import { db, olms, users } from "@server/db"; import { clients, orgs, roleClients, sites, userClients, clientSitesAssociationsCache, currentFingerprint } from "@server/db"; import logger from "@server/logger"; import HttpCode from "@server/types/HttpCode"; import response from "@server/lib/response"; import { and, count, eq, inArray, isNotNull, isNull, or, sql } from "drizzle-orm"; import { NextFunction, Request, Response } from "express"; import createHttpError from "http-errors"; import { z } from "zod"; import { fromError } from "zod-validation-error"; import { OpenAPITags, registry } from "@server/openApi"; import NodeCache from "node-cache"; import semver from "semver"; import { getUserDeviceName } from "@server/db/names"; const olmVersionCache = new NodeCache({ stdTTL: 3600 }); async function getLatestOlmVersion(): Promise { try { const cachedVersion = olmVersionCache.get("latestOlmVersion"); if (cachedVersion) { return cachedVersion; } const controller = new AbortController(); const timeoutId = setTimeout(() => controller.abort(), 1500); const response = await fetch( "https://api.github.com/repos/fosrl/olm/tags", { signal: controller.signal } ); clearTimeout(timeoutId); if (!response.ok) { logger.warn( `Failed to fetch latest Olm version from GitHub: ${response.status} ${response.statusText}` ); return null; } let tags = await response.json(); if (!Array.isArray(tags) || tags.length === 0) { logger.warn("No tags found for Olm repository"); return null; } tags = tags.filter((version) => !version.name.includes("rc")); const latestVersion = tags[0].name; olmVersionCache.set("latestOlmVersion", latestVersion); return latestVersion; } catch (error: any) { if (error.name === "AbortError") { logger.warn("Request to fetch latest Olm version timed out (1.5s)"); } else if (error.cause?.code === "UND_ERR_CONNECT_TIMEOUT") { logger.warn("Connection timeout while fetching latest Olm version"); } else { logger.warn( "Error fetching latest Olm version:", error.message || error ); } return null; } } const listClientsParamsSchema = z.strictObject({ orgId: z.string() }); const listClientsSchema = z.object({ limit: z .string() .optional() .default("1000") .transform(Number) .pipe(z.int().positive()), offset: z .string() .optional() .default("0") .transform(Number) .pipe(z.int().nonnegative()), filter: z.enum(["user", "machine"]).optional() }); function queryClients( orgId: string, accessibleClientIds: number[], filter?: "user" | "machine" ) { const conditions = [ inArray(clients.clientId, accessibleClientIds), eq(clients.orgId, orgId) ]; // Add filter condition based on filter type if (filter === "user") { conditions.push(isNotNull(clients.userId)); } else if (filter === "machine") { conditions.push(isNull(clients.userId)); } return db .select({ clientId: clients.clientId, orgId: clients.orgId, name: clients.name, pubKey: clients.pubKey, subnet: clients.subnet, megabytesIn: clients.megabytesIn, megabytesOut: clients.megabytesOut, orgName: orgs.name, type: clients.type, online: clients.online, olmVersion: olms.version, userId: clients.userId, username: users.username, userEmail: users.email, niceId: clients.niceId, agent: olms.agent, approvalState: clients.approvalState, olmArchived: olms.archived, archived: clients.archived, blocked: clients.blocked, deviceModel: currentFingerprint.deviceModel, fingerprintPlatform: currentFingerprint.platform, fingerprintOsVersion: currentFingerprint.osVersion, fingerprintKernelVersion: currentFingerprint.kernelVersion, fingerprintArch: currentFingerprint.arch, fingerprintSerialNumber: currentFingerprint.serialNumber, fingerprintUsername: currentFingerprint.username, fingerprintHostname: currentFingerprint.hostname }) .from(clients) .leftJoin(orgs, eq(clients.orgId, orgs.orgId)) .leftJoin(olms, eq(clients.clientId, olms.clientId)) .leftJoin(users, eq(clients.userId, users.userId)) .leftJoin(currentFingerprint, eq(olms.olmId, currentFingerprint.olmId)) .where(and(...conditions)); } async function getSiteAssociations(clientIds: number[]) { if (clientIds.length === 0) return []; return db .select({ clientId: clientSitesAssociationsCache.clientId, siteId: clientSitesAssociationsCache.siteId, siteName: sites.name, siteNiceId: sites.niceId }) .from(clientSitesAssociationsCache) .leftJoin(sites, eq(clientSitesAssociationsCache.siteId, sites.siteId)) .where(inArray(clientSitesAssociationsCache.clientId, clientIds)); } type ClientWithSites = Awaited>[0] & { sites: Array<{ siteId: number; siteName: string | null; siteNiceId: string | null; }>; olmUpdateAvailable?: boolean; }; type OlmWithUpdateAvailable = ClientWithSites; export type ListClientsResponse = { clients: Array; pagination: { total: number; limit: number; offset: number }; }; registry.registerPath({ method: "get", path: "/org/{orgId}/clients", description: "List all clients for an organization.", tags: [OpenAPITags.Client, OpenAPITags.Org], request: { query: listClientsSchema, params: listClientsParamsSchema }, responses: {} }); export async function listClients( req: Request, res: Response, next: NextFunction ): Promise { try { const parsedQuery = listClientsSchema.safeParse(req.query); if (!parsedQuery.success) { return next( createHttpError( HttpCode.BAD_REQUEST, fromError(parsedQuery.error) ) ); } const { limit, offset, filter } = parsedQuery.data; const parsedParams = listClientsParamsSchema.safeParse(req.params); if (!parsedParams.success) { return next( createHttpError( HttpCode.BAD_REQUEST, fromError(parsedParams.error) ) ); } const { orgId } = parsedParams.data; if (req.user && orgId && orgId !== req.userOrgId) { return next( createHttpError( HttpCode.FORBIDDEN, "User does not have access to this organization" ) ); } let accessibleClients; if (req.user) { accessibleClients = await db .select({ clientId: sql`COALESCE(${userClients.clientId}, ${roleClients.clientId})` }) .from(userClients) .fullJoin( roleClients, eq(userClients.clientId, roleClients.clientId) ) .where( or( eq(userClients.userId, req.user!.userId), eq(roleClients.roleId, req.userOrgRoleId!) ) ); } else { accessibleClients = await db .select({ clientId: clients.clientId }) .from(clients) .where(eq(clients.orgId, orgId)); } const accessibleClientIds = accessibleClients.map( (client) => client.clientId ); const baseQuery = queryClients(orgId, accessibleClientIds, filter); // Get client count with filter const countConditions = [ inArray(clients.clientId, accessibleClientIds), eq(clients.orgId, orgId) ]; if (filter === "user") { countConditions.push(isNotNull(clients.userId)); } else if (filter === "machine") { countConditions.push(isNull(clients.userId)); } const countQuery = db .select({ count: count() }) .from(clients) .where(and(...countConditions)); const clientsList = await baseQuery.limit(limit).offset(offset); const totalCountResult = await countQuery; const totalCount = totalCountResult[0].count; // Get associated sites for all clients const clientIds = clientsList.map((client) => client.clientId); const siteAssociations = await getSiteAssociations(clientIds); // Group site associations by client ID const sitesByClient = siteAssociations.reduce( (acc, association) => { if (!acc[association.clientId]) { acc[association.clientId] = []; } acc[association.clientId].push({ siteId: association.siteId, siteName: association.siteName, siteNiceId: association.siteNiceId }); return acc; }, {} as Record< number, Array<{ siteId: number; siteName: string | null; siteNiceId: string | null; }> > ); // Merge clients with their site associations and replace name with device name const clientsWithSites = clientsList.map((client) => { const model = client.deviceModel || null; const newName = getUserDeviceName(model, client.name); return { ...client, name: newName, sites: sitesByClient[client.clientId] || [] }; }); const latestOlVersionPromise = getLatestOlmVersion(); const olmsWithUpdates: OlmWithUpdateAvailable[] = clientsWithSites.map( (client) => { const OlmWithUpdate: OlmWithUpdateAvailable = { ...client }; // Initially set to false, will be updated if version check succeeds OlmWithUpdate.olmUpdateAvailable = false; return OlmWithUpdate; } ); // Try to get the latest version, but don't block if it fails try { const latestOlVersion = await latestOlVersionPromise; if (latestOlVersion) { olmsWithUpdates.forEach((client) => { try { client.olmUpdateAvailable = semver.lt( client.olmVersion ? client.olmVersion : "", latestOlVersion ); } catch (error) { client.olmUpdateAvailable = false; } }); } } catch (error) { // Log the error but don't let it block the response logger.warn( "Failed to check for OLM updates, continuing without update info:", error ); } return response(res, { data: { clients: olmsWithUpdates, pagination: { total: totalCount, limit, offset } }, success: true, error: false, message: "Clients retrieved successfully", status: HttpCode.OK }); } catch (error) { logger.error(error); return next( createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } }