fosrl.pangolin/server/routers/traefik/getTraefikConfig.ts

import { Request, Response } from "express";
import db from "@server/db";
import * as schema from "@server/db/schema";
import { and, eq, isNotNull } from "drizzle-orm";
import logger from "@server/logger";
import HttpCode from "@server/types/HttpCode";
import config from "@server/config";

export async function traefikConfigProvider(
    _: Request,
    res: Response,
): Promise<any> {
    try {
        const all = await db
            .select()
            .from(schema.targets)
            .innerJoin(
                schema.resources,
                eq(schema.targets.resourceId, schema.resources.resourceId),
            )
            .innerJoin(
                schema.orgs,
                eq(schema.resources.orgId, schema.orgs.orgId),
            )
            .innerJoin(
                schema.sites,
                eq(schema.sites.siteId, schema.resources.siteId),
            )
            .where(
                and(
                    eq(schema.targets.enabled, true),
                    isNotNull(schema.resources.subdomain),
                    isNotNull(schema.orgs.domain),
                ),
            );

        if (!all.length) {
            return res.status(HttpCode.OK).json({});
        }

        const badgerMiddlewareName = "badger";
        const redirectMiddlewareName = "redirect-to-https";

        // const baseDomain = new URL(config.app.base_url).hostname;

        const http: any = {
            routers: {},
            services: {},
            middlewares: {
                [badgerMiddlewareName]: {
                    plugin: {
                        [badgerMiddlewareName]: {
                            apiBaseUrl: new URL(
                                "/api/v1",
                                `http://${config.server.internal_hostname}:${config.server.internal_port}`,
                            ).href,
                            resourceSessionCookieName:
                                config.badger.resource_session_cookie_name,
                            userSessionCookieName:
                                config.server.session_cookie_name,
                            sessionQueryParameter:
                                config.badger.session_query_parameter,
                        },
                    },
                },
                [redirectMiddlewareName]: {
                    redirectScheme: {
                        scheme: "https",
                        permanent: true,
                    },
                },
            },
        };
        for (const item of all) {
            const target = item.targets;
            const resource = item.resources;
            const site = item.sites;
            const org = item.orgs;

            const routerName = `${target.targetId}-router`;
            const serviceName = `${target.targetId}-service`;

            if (!resource || !resource.subdomain) {
                continue;
            }

            if (!org || !org.domain) {
                continue;
            }

            const fullDomain = `${resource.subdomain}.${org.domain}`;

            const domainParts = fullDomain.split(".");
            let wildCard;
            if (domainParts.length <= 2) {
                wildCard = `*.${domainParts.join(".")}`;
            } else {
                wildCard = `*.${domainParts.slice(1).join(".")}`;
            }

            const tls = {
                certResolver: config.traefik.cert_resolver,
                ...(config.traefik.prefer_wildcard_cert
                    ? {
                          domains: [
                              {
                                  main: wildCard,
                              },
                          ],
                      }
                    : {}),
            };

            http.routers![routerName] = {
                entryPoints: [
                    resource.ssl
                        ? config.traefik.https_entrypoint
                        : config.traefik.http_entrypoint,
                ],
                middlewares: resource.ssl ? [badgerMiddlewareName] : [],
                service: serviceName,
                rule: `Host(\`${fullDomain}\`)`,
                ...(resource.ssl ? { tls } : {}),
            };

            if (resource.ssl) {
                // this is a redirect router; all it does is redirect to the https version if tls is enabled
                http.routers![routerName + "-redirect"] = {
                    entryPoints: [config.traefik.http_entrypoint],
                    middlewares: [redirectMiddlewareName],
                    service: serviceName,
                    rule: `Host(\`${fullDomain}\`)`,
                };
            }

            if (site.type === "newt") {
                const ip = site.subnet.split("/")[0];
                http.services![serviceName] = {
                    loadBalancer: {
                        servers: [
                            {
                                url: `${target.method}://${ip}:${target.internalPort}`,
                            },
                        ],
                    },
                };
            } else if (site.type === "wireguard") {
                http.services![serviceName] = {
                    loadBalancer: {
                        servers: [
                            {
                                url: `${target.method}://${target.ip}:${target.port}`,
                            },
                        ],
                    },
                };
            }
        }

        return res.status(HttpCode.OK).json({ http });
    } catch (e) {
        logger.error(`Failed to build traefik config: ${e}`);
        return res.status(HttpCode.INTERNAL_SERVER_ERROR).json({
            error: "Failed to build traefik config",
        });
    }
}
added traefik config provider endpoint 2024-09-28 22:50:10 -04:00			`import { Request, Response } from "express";`
			`import db from "@server/db";`
			`import * as schema from "@server/db/schema";`
use fullDomain from resources in get traefik config 2024-10-26 19:57:47 -04:00			`import { and, eq, isNotNull } from "drizzle-orm";`
added traefik config provider endpoint 2024-09-28 22:50:10 -04:00			`import logger from "@server/logger";`
started integrating auth with lucia 2024-10-01 20:48:03 -04:00			`import HttpCode from "@server/types/HttpCode";`
use config file instead of env 2024-10-12 18:21:31 -04:00			`import config from "@server/config";`
added traefik config provider endpoint 2024-09-28 22:50:10 -04:00
use fullDomain from resources in get traefik config 2024-10-26 19:57:47 -04:00			`export async function traefikConfigProvider(`
			`_: Request,`
set resource session cookie in proxy via param 2024-11-23 23:31:22 -05:00			`res: Response,`
use fullDomain from resources in get traefik config 2024-10-26 19:57:47 -04:00			`): Promise<any> {`
added traefik config provider endpoint 2024-09-28 22:50:10 -04:00			`try {`
use fullDomain from resources in get traefik config 2024-10-26 19:57:47 -04:00			`const all = await db`
			`.select()`
			`.from(schema.targets)`
			`.innerJoin(`
			`schema.resources,`
set resource session cookie in proxy via param 2024-11-23 23:31:22 -05:00			`eq(schema.targets.resourceId, schema.resources.resourceId),`
use fullDomain from resources in get traefik config 2024-10-26 19:57:47 -04:00			`)`
add roles input on resource and make spacing more consistent 2024-11-15 18:25:27 -05:00			`.innerJoin(`
			`schema.orgs,`
set resource session cookie in proxy via param 2024-11-23 23:31:22 -05:00			`eq(schema.resources.orgId, schema.orgs.orgId),`
add roles input on resource and make spacing more consistent 2024-11-15 18:25:27 -05:00			`)`
build traefik config for newt correctly 2024-11-24 15:05:15 -05:00			`.innerJoin(`
			`schema.sites,`
			`eq(schema.sites.siteId, schema.resources.siteId),`
			`)`
use fullDomain from resources in get traefik config 2024-10-26 19:57:47 -04:00			`.where(`
			`and(`
			`eq(schema.targets.enabled, true),`
add roles input on resource and make spacing more consistent 2024-11-15 18:25:27 -05:00			`isNotNull(schema.resources.subdomain),`
set resource session cookie in proxy via param 2024-11-23 23:31:22 -05:00			`isNotNull(schema.orgs.domain),`
			`),`
use fullDomain from resources in get traefik config 2024-10-26 19:57:47 -04:00			`);`
added traefik config provider endpoint 2024-09-28 22:50:10 -04:00
use fullDomain from resources in get traefik config 2024-10-26 19:57:47 -04:00			`if (!all.length) {`
http only works, and added redirect middleware 2024-10-27 23:36:04 -04:00			`return res.status(HttpCode.OK).json({});`
use fullDomain from resources in get traefik config 2024-10-26 19:57:47 -04:00			`}`
add traefik settings to config and use fullDomain 2024-10-22 00:09:27 -04:00
http only works, and added redirect middleware 2024-10-27 23:36:04 -04:00			`const badgerMiddlewareName = "badger";`
			`const redirectMiddlewareName = "redirect-to-https";`
added traefik config provider endpoint 2024-09-28 22:50:10 -04:00
http only works, and added redirect middleware 2024-10-27 23:36:04 -04:00			`// const baseDomain = new URL(config.app.base_url).hostname;`
add traefik settings to config and use fullDomain 2024-10-22 00:09:27 -04:00
use fullDomain from resources in get traefik config 2024-10-26 19:57:47 -04:00			`const http: any = {`
			`routers: {},`
			`services: {},`
			`middlewares: {`
http only works, and added redirect middleware 2024-10-27 23:36:04 -04:00			`[badgerMiddlewareName]: {`
use fullDomain from resources in get traefik config 2024-10-26 19:57:47 -04:00			`plugin: {`
http only works, and added redirect middleware 2024-10-27 23:36:04 -04:00			`[badgerMiddlewareName]: {`
use fullDomain from resources in get traefik config 2024-10-26 19:57:47 -04:00			`apiBaseUrl: new URL(`
			`"/api/v1",`
set resource session cookie in proxy via param 2024-11-23 23:31:22 -05:00			`http://${config.server.internal_hostname}:${config.server.internal_port}`,
use fullDomain from resources in get traefik config 2024-10-26 19:57:47 -04:00			`).href,`
set resource session cookie in proxy via param 2024-11-23 23:31:22 -05:00			`resourceSessionCookieName:`
			`config.badger.resource_session_cookie_name,`
			`userSessionCookieName:`
			`config.server.session_cookie_name,`
			`sessionQueryParameter:`
			`config.badger.session_query_parameter,`
use fullDomain from resources in get traefik config 2024-10-26 19:57:47 -04:00			`},`
fix env 2024-09-29 14:37:26 -04:00			`},`
			`},`
http only works, and added redirect middleware 2024-10-27 23:36:04 -04:00			`[redirectMiddlewareName]: {`
			`redirectScheme: {`
			`scheme: "https",`
			`permanent: true,`
			`},`
			`},`
fix env 2024-09-29 14:37:26 -04:00			`},`
added traefik config provider endpoint 2024-09-28 22:50:10 -04:00			`};`
use fullDomain from resources in get traefik config 2024-10-26 19:57:47 -04:00			`for (const item of all) {`
			`const target = item.targets;`
			`const resource = item.resources;`
build traefik config for newt correctly 2024-11-24 15:05:15 -05:00			`const site = item.sites;`
add roles input on resource and make spacing more consistent 2024-11-15 18:25:27 -05:00			`const org = item.orgs;`
use fullDomain from resources in get traefik config 2024-10-26 19:57:47 -04:00
			const routerName = `${target.targetId}-router`;
			const serviceName = `${target.targetId}-service`;
added traefik config provider endpoint 2024-09-28 22:50:10 -04:00
add roles input on resource and make spacing more consistent 2024-11-15 18:25:27 -05:00			`if (!resource \|\| !resource.subdomain) {`
			`continue;`
			`}`

			`if (!org \|\| !org.domain) {`
infer wild card cert if prefer flag is on 2024-10-28 00:07:43 -04:00			`continue;`
			`}`

add roles input on resource and make spacing more consistent 2024-11-15 18:25:27 -05:00			const fullDomain = `${resource.subdomain}.${org.domain}`;

			`const domainParts = fullDomain.split(".");`
infer wild card cert if prefer flag is on 2024-10-28 00:07:43 -04:00			`let wildCard;`
			`if (domainParts.length <= 2) {`
			wildCard = `*.${domainParts.join(".")}`;
			`} else {`
			wildCard = `*.${domainParts.slice(1).join(".")}`;
			`}`

			`const tls = {`
			`certResolver: config.traefik.cert_resolver,`
			`...(config.traefik.prefer_wildcard_cert`
			`? {`
			`domains: [`
			`{`
move ssl from target to resource 2024-10-28 23:34:04 -04:00			`main: wildCard,`
infer wild card cert if prefer flag is on 2024-10-28 00:07:43 -04:00			`},`
			`],`
			`}`
			`: {}),`
			`};`

use fullDomain from resources in get traefik config 2024-10-26 19:57:47 -04:00			`http.routers![routerName] = {`
			`entryPoints: [`
move ssl from target to resource 2024-10-28 23:34:04 -04:00			`resource.ssl`
use fullDomain from resources in get traefik config 2024-10-26 19:57:47 -04:00			`? config.traefik.https_entrypoint`
			`: config.traefik.http_entrypoint,`
added traefik config provider endpoint 2024-09-28 22:50:10 -04:00			`],`
move ssl from target to resource 2024-10-28 23:34:04 -04:00			`middlewares: resource.ssl ? [badgerMiddlewareName] : [],`
use fullDomain from resources in get traefik config 2024-10-26 19:57:47 -04:00			`service: serviceName,`
add roles input on resource and make spacing more consistent 2024-11-15 18:25:27 -05:00			rule: `Host(\`${fullDomain}\`)`,
move ssl from target to resource 2024-10-28 23:34:04 -04:00			`...(resource.ssl ? { tls } : {}),`
use fullDomain from resources in get traefik config 2024-10-26 19:57:47 -04:00			`};`
added traefik config provider endpoint 2024-09-28 22:50:10 -04:00
move ssl from target to resource 2024-10-28 23:34:04 -04:00			`if (resource.ssl) {`
http only works, and added redirect middleware 2024-10-27 23:36:04 -04:00			`// this is a redirect router; all it does is redirect to the https version if tls is enabled`
			`http.routers![routerName + "-redirect"] = {`
			`entryPoints: [config.traefik.http_entrypoint],`
			`middlewares: [redirectMiddlewareName],`
			`service: serviceName,`
add roles input on resource and make spacing more consistent 2024-11-15 18:25:27 -05:00			rule: `Host(\`${fullDomain}\`)`,
http only works, and added redirect middleware 2024-10-27 23:36:04 -04:00			`};`
			`}`

build traefik config for newt correctly 2024-11-24 15:05:15 -05:00			`if (site.type === "newt") {`
			`const ip = site.subnet.split("/")[0];`
			`http.services![serviceName] = {`
			`loadBalancer: {`
			`servers: [`
			`{`
			url: `${target.method}://${ip}:${target.internalPort}`,
			`},`
			`],`
			`},`
			`};`
			`} else if (site.type === "wireguard") {`
			`http.services![serviceName] = {`
			`loadBalancer: {`
			`servers: [`
			`{`
			url: `${target.method}://${target.ip}:${target.port}`,
			`},`
			`],`
			`},`
			`};`
			`}`
use fullDomain from resources in get traefik config 2024-10-26 19:57:47 -04:00			`}`
added traefik config provider endpoint 2024-09-28 22:50:10 -04:00
use fullDomain from resources in get traefik config 2024-10-26 19:57:47 -04:00			`return res.status(HttpCode.OK).json({ http });`
			`} catch (e) {`
			logger.error(`Failed to build traefik config: ${e}`);
			`return res.status(HttpCode.INTERNAL_SERVER_ERROR).json({`
			`error: "Failed to build traefik config",`
			`});`
			`}`
added traefik config provider endpoint 2024-09-28 22:50:10 -04:00			`}`