chore: simplify policy rule update/delete lookups

Fix middleware and suppoter footer

server/lib/traefik/TraefikConfigManager.ts

@@ -511,6 +511,12 @@ export class TraefikConfigManager {
         let traefikConfig;
         try {
             const currentExitNode = await getCurrentExitNodeId();
+
+            const maintenancePort = config.getRawConfig().server.next_port;
+            const maintenanceHost =
+                config.getRawConfig().server.internal_hostname;
+            const pangolinUIUrl = `http://${maintenanceHost}:${maintenancePort}`;
+
             // logger.debug(`Fetching traefik config for exit node: ${currentExitNode}`);
             traefikConfig = await getTraefikConfig(
                 // this is called by the local exit node to get its own config
@@ -521,7 +527,8 @@ export class TraefikConfigManager {
                 build == "saas"
                     ? false
                     : config.getRawConfig().traefik.allow_raw_resources, // dont allow raw resources on saas otherwise use config
-                build != "oss" // generate browser gateway targets on cloud and enterprise
+                pangolinUIUrl, // generate maintenance pages on cloud and hybrid
+                pangolinUIUrl // generate browser gateway targets on cloud and hybrid
             );
 
             const domains = new Set<string>();

server/lib/traefik/getTraefikConfig.ts

@@ -44,8 +44,8 @@ export async function getTraefikConfig(
     filterOutNamespaceDomains = false, // UNUSED BUT USED IN PRIVATE
     generateLoginPageRouters = false, // UNUSED BUT USED IN PRIVATE
     allowRawResources = true,
-    allowMaintenancePage = true, // UNUSED BUT USED IN PRIVATE
+    maintenancePageUiUrl: string | null = null, // UNUSED BUT USED IN PRIVATE
-    allowBrowserGatewayResources = true
+    browserGatewayUiUrl: string | null = null // UNUSED BUT USED IN PRIVATE
 ): Promise<any> {
     // Get resources with their targets and sites in a single optimized query
     // Start from sites on this exit node, then join to targets and resources

server/private/lib/traefik/getTraefikConfig.ts

@@ -84,8 +84,8 @@ export async function getTraefikConfig(
     filterOutNamespaceDomains = false,
     generateLoginPageRouters = false,
     allowRawResources = true,
-    allowMaintenancePage = true,
+    maintenancePageUiUrl: string | null = null,
-    allowBrowserGatewayResources = true
+    browserGatewayUiUrl: string | null = null
 ): Promise<any> {
     // Get resources with their targets and sites in a single optimized query
     // Start from sites on this exit node, then join to targets and resources
@@ -317,7 +317,7 @@ export async function getTraefikConfig(
         BrowserGatewayResourceEntry
     >();
 
-    if (allowBrowserGatewayResources) {
+    if (browserGatewayUiUrl) {
         for (const row of resourcesWithTargetsAndSites) {
             if (!["ssh", "vnc", "rdp"].includes(row.mode)) {
                 continue;
@@ -630,10 +630,11 @@ export async function getTraefikConfig(
                 }
             }
 
-            if (showMaintenancePage && allowMaintenancePage) {
+            if (showMaintenancePage && maintenancePageUiUrl) {
                 const maintenanceServiceName = `${key}-maintenance-service`;
                 const maintenanceRouterName = `${key}-maintenance-router`;
                 const rewriteMiddlewareName = `${key}-maintenance-rewrite`;
+                const maintenanceHeadersMiddlewareName = `${key}-maintenance-headers`;
 
                 const entrypointHttp =
                     config.getRawConfig().traefik.http_entrypoint;
@@ -646,15 +647,11 @@ export async function getTraefikConfig(
                     ? `*.${domainParts.slice(1).join(".")}`
                     : fullDomain;
 
-                const maintenancePort = config.getRawConfig().server.next_port;
-                const maintenanceHost =
-                    config.getRawConfig().server.internal_hostname;
-
                 config_output.http.services[maintenanceServiceName] = {
                     loadBalancer: {
                         servers: [
                             {
-                                url: `http://${maintenanceHost}:${maintenancePort}`
+                                url: maintenancePageUiUrl
                             }
                         ],
                         passHostHeader: true
@@ -673,12 +670,26 @@ export async function getTraefikConfig(
                     }
                 };
 
+                config_output.http.middlewares[
+                    maintenanceHeadersMiddlewareName
+                ] = {
+                    headers: {
+                        customRequestHeaders: {
+                            Host: "app.pangolin.net", // if we are sending to the cloud the host needs to be this but we will pull the p-host to find the resource
+                            "p-host": fullDomain
+                        }
+                    }
+                };
+
                 config_output.http.routers[maintenanceRouterName] = {
                     entryPoints: [
                         resource.ssl ? entrypointHttps : entrypointHttp
                     ],
                     service: maintenanceServiceName,
-                    middlewares: [rewriteMiddlewareName],
+                    middlewares: [
+                        rewriteMiddlewareName,
+                        maintenanceHeadersMiddlewareName
+                    ],
                     rule: rule,
                     priority: 2000,
                     ...(resource.ssl ? { tls } : {})
@@ -691,6 +702,7 @@ export async function getTraefikConfig(
                             resource.ssl ? entrypointHttps : entrypointHttp
                         ],
                         service: maintenanceServiceName,
+                        middlewares: [maintenanceHeadersMiddlewareName],
                         rule: `${rule} && (PathPrefix(\`/_next\`) || PathRegexp(\`^/__nextjs*\`) || Path(\`/favicon.ico\`)) `,
                         priority: 2001,
                         ...(resource.ssl ? { tls } : {})
@@ -1027,7 +1039,7 @@ export async function getTraefikConfig(
         }
     }
 
-    if (allowBrowserGatewayResources) {
+    if (browserGatewayUiUrl) {
         // Generate Traefik config for browser gateway resources
         const browserGatewayPort = 39999;
         for (const [, bgResource] of browserGatewayResourcesMap.entries()) {
@@ -1119,20 +1131,17 @@ export async function getTraefikConfig(
                 }
             }
 
-            if (showBgMaintenancePage && allowMaintenancePage) {
+            if (showBgMaintenancePage && maintenancePageUiUrl) {
                 const bgMaintenanceServiceName = `bg-r${bgResource.resourceId}-maintenance-service`;
                 const bgMaintenanceRouterName = `bg-r${bgResource.resourceId}-maintenance-router`;
                 const bgRewriteMiddlewareName = `bg-r${bgResource.resourceId}-maintenance-rewrite`;
+                const bgMaintenanceHeadersMiddlewareName = `bg-r${bgResource.resourceId}-maintenance-headers`;
 
                 const entrypointHttp =
                     config.getRawConfig().traefik.http_entrypoint;
                 const entrypointHttps =
                     config.getRawConfig().traefik.https_entrypoint;
 
-                const maintenancePort = config.getRawConfig().server.next_port;
-                const maintenanceHost =
-                    config.getRawConfig().server.internal_hostname;
-
                 if (!config_output.http.services)
                     config_output.http.services = {};
                 if (!config_output.http.middlewares)
@@ -1144,7 +1153,7 @@ export async function getTraefikConfig(
                     loadBalancer: {
                         servers: [
                             {
-                                url: `http://${maintenanceHost}:${maintenancePort}`
+                                url: maintenancePageUiUrl
                             }
                         ],
                         passHostHeader: true
@@ -1158,12 +1167,26 @@ export async function getTraefikConfig(
                     }
                 };
 
+                config_output.http.middlewares![
+                    bgMaintenanceHeadersMiddlewareName
+                ] = {
+                    headers: {
+                        customRequestHeaders: {
+                            Host: "app.pangolin.net", // if we are sending to the cloud the host needs to be this but we will pull the p-host to find the resource
+                            "p-host": fullDomain
+                        }
+                    }
+                };
+
                 config_output.http.routers![bgMaintenanceRouterName] = {
                     entryPoints: [
                         bgResource.ssl ? entrypointHttps : entrypointHttp
                     ],
                     service: bgMaintenanceServiceName,
-                    middlewares: [bgRewriteMiddlewareName],
+                    middlewares: [
+                        bgRewriteMiddlewareName,
+                        bgMaintenanceHeadersMiddlewareName
+                    ],
                     rule: hostRule,
                     priority: 2000,
                     ...(bgResource.ssl ? { tls } : {})
@@ -1176,6 +1199,7 @@ export async function getTraefikConfig(
                         bgResource.ssl ? entrypointHttps : entrypointHttp
                     ],
                     service: bgMaintenanceServiceName,
+                    middlewares: [bgMaintenanceHeadersMiddlewareName],
                     rule: `${hostRule} && (PathPrefix(\`/_next\`) || PathRegexp(\`^/__nextjs*\`) || Path(\`/favicon.ico\`))`,
                     priority: 2001,
                     ...(bgResource.ssl ? { tls } : {})
@@ -1234,9 +1258,8 @@ export async function getTraefikConfig(
             // The primary type is used for the path rewrite (e.g. /rdp), mirroring
             // how the maintenance page rewrites everything to /maintenance-screen.
             const primaryType = typeMap.keys().next().value as string;
-            const internalHost = config.getRawConfig().server.internal_hostname;
-            const internalPort = config.getRawConfig().server.next_port;
             const uiRewriteMiddlewareName = `bg-r${bgResource.resourceId}-ui-rewrite`;
+            const uiHeadersMiddlewareName = `bg-r${bgResource.resourceId}-ui-headers`;
             const entrypoint = bgResource.ssl
                 ? config.getRawConfig().traefik.https_entrypoint
                 : config.getRawConfig().traefik.http_entrypoint;
@@ -1252,22 +1275,33 @@ export async function getTraefikConfig(
                 }
             };
 
+            config_output.http.middlewares![uiHeadersMiddlewareName] = {
+                headers: {
+                    customRequestHeaders: {
+                        Host: "app.pangolin.net", // if we are sending to the cloud the host needs to be this but we will pull the p-host to find the resource
+                        "p-host": fullDomain
+                    }
+                }
+            };
+
             config_output.http.services![bgUiServiceName] = {
                 loadBalancer: {
                     servers: [
                         {
-                            url: `http://${internalHost}:${internalPort}`
+                            url: browserGatewayUiUrl
                         }
                     ]
                 }
             };
 
-            // Assets router at higher priority so /_next files load without rewrite
+            // Assets router at higher priority so /_next files load without rewrite.
+            // Do NOT apply the path-rewrite middleware here — static assets must
+            // keep their original path; only the host headers are needed.
             config_output.http.routers![
                 `bg-r${bgResource.resourceId}-assets-router`
             ] = {
                 entryPoints: [entrypoint],
-                middlewares: routerMiddlewares,
+                middlewares: [...routerMiddlewares, uiHeadersMiddlewareName],
                 service: bgUiServiceName,
                 rule: `${hostRule} && (PathPrefix(\`/_next\`) || PathRegexp(\`^/__nextjs*\`) || Path(\`/favicon.ico\`))`,
                 priority: 101,
@@ -1279,7 +1313,11 @@ export async function getTraefikConfig(
                 `bg-r${bgResource.resourceId}-ui-router`
             ] = {
                 entryPoints: [entrypoint],
-                middlewares: [...routerMiddlewares, uiRewriteMiddlewareName],
+                middlewares: [
+                    ...routerMiddlewares,
+                    uiRewriteMiddlewareName,
+                    uiHeadersMiddlewareName
+                ],
                 service: bgUiServiceName,
                 rule: hostRule,
                 priority: 100,
@@ -1312,10 +1350,6 @@ export async function getTraefikConfig(
             const siteResourceRouterName = `${srKey}-router`;
             const siteResourceRewriteMiddlewareName = `${srKey}-rewrite`;
 
-            const maintenancePort = config.getRawConfig().server.next_port;
-            const maintenanceHost =
-                config.getRawConfig().server.internal_hostname;
-
             if (!config_output.http.routers) {
                 config_output.http.routers = {};
             }
@@ -1331,7 +1365,7 @@ export async function getTraefikConfig(
                 loadBalancer: {
                     servers: [
                         {
-                            url: `http://${maintenanceHost}:${maintenancePort}`
+                            url: maintenancePageUiUrl
                         }
                     ],
                     passHostHeader: true

server/private/routers/hybrid.ts

@@ -277,6 +277,8 @@ hybridRouter.get(
             );
         }
 
+        const pangolinUIUrl = config.getRawConfig().app.dashboard_url; // points to the dashboard to serve from there
+
         try {
             const traefikConfig = await getTraefikConfig(
                 remoteExitNode.exitNodeId,
@@ -284,8 +286,8 @@ hybridRouter.get(
                 true, // But don't allow domain namespace resources
                 false, // Dont include login pages,
                 true, // allow raw resources
-                false, // dont generate maintenance page
+                pangolinUIUrl, // dont generate maintenance page
-                false // dont generate browser gateway targets
+                pangolinUIUrl // generate browser gateway targets
             );
 
             return response(res, {

server/routers/newt/handleNewtGetConfigMessage.ts

@@ -54,7 +54,7 @@ export const handleNewtGetConfigMessage: MessageHandler = async (context) => {
         // TODO: somehow we should make sure a recent hole punch has happened if this occurs (hole punch could be from the last restart if done quickly)
     }
 
-    if (existingSite.lastHolePunch && now - existingSite.lastHolePunch > 5) {
+    if (existingSite.lastHolePunch && now - existingSite.lastHolePunch > 12) {
         logger.warn(
             `Site last hole punch is too old; skipping this register. The site is failing to hole punch and identify its network address with the server. Can the site reach the server on UDP port ${config.getRawConfig().gerbil.clients_start_port}?`
         );

server/routers/olm/handleOlmRegisterMessage.ts

@@ -348,7 +348,7 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => {
     // this prevents us from accepting a register from an olm that has not hole punched yet.
     // the olm will pump the register so we can keep checking
     // TODO: I still think there is a better way to do this rather than locking it out here but ???
-    if (now - (client.lastHolePunch || 0) > 5 && sitesCount > 0) {
+    if (now - (client.lastHolePunch || 0) > 12 && sitesCount > 0) {
         logger.warn(
             `[handleOlmRegisterMessage] Client last hole punch is too old and we have sites to send; skipping this register. The client is failing to hole punch and identify its network address with the server. Can the client reach the server on UDP port ${config.getRawConfig().gerbil.clients_start_port}?`,
             { orgId: client.orgId, clientId: client.clientId }

server/routers/resource/createResourceRule.ts

@@ -154,12 +154,8 @@ export async function createResourceRule(
         }
 
         // Create the new resource rule
-        const isInlinePolicy =
+        if (resource.resourcePolicyId !== null) {
-            resource.resourcePolicyId === null &&
+            const policyId = resource.resourcePolicyId;
-            resource.defaultResourcePolicyId !== null;
-
-        if (isInlinePolicy) {
-            const policyId = resource.defaultResourcePolicyId!;
             const [newRule] = await db
                 .insert(resourcePolicyRules)
                 .values({

server/routers/resource/deleteResourceRule.ts

@@ -2,7 +2,7 @@ import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
 import { db } from "@server/db";
 import { resourceRules, resourcePolicyRules, resources } from "@server/db";
-import { eq } from "drizzle-orm";
+import { and, eq } from "drizzle-orm";
 import response from "@server/lib/response";
 import HttpCode from "@server/types/HttpCode";
 import createHttpError from "http-errors";
@@ -73,14 +73,18 @@ export async function deleteResourceRule(
             );
         }
 
-        const isInlinePolicy =
+        if (resource.resourcePolicyId !== null) {
-            resource.resourcePolicyId === null &&
-            resource.defaultResourcePolicyId !== null;
-
-        if (isInlinePolicy) {
             const [deletedRule] = await db
                 .delete(resourcePolicyRules)
-                .where(eq(resourcePolicyRules.ruleId, ruleId))
+                .where(
+                    and(
+                        eq(resourcePolicyRules.ruleId, ruleId),
+                        eq(
+                            resourcePolicyRules.resourcePolicyId,
+                            resource.resourcePolicyId
+                        )
+                    )
+                )
                 .returning();
 
             if (!deletedRule) {

server/routers/resource/getResource.ts

@@ -141,16 +141,10 @@ export async function getResource(
             );
         }
 
-        const isInlinePolicy =
-            resource.resourcePolicyId === null &&
-            resource.defaultResourcePolicyId !== null;
-
         let returnData = resource;
-        if (isInlinePolicy) {
+        if (resource.resourcePolicyId !== null) {
             // get the policy
-            const policy = await queryInlinePolicy(
+            const policy = await queryInlinePolicy(resource.resourcePolicyId);
-                resource.defaultResourcePolicyId!
-            );
             returnData = {
                 ...returnData,
                 sso: policy?.sso || null,

server/routers/resource/listResourceRules.ts

@@ -140,15 +140,11 @@ export async function listResourceRules(
             );
         }
 
-        const isInlinePolicy =
-            resource.resourcePolicyId === null &&
-            resource.defaultResourcePolicyId !== null;
-
         let rulesList: Awaited<ReturnType<typeof queryResourceRules>>;
         let totalCount: number;
 
-        if (isInlinePolicy) {
+        if (resource.resourcePolicyId !== null) {
-            const policyId = resource.defaultResourcePolicyId!;
+            const policyId = resource.resourcePolicyId;
             const policyRules = await queryPolicyRules(policyId)
                 .limit(limit)
                 .offset(offset);

server/routers/resource/updateResourceRule.ts

@@ -1,8 +1,8 @@
 import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
 import { db } from "@server/db";
-import { resourceRules, resources } from "@server/db";
+import { resourcePolicyRules, resourceRules, resources } from "@server/db";
-import { eq } from "drizzle-orm";
+import { and, eq } from "drizzle-orm";
 import response from "@server/lib/response";
 import HttpCode from "@server/types/HttpCode";
 import createHttpError from "http-errors";
@@ -37,6 +37,29 @@ const updateResourceRuleSchema = z
         error: "At least one field must be provided for update"
     });
 
+function getRuleValueValidationError(
+    match: "CIDR" | "IP" | "PATH" | "COUNTRY" | "ASN" | "REGION",
+    value: string
+): string | null {
+    if (match === "CIDR" && !isValidCIDR(value)) {
+        return "Invalid CIDR provided";
+    }
+
+    if (match === "IP" && !isValidIP(value)) {
+        return "Invalid IP provided";
+    }
+
+    if (match === "PATH" && !isValidUrlGlobPattern(value)) {
+        return "Invalid URL glob pattern provided";
+    }
+
+    if (match === "REGION" && !isValidRegionId(value)) {
+        return "Invalid region ID provided";
+    }
+
+    return null;
+}
+
 registry.registerPath({
     method: "post",
     path: "/resource/{resourceId}/rule/{ruleId}",
@@ -128,6 +151,68 @@ export async function updateResourceRule(
             );
         }
 
+        if (resource.resourcePolicyId !== null) {
+            const [existingRule] = await db
+                .select()
+                .from(resourcePolicyRules)
+                .where(
+                    and(
+                        eq(resourcePolicyRules.ruleId, ruleId),
+                        eq(
+                            resourcePolicyRules.resourcePolicyId,
+                            resource.resourcePolicyId
+                        )
+                    )
+                )
+                .limit(1);
+
+            if (!existingRule) {
+                return next(
+                    createHttpError(
+                        HttpCode.NOT_FOUND,
+                        `Resource rule with ID ${ruleId} not found`
+                    )
+                );
+            }
+
+            const match = updateData.match || existingRule.match;
+            const { value } = updateData;
+
+            if (value !== undefined) {
+                const validationError = getRuleValueValidationError(
+                    match,
+                    value
+                );
+                if (validationError) {
+                    return next(
+                        createHttpError(HttpCode.BAD_REQUEST, validationError)
+                    );
+                }
+            }
+
+            const [updatedRule] = await db
+                .update(resourcePolicyRules)
+                .set(updateData)
+                .where(
+                    and(
+                        eq(resourcePolicyRules.ruleId, ruleId),
+                        eq(
+                            resourcePolicyRules.resourcePolicyId,
+                            resource.resourcePolicyId
+                        )
+                    )
+                )
+                .returning();
+
+            return response(res, {
+                data: updatedRule,
+                success: true,
+                error: false,
+                message: "Resource rule updated successfully",
+                status: HttpCode.OK
+            });
+        }
+
         // Verify that the rule exists and belongs to the specified resource
         const [existingRule] = await db
             .select()
@@ -157,43 +242,12 @@ export async function updateResourceRule(
         const { value } = updateData;
 
         if (value !== undefined) {
-            if (match === "CIDR") {
+            const validationError = getRuleValueValidationError(match, value);
-                if (!isValidCIDR(value)) {
+            if (validationError) {
                 return next(
-                        createHttpError(
+                    createHttpError(HttpCode.BAD_REQUEST, validationError)
-                            HttpCode.BAD_REQUEST,
-                            "Invalid CIDR provided"
-                        )
                 );
             }
-            } else if (match === "IP") {
-                if (!isValidIP(value)) {
-                    return next(
-                        createHttpError(
-                            HttpCode.BAD_REQUEST,
-                            "Invalid IP provided"
-                        )
-                    );
-                }
-            } else if (match === "PATH") {
-                if (!isValidUrlGlobPattern(value)) {
-                    return next(
-                        createHttpError(
-                            HttpCode.BAD_REQUEST,
-                            "Invalid URL glob pattern provided"
-                        )
-                    );
-                }
-            } else if (match === "REGION") {
-                if (!isValidRegionId(value)) {
-                    return next(
-                        createHttpError(
-                            HttpCode.BAD_REQUEST,
-                            "Invalid region ID provided"
-                        )
-                    );
-                }
-            }
         }
 
         // Update the rule

server/routers/serverInfo/getServerInfo.ts

@@ -3,7 +3,6 @@ import HttpCode from "@server/types/HttpCode";
 import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { response as sendResponse } from "@server/lib/response";
-import config from "@server/lib/config";
 import { build } from "@server/build";
 import { APP_VERSION } from "@server/lib/consts";
 import license from "#dynamic/license/license";
@@ -22,9 +21,6 @@ export async function getServerInfo(
     next: NextFunction
 ): Promise<any> {
     try {
-        const supporterData = config.getSupporterData();
-        const supporterStatusValid = supporterData?.valid || false;
-
         let enterpriseLicenseValid = false;
         let enterpriseLicenseType: string | null = null;
 
@@ -41,7 +37,7 @@ export async function getServerInfo(
         return sendResponse<GetServerInfoResponse>(res, {
             data: {
                 version: APP_VERSION,
-                supporterStatusValid,
+                supporterStatusValid: true,
                 build,
                 enterpriseLicenseValid,
                 enterpriseLicenseType

server/routers/traefik/traefikConfigProvider.ts

@@ -17,13 +17,18 @@ export async function traefikConfigProvider(
         // Get the current exit node name from config
         const currentExitNodeId = await getCurrentExitNodeId();
 
+        const maintenancePort = config.getRawConfig().server.next_port;
+        const maintenanceHost = config.getRawConfig().server.internal_hostname;
+        const pangolinUIUrl = `http://${maintenanceHost}:${maintenancePort}`;
+
         const traefikConfig = await getTraefikConfig(
             currentExitNodeId,
             config.getRawConfig().traefik.site_types,
             build == "oss", // filter out the namespace domains in open source
             build != "oss", // generate the login pages on the cloud and and enterprise,
             config.getRawConfig().traefik.allow_raw_resources,
-            build != "oss" // generate browser gateway resources on cloud and enterprise
+            pangolinUIUrl,
+            pangolinUIUrl
         );
 
         if (traefikConfig?.http?.middlewares) {

src/app/admin/license/page.tsx

@@ -42,7 +42,14 @@ import {
     SettingsSectionFooter
 } from "@app/components/Settings";
 import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
-import { ArrowRight, Check, ExternalLink, Heart, InfoIcon, TicketCheck } from "lucide-react";
+import {
+    ArrowRight,
+    Check,
+    ExternalLink,
+    Heart,
+    InfoIcon,
+    TicketCheck
+} from "lucide-react";
 import Link from "next/link";
 import DismissableBanner from "@app/components/DismissableBanner";
 import CopyTextBox from "@app/components/CopyTextBox";
@@ -50,7 +57,7 @@ import ConfirmDeleteDialog from "@app/components/ConfirmDeleteDialog";
 import { SitePriceCalculator } from "@app/components/SitePriceCalculator";
 import { Checkbox } from "@app/components/ui/checkbox";
 import { Alert, AlertDescription, AlertTitle } from "@app/components/ui/alert";
-import { useSupporterStatusContext } from "@app/hooks/useSupporterStatusContext";
+// import { useSupporterStatusContext } from "@app/hooks/useSupporterStatusContext";
 import { useTranslations } from "next-intl";
 
 const ENTERPRISE_DOCS_URL =
@@ -82,7 +89,7 @@ export default function LicensePage() {
     const [isActivatingLicense, setIsActivatingLicense] = useState(false);
     const [isDeletingLicense, setIsDeletingLicense] = useState(false);
     const [isRecheckingLicense, setIsRecheckingLicense] = useState(false);
-    const { supporterStatus } = useSupporterStatusContext();
+    // const { supporterStatus } = useSupporterStatusContext();
 
     const t = useTranslations();
 
@@ -347,9 +354,7 @@ export default function LicensePage() {
                     storageKey="license-banner-dismissed"
                     version={1}
                     title={t("licenseBannerTitle")}
-                    titleIcon={
+                    titleIcon={<TicketCheck className="w-5 h-5 text-primary" />}
-                        <TicketCheck className="w-5 h-5 text-primary" />
-                    }
                     description={t("licenseBannerDescription")}
                 >
                     <Link

src/app/layout.tsx

@@ -68,15 +68,15 @@ export default async function RootLayout({
     const env = pullEnv();
     const locale = await getLocale();
 
-    const supporterData = {
+    // const supporterData = {
-        visible: true
+    //     visible: true
-    } as any;
+    // } as any;
 
-    const res = await priv.get<AxiosResponse<IsSupporterKeyVisibleResponse>>(
+    // const res = await priv.get<AxiosResponse<IsSupporterKeyVisibleResponse>>(
-        "supporter-key/visible"
+    //     "supporter-key/visible"
-    );
+    // );
-    supporterData.visible = res.data.data.visible;
+    // supporterData.visible = res.data.data.visible;
-    supporterData.tier = res.data.data.tier;
+    // supporterData.tier = res.data.data.tier;
 
     let licenseStatus: GetLicenseStatusResponse;
     if (build === "enterprise") {
@@ -127,9 +127,9 @@ export default async function RootLayout({
                                     <LicenseStatusProvider
                                         licenseStatus={licenseStatus}
                                     >
-                                        <SupportStatusProvider
+                                        {/* <SupportStatusProvider
                                             supporterStatus={supporterData}
-                                        >
+                                        > */}
                                         {/* Main content */}
                                         <div className="h-full flex flex-col">
                                             <div className="flex-1 overflow-auto">
@@ -140,7 +140,7 @@ export default async function RootLayout({
                                                 <LicenseViolation />
                                             </div>
                                         </div>
-                                        </SupportStatusProvider>
+                                        {/* </SupportStatusProvider> */}
                                     </LicenseStatusProvider>
                                     <Toaster />
                                 </TanstackQueryProvider>

src/app/maintenance-screen/page.tsx

@@ -28,7 +28,7 @@ export default async function MaintenanceScreen() {
 
     try {
         const headersList = await headers();
-        const host = headersList.get("host") || "";
+        const host = headersList.get("p-host") || headersList.get("host") || "";
         const hostname = host.split(":")[0];
 
         const res = await priv.get<AxiosResponse<GetMaintenanceInfoResponse>>(

src/components/AuthPageFooterNotices.tsx

@@ -1,24 +1,24 @@
 "use client";
 
-import { useSupporterStatusContext } from "@app/hooks/useSupporterStatusContext";
+// import { useSupporterStatusContext } from "@app/hooks/useSupporterStatusContext";
 import { useLicenseStatusContext } from "@app/hooks/useLicenseStatusContext";
 import { useTranslations } from "next-intl";
 import { build } from "@server/build";
 
 export default function AuthPageFooterNotices() {
     const t = useTranslations();
-    const { supporterStatus } = useSupporterStatusContext();
+    // const { supporterStatus } = useSupporterStatusContext();
     const { isUnlocked, licenseStatus } = useLicenseStatusContext();
 
     return (
         <>
-            {supporterStatus?.visible && (
+            {/* {supporterStatus?.visible && (
                 <div className="text-center mt-2">
                     <span className="text-sm text-muted-foreground opacity-50">
                         {t("noSupportKey")}
                     </span>
                 </div>
-            )}
+            )} */}
             {build === "enterprise" && !isUnlocked() ? (
                 <div className="text-center mt-2">
                     <span className="text-sm font-medium text-muted-foreground">

src/components/SupporterMessage.tsx

@@ -9,33 +9,34 @@ export default function SupporterMessage({ tier }: { tier: string }) {
     const t = useTranslations();
 
     return (
-        <div className="relative flex items-center space-x-2 whitespace-nowrap group">
+        <></>
-            <span
+        // <div className="relative flex items-center space-x-2 whitespace-nowrap group">
-                className="cursor-pointer"
+        //     <span
-                onClick={(e) => {
+        //         className="cursor-pointer"
-                    // Get the bounding box of the element
+        //         onClick={(e) => {
-                    const rect = (
+        //             // Get the bounding box of the element
-                        e.target as HTMLElement
+        //             const rect = (
-                    ).getBoundingClientRect();
+        //                 e.target as HTMLElement
+        //             ).getBoundingClientRect();
 
-                    // Trigger confetti centered on the word "Pangolin"
+        //             // Trigger confetti centered on the word "Pangolin"
-                    confetti({
+        //             confetti({
-                        particleCount: 100,
+        //                 particleCount: 100,
-                        spread: 70,
+        //                 spread: 70,
-                        origin: {
+        //                 origin: {
-                            x: (rect.left + rect.width / 2) / window.innerWidth,
+        //                     x: (rect.left + rect.width / 2) / window.innerWidth,
-                            y: rect.top / window.innerHeight
+        //                     y: rect.top / window.innerHeight
-                        },
+        //                 },
-                        colors: ["#FFA500", "#FF4500", "#FFD700"]
+        //                 colors: ["#FFA500", "#FF4500", "#FFD700"]
-                    });
+        //             });
-                }}
+        //         }}
-            >
+        //     >
-                Pangolin
+        //         Pangolin
-            </span>
+        //     </span>
-            <Star className="w-3 h-3" />
+        //     <Star className="w-3 h-3" />
-            <div className="absolute left-1/2 transform -translate-x-1/2 -top-10 hidden group-hover:block  text-primary text-sm rounded-md border shadow-md px-4 py-2 pointer-events-none opacity-0 group-hover:opacity-100 transition-opacity">
+        //     <div className="absolute left-1/2 transform -translate-x-1/2 -top-10 hidden group-hover:block  text-primary text-sm rounded-md border shadow-md px-4 py-2 pointer-events-none opacity-0 group-hover:opacity-100 transition-opacity">
-                {t("componentsSupporterMessage", { tier: tier })}
+        //         {t("componentsSupporterMessage", { tier: tier })}
-            </div>
+        //     </div>
-        </div>
+        // </div>
     );
 }

src/components/SupporterStatus.tsx

@@ -3,7 +3,7 @@
 // THIS IS DEPRECATED AND IS NO LONGER SHOWED TO THE USER WITH THE DISCONTINUATION
 // OF THE SUPPORTER PROGRAM. IT MAY BE REMOVED IN A FUTURE UPDATE.
 
-import { useSupporterStatusContext } from "@app/hooks/useSupporterStatusContext";
+// import { useSupporterStatusContext } from "@app/hooks/useSupporterStatusContext";
 import { useState, useTransition } from "react";
 import {
     Tooltip,
@@ -58,134 +58,134 @@ interface SupporterStatusProps {
 export default function SupporterStatus({
     isCollapsed = false
 }: SupporterStatusProps) {
-    const { supporterStatus, updateSupporterStatus } =
+    // const { supporterStatus, updateSupporterStatus } =
-        useSupporterStatusContext();
+    //     useSupporterStatusContext();
-    const [supportOpen, setSupportOpen] = useState(false);
+    // const [supportOpen, setSupportOpen] = useState(false);
-    const [keyOpen, setKeyOpen] = useState(false);
+    // const [keyOpen, setKeyOpen] = useState(false);
-    const [purchaseOptionsOpen, setPurchaseOptionsOpen] = useState(false);
+    // const [purchaseOptionsOpen, setPurchaseOptionsOpen] = useState(false);
 
-    const { env } = useEnvContext();
+    // const { env } = useEnvContext();
-    const api = createApiClient({ env });
+    // const api = createApiClient({ env });
-    const t = useTranslations();
+    // const t = useTranslations();
 
-    const formSchema = z.object({
+    // const formSchema = z.object({
-        githubUsername: z.string().nonempty({
+    //     githubUsername: z.string().nonempty({
-            error: "GitHub username is required"
+    //         error: "GitHub username is required"
-        }),
+    //     }),
-        key: z.string().nonempty({
+    //     key: z.string().nonempty({
-            error: "Supporter key is required"
+    //         error: "Supporter key is required"
-        })
+    //     })
-    });
+    // });
 
-    const form = useForm({
+    // const form = useForm({
-        resolver: zodResolver(formSchema),
+    //     resolver: zodResolver(formSchema),
-        defaultValues: {
+    //     defaultValues: {
-            githubUsername: "",
+    //         githubUsername: "",
-            key: ""
+    //         key: ""
-        }
+    //     }
-    });
+    // });
 
-    async function hide() {
+    // async function hide() {
-        await api.post("/supporter-key/hide");
+    //     await api.post("/supporter-key/hide");
 
-        updateSupporterStatus({
+    //     updateSupporterStatus({
-            visible: false
+    //         visible: false
-        });
+    //     });
-    }
+    // }
 
-    async function onSubmit(values: z.infer<typeof formSchema>) {
+    // async function onSubmit(values: z.infer<typeof formSchema>) {
-        try {
+    //     try {
-            const res = await api.post<
+    //         const res = await api.post<
-                AxiosResponse<ValidateSupporterKeyResponse>
+    //             AxiosResponse<ValidateSupporterKeyResponse>
-            >("/supporter-key/validate", {
+    //         >("/supporter-key/validate", {
-                githubUsername: values.githubUsername,
+    //             githubUsername: values.githubUsername,
-                key: values.key
+    //             key: values.key
-            });
+    //         });
 
-            const data = res.data.data;
+    //         const data = res.data.data;
 
-            if (!data || !data.valid) {
+    //         if (!data || !data.valid) {
-                toast({
+    //             toast({
-                    variant: "destructive",
+    //                 variant: "destructive",
-                    title: t("supportKeyInvalid"),
+    //                 title: t("supportKeyInvalid"),
-                    description: t("supportKeyInvalidDescription")
+    //                 description: t("supportKeyInvalidDescription")
-                });
+    //             });
-                return;
+    //             return;
-            }
+    //         }
 
-            // Trigger the toast
+    //         // Trigger the toast
-            toast({
+    //         toast({
-                variant: "default",
+    //             variant: "default",
-                title: t("supportKeyValid"),
+    //             title: t("supportKeyValid"),
-                description: t("supportKeyValidDescription")
+    //             description: t("supportKeyValidDescription")
-            });
+    //         });
 
-            // Fireworks-style confetti
+    //         // Fireworks-style confetti
-            const duration = 5 * 1000; // 5 seconds
+    //         const duration = 5 * 1000; // 5 seconds
-            const animationEnd = Date.now() + duration;
+    //         const animationEnd = Date.now() + duration;
-            const defaults = {
+    //         const defaults = {
-                startVelocity: 30,
+    //             startVelocity: 30,
-                spread: 360,
+    //             spread: 360,
-                ticks: 60,
+    //             ticks: 60,
-                zIndex: 0,
+    //             zIndex: 0,
-                colors: ["#FFA500", "#FF4500", "#FFD700"] // Orange hues
+    //             colors: ["#FFA500", "#FF4500", "#FFD700"] // Orange hues
-            };
+    //         };
 
-            function randomInRange(min: number, max: number) {
+    //         function randomInRange(min: number, max: number) {
-                return Math.random() * (max - min) + min;
+    //             return Math.random() * (max - min) + min;
-            }
+    //         }
 
-            const interval = setInterval(() => {
+    //         const interval = setInterval(() => {
-                const timeLeft = animationEnd - Date.now();
+    //             const timeLeft = animationEnd - Date.now();
 
-                if (timeLeft <= 0) {
+    //             if (timeLeft <= 0) {
-                    clearInterval(interval);
+    //                 clearInterval(interval);
-                    return;
+    //                 return;
-                }
+    //             }
 
-                const particleCount = 50 * (timeLeft / duration);
+    //             const particleCount = 50 * (timeLeft / duration);
 
-                // Launch confetti from two random horizontal positions
+    //             // Launch confetti from two random horizontal positions
-                confetti({
+    //             confetti({
-                    ...defaults,
+    //                 ...defaults,
-                    particleCount,
+    //                 particleCount,
-                    origin: {
+    //                 origin: {
-                        x: randomInRange(0.1, 0.3),
+    //                     x: randomInRange(0.1, 0.3),
-                        y: Math.random() - 0.2
+    //                     y: Math.random() - 0.2
-                    }
+    //                 }
-                });
+    //             });
-                confetti({
+    //             confetti({
-                    ...defaults,
+    //                 ...defaults,
-                    particleCount,
+    //                 particleCount,
-                    origin: {
+    //                 origin: {
-                        x: randomInRange(0.7, 0.9),
+    //                     x: randomInRange(0.7, 0.9),
-                        y: Math.random() - 0.2
+    //                     y: Math.random() - 0.2
-                    }
+    //                 }
-                });
+    //             });
-            }, 250);
+    //         }, 250);
 
-            setPurchaseOptionsOpen(false);
+    //         setPurchaseOptionsOpen(false);
-            setKeyOpen(false);
+    //         setKeyOpen(false);
 
-            updateSupporterStatus({
+    //         updateSupporterStatus({
-                visible: false
+    //             visible: false
-            });
+    //         });
-        } catch (error) {
+    //     } catch (error) {
-            toast({
+    //         toast({
-                variant: "destructive",
+    //             variant: "destructive",
-                title: t("error"),
+    //             title: t("error"),
-                description: formatAxiosError(
+    //             description: formatAxiosError(
-                    error,
+    //                 error,
-                    t("supportKeyErrorValidationDescription")
+    //                 t("supportKeyErrorValidationDescription")
-                )
+    //             )
-            });
+    //         });
-            return;
+    //         return;
-        }
+    //     }
-    }
+    // }
 
     return (
         <>
-            <Credenza
+            {/* <Credenza
                 open={purchaseOptionsOpen}
                 onOpenChange={(val) => {
                     setPurchaseOptionsOpen(val);
@@ -469,7 +469,7 @@ export default function SupporterStatus({
                         {t("supportKeyBuy")}
                     </Button>
                 )
-            ) : null}
+            ) : null} */}
         </>
     );
 }

src/lib/getBrowserTargetForRequest.ts

@@ -6,7 +6,7 @@ import { cache } from "react";
 
 export const getBrowserTargetForRequest = cache(async () => {
     const headersList = await headers();
-    const host = headersList.get("host") || "";
+    const host = headersList.get("p-host") || headersList.get("host") || "";
     const hostname = host.split(":")[0];
 
     try {