Add labels input

2026-06-06 07:38:46 +00:00 · 2026-05-29 12:20:45 -07:00
parent 726deb4152
commit ff6c23e3e4
10 changed files with 507 additions and 22 deletions
--- a/server/db/pg/schema/privateSchema.ts
+++ b/server/db/pg/schema/privateSchema.ts
@@ -2,6 +2,7 @@ import {
    pgTable,
    serial,
    varchar,
+    unique,
    boolean,
    integer,
    bigint,
@@ -24,7 +25,8 @@ import {
    targetHealthCheck,
    sites,
    clients,
-    sessions
+    sessions,
+    labels
 } from "./schema";

 export const certificates = pgTable("certificates", {
@@ -207,6 +209,32 @@ export const remoteExitNodeResources = pgTable("remoteExitNodeResources", {
    destination: varchar("destination").notNull() // a cidr range
 });

+export const remoteExitNodePreferenceLabels = pgTable(
+    // this controls what sites are enforced to connect to this node
+    "remoteExitNodePreferenceLabels",
+    {
+        remoteExitNodePreferenceLabelId: serial(
+            "remoteExitNodePreferenceLabelId"
+        ).primaryKey(),
+        remoteExitNode: integer("remoteExitNode")
+            .references(() => remoteExitNodes.remoteExitNodeId, {
+                onDelete: "cascade"
+            })
+            .notNull(),
+        labelId: integer("labelId")
+            .references(() => labels.labelId, {
+                onDelete: "cascade"
+            })
+            .notNull()
+    },
+    (t) => [
+        unique("remote_exit_node_preference_label_uniq").on(
+            t.remoteExitNode,
+            t.labelId
+        )
+    ]
+);
+
 export const remoteExitNodeSessions = pgTable("remoteExitNodeSession", {
    sessionId: varchar("id").primaryKey(),
    remoteExitNodeId: varchar("remoteExitNodeId")
--- a/server/db/sqlite/schema/privateSchema.ts
+++ b/server/db/sqlite/schema/privateSchema.ts
@@ -12,6 +12,7 @@ import {
    clients,
    domains,
    exitNodes,
+    labels,
    orgs,
    resources,
    roles,
@@ -21,9 +22,6 @@ import {
    targetHealthCheck,
    users
 } from "./schema";
-import { serial, varchar } from "drizzle-orm/mysql-core";
-import { pgTable } from "drizzle-orm/pg-core";
-import { bigint } from "zod";

 export const certificates = sqliteTable("certificates", {
    certId: integer("certId").primaryKey({ autoIncrement: true }),
@@ -207,6 +205,32 @@ export const remoteExitNodeResources = sqliteTable("remoteExitNodeResources", {
    destination: text("destination").notNull() // a cidr range
 });

+export const remoteExitNodePreferenceLabels = sqliteTable(
+    // this controls what sites are enforced to connect to this node
+    "remoteExitNodePreferenceLabels",
+    {
+        remoteExitNodePreferenceLabelId: integer(
+            "remoteExitNodePreferenceLabelId"
+        ).primaryKey({ autoIncrement: true }),
+        remoteExitNodeId: text("remoteExitNodeId")
+            .references(() => remoteExitNodes.remoteExitNodeId, {
+                onDelete: "cascade"
+            })
+            .notNull(),
+        labelId: integer("labelId")
+            .references(() => labels.labelId, {
+                onDelete: "cascade"
+            })
+            .notNull()
+    },
+    (t) => [
+        uniqueIndex("remote_exit_node_preference_label_uniq").on(
+            t.remoteExitNodeId,
+            t.labelId
+        )
+    ]
+);
+
 export const remoteExitNodeSessions = sqliteTable("remoteExitNodeSession", {
    sessionId: text("id").primaryKey(),
    remoteExitNodeId: text("remoteExitNodeId")
--- a/server/private/routers/external.ts
+++ b/server/private/routers/external.ts
@@ -349,6 +349,25 @@ authenticated.post(
    remoteExitNode.setRemoteExitNodeResources
 );

+authenticated.get(
+    "/org/:orgId/remote-exit-node/:remoteExitNodeId/preference-labels",
+    verifyValidLicense,
+    verifyOrgAccess,
+    verifyRemoteExitNodeAccess,
+    verifyUserHasAction(ActionsEnum.getRemoteExitNode),
+    remoteExitNode.listRemoteExitNodePreferenceLabels
+);
+
+authenticated.post(
+    "/org/:orgId/remote-exit-node/:remoteExitNodeId/preference-labels",
+    verifyValidLicense,
+    verifyOrgAccess,
+    verifyRemoteExitNodeAccess,
+    verifyUserHasAction(ActionsEnum.updateRemoteExitNode),
+    logActionAudit(ActionsEnum.updateRemoteExitNode),
+    remoteExitNode.setRemoteExitNodePreferenceLabels
+);
+
 authenticated.put(
    "/org/:orgId/login-page",
    verifyValidLicense,
--- a/server/private/routers/remoteExitNode/index.ts
+++ b/server/private/routers/remoteExitNode/index.ts
@@ -24,3 +24,5 @@ export * from "./quickStartRemoteExitNode";
 export * from "./offlineChecker";
 export * from "./listRemoteExitNodeResources";
 export * from "./setRemoteExitNodeResources";
+export * from "./listRemoteExitNodePreferenceLabels";
+export * from "./setRemoteExitNodePreferenceLabels";
--- a/server/private/routers/remoteExitNode/listRemoteExitNodePreferenceLabels.ts
+++ b/server/private/routers/remoteExitNode/listRemoteExitNodePreferenceLabels.ts
@@ -0,0 +1,110 @@
+/*
+ * This file is part of a proprietary work.
+ *
+ * Copyright (c) 2025-2026 Fossorial, Inc.
+ * All rights reserved.
+ *
+ * This file is licensed under the Fossorial Commercial License.
+ * You may not use this file except in compliance with the License.
+ * Unauthorized use, copying, modification, or distribution is strictly prohibited.
+ *
+ * This file is not licensed under the AGPLv3.
+ */
+
+import { NextFunction, Request, Response } from "express";
+import { z } from "zod";
+import {
+    db,
+    labels,
+    remoteExitNodePreferenceLabels,
+    remoteExitNodes
+} from "@server/db";
+import { eq } from "drizzle-orm";
+import response from "@server/lib/response";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import logger from "@server/logger";
+import { fromError } from "zod-validation-error";
+
+const paramsSchema = z.strictObject({
+    orgId: z.string().min(1),
+    remoteExitNodeId: z.string().min(1)
+});
+
+export type ListRemoteExitNodePreferenceLabelsResponse = {
+    labels: {
+        remoteExitNodePreferenceLabelId: number;
+        labelId: number;
+        name: string;
+        color: string;
+    }[];
+};
+
+export async function listRemoteExitNodePreferenceLabels(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedParams = paramsSchema.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error).toString()
+                )
+            );
+        }
+
+        const { remoteExitNodeId } = parsedParams.data;
+
+        const [remoteExitNode] = await db
+            .select()
+            .from(remoteExitNodes)
+            .where(eq(remoteExitNodes.remoteExitNodeId, remoteExitNodeId))
+            .limit(1);
+
+        if (!remoteExitNode) {
+            return next(
+                createHttpError(
+                    HttpCode.NOT_FOUND,
+                    `Remote exit node with ID ${remoteExitNodeId} not found`
+                )
+            );
+        }
+
+        const rows = await db
+            .select({
+                remoteExitNodePreferenceLabelId:
+                    remoteExitNodePreferenceLabels.remoteExitNodePreferenceLabelId,
+                labelId: remoteExitNodePreferenceLabels.labelId,
+                name: labels.name,
+                color: labels.color
+            })
+            .from(remoteExitNodePreferenceLabels)
+            .innerJoin(
+                labels,
+                eq(labels.labelId, remoteExitNodePreferenceLabels.labelId)
+            )
+            .where(
+                eq(
+                    remoteExitNodePreferenceLabels.remoteExitNodeId,
+                    remoteExitNodeId
+                )
+            );
+
+        return response<ListRemoteExitNodePreferenceLabelsResponse>(res, {
+            data: { labels: rows },
+            success: true,
+            error: false,
+            message:
+                "Remote exit node preference labels retrieved successfully",
+            status: HttpCode.OK
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
--- a/server/private/routers/remoteExitNode/setRemoteExitNodePreferenceLabels.ts
+++ b/server/private/routers/remoteExitNode/setRemoteExitNodePreferenceLabels.ts
@@ -0,0 +1,168 @@
+/*
+ * This file is part of a proprietary work.
+ *
+ * Copyright (c) 2025-2026 Fossorial, Inc.
+ * All rights reserved.
+ *
+ * This file is licensed under the Fossorial Commercial License.
+ * You may not use this file except in compliance with the License.
+ * Unauthorized use, copying, modification, or distribution is strictly prohibited.
+ *
+ * This file is not licensed under the AGPLv3.
+ */
+
+import { NextFunction, Request, Response } from "express";
+import { z } from "zod";
+import {
+    db,
+    labels,
+    remoteExitNodePreferenceLabels,
+    remoteExitNodes
+} from "@server/db";
+import { and, eq, inArray } from "drizzle-orm";
+import response from "@server/lib/response";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import logger from "@server/logger";
+import { fromError } from "zod-validation-error";
+
+const paramsSchema = z.strictObject({
+    orgId: z.string().min(1),
+    remoteExitNodeId: z.string().min(1)
+});
+
+const bodySchema = z.strictObject({
+    labelIds: z.array(z.number().int().positive())
+});
+
+export type SetRemoteExitNodePreferenceLabelsBody = z.infer<typeof bodySchema>;
+
+export type SetRemoteExitNodePreferenceLabelsResponse = {
+    labels: {
+        remoteExitNodePreferenceLabelId: number;
+        labelId: number;
+        name: string;
+        color: string;
+    }[];
+};
+
+export async function setRemoteExitNodePreferenceLabels(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedParams = paramsSchema.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error).toString()
+                )
+            );
+        }
+
+        const { orgId, remoteExitNodeId } = parsedParams.data;
+
+        const parsedBody = bodySchema.safeParse(req.body);
+        if (!parsedBody.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedBody.error).toString()
+                )
+            );
+        }
+
+        const { labelIds } = parsedBody.data;
+
+        const [remoteExitNode] = await db
+            .select()
+            .from(remoteExitNodes)
+            .where(eq(remoteExitNodes.remoteExitNodeId, remoteExitNodeId))
+            .limit(1);
+
+        if (!remoteExitNode) {
+            return next(
+                createHttpError(
+                    HttpCode.NOT_FOUND,
+                    `Remote exit node with ID ${remoteExitNodeId} not found`
+                )
+            );
+        }
+
+        // Validate all provided labelIds belong to this org
+        if (labelIds.length > 0) {
+            const existingLabels = await db
+                .select({ labelId: labels.labelId })
+                .from(labels)
+                .where(
+                    and(
+                        eq(labels.orgId, orgId),
+                        inArray(labels.labelId, labelIds)
+                    )
+                );
+
+            if (existingLabels.length !== labelIds.length) {
+                return next(
+                    createHttpError(
+                        HttpCode.BAD_REQUEST,
+                        "One or more label IDs are invalid or do not belong to this organization"
+                    )
+                );
+            }
+        }
+
+        // Replace all preference labels atomically
+        await db
+            .delete(remoteExitNodePreferenceLabels)
+            .where(
+                eq(
+                    remoteExitNodePreferenceLabels.remoteExitNodeId,
+                    remoteExitNodeId
+                )
+            );
+
+        if (labelIds.length > 0) {
+            await db.insert(remoteExitNodePreferenceLabels).values(
+                labelIds.map((labelId) => ({
+                    remoteExitNodeId,
+                    labelId
+                }))
+            );
+        }
+
+        const rows = await db
+            .select({
+                remoteExitNodePreferenceLabelId:
+                    remoteExitNodePreferenceLabels.remoteExitNodePreferenceLabelId,
+                labelId: remoteExitNodePreferenceLabels.labelId,
+                name: labels.name,
+                color: labels.color
+            })
+            .from(remoteExitNodePreferenceLabels)
+            .innerJoin(
+                labels,
+                eq(labels.labelId, remoteExitNodePreferenceLabels.labelId)
+            )
+            .where(
+                eq(
+                    remoteExitNodePreferenceLabels.remoteExitNodeId,
+                    remoteExitNodeId
+                )
+            );
+
+        return response<SetRemoteExitNodePreferenceLabelsResponse>(res, {
+            data: { labels: rows },
+            success: true,
+            error: false,
+            message: "Remote exit node preference labels updated successfully",
+            status: HttpCode.OK
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}