mirror of
https://github.com/fosrl/pangolin.git
synced 2026-04-13 14:45:59 +00:00
Compare commits
5 Commits
private-si
...
dev
| Author | SHA1 | Date | |
|---|---|---|---|
|
f5d0694574 | ||
|
|
f91da2ec46 | ||
|
|
89471a0174 | ||
|
|
e118e5b047 | ||
|
|
7e4e8ea266 |
@@ -440,6 +440,12 @@ authenticated.get(
|
|||||||
resource.getUserResources
|
resource.getUserResources
|
||||||
);
|
);
|
||||||
|
|
||||||
|
authenticated.get(
|
||||||
|
"/org/:orgId/user-resource-aliases",
|
||||||
|
verifyOrgAccess,
|
||||||
|
resource.listUserResourceAliases
|
||||||
|
);
|
||||||
|
|
||||||
authenticated.get(
|
authenticated.get(
|
||||||
"/org/:orgId/domains",
|
"/org/:orgId/domains",
|
||||||
verifyOrgAccess,
|
verifyOrgAccess,
|
||||||
|
|||||||
@@ -142,6 +142,7 @@ export async function getUserResources(
|
|||||||
let siteResourcesData: Array<{
|
let siteResourcesData: Array<{
|
||||||
siteResourceId: number;
|
siteResourceId: number;
|
||||||
name: string;
|
name: string;
|
||||||
|
niceId: string;
|
||||||
destination: string;
|
destination: string;
|
||||||
mode: string;
|
mode: string;
|
||||||
protocol: string | null;
|
protocol: string | null;
|
||||||
@@ -154,6 +155,7 @@ export async function getUserResources(
|
|||||||
.select({
|
.select({
|
||||||
siteResourceId: siteResources.siteResourceId,
|
siteResourceId: siteResources.siteResourceId,
|
||||||
name: siteResources.name,
|
name: siteResources.name,
|
||||||
|
niceId: siteResources.niceId,
|
||||||
destination: siteResources.destination,
|
destination: siteResources.destination,
|
||||||
mode: siteResources.mode,
|
mode: siteResources.mode,
|
||||||
protocol: siteResources.protocol,
|
protocol: siteResources.protocol,
|
||||||
|
|||||||
@@ -22,6 +22,7 @@ export * from "./deleteResourceRule";
|
|||||||
export * from "./listResourceRules";
|
export * from "./listResourceRules";
|
||||||
export * from "./updateResourceRule";
|
export * from "./updateResourceRule";
|
||||||
export * from "./getUserResources";
|
export * from "./getUserResources";
|
||||||
|
export * from "./listUserResourceAliases";
|
||||||
export * from "./setResourceHeaderAuth";
|
export * from "./setResourceHeaderAuth";
|
||||||
export * from "./addEmailToResourceWhitelist";
|
export * from "./addEmailToResourceWhitelist";
|
||||||
export * from "./removeEmailFromResourceWhitelist";
|
export * from "./removeEmailFromResourceWhitelist";
|
||||||
|
|||||||
@@ -6,6 +6,7 @@ import {
|
|||||||
resourcePincode,
|
resourcePincode,
|
||||||
resources,
|
resources,
|
||||||
roleResources,
|
roleResources,
|
||||||
|
sites,
|
||||||
targetHealthCheck,
|
targetHealthCheck,
|
||||||
targets,
|
targets,
|
||||||
userResources
|
userResources
|
||||||
@@ -138,6 +139,7 @@ export type ResourceWithTargets = {
|
|||||||
port: number;
|
port: number;
|
||||||
enabled: boolean;
|
enabled: boolean;
|
||||||
healthStatus: "healthy" | "unhealthy" | "unknown" | null;
|
healthStatus: "healthy" | "unhealthy" | "unknown" | null;
|
||||||
|
siteName: string | null;
|
||||||
}>;
|
}>;
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -446,14 +448,16 @@ export async function listResources(
|
|||||||
port: targets.port,
|
port: targets.port,
|
||||||
enabled: targets.enabled,
|
enabled: targets.enabled,
|
||||||
healthStatus: targetHealthCheck.hcHealth,
|
healthStatus: targetHealthCheck.hcHealth,
|
||||||
hcEnabled: targetHealthCheck.hcEnabled
|
hcEnabled: targetHealthCheck.hcEnabled,
|
||||||
|
siteName: sites.name
|
||||||
})
|
})
|
||||||
.from(targets)
|
.from(targets)
|
||||||
.where(inArray(targets.resourceId, resourceIdList))
|
.where(inArray(targets.resourceId, resourceIdList))
|
||||||
.leftJoin(
|
.leftJoin(
|
||||||
targetHealthCheck,
|
targetHealthCheck,
|
||||||
eq(targetHealthCheck.targetId, targets.targetId)
|
eq(targetHealthCheck.targetId, targets.targetId)
|
||||||
);
|
)
|
||||||
|
.leftJoin(sites, eq(targets.siteId, sites.siteId));
|
||||||
|
|
||||||
// avoids TS issues with reduce/never[]
|
// avoids TS issues with reduce/never[]
|
||||||
const map = new Map<number, ResourceWithTargets>();
|
const map = new Map<number, ResourceWithTargets>();
|
||||||
|
|||||||
262
server/routers/resource/listUserResourceAliases.ts
Normal file
262
server/routers/resource/listUserResourceAliases.ts
Normal file
@@ -0,0 +1,262 @@
|
|||||||
|
import { Request, Response, NextFunction } from "express";
|
||||||
|
import {
|
||||||
|
db,
|
||||||
|
siteResources,
|
||||||
|
userSiteResources,
|
||||||
|
roleSiteResources,
|
||||||
|
userOrgRoles,
|
||||||
|
userOrgs
|
||||||
|
} from "@server/db";
|
||||||
|
import { and, eq, inArray, asc, isNotNull, ne } from "drizzle-orm";
|
||||||
|
import createHttpError from "http-errors";
|
||||||
|
import HttpCode from "@server/types/HttpCode";
|
||||||
|
import response from "@server/lib/response";
|
||||||
|
import logger from "@server/logger";
|
||||||
|
import { z } from "zod";
|
||||||
|
import { fromZodError } from "zod-validation-error";
|
||||||
|
import type { PaginatedResponse } from "@server/types/Pagination";
|
||||||
|
import { OpenAPITags, registry } from "@server/openApi";
|
||||||
|
import { localCache } from "#dynamic/lib/cache";
|
||||||
|
|
||||||
|
const USER_RESOURCE_ALIASES_CACHE_TTL_SEC = 60;
|
||||||
|
|
||||||
|
function userResourceAliasesCacheKey(
|
||||||
|
orgId: string,
|
||||||
|
userId: string,
|
||||||
|
page: number,
|
||||||
|
pageSize: number
|
||||||
|
) {
|
||||||
|
return `userResourceAliases:${orgId}:${userId}:${page}:${pageSize}`;
|
||||||
|
}
|
||||||
|
|
||||||
|
const listUserResourceAliasesParamsSchema = z.strictObject({
|
||||||
|
orgId: z.string()
|
||||||
|
});
|
||||||
|
|
||||||
|
const listUserResourceAliasesQuerySchema = z.object({
|
||||||
|
pageSize: z.coerce
|
||||||
|
.number<string>()
|
||||||
|
.int()
|
||||||
|
.positive()
|
||||||
|
.optional()
|
||||||
|
.catch(20)
|
||||||
|
.default(20)
|
||||||
|
.openapi({
|
||||||
|
type: "integer",
|
||||||
|
default: 20,
|
||||||
|
description: "Number of items per page"
|
||||||
|
}),
|
||||||
|
page: z.coerce
|
||||||
|
.number<string>()
|
||||||
|
.int()
|
||||||
|
.min(0)
|
||||||
|
.optional()
|
||||||
|
.catch(1)
|
||||||
|
.default(1)
|
||||||
|
.openapi({
|
||||||
|
type: "integer",
|
||||||
|
default: 1,
|
||||||
|
description: "Page number to retrieve"
|
||||||
|
})
|
||||||
|
});
|
||||||
|
|
||||||
|
export type ListUserResourceAliasesResponse = PaginatedResponse<{
|
||||||
|
aliases: string[];
|
||||||
|
}>;
|
||||||
|
|
||||||
|
// registry.registerPath({
|
||||||
|
// method: "get",
|
||||||
|
// path: "/org/{orgId}/user-resource-aliases",
|
||||||
|
// description:
|
||||||
|
// "List private (host-mode) site resource aliases the authenticated user can access in the organization, paginated.",
|
||||||
|
// tags: [OpenAPITags.PrivateResource],
|
||||||
|
// request: {
|
||||||
|
// params: z.object({
|
||||||
|
// orgId: z.string()
|
||||||
|
// }),
|
||||||
|
// query: listUserResourceAliasesQuerySchema
|
||||||
|
// },
|
||||||
|
// responses: {}
|
||||||
|
// });
|
||||||
|
|
||||||
|
export async function listUserResourceAliases(
|
||||||
|
req: Request,
|
||||||
|
res: Response,
|
||||||
|
next: NextFunction
|
||||||
|
): Promise<any> {
|
||||||
|
try {
|
||||||
|
const parsedQuery = listUserResourceAliasesQuerySchema.safeParse(
|
||||||
|
req.query
|
||||||
|
);
|
||||||
|
if (!parsedQuery.success) {
|
||||||
|
return next(
|
||||||
|
createHttpError(
|
||||||
|
HttpCode.BAD_REQUEST,
|
||||||
|
fromZodError(parsedQuery.error)
|
||||||
|
)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
const { page, pageSize } = parsedQuery.data;
|
||||||
|
|
||||||
|
const parsedParams = listUserResourceAliasesParamsSchema.safeParse(
|
||||||
|
req.params
|
||||||
|
);
|
||||||
|
if (!parsedParams.success) {
|
||||||
|
return next(
|
||||||
|
createHttpError(
|
||||||
|
HttpCode.BAD_REQUEST,
|
||||||
|
fromZodError(parsedParams.error)
|
||||||
|
)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
const { orgId } = parsedParams.data;
|
||||||
|
const userId = req.user?.userId;
|
||||||
|
|
||||||
|
if (!userId) {
|
||||||
|
return next(
|
||||||
|
createHttpError(HttpCode.UNAUTHORIZED, "User not authenticated")
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
const [userOrg] = await db
|
||||||
|
.select()
|
||||||
|
.from(userOrgs)
|
||||||
|
.where(and(eq(userOrgs.userId, userId), eq(userOrgs.orgId, orgId)))
|
||||||
|
.limit(1);
|
||||||
|
|
||||||
|
if (!userOrg) {
|
||||||
|
return next(
|
||||||
|
createHttpError(HttpCode.FORBIDDEN, "User not in organization")
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
const cacheKey = userResourceAliasesCacheKey(
|
||||||
|
orgId,
|
||||||
|
userId,
|
||||||
|
page,
|
||||||
|
pageSize
|
||||||
|
);
|
||||||
|
const cachedData: ListUserResourceAliasesResponse | undefined =
|
||||||
|
localCache.get(cacheKey);
|
||||||
|
|
||||||
|
if (cachedData) {
|
||||||
|
return response<ListUserResourceAliasesResponse>(res, {
|
||||||
|
data: cachedData,
|
||||||
|
success: true,
|
||||||
|
error: false,
|
||||||
|
message: "User resource aliases retrieved successfully",
|
||||||
|
status: HttpCode.OK
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
const userRoleIds = await db
|
||||||
|
.select({ roleId: userOrgRoles.roleId })
|
||||||
|
.from(userOrgRoles)
|
||||||
|
.where(
|
||||||
|
and(
|
||||||
|
eq(userOrgRoles.userId, userId),
|
||||||
|
eq(userOrgRoles.orgId, orgId)
|
||||||
|
)
|
||||||
|
)
|
||||||
|
.then((rows) => rows.map((r) => r.roleId));
|
||||||
|
|
||||||
|
const directSiteResourcesQuery = db
|
||||||
|
.select({ siteResourceId: userSiteResources.siteResourceId })
|
||||||
|
.from(userSiteResources)
|
||||||
|
.where(eq(userSiteResources.userId, userId));
|
||||||
|
|
||||||
|
const roleSiteResourcesQuery =
|
||||||
|
userRoleIds.length > 0
|
||||||
|
? db
|
||||||
|
.select({
|
||||||
|
siteResourceId: roleSiteResources.siteResourceId
|
||||||
|
})
|
||||||
|
.from(roleSiteResources)
|
||||||
|
.where(inArray(roleSiteResources.roleId, userRoleIds))
|
||||||
|
: Promise.resolve([]);
|
||||||
|
|
||||||
|
const [directSiteResourceResults, roleSiteResourceResults] =
|
||||||
|
await Promise.all([
|
||||||
|
directSiteResourcesQuery,
|
||||||
|
roleSiteResourcesQuery
|
||||||
|
]);
|
||||||
|
|
||||||
|
const accessibleSiteResourceIds = [
|
||||||
|
...directSiteResourceResults.map((r) => r.siteResourceId),
|
||||||
|
...roleSiteResourceResults.map((r) => r.siteResourceId)
|
||||||
|
];
|
||||||
|
|
||||||
|
if (accessibleSiteResourceIds.length === 0) {
|
||||||
|
const data: ListUserResourceAliasesResponse = {
|
||||||
|
aliases: [],
|
||||||
|
pagination: {
|
||||||
|
total: 0,
|
||||||
|
pageSize,
|
||||||
|
page
|
||||||
|
}
|
||||||
|
};
|
||||||
|
localCache.set(cacheKey, data, USER_RESOURCE_ALIASES_CACHE_TTL_SEC);
|
||||||
|
return response<ListUserResourceAliasesResponse>(res, {
|
||||||
|
data,
|
||||||
|
success: true,
|
||||||
|
error: false,
|
||||||
|
message: "User resource aliases retrieved successfully",
|
||||||
|
status: HttpCode.OK
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
const whereClause = and(
|
||||||
|
eq(siteResources.orgId, orgId),
|
||||||
|
eq(siteResources.enabled, true),
|
||||||
|
eq(siteResources.mode, "host"),
|
||||||
|
isNotNull(siteResources.alias),
|
||||||
|
ne(siteResources.alias, ""),
|
||||||
|
inArray(siteResources.siteResourceId, accessibleSiteResourceIds)
|
||||||
|
);
|
||||||
|
|
||||||
|
const baseSelect = () =>
|
||||||
|
db
|
||||||
|
.select({ alias: siteResources.alias })
|
||||||
|
.from(siteResources)
|
||||||
|
.where(whereClause);
|
||||||
|
|
||||||
|
const countQuery = db.$count(baseSelect().as("filtered_aliases"));
|
||||||
|
|
||||||
|
const [rows, totalCount] = await Promise.all([
|
||||||
|
baseSelect()
|
||||||
|
.orderBy(asc(siteResources.alias))
|
||||||
|
.limit(pageSize)
|
||||||
|
.offset(pageSize * (page - 1)),
|
||||||
|
countQuery
|
||||||
|
]);
|
||||||
|
|
||||||
|
const aliases = rows.map((r) => r.alias as string);
|
||||||
|
|
||||||
|
const data: ListUserResourceAliasesResponse = {
|
||||||
|
aliases,
|
||||||
|
pagination: {
|
||||||
|
total: totalCount,
|
||||||
|
pageSize,
|
||||||
|
page
|
||||||
|
}
|
||||||
|
};
|
||||||
|
localCache.set(cacheKey, data, USER_RESOURCE_ALIASES_CACHE_TTL_SEC);
|
||||||
|
|
||||||
|
return response<ListUserResourceAliasesResponse>(res, {
|
||||||
|
data,
|
||||||
|
success: true,
|
||||||
|
error: false,
|
||||||
|
message: "User resource aliases retrieved successfully",
|
||||||
|
status: HttpCode.OK
|
||||||
|
});
|
||||||
|
} catch (error) {
|
||||||
|
logger.error(error);
|
||||||
|
return next(
|
||||||
|
createHttpError(
|
||||||
|
HttpCode.INTERNAL_SERVER_ERROR,
|
||||||
|
"Internal server error"
|
||||||
|
)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -133,8 +133,7 @@ export default function ResourceAuthenticationPage() {
|
|||||||
...orgQueries.identityProviders({
|
...orgQueries.identityProviders({
|
||||||
orgId: org.org.orgId,
|
orgId: org.org.orgId,
|
||||||
useOrgOnlyIdp: env.app.identityProviderMode === "org"
|
useOrgOnlyIdp: env.app.identityProviderMode === "org"
|
||||||
}),
|
})
|
||||||
enabled: isPaidUser(tierMatrix.orgOidc)
|
|
||||||
});
|
});
|
||||||
|
|
||||||
const pageLoading =
|
const pageLoading =
|
||||||
|
|||||||
@@ -95,7 +95,8 @@ export default async function ProxyResourcesPage(
|
|||||||
ip: target.ip,
|
ip: target.ip,
|
||||||
port: target.port,
|
port: target.port,
|
||||||
enabled: target.enabled,
|
enabled: target.enabled,
|
||||||
healthStatus: target.healthStatus
|
healthStatus: target.healthStatus,
|
||||||
|
siteName: target.siteName
|
||||||
}))
|
}))
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -54,6 +54,7 @@ export type TargetHealth = {
|
|||||||
port: number;
|
port: number;
|
||||||
enabled: boolean;
|
enabled: boolean;
|
||||||
healthStatus: "healthy" | "unhealthy" | "unknown" | null;
|
healthStatus: "healthy" | "unhealthy" | "unknown" | null;
|
||||||
|
siteName: string | null;
|
||||||
};
|
};
|
||||||
|
|
||||||
export type ResourceRow = {
|
export type ResourceRow = {
|
||||||
@@ -274,7 +275,9 @@ export default function ProxyResourcesTable({
|
|||||||
}
|
}
|
||||||
className="h-3 w-3"
|
className="h-3 w-3"
|
||||||
/>
|
/>
|
||||||
{`${target.ip}:${target.port}`}
|
{target.siteName
|
||||||
|
? `${target.siteName} (${target.ip}:${target.port})`
|
||||||
|
: `${target.ip}:${target.port}`}
|
||||||
</div>
|
</div>
|
||||||
<span
|
<span
|
||||||
className={`capitalize ${
|
className={`capitalize ${
|
||||||
@@ -301,7 +304,9 @@ export default function ProxyResourcesTable({
|
|||||||
status="unknown"
|
status="unknown"
|
||||||
className="h-3 w-3"
|
className="h-3 w-3"
|
||||||
/>
|
/>
|
||||||
{`${target.ip}:${target.port}`}
|
{target.siteName
|
||||||
|
? `${target.siteName} (${target.ip}:${target.port})`
|
||||||
|
: `${target.ip}:${target.port}`}
|
||||||
</div>
|
</div>
|
||||||
<span className="text-muted-foreground">
|
<span className="text-muted-foreground">
|
||||||
{!target.enabled
|
{!target.enabled
|
||||||
|
|||||||
@@ -388,7 +388,7 @@ export default function UserDevicesTable({
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
accessorKey: "online",
|
accessorKey: "online",
|
||||||
friendlyName: t("online"),
|
friendlyName: t("connected"),
|
||||||
header: () => {
|
header: () => {
|
||||||
return (
|
return (
|
||||||
<ColumnFilterButton
|
<ColumnFilterButton
|
||||||
@@ -410,7 +410,7 @@ export default function UserDevicesTable({
|
|||||||
}
|
}
|
||||||
searchPlaceholder={t("searchPlaceholder")}
|
searchPlaceholder={t("searchPlaceholder")}
|
||||||
emptyMessage={t("emptySearchOptions")}
|
emptyMessage={t("emptySearchOptions")}
|
||||||
label={t("online")}
|
label={t("connected")}
|
||||||
className="p-3"
|
className="p-3"
|
||||||
/>
|
/>
|
||||||
);
|
);
|
||||||
|
|||||||
Reference in New Issue
Block a user