fosrl.pangolin/server/routers/site/createSite.ts

163 lines
4.7 KiB
TypeScript
Raw Normal View History

import { Request, Response, NextFunction } from "express";
import { z } from "zod";
import { db } from "@server/db";
2024-12-21 21:01:12 -05:00
import { roles, userSites, sites, roleSites, Site } from "@server/db/schema";
2024-10-01 21:34:07 -04:00
import response from "@server/utils/response";
import HttpCode from "@server/types/HttpCode";
import createHttpError from "http-errors";
import logger from "@server/logger";
import { eq, and } from "drizzle-orm";
import { getUniqueSiteName } from "@server/db/names";
import { addPeer } from "../gerbil/peers";
import { fromError } from "zod-validation-error";
2024-11-23 16:28:50 -05:00
import { hash } from "@node-rs/argon2";
import { newts } from "@server/db/schema";
import moment from "moment";
2024-12-22 16:59:30 -05:00
import { hashPassword } from "@server/auth/password";
2024-10-01 21:34:07 -04:00
2024-12-21 21:01:12 -05:00
const createSiteParamsSchema = z
.object({
orgId: z.string()
})
.strict();
2024-10-01 21:34:07 -04:00
const createSiteSchema = z
.object({
name: z.string().min(1).max(255),
exitNodeId: z.number().int().positive(),
subdomain: z.string().min(1).max(255).optional(),
pubKey: z.string().optional(),
subnet: z.string(),
2024-11-23 16:28:50 -05:00
newtId: z.string().optional(),
secret: z.string().optional(),
2024-12-21 21:01:12 -05:00
type: z.string()
})
.strict();
2024-10-02 22:05:21 -04:00
2024-11-23 16:28:50 -05:00
export type CreateSiteBody = z.infer<typeof createSiteSchema>;
2024-12-21 21:01:12 -05:00
export type CreateSiteResponse = Site;
2024-10-14 21:59:35 -04:00
export async function createSite(
req: Request,
res: Response,
next: NextFunction
): Promise<any> {
2024-10-06 18:05:20 -04:00
try {
const parsedBody = createSiteSchema.safeParse(req.body);
if (!parsedBody.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedBody.error).toString()
2024-10-06 18:05:20 -04:00
)
);
}
2024-10-02 22:05:21 -04:00
2024-11-23 16:28:50 -05:00
const { name, type, exitNodeId, pubKey, subnet, newtId, secret } =
parsedBody.data;
2024-10-02 22:05:21 -04:00
2024-10-06 18:05:20 -04:00
const parsedParams = createSiteParamsSchema.safeParse(req.params);
if (!parsedParams.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedParams.error).toString()
2024-10-06 18:05:20 -04:00
)
);
}
2024-10-02 22:05:21 -04:00
2024-10-06 18:05:20 -04:00
const { orgId } = parsedParams.data;
2024-10-12 21:36:14 -04:00
if (!req.userOrgRoleId) {
return next(
createHttpError(HttpCode.FORBIDDEN, "User does not have a role")
);
2024-10-06 18:05:20 -04:00
}
2024-10-06 16:43:59 -04:00
const niceId = await getUniqueSiteName(orgId);
2024-10-14 21:59:35 -04:00
2024-11-15 21:53:58 -05:00
let payload: any = {
orgId,
exitNodeId,
name,
niceId,
subnet,
2024-12-21 21:01:12 -05:00
type
2024-11-15 21:53:58 -05:00
};
2024-11-23 16:28:50 -05:00
if (pubKey && type == "wireguard") {
// we dont add the pubKey for newts because the newt will generate it
2024-11-15 21:53:58 -05:00
payload = {
...payload,
2024-12-21 21:01:12 -05:00
pubKey
2024-11-15 21:53:58 -05:00
};
}
const [newSite] = await db.insert(sites).values(payload).returning();
const adminRole = await db
.select()
.from(roles)
.where(and(eq(roles.isAdmin, true), eq(roles.orgId, orgId)))
.limit(1);
2024-10-13 17:13:47 -04:00
if (adminRole.length === 0) {
2024-10-12 21:36:14 -04:00
return next(
createHttpError(HttpCode.NOT_FOUND, `Admin role not found`)
2024-10-12 21:36:14 -04:00
);
}
2024-10-13 17:13:47 -04:00
await db.insert(roleSites).values({
roleId: adminRole[0].roleId,
2024-12-21 21:01:12 -05:00
siteId: newSite.siteId
2024-10-12 21:36:14 -04:00
});
2024-10-02 22:05:21 -04:00
if (req.userOrgRoleId != adminRole[0].roleId) {
2024-10-12 21:36:14 -04:00
// make sure the user can access the site
2024-10-13 17:13:47 -04:00
db.insert(userSites).values({
userId: req.user?.userId!,
2024-12-21 21:01:12 -05:00
siteId: newSite.siteId
2024-10-12 21:36:14 -04:00
});
}
2024-10-13 17:13:47 -04:00
2024-11-23 16:28:50 -05:00
// add the peer to the exit node
if (type == "newt") {
2024-12-22 16:59:30 -05:00
const secretHash = await hashPassword(secret!);
2024-11-23 16:28:50 -05:00
await db.insert(newts).values({
newtId: newtId!,
secretHash,
siteId: newSite.siteId,
2024-12-21 21:01:12 -05:00
dateCreated: moment().toISOString()
2024-11-23 16:28:50 -05:00
});
} else if (type == "wireguard") {
if (!pubKey) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"Public key is required for wireguard sites"
)
);
}
2024-11-23 16:28:50 -05:00
await addPeer(exitNodeId, {
publicKey: pubKey,
2024-12-21 21:01:12 -05:00
allowedIps: []
2024-11-23 16:28:50 -05:00
});
2024-11-15 21:53:58 -05:00
}
2024-12-21 21:01:12 -05:00
return response<CreateSiteResponse>(res, {
data: newSite,
2024-10-06 18:05:20 -04:00
success: true,
error: false,
message: "Site created successfully",
2024-12-21 21:01:12 -05:00
status: HttpCode.CREATED
2024-10-06 18:05:20 -04:00
});
} catch (error) {
2024-12-21 21:01:12 -05:00
logger.error(error);
return next(
createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
);
2024-10-06 18:05:20 -04:00
}
}