Add remote subnets to ui

server/db/pg/schema.ts

@@ -59,7 +59,8 @@ export const sites = pgTable("sites", {
     publicKey: varchar("publicKey"),
     lastHolePunch: bigint("lastHolePunch", { mode: "number" }),
     listenPort: integer("listenPort"),
-    dockerSocketEnabled: boolean("dockerSocketEnabled").notNull().default(true)
+    dockerSocketEnabled: boolean("dockerSocketEnabled").notNull().default(true),
+    remoteSubnets: text("remoteSubnets") // comma-separated list of subnets that this site can access
 });
 
 export const resources = pgTable("resources", {
@@ -542,7 +543,7 @@ export const olmSessions = pgTable("clientSession", {
     olmId: varchar("olmId")
         .notNull()
         .references(() => olms.olmId, { onDelete: "cascade" }),
-    expiresAt: bigint("expiresAt", { mode: "number" }).notNull(),
+    expiresAt: bigint("expiresAt", { mode: "number" }).notNull()
 });
 
 export const userClients = pgTable("userClients", {
@@ -565,9 +566,11 @@ export const roleClients = pgTable("roleClients", {
 
 export const securityKeys = pgTable("webauthnCredentials", {
     credentialId: varchar("credentialId").primaryKey(),
-    userId: varchar("userId").notNull().references(() => users.userId, {
-        onDelete: "cascade"
-    }),
+    userId: varchar("userId")
+        .notNull()
+        .references(() => users.userId, {
+            onDelete: "cascade"
+        }),
     publicKey: varchar("publicKey").notNull(),
     signCount: integer("signCount").notNull(),
     transports: varchar("transports"),

server/db/sqlite/schema.ts

@@ -65,7 +65,8 @@ export const sites = sqliteTable("sites", {
     listenPort: integer("listenPort"),
     dockerSocketEnabled: integer("dockerSocketEnabled", { mode: "boolean" })
         .notNull()
-        .default(true)
+        .default(true),
+    remoteSubnets: text("remoteSubnets"), // comma-separated list of subnets that this site can access
 });
 
 export const resources = sqliteTable("resources", {

server/routers/site/updateSite.ts

@@ -9,6 +9,7 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
+import { isValidCIDR } from "@server/lib/validators";
 
 const updateSiteParamsSchema = z
     .object({
@@ -20,6 +21,9 @@ const updateSiteBodySchema = z
     .object({
         name: z.string().min(1).max(255).optional(),
         dockerSocketEnabled: z.boolean().optional(),
+        remoteSubnets: z
+            .string()
+            .optional()
         // subdomain: z
         //     .string()
         //     .min(1)
@@ -85,6 +89,21 @@ export async function updateSite(
         const { siteId } = parsedParams.data;
         const updateData = parsedBody.data;
 
+        // if remoteSubnets is provided, ensure it's a valid comma-separated list of cidrs
+        if (updateData.remoteSubnets) {
+            const subnets = updateData.remoteSubnets.split(",").map((s) => s.trim());
+            for (const subnet of subnets) {
+                if (!isValidCIDR(subnet)) {
+                    return next(
+                        createHttpError(
+                            HttpCode.BAD_REQUEST,
+                            `Invalid CIDR format: ${subnet}`
+                        )
+                    );
+                }
+            }
+        }
+
         const updatedSite = await db
             .update(sites)
             .set(updateData)