calvin.erfmann/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-06-05 07:16:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add proxy protocl support in blueprints

Browse Source
This commit is contained in:
Owen
2026-06-02 16:42:26 -07:00
parent 33fad57bf7
commit ffd0d17b58
2 changed files with 49 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
server/lib/blueprints/proxyResources.ts
View File

@@ -337,6 +337,15 @@ export async function updateProxyResources(
resourceData.maintenance?.message,
maintenanceEstimatedTime:
resourceData.maintenance?.["estimated-time"],
proxyProtocol:
resourceData.mode === "tcp"
? (resourceData["proxy-protocol"] ?? false)
: false,
proxyProtocolVersion:
resourceData.mode === "tcp"
? (resourceData["proxy-protocol-version"] ??
1)
: 1,
resourcePolicyId: sharedPolicy.resourcePolicyId
})
.where(
@@ -504,6 +513,15 @@ export async function updateProxyResources(
resourceData.maintenance?.message,
maintenanceEstimatedTime:
resourceData.maintenance?.["estimated-time"],
proxyProtocol:
resourceData.mode === "tcp"
? (resourceData["proxy-protocol"] ?? false)
: false,
proxyProtocolVersion:
resourceData.mode === "tcp"
? (resourceData["proxy-protocol-version"] ??
1)
: 1,
resourcePolicyId: null,
defaultResourcePolicyId: inlinePolicyId
})
@@ -994,6 +1012,14 @@ export async function updateProxyResources(
maintenanceMessage: resourceData.maintenance?.message,
maintenanceEstimatedTime:
resourceData.maintenance?.["estimated-time"],
proxyProtocol:
resourceData.mode === "tcp"
? (resourceData["proxy-protocol"] ?? false)
: false,
proxyProtocolVersion:
resourceData.mode === "tcp"
? (resourceData["proxy-protocol-version"] ?? 1)
: 1,
defaultResourcePolicyId: inlinePolicy.resourcePolicyId,
resourcePolicyId: sharedPolicyId,
// Only set these resource-level fields when using a shared policy
@@ -1231,7 +1257,9 @@ async function syncRoleResources(
}))
);
role = created;
logger.info(`Auto-created role "${roleName}" in org ${orgId} from blueprint`);
logger.info(
`Auto-created role "${roleName}" in org ${orgId} from blueprint`
);
}
if (role.isAdmin) {

21
server/lib/blueprints/types.ts
View File

@@ -201,7 +201,9 @@ export const PublicResourceSchema = z
headers: z.array(HeaderSchema).optional(),
rules: z.array(RuleSchema).optional(),
maintenance: MaintenanceSchema.optional(),
"auth-daemon": AuthDaemonSchema.optional()
"auth-daemon": AuthDaemonSchema.optional(),
"proxy-protocol": z.boolean().optional(),
"proxy-protocol-version": z.int().min(1).optional()
})
.refine(
(resource) => {
@@ -378,6 +380,23 @@ export const PublicResourceSchema = z
'Wildcard full-domain must have "*" as the leftmost label only, followed by at least two valid hostname labels (e.g. "*.example.com" or "*.level1.example.com"). Patterns like "*example.com" or "level2.*.example.com" are not supported.'
}
)
.refine(
(resource) => {
const effectiveMode = resource.mode ?? resource.protocol;
if (effectiveMode !== "tcp") {
return (
resource["proxy-protocol"] === undefined &&
resource["proxy-protocol-version"] === undefined
);
}
return true;
},
{
path: ["proxy-protocol"],
message:
"'proxy-protocol' and 'proxy-protocol-version' can only be set when mode is 'tcp'"
}
)
.transform((resource) => {
// Normalize: prefer mode, fall back to protocol for backwards compatibility
if (resource.mode === undefined && resource.protocol !== undefined) {