fosrl.pangolin/server/routers/olm/handleOlmRegisterMessage.ts

import { db, ExitNode } from "@server/db";
import { MessageHandler } from "../ws";
import { clients, clientSites, exitNodes, Olm, olms, sites } from "@server/db";
import { and, eq, inArray } from "drizzle-orm";
import { addPeer, deletePeer } from "../newt/peers";
import logger from "@server/logger";
import { listExitNodes } from "@server/lib/exitNodes";

export const handleOlmRegisterMessage: MessageHandler = async (context) => {
    logger.info("Handling register olm message!");
    const { message, client: c, sendToClient } = context;
    const olm = c as Olm;

    const now = new Date().getTime() / 1000;

    if (!olm) {
        logger.warn("Olm not found");
        return;
    }
    if (!olm.clientId) {
        logger.warn("Olm has no client ID!");
        return;
    }
    const clientId = olm.clientId;
    const { publicKey, relay } = message.data;

    logger.debug(
        `Olm client ID: ${clientId}, Public Key: ${publicKey}, Relay: ${relay}`
    );

    if (!publicKey) {
        logger.warn("Public key not provided");
        return;
    }

    // Get the client
    const [client] = await db
        .select()
        .from(clients)
        .where(eq(clients.clientId, clientId))
        .limit(1);

    if (!client) {
        logger.warn("Client not found");
        return;
    }

    if (client.exitNodeId) {
        // TODO: FOR NOW WE ARE JUST HOLEPUNCHING ALL EXIT NODES BUT IN THE FUTURE WE SHOULD HANDLE THIS BETTER

        // Get the exit node
        const allExitNodes = await listExitNodes(client.orgId, true); // FILTER THE ONLINE ONES

        const exitNodesHpData = allExitNodes.map((exitNode: ExitNode) => {
            return {
                publicKey: exitNode.publicKey,
                endpoint: exitNode.endpoint
            };
        });

        // Send holepunch message
        await sendToClient(olm.olmId, {
            type: "olm/wg/holepunch/all",
            data: {
                exitNodes: exitNodesHpData
            }
        });

        // THIS IS FOR BACKWARDS COMPATIBILITY
        await sendToClient(olm.olmId, {
            type: "olm/wg/holepunch/all",
            data: {
                serverPubKey: allExitNodes[0].publicKey,
                endpoint: allExitNodes[0].endpoint
            }
        });
    }

    if (now - (client.lastHolePunch || 0) > 6) {
        logger.warn("Client last hole punch is too old, skipping all sites");
        return;
    }

    if (client.pubKey !== publicKey) {
        logger.info(
            "Public key mismatch. Updating public key and clearing session info..."
        );
        // Update the client's public key
        await db
            .update(clients)
            .set({
                pubKey: publicKey
            })
            .where(eq(clients.clientId, olm.clientId));

        // set isRelay to false for all of the client's sites to reset the connection metadata
        await db
            .update(clientSites)
            .set({
                isRelayed: relay == true
            })
            .where(eq(clientSites.clientId, olm.clientId));
    }

    // Get all sites data
    const sitesData = await db
        .select()
        .from(sites)
        .innerJoin(clientSites, eq(sites.siteId, clientSites.siteId))
        .where(eq(clientSites.clientId, client.clientId));

    // Prepare an array to store site configurations
    let siteConfigurations = [];
    logger.debug(
        `Found ${sitesData.length} sites for client ${client.clientId}`
    );

    if (sitesData.length === 0) {
        sendToClient(olm.olmId, {
            type: "olm/register/no-sites",
            data: {}
        });
    }

    // Process each site
    for (const { sites: site } of sitesData) {
        if (!site.exitNodeId) {
            logger.warn(
                `Site ${site.siteId} does not have exit node, skipping`
            );
            continue;
        }

        // Validate endpoint and hole punch status
        if (!site.endpoint) {
            logger.warn(`Site ${site.siteId} has no endpoint, skipping`);
            continue;
        }

        // if (site.lastHolePunch && now - site.lastHolePunch > 6 && relay) {
        //     logger.warn(
        //         `Site ${site.siteId} last hole punch is too old, skipping`
        //     );
        //     continue;
        // }

        // If public key changed, delete old peer from this site
        if (client.pubKey && client.pubKey != publicKey) {
            logger.info(
                `Public key mismatch. Deleting old peer from site ${site.siteId}...`
            );
            await deletePeer(site.siteId, client.pubKey!);
        }

        if (!site.subnet) {
            logger.warn(`Site ${site.siteId} has no subnet, skipping`);
            continue;
        }

        const [clientSite] = await db
            .select()
            .from(clientSites)
            .where(
                and(
                    eq(clientSites.clientId, client.clientId),
                    eq(clientSites.siteId, site.siteId)
                )
            )
            .limit(1);

        // Add the peer to the exit node for this site
        if (clientSite.endpoint) {
            logger.info(
                `Adding peer ${publicKey} to site ${site.siteId} with endpoint ${clientSite.endpoint}`
            );
            await addPeer(site.siteId, {
                publicKey: publicKey,
                allowedIps: [`${client.subnet.split("/")[0]}/32`], // we want to only allow from that client
                endpoint: relay ? "" : clientSite.endpoint
            });
        } else {
            logger.warn(
                `Client ${client.clientId} has no endpoint, skipping peer addition`
            );
        }

        let endpoint = site.endpoint;
        if (relay) {
            const [exitNode] = await db
                .select()
                .from(exitNodes)
                .where(eq(exitNodes.exitNodeId, site.exitNodeId))
                .limit(1);
            if (!exitNode) {
                logger.warn(`Exit node not found for site ${site.siteId}`);
                continue;
            }
            endpoint = `${exitNode.endpoint}:21820`;
        }

        // Add site configuration to the array
        siteConfigurations.push({
            siteId: site.siteId,
            endpoint: endpoint,
            publicKey: site.publicKey,
            serverIP: site.address,
            serverPort: site.listenPort,
            remoteSubnets: site.remoteSubnets
        });
    }

    // REMOVED THIS SO IT CREATES THE INTERFACE AND JUST WAITS FOR THE SITES
    // if (siteConfigurations.length === 0) {
    //     logger.warn("No valid site configurations found");
    //     return;
    // }

    // Return connect message with all site configurations
    return {
        message: {
            type: "olm/wg/connect",
            data: {
                sites: siteConfigurations,
                tunnelIP: client.subnet
            }
        },
        broadcast: false,
        excludeSender: false
    };
};
Support relaying on register 2025-07-24 14:48:24 -07:00			`import { db, ExitNode } from "@server/db";`
Move things around; rename to olm 2025-02-21 10:13:41 -05:00			`import { MessageHandler } from "../ws";`
Send all hp data now 2025-08-04 20:22:13 -07:00			`import { clients, clientSites, exitNodes, Olm, olms, sites } from "@server/db";`
Move endpoint to per site 2025-08-04 20:17:35 -07:00			`import { and, eq, inArray } from "drizzle-orm";`
Working on handlers 2025-02-21 10:55:38 -05:00			`import { addPeer, deletePeer } from "../newt/peers";`
Move things around; rename to olm 2025-02-21 10:13:41 -05:00			`import logger from "@server/logger";`
Use new function 2025-08-15 15:59:38 -07:00			`import { listExitNodes } from "@server/lib/exitNodes";`
Move things around; rename to olm 2025-02-21 10:13:41 -05:00
			`export const handleOlmRegisterMessage: MessageHandler = async (context) => {`
Move up client reject 2025-04-01 22:49:08 -04:00			`logger.info("Handling register olm message!");`
Handle types in handlers 2025-02-21 12:17:56 -05:00			`const { message, client: c, sendToClient } = context;`
			`const olm = c as Olm;`
Move up client reject 2025-04-01 22:49:08 -04:00
			`const now = new Date().getTime() / 1000;`

Move things around; rename to olm 2025-02-21 10:13:41 -05:00			`if (!olm) {`
			`logger.warn("Olm not found");`
			`return;`
			`}`
Handle types in handlers 2025-02-21 12:17:56 -05:00			`if (!olm.clientId) {`
Start changes for multi site clients - Org subnet and assign sites and clients out of the same subnet group on each org - Add join table for client on multiple sites - Start to handle websocket endpoints for these multiple connections 2025-03-25 22:01:08 -04:00			`logger.warn("Olm has no client ID!");`
Move things around; rename to olm 2025-02-21 10:13:41 -05:00			`return;`
			`}`
Handle types in handlers 2025-02-21 12:17:56 -05:00			`const clientId = olm.clientId;`
Support relaying on register 2025-07-24 14:48:24 -07:00			`const { publicKey, relay } = message.data;`

Send all hp data now 2025-08-04 20:22:13 -07:00			`logger.debug(`
			`Olm client ID: ${clientId}, Public Key: ${publicKey}, Relay: ${relay}`
			`);`
Support relaying on register 2025-07-24 14:48:24 -07:00
Move things around; rename to olm 2025-02-21 10:13:41 -05:00			`if (!publicKey) {`
			`logger.warn("Public key not provided");`
			`return;`
			`}`
Finish conversion of olm reg to multi site 2025-03-26 21:23:26 -04:00
Start changes for multi site clients - Org subnet and assign sites and clients out of the same subnet group on each org - Add join table for client on multiple sites - Start to handle websocket endpoints for these multiple connections 2025-03-25 22:01:08 -04:00			`// Get the client`
Handle types in handlers 2025-02-21 12:17:56 -05:00			`const [client] = await db`
			`.select()`
			`.from(clients)`
			`.where(eq(clients.clientId, clientId))`
			`.limit(1);`
Finish conversion of olm reg to multi site 2025-03-26 21:23:26 -04:00
Start changes for multi site clients - Org subnet and assign sites and clients out of the same subnet group on each org - Add join table for client on multiple sites - Start to handle websocket endpoints for these multiple connections 2025-03-25 22:01:08 -04:00			`if (!client) {`
			`logger.warn("Client not found");`
Handle types in handlers 2025-02-21 12:17:56 -05:00			`return;`
			`}`
Finish conversion of olm reg to multi site 2025-03-26 21:23:26 -04:00
			`if (client.exitNodeId) {`
Send all hp data now 2025-08-04 20:22:13 -07:00			`// TODO: FOR NOW WE ARE JUST HOLEPUNCHING ALL EXIT NODES BUT IN THE FUTURE WE SHOULD HANDLE THIS BETTER`
Move up client reject 2025-04-01 22:49:08 -04:00
Send all hp data now 2025-08-04 20:22:13 -07:00			`// Get the exit node`
Use new function 2025-08-15 15:59:38 -07:00			`const allExitNodes = await listExitNodes(client.orgId, true); // FILTER THE ONLINE ONES`
Send all hp data now 2025-08-04 20:22:13 -07:00
			`const exitNodesHpData = allExitNodes.map((exitNode: ExitNode) => {`
			`return {`
Handle multiple hp messages 2025-08-04 20:34:27 -07:00			`publicKey: exitNode.publicKey,`
Send all hp data now 2025-08-04 20:22:13 -07:00			`endpoint: exitNode.endpoint`
			`};`
			`});`

			`// Send holepunch message`
			`await sendToClient(olm.olmId, {`
Handle multiple hp messages 2025-08-04 20:34:27 -07:00			`type: "olm/wg/holepunch/all",`
Finish conversion of olm reg to multi site 2025-03-26 21:23:26 -04:00			`data: {`
Handle multiple hp messages 2025-08-04 20:34:27 -07:00			`exitNodes: exitNodesHpData`
			`}`
			`});`

			`// THIS IS FOR BACKWARDS COMPATIBILITY`
			`await sendToClient(olm.olmId, {`
			`type: "olm/wg/holepunch/all",`
			`data: {`
			`serverPubKey: allExitNodes[0].publicKey,`
			`endpoint: allExitNodes[0].endpoint`
Finish conversion of olm reg to multi site 2025-03-26 21:23:26 -04:00			`}`
			`});`
Move things around; rename to olm 2025-02-21 10:13:41 -05:00			`}`
Finish conversion of olm reg to multi site 2025-03-26 21:23:26 -04:00
Solve olm not having chance to send hp message 2025-04-11 10:33:20 -04:00			`if (now - (client.lastHolePunch \|\| 0) > 6) {`
Move up client reject 2025-04-01 22:49:08 -04:00			`logger.warn("Client last hole punch is too old, skipping all sites");`
Solve olm not having chance to send hp message 2025-04-11 10:33:20 -04:00			`return;`
Move up client reject 2025-04-01 22:49:08 -04:00			`}`

newts not being on when olm is started 2025-04-13 21:28:11 -04:00			`if (client.pubKey !== publicKey) {`
			`logger.info(`
			`"Public key mismatch. Updating public key and clearing session info..."`
			`);`
			`// Update the client's public key`
			`await db`
			`.update(clients)`
			`.set({`
			`pubKey: publicKey`
			`})`
			`.where(eq(clients.clientId, olm.clientId));`

			`// set isRelay to false for all of the client's sites to reset the connection metadata`
			`await db`
			`.update(clientSites)`
			`.set({`
Support relaying on register 2025-07-24 14:48:24 -07:00			`isRelayed: relay == true`
newts not being on when olm is started 2025-04-13 21:28:11 -04:00			`})`
			`.where(eq(clientSites.clientId, olm.clientId));`
			`}`
Finish conversion of olm reg to multi site 2025-03-26 21:23:26 -04:00
Start changes for multi site clients - Org subnet and assign sites and clients out of the same subnet group on each org - Add join table for client on multiple sites - Start to handle websocket endpoints for these multiple connections 2025-03-25 22:01:08 -04:00			`// Get all sites data`
			`const sitesData = await db`
			`.select()`
			`.from(sites)`
Finish conversion of olm reg to multi site 2025-03-26 21:23:26 -04:00			`.innerJoin(clientSites, eq(sites.siteId, clientSites.siteId))`
			`.where(eq(clientSites.clientId, client.clientId));`

Start changes for multi site clients - Org subnet and assign sites and clients out of the same subnet group on each org - Add join table for client on multiple sites - Start to handle websocket endpoints for these multiple connections 2025-03-25 22:01:08 -04:00			`// Prepare an array to store site configurations`
Support relaying on register 2025-07-24 14:48:24 -07:00			`let siteConfigurations = [];`
Send all hp data now 2025-08-04 20:22:13 -07:00			`logger.debug(`
			`Found ${sitesData.length} sites for client ${client.clientId}`
			`);`
Fix adding sites to client 2025-07-28 22:40:27 -07:00
			`if (sitesData.length === 0) {`
			`sendToClient(olm.olmId, {`
			`type: "olm/register/no-sites",`
			`data: {}`
			`});`
			`}`

Start changes for multi site clients - Org subnet and assign sites and clients out of the same subnet group on each org - Add join table for client on multiple sites - Start to handle websocket endpoints for these multiple connections 2025-03-25 22:01:08 -04:00			`// Process each site`
Finish conversion of olm reg to multi site 2025-03-26 21:23:26 -04:00			`for (const { sites: site } of sitesData) {`
Start changes for multi site clients - Org subnet and assign sites and clients out of the same subnet group on each org - Add join table for client on multiple sites - Start to handle websocket endpoints for these multiple connections 2025-03-25 22:01:08 -04:00			`if (!site.exitNodeId) {`
Finish conversion of olm reg to multi site 2025-03-26 21:23:26 -04:00			`logger.warn(`
			`Site ${site.siteId} does not have exit node, skipping`
			`);`
Start changes for multi site clients - Org subnet and assign sites and clients out of the same subnet group on each org - Add join table for client on multiple sites - Start to handle websocket endpoints for these multiple connections 2025-03-25 22:01:08 -04:00			`continue;`
			`}`
Finish conversion of olm reg to multi site 2025-03-26 21:23:26 -04:00
Start changes for multi site clients - Org subnet and assign sites and clients out of the same subnet group on each org - Add join table for client on multiple sites - Start to handle websocket endpoints for these multiple connections 2025-03-25 22:01:08 -04:00			`// Validate endpoint and hole punch status`
			`if (!site.endpoint) {`
			logger.warn(`Site ${site.siteId} has no endpoint, skipping`);
			`continue;`
			`}`
Finish conversion of olm reg to multi site 2025-03-26 21:23:26 -04:00
Basic clients working 2025-07-27 10:21:27 -07:00			`// if (site.lastHolePunch && now - site.lastHolePunch > 6 && relay) {`
			`// logger.warn(`
			// `Site ${site.siteId} last hole punch is too old, skipping`
			`// );`
			`// continue;`
			`// }`
Finish conversion of olm reg to multi site 2025-03-26 21:23:26 -04:00
Start changes for multi site clients - Org subnet and assign sites and clients out of the same subnet group on each org - Add join table for client on multiple sites - Start to handle websocket endpoints for these multiple connections 2025-03-25 22:01:08 -04:00			`// If public key changed, delete old peer from this site`
Working on htp 2025-04-04 10:59:22 -04:00			`if (client.pubKey && client.pubKey != publicKey) {`
Finish conversion of olm reg to multi site 2025-03-26 21:23:26 -04:00			`logger.info(`
			`Public key mismatch. Deleting old peer from site ${site.siteId}...`
			`);`
			`await deletePeer(site.siteId, client.pubKey!);`
Start changes for multi site clients - Org subnet and assign sites and clients out of the same subnet group on each org - Add join table for client on multiple sites - Start to handle websocket endpoints for these multiple connections 2025-03-25 22:01:08 -04:00			`}`
Finish conversion of olm reg to multi site 2025-03-26 21:23:26 -04:00
Start changes for multi site clients - Org subnet and assign sites and clients out of the same subnet group on each org - Add join table for client on multiple sites - Start to handle websocket endpoints for these multiple connections 2025-03-25 22:01:08 -04:00			`if (!site.subnet) {`
			logger.warn(`Site ${site.siteId} has no subnet, skipping`);
			`continue;`
			`}`
Finish conversion of olm reg to multi site 2025-03-26 21:23:26 -04:00
Move endpoint to per site 2025-08-04 20:17:35 -07:00			`const [clientSite] = await db`
			`.select()`
			`.from(clientSites)`
Send all hp data now 2025-08-04 20:22:13 -07:00			`.where(`
			`and(`
			`eq(clientSites.clientId, client.clientId),`
			`eq(clientSites.siteId, site.siteId)`
			`)`
			`)`
Move endpoint to per site 2025-08-04 20:17:35 -07:00			`.limit(1);`

Start changes for multi site clients - Org subnet and assign sites and clients out of the same subnet group on each org - Add join table for client on multiple sites - Start to handle websocket endpoints for these multiple connections 2025-03-25 22:01:08 -04:00			`// Add the peer to the exit node for this site`
Move endpoint to per site 2025-08-04 20:17:35 -07:00			`if (clientSite.endpoint) {`
Add logging to not sending because endpoint 2025-04-01 21:28:16 -04:00			`logger.info(`
Move endpoint to per site 2025-08-04 20:17:35 -07:00			`Adding peer ${publicKey} to site ${site.siteId} with endpoint ${clientSite.endpoint}`
Add logging to not sending because endpoint 2025-04-01 21:28:16 -04:00			`);`
Finish conversion of olm reg to multi site 2025-03-26 21:23:26 -04:00			`await addPeer(site.siteId, {`
			`publicKey: publicKey,`
Send all hp data now 2025-08-04 20:22:13 -07:00			allowedIps: [`${client.subnet.split("/")[0]}/32`], // we want to only allow from that client
Move endpoint to per site 2025-08-04 20:17:35 -07:00			`endpoint: relay ? "" : clientSite.endpoint`
Finish conversion of olm reg to multi site 2025-03-26 21:23:26 -04:00			`});`
Add logging to not sending because endpoint 2025-04-01 21:28:16 -04:00			`} else {`
			`logger.warn(`
			`Client ${client.clientId} has no endpoint, skipping peer addition`
Move up client reject 2025-04-01 22:49:08 -04:00			`);`
Finish conversion of olm reg to multi site 2025-03-26 21:23:26 -04:00			`}`

Support relaying on register 2025-07-24 14:48:24 -07:00			`let endpoint = site.endpoint;`
			`if (relay) {`
			`const [exitNode] = await db`
			`.select()`
			`.from(exitNodes)`
			`.where(eq(exitNodes.exitNodeId, site.exitNodeId))`
			`.limit(1);`
			`if (!exitNode) {`
			logger.warn(`Exit node not found for site ${site.siteId}`);
			`continue;`
			`}`
			endpoint = `${exitNode.endpoint}:21820`;
			`}`

Start changes for multi site clients - Org subnet and assign sites and clients out of the same subnet group on each org - Add join table for client on multiple sites - Start to handle websocket endpoints for these multiple connections 2025-03-25 22:01:08 -04:00			`// Add site configuration to the array`
			`siteConfigurations.push({`
			`siteId: site.siteId,`
Support relaying on register 2025-07-24 14:48:24 -07:00			`endpoint: endpoint,`
Start changes for multi site clients - Org subnet and assign sites and clients out of the same subnet group on each org - Add join table for client on multiple sites - Start to handle websocket endpoints for these multiple connections 2025-03-25 22:01:08 -04:00			`publicKey: site.publicKey,`
Relaying working 2025-04-11 20:52:45 -04:00			`serverIP: site.address,`
Basic clients working 2025-07-27 10:21:27 -07:00			`serverPort: site.listenPort,`
			`remoteSubnets: site.remoteSubnets`
Start changes for multi site clients - Org subnet and assign sites and clients out of the same subnet group on each org - Add join table for client on multiple sites - Start to handle websocket endpoints for these multiple connections 2025-03-25 22:01:08 -04:00			`});`
Move things around; rename to olm 2025-02-21 10:13:41 -05:00			`}`
Finish conversion of olm reg to multi site 2025-03-26 21:23:26 -04:00
Send all hp data now 2025-08-04 20:22:13 -07:00			`// REMOVED THIS SO IT CREATES THE INTERFACE AND JUST WAITS FOR THE SITES`
Fix adding sites to client 2025-07-28 22:40:27 -07:00			`// if (siteConfigurations.length === 0) {`
			`// logger.warn("No valid site configurations found");`
			`// return;`
			`// }`
Finish conversion of olm reg to multi site 2025-03-26 21:23:26 -04:00
Start changes for multi site clients - Org subnet and assign sites and clients out of the same subnet group on each org - Add join table for client on multiple sites - Start to handle websocket endpoints for these multiple connections 2025-03-25 22:01:08 -04:00			`// Return connect message with all site configurations`
Move things around; rename to olm 2025-02-21 10:13:41 -05:00			`return {`
			`message: {`
			`type: "olm/wg/connect",`
			`data: {`
Start changes for multi site clients - Org subnet and assign sites and clients out of the same subnet group on each org - Add join table for client on multiple sites - Start to handle websocket endpoints for these multiple connections 2025-03-25 22:01:08 -04:00			`sites: siteConfigurations,`
Finish conversion of olm reg to multi site 2025-03-26 21:23:26 -04:00			`tunnelIP: client.subnet`
Move things around; rename to olm 2025-02-21 10:13:41 -05:00			`}`
			`},`
Start changes for multi site clients - Org subnet and assign sites and clients out of the same subnet group on each org - Add join table for client on multiple sites - Start to handle websocket endpoints for these multiple connections 2025-03-25 22:01:08 -04:00			`broadcast: false,`
			`excludeSender: false`
Move things around; rename to olm 2025-02-21 10:13:41 -05:00			`};`
Finish conversion of olm reg to multi site 2025-03-26 21:23:26 -04:00			`};`