Convert things to regional cache

Show the input validation in the error report
Remove NoNewPrivileges
2026-06-22 07:12:04 +00:00 · 2026-06-21 16:01:46 -04:00 · 2026-06-19 13:02:38 -04:00 · 2026-06-14 15:02:18 -07:00
12 changed files with 32 additions and 94 deletions
--- a/package-lock.json
+++ b/package-lock.json
@@ -80,7 +80,7 @@
                "next-themes": "0.4.6",
                "nextjs-toploader": "3.9.17",
                "node-cache": "5.1.2",
-                "nodemailer": "9.0.1",
+                "nodemailer": "8.0.9",
                "oslo": "1.2.1",
                "pg": "8.21.0",
                "posthog-node": "5.35.6",
@@ -7296,72 +7296,6 @@
                "node": ">=14.0.0"
            }
        },
-        "node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@emnapi/core": {
-            "version": "1.10.0",
-            "dev": true,
-            "inBundle": true,
-            "license": "MIT",
-            "optional": true,
-            "dependencies": {
-                "@emnapi/wasi-threads": "1.2.1",
-                "tslib": "^2.4.0"
-            }
-        },
-        "node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@emnapi/runtime": {
-            "version": "1.10.0",
-            "dev": true,
-            "inBundle": true,
-            "license": "MIT",
-            "optional": true,
-            "dependencies": {
-                "tslib": "^2.4.0"
-            }
-        },
-        "node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@emnapi/wasi-threads": {
-            "version": "1.2.1",
-            "dev": true,
-            "inBundle": true,
-            "license": "MIT",
-            "optional": true,
-            "dependencies": {
-                "tslib": "^2.4.0"
-            }
-        },
-        "node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@napi-rs/wasm-runtime": {
-            "version": "1.1.4",
-            "dev": true,
-            "inBundle": true,
-            "license": "MIT",
-            "optional": true,
-            "dependencies": {
-                "@tybys/wasm-util": "^0.10.1"
-            },
-            "funding": {
-                "type": "github",
-                "url": "https://github.com/sponsors/Brooooooklyn"
-            },
-            "peerDependencies": {
-                "@emnapi/core": "^1.7.1",
-                "@emnapi/runtime": "^1.7.1"
-            }
-        },
-        "node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@tybys/wasm-util": {
-            "version": "0.10.1",
-            "dev": true,
-            "inBundle": true,
-            "license": "MIT",
-            "optional": true,
-            "dependencies": {
-                "tslib": "^2.4.0"
-            }
-        },
-        "node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/tslib": {
-            "version": "2.8.1",
-            "dev": true,
-            "inBundle": true,
-            "license": "0BSD",
-            "optional": true
-        },
        "node_modules/@tailwindcss/oxide-win32-arm64-msvc": {
            "version": "4.3.0",
            "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-win32-arm64-msvc/-/oxide-win32-arm64-msvc-4.3.0.tgz",
@@ -14640,9 +14574,9 @@
            "license": "MIT"
        },
        "node_modules/nodemailer": {
-            "version": "9.0.1",
-            "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-9.0.1.tgz",
-            "integrity": "sha512-Gwv8SQewT616ZM/URn0H54b8PWo/Wum7md3EW2aWy1lO27+WZCX+Xyak3J+NlmHUjDh5ME+uesJUDRbR3Ye8Bw==",
+            "version": "8.0.9",
+            "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-8.0.9.tgz",
+            "integrity": "sha512-5ofa7BUN8+C+Hckh5V2GjeeOGRQBx0CJQA6KxrvuZfC8iU4/q7sLn8XrtEEhJkjV6HdyIiQs7Bba6bTao8JhkA==",
            "license": "MIT-0",
            "engines": {
                "node": ">=6.0.0"
--- a/package.json
+++ b/package.json
@@ -103,7 +103,7 @@
        "next-themes": "0.4.6",
        "nextjs-toploader": "3.9.17",
        "node-cache": "5.1.2",
-        "nodemailer": "9.0.1",
+        "nodemailer": "8.0.9",
        "oslo": "1.2.1",
        "pg": "8.21.0",
        "posthog-node": "5.35.6",
--- a/server/lib/billing/usageService.ts
+++ b/server/lib/billing/usageService.ts
@@ -12,7 +12,7 @@ import {
 import { FeatureId, getFeatureMeterId } from "./features";
 import logger from "@server/logger";
 import { build } from "@server/build";
-import cache from "#dynamic/lib/cache";
+import { regionalCache as cache } from "#dynamic/lib/cache";

 export function noop() {
    if (build !== "saas") {
@@ -22,7 +22,6 @@ export function noop() {
 }

 export class UsageService {
-
    constructor() {
        if (noop()) {
            return;
@@ -57,7 +56,10 @@ export class UsageService {
            try {
                let usage;
                if (transaction) {
-                    const orgIdToUse = await this.getBillingOrg(orgId, transaction);
+                    const orgIdToUse = await this.getBillingOrg(
+                        orgId,
+                        transaction
+                    );
                    usage = await this.internalAddUsage(
                        orgIdToUse,
                        featureId,
--- a/server/lib/blueprints/applyBlueprint.ts
+++ b/server/lib/blueprints/applyBlueprint.ts
@@ -48,18 +48,18 @@ export async function applyBlueprint({
    name,
    source = "API"
 }: ApplyBlueprintArgs): Promise<Blueprint> {
-    // Validate the input data
-    const validationResult = ConfigSchema.safeParse(configData);
-    if (!validationResult.success) {
-        throw new Error(fromError(validationResult.error).toString());
-    }
-
-    const config: Config = validationResult.data;
    let blueprintSucceeded: boolean = false;
-    let blueprintMessage: string;
+    let blueprintMessage = "";
    let error: any | null = null;

    try {
+        const validationResult = ConfigSchema.safeParse(configData);
+        if (!validationResult.success) {
+            throw new Error(fromError(validationResult.error).toString());
+        }
+
+        const config: Config = validationResult.data;
+
        let proxyResourcesResults: PublicResourcesResults = [];
        let clientResourcesResults: ClientResourcesResults = [];
        await db.transaction(async (trx) => {
--- a/server/private/lib/certificates.ts
+++ b/server/private/lib/certificates.ts
@@ -17,7 +17,7 @@ import { certificates, db } from "@server/db";
 import { and, eq, isNotNull, or, inArray, sql } from "drizzle-orm";
 import { decrypt } from "@server/lib/crypto";
 import logger from "@server/logger";
-import cache from "#private/lib/cache";
+import { regionalCache as cache } from "#private/lib/cache";
 import { build } from "@server/build";

 // Define the return type for clarity and type safety
--- a/server/private/routers/remoteExitNode/listRemoteExitNodes.ts
+++ b/server/private/routers/remoteExitNode/listRemoteExitNodes.ts
@@ -22,7 +22,7 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { ListRemoteExitNodesResponse } from "@server/routers/remoteExitNode/types";
-import cache from "#private/lib/cache";
+import { regionalCache as cache } from "#private/lib/cache";
 import semver from "semver";

 let stalePangolinNodeVersion: string | null = null;
--- a/server/routers/newt/getNewtVersion.ts
+++ b/server/routers/newt/getNewtVersion.ts
@@ -10,7 +10,7 @@ import { verifyPassword } from "@server/auth/password";
 import response from "@server/lib/response";
 import HttpCode from "@server/types/HttpCode";
 import logger from "@server/logger";
-import cache from "#dynamic/lib/cache";
+import { regionalCache as cache } from "#dynamic/lib/cache";
 import config from "@server/lib/config";

 // Stale-while-revalidate in-memory fallback for the releases API.
--- a/server/routers/newt/handleSocketMessages.ts
+++ b/server/routers/newt/handleSocketMessages.ts
@@ -2,7 +2,7 @@ import { MessageHandler } from "@server/routers/ws";
 import logger from "@server/logger";
 import { Newt } from "@server/db";
 import { applyNewtDockerBlueprint } from "@server/lib/blueprints/applyNewtDockerBlueprint";
-import cache from "#dynamic/lib/cache";
+import cache from "#dynamic/lib/cache"; // not using regional here because we dont know where the site is

 export const handleDockerStatusMessage: MessageHandler = async (context) => {
    const { message, client, sendToClient } = context;
--- a/server/routers/olm/handleOlmRegisterMessage.ts
+++ b/server/routers/olm/handleOlmRegisterMessage.ts
@@ -20,7 +20,7 @@ import { handleFingerprintInsertion } from "./fingerprintingUtils";
 import { build } from "@server/build";
 import { canCompress } from "@server/lib/clientVersionChecks";
 import config from "@server/lib/config";
-import cache from "#dynamic/lib/cache";
+import cache from "#dynamic/lib/cache"; // not using regional here because we need this in the register message handler before we know where the client is

 const HOLEPUNCH_STALE_CHAIN_THRESHOLD = 18;
 const HOLEPUNCH_STALE_CHAIN_TTL_SECONDS = 1800;
--- a/server/routers/resource/listUserResourceAliases.ts
+++ b/server/routers/resource/listUserResourceAliases.ts
@@ -15,8 +15,7 @@ import logger from "@server/logger";
 import { z } from "zod";
 import { fromZodError } from "zod-validation-error";
 import type { PaginatedResponse } from "@server/types/Pagination";
-import { OpenAPITags, registry } from "@server/openApi";
-import { localCache } from "#dynamic/lib/cache";
+import { regionalCache as cache } from "#dynamic/lib/cache";

 const USER_RESOURCE_ALIASES_CACHE_TTL_SEC = 60;

@@ -153,7 +152,7 @@ export async function listUserResourceAliases(
            pageSize
        );
        const cachedData: ListUserResourceAliasesResponse | undefined =
-            localCache.get(cacheKey);
+            await cache.get(cacheKey);

        if (cachedData) {
            return response<ListUserResourceAliasesResponse>(res, {
@@ -211,7 +210,11 @@ export async function listUserResourceAliases(
                    page
                }
            };
-            localCache.set(cacheKey, data, USER_RESOURCE_ALIASES_CACHE_TTL_SEC);
+            await cache.set(
+                cacheKey,
+                data,
+                USER_RESOURCE_ALIASES_CACHE_TTL_SEC
+            );
            return response<ListUserResourceAliasesResponse>(res, {
                data,
                success: true,
@@ -256,7 +259,7 @@ export async function listUserResourceAliases(
                page
            }
        };
-        localCache.set(cacheKey, data, USER_RESOURCE_ALIASES_CACHE_TTL_SEC);
+        await cache.set(cacheKey, data, USER_RESOURCE_ALIASES_CACHE_TTL_SEC);

        return response<ListUserResourceAliasesResponse>(res, {
            data,
--- a/server/routers/site/listSites.ts
+++ b/server/routers/site/listSites.ts
@@ -14,7 +14,7 @@ import {
    siteLabels,
    type Label
 } from "@server/db";
-import cache from "#dynamic/lib/cache";
+import { regionalCache as cache } from "#dynamic/lib/cache";
 import response from "@server/lib/response";
 import logger from "@server/logger";
 import { OpenAPITags, registry } from "@server/openApi";
--- a/src/components/newt-install-commands.tsx
+++ b/src/components/newt-install-commands.tsx
@@ -139,7 +139,6 @@ Restart=always
 RestartSec=2
 UMask=0077

-NoNewPrivileges=true
 PrivateTmp=true

 [Install]
Author	SHA1	Message	Date
Owen	bc28290d8e	Convert things to regional cache	2026-06-21 16:01:46 -04:00
Owen	241610579c	Show the input validation in the error report	2026-06-19 13:02:38 -04:00
Owen	f9cc52ece9	Remove NoNewPrivileges Fixes https://github.com/fosrl/newt/issues/383	2026-06-14 15:02:18 -07:00