
||||||
"PowerBook3,1": "PowerBook",
|
"PowerBook3,1": "PowerBook",
|
||||||
"PowerBook3,2": "PowerBook",
|
"PowerBook3,2": "PowerBook",
|
||||||
"PowerBook3,3": "PowerBook",
|
"PowerBook3,3": "PowerBook",
|
||||||
"PowerBook3,4": "PowerBook",
|
"PowerBook3,4": "PowerBook",
|
||||||
"PowerBook3,5": "PowerBook",
|
"PowerBook3,5": "PowerBook",
|
||||||
"PowerBook6,1": "PowerBook",
|
"PowerBook4,1": "iBook",
|
||||||
|
"PowerBook4,2": "iBook",
|
||||||
|
"PowerBook4,3": "iBook",
|
||||||
"PowerBook5,1": "PowerBook",
|
"PowerBook5,1": "PowerBook",
|
||||||
"PowerBook6,2": "PowerBook",
|
|
||||||
"PowerBook5,2": "PowerBook",
|
"PowerBook5,2": "PowerBook",
|
||||||
"PowerBook5,3": "PowerBook",
|
"PowerBook5,3": "PowerBook",
|
||||||
"PowerBook6,4": "PowerBook",
|
|
||||||
"PowerBook5,4": "PowerBook",
|
"PowerBook5,4": "PowerBook",
|
||||||
"PowerBook5,5": "PowerBook",
|
"PowerBook5,5": "PowerBook",
|
||||||
"PowerBook6,8": "PowerBook",
|
|
||||||
"PowerBook5,6": "PowerBook",
|
"PowerBook5,6": "PowerBook",
|
||||||
"PowerBook5,7": "PowerBook",
|
"PowerBook5,7": "PowerBook",
|
||||||
"PowerBook5,8": "PowerBook",
|
"PowerBook5,8": "PowerBook",
|
||||||
"PowerBook5,9": "PowerBook",
|
"PowerBook5,9": "PowerBook",
|
||||||
|
"PowerBook6,1": "PowerBook",
|
||||||
|
"PowerBook6,2": "PowerBook",
|
||||||
|
"PowerBook6,3": "iBook",
|
||||||
|
"PowerBook6,4": "PowerBook",
|
||||||
|
"PowerBook6,5": "iBook",
|
||||||
|
"PowerBook6,7": "iBook",
|
||||||
|
"PowerBook6,8": "PowerBook",
|
||||||
|
"PowerMac1,1": "Power Macintosh",
|
||||||
|
"PowerMac1,2": "Power Macintosh",
|
||||||
|
"PowerMac10,1": "Mac mini",
|
||||||
|
"PowerMac10,2": "Mac mini",
|
||||||
|
"PowerMac11,2": "Power Macintosh",
|
||||||
|
"PowerMac12,1": "iMac",
|
||||||
|
"PowerMac2,1": "iMac",
|
||||||
|
"PowerMac2,2": "iMac",
|
||||||
|
"PowerMac3,1": "Mac Server",
|
||||||
|
"PowerMac3,3": "Power Macintosh",
|
||||||
|
"PowerMac3,4": "Power Macintosh",
|
||||||
|
"PowerMac3,5": "Power Macintosh",
|
||||||
|
"PowerMac3,6": "Power Macintosh",
|
||||||
|
"PowerMac4,1": "iMac",
|
||||||
|
"PowerMac4,2": "iMac",
|
||||||
|
"PowerMac4,4": "eMac",
|
||||||
|
"PowerMac4,5": "iMac",
|
||||||
|
"PowerMac5,1": "Power Macintosh",
|
||||||
|
"PowerMac6,1": "iMac",
|
||||||
|
"PowerMac6,3": "iMac",
|
||||||
|
"PowerMac6,4": "eMac",
|
||||||
|
"PowerMac7,2": "Power Macintosh",
|
||||||
|
"PowerMac7,3": "Power Macintosh",
|
||||||
|
"PowerMac8,1": "iMac",
|
||||||
|
"PowerMac8,2": "iMac",
|
||||||
|
"PowerMac9,1": "Power Macintosh",
|
||||||
"RackMac1,1": "Xserve",
|
"RackMac1,1": "Xserve",
|
||||||
"RackMac1,2": "Xserve",
|
"RackMac1,2": "Xserve",
|
||||||
"RackMac3,1": "Xserve",
|
"RackMac3,1": "Xserve",
|
||||||
"Xserve1,1": "Xserve",
|
"Xserve1,1": "Xserve",
|
||||||
"Xserve2,1": "Xserve",
|
"Xserve2,1": "Xserve",
|
||||||
"Xserve3,1": "Xserve"
|
"Xserve3,1": "Xserve",
|
||||||
|
"iMac,1": "iMac",
|
||||||
|
"iMac10,1": "iMac",
|
||||||
|
"iMac11,1": "iMac",
|
||||||
|
"iMac11,2": "iMac",
|
||||||
|
"iMac11,3": "iMac",
|
||||||
|
"iMac12,1": "iMac",
|
||||||
|
"iMac12,2": "iMac",
|
||||||
|
"iMac13,1": "iMac",
|
||||||
|
"iMac13,2": "iMac",
|
||||||
|
"iMac14,1": "iMac",
|
||||||
|
"iMac14,2": "iMac",
|
||||||
|
"iMac14,3": "iMac",
|
||||||
|
"iMac14,4": "iMac",
|
||||||
|
"iMac15,1": "iMac",
|
||||||
|
"iMac16,1": "iMac",
|
||||||
|
"iMac16,2": "iMac",
|
||||||
|
"iMac17,1": "iMac",
|
||||||
|
"iMac18,1": "iMac",
|
||||||
|
"iMac18,2": "iMac",
|
||||||
|
"iMac18,3": "iMac",
|
||||||
|
"iMac19,1": "iMac",
|
||||||
|
"iMac19,2": "iMac",
|
||||||
|
"iMac20,1": "iMac",
|
||||||
|
"iMac20,2": "iMac",
|
||||||
|
"iMac21,1": "iMac",
|
||||||
|
"iMac21,2": "iMac",
|
||||||
|
"iMac4,1": "iMac",
|
||||||
|
"iMac4,2": "iMac",
|
||||||
|
"iMac5,1": "iMac",
|
||||||
|
"iMac5,2": "iMac",
|
||||||
|
"iMac6,1": "iMac",
|
||||||
|
"iMac7,1": "iMac",
|
||||||
|
"iMac8,1": "iMac",
|
||||||
|
"iMac9,1": "iMac",
|
||||||
|
"iMacPro1,1": "iMac Pro"
|
||||||
}
|
}
|
||||||
@@ -1,6 +1,12 @@
|
|||||||
import { join } from "path";
|
import { join } from "path";
|
||||||
import { readFileSync } from "fs";
|
import { readFileSync } from "fs";
|
||||||
import { clients, db, resources, siteResources } from "@server/db";
|
import {
|
||||||
|
clients,
|
||||||
|
db,
|
||||||
|
resourcePolicies,
|
||||||
|
resources,
|
||||||
|
siteResources
|
||||||
|
} from "@server/db";
|
||||||
import { randomInt } from "crypto";
|
import { randomInt } from "crypto";
|
||||||
import { exitNodes, sites } from "@server/db";
|
import { exitNodes, sites } from "@server/db";
|
||||||
import { eq, and } from "drizzle-orm";
|
import { eq, and } from "drizzle-orm";
|
||||||
@@ -107,6 +113,35 @@ export async function getUniqueResourceName(orgId: string): Promise<string> {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
export async function getUniqueResourcePolicyName(
|
||||||
|
orgId: string
|
||||||
|
): Promise<string> {
|
||||||
|
let loops = 0;
|
||||||
|
while (true) {
|
||||||
|
if (loops > 100) {
|
||||||
|
throw new Error("Could not generate a unique name");
|
||||||
|
}
|
||||||
|
|
||||||
|
const name = generateName();
|
||||||
|
const policyCount = await db
|
||||||
|
.select({
|
||||||
|
niceId: resourcePolicies.niceId,
|
||||||
|
orgId: resourcePolicies.orgId
|
||||||
|
})
|
||||||
|
.from(resourcePolicies)
|
||||||
|
.where(
|
||||||
|
and(
|
||||||
|
eq(resourcePolicies.niceId, name),
|
||||||
|
eq(resourcePolicies.orgId, orgId)
|
||||||
|
)
|
||||||
|
);
|
||||||
|
if (policyCount.length === 0) {
|
||||||
|
return name;
|
||||||
|
}
|
||||||
|
loops++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
export async function getUniqueSiteResourceName(
|
export async function getUniqueSiteResourceName(
|
||||||
orgId: string
|
orgId: string
|
||||||
): Promise<string> {
|
): Promise<string> {
|
||||||
|
|||||||
@@ -87,7 +87,7 @@ function createDb() {
|
|||||||
|
|
||||||
export const db = createDb();
|
export const db = createDb();
|
||||||
export default db;
|
export default db;
|
||||||
export const primaryDb = db.$primary;
|
export const primaryDb = db.$primary as typeof db; // is this typeof a problem - technically they are different types
|
||||||
export type Transaction = Parameters<
|
export type Transaction = Parameters<
|
||||||
Parameters<(typeof db)["transaction"]>[0]
|
Parameters<(typeof db)["transaction"]>[0]
|
||||||
>[0];
|
>[0];
|
||||||
|
|||||||
@@ -4,3 +4,4 @@ export * from "./safeRead";
|
|||||||
export * from "./schema/schema";
|
export * from "./schema/schema";
|
||||||
export * from "./schema/privateSchema";
|
export * from "./schema/privateSchema";
|
||||||
export * from "./migrate";
|
export * from "./migrate";
|
||||||
|
export { alias } from "drizzle-orm/pg-core";
|
||||||
|
|||||||
@@ -2,7 +2,7 @@ import { drizzle as DrizzlePostgres } from "drizzle-orm/node-postgres";
|
|||||||
import { readConfigFile } from "@server/lib/readConfigFile";
|
import { readConfigFile } from "@server/lib/readConfigFile";
|
||||||
import { withReplicas } from "drizzle-orm/pg-core";
|
import { withReplicas } from "drizzle-orm/pg-core";
|
||||||
import { build } from "@server/build";
|
import { build } from "@server/build";
|
||||||
import { db as mainDb, primaryDb as mainPrimaryDb } from "./driver";
|
import { db as mainDb } from "./driver";
|
||||||
import { createPool } from "./poolConfig";
|
import { createPool } from "./poolConfig";
|
||||||
|
|
||||||
function createLogsDb() {
|
function createLogsDb() {
|
||||||
@@ -63,8 +63,7 @@ function createLogsDb() {
|
|||||||
})
|
})
|
||||||
);
|
);
|
||||||
} else {
|
} else {
|
||||||
const maxReplicaConnections =
|
const maxReplicaConnections = poolConfig?.max_replica_connections || 20;
|
||||||
poolConfig?.max_replica_connections || 20;
|
|
||||||
for (const conn of replicaConnections) {
|
for (const conn of replicaConnections) {
|
||||||
const replicaPool = createPool(
|
const replicaPool = createPool(
|
||||||
conn.connection_string,
|
conn.connection_string,
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
|
import config from "@server/lib/config";
|
||||||
import { Pool, PoolConfig } from "pg";
|
import { Pool, PoolConfig } from "pg";
|
||||||
import logger from "@server/logger";
|
|
||||||
|
|
||||||
export function createPoolConfig(
|
export function createPoolConfig(
|
||||||
connectionString: string,
|
connectionString: string,
|
||||||
@@ -27,7 +27,7 @@ export function attachPoolErrorHandlers(pool: Pool, label: string): void {
|
|||||||
pool.on("error", (err) => {
|
pool.on("error", (err) => {
|
||||||
// This catches errors on idle clients in the pool. Without this
|
// This catches errors on idle clients in the pool. Without this
|
||||||
// handler an unexpected disconnect would crash the process.
|
// handler an unexpected disconnect would crash the process.
|
||||||
logger.error(
|
console.error(
|
||||||
`Unexpected error on idle ${label} database client: ${err.message}`
|
`Unexpected error on idle ${label} database client: ${err.message}`
|
||||||
);
|
);
|
||||||
});
|
});
|
||||||
@@ -36,10 +36,32 @@ export function attachPoolErrorHandlers(pool: Pool, label: string): void {
|
|||||||
// Set a statement timeout on every new connection so a single slow
|
// Set a statement timeout on every new connection so a single slow
|
||||||
// query can't block the pool forever
|
// query can't block the pool forever
|
||||||
client.query("SET statement_timeout = '30s'").catch((err: Error) => {
|
client.query("SET statement_timeout = '30s'").catch((err: Error) => {
|
||||||
logger.warn(
|
console.warn(
|
||||||
`Failed to set statement_timeout on ${label} client: ${err.message}`
|
`Failed to set statement_timeout on ${label} client: ${err.message}`
|
||||||
);
|
);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
// Disable JIT compilation for this connection. Our hot-path queries
|
||||||
|
// (e.g. resource-by-domain lookups) join many tables but only ever
|
||||||
|
// return a handful of rows. When planner row estimates drift (e.g.
|
||||||
|
// due to autovacuum lag under write-heavy load), Postgres decides
|
||||||
|
// these plans are expensive enough to JIT-compile, which can add
|
||||||
|
// multiple seconds of pure compilation overhead per query and
|
||||||
|
// saturate the connection pool. JIT never pays off for these
|
||||||
|
// short-lived OLTP queries, so it's disabled outright rather than
|
||||||
|
// relying on statistics staying fresh.
|
||||||
|
//
|
||||||
|
// Set via a runtime SET command rather than the `options: "-c
|
||||||
|
// jit=off"` startup parameter: connections in SaaS mode go through
|
||||||
|
// a pooler (e.g. PgBouncer) that rejects arbitrary startup packet
|
||||||
|
// options with a protocol_violation (08P01) error.
|
||||||
|
if (config.getRawConfig().postgres?.pool.jit_mode == false) {
|
||||||
|
client.query("SET jit = off").catch((err: Error) => {
|
||||||
|
console.warn(
|
||||||
|
`Failed to set jit=off on ${label} client: ${err.message}`
|
||||||
|
);
|
||||||
|
});
|
||||||
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -2,6 +2,7 @@ import {
|
|||||||
pgTable,
|
pgTable,
|
||||||
serial,
|
serial,
|
||||||
varchar,
|
varchar,
|
||||||
|
unique,
|
||||||
boolean,
|
boolean,
|
||||||
integer,
|
integer,
|
||||||
bigint,
|
bigint,
|
||||||
@@ -11,7 +12,7 @@ import {
|
|||||||
primaryKey,
|
primaryKey,
|
||||||
uniqueIndex
|
uniqueIndex
|
||||||
} from "drizzle-orm/pg-core";
|
} from "drizzle-orm/pg-core";
|
||||||
import { InferSelectModel } from "drizzle-orm";
|
import { InferSelectModel, sql } from "drizzle-orm";
|
||||||
import {
|
import {
|
||||||
domains,
|
domains,
|
||||||
orgs,
|
orgs,
|
||||||
@@ -19,12 +20,13 @@ import {
|
|||||||
roles,
|
roles,
|
||||||
users,
|
users,
|
||||||
exitNodes,
|
exitNodes,
|
||||||
sessions,
|
|
||||||
clients,
|
|
||||||
resources,
|
resources,
|
||||||
siteResources,
|
siteResources,
|
||||||
targetHealthCheck,
|
targetHealthCheck,
|
||||||
sites
|
sites,
|
||||||
|
clients,
|
||||||
|
sessions,
|
||||||
|
labels
|
||||||
} from "./schema";
|
} from "./schema";
|
||||||
|
|
||||||
export const certificates = pgTable("certificates", {
|
export const certificates = pgTable("certificates", {
|
||||||
@@ -197,6 +199,42 @@ export const remoteExitNodes = pgTable("remoteExitNode", {
|
|||||||
})
|
})
|
||||||
});
|
});
|
||||||
|
|
||||||
|
export const remoteExitNodeResources = pgTable("remoteExitNodeResources", {
|
||||||
|
remoteExitNodeResourceId: serial("remoteExitNodeResourceId").primaryKey(),
|
||||||
|
remoteExitNodeId: varchar("remoteExitNodeId")
|
||||||
|
.notNull()
|
||||||
|
.references(() => remoteExitNodes.remoteExitNodeId, {
|
||||||
|
onDelete: "cascade"
|
||||||
|
}),
|
||||||
|
destination: varchar("destination").notNull() // a cidr range
|
||||||
|
});
|
||||||
|
|
||||||
|
export const remoteExitNodePreferenceLabels = pgTable(
|
||||||
|
// this controls what sites are enforced to connect to this node
|
||||||
|
"remoteExitNodePreferenceLabels",
|
||||||
|
{
|
||||||
|
remoteExitNodePreferenceLabelId: serial(
|
||||||
|
"remoteExitNodePreferenceLabelId"
|
||||||
|
).primaryKey(),
|
||||||
|
remoteExitNodeId: varchar("remoteExitNodeId")
|
||||||
|
.references(() => remoteExitNodes.remoteExitNodeId, {
|
||||||
|
onDelete: "cascade"
|
||||||
|
})
|
||||||
|
.notNull(),
|
||||||
|
labelId: integer("labelId")
|
||||||
|
.references(() => labels.labelId, {
|
||||||
|
onDelete: "cascade"
|
||||||
|
})
|
||||||
|
.notNull()
|
||||||
|
},
|
||||||
|
(t) => [
|
||||||
|
unique("remote_exit_node_preference_label_uniq").on(
|
||||||
|
t.remoteExitNodeId,
|
||||||
|
t.labelId
|
||||||
|
)
|
||||||
|
]
|
||||||
|
);
|
||||||
|
|
||||||
export const remoteExitNodeSessions = pgTable("remoteExitNodeSession", {
|
export const remoteExitNodeSessions = pgTable("remoteExitNodeSession", {
|
||||||
sessionId: varchar("id").primaryKey(),
|
sessionId: varchar("id").primaryKey(),
|
||||||
remoteExitNodeId: varchar("remoteExitNodeId")
|
remoteExitNodeId: varchar("remoteExitNodeId")
|
||||||
@@ -207,17 +245,28 @@ export const remoteExitNodeSessions = pgTable("remoteExitNodeSession", {
|
|||||||
expiresAt: bigint("expiresAt", { mode: "number" }).notNull()
|
expiresAt: bigint("expiresAt", { mode: "number" }).notNull()
|
||||||
});
|
});
|
||||||
|
|
||||||
export const loginPage = pgTable("loginPage", {
|
export const loginPage = pgTable(
|
||||||
loginPageId: serial("loginPageId").primaryKey(),
|
"loginPage",
|
||||||
subdomain: varchar("subdomain"),
|
{
|
||||||
fullDomain: varchar("fullDomain"),
|
loginPageId: serial("loginPageId").primaryKey(),
|
||||||
exitNodeId: integer("exitNodeId").references(() => exitNodes.exitNodeId, {
|
subdomain: varchar("subdomain"),
|
||||||
onDelete: "set null"
|
fullDomain: varchar("fullDomain"),
|
||||||
}),
|
exitNodeId: integer("exitNodeId").references(
|
||||||
domainId: varchar("domainId").references(() => domains.domainId, {
|
() => exitNodes.exitNodeId,
|
||||||
onDelete: "set null"
|
{
|
||||||
})
|
onDelete: "set null"
|
||||||
});
|
}
|
||||||
|
),
|
||||||
|
domainId: varchar("domainId").references(() => domains.domainId, {
|
||||||
|
onDelete: "set null"
|
||||||
|
})
|
||||||
|
},
|
||||||
|
(t) => [
|
||||||
|
index("idx_loginpage_fulldomain")
|
||||||
|
.on(t.fullDomain)
|
||||||
|
.where(sql`${t.fullDomain} IS NOT NULL`)
|
||||||
|
]
|
||||||
|
);
|
||||||
|
|
||||||
export const loginPageOrg = pgTable("loginPageOrg", {
|
export const loginPageOrg = pgTable("loginPageOrg", {
|
||||||
loginPageId: integer("loginPageId")
|
loginPageId: integer("loginPageId")
|
||||||
@@ -332,6 +381,7 @@ export const connectionAuditLog = pgTable(
|
|||||||
clientId: integer("clientId").references(() => clients.clientId, {
|
clientId: integer("clientId").references(() => clients.clientId, {
|
||||||
onDelete: "cascade"
|
onDelete: "cascade"
|
||||||
}),
|
}),
|
||||||
|
clientEndpoint: text("clientEndpoint"),
|
||||||
userId: text("userId").references(() => users.userId, {
|
userId: text("userId").references(() => users.userId, {
|
||||||
onDelete: "cascade"
|
onDelete: "cascade"
|
||||||
}),
|
}),
|
||||||
@@ -439,6 +489,8 @@ export const eventStreamingDestinations = pgTable(
|
|||||||
type: varchar("type", { length: 50 }).notNull(), // e.g. "http", "kafka", etc.
|
type: varchar("type", { length: 50 }).notNull(), // e.g. "http", "kafka", etc.
|
||||||
config: text("config").notNull(), // JSON string with the configuration for the destination
|
config: text("config").notNull(), // JSON string with the configuration for the destination
|
||||||
enabled: boolean("enabled").notNull().default(true),
|
enabled: boolean("enabled").notNull().default(true),
|
||||||
|
lastError: text("lastError"), // last send error message, null if healthy
|
||||||
|
lastErrorAt: bigint("lastErrorAt", { mode: "number" }), // epoch ms of last error, null if healthy
|
||||||
createdAt: bigint("createdAt", { mode: "number" }).notNull(),
|
createdAt: bigint("createdAt", { mode: "number" }).notNull(),
|
||||||
updatedAt: bigint("updatedAt", { mode: "number" }).notNull()
|
updatedAt: bigint("updatedAt", { mode: "number" }).notNull()
|
||||||
}
|
}
|
||||||
@@ -484,6 +536,7 @@ export const alertRules = pgTable("alertRules", {
|
|||||||
| "health_check_toggle"
|
| "health_check_toggle"
|
||||||
| "resource_healthy"
|
| "resource_healthy"
|
||||||
| "resource_unhealthy"
|
| "resource_unhealthy"
|
||||||
|
| "resource_degraded"
|
||||||
| "resource_toggle"
|
| "resource_toggle"
|
||||||
>()
|
>()
|
||||||
.notNull(),
|
.notNull(),
|
||||||
@@ -565,6 +618,17 @@ export const alertWebhookActions = pgTable("alertWebhookActions", {
|
|||||||
lastSentAt: bigint("lastSentAt", { mode: "number" }) // nullable
|
lastSentAt: bigint("lastSentAt", { mode: "number" }) // nullable
|
||||||
});
|
});
|
||||||
|
|
||||||
|
export const trialNotifications = pgTable("trialNotifications", {
|
||||||
|
notificationId: serial("notificationId").primaryKey(),
|
||||||
|
subscriptionId: varchar("subscriptionId", { length: 255 })
|
||||||
|
.notNull()
|
||||||
|
.references(() => subscriptions.subscriptionId, {
|
||||||
|
onDelete: "cascade"
|
||||||
|
}),
|
||||||
|
notificationType: varchar("notificationType", { length: 50 }).notNull(), // trial_ending_5d, trial_ending_24h, trial_ended
|
||||||
|
sentAt: bigint("sentAt", { mode: "number" }).notNull()
|
||||||
|
});
|
||||||
|
|
||||||
export type Approval = InferSelectModel<typeof approvals>;
|
export type Approval = InferSelectModel<typeof approvals>;
|
||||||
export type Limit = InferSelectModel<typeof limits>;
|
export type Limit = InferSelectModel<typeof limits>;
|
||||||
export type Account = InferSelectModel<typeof account>;
|
export type Account = InferSelectModel<typeof account>;
|
||||||
@@ -603,3 +667,12 @@ export type EventStreamingCursor = InferSelectModel<
|
|||||||
typeof eventStreamingCursors
|
typeof eventStreamingCursors
|
||||||
>;
|
>;
|
||||||
export type AlertResources = InferSelectModel<typeof alertResources>;
|
export type AlertResources = InferSelectModel<typeof alertResources>;
|
||||||
|
export type AlertHealthChecks = InferSelectModel<typeof alertHealthChecks>;
|
||||||
|
export type AlertSites = InferSelectModel<typeof alertSites>;
|
||||||
|
export type AlertRules = InferSelectModel<typeof alertRules>;
|
||||||
|
export type AlertEmailActions = InferSelectModel<typeof alertEmailActions>;
|
||||||
|
export type AlertEmailRecipients = InferSelectModel<
|
||||||
|
typeof alertEmailRecipients
|
||||||
|
>;
|
||||||
|
export type AlertWebhookActions = InferSelectModel<typeof alertWebhookActions>;
|
||||||
|
export type TrialNotification = InferSelectModel<typeof trialNotifications>;
|
||||||
|
|||||||
@@ -17,22 +17,37 @@ import {
|
|||||||
resourceHeaderAuth,
|
resourceHeaderAuth,
|
||||||
ResourceHeaderAuth,
|
ResourceHeaderAuth,
|
||||||
resourceRules,
|
resourceRules,
|
||||||
|
resourcePolicyRules,
|
||||||
resources,
|
resources,
|
||||||
roleResources,
|
roleResources,
|
||||||
|
rolePolicies,
|
||||||
sessions,
|
sessions,
|
||||||
userResources,
|
userResources,
|
||||||
|
userPolicies,
|
||||||
users,
|
users,
|
||||||
ResourceHeaderAuthExtendedCompatibility,
|
ResourceHeaderAuthExtendedCompatibility,
|
||||||
resourceHeaderAuthExtendedCompatibility
|
resourceHeaderAuthExtendedCompatibility,
|
||||||
|
resourcePolicies,
|
||||||
|
resourcePolicyPincode,
|
||||||
|
ResourcePolicyPincode,
|
||||||
|
resourcePolicyPassword,
|
||||||
|
ResourcePolicyPassword,
|
||||||
|
resourcePolicyHeaderAuth,
|
||||||
|
ResourcePolicyHeaderAuth
|
||||||
} from "@server/db";
|
} from "@server/db";
|
||||||
import { and, eq, inArray } from "drizzle-orm";
|
import { alias } from "@server/db";
|
||||||
|
import { and, eq, inArray, isNull, or, sql } from "drizzle-orm";
|
||||||
|
import logger from "@server/logger";
|
||||||
|
|
||||||
export type ResourceWithAuth = {
|
export type ResourceWithAuth = {
|
||||||
resource: Resource | null;
|
resource: Resource | null;
|
||||||
pincode: ResourcePincode | null;
|
pincode: ResourcePincode | ResourcePolicyPincode | null;
|
||||||
password: ResourcePassword | null;
|
password: ResourcePassword | ResourcePolicyPassword | null;
|
||||||
headerAuth: ResourceHeaderAuth | null;
|
headerAuth: ResourceHeaderAuth | ResourcePolicyHeaderAuth | null;
|
||||||
headerAuthExtendedCompatibility: ResourceHeaderAuthExtendedCompatibility | null;
|
headerAuthExtendedCompatibility: ResourceHeaderAuthExtendedCompatibility | null;
|
||||||
|
applyRules: boolean | null;
|
||||||
|
sso: boolean | null;
|
||||||
|
emailWhitelistEnabled: boolean | null;
|
||||||
org: Org;
|
org: Org;
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -47,7 +62,44 @@ export type UserSessionWithUser = {
|
|||||||
export async function getResourceByDomain(
|
export async function getResourceByDomain(
|
||||||
domain: string
|
domain: string
|
||||||
): Promise<ResourceWithAuth | null> {
|
): Promise<ResourceWithAuth | null> {
|
||||||
const [result] = await db
|
// Build wildcard domain variants to match against.
|
||||||
|
// For a domain like "me.example.test.com", we want to match:
|
||||||
|
// - "*.example.test.com" (subdomain wildcard)
|
||||||
|
// - "*.test.com" (parent wildcard, i.e. just "*" subdomain on parent)
|
||||||
|
const parts = domain.split(".");
|
||||||
|
const wildcardCandidates: string[] = [];
|
||||||
|
for (let i = 1; i < parts.length; i++) {
|
||||||
|
wildcardCandidates.push(`*.${parts.slice(i).join(".")}`);
|
||||||
|
}
|
||||||
|
|
||||||
|
const sharedPolicy = alias(resourcePolicies, "sharedPolicy");
|
||||||
|
const defaultPolicy = alias(resourcePolicies, "defaultPolicy");
|
||||||
|
const sharedPolicyPincode = alias(
|
||||||
|
resourcePolicyPincode,
|
||||||
|
"sharedPolicyPincode"
|
||||||
|
);
|
||||||
|
const defaultPolicyPincode = alias(
|
||||||
|
resourcePolicyPincode,
|
||||||
|
"defaultPolicyPincode"
|
||||||
|
);
|
||||||
|
const sharedPolicyPassword = alias(
|
||||||
|
resourcePolicyPassword,
|
||||||
|
"sharedPolicyPassword"
|
||||||
|
);
|
||||||
|
const defaultPolicyPassword = alias(
|
||||||
|
resourcePolicyPassword,
|
||||||
|
"defaultPolicyPassword"
|
||||||
|
);
|
||||||
|
const sharedPolicyHeaderAuth = alias(
|
||||||
|
resourcePolicyHeaderAuth,
|
||||||
|
"sharedPolicyHeaderAuth"
|
||||||
|
);
|
||||||
|
const defaultPolicyHeaderAuth = alias(
|
||||||
|
resourcePolicyHeaderAuth,
|
||||||
|
"defaultPolicyHeaderAuth"
|
||||||
|
);
|
||||||
|
|
||||||
|
const potentialResults = await db
|
||||||
.select()
|
.select()
|
||||||
.from(resources)
|
.from(resources)
|
||||||
.leftJoin(
|
.leftJoin(
|
||||||
@@ -69,21 +121,133 @@ export async function getResourceByDomain(
|
|||||||
resources.resourceId
|
resources.resourceId
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
.leftJoin(
|
||||||
|
sharedPolicy,
|
||||||
|
eq(sharedPolicy.resourcePolicyId, resources.resourcePolicyId)
|
||||||
|
)
|
||||||
|
.leftJoin(
|
||||||
|
sharedPolicyPincode,
|
||||||
|
eq(
|
||||||
|
sharedPolicyPincode.resourcePolicyId,
|
||||||
|
sharedPolicy.resourcePolicyId
|
||||||
|
)
|
||||||
|
)
|
||||||
|
.leftJoin(
|
||||||
|
sharedPolicyPassword,
|
||||||
|
eq(
|
||||||
|
sharedPolicyPassword.resourcePolicyId,
|
||||||
|
sharedPolicy.resourcePolicyId
|
||||||
|
)
|
||||||
|
)
|
||||||
|
.leftJoin(
|
||||||
|
sharedPolicyHeaderAuth,
|
||||||
|
eq(
|
||||||
|
sharedPolicyHeaderAuth.resourcePolicyId,
|
||||||
|
sharedPolicy.resourcePolicyId
|
||||||
|
)
|
||||||
|
)
|
||||||
|
.leftJoin(
|
||||||
|
defaultPolicy,
|
||||||
|
eq(
|
||||||
|
defaultPolicy.resourcePolicyId,
|
||||||
|
resources.defaultResourcePolicyId
|
||||||
|
)
|
||||||
|
)
|
||||||
|
.leftJoin(
|
||||||
|
defaultPolicyPincode,
|
||||||
|
eq(
|
||||||
|
defaultPolicyPincode.resourcePolicyId,
|
||||||
|
defaultPolicy.resourcePolicyId
|
||||||
|
)
|
||||||
|
)
|
||||||
|
.leftJoin(
|
||||||
|
defaultPolicyPassword,
|
||||||
|
eq(
|
||||||
|
defaultPolicyPassword.resourcePolicyId,
|
||||||
|
defaultPolicy.resourcePolicyId
|
||||||
|
)
|
||||||
|
)
|
||||||
|
.leftJoin(
|
||||||
|
defaultPolicyHeaderAuth,
|
||||||
|
eq(
|
||||||
|
defaultPolicyHeaderAuth.resourcePolicyId,
|
||||||
|
defaultPolicy.resourcePolicyId
|
||||||
|
)
|
||||||
|
)
|
||||||
.innerJoin(orgs, eq(orgs.orgId, resources.orgId))
|
.innerJoin(orgs, eq(orgs.orgId, resources.orgId))
|
||||||
.where(eq(resources.fullDomain, domain))
|
.where(
|
||||||
.limit(1);
|
or(
|
||||||
|
// Exact match
|
||||||
|
eq(resources.fullDomain, domain),
|
||||||
|
// Wildcard match: resource fullDomain is one of the wildcard candidates
|
||||||
|
wildcardCandidates.length > 0
|
||||||
|
? and(
|
||||||
|
eq(resources.wildcard, true),
|
||||||
|
inArray(resources.fullDomain, wildcardCandidates)
|
||||||
|
)
|
||||||
|
: sql`false`
|
||||||
|
)
|
||||||
|
);
|
||||||
|
|
||||||
|
if (!potentialResults.length) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Prefer exact match over wildcard match
|
||||||
|
const exactMatch = potentialResults.find(
|
||||||
|
(r) => r.resources?.fullDomain === domain
|
||||||
|
);
|
||||||
|
const result = exactMatch ?? potentialResults[0];
|
||||||
|
|
||||||
if (!result) {
|
if (!result) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// If a shared (custom) policy is assigned to the resource, use ONLY
|
||||||
|
// its values — do not fall back to the default policy. The default
|
||||||
|
// policy is only consulted when no shared policy is assigned at all.
|
||||||
|
const hasSharedPolicy = result.sharedPolicy !== null;
|
||||||
|
|
||||||
|
const effectivePolicyPincode = hasSharedPolicy
|
||||||
|
? result.sharedPolicyPincode
|
||||||
|
: (result.defaultPolicyPincode ?? null);
|
||||||
|
const effectivePolicyPassword = hasSharedPolicy
|
||||||
|
? result.sharedPolicyPassword
|
||||||
|
: (result.defaultPolicyPassword ?? null);
|
||||||
|
const effectivePolicyHeaderAuth = hasSharedPolicy
|
||||||
|
? result.sharedPolicyHeaderAuth
|
||||||
|
: (result.defaultPolicyHeaderAuth ?? null);
|
||||||
|
const selectedPolicy = hasSharedPolicy
|
||||||
|
? result.sharedPolicy
|
||||||
|
: result.defaultPolicy;
|
||||||
|
const effectiveApplyRules =
|
||||||
|
selectedPolicy?.applyRules ?? result.resources.applyRules;
|
||||||
|
const effectiveSSO = selectedPolicy?.sso ?? result.resources.sso;
|
||||||
|
const effectiveEmailWhitelistEnabled =
|
||||||
|
selectedPolicy?.emailWhitelistEnabled ??
|
||||||
|
result.resources.emailWhitelistEnabled;
|
||||||
|
|
||||||
return {
|
return {
|
||||||
resource: result.resources,
|
resource: {
|
||||||
pincode: result.resourcePincode,
|
...result.resources,
|
||||||
password: result.resourcePassword,
|
applyRules: effectiveApplyRules,
|
||||||
headerAuth: result.resourceHeaderAuth,
|
sso: effectiveSSO,
|
||||||
headerAuthExtendedCompatibility:
|
emailWhitelistEnabled: effectiveEmailWhitelistEnabled
|
||||||
result.resourceHeaderAuthExtendedCompatibility,
|
}, // doing this for backward compatability so the remote nodes get the value as part of the resource struct
|
||||||
|
pincode: effectivePolicyPincode ?? result.resourcePincode,
|
||||||
|
password: effectivePolicyPassword ?? result.resourcePassword,
|
||||||
|
headerAuth: effectivePolicyHeaderAuth ?? result.resourceHeaderAuth,
|
||||||
|
headerAuthExtendedCompatibility: effectivePolicyHeaderAuth
|
||||||
|
? ({
|
||||||
|
headerAuthExtendedCompatibilityId: 0,
|
||||||
|
resourceId: result.resources.resourceId,
|
||||||
|
extendedCompatibilityIsActivated:
|
||||||
|
effectivePolicyHeaderAuth.extendedCompatibility
|
||||||
|
} as ResourceHeaderAuthExtendedCompatibility)
|
||||||
|
: result.resourceHeaderAuthExtendedCompatibility,
|
||||||
|
applyRules: effectiveApplyRules,
|
||||||
|
sso: effectiveSSO,
|
||||||
|
emailWhitelistEnabled: effectiveEmailWhitelistEnabled,
|
||||||
org: result.orgs
|
org: result.orgs
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
@@ -123,58 +287,165 @@ export async function getRoleName(roleId: number): Promise<string | null> {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check if role has access to resource
|
* Check if role has access to resource (direct or via resource policy)
|
||||||
*/
|
*/
|
||||||
export async function getRoleResourceAccess(
|
export async function getRoleResourceAccess(
|
||||||
resourceId: number,
|
resourceId: number,
|
||||||
roleIds: number[]
|
roleIds: number[]
|
||||||
) {
|
) {
|
||||||
const roleResourceAccess = await db
|
const [direct, viaPolicies] = await Promise.all([
|
||||||
.select()
|
db
|
||||||
.from(roleResources)
|
.select()
|
||||||
.where(
|
.from(roleResources)
|
||||||
and(
|
.where(
|
||||||
eq(roleResources.resourceId, resourceId),
|
and(
|
||||||
inArray(roleResources.roleId, roleIds)
|
eq(roleResources.resourceId, resourceId),
|
||||||
|
inArray(roleResources.roleId, roleIds)
|
||||||
|
)
|
||||||
|
),
|
||||||
|
db
|
||||||
|
.select({
|
||||||
|
roleId: rolePolicies.roleId,
|
||||||
|
resourcePolicyId: rolePolicies.resourcePolicyId
|
||||||
|
})
|
||||||
|
.from(rolePolicies)
|
||||||
|
.innerJoin(
|
||||||
|
resources,
|
||||||
|
// Shared policy wins; only use default policy when no shared
|
||||||
|
// policy is assigned to the resource.
|
||||||
|
or(
|
||||||
|
eq(
|
||||||
|
resources.resourcePolicyId,
|
||||||
|
rolePolicies.resourcePolicyId
|
||||||
|
),
|
||||||
|
and(
|
||||||
|
isNull(resources.resourcePolicyId),
|
||||||
|
eq(
|
||||||
|
resources.defaultResourcePolicyId,
|
||||||
|
rolePolicies.resourcePolicyId
|
||||||
|
)
|
||||||
|
)
|
||||||
|
)
|
||||||
)
|
)
|
||||||
);
|
.where(
|
||||||
|
and(
|
||||||
|
eq(resources.resourceId, resourceId),
|
||||||
|
inArray(rolePolicies.roleId, roleIds)
|
||||||
|
)
|
||||||
|
)
|
||||||
|
]);
|
||||||
|
|
||||||
return roleResourceAccess.length > 0 ? roleResourceAccess : null;
|
const combined = [...direct, ...viaPolicies];
|
||||||
|
return combined.length > 0 ? combined : null;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check if user has direct access to resource
|
* Check if user has access to resource (direct or via resource policy)
|
||||||
*/
|
*/
|
||||||
export async function getUserResourceAccess(
|
export async function getUserResourceAccess(
|
||||||
userId: string,
|
userId: string,
|
||||||
resourceId: number
|
resourceId: number
|
||||||
) {
|
) {
|
||||||
const userResourceAccess = await db
|
const [direct, viaPolicies] = await Promise.all([
|
||||||
.select()
|
db
|
||||||
.from(userResources)
|
.select()
|
||||||
.where(
|
.from(userResources)
|
||||||
and(
|
.where(
|
||||||
eq(userResources.userId, userId),
|
and(
|
||||||
eq(userResources.resourceId, resourceId)
|
eq(userResources.userId, userId),
|
||||||
|
eq(userResources.resourceId, resourceId)
|
||||||
|
)
|
||||||
)
|
)
|
||||||
)
|
.limit(1),
|
||||||
.limit(1);
|
db
|
||||||
|
.select({
|
||||||
|
userId: userPolicies.userId,
|
||||||
|
resourcePolicyId: userPolicies.resourcePolicyId
|
||||||
|
})
|
||||||
|
.from(userPolicies)
|
||||||
|
.innerJoin(
|
||||||
|
resources,
|
||||||
|
// Shared policy wins; only use default policy when no shared
|
||||||
|
// policy is assigned to the resource.
|
||||||
|
or(
|
||||||
|
eq(
|
||||||
|
resources.resourcePolicyId,
|
||||||
|
userPolicies.resourcePolicyId
|
||||||
|
),
|
||||||
|
and(
|
||||||
|
isNull(resources.resourcePolicyId),
|
||||||
|
eq(
|
||||||
|
resources.defaultResourcePolicyId,
|
||||||
|
userPolicies.resourcePolicyId
|
||||||
|
)
|
||||||
|
)
|
||||||
|
)
|
||||||
|
)
|
||||||
|
.where(
|
||||||
|
and(
|
||||||
|
eq(resources.resourceId, resourceId),
|
||||||
|
eq(userPolicies.userId, userId)
|
||||||
|
)
|
||||||
|
)
|
||||||
|
.limit(1)
|
||||||
|
]);
|
||||||
|
|
||||||
return userResourceAccess.length > 0 ? userResourceAccess[0] : null;
|
return direct[0] ?? viaPolicies[0] ?? null;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get resource rules for a given resource
|
* Get resource rules for a given resource (direct and via resource policy)
|
||||||
*/
|
*/
|
||||||
export async function getResourceRules(
|
export async function getResourceRules(
|
||||||
resourceId: number
|
resourceId: number
|
||||||
): Promise<ResourceRule[]> {
|
): Promise<ResourceRule[]> {
|
||||||
const rules = await db
|
const [directRules, policyRules] = await Promise.all([
|
||||||
.select()
|
db
|
||||||
.from(resourceRules)
|
.select()
|
||||||
.where(eq(resourceRules.resourceId, resourceId));
|
.from(resourceRules)
|
||||||
|
.where(eq(resourceRules.resourceId, resourceId)),
|
||||||
|
db
|
||||||
|
.select({
|
||||||
|
ruleId: resourcePolicyRules.ruleId,
|
||||||
|
resourceId: sql<number>`${resourceId}`,
|
||||||
|
enabled: resourcePolicyRules.enabled,
|
||||||
|
priority: resourcePolicyRules.priority,
|
||||||
|
action: resourcePolicyRules.action,
|
||||||
|
match: resourcePolicyRules.match,
|
||||||
|
value: resourcePolicyRules.value
|
||||||
|
})
|
||||||
|
.from(resourcePolicyRules)
|
||||||
|
.innerJoin(
|
||||||
|
resources,
|
||||||
|
// Shared policy wins; only use default policy when no shared
|
||||||
|
// policy is assigned to the resource.
|
||||||
|
or(
|
||||||
|
eq(
|
||||||
|
resources.resourcePolicyId,
|
||||||
|
resourcePolicyRules.resourcePolicyId
|
||||||
|
),
|
||||||
|
and(
|
||||||
|
isNull(resources.resourcePolicyId),
|
||||||
|
eq(
|
||||||
|
resources.defaultResourcePolicyId,
|
||||||
|
resourcePolicyRules.resourcePolicyId
|
||||||
|
)
|
||||||
|
)
|
||||||
|
)
|
||||||
|
)
|
||||||
|
.where(eq(resources.resourceId, resourceId))
|
||||||
|
]);
|
||||||
|
|
||||||
return rules;
|
const maxDirectPriority = directRules.reduce(
|
||||||
|
(max, r) => Math.max(max, r.priority),
|
||||||
|
0
|
||||||
|
);
|
||||||
|
const offsetPolicyRules = policyRules.map((r) => ({
|
||||||
|
...r,
|
||||||
|
priority: maxDirectPriority + r.priority
|
||||||
|
}));
|
||||||
|
|
||||||
|
return [...directRules, ...offsetPolicyRules] as ResourceRule[];
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -13,6 +13,30 @@ bootstrapVolume();
|
|||||||
|
|
||||||
function createDb() {
|
function createDb() {
|
||||||
const sqlite = new Database(location);
|
const sqlite = new Database(location);
|
||||||
|
|
||||||
|
if (process.env.ENABLE_SQLITE_WAL_MODE == "true") {
|
||||||
|
// Enable WAL mode — allows concurrent readers + single writer, preventing
|
||||||
|
// contention across subsystems (verifySession, Traefik, audit, ping).
|
||||||
|
// NOTE: journal_mode persists in the DB file once set; unsetting this
|
||||||
|
// env var does NOT revert an existing WAL database.
|
||||||
|
sqlite.pragma("journal_mode = WAL");
|
||||||
|
// NORMAL sync mode: safe with WAL, reduces write lock hold time.
|
||||||
|
sqlite.pragma("synchronous = NORMAL");
|
||||||
|
}
|
||||||
|
|
||||||
|
// No busy_timeout pragma: better-sqlite3 already arms
|
||||||
|
// sqlite3_busy_timeout(db, 5000) via its default `timeout` option
|
||||||
|
// (lib/database.js), so an explicit pragma is redundant.
|
||||||
|
|
||||||
|
// Intentionally NOT setting cache_size or mmap_size: a large page cache plus
|
||||||
|
// a multi-hundred-MB mmap region inflate RSS and cause page-cache thrashing
|
||||||
|
// on small (~1 GB) instances. Leave SQLite on its conservative defaults.
|
||||||
|
|
||||||
|
// Intentionally NOT wrapping prepare()/statements: better-sqlite3 finalizes
|
||||||
|
// sqlite3_stmt in the Statement destructor at GC, and drizzle-orm prepares a
|
||||||
|
// fresh statement per query (no statement cache), so statements cannot
|
||||||
|
// accumulate. better-sqlite3 11.x exposes no Statement.finalize() at all.
|
||||||
|
|
||||||
return DrizzleSqlite(sqlite, {
|
return DrizzleSqlite(sqlite, {
|
||||||
schema
|
schema
|
||||||
});
|
});
|
||||||
@@ -23,7 +47,7 @@ export default db;
|
|||||||
export const primaryDb = db;
|
export const primaryDb = db;
|
||||||
export type Transaction = Parameters<
|
export type Transaction = Parameters<
|
||||||
Parameters<(typeof db)["transaction"]>[0]
|
Parameters<(typeof db)["transaction"]>[0]
|
||||||
>[0];
|
>[0];
|
||||||
export const DB_TYPE: "pg" | "sqlite" = "sqlite";
|
export const DB_TYPE: "pg" | "sqlite" = "sqlite";
|
||||||
|
|
||||||
function checkFileExists(filePath: string): boolean {
|
function checkFileExists(filePath: string): boolean {
|
||||||
|
|||||||
@@ -4,3 +4,4 @@ export * from "./safeRead";
|
|||||||
export * from "./schema/schema";
|
export * from "./schema/schema";
|
||||||
export * from "./schema/privateSchema";
|
export * from "./schema/privateSchema";
|
||||||
export * from "./migrate";
|
export * from "./migrate";
|
||||||
|
export { alias } from "drizzle-orm/sqlite-core";
|
||||||
|
|||||||
@@ -12,6 +12,7 @@ import {
|
|||||||
clients,
|
clients,
|
||||||
domains,
|
domains,
|
||||||
exitNodes,
|
exitNodes,
|
||||||
|
labels,
|
||||||
orgs,
|
orgs,
|
||||||
resources,
|
resources,
|
||||||
roles,
|
roles,
|
||||||
@@ -192,6 +193,44 @@ export const remoteExitNodes = sqliteTable("remoteExitNode", {
|
|||||||
})
|
})
|
||||||
});
|
});
|
||||||
|
|
||||||
|
export const remoteExitNodeResources = sqliteTable("remoteExitNodeResources", {
|
||||||
|
remoteExitNodeResourceId: integer("remoteExitNodeResourceId").primaryKey({
|
||||||
|
autoIncrement: true
|
||||||
|
}),
|
||||||
|
remoteExitNodeId: text("remoteExitNodeId")
|
||||||
|
.notNull()
|
||||||
|
.references(() => remoteExitNodes.remoteExitNodeId, {
|
||||||
|
onDelete: "cascade"
|
||||||
|
}),
|
||||||
|
destination: text("destination").notNull() // a cidr range
|
||||||
|
});
|
||||||
|
|
||||||
|
export const remoteExitNodePreferenceLabels = sqliteTable(
|
||||||
|
// this controls what sites are enforced to connect to this node
|
||||||
|
"remoteExitNodePreferenceLabels",
|
||||||
|
{
|
||||||
|
remoteExitNodePreferenceLabelId: integer(
|
||||||
|
"remoteExitNodePreferenceLabelId"
|
||||||
|
).primaryKey({ autoIncrement: true }),
|
||||||
|
remoteExitNodeId: text("remoteExitNodeId")
|
||||||
|
.references(() => remoteExitNodes.remoteExitNodeId, {
|
||||||
|
onDelete: "cascade"
|
||||||
|
})
|
||||||
|
.notNull(),
|
||||||
|
labelId: integer("labelId")
|
||||||
|
.references(() => labels.labelId, {
|
||||||
|
onDelete: "cascade"
|
||||||
|
})
|
||||||
|
.notNull()
|
||||||
|
},
|
||||||
|
(t) => [
|
||||||
|
uniqueIndex("remote_exit_node_preference_label_uniq").on(
|
||||||
|
t.remoteExitNodeId,
|
||||||
|
t.labelId
|
||||||
|
)
|
||||||
|
]
|
||||||
|
);
|
||||||
|
|
||||||
export const remoteExitNodeSessions = sqliteTable("remoteExitNodeSession", {
|
export const remoteExitNodeSessions = sqliteTable("remoteExitNodeSession", {
|
||||||
sessionId: text("id").primaryKey(),
|
sessionId: text("id").primaryKey(),
|
||||||
remoteExitNodeId: text("remoteExitNodeId")
|
remoteExitNodeId: text("remoteExitNodeId")
|
||||||
@@ -329,6 +368,7 @@ export const connectionAuditLog = sqliteTable(
|
|||||||
clientId: integer("clientId").references(() => clients.clientId, {
|
clientId: integer("clientId").references(() => clients.clientId, {
|
||||||
onDelete: "cascade"
|
onDelete: "cascade"
|
||||||
}),
|
}),
|
||||||
|
clientEndpoint: text("clientEndpoint"),
|
||||||
userId: text("userId").references(() => users.userId, {
|
userId: text("userId").references(() => users.userId, {
|
||||||
onDelete: "cascade"
|
onDelete: "cascade"
|
||||||
}),
|
}),
|
||||||
@@ -425,15 +465,25 @@ export const eventStreamingDestinations = sqliteTable(
|
|||||||
orgId: text("orgId")
|
orgId: text("orgId")
|
||||||
.notNull()
|
.notNull()
|
||||||
.references(() => orgs.orgId, { onDelete: "cascade" }),
|
.references(() => orgs.orgId, { onDelete: "cascade" }),
|
||||||
sendConnectionLogs: integer("sendConnectionLogs", { mode: "boolean" }).notNull().default(false),
|
sendConnectionLogs: integer("sendConnectionLogs", { mode: "boolean" })
|
||||||
sendRequestLogs: integer("sendRequestLogs", { mode: "boolean" }).notNull().default(false),
|
.notNull()
|
||||||
sendActionLogs: integer("sendActionLogs", { mode: "boolean" }).notNull().default(false),
|
.default(false),
|
||||||
sendAccessLogs: integer("sendAccessLogs", { mode: "boolean" }).notNull().default(false),
|
sendRequestLogs: integer("sendRequestLogs", { mode: "boolean" })
|
||||||
|
.notNull()
|
||||||
|
.default(false),
|
||||||
|
sendActionLogs: integer("sendActionLogs", { mode: "boolean" })
|
||||||
|
.notNull()
|
||||||
|
.default(false),
|
||||||
|
sendAccessLogs: integer("sendAccessLogs", { mode: "boolean" })
|
||||||
|
.notNull()
|
||||||
|
.default(false),
|
||||||
type: text("type").notNull(), // e.g. "http", "kafka", etc.
|
type: text("type").notNull(), // e.g. "http", "kafka", etc.
|
||||||
config: text("config").notNull(), // JSON string with the configuration for the destination
|
config: text("config").notNull(), // JSON string with the configuration for the destination
|
||||||
enabled: integer("enabled", { mode: "boolean" })
|
enabled: integer("enabled", { mode: "boolean" })
|
||||||
.notNull()
|
.notNull()
|
||||||
.default(true),
|
.default(true),
|
||||||
|
lastError: text("lastError"), // last send error message, null if healthy
|
||||||
|
lastErrorAt: integer("lastErrorAt"), // epoch ms of last error, null if healthy
|
||||||
createdAt: integer("createdAt").notNull(),
|
createdAt: integer("createdAt").notNull(),
|
||||||
updatedAt: integer("updatedAt").notNull()
|
updatedAt: integer("updatedAt").notNull()
|
||||||
}
|
}
|
||||||
@@ -476,14 +526,19 @@ export const alertRules = sqliteTable("alertRules", {
|
|||||||
| "health_check_toggle"
|
| "health_check_toggle"
|
||||||
| "resource_healthy"
|
| "resource_healthy"
|
||||||
| "resource_unhealthy"
|
| "resource_unhealthy"
|
||||||
|
| "resource_degraded"
|
||||||
| "resource_toggle"
|
| "resource_toggle"
|
||||||
>()
|
>()
|
||||||
.notNull(),
|
.notNull(),
|
||||||
enabled: integer("enabled", { mode: "boolean" }).notNull().default(true),
|
enabled: integer("enabled", { mode: "boolean" }).notNull().default(true),
|
||||||
cooldownSeconds: integer("cooldownSeconds").notNull().default(300),
|
cooldownSeconds: integer("cooldownSeconds").notNull().default(300),
|
||||||
allSites: integer("allSites", { mode: "boolean" }).notNull().default(false),
|
allSites: integer("allSites", { mode: "boolean" }).notNull().default(false),
|
||||||
allHealthChecks: integer("allHealthChecks", { mode: "boolean" }).notNull().default(false),
|
allHealthChecks: integer("allHealthChecks", { mode: "boolean" })
|
||||||
allResources: integer("allResources", { mode: "boolean" }).notNull().default(false),
|
.notNull()
|
||||||
|
.default(false),
|
||||||
|
allResources: integer("allResources", { mode: "boolean" })
|
||||||
|
.notNull()
|
||||||
|
.default(false),
|
||||||
lastTriggeredAt: integer("lastTriggeredAt"),
|
lastTriggeredAt: integer("lastTriggeredAt"),
|
||||||
createdAt: integer("createdAt").notNull(),
|
createdAt: integer("createdAt").notNull(),
|
||||||
updatedAt: integer("updatedAt").notNull()
|
updatedAt: integer("updatedAt").notNull()
|
||||||
@@ -531,23 +586,44 @@ export const alertEmailRecipients = sqliteTable("alertEmailRecipients", {
|
|||||||
recipientId: integer("recipientId").primaryKey({ autoIncrement: true }),
|
recipientId: integer("recipientId").primaryKey({ autoIncrement: true }),
|
||||||
emailActionId: integer("emailActionId")
|
emailActionId: integer("emailActionId")
|
||||||
.notNull()
|
.notNull()
|
||||||
.references(() => alertEmailActions.emailActionId, { onDelete: "cascade" }),
|
.references(() => alertEmailActions.emailActionId, {
|
||||||
userId: text("userId").references(() => users.userId, { onDelete: "cascade" }),
|
onDelete: "cascade"
|
||||||
roleId: integer("roleId").references(() => roles.roleId, { onDelete: "cascade" }),
|
}),
|
||||||
|
userId: text("userId").references(() => users.userId, {
|
||||||
|
onDelete: "cascade"
|
||||||
|
}),
|
||||||
|
roleId: integer("roleId").references(() => roles.roleId, {
|
||||||
|
onDelete: "cascade"
|
||||||
|
}),
|
||||||
email: text("email")
|
email: text("email")
|
||||||
});
|
});
|
||||||
|
|
||||||
export const alertWebhookActions = sqliteTable("alertWebhookActions", {
|
export const alertWebhookActions = sqliteTable("alertWebhookActions", {
|
||||||
webhookActionId: integer("webhookActionId").primaryKey({ autoIncrement: true }),
|
webhookActionId: integer("webhookActionId").primaryKey({
|
||||||
|
autoIncrement: true
|
||||||
|
}),
|
||||||
alertRuleId: integer("alertRuleId")
|
alertRuleId: integer("alertRuleId")
|
||||||
.notNull()
|
.notNull()
|
||||||
.references(() => alertRules.alertRuleId, { onDelete: "cascade" }),
|
.references(() => alertRules.alertRuleId, { onDelete: "cascade" }),
|
||||||
webhookUrl: text("webhookUrl").notNull(),
|
webhookUrl: text("webhookUrl").notNull(),
|
||||||
config: text("config"), // encrypted JSON with auth config (authType, credentials)
|
config: text("config"), // encrypted JSON with auth config (authType, credentials)
|
||||||
enabled: integer("enabled", { mode: "boolean" }).notNull().default(true),
|
enabled: integer("enabled", { mode: "boolean" }).notNull().default(true),
|
||||||
lastSentAt: integer("lastSentAt")
|
lastSentAt: integer("lastSentAt")
|
||||||
});
|
});
|
||||||
|
|
||||||
|
export const trialNotifications = sqliteTable("trialNotifications", {
|
||||||
|
notificationId: integer("notificationId").primaryKey({
|
||||||
|
autoIncrement: true
|
||||||
|
}),
|
||||||
|
subscriptionId: text("subscriptionId")
|
||||||
|
.notNull()
|
||||||
|
.references(() => subscriptions.subscriptionId, {
|
||||||
|
onDelete: "cascade"
|
||||||
|
}),
|
||||||
|
notificationType: text("notificationType").notNull(), // trial_ending_5d, trial_ending_24h, trial_ended
|
||||||
|
sentAt: integer("sentAt").notNull()
|
||||||
|
});
|
||||||
|
|
||||||
export type Approval = InferSelectModel<typeof approvals>;
|
export type Approval = InferSelectModel<typeof approvals>;
|
||||||
export type Limit = InferSelectModel<typeof limits>;
|
export type Limit = InferSelectModel<typeof limits>;
|
||||||
export type Account = InferSelectModel<typeof account>;
|
export type Account = InferSelectModel<typeof account>;
|
||||||
@@ -580,3 +656,10 @@ export type EventStreamingCursor = InferSelectModel<
|
|||||||
typeof eventStreamingCursors
|
typeof eventStreamingCursors
|
||||||
>;
|
>;
|
||||||
export type AlertResources = InferSelectModel<typeof alertResources>;
|
export type AlertResources = InferSelectModel<typeof alertResources>;
|
||||||
|
export type AlertHealthChecks = InferSelectModel<typeof alertHealthChecks>;
|
||||||
|
export type AlertSites = InferSelectModel<typeof alertSites>;
|
||||||
|
export type AlertRule = InferSelectModel<typeof alertRules>;
|
||||||
|
export type AlertEmailAction = InferSelectModel<typeof alertEmailActions>;
|
||||||
|
export type AlertEmailRecipient = InferSelectModel<typeof alertEmailRecipients>;
|
||||||
|
export type AlertWebhookAction = InferSelectModel<typeof alertWebhookActions>;
|
||||||
|
export type TrialNotification = InferSelectModel<typeof trialNotifications>;
|
||||||
|
|||||||
@@ -20,8 +20,10 @@ export const domains = sqliteTable("domains", {
|
|||||||
failed: integer("failed", { mode: "boolean" }).notNull().default(false),
|
failed: integer("failed", { mode: "boolean" }).notNull().default(false),
|
||||||
tries: integer("tries").notNull().default(0),
|
tries: integer("tries").notNull().default(0),
|
||||||
certResolver: text("certResolver"),
|
certResolver: text("certResolver"),
|
||||||
|
customCertResolver: text("customCertResolver"),
|
||||||
preferWildcardCert: integer("preferWildcardCert", { mode: "boolean" }),
|
preferWildcardCert: integer("preferWildcardCert", { mode: "boolean" }),
|
||||||
errorMessage: text("errorMessage")
|
errorMessage: text("errorMessage"),
|
||||||
|
lastCheckedAt: integer("lastCheckedAt")
|
||||||
});
|
});
|
||||||
|
|
||||||
export const dnsRecords = sqliteTable("dnsRecords", {
|
export const dnsRecords = sqliteTable("dnsRecords", {
|
||||||
@@ -62,7 +64,13 @@ export const orgs = sqliteTable("orgs", {
|
|||||||
sshCaPrivateKey: text("sshCaPrivateKey"), // Encrypted SSH CA private key (PEM format)
|
sshCaPrivateKey: text("sshCaPrivateKey"), // Encrypted SSH CA private key (PEM format)
|
||||||
sshCaPublicKey: text("sshCaPublicKey"), // SSH CA public key (OpenSSH format)
|
sshCaPublicKey: text("sshCaPublicKey"), // SSH CA public key (OpenSSH format)
|
||||||
isBillingOrg: integer("isBillingOrg", { mode: "boolean" }),
|
isBillingOrg: integer("isBillingOrg", { mode: "boolean" }),
|
||||||
billingOrgId: text("billingOrgId")
|
billingOrgId: text("billingOrgId"),
|
||||||
|
settingsEnableGlobalNewtAutoUpdate: integer(
|
||||||
|
"settingsEnableGlobalNewtAutoUpdate",
|
||||||
|
{ mode: "boolean" }
|
||||||
|
)
|
||||||
|
.notNull()
|
||||||
|
.default(false)
|
||||||
});
|
});
|
||||||
|
|
||||||
export const userDomains = sqliteTable("userDomains", {
|
export const userDomains = sqliteTable("userDomains", {
|
||||||
@@ -116,11 +124,29 @@ export const sites = sqliteTable("sites", {
|
|||||||
dockerSocketEnabled: integer("dockerSocketEnabled", { mode: "boolean" })
|
dockerSocketEnabled: integer("dockerSocketEnabled", { mode: "boolean" })
|
||||||
.notNull()
|
.notNull()
|
||||||
.default(true),
|
.default(true),
|
||||||
|
autoUpdateEnabled: integer("autoUpdateEnabled", { mode: "boolean" })
|
||||||
|
.notNull()
|
||||||
|
.default(false),
|
||||||
|
autoUpdateOverrideOrg: integer("autoUpdateOverrideOrg", {
|
||||||
|
mode: "boolean"
|
||||||
|
})
|
||||||
|
.notNull()
|
||||||
|
.default(false),
|
||||||
status: text("status").$type<"pending" | "approved">().default("approved")
|
status: text("status").$type<"pending" | "approved">().default("approved")
|
||||||
});
|
});
|
||||||
|
|
||||||
export const resources = sqliteTable("resources", {
|
export const resources = sqliteTable("resources", {
|
||||||
resourceId: integer("resourceId").primaryKey({ autoIncrement: true }),
|
resourceId: integer("resourceId").primaryKey({ autoIncrement: true }),
|
||||||
|
resourcePolicyId: integer("resourcePolicyId").references(
|
||||||
|
() => resourcePolicies.resourcePolicyId,
|
||||||
|
{ onDelete: "set null" }
|
||||||
|
),
|
||||||
|
defaultResourcePolicyId: integer("defaultResourcePolicyId").references(
|
||||||
|
() => resourcePolicies.resourcePolicyId,
|
||||||
|
{
|
||||||
|
onDelete: "restrict"
|
||||||
|
}
|
||||||
|
),
|
||||||
resourceGuid: text("resourceGuid", { length: 36 })
|
resourceGuid: text("resourceGuid", { length: 36 })
|
||||||
.unique()
|
.unique()
|
||||||
.notNull()
|
.notNull()
|
||||||
@@ -141,16 +167,12 @@ export const resources = sqliteTable("resources", {
|
|||||||
blockAccess: integer("blockAccess", { mode: "boolean" })
|
blockAccess: integer("blockAccess", { mode: "boolean" })
|
||||||
.notNull()
|
.notNull()
|
||||||
.default(false),
|
.default(false),
|
||||||
sso: integer("sso", { mode: "boolean" }).notNull().default(true),
|
|
||||||
http: integer("http", { mode: "boolean" }).notNull().default(true),
|
|
||||||
protocol: text("protocol").notNull(),
|
|
||||||
proxyPort: integer("proxyPort"),
|
proxyPort: integer("proxyPort"),
|
||||||
emailWhitelistEnabled: integer("emailWhitelistEnabled", { mode: "boolean" })
|
sso: integer("sso", { mode: "boolean" }),
|
||||||
.notNull()
|
emailWhitelistEnabled: integer("emailWhitelistEnabled", {
|
||||||
.default(false),
|
mode: "boolean"
|
||||||
applyRules: integer("applyRules", { mode: "boolean" })
|
}),
|
||||||
.notNull()
|
applyRules: integer("applyRules", { mode: "boolean" }),
|
||||||
.default(false),
|
|
||||||
enabled: integer("enabled", { mode: "boolean" }).notNull().default(true),
|
enabled: integer("enabled", { mode: "boolean" }).notNull().default(true),
|
||||||
stickySession: integer("stickySession", { mode: "boolean" })
|
stickySession: integer("stickySession", { mode: "boolean" })
|
||||||
.notNull()
|
.notNull()
|
||||||
@@ -166,7 +188,6 @@ export const resources = sqliteTable("resources", {
|
|||||||
.notNull()
|
.notNull()
|
||||||
.default(false),
|
.default(false),
|
||||||
proxyProtocolVersion: integer("proxyProtocolVersion").default(1),
|
proxyProtocolVersion: integer("proxyProtocolVersion").default(1),
|
||||||
|
|
||||||
maintenanceModeEnabled: integer("maintenanceModeEnabled", {
|
maintenanceModeEnabled: integer("maintenanceModeEnabled", {
|
||||||
mode: "boolean"
|
mode: "boolean"
|
||||||
})
|
})
|
||||||
@@ -178,9 +199,125 @@ export const resources = sqliteTable("resources", {
|
|||||||
maintenanceTitle: text("maintenanceTitle"),
|
maintenanceTitle: text("maintenanceTitle"),
|
||||||
maintenanceMessage: text("maintenanceMessage"),
|
maintenanceMessage: text("maintenanceMessage"),
|
||||||
maintenanceEstimatedTime: text("maintenanceEstimatedTime"),
|
maintenanceEstimatedTime: text("maintenanceEstimatedTime"),
|
||||||
postAuthPath: text("postAuthPath")
|
postAuthPath: text("postAuthPath"),
|
||||||
|
health: text("health").default("unknown"), // "healthy", "unhealthy", "unknown"
|
||||||
|
wildcard: integer("wildcard", { mode: "boolean" }).notNull().default(false),
|
||||||
|
mode: text("mode").default("http").notNull(), // rdp, ssh, http, vnc
|
||||||
|
pamMode: text("pamMode")
|
||||||
|
.$type<"passthrough" | "push">()
|
||||||
|
.default("passthrough"),
|
||||||
|
authDaemonMode: text("authDaemonMode")
|
||||||
|
.$type<"site" | "remote" | "native">()
|
||||||
|
.default("site"),
|
||||||
|
authDaemonPort: integer("authDaemonPort").default(22123)
|
||||||
});
|
});
|
||||||
|
|
||||||
|
export const labels = sqliteTable("labels", {
|
||||||
|
labelId: integer("labelId").primaryKey({ autoIncrement: true }),
|
||||||
|
name: text("name").notNull(),
|
||||||
|
color: text("color").notNull(),
|
||||||
|
orgId: text("orgId")
|
||||||
|
.references(() => orgs.orgId, {
|
||||||
|
onDelete: "cascade"
|
||||||
|
})
|
||||||
|
.notNull()
|
||||||
|
});
|
||||||
|
|
||||||
|
export const launcherViews = sqliteTable("launcherViews", {
|
||||||
|
viewId: integer("viewId").primaryKey({ autoIncrement: true }),
|
||||||
|
orgId: text("orgId")
|
||||||
|
.notNull()
|
||||||
|
.references(() => orgs.orgId, { onDelete: "cascade" }),
|
||||||
|
userId: text("userId").references(() => users.userId, {
|
||||||
|
onDelete: "cascade"
|
||||||
|
}),
|
||||||
|
name: text("name").notNull(),
|
||||||
|
config: text("config").notNull(),
|
||||||
|
isDefault: integer("isDefault", { mode: "boolean" })
|
||||||
|
.notNull()
|
||||||
|
.default(false),
|
||||||
|
createdAt: text("createdAt").notNull(),
|
||||||
|
updatedAt: text("updatedAt").notNull()
|
||||||
|
});
|
||||||
|
|
||||||
|
export const siteLabels = sqliteTable(
|
||||||
|
"siteLabels",
|
||||||
|
{
|
||||||
|
siteLabelId: integer("siteLabelId").primaryKey({ autoIncrement: true }),
|
||||||
|
siteId: integer("siteId")
|
||||||
|
.references(() => sites.siteId, {
|
||||||
|
onDelete: "cascade"
|
||||||
|
})
|
||||||
|
.notNull(),
|
||||||
|
labelId: integer("labelId")
|
||||||
|
.references(() => labels.labelId, {
|
||||||
|
onDelete: "cascade"
|
||||||
|
})
|
||||||
|
.notNull()
|
||||||
|
},
|
||||||
|
(t) => [unique("site_label_uniq").on(t.siteId, t.labelId)]
|
||||||
|
);
|
||||||
|
|
||||||
|
export const resourceLabels = sqliteTable(
|
||||||
|
"resourceLabels",
|
||||||
|
{
|
||||||
|
resourceLabelId: integer("resourceLabelId").primaryKey({
|
||||||
|
autoIncrement: true
|
||||||
|
}),
|
||||||
|
resourceId: integer("resourceId")
|
||||||
|
.references(() => resources.resourceId, {
|
||||||
|
onDelete: "cascade"
|
||||||
|
})
|
||||||
|
.notNull(),
|
||||||
|
labelId: integer("labelId")
|
||||||
|
.references(() => labels.labelId, {
|
||||||
|
onDelete: "cascade"
|
||||||
|
})
|
||||||
|
.notNull()
|
||||||
|
},
|
||||||
|
(t) => [unique("resource_label_uniq").on(t.resourceId, t.labelId)]
|
||||||
|
);
|
||||||
|
|
||||||
|
export const siteResourceLabels = sqliteTable(
|
||||||
|
"siteResourceLabels",
|
||||||
|
{
|
||||||
|
siteResourceLabelId: integer("siteResourceLabelId").primaryKey({
|
||||||
|
autoIncrement: true
|
||||||
|
}),
|
||||||
|
siteResourceId: integer("siteResourceId")
|
||||||
|
.references(() => siteResources.siteResourceId, {
|
||||||
|
onDelete: "cascade"
|
||||||
|
})
|
||||||
|
.notNull(),
|
||||||
|
labelId: integer("labelId")
|
||||||
|
.references(() => labels.labelId, {
|
||||||
|
onDelete: "cascade"
|
||||||
|
})
|
||||||
|
.notNull()
|
||||||
|
},
|
||||||
|
(t) => [unique("site_resource_label_uniq").on(t.siteResourceId, t.labelId)]
|
||||||
|
);
|
||||||
|
|
||||||
|
export const clientLabels = sqliteTable(
|
||||||
|
"clientLabels",
|
||||||
|
{
|
||||||
|
clientLabelId: integer("clientLabelId").primaryKey({
|
||||||
|
autoIncrement: true
|
||||||
|
}),
|
||||||
|
clientId: integer("clientId")
|
||||||
|
.references(() => clients.clientId, {
|
||||||
|
onDelete: "cascade"
|
||||||
|
})
|
||||||
|
.notNull(),
|
||||||
|
labelId: integer("labelId")
|
||||||
|
.references(() => labels.labelId, {
|
||||||
|
onDelete: "cascade"
|
||||||
|
})
|
||||||
|
.notNull()
|
||||||
|
},
|
||||||
|
(t) => [unique("client_label_uniq").on(t.clientId, t.labelId)]
|
||||||
|
);
|
||||||
|
|
||||||
export const targets = sqliteTable("targets", {
|
export const targets = sqliteTable("targets", {
|
||||||
targetId: integer("targetId").primaryKey({ autoIncrement: true }),
|
targetId: integer("targetId").primaryKey({ autoIncrement: true }),
|
||||||
resourceId: integer("resourceId")
|
resourceId: integer("resourceId")
|
||||||
@@ -202,7 +339,12 @@ export const targets = sqliteTable("targets", {
|
|||||||
pathMatchType: text("pathMatchType"), // exact, prefix, regex
|
pathMatchType: text("pathMatchType"), // exact, prefix, regex
|
||||||
rewritePath: text("rewritePath"), // if set, rewrites the path to this value before sending to the target
|
rewritePath: text("rewritePath"), // if set, rewrites the path to this value before sending to the target
|
||||||
rewritePathType: text("rewritePathType"), // exact, prefix, regex, stripPrefix
|
rewritePathType: text("rewritePathType"), // exact, prefix, regex, stripPrefix
|
||||||
priority: integer("priority").notNull().default(100)
|
priority: integer("priority").notNull().default(100),
|
||||||
|
mode: text("mode")
|
||||||
|
.$type<"http" | "tcp" | "udp" | "ssh" | "rdp" | "vnc">()
|
||||||
|
.notNull()
|
||||||
|
.default("http"),
|
||||||
|
authToken: text("authToken")
|
||||||
});
|
});
|
||||||
|
|
||||||
export const targetHealthCheck = sqliteTable("targetHealthCheck", {
|
export const targetHealthCheck = sqliteTable("targetHealthCheck", {
|
||||||
@@ -217,9 +359,11 @@ export const targetHealthCheck = sqliteTable("targetHealthCheck", {
|
|||||||
onDelete: "cascade"
|
onDelete: "cascade"
|
||||||
})
|
})
|
||||||
.notNull(),
|
.notNull(),
|
||||||
siteId: integer("siteId").references(() => sites.siteId, {
|
siteId: integer("siteId")
|
||||||
onDelete: "cascade"
|
.references(() => sites.siteId, {
|
||||||
}).notNull(),
|
onDelete: "cascade"
|
||||||
|
})
|
||||||
|
.notNull(),
|
||||||
name: text("name"),
|
name: text("name"),
|
||||||
hcEnabled: integer("hcEnabled", { mode: "boolean" })
|
hcEnabled: integer("hcEnabled", { mode: "boolean" })
|
||||||
.notNull()
|
.notNull()
|
||||||
@@ -279,11 +423,11 @@ export const siteResources = sqliteTable("siteResources", {
|
|||||||
niceId: text("niceId").notNull(),
|
niceId: text("niceId").notNull(),
|
||||||
name: text("name").notNull(),
|
name: text("name").notNull(),
|
||||||
ssl: integer("ssl", { mode: "boolean" }).notNull().default(false),
|
ssl: integer("ssl", { mode: "boolean" }).notNull().default(false),
|
||||||
mode: text("mode").$type<"host" | "cidr" | "http">().notNull(), // "host" | "cidr" | "http"
|
mode: text("mode").$type<"host" | "cidr" | "http" | "ssh">().notNull(), // "host" | "cidr" | "http"
|
||||||
scheme: text("scheme").$type<"http" | "https">(), // only for when we are doing https or http mode
|
scheme: text("scheme").$type<"http" | "https">(), // only for when we are doing https or http mode
|
||||||
proxyPort: integer("proxyPort"), // only for port mode
|
proxyPort: integer("proxyPort"), // only for port mode
|
||||||
destinationPort: integer("destinationPort"), // only for port mode
|
destinationPort: integer("destinationPort"), // only for port mode
|
||||||
destination: text("destination").notNull(), // ip, cidr, hostname
|
destination: text("destination"), // ip, cidr, hostname
|
||||||
enabled: integer("enabled", { mode: "boolean" }).notNull().default(true),
|
enabled: integer("enabled", { mode: "boolean" }).notNull().default(true),
|
||||||
alias: text("alias"),
|
alias: text("alias"),
|
||||||
aliasAddress: text("aliasAddress"),
|
aliasAddress: text("aliasAddress"),
|
||||||
@@ -293,8 +437,11 @@ export const siteResources = sqliteTable("siteResources", {
|
|||||||
.notNull()
|
.notNull()
|
||||||
.default(false),
|
.default(false),
|
||||||
authDaemonPort: integer("authDaemonPort").default(22123),
|
authDaemonPort: integer("authDaemonPort").default(22123),
|
||||||
|
pamMode: text("pamMode")
|
||||||
|
.$type<"passthrough" | "push">()
|
||||||
|
.default("passthrough"),
|
||||||
authDaemonMode: text("authDaemonMode")
|
authDaemonMode: text("authDaemonMode")
|
||||||
.$type<"site" | "remote">()
|
.$type<"site" | "remote" | "native">()
|
||||||
.default("site"),
|
.default("site"),
|
||||||
domainId: text("domainId").references(() => domains.domainId, {
|
domainId: text("domainId").references(() => domains.domainId, {
|
||||||
onDelete: "set null"
|
onDelete: "set null"
|
||||||
@@ -907,6 +1054,47 @@ export const resourceHeaderAuth = sqliteTable("resourceHeaderAuth", {
|
|||||||
headerAuthHash: text("headerAuthHash").notNull()
|
headerAuthHash: text("headerAuthHash").notNull()
|
||||||
});
|
});
|
||||||
|
|
||||||
|
export const resourcePolicyPincode = sqliteTable("resourcePolicyPincode", {
|
||||||
|
pincodeId: integer("pincodeId").primaryKey({ autoIncrement: true }),
|
||||||
|
pincodeHash: text("pincodeHash").notNull(),
|
||||||
|
digitLength: integer("digitLength").notNull(),
|
||||||
|
resourcePolicyId: integer("resourcePolicyId")
|
||||||
|
.notNull()
|
||||||
|
.references(() => resourcePolicies.resourcePolicyId, {
|
||||||
|
onDelete: "cascade"
|
||||||
|
})
|
||||||
|
});
|
||||||
|
|
||||||
|
export const resourcePolicyPassword = sqliteTable("resourcePolicyPassword", {
|
||||||
|
passwordId: integer("passwordId").primaryKey({ autoIncrement: true }),
|
||||||
|
passwordHash: text("passwordHash").notNull(),
|
||||||
|
resourcePolicyId: integer("resourcePolicyId")
|
||||||
|
.notNull()
|
||||||
|
.references(() => resourcePolicies.resourcePolicyId, {
|
||||||
|
onDelete: "cascade"
|
||||||
|
})
|
||||||
|
});
|
||||||
|
|
||||||
|
export const resourcePolicyHeaderAuth = sqliteTable(
|
||||||
|
"resourcePolicyHeaderAuth",
|
||||||
|
{
|
||||||
|
headerAuthId: integer("headerAuthId").primaryKey({
|
||||||
|
autoIncrement: true
|
||||||
|
}),
|
||||||
|
headerAuthHash: text("headerAuthHash").notNull(),
|
||||||
|
extendedCompatibility: integer("extendedCompatibility", {
|
||||||
|
mode: "boolean"
|
||||||
|
})
|
||||||
|
.notNull()
|
||||||
|
.default(true),
|
||||||
|
resourcePolicyId: integer("resourcePolicyId")
|
||||||
|
.notNull()
|
||||||
|
.references(() => resourcePolicies.resourcePolicyId, {
|
||||||
|
onDelete: "cascade"
|
||||||
|
})
|
||||||
|
}
|
||||||
|
);
|
||||||
|
|
||||||
export const resourceHeaderAuthExtendedCompatibility = sqliteTable(
|
export const resourceHeaderAuthExtendedCompatibility = sqliteTable(
|
||||||
"resourceHeaderAuthExtendedCompatibility",
|
"resourceHeaderAuthExtendedCompatibility",
|
||||||
{
|
{
|
||||||
@@ -935,6 +1123,7 @@ export const resourceAccessToken = sqliteTable("resourceAccessToken", {
|
|||||||
resourceId: integer("resourceId")
|
resourceId: integer("resourceId")
|
||||||
.notNull()
|
.notNull()
|
||||||
.references(() => resources.resourceId, { onDelete: "cascade" }),
|
.references(() => resources.resourceId, { onDelete: "cascade" }),
|
||||||
|
path: text("path"),
|
||||||
tokenHash: text("tokenHash").notNull(),
|
tokenHash: text("tokenHash").notNull(),
|
||||||
sessionLength: integer("sessionLength").notNull(),
|
sessionLength: integer("sessionLength").notNull(),
|
||||||
expiresAt: integer("expiresAt"),
|
expiresAt: integer("expiresAt"),
|
||||||
@@ -981,6 +1170,24 @@ export const resourceSessions = sqliteTable("resourceSessions", {
|
|||||||
onDelete: "cascade"
|
onDelete: "cascade"
|
||||||
}
|
}
|
||||||
),
|
),
|
||||||
|
policyPasswordId: integer("policyPasswordId").references(
|
||||||
|
() => resourcePolicyPassword.passwordId,
|
||||||
|
{
|
||||||
|
onDelete: "cascade"
|
||||||
|
}
|
||||||
|
),
|
||||||
|
policyPincodeId: integer("policyPincodeId").references(
|
||||||
|
() => resourcePolicyPincode.pincodeId,
|
||||||
|
{
|
||||||
|
onDelete: "cascade"
|
||||||
|
}
|
||||||
|
),
|
||||||
|
policyWhitelistId: integer("policyWhitelistId").references(
|
||||||
|
() => resourcePolicyWhiteList.whitelistId,
|
||||||
|
{
|
||||||
|
onDelete: "cascade"
|
||||||
|
}
|
||||||
|
),
|
||||||
issuedAt: integer("issuedAt")
|
issuedAt: integer("issuedAt")
|
||||||
});
|
});
|
||||||
|
|
||||||
@@ -1021,6 +1228,79 @@ export const resourceRules = sqliteTable("resourceRules", {
|
|||||||
value: text("value").notNull()
|
value: text("value").notNull()
|
||||||
});
|
});
|
||||||
|
|
||||||
|
export const rolePolicies = sqliteTable("rolePolicies", {
|
||||||
|
roleId: integer("roleId")
|
||||||
|
.notNull()
|
||||||
|
.references(() => roles.roleId, { onDelete: "cascade" }),
|
||||||
|
resourcePolicyId: integer("resourcePolicyId")
|
||||||
|
.notNull()
|
||||||
|
.references(() => resourcePolicies.resourcePolicyId, {
|
||||||
|
onDelete: "cascade"
|
||||||
|
})
|
||||||
|
});
|
||||||
|
|
||||||
|
export const userPolicies = sqliteTable("userPolicies", {
|
||||||
|
userId: text("userId")
|
||||||
|
.notNull()
|
||||||
|
.references(() => users.userId, { onDelete: "cascade" }),
|
||||||
|
resourcePolicyId: integer("resourcePolicyId")
|
||||||
|
.notNull()
|
||||||
|
.references(() => resourcePolicies.resourcePolicyId, {
|
||||||
|
onDelete: "cascade"
|
||||||
|
})
|
||||||
|
});
|
||||||
|
|
||||||
|
export const resourcePolicyWhiteList = sqliteTable("resourcePolicyWhitelist", {
|
||||||
|
whitelistId: integer("id").primaryKey({ autoIncrement: true }),
|
||||||
|
email: text("email").notNull(),
|
||||||
|
resourcePolicyId: integer("resourcePolicyId")
|
||||||
|
.notNull()
|
||||||
|
.references(() => resourcePolicies.resourcePolicyId, {
|
||||||
|
onDelete: "cascade"
|
||||||
|
})
|
||||||
|
});
|
||||||
|
|
||||||
|
export const resourcePolicyRules = sqliteTable("resourcePolicyRules", {
|
||||||
|
ruleId: integer("ruleId").primaryKey({ autoIncrement: true }),
|
||||||
|
resourcePolicyId: integer("resourcePolicyId")
|
||||||
|
.notNull()
|
||||||
|
.references(() => resourcePolicies.resourcePolicyId, {
|
||||||
|
onDelete: "cascade"
|
||||||
|
}),
|
||||||
|
enabled: integer("enabled", { mode: "boolean" }).notNull().default(true),
|
||||||
|
priority: integer("priority").notNull(),
|
||||||
|
action: text("action").$type<"ACCEPT" | "DROP" | "PASS">().notNull(),
|
||||||
|
match: text("match")
|
||||||
|
.$type<"CIDR" | "PATH" | "IP" | "COUNTRY" | "ASN" | "REGION">()
|
||||||
|
.notNull(),
|
||||||
|
value: text("value").notNull()
|
||||||
|
});
|
||||||
|
|
||||||
|
export const resourcePolicies = sqliteTable("resourcePolicies", {
|
||||||
|
resourcePolicyId: integer("resourcePolicyId").primaryKey(),
|
||||||
|
sso: integer("sso", { mode: "boolean" }).notNull().default(true),
|
||||||
|
applyRules: integer("applyRules", { mode: "boolean" })
|
||||||
|
.notNull()
|
||||||
|
.default(false),
|
||||||
|
scope: text("scope")
|
||||||
|
.$type<"global" | "resource">()
|
||||||
|
.notNull()
|
||||||
|
.default("global"),
|
||||||
|
emailWhitelistEnabled: integer("emailWhitelistEnabled", { mode: "boolean" })
|
||||||
|
.notNull()
|
||||||
|
.default(false),
|
||||||
|
niceId: text("niceId").notNull(),
|
||||||
|
idpId: integer("idpId").references(() => idp.idpId, {
|
||||||
|
onDelete: "set null"
|
||||||
|
}),
|
||||||
|
name: text("name").notNull(),
|
||||||
|
orgId: text("orgId")
|
||||||
|
.references(() => orgs.orgId, {
|
||||||
|
onDelete: "cascade"
|
||||||
|
})
|
||||||
|
.notNull()
|
||||||
|
});
|
||||||
|
|
||||||
export const supporterKey = sqliteTable("supporterKey", {
|
export const supporterKey = sqliteTable("supporterKey", {
|
||||||
keyId: integer("keyId").primaryKey({ autoIncrement: true }),
|
keyId: integer("keyId").primaryKey({ autoIncrement: true }),
|
||||||
key: text("key").notNull(),
|
key: text("key").notNull(),
|
||||||
@@ -1194,19 +1474,30 @@ export const roundTripMessageTracker = sqliteTable("roundTripMessageTracker", {
|
|||||||
complete: integer("complete", { mode: "boolean" }).notNull().default(false)
|
complete: integer("complete", { mode: "boolean" }).notNull().default(false)
|
||||||
});
|
});
|
||||||
|
|
||||||
export const statusHistory = sqliteTable("statusHistory", {
|
export const statusHistory = sqliteTable(
|
||||||
id: integer("id").primaryKey({ autoIncrement: true }),
|
"statusHistory",
|
||||||
entityType: text("entityType").notNull(), // "site" | "healthCheck"
|
{
|
||||||
entityId: integer("entityId").notNull(), // siteId or targetHealthCheckId
|
id: integer("id").primaryKey({ autoIncrement: true }),
|
||||||
orgId: text("orgId")
|
entityType: text("entityType").notNull(), // "site" | "healthCheck"
|
||||||
.notNull()
|
entityId: integer("entityId").notNull(), // siteId or targetHealthCheckId
|
||||||
.references(() => orgs.orgId, { onDelete: "cascade" }),
|
orgId: text("orgId")
|
||||||
status: text("status").notNull(), // "online"/"offline" for sites; "healthy"/"unhealthy"/"unknown" for healthChecks
|
.notNull()
|
||||||
timestamp: integer("timestamp").notNull(), // unix epoch seconds
|
.references(() => orgs.orgId, { onDelete: "cascade" }),
|
||||||
}, (table) => [
|
status: text("status").notNull(), // "online"/"offline" for sites; "healthy"/"unhealthy"/"unknown" for healthChecks
|
||||||
index("idx_statusHistory_entity").on(table.entityType, table.entityId, table.timestamp),
|
timestamp: integer("timestamp").notNull() // unix epoch seconds
|
||||||
index("idx_statusHistory_org_timestamp").on(table.orgId, table.timestamp),
|
},
|
||||||
]);
|
(table) => [
|
||||||
|
index("idx_statusHistory_entity").on(
|
||||||
|
table.entityType,
|
||||||
|
table.entityId,
|
||||||
|
table.timestamp
|
||||||
|
),
|
||||||
|
index("idx_statusHistory_org_timestamp").on(
|
||||||
|
table.orgId,
|
||||||
|
table.timestamp
|
||||||
|
)
|
||||||
|
]
|
||||||
|
);
|
||||||
|
|
||||||
export type Org = InferSelectModel<typeof orgs>;
|
export type Org = InferSelectModel<typeof orgs>;
|
||||||
export type User = InferSelectModel<typeof users>;
|
export type User = InferSelectModel<typeof users>;
|
||||||
@@ -1276,3 +1567,17 @@ export type RoundTripMessageTracker = InferSelectModel<
|
|||||||
typeof roundTripMessageTracker
|
typeof roundTripMessageTracker
|
||||||
>;
|
>;
|
||||||
export type StatusHistory = InferSelectModel<typeof statusHistory>;
|
export type StatusHistory = InferSelectModel<typeof statusHistory>;
|
||||||
|
export type Label = InferSelectModel<typeof labels>;
|
||||||
|
export type LauncherView = InferSelectModel<typeof launcherViews>;
|
||||||
|
export type ResourcePolicy = InferSelectModel<typeof resourcePolicies>;
|
||||||
|
export type ResourcePolicyPincode = InferSelectModel<
|
||||||
|
typeof resourcePolicyPincode
|
||||||
|
>;
|
||||||
|
export type ResourcePolicyPassword = InferSelectModel<
|
||||||
|
typeof resourcePolicyPassword
|
||||||
|
>;
|
||||||
|
export type ResourcePolicyHeaderAuth = InferSelectModel<
|
||||||
|
typeof resourcePolicyHeaderAuth
|
||||||
|
>;
|
||||||
|
export type RolePolicy = InferSelectModel<typeof rolePolicies>;
|
||||||
|
export type UserPolicy = InferSelectModel<typeof userPolicies>;
|
||||||
|
|||||||
@@ -23,6 +23,7 @@ export type AlertEventType =
|
|||||||
| "health_check_toggle"
|
| "health_check_toggle"
|
||||||
| "resource_healthy"
|
| "resource_healthy"
|
||||||
| "resource_unhealthy"
|
| "resource_unhealthy"
|
||||||
|
| "resource_degraded"
|
||||||
| "resource_toggle";
|
| "resource_toggle";
|
||||||
|
|
||||||
export type AlertNotificationProps = {
|
export type AlertNotificationProps = {
|
||||||
@@ -36,8 +37,8 @@ function getEventMeta(eventType: AlertEventType): {
|
|||||||
heading: string;
|
heading: string;
|
||||||
previewText: string;
|
previewText: string;
|
||||||
summary: string;
|
summary: string;
|
||||||
statusLabel: string;
|
statusLabel: string | null;
|
||||||
statusColor: string;
|
statusColor: string | null;
|
||||||
} {
|
} {
|
||||||
switch (eventType) {
|
switch (eventType) {
|
||||||
case "site_online":
|
case "site_online":
|
||||||
@@ -63,8 +64,8 @@ function getEventMeta(eventType: AlertEventType): {
|
|||||||
heading: "Site Status Changed",
|
heading: "Site Status Changed",
|
||||||
previewText: "A site in your organization has changed status.",
|
previewText: "A site in your organization has changed status.",
|
||||||
summary: "A site in your organization has changed status.",
|
summary: "A site in your organization has changed status.",
|
||||||
statusLabel: "Status Changed",
|
statusLabel: null,
|
||||||
statusColor: "#f59e0b"
|
statusColor: null
|
||||||
};
|
};
|
||||||
case "health_check_healthy":
|
case "health_check_healthy":
|
||||||
return {
|
return {
|
||||||
@@ -93,8 +94,8 @@ function getEventMeta(eventType: AlertEventType): {
|
|||||||
"A health check in your organization has changed status.",
|
"A health check in your organization has changed status.",
|
||||||
summary:
|
summary:
|
||||||
"A health check in your organization has changed status.",
|
"A health check in your organization has changed status.",
|
||||||
statusLabel: "Status Changed",
|
statusLabel: null,
|
||||||
statusColor: "#f59e0b"
|
statusColor: null
|
||||||
};
|
};
|
||||||
case "resource_healthy":
|
case "resource_healthy":
|
||||||
return {
|
return {
|
||||||
@@ -114,14 +115,23 @@ function getEventMeta(eventType: AlertEventType): {
|
|||||||
statusLabel: "Unhealthy",
|
statusLabel: "Unhealthy",
|
||||||
statusColor: "#dc2626"
|
statusColor: "#dc2626"
|
||||||
};
|
};
|
||||||
|
case "resource_degraded":
|
||||||
|
return {
|
||||||
|
heading: "Resource Degraded",
|
||||||
|
previewText: "A resource in your organization is degraded.",
|
||||||
|
summary:
|
||||||
|
"A resource in your organization is currently degraded.",
|
||||||
|
statusLabel: "Degraded",
|
||||||
|
statusColor: "#dc2626"
|
||||||
|
};
|
||||||
case "resource_toggle":
|
case "resource_toggle":
|
||||||
return {
|
return {
|
||||||
heading: "Resource Status Changed",
|
heading: "Resource Status Changed",
|
||||||
previewText:
|
previewText:
|
||||||
"A resource in your organization has changed status.",
|
"A resource in your organization has changed status.",
|
||||||
summary: "A resource in your organization has changed status.",
|
summary: "A resource in your organization has changed status.",
|
||||||
statusLabel: "Status Changed",
|
statusLabel: null,
|
||||||
statusColor: "#f59e0b"
|
statusColor: null
|
||||||
};
|
};
|
||||||
default:
|
default:
|
||||||
return {
|
return {
|
||||||
@@ -135,11 +145,31 @@ function getEventMeta(eventType: AlertEventType): {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function resolveToggleStatus(status: unknown): {
|
||||||
|
label: string;
|
||||||
|
color: string;
|
||||||
|
} {
|
||||||
|
switch (String(status).toLowerCase()) {
|
||||||
|
case "online":
|
||||||
|
return { label: "Online", color: "#16a34a" };
|
||||||
|
case "offline":
|
||||||
|
return { label: "Offline", color: "#dc2626" };
|
||||||
|
case "healthy":
|
||||||
|
return { label: "Healthy", color: "#16a34a" };
|
||||||
|
case "unhealthy":
|
||||||
|
return { label: "Unhealthy", color: "#dc2626" };
|
||||||
|
case "degraded":
|
||||||
|
return { label: "Degraded", color: "#dc2626" };
|
||||||
|
default:
|
||||||
|
return { label: String(status ?? "Unknown"), color: "#f59e0b" };
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
function formatDataItems(
|
function formatDataItems(
|
||||||
data: Record<string, unknown>
|
data: Record<string, unknown>
|
||||||
): { label: string; value: React.ReactNode }[] {
|
): { label: string; value: React.ReactNode }[] {
|
||||||
return Object.entries(data)
|
return Object.entries(data)
|
||||||
.filter(([key]) => key !== "orgId")
|
.filter(([key]) => key !== "orgId" && key !== "status")
|
||||||
.map(([key, value]) => ({
|
.map(([key, value]) => ({
|
||||||
label: key
|
label: key
|
||||||
.replace(/([A-Z])/g, " $1")
|
.replace(/([A-Z])/g, " $1")
|
||||||
@@ -154,16 +184,36 @@ export const AlertNotification = (props: AlertNotificationProps) => {
|
|||||||
const meta = getEventMeta(eventType);
|
const meta = getEventMeta(eventType);
|
||||||
const dataItems = formatDataItems(data);
|
const dataItems = formatDataItems(data);
|
||||||
|
|
||||||
|
const isToggle =
|
||||||
|
eventType === "site_toggle" ||
|
||||||
|
eventType === "health_check_toggle" ||
|
||||||
|
eventType === "resource_toggle";
|
||||||
|
|
||||||
|
const resolvedStatus = isToggle
|
||||||
|
? resolveToggleStatus(data.status)
|
||||||
|
: meta.statusLabel != null
|
||||||
|
? { label: meta.statusLabel, color: meta.statusColor! }
|
||||||
|
: null;
|
||||||
|
|
||||||
const allItems: { label: string; value: React.ReactNode }[] = [
|
const allItems: { label: string; value: React.ReactNode }[] = [
|
||||||
{ label: "Organization", value: orgId },
|
{ label: "Organization", value: orgId },
|
||||||
{
|
...(resolvedStatus != null
|
||||||
label: "Status",
|
? [
|
||||||
value: (
|
{
|
||||||
<span style={{ color: meta.statusColor, fontWeight: 600 }}>
|
label: "Status",
|
||||||
{meta.statusLabel}
|
value: (
|
||||||
</span>
|
<span
|
||||||
)
|
style={{
|
||||||
},
|
color: resolvedStatus.color,
|
||||||
|
fontWeight: 600
|
||||||
|
}}
|
||||||
|
>
|
||||||
|
{resolvedStatus.label}
|
||||||
|
</span>
|
||||||
|
)
|
||||||
|
}
|
||||||
|
]
|
||||||
|
: []),
|
||||||
{ label: "Time", value: new Date().toUTCString() },
|
{ label: "Time", value: new Date().toUTCString() },
|
||||||
...dataItems
|
...dataItems
|
||||||
];
|
];
|
||||||
|
|||||||
@@ -64,7 +64,7 @@ export const NotifyTrialExpiring = ({
|
|||||||
|
|
||||||
<EmailText>
|
<EmailText>
|
||||||
Some features and resources may now be
|
Some features and resources may now be
|
||||||
restricted or disconnected. To restore full
|
restricted. To restore full
|
||||||
access and continue using all the features
|
access and continue using all the features
|
||||||
you had during your trial, please upgrade to
|
you had during your trial, please upgrade to
|
||||||
a paid plan.
|
a paid plan.
|
||||||
@@ -85,7 +85,7 @@ export const NotifyTrialExpiring = ({
|
|||||||
<strong>{orgName}</strong> will end on{" "}
|
<strong>{orgName}</strong> will end on{" "}
|
||||||
<strong>{trialEndsAt}</strong>
|
<strong>{trialEndsAt}</strong>
|
||||||
{isLastDay
|
{isLastDay
|
||||||
? " — that's tomorrow!"
|
? " - that's tomorrow!"
|
||||||
: `, in ${daysRemaining} days`}
|
: `, in ${daysRemaining} days`}
|
||||||
.
|
.
|
||||||
</EmailText>
|
</EmailText>
|
||||||
@@ -93,8 +93,7 @@ export const NotifyTrialExpiring = ({
|
|||||||
<EmailText>
|
<EmailText>
|
||||||
After your trial ends, your account will be
|
After your trial ends, your account will be
|
||||||
moved to the free plan and some
|
moved to the free plan and some
|
||||||
functionality may be restricted or your
|
functionality may be restricted.
|
||||||
sites may disconnect.
|
|
||||||
</EmailText>
|
</EmailText>
|
||||||
|
|
||||||
<EmailText>
|
<EmailText>
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#! /usr/bin/env node
|
#! /usr/bin/env node
|
||||||
import "./extendZod.ts";
|
import "./extendZod";
|
||||||
|
|
||||||
import { runSetupFunctions } from "./setup";
|
import { runSetupFunctions } from "./setup";
|
||||||
import { createApiServer } from "./apiServer";
|
import { createApiServer } from "./apiServer";
|
||||||
@@ -24,6 +24,7 @@ import license from "#dynamic/license/license";
|
|||||||
import { initLogCleanupInterval } from "@server/lib/cleanupLogs";
|
import { initLogCleanupInterval } from "@server/lib/cleanupLogs";
|
||||||
import { initAcmeCertSync } from "#dynamic/lib/acmeCertSync";
|
import { initAcmeCertSync } from "#dynamic/lib/acmeCertSync";
|
||||||
import { fetchServerIp } from "@server/lib/serverIpService";
|
import { fetchServerIp } from "@server/lib/serverIpService";
|
||||||
|
import { startRebuildQueueProcessor } from "@server/lib/rebuildClientAssociations";
|
||||||
|
|
||||||
async function startServers() {
|
async function startServers() {
|
||||||
await setHostMeta();
|
await setHostMeta();
|
||||||
@@ -41,6 +42,7 @@ async function startServers() {
|
|||||||
|
|
||||||
initLogCleanupInterval();
|
initLogCleanupInterval();
|
||||||
initAcmeCertSync();
|
initAcmeCertSync();
|
||||||
|
startRebuildQueueProcessor();
|
||||||
|
|
||||||
// Start all servers
|
// Start all servers
|
||||||
const apiServer = createApiServer();
|
const apiServer = createApiServer();
|
||||||
|
|||||||
@@ -152,11 +152,19 @@ function getOpenApiDocumentation() {
|
|||||||
|
|
||||||
if (!hasExistingResponses) {
|
if (!hasExistingResponses) {
|
||||||
def.route.responses = {
|
def.route.responses = {
|
||||||
"*": {
|
"200": {
|
||||||
description: "",
|
description: "Successful response",
|
||||||
content: {
|
content: {
|
||||||
"application/json": {
|
"application/json": {
|
||||||
schema: z.object({})
|
schema: z.object({
|
||||||
|
data: z
|
||||||
|
.record(z.string(), z.any())
|
||||||
|
.nullable(),
|
||||||
|
success: z.boolean(),
|
||||||
|
error: z.boolean(),
|
||||||
|
message: z.string(),
|
||||||
|
status: z.number()
|
||||||
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,19 +1,301 @@
|
|||||||
// stub
|
import logger from "@server/logger";
|
||||||
|
import { processAlerts } from "#dynamic/lib/alerts";
|
||||||
|
import {
|
||||||
|
db,
|
||||||
|
statusHistory,
|
||||||
|
targetHealthCheck,
|
||||||
|
targets,
|
||||||
|
resources,
|
||||||
|
Transaction,
|
||||||
|
logsDb
|
||||||
|
} from "@server/db";
|
||||||
|
import { eq } from "drizzle-orm";
|
||||||
|
import { invalidateStatusHistoryCache } from "@server/lib/statusHistory";
|
||||||
|
import {
|
||||||
|
fireResourceDegradedAlert,
|
||||||
|
fireResourceHealthyAlert,
|
||||||
|
fireResourceUnhealthyAlert,
|
||||||
|
fireResourceUnknownAlert
|
||||||
|
} from "./resourceEvents";
|
||||||
|
|
||||||
|
// ---------------------------------------------------------------------------
|
||||||
|
// Public API
|
||||||
|
// ---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Fire a `health_check_healthy` alert for the given health check.
|
||||||
|
*
|
||||||
|
* Call this after a previously-failing health check has recovered so that any
|
||||||
|
* matching `alertRules` can dispatch their email and webhook actions.
|
||||||
|
*
|
||||||
|
* @param orgId - Organisation that owns the health check.
|
||||||
|
* @param healthCheckId - Numeric primary key of the health check.
|
||||||
|
* @param healthCheckName - Human-readable name shown in notifications (optional).
|
||||||
|
* @param extra - Any additional key/value pairs to include in the payload.
|
||||||
|
*/
|
||||||
export async function fireHealthCheckHealthyAlert(
|
export async function fireHealthCheckHealthyAlert(
|
||||||
orgId: string,
|
orgId: string,
|
||||||
healthCheckId: number,
|
healthCheckId: number,
|
||||||
healthCheckName?: string,
|
healthCheckName?: string | null,
|
||||||
extra?: Record<string, unknown>
|
healthCheckTargetId?: number | null,
|
||||||
|
extra?: Record<string, unknown>,
|
||||||
|
send: boolean = true,
|
||||||
|
trx: Transaction | typeof db = db
|
||||||
): Promise<void> {
|
): Promise<void> {
|
||||||
return;
|
try {
|
||||||
|
await logsDb.insert(statusHistory).values({
|
||||||
|
entityType: "health_check",
|
||||||
|
entityId: healthCheckId,
|
||||||
|
orgId: orgId,
|
||||||
|
status: "healthy",
|
||||||
|
timestamp: Math.floor(Date.now() / 1000)
|
||||||
|
});
|
||||||
|
await invalidateStatusHistoryCache("health_check", healthCheckId);
|
||||||
|
|
||||||
|
await handleResource(orgId, healthCheckTargetId, send, trx);
|
||||||
|
|
||||||
|
if (!send) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
await processAlerts({
|
||||||
|
eventType: "health_check_healthy",
|
||||||
|
orgId,
|
||||||
|
healthCheckId,
|
||||||
|
data: {
|
||||||
|
...(healthCheckName != null ? { healthCheckName } : {}),
|
||||||
|
...extra
|
||||||
|
}
|
||||||
|
});
|
||||||
|
await processAlerts({
|
||||||
|
eventType: "health_check_toggle",
|
||||||
|
orgId,
|
||||||
|
healthCheckId,
|
||||||
|
data: {
|
||||||
|
healthCheckId,
|
||||||
|
status: "healthy",
|
||||||
|
...(healthCheckName != null ? { healthCheckName } : {}),
|
||||||
|
...extra
|
||||||
|
}
|
||||||
|
});
|
||||||
|
} catch (err) {
|
||||||
|
logger.error(
|
||||||
|
`fireHealthCheckHealthyAlert: unexpected error for healthCheckId ${healthCheckId}`,
|
||||||
|
err
|
||||||
|
);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Fire a `health_check_unhealthy` alert for the given health check.
|
||||||
|
*
|
||||||
|
* Call this after a health check has been detected as failing so that any
|
||||||
|
* matching `alertRules` can dispatch their email and webhook actions.
|
||||||
|
*
|
||||||
|
* @param orgId - Organisation that owns the health check.
|
||||||
|
* @param healthCheckId - Numeric primary key of the health check.
|
||||||
|
* @param healthCheckName - Human-readable name shown in notifications (optional).
|
||||||
|
* @param extra - Any additional key/value pairs to include in the payload.
|
||||||
|
*/
|
||||||
export async function fireHealthCheckUnhealthyAlert(
|
export async function fireHealthCheckUnhealthyAlert(
|
||||||
orgId: string,
|
orgId: string,
|
||||||
healthCheckId: number,
|
healthCheckId: number,
|
||||||
healthCheckName?: string,
|
healthCheckName?: string | null,
|
||||||
extra?: Record<string, unknown>
|
healthCheckTargetId?: number | null,
|
||||||
|
extra?: Record<string, unknown>,
|
||||||
|
send: boolean = true,
|
||||||
|
trx: Transaction | typeof db = db
|
||||||
): Promise<void> {
|
): Promise<void> {
|
||||||
return;
|
try {
|
||||||
|
await logsDb.insert(statusHistory).values({
|
||||||
|
entityType: "health_check",
|
||||||
|
entityId: healthCheckId,
|
||||||
|
orgId: orgId,
|
||||||
|
status: "unhealthy",
|
||||||
|
timestamp: Math.floor(Date.now() / 1000)
|
||||||
|
});
|
||||||
|
await invalidateStatusHistoryCache("health_check", healthCheckId);
|
||||||
|
|
||||||
|
await handleResource(orgId, healthCheckTargetId, send, trx);
|
||||||
|
|
||||||
|
if (!send) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
await processAlerts({
|
||||||
|
eventType: "health_check_unhealthy",
|
||||||
|
orgId,
|
||||||
|
healthCheckId,
|
||||||
|
data: {
|
||||||
|
...(healthCheckName != null ? { healthCheckName } : {}),
|
||||||
|
...extra
|
||||||
|
}
|
||||||
|
});
|
||||||
|
await processAlerts({
|
||||||
|
eventType: "health_check_toggle",
|
||||||
|
orgId,
|
||||||
|
healthCheckId,
|
||||||
|
data: {
|
||||||
|
healthCheckId,
|
||||||
|
status: "unhealthy",
|
||||||
|
...(healthCheckName != null ? { healthCheckName } : {}),
|
||||||
|
...extra
|
||||||
|
}
|
||||||
|
});
|
||||||
|
} catch (err) {
|
||||||
|
logger.error(
|
||||||
|
`fireHealthCheckUnhealthyAlert: unexpected error for healthCheckId ${healthCheckId}`,
|
||||||
|
err
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export async function fireHealthCheckUnknownAlert(
|
||||||
|
orgId: string,
|
||||||
|
healthCheckId: number,
|
||||||
|
healthCheckName?: string | null,
|
||||||
|
healthCheckTargetId?: number | null,
|
||||||
|
extra?: Record<string, unknown>,
|
||||||
|
send: boolean = true,
|
||||||
|
trx: Transaction | typeof db = db
|
||||||
|
): Promise<void> {
|
||||||
|
try {
|
||||||
|
await logsDb.insert(statusHistory).values({
|
||||||
|
entityType: "health_check",
|
||||||
|
entityId: healthCheckId,
|
||||||
|
orgId: orgId,
|
||||||
|
status: "unknown",
|
||||||
|
timestamp: Math.floor(Date.now() / 1000)
|
||||||
|
});
|
||||||
|
await invalidateStatusHistoryCache("health_check", healthCheckId);
|
||||||
|
|
||||||
|
await handleResource(orgId, healthCheckTargetId, send, trx);
|
||||||
|
|
||||||
|
if (!send) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
} catch (err) {
|
||||||
|
logger.error(
|
||||||
|
`fireHealthCheckUnknownAlert: unexpected error for healthCheckId ${healthCheckId}`,
|
||||||
|
err
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
async function handleResource(
|
||||||
|
orgId: string,
|
||||||
|
healthCheckTargetId?: number | null,
|
||||||
|
send: boolean = true,
|
||||||
|
trx: Transaction | typeof db = db
|
||||||
|
) {
|
||||||
|
if (!healthCheckTargetId) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
// we have targets lets get them
|
||||||
|
const [target] = await trx
|
||||||
|
.select()
|
||||||
|
.from(targets)
|
||||||
|
.where(eq(targets.targetId, healthCheckTargetId))
|
||||||
|
.limit(1);
|
||||||
|
|
||||||
|
if (!target) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
const [resource] = await trx
|
||||||
|
.select()
|
||||||
|
.from(resources)
|
||||||
|
.where(eq(resources.resourceId, target.resourceId))
|
||||||
|
.limit(1);
|
||||||
|
|
||||||
|
if (!resource) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
const otherTargets = await trx
|
||||||
|
.select({ hcHealth: targetHealthCheck.hcHealth })
|
||||||
|
.from(targets)
|
||||||
|
.innerJoin(
|
||||||
|
targetHealthCheck,
|
||||||
|
eq(targetHealthCheck.targetId, targets.targetId)
|
||||||
|
)
|
||||||
|
.where(eq(targets.resourceId, resource.resourceId));
|
||||||
|
|
||||||
|
const monitoredTargets = otherTargets.filter(
|
||||||
|
(t) => t.hcHealth !== "unknown"
|
||||||
|
);
|
||||||
|
|
||||||
|
let health = "healthy";
|
||||||
|
const allUnknown = monitoredTargets.length === 0;
|
||||||
|
const allHealthy = monitoredTargets.every(
|
||||||
|
(t) => t.hcHealth === "healthy"
|
||||||
|
);
|
||||||
|
const allUnhealthy = monitoredTargets.every(
|
||||||
|
(t) => t.hcHealth === "unhealthy"
|
||||||
|
);
|
||||||
|
|
||||||
|
if (allUnknown) {
|
||||||
|
logger.debug(
|
||||||
|
`Marking resource ${resource.resourceId} as unknown because all health checks are disabled`
|
||||||
|
);
|
||||||
|
health = "unknown";
|
||||||
|
} else if (allHealthy) {
|
||||||
|
health = "healthy";
|
||||||
|
} else if (allUnhealthy) {
|
||||||
|
logger.debug(
|
||||||
|
`Marking resource ${resource.resourceId} as unhealthy because all targets are unhealthy`
|
||||||
|
);
|
||||||
|
health = "unhealthy";
|
||||||
|
} else {
|
||||||
|
logger.debug(
|
||||||
|
`Marking resource ${resource.resourceId} as degraded because some targets are unhealthy`
|
||||||
|
);
|
||||||
|
health = "degraded";
|
||||||
|
}
|
||||||
|
|
||||||
|
if (health != resource.health) {
|
||||||
|
// it changed
|
||||||
|
await trx
|
||||||
|
.update(resources)
|
||||||
|
.set({ health })
|
||||||
|
.where(eq(resources.resourceId, resource.resourceId));
|
||||||
|
|
||||||
|
if (health === "unknown") {
|
||||||
|
await fireResourceUnknownAlert(
|
||||||
|
orgId,
|
||||||
|
resource.resourceId,
|
||||||
|
resource.name,
|
||||||
|
undefined,
|
||||||
|
send,
|
||||||
|
trx
|
||||||
|
);
|
||||||
|
} else if (health === "unhealthy") {
|
||||||
|
await fireResourceUnhealthyAlert(
|
||||||
|
orgId,
|
||||||
|
resource.resourceId,
|
||||||
|
resource.name,
|
||||||
|
undefined,
|
||||||
|
send,
|
||||||
|
trx
|
||||||
|
);
|
||||||
|
} else if (health === "healthy") {
|
||||||
|
await fireResourceHealthyAlert(
|
||||||
|
orgId,
|
||||||
|
resource.resourceId,
|
||||||
|
resource.name,
|
||||||
|
undefined,
|
||||||
|
send,
|
||||||
|
trx
|
||||||
|
);
|
||||||
|
} else if (health === "degraded") {
|
||||||
|
await fireResourceDegradedAlert(
|
||||||
|
orgId,
|
||||||
|
resource.resourceId,
|
||||||
|
resource.name,
|
||||||
|
undefined,
|
||||||
|
send,
|
||||||
|
trx
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,20 +1,243 @@
|
|||||||
|
import logger from "@server/logger";
|
||||||
|
import { processAlerts } from "#dynamic/lib/alerts";
|
||||||
|
import { db, logsDb, statusHistory, Transaction } from "@server/db";
|
||||||
|
import { invalidateStatusHistoryCache } from "@server/lib/statusHistory";
|
||||||
|
|
||||||
|
// ---------------------------------------------------------------------------
|
||||||
|
// Public API
|
||||||
|
// ---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Fire a `resource_healthy` alert for the given resource.
|
||||||
|
*
|
||||||
|
* Call this after a previously-unhealthy resource has recovered so that any
|
||||||
|
* matching `alertRules` can dispatch their email and webhook actions.
|
||||||
|
*
|
||||||
|
* @param orgId - Organisation that owns the resource.
|
||||||
|
* @param resourceId - Numeric primary key of the resource.
|
||||||
|
* @param resourceName - Human-readable name shown in notifications (optional).
|
||||||
|
* @param extra - Any additional key/value pairs to include in the payload.
|
||||||
|
*/
|
||||||
export async function fireResourceHealthyAlert(
|
export async function fireResourceHealthyAlert(
|
||||||
orgId: string,
|
orgId: string,
|
||||||
resourceId: number,
|
resourceId: number,
|
||||||
resourceName?: string | null,
|
resourceName?: string | null,
|
||||||
extra?: Record<string, unknown>
|
extra?: Record<string, unknown>,
|
||||||
): Promise<void> {}
|
send: boolean = true,
|
||||||
|
trx: Transaction | typeof db = db
|
||||||
|
): Promise<void> {
|
||||||
|
try {
|
||||||
|
await logsDb.insert(statusHistory).values({
|
||||||
|
entityType: "resource",
|
||||||
|
entityId: resourceId,
|
||||||
|
orgId: orgId,
|
||||||
|
status: "healthy",
|
||||||
|
timestamp: Math.floor(Date.now() / 1000)
|
||||||
|
});
|
||||||
|
await invalidateStatusHistoryCache("resource", resourceId);
|
||||||
|
|
||||||
|
if (!send) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
await processAlerts({
|
||||||
|
eventType: "resource_healthy",
|
||||||
|
orgId,
|
||||||
|
resourceId,
|
||||||
|
data: {
|
||||||
|
...(resourceName != null ? { resourceName } : {}),
|
||||||
|
...extra
|
||||||
|
}
|
||||||
|
});
|
||||||
|
await processAlerts({
|
||||||
|
eventType: "resource_toggle",
|
||||||
|
orgId,
|
||||||
|
resourceId,
|
||||||
|
data: {
|
||||||
|
resourceId,
|
||||||
|
status: "healthy",
|
||||||
|
...(resourceName != null ? { resourceName } : {}),
|
||||||
|
...extra
|
||||||
|
}
|
||||||
|
});
|
||||||
|
} catch (err) {
|
||||||
|
logger.error(
|
||||||
|
`fireResourceHealthyAlert: unexpected error for resourceId ${resourceId}`,
|
||||||
|
err
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Fire a `resource_unhealthy` alert for the given resource.
|
||||||
|
*
|
||||||
|
* Call this after a resource has been detected as unhealthy so that any
|
||||||
|
* matching `alertRules` can dispatch their email and webhook actions.
|
||||||
|
*
|
||||||
|
* @param orgId - Organisation that owns the resource.
|
||||||
|
* @param resourceId - Numeric primary key of the resource.
|
||||||
|
* @param resourceName - Human-readable name shown in notifications (optional).
|
||||||
|
* @param extra - Any additional key/value pairs to include in the payload.
|
||||||
|
*/
|
||||||
export async function fireResourceUnhealthyAlert(
|
export async function fireResourceUnhealthyAlert(
|
||||||
orgId: string,
|
orgId: string,
|
||||||
resourceId: number,
|
resourceId: number,
|
||||||
resourceName?: string | null,
|
resourceName?: string | null,
|
||||||
extra?: Record<string, unknown>
|
extra?: Record<string, unknown>,
|
||||||
): Promise<void> {}
|
send: boolean = true,
|
||||||
|
trx: Transaction | typeof db = db
|
||||||
|
): Promise<void> {
|
||||||
|
try {
|
||||||
|
await logsDb.insert(statusHistory).values({
|
||||||
|
entityType: "resource",
|
||||||
|
entityId: resourceId,
|
||||||
|
orgId: orgId,
|
||||||
|
status: "unhealthy",
|
||||||
|
timestamp: Math.floor(Date.now() / 1000)
|
||||||
|
});
|
||||||
|
await invalidateStatusHistoryCache("resource", resourceId);
|
||||||
|
|
||||||
export async function fireResourceToggleAlert(
|
if (!send) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
await processAlerts({
|
||||||
|
eventType: "resource_unhealthy",
|
||||||
|
orgId,
|
||||||
|
resourceId,
|
||||||
|
data: {
|
||||||
|
...(resourceName != null ? { resourceName } : {}),
|
||||||
|
...extra
|
||||||
|
}
|
||||||
|
});
|
||||||
|
await processAlerts({
|
||||||
|
eventType: "resource_toggle",
|
||||||
|
orgId,
|
||||||
|
resourceId,
|
||||||
|
data: {
|
||||||
|
resourceId,
|
||||||
|
status: "unhealthy",
|
||||||
|
...(resourceName != null ? { resourceName } : {}),
|
||||||
|
...extra
|
||||||
|
}
|
||||||
|
});
|
||||||
|
} catch (err) {
|
||||||
|
logger.error(
|
||||||
|
`fireResourceUnhealthyAlert: unexpected error for resourceId ${resourceId}`,
|
||||||
|
err
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Fire a `resource_degraded` alert for the given resource.
|
||||||
|
*
|
||||||
|
* Call this after a resource has been detected as degraded so that any
|
||||||
|
* matching `alertRules` can dispatch their email and webhook actions.
|
||||||
|
*
|
||||||
|
* @param orgId - Organisation that owns the resource.
|
||||||
|
* @param resourceId - Numeric primary key of the resource.
|
||||||
|
* @param resourceName - Human-readable name shown in notifications (optional).
|
||||||
|
* @param extra - Any additional key/value pairs to include in the payload.
|
||||||
|
*/
|
||||||
|
export async function fireResourceDegradedAlert(
|
||||||
orgId: string,
|
orgId: string,
|
||||||
resourceId: number,
|
resourceId: number,
|
||||||
resourceName?: string | null,
|
resourceName?: string | null,
|
||||||
extra?: Record<string, unknown>
|
extra?: Record<string, unknown>,
|
||||||
): Promise<void> {}
|
send: boolean = true,
|
||||||
|
trx: Transaction | typeof db = db
|
||||||
|
): Promise<void> {
|
||||||
|
try {
|
||||||
|
await logsDb.insert(statusHistory).values({
|
||||||
|
entityType: "resource",
|
||||||
|
entityId: resourceId,
|
||||||
|
orgId: orgId,
|
||||||
|
status: "degraded",
|
||||||
|
timestamp: Math.floor(Date.now() / 1000)
|
||||||
|
});
|
||||||
|
await invalidateStatusHistoryCache("resource", resourceId);
|
||||||
|
|
||||||
|
if (!send) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
await processAlerts({
|
||||||
|
eventType: "resource_degraded",
|
||||||
|
orgId,
|
||||||
|
resourceId,
|
||||||
|
data: {
|
||||||
|
...(resourceName != null ? { resourceName } : {}),
|
||||||
|
...extra
|
||||||
|
}
|
||||||
|
});
|
||||||
|
await processAlerts({
|
||||||
|
eventType: "resource_toggle",
|
||||||
|
orgId,
|
||||||
|
resourceId,
|
||||||
|
data: {
|
||||||
|
resourceId,
|
||||||
|
status: "degraded",
|
||||||
|
...(resourceName != null ? { resourceName } : {}),
|
||||||
|
...extra
|
||||||
|
}
|
||||||
|
});
|
||||||
|
} catch (err) {
|
||||||
|
logger.error(
|
||||||
|
`fireResourceDegradedAlert: unexpected error for resourceId ${resourceId}`,
|
||||||
|
err
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Fire a `resource_unknown` alert for the given resource.
|
||||||
|
*
|
||||||
|
* Call this when all health checks on a resource are disabled so that the
|
||||||
|
* resource status transitions to unknown.
|
||||||
|
*
|
||||||
|
* @param orgId - Organisation that owns the resource.
|
||||||
|
* @param resourceId - Numeric primary key of the resource.
|
||||||
|
* @param resourceName - Human-readable name shown in notifications (optional).
|
||||||
|
* @param extra - Any additional key/value pairs to include in the payload.
|
||||||
|
*/
|
||||||
|
export async function fireResourceUnknownAlert(
|
||||||
|
orgId: string,
|
||||||
|
resourceId: number,
|
||||||
|
resourceName?: string | null,
|
||||||
|
extra?: Record<string, unknown>,
|
||||||
|
send: boolean = true,
|
||||||
|
trx: Transaction | typeof db = db
|
||||||
|
): Promise<void> {
|
||||||
|
try {
|
||||||
|
await logsDb.insert(statusHistory).values({
|
||||||
|
entityType: "resource",
|
||||||
|
entityId: resourceId,
|
||||||
|
orgId: orgId,
|
||||||
|
status: "unknown",
|
||||||
|
timestamp: Math.floor(Date.now() / 1000)
|
||||||
|
});
|
||||||
|
await invalidateStatusHistoryCache("resource", resourceId);
|
||||||
|
|
||||||
|
if (!send) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
await processAlerts({
|
||||||
|
eventType: "resource_toggle",
|
||||||
|
orgId,
|
||||||
|
resourceId,
|
||||||
|
data: {
|
||||||
|
resourceId,
|
||||||
|
status: "unknown",
|
||||||
|
...(resourceName != null ? { resourceName } : {}),
|
||||||
|
...extra
|
||||||
|
}
|
||||||
|
});
|
||||||
|
} catch (err) {
|
||||||
|
logger.error(
|
||||||
|
`fireResourceUnknownAlert: unexpected error for resourceId ${resourceId}`,
|
||||||
|
err
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
@@ -1,19 +1,156 @@
|
|||||||
// stub
|
import logger from "@server/logger";
|
||||||
|
import { processAlerts } from "#dynamic/lib/alerts";
|
||||||
|
import {
|
||||||
|
db,
|
||||||
|
logsDb,
|
||||||
|
statusHistory,
|
||||||
|
targetHealthCheck,
|
||||||
|
Transaction
|
||||||
|
} from "@server/db";
|
||||||
|
import { invalidateStatusHistoryCache } from "@server/lib/statusHistory";
|
||||||
|
import { and, eq, inArray } from "drizzle-orm";
|
||||||
|
import { fireHealthCheckUnhealthyAlert } from "./healthCheckEvents";
|
||||||
|
|
||||||
|
// ---------------------------------------------------------------------------
|
||||||
|
// Public API
|
||||||
|
// ---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Fire a `site_online` alert for the given site.
|
||||||
|
*
|
||||||
|
* Call this after the site has been confirmed reachable / connected so that
|
||||||
|
* any matching `alertRules` can dispatch their email and webhook actions.
|
||||||
|
*
|
||||||
|
* @param orgId - Organisation that owns the site.
|
||||||
|
* @param siteId - Numeric primary key of the site.
|
||||||
|
* @param siteName - Human-readable name shown in notifications (optional).
|
||||||
|
* @param extra - Any additional key/value pairs to include in the payload.
|
||||||
|
*/
|
||||||
export async function fireSiteOnlineAlert(
|
export async function fireSiteOnlineAlert(
|
||||||
orgId: string,
|
orgId: string,
|
||||||
siteId: number,
|
siteId: number,
|
||||||
siteName?: string,
|
siteName?: string,
|
||||||
extra?: Record<string, unknown>
|
extra?: Record<string, unknown>,
|
||||||
|
trx: Transaction | typeof db = db
|
||||||
): Promise<void> {
|
): Promise<void> {
|
||||||
return;
|
try {
|
||||||
|
await logsDb.insert(statusHistory).values({
|
||||||
|
entityType: "site",
|
||||||
|
entityId: siteId,
|
||||||
|
orgId: orgId,
|
||||||
|
status: "online",
|
||||||
|
timestamp: Math.floor(Date.now() / 1000)
|
||||||
|
});
|
||||||
|
await invalidateStatusHistoryCache("site", siteId);
|
||||||
|
|
||||||
|
await processAlerts({
|
||||||
|
eventType: "site_online",
|
||||||
|
orgId,
|
||||||
|
siteId,
|
||||||
|
data: {
|
||||||
|
...(siteName != null ? { siteName } : {}),
|
||||||
|
...extra
|
||||||
|
}
|
||||||
|
});
|
||||||
|
await processAlerts({
|
||||||
|
eventType: "site_toggle",
|
||||||
|
orgId,
|
||||||
|
siteId,
|
||||||
|
data: {
|
||||||
|
siteId,
|
||||||
|
status: "online",
|
||||||
|
...(siteName != null ? { siteName } : {}),
|
||||||
|
...extra
|
||||||
|
}
|
||||||
|
});
|
||||||
|
} catch (err) {
|
||||||
|
logger.error(
|
||||||
|
`fireSiteOnlineAlert: unexpected error for siteId ${siteId}`,
|
||||||
|
err
|
||||||
|
);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Fire a `site_offline` alert for the given site.
|
||||||
|
*
|
||||||
|
* Call this after the site has been detected as unreachable / disconnected so
|
||||||
|
* that any matching `alertRules` can dispatch their email and webhook actions.
|
||||||
|
*
|
||||||
|
* @param orgId - Organisation that owns the site.
|
||||||
|
* @param siteId - Numeric primary key of the site.
|
||||||
|
* @param siteName - Human-readable name shown in notifications (optional).
|
||||||
|
* @param extra - Any additional key/value pairs to include in the payload.
|
||||||
|
*/
|
||||||
export async function fireSiteOfflineAlert(
|
export async function fireSiteOfflineAlert(
|
||||||
orgId: string,
|
orgId: string,
|
||||||
siteId: number,
|
siteId: number,
|
||||||
siteName?: string,
|
siteName?: string,
|
||||||
extra?: Record<string, unknown>
|
extra?: Record<string, unknown>,
|
||||||
|
trx: Transaction | typeof db = db
|
||||||
): Promise<void> {
|
): Promise<void> {
|
||||||
return;
|
try {
|
||||||
|
await logsDb.insert(statusHistory).values({
|
||||||
|
entityType: "site",
|
||||||
|
entityId: siteId,
|
||||||
|
orgId: orgId,
|
||||||
|
status: "offline",
|
||||||
|
timestamp: Math.floor(Date.now() / 1000)
|
||||||
|
});
|
||||||
|
await invalidateStatusHistoryCache("site", siteId);
|
||||||
|
|
||||||
|
const unhealthyHealthChecks = await trx
|
||||||
|
.update(targetHealthCheck)
|
||||||
|
.set({ hcHealth: "unhealthy" })
|
||||||
|
.where(
|
||||||
|
and(
|
||||||
|
eq(targetHealthCheck.orgId, orgId),
|
||||||
|
eq(targetHealthCheck.siteId, siteId),
|
||||||
|
eq(targetHealthCheck.hcEnabled, true) // only effect the ones that are enabled
|
||||||
|
)
|
||||||
|
)
|
||||||
|
.returning();
|
||||||
|
|
||||||
|
for (const healthCheck of unhealthyHealthChecks) {
|
||||||
|
logger.info(
|
||||||
|
`Marking health check ${healthCheck.targetHealthCheckId} unhealthy due to site ${siteId} being marked offline`
|
||||||
|
);
|
||||||
|
|
||||||
|
await fireHealthCheckUnhealthyAlert(
|
||||||
|
healthCheck.orgId,
|
||||||
|
healthCheck.targetHealthCheckId,
|
||||||
|
healthCheck.name,
|
||||||
|
healthCheck.targetId, // for the resource if we have one
|
||||||
|
undefined,
|
||||||
|
true,
|
||||||
|
trx
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
await processAlerts({
|
||||||
|
eventType: "site_offline",
|
||||||
|
orgId,
|
||||||
|
siteId,
|
||||||
|
data: {
|
||||||
|
...(siteName != null ? { siteName } : {}),
|
||||||
|
...extra
|
||||||
|
}
|
||||||
|
});
|
||||||
|
await processAlerts({
|
||||||
|
eventType: "site_toggle",
|
||||||
|
orgId,
|
||||||
|
siteId,
|
||||||
|
data: {
|
||||||
|
siteId,
|
||||||
|
status: "offline",
|
||||||
|
...(siteName != null ? { siteName } : {}),
|
||||||
|
...extra
|
||||||
|
}
|
||||||
|
});
|
||||||
|
} catch (err) {
|
||||||
|
logger.error(
|
||||||
|
`fireSiteOfflineAlert: unexpected error for siteId ${siteId}`,
|
||||||
|
err
|
||||||
|
);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,3 +1,4 @@
|
|||||||
export * from "./events/siteEvents";
|
export * from "./events/siteEvents";
|
||||||
export * from "./events/healthCheckEvents";
|
export * from "./events/healthCheckEvents";
|
||||||
export * from "./events/resourceEvents";
|
export * from "./events/resourceEvents";
|
||||||
|
export * from "./processAlerts";
|
||||||
|
|||||||
@@ -0,0 +1,5 @@
|
|||||||
|
import { AlertContext } from "@server/routers/alertRule/types";
|
||||||
|
|
||||||
|
export async function processAlerts(context: AlertContext): Promise<void> {
|
||||||
|
return;
|
||||||
|
}
|
||||||
@@ -1,28 +1,39 @@
|
|||||||
export enum FeatureId {
|
export enum LimitId {
|
||||||
USERS = "users",
|
USERS = "users",
|
||||||
SITES = "sites",
|
SITES = "sites",
|
||||||
EGRESS_DATA_MB = "egressDataMb",
|
EGRESS_DATA_MB = "egressDataMb",
|
||||||
DOMAINS = "domains",
|
DOMAINS = "domains",
|
||||||
REMOTE_EXIT_NODES = "remoteExitNodes",
|
REMOTE_EXIT_NODES = "remoteExitNodes",
|
||||||
ORGINIZATIONS = "organizations",
|
ORGANIZATIONS = "organizations",
|
||||||
|
PUBLIC_RESOURCES = "publicResources",
|
||||||
|
PRIVATE_RESOURCES = "privateResources",
|
||||||
|
MACHINE_CLIENTS = "machineClients",
|
||||||
TIER1 = "tier1"
|
TIER1 = "tier1"
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function getFeatureDisplayName(featureId: FeatureId): Promise<string> {
|
export async function getFeatureDisplayName(
|
||||||
|
featureId: LimitId
|
||||||
|
): Promise<string> {
|
||||||
switch (featureId) {
|
switch (featureId) {
|
||||||
case FeatureId.USERS:
|
case LimitId.USERS:
|
||||||
return "Users";
|
return "Users";
|
||||||
case FeatureId.SITES:
|
case LimitId.SITES:
|
||||||
return "Sites";
|
return "Sites";
|
||||||
case FeatureId.EGRESS_DATA_MB:
|
case LimitId.EGRESS_DATA_MB:
|
||||||
return "Egress Data (MB)";
|
return "Egress Data (MB)";
|
||||||
case FeatureId.DOMAINS:
|
case LimitId.DOMAINS:
|
||||||
return "Domains";
|
return "Domains";
|
||||||
case FeatureId.REMOTE_EXIT_NODES:
|
case LimitId.REMOTE_EXIT_NODES:
|
||||||
return "Remote Exit Nodes";
|
return "Remote Exit Nodes";
|
||||||
case FeatureId.ORGINIZATIONS:
|
case LimitId.ORGANIZATIONS:
|
||||||
return "Organizations";
|
return "Organizations";
|
||||||
case FeatureId.TIER1:
|
case LimitId.PUBLIC_RESOURCES:
|
||||||
|
return "Public Resources";
|
||||||
|
case LimitId.PRIVATE_RESOURCES:
|
||||||
|
return "Private Resources";
|
||||||
|
case LimitId.MACHINE_CLIENTS:
|
||||||
|
return "Machine Clients";
|
||||||
|
case LimitId.TIER1:
|
||||||
return "Home Lab";
|
return "Home Lab";
|
||||||
default:
|
default:
|
||||||
return featureId;
|
return featureId;
|
||||||
@@ -30,15 +41,16 @@ export async function getFeatureDisplayName(featureId: FeatureId): Promise<strin
|
|||||||
}
|
}
|
||||||
|
|
||||||
// this is from the old system
|
// this is from the old system
|
||||||
export const FeatureMeterIds: Partial<Record<FeatureId, string>> = { // right now we are not charging for any data
|
export const FeatureMeterIds: Partial<Record<LimitId, string>> = {
|
||||||
|
// right now we are not charging for any data
|
||||||
// [FeatureId.EGRESS_DATA_MB]: "mtr_61Srreh9eWrExDSCe41D3Ee2Ir7Wm5YW"
|
// [FeatureId.EGRESS_DATA_MB]: "mtr_61Srreh9eWrExDSCe41D3Ee2Ir7Wm5YW"
|
||||||
};
|
};
|
||||||
|
|
||||||
export const FeatureMeterIdsSandbox: Partial<Record<FeatureId, string>> = {
|
export const FeatureMeterIdsSandbox: Partial<Record<LimitId, string>> = {
|
||||||
// [FeatureId.EGRESS_DATA_MB]: "mtr_test_61Snh2a2m6qome5Kv41DCpkOb237B3dQ"
|
// [FeatureId.EGRESS_DATA_MB]: "mtr_test_61Snh2a2m6qome5Kv41DCpkOb237B3dQ"
|
||||||
};
|
};
|
||||||
|
|
||||||
export function getFeatureMeterId(featureId: FeatureId): string | undefined {
|
export function getFeatureMeterId(featureId: LimitId): string | undefined {
|
||||||
if (
|
if (
|
||||||
process.env.ENVIRONMENT == "prod" &&
|
process.env.ENVIRONMENT == "prod" &&
|
||||||
process.env.SANDBOX_MODE !== "true"
|
process.env.SANDBOX_MODE !== "true"
|
||||||
@@ -49,22 +61,20 @@ export function getFeatureMeterId(featureId: FeatureId): string | undefined {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
export function getFeatureIdByMetricId(
|
export function getFeatureIdByMetricId(metricId: string): LimitId | undefined {
|
||||||
metricId: string
|
return (Object.entries(FeatureMeterIds) as [LimitId, string][]).find(
|
||||||
): FeatureId | undefined {
|
|
||||||
return (Object.entries(FeatureMeterIds) as [FeatureId, string][]).find(
|
|
||||||
([_, v]) => v === metricId
|
([_, v]) => v === metricId
|
||||||
)?.[0];
|
)?.[0];
|
||||||
}
|
}
|
||||||
|
|
||||||
export type FeaturePriceSet = Partial<Record<FeatureId, string>>;
|
export type FeaturePriceSet = Partial<Record<LimitId, string>>;
|
||||||
|
|
||||||
export const tier1FeaturePriceSet: FeaturePriceSet = {
|
export const tier1FeaturePriceSet: FeaturePriceSet = {
|
||||||
[FeatureId.TIER1]: "price_1SzVE3D3Ee2Ir7Wm6wT5Dl3G"
|
[LimitId.TIER1]: "price_1SzVE3D3Ee2Ir7Wm6wT5Dl3G"
|
||||||
};
|
};
|
||||||
|
|
||||||
export const tier1FeaturePriceSetSandbox: FeaturePriceSet = {
|
export const tier1FeaturePriceSetSandbox: FeaturePriceSet = {
|
||||||
[FeatureId.TIER1]: "price_1SxgpPDCpkOb237Bfo4rIsoT"
|
[LimitId.TIER1]: "price_1SxgpPDCpkOb237Bfo4rIsoT"
|
||||||
};
|
};
|
||||||
|
|
||||||
export function getTier1FeaturePriceSet(): FeaturePriceSet {
|
export function getTier1FeaturePriceSet(): FeaturePriceSet {
|
||||||
@@ -79,11 +89,11 @@ export function getTier1FeaturePriceSet(): FeaturePriceSet {
|
|||||||
}
|
}
|
||||||
|
|
||||||
export const tier2FeaturePriceSet: FeaturePriceSet = {
|
export const tier2FeaturePriceSet: FeaturePriceSet = {
|
||||||
[FeatureId.USERS]: "price_1SzVCcD3Ee2Ir7Wmn6U3KvPN"
|
[LimitId.USERS]: "price_1SzVCcD3Ee2Ir7Wmn6U3KvPN"
|
||||||
};
|
};
|
||||||
|
|
||||||
export const tier2FeaturePriceSetSandbox: FeaturePriceSet = {
|
export const tier2FeaturePriceSetSandbox: FeaturePriceSet = {
|
||||||
[FeatureId.USERS]: "price_1SxaEHDCpkOb237BD9lBkPiR"
|
[LimitId.USERS]: "price_1SxaEHDCpkOb237BD9lBkPiR"
|
||||||
};
|
};
|
||||||
|
|
||||||
export function getTier2FeaturePriceSet(): FeaturePriceSet {
|
export function getTier2FeaturePriceSet(): FeaturePriceSet {
|
||||||
@@ -98,11 +108,11 @@ export function getTier2FeaturePriceSet(): FeaturePriceSet {
|
|||||||
}
|
}
|
||||||
|
|
||||||
export const tier3FeaturePriceSet: FeaturePriceSet = {
|
export const tier3FeaturePriceSet: FeaturePriceSet = {
|
||||||
[FeatureId.USERS]: "price_1SzVDKD3Ee2Ir7WmPtOKNusv"
|
[LimitId.USERS]: "price_1SzVDKD3Ee2Ir7WmPtOKNusv"
|
||||||
};
|
};
|
||||||
|
|
||||||
export const tier3FeaturePriceSetSandbox: FeaturePriceSet = {
|
export const tier3FeaturePriceSetSandbox: FeaturePriceSet = {
|
||||||
[FeatureId.USERS]: "price_1SxaEODCpkOb237BiXdCBSfs"
|
[LimitId.USERS]: "price_1SxaEODCpkOb237BiXdCBSfs"
|
||||||
};
|
};
|
||||||
|
|
||||||
export function getTier3FeaturePriceSet(): FeaturePriceSet {
|
export function getTier3FeaturePriceSet(): FeaturePriceSet {
|
||||||
@@ -116,7 +126,7 @@ export function getTier3FeaturePriceSet(): FeaturePriceSet {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
export function getFeatureIdByPriceId(priceId: string): FeatureId | undefined {
|
export function getFeatureIdByPriceId(priceId: string): LimitId | undefined {
|
||||||
// Check all feature price sets
|
// Check all feature price sets
|
||||||
const allPriceSets = [
|
const allPriceSets = [
|
||||||
getTier1FeaturePriceSet(),
|
getTier1FeaturePriceSet(),
|
||||||
@@ -125,7 +135,7 @@ export function getFeatureIdByPriceId(priceId: string): FeatureId | undefined {
|
|||||||
];
|
];
|
||||||
|
|
||||||
for (const priceSet of allPriceSets) {
|
for (const priceSet of allPriceSets) {
|
||||||
const entry = (Object.entries(priceSet) as [FeatureId, string][]).find(
|
const entry = (Object.entries(priceSet) as [LimitId, string][]).find(
|
||||||
([_, price]) => price === priceId
|
([_, price]) => price === priceId
|
||||||
);
|
);
|
||||||
if (entry) {
|
if (entry) {
|
||||||
|
|||||||
@@ -1,19 +1,19 @@
|
|||||||
import Stripe from "stripe";
|
import Stripe from "stripe";
|
||||||
import { FeatureId, FeaturePriceSet } from "./features";
|
import { LimitId, FeaturePriceSet } from "./features";
|
||||||
import { usageService } from "./usageService";
|
import { usageService } from "./usageService";
|
||||||
|
|
||||||
export async function getLineItems(
|
export async function getLineItems(
|
||||||
featurePriceSet: FeaturePriceSet,
|
featurePriceSet: FeaturePriceSet,
|
||||||
orgId: string,
|
orgId: string
|
||||||
): Promise<Stripe.Checkout.SessionCreateParams.LineItem[]> {
|
): Promise<Stripe.Checkout.SessionCreateParams.LineItem[]> {
|
||||||
const users = await usageService.getUsage(orgId, FeatureId.USERS);
|
const users = await usageService.getUsage(orgId, LimitId.USERS);
|
||||||
|
|
||||||
return Object.entries(featurePriceSet).map(([featureId, priceId]) => {
|
return Object.entries(featurePriceSet).map(([featureId, priceId]) => {
|
||||||
let quantity: number | undefined;
|
let quantity: number | undefined;
|
||||||
|
|
||||||
if (featureId === FeatureId.USERS) {
|
if (featureId === LimitId.USERS) {
|
||||||
quantity = users?.instantaneousValue || 1;
|
quantity = users?.instantaneousValue || 1;
|
||||||
} else if (featureId === FeatureId.TIER1) {
|
} else if (featureId === LimitId.TIER1) {
|
||||||
quantity = 1;
|
quantity = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -1,8 +1,9 @@
|
|||||||
export async function getOrgTierData(
|
export async function getOrgTierData(
|
||||||
orgId: string
|
orgId: string
|
||||||
): Promise<{ tier: string | null; active: boolean }> {
|
): Promise<{ tier: string | null; active: boolean; isTrial: boolean }> {
|
||||||
const tier = null;
|
const tier = null;
|
||||||
const active = false;
|
const active = false;
|
||||||
|
const isTrial = false;
|
||||||
|
|
||||||
return { tier, active };
|
return { tier, active, isTrial };
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,70 +1,82 @@
|
|||||||
import { FeatureId } from "./features";
|
import { LimitId } from "./features";
|
||||||
|
|
||||||
export type LimitSet = Partial<{
|
export type LimitSet = Partial<{
|
||||||
[key in FeatureId]: {
|
[key in LimitId]: {
|
||||||
value: number | null; // null indicates no limit
|
value: number | null; // null indicates no limit
|
||||||
description?: string;
|
description?: string;
|
||||||
};
|
};
|
||||||
}>;
|
}>;
|
||||||
|
|
||||||
export const freeLimitSet: LimitSet = {
|
export const freeLimitSet: LimitSet = {
|
||||||
[FeatureId.SITES]: { value: 5, description: "Basic limit" },
|
[LimitId.SITES]: { value: 5, description: "Basic limit" },
|
||||||
[FeatureId.USERS]: { value: 5, description: "Basic limit" },
|
[LimitId.USERS]: { value: 5, description: "Basic limit" },
|
||||||
[FeatureId.DOMAINS]: { value: 5, description: "Basic limit" },
|
[LimitId.DOMAINS]: { value: 5, description: "Basic limit" },
|
||||||
[FeatureId.REMOTE_EXIT_NODES]: { value: 1, description: "Basic limit" },
|
[LimitId.REMOTE_EXIT_NODES]: { value: 1, description: "Basic limit" },
|
||||||
[FeatureId.ORGINIZATIONS]: { value: 1, description: "Basic limit" },
|
[LimitId.ORGANIZATIONS]: { value: 1, description: "Basic limit" },
|
||||||
|
[LimitId.PUBLIC_RESOURCES]: { value: 15, description: "Basic limit" },
|
||||||
|
[LimitId.PRIVATE_RESOURCES]: { value: 15, description: "Basic limit" },
|
||||||
|
[LimitId.MACHINE_CLIENTS]: { value: 5, description: "Basic limit" }
|
||||||
};
|
};
|
||||||
|
|
||||||
export const tier1LimitSet: LimitSet = {
|
export const tier1LimitSet: LimitSet = {
|
||||||
[FeatureId.USERS]: { value: 7, description: "Home limit" },
|
[LimitId.USERS]: { value: 7, description: "Home limit" },
|
||||||
[FeatureId.SITES]: { value: 10, description: "Home limit" },
|
[LimitId.SITES]: { value: 10, description: "Home limit" },
|
||||||
[FeatureId.DOMAINS]: { value: 10, description: "Home limit" },
|
[LimitId.DOMAINS]: { value: 10, description: "Home limit" },
|
||||||
[FeatureId.REMOTE_EXIT_NODES]: { value: 1, description: "Home limit" },
|
[LimitId.REMOTE_EXIT_NODES]: { value: 1, description: "Home limit" },
|
||||||
[FeatureId.ORGINIZATIONS]: { value: 1, description: "Home limit" },
|
[LimitId.ORGANIZATIONS]: { value: 1, description: "Home limit" },
|
||||||
|
[LimitId.PUBLIC_RESOURCES]: { value: 30, description: "Home limit" },
|
||||||
|
[LimitId.PRIVATE_RESOURCES]: { value: 30, description: "Home limit" },
|
||||||
|
[LimitId.MACHINE_CLIENTS]: { value: 10, description: "Home limit" }
|
||||||
};
|
};
|
||||||
|
|
||||||
export const tier2LimitSet: LimitSet = {
|
export const tier2LimitSet: LimitSet = {
|
||||||
[FeatureId.USERS]: {
|
[LimitId.USERS]: {
|
||||||
value: 100,
|
|
||||||
description: "Team limit"
|
|
||||||
},
|
|
||||||
[FeatureId.SITES]: {
|
|
||||||
value: 50,
|
value: 50,
|
||||||
description: "Team limit"
|
description: "Team limit"
|
||||||
},
|
},
|
||||||
[FeatureId.DOMAINS]: {
|
[LimitId.SITES]: {
|
||||||
value: 50,
|
value: 50,
|
||||||
description: "Team limit"
|
description: "Team limit"
|
||||||
},
|
},
|
||||||
[FeatureId.REMOTE_EXIT_NODES]: {
|
[LimitId.DOMAINS]: {
|
||||||
|
value: 50,
|
||||||
|
description: "Team limit"
|
||||||
|
},
|
||||||
|
[LimitId.REMOTE_EXIT_NODES]: {
|
||||||
value: 3,
|
value: 3,
|
||||||
description: "Team limit"
|
description: "Team limit"
|
||||||
},
|
},
|
||||||
[FeatureId.ORGINIZATIONS]: {
|
[LimitId.ORGANIZATIONS]: {
|
||||||
value: 1,
|
value: 1,
|
||||||
description: "Team limit"
|
description: "Team limit"
|
||||||
}
|
},
|
||||||
|
[LimitId.PUBLIC_RESOURCES]: { value: 150, description: "Team limit" },
|
||||||
|
[LimitId.PRIVATE_RESOURCES]: { value: 150, description: "Team limit" },
|
||||||
|
[LimitId.MACHINE_CLIENTS]: { value: 25, description: "Team limit" }
|
||||||
};
|
};
|
||||||
|
|
||||||
export const tier3LimitSet: LimitSet = {
|
export const tier3LimitSet: LimitSet = {
|
||||||
[FeatureId.USERS]: {
|
[LimitId.USERS]: {
|
||||||
value: 500,
|
|
||||||
description: "Business limit"
|
|
||||||
},
|
|
||||||
[FeatureId.SITES]: {
|
|
||||||
value: 250,
|
value: 250,
|
||||||
description: "Business limit"
|
description: "Business limit"
|
||||||
},
|
},
|
||||||
[FeatureId.DOMAINS]: {
|
[LimitId.SITES]: {
|
||||||
|
value: 250,
|
||||||
|
description: "Business limit"
|
||||||
|
},
|
||||||
|
[LimitId.DOMAINS]: {
|
||||||
value: 100,
|
value: 100,
|
||||||
description: "Business limit"
|
description: "Business limit"
|
||||||
},
|
},
|
||||||
[FeatureId.REMOTE_EXIT_NODES]: {
|
[LimitId.REMOTE_EXIT_NODES]: {
|
||||||
value: 20,
|
value: 20,
|
||||||
description: "Business limit"
|
description: "Business limit"
|
||||||
},
|
},
|
||||||
[FeatureId.ORGINIZATIONS]: {
|
[LimitId.ORGANIZATIONS]: {
|
||||||
value: 5,
|
value: 5,
|
||||||
description: "Business limit"
|
description: "Business limit"
|
||||||
},
|
},
|
||||||
|
[LimitId.PUBLIC_RESOURCES]: { value: 750, description: "Business limit" },
|
||||||
|
[LimitId.PRIVATE_RESOURCES]: { value: 750, description: "Business limit" },
|
||||||
|
[LimitId.MACHINE_CLIENTS]: { value: 100, description: "Business limit" }
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
import { db, limits } from "@server/db";
|
import { db, limits } from "@server/db";
|
||||||
import { and, eq } from "drizzle-orm";
|
import { and, eq } from "drizzle-orm";
|
||||||
import { LimitSet } from "./limitSet";
|
import { LimitSet } from "./limitSet";
|
||||||
import { FeatureId } from "./features";
|
import { LimitId } from "./features";
|
||||||
import logger from "@server/logger";
|
import logger from "@server/logger";
|
||||||
|
|
||||||
class LimitService {
|
class LimitService {
|
||||||
@@ -38,7 +38,7 @@ class LimitService {
|
|||||||
|
|
||||||
async getOrgLimit(
|
async getOrgLimit(
|
||||||
orgId: string,
|
orgId: string,
|
||||||
featureId: FeatureId
|
featureId: LimitId
|
||||||
): Promise<number | null> {
|
): Promise<number | null> {
|
||||||
const limitId = `${orgId}-${featureId}`;
|
const limitId = `${orgId}-${featureId}`;
|
||||||
const [limit] = await db
|
const [limit] = await db
|
||||||
|
|||||||
@@ -16,14 +16,17 @@ export enum TierFeature {
|
|||||||
SessionDurationPolicies = "sessionDurationPolicies", // handle downgrade by setting to default duration
|
SessionDurationPolicies = "sessionDurationPolicies", // handle downgrade by setting to default duration
|
||||||
PasswordExpirationPolicies = "passwordExpirationPolicies", // handle downgrade by setting to default duration
|
PasswordExpirationPolicies = "passwordExpirationPolicies", // handle downgrade by setting to default duration
|
||||||
AutoProvisioning = "autoProvisioning", // handle downgrade by disabling auto provisioning
|
AutoProvisioning = "autoProvisioning", // handle downgrade by disabling auto provisioning
|
||||||
SshPam = "sshPam",
|
|
||||||
FullRbac = "fullRbac",
|
FullRbac = "fullRbac",
|
||||||
SiteProvisioningKeys = "siteProvisioningKeys", // handle downgrade by revoking keys if needed
|
SiteProvisioningKeys = "siteProvisioningKeys", // handle downgrade by revoking keys if needed
|
||||||
SIEM = "siem", // handle downgrade by disabling SIEM integrations
|
SIEM = "siem", // handle downgrade by disabling SIEM integrations
|
||||||
HTTPPrivateResources = "httpPrivateResources", // handle downgrade by disabling HTTP private resources
|
|
||||||
DomainNamespaces = "domainNamespaces", // handle downgrade by removing custom domain namespaces
|
DomainNamespaces = "domainNamespaces", // handle downgrade by removing custom domain namespaces
|
||||||
StandaloneHealthChecks = "standaloneHealthChecks",
|
StandaloneHealthChecks = "standaloneHealthChecks",
|
||||||
AlertingRules = "alertingRules"
|
AlertingRules = "alertingRules",
|
||||||
|
WildcardSubdomain = "wildcardSubdomain",
|
||||||
|
NewtAutoUpdate = "newtAutoUpdate",
|
||||||
|
ResourcePolicies = "resourcePolicies",
|
||||||
|
AdvancedPublicResources = "advancedPublicResources",
|
||||||
|
AdvancedPrivateResources = "advancedPrivateResources"
|
||||||
}
|
}
|
||||||
|
|
||||||
export const tierMatrix: Record<TierFeature, Tier[]> = {
|
export const tierMatrix: Record<TierFeature, Tier[]> = {
|
||||||
@@ -57,12 +60,15 @@ export const tierMatrix: Record<TierFeature, Tier[]> = {
|
|||||||
"enterprise"
|
"enterprise"
|
||||||
],
|
],
|
||||||
[TierFeature.AutoProvisioning]: ["tier1", "tier3", "enterprise"],
|
[TierFeature.AutoProvisioning]: ["tier1", "tier3", "enterprise"],
|
||||||
[TierFeature.SshPam]: ["tier1", "tier3", "enterprise"],
|
|
||||||
[TierFeature.FullRbac]: ["tier1", "tier2", "tier3", "enterprise"],
|
[TierFeature.FullRbac]: ["tier1", "tier2", "tier3", "enterprise"],
|
||||||
[TierFeature.SiteProvisioningKeys]: ["tier3", "enterprise"],
|
[TierFeature.SiteProvisioningKeys]: ["tier3", "enterprise"],
|
||||||
[TierFeature.SIEM]: ["enterprise"],
|
[TierFeature.SIEM]: ["enterprise"],
|
||||||
[TierFeature.HTTPPrivateResources]: ["tier3", "enterprise"],
|
|
||||||
[TierFeature.DomainNamespaces]: ["tier1", "tier2", "tier3", "enterprise"],
|
[TierFeature.DomainNamespaces]: ["tier1", "tier2", "tier3", "enterprise"],
|
||||||
[TierFeature.StandaloneHealthChecks]: ["tier2", "tier3", "enterprise"],
|
[TierFeature.StandaloneHealthChecks]: ["tier3", "enterprise"],
|
||||||
[TierFeature.AlertingRules]: ["tier2", "tier3", "enterprise"]
|
[TierFeature.AlertingRules]: ["tier3", "enterprise"],
|
||||||
|
[TierFeature.WildcardSubdomain]: ["tier1", "tier2", "tier3", "enterprise"],
|
||||||
|
[TierFeature.NewtAutoUpdate]: ["tier1", "tier2", "tier3", "enterprise"],
|
||||||
|
[TierFeature.ResourcePolicies]: ["tier3", "enterprise"],
|
||||||
|
[TierFeature.AdvancedPublicResources]: ["tier3", "enterprise"],
|
||||||
|
[TierFeature.AdvancedPrivateResources]: ["tier3", "enterprise"]
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -9,10 +9,10 @@ import {
|
|||||||
Transaction,
|
Transaction,
|
||||||
orgs
|
orgs
|
||||||
} from "@server/db";
|
} from "@server/db";
|
||||||
import { FeatureId, getFeatureMeterId } from "./features";
|
import { LimitId, getFeatureMeterId } from "./features";
|
||||||
import logger from "@server/logger";
|
import logger from "@server/logger";
|
||||||
import { build } from "@server/build";
|
import { build } from "@server/build";
|
||||||
import cache from "#dynamic/lib/cache";
|
import { regionalCache as cache } from "#dynamic/lib/cache";
|
||||||
|
|
||||||
export function noop() {
|
export function noop() {
|
||||||
if (build !== "saas") {
|
if (build !== "saas") {
|
||||||
@@ -22,7 +22,6 @@ export function noop() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
export class UsageService {
|
export class UsageService {
|
||||||
|
|
||||||
constructor() {
|
constructor() {
|
||||||
if (noop()) {
|
if (noop()) {
|
||||||
return;
|
return;
|
||||||
@@ -38,7 +37,7 @@ export class UsageService {
|
|||||||
|
|
||||||
public async add(
|
public async add(
|
||||||
orgId: string,
|
orgId: string,
|
||||||
featureId: FeatureId,
|
featureId: LimitId,
|
||||||
value: number,
|
value: number,
|
||||||
transaction: any = null
|
transaction: any = null
|
||||||
): Promise<Usage | null> {
|
): Promise<Usage | null> {
|
||||||
@@ -57,7 +56,10 @@ export class UsageService {
|
|||||||
try {
|
try {
|
||||||
let usage;
|
let usage;
|
||||||
if (transaction) {
|
if (transaction) {
|
||||||
const orgIdToUse = await this.getBillingOrg(orgId, transaction);
|
const orgIdToUse = await this.getBillingOrg(
|
||||||
|
orgId,
|
||||||
|
transaction
|
||||||
|
);
|
||||||
usage = await this.internalAddUsage(
|
usage = await this.internalAddUsage(
|
||||||
orgIdToUse,
|
orgIdToUse,
|
||||||
featureId,
|
featureId,
|
||||||
@@ -112,7 +114,7 @@ export class UsageService {
|
|||||||
|
|
||||||
private async internalAddUsage(
|
private async internalAddUsage(
|
||||||
orgId: string, // here the orgId is the billing org already resolved by getBillingOrg in updateCount
|
orgId: string, // here the orgId is the billing org already resolved by getBillingOrg in updateCount
|
||||||
featureId: FeatureId,
|
featureId: LimitId,
|
||||||
value: number,
|
value: number,
|
||||||
trx: Transaction
|
trx: Transaction
|
||||||
): Promise<Usage> {
|
): Promise<Usage> {
|
||||||
@@ -161,7 +163,7 @@ export class UsageService {
|
|||||||
|
|
||||||
async updateCount(
|
async updateCount(
|
||||||
orgId: string,
|
orgId: string,
|
||||||
featureId: FeatureId,
|
featureId: LimitId,
|
||||||
value?: number,
|
value?: number,
|
||||||
customerId?: string
|
customerId?: string
|
||||||
): Promise<void> {
|
): Promise<void> {
|
||||||
@@ -225,7 +227,7 @@ export class UsageService {
|
|||||||
|
|
||||||
private async getCustomerId(
|
private async getCustomerId(
|
||||||
orgId: string,
|
orgId: string,
|
||||||
featureId: FeatureId
|
featureId: LimitId
|
||||||
): Promise<string | null> {
|
): Promise<string | null> {
|
||||||
const orgIdToUse = await this.getBillingOrg(orgId);
|
const orgIdToUse = await this.getBillingOrg(orgId);
|
||||||
|
|
||||||
@@ -267,18 +269,19 @@ export class UsageService {
|
|||||||
|
|
||||||
public async getUsage(
|
public async getUsage(
|
||||||
orgId: string,
|
orgId: string,
|
||||||
featureId: FeatureId,
|
featureId: LimitId,
|
||||||
trx: Transaction | typeof db = db
|
trx: Transaction | typeof db = db
|
||||||
): Promise<Usage | null> {
|
): Promise<Usage | null> {
|
||||||
if (noop()) {
|
if (noop()) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
const orgIdToUse = await this.getBillingOrg(orgId, trx);
|
let orgIdToUse = orgId;
|
||||||
|
|
||||||
const usageId = `${orgIdToUse}-${featureId}`;
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
orgIdToUse = await this.getBillingOrg(orgId, trx);
|
||||||
|
|
||||||
|
const usageId = `${orgIdToUse}-${featureId}`;
|
||||||
|
|
||||||
const [result] = await trx
|
const [result] = await trx
|
||||||
.select()
|
.select()
|
||||||
.from(usage)
|
.from(usage)
|
||||||
@@ -338,8 +341,12 @@ export class UsageService {
|
|||||||
`Failed to get usage for ${orgIdToUse}/${featureId}:`,
|
`Failed to get usage for ${orgIdToUse}/${featureId}:`,
|
||||||
error
|
error
|
||||||
);
|
);
|
||||||
throw error;
|
if (process.env.NODE_ENV !== "development") {
|
||||||
|
throw error;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
public async getBillingOrg(
|
public async getBillingOrg(
|
||||||
@@ -374,7 +381,7 @@ export class UsageService {
|
|||||||
|
|
||||||
public async checkLimitSet(
|
public async checkLimitSet(
|
||||||
orgId: string,
|
orgId: string,
|
||||||
featureId?: FeatureId,
|
featureId?: LimitId,
|
||||||
usage?: Usage,
|
usage?: Usage,
|
||||||
trx: Transaction | typeof db = db
|
trx: Transaction | typeof db = db
|
||||||
): Promise<boolean> {
|
): Promise<boolean> {
|
||||||
@@ -382,13 +389,13 @@ export class UsageService {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
const orgIdToUse = await this.getBillingOrg(orgId, trx);
|
|
||||||
|
|
||||||
// This method should check the current usage against the limits set for the organization
|
// This method should check the current usage against the limits set for the organization
|
||||||
// and kick out all of the sites on the org
|
// and kick out all of the sites on the org
|
||||||
let hasExceededLimits = false;
|
let hasExceededLimits = false;
|
||||||
|
let orgIdToUse = orgId;
|
||||||
try {
|
try {
|
||||||
|
orgIdToUse = await this.getBillingOrg(orgId, trx);
|
||||||
|
|
||||||
let orgLimits: Limit[] = [];
|
let orgLimits: Limit[] = [];
|
||||||
if (featureId) {
|
if (featureId) {
|
||||||
// Get all limits set for this organization
|
// Get all limits set for this organization
|
||||||
@@ -422,7 +429,7 @@ export class UsageService {
|
|||||||
} else {
|
} else {
|
||||||
currentUsage = await this.getUsage(
|
currentUsage = await this.getUsage(
|
||||||
orgIdToUse,
|
orgIdToUse,
|
||||||
limit.featureId as FeatureId,
|
limit.featureId as LimitId,
|
||||||
trx
|
trx
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|||||||