Compare commits
25 commits
cb431f3574
...
21f1326045
| Author | SHA1 | Date | |
|---|---|---|---|
|
21f1326045 | ||
|
|
f62e32724c | ||
|
|
5e052a446a | ||
|
|
5d2f3186cc | ||
|
|
e58d10fc53 | ||
|
|
4392bb604c | ||
|
|
5a4a6655a5 | ||
|
|
a20befd89f | ||
|
|
a9f0b9aa38 | ||
|
f8e0219b49 | ||
|
|
c4ae34383d | ||
|
|
c543376a0a | ||
|
a5b782b72a | ||
|
|
4084849fdc | ||
|
35e5f39c71 | ||
|
893244100e | ||
|
|
2a43b3ce4a | ||
|
|
b82754c7af | ||
|
|
8793d3976d | ||
|
|
6e833d4cee | ||
|
b3d0b69c04 | ||
|
|
28ac5e1237 | ||
|
|
8990de5618 | ||
|
|
6aeddde1cd | ||
|
2a00c877ea |
33 changed files with 369 additions and 191 deletions
18
README.md
18
README.md
|
|
@ -61,7 +61,8 @@ _Resources page of Pangolin dashboard (dark mode) showing multiple resources ava
|
|||
- **Temporary, self-destructing share links.**
|
||||
- Resource specific pin codes.
|
||||
- Resource specific passwords.
|
||||
- OIDC Support for IDPs like Authentik
|
||||
- External identity provider (IdP) support with OAuth2/OIDC, such as Authentik, Keycloak, Okta, and others.
|
||||
- Auto-provision users and roles from your IdP.
|
||||
|
||||
### Simple Dashboard UI
|
||||
|
||||
|
|
@ -76,6 +77,9 @@ _Resources page of Pangolin dashboard (dark mode) showing multiple resources ava
|
|||
- **Docker Compose based setup** for simplified deployment.
|
||||
- Future-proof installation script for streamlined setup and feature additions.
|
||||
- Use any WireGuard client to connect, or use **Newt, our custom user space client** for the best experience.
|
||||
- Use the API to create custom integrations and scripts.
|
||||
- Fine-grained access control to the API via scoped API keys.
|
||||
- Comprehensive Swagger documentation for the API.
|
||||
|
||||
### Modular Design
|
||||
|
||||
|
|
@ -112,23 +116,19 @@ _Resources page of Pangolin dashboard (dark mode) showing multiple resources ava
|
|||
**Use Case Example - Bypassing Port Restrictions in Home Lab**:
|
||||
Imagine private sites where the ISP restricts port forwarding. By connecting these sites to Pangolin via WireGuard, you can securely expose HTTP and HTTPS resources on the private network without any networking complexity.
|
||||
|
||||
**Use Case Example - Deploying Services For Your Business**
|
||||
You can use Pangolin as an easy way to expose your business applications to your users behind a safe authentication portal you can integrate into your IDP solution. Expose resources on prem and on the cloud.
|
||||
**Use Case Example - Deploying Services For Your Business**:
|
||||
You can use Pangolin as an easy way to expose your business applications to your users behind a safe authentication portal you can integrate into your IdP solution. Expose resources on prem and on the cloud.
|
||||
|
||||
**Use Case Example - IoT Networks**:
|
||||
IoT networks are often fragmented and difficult to manage. By deploying Pangolin on a central server, you can connect all your IoT sites via Newt or another WireGuard client. This creates a simple, secure, and centralized way to access IoT resources without the need for intricate networking setups.
|
||||
|
||||
<img src="public/screenshots/resources.png" alt="Resources"/>
|
||||
|
||||
_Resources page of Pangolin dashboard (dark mode) showing HTTPS and TCP resources with access control rules._
|
||||
|
||||
## Similar Projects and Inspirations
|
||||
|
||||
**Cloudflare Tunnels**:
|
||||
A similar approach to proxying private resources securely, but Pangolin is a self-hosted alternative, giving you full control over your infrastructure.
|
||||
|
||||
**Authentik and Authelia**:
|
||||
These projects inspired Pangolin’s centralized authentication system for proxies, enabling robust user and role management.
|
||||
**Authelia**:
|
||||
This inspired Pangolin’s centralized authentication system for proxies, enabling robust user and role management.
|
||||
|
||||
## Project Development / Roadmap
|
||||
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ server:
|
|||
internal_hostname: "pangolin"
|
||||
session_cookie_name: "p_session_token"
|
||||
resource_access_token_param: "p_token"
|
||||
secret: "your_secret_key_here"
|
||||
resource_access_token_headers:
|
||||
id: "P-Access-Token-Id"
|
||||
token: "P-Access-Token"
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ services:
|
|||
- 80:80 # Port for traefik because of the network_mode
|
||||
{{end}}
|
||||
traefik:
|
||||
image: traefik:v3.3.5
|
||||
image: traefik:v3.3.6
|
||||
container_name: traefik
|
||||
restart: unless-stopped
|
||||
{{if .InstallGerbil}}
|
||||
|
|
|
|||
|
|
@ -202,7 +202,7 @@ func collectUserInput(reader *bufio.Reader) Config {
|
|||
config.BaseDomain = readString(reader, "Enter your base domain (no subdomain e.g. example.com)", "")
|
||||
config.DashboardDomain = readString(reader, "Enter the domain for the Pangolin dashboard", "pangolin."+config.BaseDomain)
|
||||
config.LetsEncryptEmail = readString(reader, "Enter email for Let's Encrypt certificates", "")
|
||||
config.InstallGerbil = readBool(reader, "Do you want to use Gerbil to allow tunned connections", true)
|
||||
config.InstallGerbil = readBool(reader, "Do you want to use Gerbil to allow tunneled connections", true)
|
||||
|
||||
// Admin user configuration
|
||||
fmt.Println("\n=== Admin User Configuration ===")
|
||||
|
|
|
|||
Binary file not shown.
|
Before Width: | Height: | Size: 1.1 MiB After Width: | Height: | Size: 574 KiB |
|
|
@ -197,8 +197,10 @@ export function isIpInCidr(ip: string, cidr: string): boolean {
|
|||
const ipVersion = detectIpVersion(ip);
|
||||
const cidrVersion = detectIpVersion(cidr.split('/')[0]);
|
||||
|
||||
// If IP versions don't match, the IP cannot be in the CIDR range
|
||||
if (ipVersion !== cidrVersion) {
|
||||
throw new Error('IP address and CIDR must be of the same version');
|
||||
// throw new Erorr
|
||||
return false;
|
||||
}
|
||||
|
||||
const ipBigInt = ipToBigInt(ip);
|
||||
|
|
|
|||
|
|
@ -13,12 +13,19 @@ import moment from "moment";
|
|||
import { setHostMeta } from "@server/setup/setHostMeta";
|
||||
import { encrypt, decrypt } from "@server/lib/crypto";
|
||||
|
||||
const keyTypes = ["HOST", "SITES"] as const;
|
||||
type KeyType = (typeof keyTypes)[number];
|
||||
|
||||
const keyTiers = ["PROFESSIONAL", "ENTERPRISE"] as const;
|
||||
type KeyTier = (typeof keyTiers)[number];
|
||||
|
||||
export type LicenseStatus = {
|
||||
isHostLicensed: boolean; // Are there any license keys?
|
||||
isLicenseValid: boolean; // Is the license key valid?
|
||||
hostId: string; // Host ID
|
||||
maxSites?: number;
|
||||
usedSites?: number;
|
||||
tier?: KeyTier;
|
||||
};
|
||||
|
||||
export type LicenseKeyCache = {
|
||||
|
|
@ -26,7 +33,8 @@ export type LicenseKeyCache = {
|
|||
licenseKeyEncrypted: string;
|
||||
valid: boolean;
|
||||
iat?: Date;
|
||||
type?: "LICENSE" | "SITES";
|
||||
type?: KeyType;
|
||||
tier?: KeyTier;
|
||||
numSites?: number;
|
||||
};
|
||||
|
||||
|
|
@ -54,7 +62,8 @@ type ValidateLicenseAPIResponse = {
|
|||
|
||||
type TokenPayload = {
|
||||
valid: boolean;
|
||||
type: "LICENSE" | "SITES";
|
||||
type: KeyType;
|
||||
tier: KeyTier;
|
||||
quantity: number;
|
||||
terminateAt: string; // ISO
|
||||
iat: number; // Issued at
|
||||
|
|
@ -182,11 +191,12 @@ LQIDAQAB
|
|||
licenseKeyEncrypted: key.licenseKeyId,
|
||||
valid: payload.valid,
|
||||
type: payload.type,
|
||||
tier: payload.tier,
|
||||
numSites: payload.quantity,
|
||||
iat: new Date(payload.iat * 1000)
|
||||
});
|
||||
|
||||
if (payload.type === "LICENSE") {
|
||||
if (payload.type === "HOST") {
|
||||
foundHostKey = true;
|
||||
}
|
||||
} catch (e) {
|
||||
|
|
@ -273,6 +283,7 @@ LQIDAQAB
|
|||
);
|
||||
cached.valid = payload.valid;
|
||||
cached.type = payload.type;
|
||||
cached.tier = payload.tier;
|
||||
cached.numSites = payload.quantity;
|
||||
cached.iat = new Date(payload.iat * 1000);
|
||||
|
||||
|
|
@ -311,8 +322,9 @@ LQIDAQAB
|
|||
|
||||
logger.debug("Checking key", cached);
|
||||
|
||||
if (cached.type === "LICENSE") {
|
||||
if (cached.type === "HOST") {
|
||||
status.isLicenseValid = cached.valid;
|
||||
status.tier = cached.tier;
|
||||
}
|
||||
|
||||
if (!cached.valid) {
|
||||
|
|
|
|||
|
|
@ -172,9 +172,20 @@ export async function listAccessTokens(
|
|||
)
|
||||
);
|
||||
}
|
||||
const { orgId, resourceId } = parsedParams.data;
|
||||
const { resourceId } = parsedParams.data;
|
||||
|
||||
if (orgId && orgId !== req.userOrgId) {
|
||||
const orgId =
|
||||
parsedParams.data.orgId ||
|
||||
req.userOrg?.orgId ||
|
||||
req.apiKeyOrg?.orgId;
|
||||
|
||||
if (!orgId) {
|
||||
return next(
|
||||
createHttpError(HttpCode.BAD_REQUEST, "Invalid organization ID")
|
||||
);
|
||||
}
|
||||
|
||||
if (req.user && orgId && orgId !== req.userOrgId) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.FORBIDDEN,
|
||||
|
|
@ -183,7 +194,9 @@ export async function listAccessTokens(
|
|||
);
|
||||
}
|
||||
|
||||
const accessibleResources = await db
|
||||
let accessibleResources;
|
||||
if (req.user) {
|
||||
accessibleResources = await db
|
||||
.select({
|
||||
resourceId: sql<number>`COALESCE(${userResources.resourceId}, ${roleResources.resourceId})`
|
||||
})
|
||||
|
|
@ -198,6 +211,12 @@ export async function listAccessTokens(
|
|||
eq(roleResources.roleId, req.userOrgRoleId!)
|
||||
)
|
||||
);
|
||||
} else {
|
||||
accessibleResources = await db
|
||||
.select({ resourceId: resources.resourceId })
|
||||
.from(resources)
|
||||
.where(eq(resources.orgId, orgId));
|
||||
}
|
||||
|
||||
const accessibleResourceIds = accessibleResources.map(
|
||||
(resource) => resource.resourceId
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ const bodySchema = z
|
|||
.strict();
|
||||
|
||||
const ensureTrailingSlash = (url: string): string => {
|
||||
return url.endsWith('/') ? url : `${url}/`;
|
||||
return url;
|
||||
};
|
||||
|
||||
export type GenerateOidcUrlResponse = {
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ import { oidcAutoProvision } from "./oidcAutoProvision";
|
|||
import license from "@server/license/license";
|
||||
|
||||
const ensureTrailingSlash = (url: string): string => {
|
||||
return url.endsWith("/") ? url : `${url}/`;
|
||||
return url;
|
||||
};
|
||||
|
||||
const paramsSchema = z
|
||||
|
|
@ -243,7 +243,7 @@ export async function validateOidcCallback(
|
|||
return next(
|
||||
createHttpError(
|
||||
HttpCode.UNAUTHORIZED,
|
||||
"User not provisioned in the system"
|
||||
`User with username ${userIdentifier} is unprovisioned. This user must be added to an organization before logging in.`
|
||||
)
|
||||
);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@ export async function createNewt(
|
|||
|
||||
const { newtId, secret } = parsedBody.data;
|
||||
|
||||
if (!req.userOrgRoleId) {
|
||||
if (req.user && !req.userOrgRoleId) {
|
||||
return next(
|
||||
createHttpError(HttpCode.FORBIDDEN, "User does not have a role")
|
||||
);
|
||||
|
|
|
|||
|
|
@ -3,13 +3,16 @@ import { z } from "zod";
|
|||
import { db } from "@server/db";
|
||||
import { eq } from "drizzle-orm";
|
||||
import {
|
||||
apiKeyOrg,
|
||||
apiKeys,
|
||||
domains,
|
||||
Org,
|
||||
orgDomains,
|
||||
orgs,
|
||||
roleActions,
|
||||
roles,
|
||||
userOrgs
|
||||
userOrgs,
|
||||
users
|
||||
} from "@server/db/schemas";
|
||||
import response from "@server/lib/response";
|
||||
import HttpCode from "@server/types/HttpCode";
|
||||
|
|
@ -55,7 +58,7 @@ export async function createOrg(
|
|||
try {
|
||||
// should this be in a middleware?
|
||||
if (config.getRawConfig().flags?.disable_user_create_org) {
|
||||
if (!req.user?.serverAdmin) {
|
||||
if (req.user && !req.user?.serverAdmin) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.FORBIDDEN,
|
||||
|
|
@ -143,12 +146,33 @@ export async function createOrg(
|
|||
}))
|
||||
);
|
||||
|
||||
if (req.user) {
|
||||
await trx.insert(userOrgs).values({
|
||||
userId: req.user!.userId,
|
||||
orgId: newOrg[0].orgId,
|
||||
roleId: roleId,
|
||||
isOwner: true
|
||||
});
|
||||
} else {
|
||||
// if org created by root api key, set the server admin as the owner
|
||||
const [serverAdmin] = await trx
|
||||
.select()
|
||||
.from(users)
|
||||
.where(eq(users.serverAdmin, true));
|
||||
|
||||
if (!serverAdmin) {
|
||||
error = "Server admin not found";
|
||||
trx.rollback();
|
||||
return;
|
||||
}
|
||||
|
||||
await trx.insert(userOrgs).values({
|
||||
userId: serverAdmin.userId,
|
||||
orgId: newOrg[0].orgId,
|
||||
roleId: roleId,
|
||||
isOwner: true
|
||||
});
|
||||
}
|
||||
|
||||
const memberRole = await trx
|
||||
.insert(roles)
|
||||
|
|
@ -166,6 +190,18 @@ export async function createOrg(
|
|||
orgId
|
||||
}))
|
||||
);
|
||||
|
||||
const rootApiKeys = await trx
|
||||
.select()
|
||||
.from(apiKeys)
|
||||
.where(eq(apiKeys.isRoot, true));
|
||||
|
||||
for (const apiKey of rootApiKeys) {
|
||||
await trx.insert(apiKeyOrg).values({
|
||||
apiKeyId: apiKey.apiKeyId,
|
||||
orgId: newOrg[0].orgId
|
||||
});
|
||||
}
|
||||
});
|
||||
|
||||
if (!org) {
|
||||
|
|
|
|||
|
|
@ -39,6 +39,7 @@ const createHttpResourceSchema = z
|
|||
isBaseDomain: z.boolean().optional(),
|
||||
siteId: z.number(),
|
||||
http: z.boolean(),
|
||||
protocol: z.string(),
|
||||
domainId: z.string()
|
||||
})
|
||||
.strict()
|
||||
|
|
@ -129,7 +130,7 @@ export async function createResource(
|
|||
|
||||
const { siteId, orgId } = parsedParams.data;
|
||||
|
||||
if (!req.userOrgRoleId) {
|
||||
if (req.user && !req.userOrgRoleId) {
|
||||
return next(
|
||||
createHttpError(HttpCode.FORBIDDEN, "User does not have a role")
|
||||
);
|
||||
|
|
@ -202,7 +203,7 @@ async function createHttpResource(
|
|||
);
|
||||
}
|
||||
|
||||
const { name, subdomain, isBaseDomain, http, domainId } =
|
||||
const { name, subdomain, isBaseDomain, http, protocol, domainId } =
|
||||
parsedBody.data;
|
||||
|
||||
const [orgDomain] = await db
|
||||
|
|
@ -261,7 +262,7 @@ async function createHttpResource(
|
|||
name,
|
||||
subdomain,
|
||||
http,
|
||||
protocol: "tcp",
|
||||
protocol,
|
||||
ssl: true,
|
||||
isBaseDomain
|
||||
})
|
||||
|
|
@ -284,7 +285,7 @@ async function createHttpResource(
|
|||
resourceId: newResource[0].resourceId
|
||||
});
|
||||
|
||||
if (req.userOrgRoleId != adminRole[0].roleId) {
|
||||
if (req.user && req.userOrgRoleId != adminRole[0].roleId) {
|
||||
// make sure the user can access the resource
|
||||
await trx.insert(userResources).values({
|
||||
userId: req.user?.userId!,
|
||||
|
|
|
|||
|
|
@ -69,9 +69,7 @@ function queryResources(
|
|||
http: resources.http,
|
||||
protocol: resources.protocol,
|
||||
proxyPort: resources.proxyPort,
|
||||
enabled: resources.enabled,
|
||||
tlsServerName: resources.tlsServerName,
|
||||
setHostHeader: resources.setHostHeader
|
||||
enabled: resources.enabled
|
||||
})
|
||||
.from(resources)
|
||||
.leftJoin(sites, eq(resources.siteId, sites.siteId))
|
||||
|
|
@ -105,9 +103,7 @@ function queryResources(
|
|||
http: resources.http,
|
||||
protocol: resources.protocol,
|
||||
proxyPort: resources.proxyPort,
|
||||
enabled: resources.enabled,
|
||||
tlsServerName: resources.tlsServerName,
|
||||
setHostHeader: resources.setHostHeader
|
||||
enabled: resources.enabled
|
||||
})
|
||||
.from(resources)
|
||||
.leftJoin(sites, eq(resources.siteId, sites.siteId))
|
||||
|
|
@ -187,9 +183,17 @@ export async function listResources(
|
|||
)
|
||||
);
|
||||
}
|
||||
const { siteId, orgId } = parsedParams.data;
|
||||
const { siteId } = parsedParams.data;
|
||||
|
||||
if (orgId && orgId !== req.userOrgId) {
|
||||
const orgId = parsedParams.data.orgId || req.userOrg?.orgId || req.apiKeyOrg?.orgId;
|
||||
|
||||
if (!orgId) {
|
||||
return next(
|
||||
createHttpError(HttpCode.BAD_REQUEST, "Invalid organization ID")
|
||||
);
|
||||
}
|
||||
|
||||
if (req.user && orgId && orgId !== req.userOrgId) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.FORBIDDEN,
|
||||
|
|
@ -198,7 +202,9 @@ export async function listResources(
|
|||
);
|
||||
}
|
||||
|
||||
const accessibleResources = await db
|
||||
let accessibleResources;
|
||||
if (req.user) {
|
||||
accessibleResources = await db
|
||||
.select({
|
||||
resourceId: sql<number>`COALESCE(${userResources.resourceId}, ${roleResources.resourceId})`
|
||||
})
|
||||
|
|
@ -213,6 +219,11 @@ export async function listResources(
|
|||
eq(roleResources.roleId, req.userOrgRoleId!)
|
||||
)
|
||||
);
|
||||
} else {
|
||||
accessibleResources = await db.select({
|
||||
resourceId: resources.resourceId
|
||||
}).from(resources).where(eq(resources.orgId, orgId));
|
||||
}
|
||||
|
||||
const accessibleResourceIds = accessibleResources.map(
|
||||
(resource) => resource.resourceId
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
import { Request, Response, NextFunction } from "express";
|
||||
import { z } from "zod";
|
||||
import { db } from "@server/db";
|
||||
import { roleResources, roles } from "@server/db/schemas";
|
||||
import { apiKeys, roleResources, roles } from "@server/db/schemas";
|
||||
import response from "@server/lib/response";
|
||||
import HttpCode from "@server/types/HttpCode";
|
||||
import createHttpError from "http-errors";
|
||||
|
|
@ -74,6 +74,17 @@ export async function setResourceRoles(
|
|||
|
||||
const { resourceId } = parsedParams.data;
|
||||
|
||||
const orgId = req.userOrg?.orgId || req.apiKeyOrg?.orgId;
|
||||
|
||||
if (!orgId) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.INTERNAL_SERVER_ERROR,
|
||||
"Organization not found"
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
// get this org's admin role
|
||||
const adminRole = await db
|
||||
.select()
|
||||
|
|
@ -81,7 +92,7 @@ export async function setResourceRoles(
|
|||
.where(
|
||||
and(
|
||||
eq(roles.name, "Admin"),
|
||||
eq(roles.orgId, req.userOrg!.orgId)
|
||||
eq(roles.orgId, orgId)
|
||||
)
|
||||
)
|
||||
.limit(1);
|
||||
|
|
@ -136,3 +147,4 @@ export async function setResourceRoles(
|
|||
);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -45,8 +45,8 @@ const updateHttpResourceBodySchema = z
|
|||
domainId: z.string().optional(),
|
||||
enabled: z.boolean().optional(),
|
||||
stickySession: z.boolean().optional(),
|
||||
tlsServerName: z.string().optional(),
|
||||
setHostHeader: z.string().optional()
|
||||
tlsServerName: z.string().nullable().optional(),
|
||||
setHostHeader: z.string().nullable().optional()
|
||||
})
|
||||
.strict()
|
||||
.refine((data) => Object.keys(data).length > 0, {
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
import { Request, Response, NextFunction } from "express";
|
||||
import { z } from "zod";
|
||||
import { db } from "@server/db";
|
||||
import { roles, userSites, sites, roleSites, Site } from "@server/db/schemas";
|
||||
import { roles, userSites, sites, roleSites, Site, orgs } from "@server/db/schemas";
|
||||
import response from "@server/lib/response";
|
||||
import HttpCode from "@server/types/HttpCode";
|
||||
import createHttpError from "http-errors";
|
||||
|
|
@ -10,7 +10,6 @@ import { eq, and } from "drizzle-orm";
|
|||
import { getUniqueSiteName } from "@server/db/names";
|
||||
import { addPeer } from "../gerbil/peers";
|
||||
import { fromError } from "zod-validation-error";
|
||||
import { hash } from "@node-rs/argon2";
|
||||
import { newts } from "@server/db/schemas";
|
||||
import moment from "moment";
|
||||
import { OpenAPITags, registry } from "@server/openApi";
|
||||
|
|
@ -78,8 +77,15 @@ export async function createSite(
|
|||
);
|
||||
}
|
||||
|
||||
const { name, type, exitNodeId, pubKey, subnet, newtId, secret } =
|
||||
parsedBody.data;
|
||||
const {
|
||||
name,
|
||||
type,
|
||||
exitNodeId,
|
||||
pubKey,
|
||||
subnet,
|
||||
newtId,
|
||||
secret
|
||||
} = parsedBody.data;
|
||||
|
||||
const parsedParams = createSiteParamsSchema.safeParse(req.params);
|
||||
if (!parsedParams.success) {
|
||||
|
|
@ -93,12 +99,23 @@ export async function createSite(
|
|||
|
||||
const { orgId } = parsedParams.data;
|
||||
|
||||
if (!req.userOrgRoleId) {
|
||||
if (req.user && !req.userOrgRoleId) {
|
||||
return next(
|
||||
createHttpError(HttpCode.FORBIDDEN, "User does not have a role")
|
||||
);
|
||||
}
|
||||
|
||||
const [org] = await db.select().from(orgs).where(eq(orgs.orgId, orgId));
|
||||
|
||||
if (!org) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.NOT_FOUND,
|
||||
`Organization with ID ${orgId} not found`
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
const niceId = await getUniqueSiteName(orgId);
|
||||
|
||||
await db.transaction(async (trx) => {
|
||||
|
|
@ -159,7 +176,7 @@ export async function createSite(
|
|||
siteId: newSite.siteId
|
||||
});
|
||||
|
||||
if (req.userOrgRoleId != adminRole[0].roleId) {
|
||||
if (req.user && req.userOrgRoleId != adminRole[0].roleId) {
|
||||
// make sure the user can access the site
|
||||
trx.insert(userSites).values({
|
||||
userId: req.user?.userId!,
|
||||
|
|
|
|||
|
|
@ -100,7 +100,7 @@ export async function listSites(
|
|||
}
|
||||
const { orgId } = parsedParams.data;
|
||||
|
||||
if (orgId && orgId !== req.userOrgId) {
|
||||
if (req.user && orgId && orgId !== req.userOrgId) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.FORBIDDEN,
|
||||
|
|
@ -109,7 +109,9 @@ export async function listSites(
|
|||
);
|
||||
}
|
||||
|
||||
const accessibleSites = await db
|
||||
let accessibleSites;
|
||||
if (req.user) {
|
||||
accessibleSites = await db
|
||||
.select({
|
||||
siteId: sql<number>`COALESCE(${userSites.siteId}, ${roleSites.siteId})`
|
||||
})
|
||||
|
|
@ -121,6 +123,12 @@ export async function listSites(
|
|||
eq(roleSites.roleId, req.userOrgRoleId!)
|
||||
)
|
||||
);
|
||||
} else {
|
||||
accessibleSites = await db
|
||||
.select({ siteId: sites.siteId })
|
||||
.from(sites)
|
||||
.where(eq(sites.orgId, orgId));
|
||||
}
|
||||
|
||||
const accessibleSiteIds = accessibleSites.map((site) => site.siteId);
|
||||
const baseQuery = querySites(orgId, accessibleSiteIds);
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@ export async function addUserRole(
|
|||
|
||||
const { userId, roleId } = parsedParams.data;
|
||||
|
||||
if (!req.userOrg) {
|
||||
if (req.user && !req.userOrg) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.FORBIDDEN,
|
||||
|
|
@ -58,7 +58,13 @@ export async function addUserRole(
|
|||
);
|
||||
}
|
||||
|
||||
const orgId = req.userOrg.orgId;
|
||||
const orgId = req.userOrg?.orgId || req.apiKeyOrg?.orgId;
|
||||
|
||||
if (!orgId) {
|
||||
return next(
|
||||
createHttpError(HttpCode.BAD_REQUEST, "Invalid organization ID")
|
||||
);
|
||||
}
|
||||
|
||||
const existingUser = await db
|
||||
.select()
|
||||
|
|
|
|||
|
|
@ -106,7 +106,7 @@ export async function getOrgUser(
|
|||
);
|
||||
}
|
||||
|
||||
if (user.userId !== req.userOrg.userId) {
|
||||
if (req.user && user.userId !== req.userOrg.userId) {
|
||||
const hasPermission = await checkUserActionPermission(
|
||||
ActionsEnum.getOrgUser,
|
||||
req
|
||||
|
|
|
|||
|
|
@ -363,12 +363,12 @@ export default function ReverseProxyTargets(props: {
|
|||
setHttpsTlsLoading(true);
|
||||
await api.post(`/resource/${params.resourceId}`, {
|
||||
ssl: data.ssl,
|
||||
tlsServerName: data.tlsServerName || undefined
|
||||
tlsServerName: data.tlsServerName || null
|
||||
});
|
||||
updateResource({
|
||||
...resource,
|
||||
ssl: data.ssl,
|
||||
tlsServerName: data.tlsServerName || undefined
|
||||
tlsServerName: data.tlsServerName || null
|
||||
});
|
||||
toast({
|
||||
title: "TLS settings updated",
|
||||
|
|
@ -393,11 +393,11 @@ export default function ReverseProxyTargets(props: {
|
|||
try {
|
||||
setProxySettingsLoading(true);
|
||||
await api.post(`/resource/${params.resourceId}`, {
|
||||
setHostHeader: data.setHostHeader || undefined
|
||||
setHostHeader: data.setHostHeader || null
|
||||
});
|
||||
updateResource({
|
||||
...resource,
|
||||
setHostHeader: data.setHostHeader || undefined
|
||||
setHostHeader: data.setHostHeader || null
|
||||
});
|
||||
toast({
|
||||
title: "Proxy settings updated",
|
||||
|
|
@ -657,7 +657,7 @@ export default function ReverseProxyTargets(props: {
|
|||
loading={httpsTlsLoading}
|
||||
form="tls-settings-form"
|
||||
>
|
||||
Save HTTPS & TLS Settings
|
||||
Save Settings
|
||||
</Button>
|
||||
</SettingsSectionFooter>
|
||||
</SettingsSection>
|
||||
|
|
@ -896,7 +896,7 @@ export default function ReverseProxyTargets(props: {
|
|||
<Input {...field} />
|
||||
</FormControl>
|
||||
<FormDescription>
|
||||
The Host header to set when
|
||||
The host header to set when
|
||||
proxying requests. Leave
|
||||
empty to use the default.
|
||||
</FormDescription>
|
||||
|
|
|
|||
|
|
@ -173,13 +173,15 @@ export default function Page() {
|
|||
if (httpData.isBaseDomain) {
|
||||
Object.assign(payload, {
|
||||
domainId: httpData.domainId,
|
||||
isBaseDomain: true
|
||||
isBaseDomain: true,
|
||||
protocol: "tcp"
|
||||
});
|
||||
} else {
|
||||
Object.assign(payload, {
|
||||
subdomain: httpData.subdomain,
|
||||
domainId: httpData.domainId,
|
||||
isBaseDomain: false
|
||||
isBaseDomain: false,
|
||||
protocol: "tcp"
|
||||
});
|
||||
}
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -40,6 +40,21 @@ export function SitePriceCalculator({
|
|||
setSiteCount((prev) => (prev > 1 ? prev - 1 : 1));
|
||||
};
|
||||
|
||||
function continueToPayment() {
|
||||
if (mode === "license") {
|
||||
// open in new tab
|
||||
window.open(
|
||||
`https://payment.fossorial.io/buy/dab98d3d-9976-49b1-9e55-1580059d833f?quantity=${siteCount}`,
|
||||
"_blank"
|
||||
);
|
||||
} else {
|
||||
window.open(
|
||||
`https://payment.fossorial.io/buy/2b881c36-ea5d-4c11-8652-9be6810a054f?quantity=${siteCount}`,
|
||||
"_blank"
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
const totalCost =
|
||||
mode === "license"
|
||||
? licenseFlatRate + siteCount * pricePerSite
|
||||
|
|
@ -122,8 +137,8 @@ export function SitePriceCalculator({
|
|||
</div>
|
||||
|
||||
<p className="text-muted-foreground text-sm mt-2 text-center">
|
||||
For the most up-to-date pricing, please visit
|
||||
our{" "}
|
||||
For the most up-to-date pricing and discounts,
|
||||
please visit the{" "}
|
||||
<a
|
||||
href="https://docs.fossorial.io/pricing"
|
||||
target="_blank"
|
||||
|
|
@ -141,7 +156,9 @@ export function SitePriceCalculator({
|
|||
<CredenzaClose asChild>
|
||||
<Button variant="outline">Cancel</Button>
|
||||
</CredenzaClose>
|
||||
<Button>Continue to Payment</Button>
|
||||
<Button onClick={continueToPayment}>
|
||||
Continue to Payment
|
||||
</Button>
|
||||
</CredenzaFooter>
|
||||
</CredenzaContent>
|
||||
</Credenza>
|
||||
|
|
|
|||
|
|
@ -121,7 +121,7 @@ export default function LicensePage() {
|
|||
);
|
||||
const keys = response.data.data;
|
||||
setRows(keys);
|
||||
const hostKey = keys.find((key) => key.type === "LICENSE");
|
||||
const hostKey = keys.find((key) => key.type === "HOST");
|
||||
if (hostKey) {
|
||||
setHostLicense(hostKey.licenseKey);
|
||||
} else {
|
||||
|
|
@ -285,17 +285,22 @@ export default function LicensePage() {
|
|||
</FormControl>
|
||||
<div className="space-y-1 leading-none">
|
||||
<FormLabel>
|
||||
I have read and agree to the
|
||||
Fossorial Commercial License
|
||||
- Professional Edition
|
||||
Subscription Terms.{" "}
|
||||
By checking this box, you
|
||||
confirm that you have read
|
||||
and agree to the license
|
||||
terms corresponding to the
|
||||
tier associated with your
|
||||
license key.
|
||||
<br />
|
||||
<Link
|
||||
href="https://docs.fossorial.io/license.html"
|
||||
href="https://fossorial.io/license.html"
|
||||
target="_blank"
|
||||
rel="noopener noreferrer"
|
||||
className="text-primary hover:underline"
|
||||
>
|
||||
View License & Terms
|
||||
View Fossorial
|
||||
Commercial License &
|
||||
Subscription Terms
|
||||
</Link>
|
||||
</FormLabel>
|
||||
<FormMessage />
|
||||
|
|
@ -380,7 +385,13 @@ export default function LicensePage() {
|
|||
<div className="space-y-2 text-green-500">
|
||||
<div className="text-2xl flex items-center gap-2">
|
||||
<Check />
|
||||
Licensed
|
||||
{licenseStatus?.tier ===
|
||||
"PROFESSIONAL"
|
||||
? "Professional License"
|
||||
: licenseStatus?.tier ===
|
||||
"ENTERPRISE"
|
||||
? "Enterprise License"
|
||||
: "Licensed"}
|
||||
</div>
|
||||
</div>
|
||||
) : (
|
||||
|
|
@ -441,6 +452,12 @@ export default function LicensePage() {
|
|||
in system
|
||||
</div>
|
||||
</div>
|
||||
{!licenseStatus?.isHostLicensed && (
|
||||
<p className="text-sm text-muted-foreground">
|
||||
There is no limit on the number of sites
|
||||
using an unlicensed host.
|
||||
</p>
|
||||
)}
|
||||
{licenseStatus?.maxSites && (
|
||||
<div className="space-y-2">
|
||||
<div className="flex justify-between text-sm">
|
||||
|
|
|
|||
|
|
@ -173,7 +173,7 @@ export default function UsersTable({ users }: Props) {
|
|||
<div className="space-y-4">
|
||||
<p>
|
||||
Are you sure you want to permanently delete{" "}
|
||||
<b>
|
||||
<b className="break-all">
|
||||
{selected?.email ||
|
||||
selected?.name ||
|
||||
selected?.username}
|
||||
|
|
|
|||
|
|
@ -5,21 +5,33 @@
|
|||
|
||||
"use client";
|
||||
|
||||
import { Button } from "@app/components/ui/button";
|
||||
import { useLicenseStatusContext } from "@app/hooks/useLicenseStatusContext";
|
||||
import { useState } from "react";
|
||||
|
||||
export default function LicenseViolation() {
|
||||
const { licenseStatus } = useLicenseStatusContext();
|
||||
const [isDismissed, setIsDismissed] = useState(false);
|
||||
|
||||
if (!licenseStatus) return null;
|
||||
if (!licenseStatus || isDismissed) return null;
|
||||
|
||||
// Show invalid license banner
|
||||
if (licenseStatus.isHostLicensed && !licenseStatus.isLicenseValid) {
|
||||
return (
|
||||
<div className="fixed bottom-0 left-0 right-0 w-full bg-red-500 text-white p-4 text-center z-50">
|
||||
<div className="flex justify-between items-center">
|
||||
<p>
|
||||
Invalid or expired license keys detected. Follow license
|
||||
terms to continue using all features.
|
||||
</p>
|
||||
<Button
|
||||
variant={"ghost"}
|
||||
className="hover:bg-yellow-500"
|
||||
onClick={() => setIsDismissed(true)}
|
||||
>
|
||||
Dismiss
|
||||
</Button>
|
||||
</div>
|
||||
</div>
|
||||
);
|
||||
}
|
||||
|
|
@ -32,12 +44,21 @@ export default function LicenseViolation() {
|
|||
) {
|
||||
return (
|
||||
<div className="fixed bottom-0 left-0 right-0 w-full bg-yellow-500 text-black p-4 text-center z-50">
|
||||
<div className="flex justify-between items-center">
|
||||
<p>
|
||||
License Violation: This server is using{" "}
|
||||
{licenseStatus.usedSites} sites which exceeds its licensed
|
||||
limit of {licenseStatus.maxSites} sites. Follow license
|
||||
terms to continue using all features.
|
||||
{licenseStatus.usedSites} sites which exceeds its
|
||||
licensed limit of {licenseStatus.maxSites} sites. Follow
|
||||
license terms to continue using all features.
|
||||
</p>
|
||||
<Button
|
||||
variant={"ghost"}
|
||||
className="hover:bg-yellow-500"
|
||||
onClick={() => setIsDismissed(true)}
|
||||
>
|
||||
Dismiss
|
||||
</Button>
|
||||
</div>
|
||||
</div>
|
||||
);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,33 +16,7 @@ export function Breadcrumbs() {
|
|||
|
||||
const breadcrumbs: BreadcrumbItem[] = segments.map((segment, index) => {
|
||||
const href = `/${segments.slice(0, index + 1).join("/")}`;
|
||||
let label = segment;
|
||||
|
||||
// // Format labels
|
||||
// if (segment === "settings") {
|
||||
// label = "Settings";
|
||||
// } else if (segment === "sites") {
|
||||
// label = "Sites";
|
||||
// } else if (segment === "resources") {
|
||||
// label = "Resources";
|
||||
// } else if (segment === "access") {
|
||||
// label = "Access Control";
|
||||
// } else if (segment === "general") {
|
||||
// label = "General";
|
||||
// } else if (segment === "share-links") {
|
||||
// label = "Shareable Links";
|
||||
// } else if (segment === "users") {
|
||||
// label = "Users";
|
||||
// } else if (segment === "roles") {
|
||||
// label = "Roles";
|
||||
// } else if (segment === "invitations") {
|
||||
// label = "Invitations";
|
||||
// } else if (segment === "proxy") {
|
||||
// label = "proxy";
|
||||
// } else if (segment === "authentication") {
|
||||
// label = "Authentication";
|
||||
// }
|
||||
|
||||
let label = decodeURIComponent(segment);
|
||||
return { label, href };
|
||||
});
|
||||
|
||||
|
|
|
|||
|
|
@ -105,7 +105,7 @@ export default function InviteUserForm({
|
|||
<CredenzaTitle>{title}</CredenzaTitle>
|
||||
</CredenzaHeader>
|
||||
<CredenzaBody>
|
||||
<div className="mb-4">{dialog}</div>
|
||||
<div className="mb-4 break-all overflow-hidden">{dialog}</div>
|
||||
<Form {...form}>
|
||||
<form
|
||||
onSubmit={form.handleSubmit(onSubmit)}
|
||||
|
|
|
|||
|
|
@ -248,6 +248,12 @@ export default function LoginForm({ redirect, onLogin, idps }: LoginFormProps) {
|
|||
pattern={
|
||||
REGEXP_ONLY_DIGITS_AND_CHARS
|
||||
}
|
||||
onChange={(e) => {
|
||||
field.onChange(e);
|
||||
if (e.length === 6) {
|
||||
mfaForm.handleSubmit(onSubmit)();
|
||||
}
|
||||
}}
|
||||
>
|
||||
<InputOTPGroup>
|
||||
<InputOTPSlot
|
||||
|
|
|
|||
|
|
@ -27,7 +27,6 @@ function getActionsCategories(root: boolean) {
|
|||
"Get Organization User": "getOrgUser",
|
||||
"List Organization Domains": "listOrgDomains",
|
||||
"Check Org ID": "checkOrgId",
|
||||
"List Orgs": "listOrgs"
|
||||
},
|
||||
|
||||
Site: {
|
||||
|
|
@ -91,14 +90,12 @@ function getActionsCategories(root: boolean) {
|
|||
"List Resource Rules": "listResourceRules",
|
||||
"Update Resource Rule": "updateResourceRule"
|
||||
}
|
||||
|
||||
// "Newt": {
|
||||
// "Create Newt": "createNewt"
|
||||
// },
|
||||
};
|
||||
|
||||
if (root) {
|
||||
actionsByCategory["Organization"] = {
|
||||
"List Organizations": "listOrgs",
|
||||
"Check ID": "checkOrgId",
|
||||
"Create Organization": "createOrg",
|
||||
"Delete Organization": "deleteOrg",
|
||||
"List API Keys": "listApiKeys",
|
||||
|
|
|
|||
17
src/components/QRContainer.tsx
Normal file
17
src/components/QRContainer.tsx
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
"use client";
|
||||
|
||||
export default function QRContainer({
|
||||
children = <div/>,
|
||||
outline = true
|
||||
}) {
|
||||
|
||||
return (
|
||||
<div
|
||||
className={`relative w-fit border-2 rounded-md`}
|
||||
>
|
||||
<div className="bg-white p-6 rounded-md">
|
||||
{children}
|
||||
</div>
|
||||
</div>
|
||||
);
|
||||
}
|
||||
|
|
@ -189,10 +189,12 @@ export default function SupporterStatus() {
|
|||
<CredenzaBody>
|
||||
<p>
|
||||
Purchase a supporter key to help us continue
|
||||
developing Pangolin. Your contribution allows us
|
||||
commit more time to maintain and add new features to
|
||||
the application for everyone. We will never use this
|
||||
to paywall features.
|
||||
developing Pangolin for the community. Your
|
||||
contribution allows us to commit more time to
|
||||
maintain and add new features to the application for
|
||||
everyone. We will never use this to paywall
|
||||
features. This is separate from the Professional
|
||||
Edition.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ const ToastViewport = React.forwardRef<
|
|||
<ToastPrimitives.Viewport
|
||||
ref={ref}
|
||||
className={cn(
|
||||
"fixed top-0 z-[100] flex max-h-screen w-full flex-col-reverse p-4 sm:bottom-0 sm:right-0 sm:top-auto sm:flex-col md:max-w-[420px]",
|
||||
"fixed top-0 right-0 z-[100] flex max-h-screen w-full flex-col-reverse p-4 md:max-w-[420px]",
|
||||
className
|
||||
)}
|
||||
{...props}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue