mirror/fosrl.pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2025-08-21 09:48:39 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Move exit node comms to new file

Browse source
This commit is contained in:
Owen 2025-08-14 15:39:05 -07:00
parent 6600de7320
commit 04ecf41c5a
No known key found for this signature in database
GPG key ID: 8271FDFFD9E0CCBD
5 changed files with 295 additions and 197 deletions
Download patch file Download diff file Expand all files Collapse all files

76
server/hybridServer.ts
View file

@ -1,6 +1,3 @@
import next from "next";
import express from "express";
import { parse } from "url";
import logger from "@server/logger"; import logger from "@server/logger";
import config from "@server/lib/config"; import config from "@server/lib/config";
import { createWebSocketClient } from "./routers/ws/client"; import { createWebSocketClient } from "./routers/ws/client";
@ -9,6 +6,7 @@ import { db, exitNodes } from "./db";
import { TraefikConfigManager } from "./lib/remoteTraefikConfig"; import { TraefikConfigManager } from "./lib/remoteTraefikConfig";
import { tokenManager } from "./lib/tokenManager"; import { tokenManager } from "./lib/tokenManager";
import { APP_VERSION } from "./lib/consts"; import { APP_VERSION } from "./lib/consts";
import axios from "axios";
export async function createHybridClientServer() { export async function createHybridClientServer() {
logger.info("Starting hybrid client server..."); logger.info("Starting hybrid client server...");
@ -34,7 +32,7 @@ export async function createHybridClientServer() {
); );
// Register message handlers // Register message handlers
client.registerHandler("remote/peers/add", async (message) => { client.registerHandler("remoteExitNode/peers/add", async (message) => {
const { pubKey, allowedIps } = message.data; const { pubKey, allowedIps } = message.data;
// TODO: we are getting the exit node twice here // TODO: we are getting the exit node twice here
@ -46,7 +44,7 @@ export async function createHybridClientServer() {
}); });
}); });
client.registerHandler("remote/peers/remove", async (message) => { client.registerHandler("remoteExitNode/peers/remove", async (message) => {
const { pubKey } = message.data; const { pubKey } = message.data;
// TODO: we are getting the exit node twice here // TODO: we are getting the exit node twice here
@ -55,7 +53,69 @@ export async function createHybridClientServer() {
await deletePeer(exitNode.exitNodeId, pubKey); await deletePeer(exitNode.exitNodeId, pubKey);
}); });
client.registerHandler("remote/traefik/reload", async (message) => { // /update-proxy-mapping
client.registerHandler("remoteExitNode/update-proxy-mapping", async (message) => {
try {
const [exitNode] = await db.select().from(exitNodes).limit(1);
if (!exitNode) {
logger.error("No exit node found for proxy mapping update");
return;
}
const response = await axios.post(`${exitNode.endpoint}/update-proxy-mapping`, message.data);
logger.info(`Successfully updated proxy mapping: ${response.status}`);
} catch (error) {
// Extract useful information from axios error without circular references
if (error && typeof error === 'object' && 'response' in error) {
const axiosError = error as any;
logger.error("Failed to update proxy mapping:", {
status: axiosError.response?.status,
statusText: axiosError.response?.statusText,
data: axiosError.response?.data,
message: axiosError.message,
url: axiosError.config?.url
});
} else {
logger.error("Failed to update proxy mapping:", {
message: error instanceof Error ? error.message : String(error),
stack: error instanceof Error ? error.stack : undefined
});
}
}
});
// /update-destinations
client.registerHandler("remoteExitNode/update-destinations", async (message) => {
try {
const [exitNode] = await db.select().from(exitNodes).limit(1);
if (!exitNode) {
logger.error("No exit node found for destinations update");
return;
}
const response = await axios.post(`${exitNode.endpoint}/update-destinations`, message.data);
logger.info(`Successfully updated destinations: ${response.status}`);
} catch (error) {
// Extract useful information from axios error without circular references
if (error && typeof error === 'object' && 'response' in error) {
const axiosError = error as any;
logger.error("Failed to update destinations:", {
status: axiosError.response?.status,
statusText: axiosError.response?.statusText,
data: axiosError.response?.data,
message: axiosError.message,
url: axiosError.config?.url
});
} else {
logger.error("Failed to update proxy mapping:", {
message: error instanceof Error ? error.message : String(error),
stack: error instanceof Error ? error.stack : undefined
});
}
}
});
client.registerHandler("remoteExitNode/traefik/reload", async (message) => {
await monitor.HandleTraefikConfig(); await monitor.HandleTraefikConfig();
}); });
@ -72,7 +132,9 @@ export async function createHybridClientServer() {
}); });
client.on("message", (message) => { client.on("message", (message) => {
logger.info(`Received message: ${message.type} ${JSON.stringify(message.data)}`); logger.info(
`Received message: ${message.type} ${JSON.stringify(message.data)}`
);
}); });
// Connect to the server // Connect to the server

86
server/lib/exitNodeComms.ts Normal file
View file

@ -0,0 +1,86 @@
import axios from "axios";
import logger from "@server/logger";
import { ExitNode } from "@server/db";
interface ExitNodeRequest {
remoteType: string;
localPath: string;
method?: "POST" | "DELETE" | "GET" | "PUT";
data?: any;
queryParams?: Record<string, string>;
}
/**
* Sends a request to an exit node, handling both remote and local exit nodes
* @param exitNode The exit node to send the request to
* @param request The request configuration
* @returns Promise<any> Response data for local nodes, undefined for remote nodes
*/
export async function sendToExitNode(
exitNode: ExitNode,
request: ExitNodeRequest
): Promise<any> {
if (!exitNode.reachableAt) {
throw new Error(
`Exit node with ID ${exitNode.exitNodeId} is not reachable`
);
}
// Handle local exit node with HTTP API
const method = request.method || "POST";
let url = `${exitNode.reachableAt}${request.localPath}`;
// Add query parameters if provided
if (request.queryParams) {
const params = new URLSearchParams(request.queryParams);
url += `?${params.toString()}`;
}
try {
let response;
switch (method) {
case "POST":
response = await axios.post(url, request.data, {
headers: {
"Content-Type": "application/json"
}
});
break;
case "DELETE":
response = await axios.delete(url);
break;
case "GET":
response = await axios.get(url);
break;
case "PUT":
response = await axios.put(url, request.data, {
headers: {
"Content-Type": "application/json"
}
});
break;
default:
throw new Error(`Unsupported HTTP method: ${method}`);
}
logger.info(`Exit node request successful:`, {
method,
url,
status: response.data.status
});
return response.data;
} catch (error) {
if (axios.isAxiosError(error)) {
logger.error(
`Error making ${method} request (can Pangolin see Gerbil HTTP API?) for exit node at ${exitNode.reachableAt} (status: ${error.response?.status}): ${error.message}`
);
} else {
logger.error(
`Error making ${method} request for exit node at ${exitNode.reachableAt}: ${error}`
);
}
throw error;
}
}

202
server/routers/client/updateClient.ts
View file

@ -17,7 +17,7 @@ import {
addPeer as olmAddPeer, addPeer as olmAddPeer,
deletePeer as olmDeletePeer deletePeer as olmDeletePeer
} from "../olm/peers"; } from "../olm/peers";
import axios from "axios"; import { sendToExitNode } from "../../lib/exitNodeComms";
const updateClientParamsSchema = z const updateClientParamsSchema = z
.object({ .object({
@ -141,13 +141,15 @@ export async function updateClient(
const isRelayed = true; const isRelayed = true;
// get the clientsite // get the clientsite
const [clientSite] = await db const [clientSite] = await db
.select() .select()
.from(clientSites) .from(clientSites)
.where(and( .where(
eq(clientSites.clientId, client.clientId), and(
eq(clientSites.siteId, siteId) eq(clientSites.clientId, client.clientId),
)) eq(clientSites.siteId, siteId)
)
)
.limit(1); .limit(1);
if (!clientSite || !clientSite.endpoint) { if (!clientSite || !clientSite.endpoint) {
@ -158,7 +160,7 @@ export async function updateClient(
const site = await newtAddPeer(siteId, { const site = await newtAddPeer(siteId, {
publicKey: client.pubKey, publicKey: client.pubKey,
allowedIps: [`${client.subnet.split("/")[0]}/32`], // we want to only allow from that client allowedIps: [`${client.subnet.split("/")[0]}/32`], // we want to only allow from that client
endpoint: isRelayed ? "" : clientSite.endpoint endpoint: isRelayed ? "" : clientSite.endpoint
}); });
if (!site) { if (!site) {
@ -270,114 +272,102 @@ export async function updateClient(
} }
} }
// get all sites for this client and join with exit nodes with site.exitNodeId // get all sites for this client and join with exit nodes with site.exitNodeId
const sitesData = await db const sitesData = await db
.select() .select()
.from(sites) .from(sites)
.innerJoin( .innerJoin(clientSites, eq(sites.siteId, clientSites.siteId))
clientSites, .leftJoin(exitNodes, eq(sites.exitNodeId, exitNodes.exitNodeId))
eq(sites.siteId, clientSites.siteId) .where(eq(clientSites.clientId, client.clientId));
)
.leftJoin(
exitNodes,
eq(sites.exitNodeId, exitNodes.exitNodeId)
)
.where(eq(clientSites.clientId, client.clientId));
let exitNodeDestinations: { let exitNodeDestinations: {
reachableAt: string; reachableAt: string;
sourceIp: string; exitNodeId: number;
sourcePort: number; type: string;
destinations: PeerDestination[]; sourceIp: string;
}[] = []; sourcePort: number;
destinations: PeerDestination[];
}[] = [];
for (const site of sitesData) { for (const site of sitesData) {
if (!site.sites.subnet) { if (!site.sites.subnet) {
logger.warn( logger.warn(
`Site ${site.sites.siteId} has no subnet, skipping` `Site ${site.sites.siteId} has no subnet, skipping`
);
continue;
}
if (!site.clientSites.endpoint) {
logger.warn(
`Site ${site.sites.siteId} has no endpoint, skipping`
);
continue;
}
// find the destinations in the array
let destinations = exitNodeDestinations.find(
(d) => d.reachableAt === site.exitNodes?.reachableAt
); );
continue;
if (!destinations) {
destinations = {
reachableAt: site.exitNodes?.reachableAt || "",
sourceIp: site.clientSites.endpoint.split(":")[0] || "",
sourcePort: parseInt(site.clientSites.endpoint.split(":")[1]) || 0,
destinations: [
{
destinationIP:
site.sites.subnet.split("/")[0],
destinationPort: site.sites.listenPort || 0
}
]
};
} else {
// add to the existing destinations
destinations.destinations.push({
destinationIP: site.sites.subnet.split("/")[0],
destinationPort: site.sites.listenPort || 0
});
}
// update it in the array
exitNodeDestinations = exitNodeDestinations.filter(
(d) => d.reachableAt !== site.exitNodes?.reachableAt
);
exitNodeDestinations.push(destinations);
} }
for (const destination of exitNodeDestinations) { if (!site.clientSites.endpoint) {
try { logger.warn(
logger.info( `Site ${site.sites.siteId} has no endpoint, skipping`
`Updating destinations for exit node at ${destination.reachableAt}` );
); continue;
const payload = { }
sourceIp: destination.sourceIp,
sourcePort: destination.sourcePort, // find the destinations in the array
destinations: destination.destinations let destinations = exitNodeDestinations.find(
}; (d) => d.reachableAt === site.exitNodes?.reachableAt
logger.info( );
`Payload for update-destinations: ${JSON.stringify(payload, null, 2)}`
); if (!destinations) {
const response = await axios.post( destinations = {
`${destination.reachableAt}/update-destinations`, reachableAt: site.exitNodes?.reachableAt || "",
payload, exitNodeId: site.exitNodes?.exitNodeId || 0,
type: site.exitNodes?.type || "",
sourceIp: site.clientSites.endpoint.split(":")[0] || "",
sourcePort:
parseInt(site.clientSites.endpoint.split(":")[1]) ||
0,
destinations: [
{ {
headers: { destinationIP: site.sites.subnet.split("/")[0],
"Content-Type": "application/json" destinationPort: site.sites.listenPort || 0
}
} }
); ]
};
logger.info("Destinations updated:", { } else {
peer: response.data.status // add to the existing destinations
}); destinations.destinations.push({
} catch (error) { destinationIP: site.sites.subnet.split("/")[0],
if (axios.isAxiosError(error)) { destinationPort: site.sites.listenPort || 0
logger.error( });
`Error updating destinations (can Pangolin see Gerbil HTTP API?) for exit node at ${destination.reachableAt} (status: ${error.response?.status}): ${JSON.stringify(error.response?.data, null, 2)}`
);
} else {
logger.error(
`Error updating destinations for exit node at ${destination.reachableAt}: ${error}`
);
}
}
} }
// update it in the array
exitNodeDestinations = exitNodeDestinations.filter(
(d) => d.reachableAt !== site.exitNodes?.reachableAt
);
exitNodeDestinations.push(destinations);
}
for (const destination of exitNodeDestinations) {
logger.info(
`Updating destinations for exit node at ${destination.reachableAt}`
);
const payload = {
sourceIp: destination.sourceIp,
sourcePort: destination.sourcePort,
destinations: destination.destinations
};
logger.info(
`Payload for update-destinations: ${JSON.stringify(payload, null, 2)}`
);
// Create an ExitNode-like object for sendToExitNode
const exitNodeForComm = {
exitNodeId: destination.exitNodeId,
type: destination.type,
reachableAt: destination.reachableAt
} as any; // Using 'as any' since we know sendToExitNode will handle this correctly
await sendToExitNode(exitNodeForComm, {
remoteType: "remoteExitNode/update-destinations",
localPath: "/update-destinations",
method: "POST",
data: payload
});
}
// Fetch the updated client // Fetch the updated client
const [updatedClient] = await trx const [updatedClient] = await trx
.select() .select()

65
server/routers/gerbil/peers.ts
View file

@ -1,8 +1,8 @@
import axios from "axios";
import logger from "@server/logger"; import logger from "@server/logger";
import { db } from "@server/db"; import { db } from "@server/db";
import { exitNodes } from "@server/db"; import { exitNodes } from "@server/db";
import { eq } from "drizzle-orm"; import { eq } from "drizzle-orm";
import { sendToExitNode } from "../../lib/exitNodeComms";
export async function addPeer( export async function addPeer(
exitNodeId: number, exitNodeId: number,
@ -22,34 +22,13 @@ export async function addPeer(
if (!exitNode) { if (!exitNode) {
throw new Error(`Exit node with ID ${exitNodeId} not found`); throw new Error(`Exit node with ID ${exitNodeId} not found`);
} }
if (!exitNode.reachableAt) {
throw new Error(`Exit node with ID ${exitNodeId} is not reachable`);
}
try { return await sendToExitNode(exitNode, {
const response = await axios.post( remoteType: "remoteExitNode/peers/add",
`${exitNode.reachableAt}/peer`, localPath: "/peer",
peer, method: "POST",
{ data: peer
headers: { });
"Content-Type": "application/json"
}
}
);
logger.info("Peer added successfully:", { peer: response.data.status });
return response.data;
} catch (error) {
if (axios.isAxiosError(error)) {
logger.error(
`Error adding peer (can Pangolin see Gerbil HTTP API?) for exit node at ${exitNode.reachableAt} (status: ${error.response?.status}): ${error.message}`
);
} else {
logger.error(
`Error adding peer for exit node at ${exitNode.reachableAt}: ${error}`
);
}
}
} }
export async function deletePeer(exitNodeId: number, publicKey: string) { export async function deletePeer(exitNodeId: number, publicKey: string) {
@ -64,24 +43,16 @@ export async function deletePeer(exitNodeId: number, publicKey: string) {
if (!exitNode) { if (!exitNode) {
throw new Error(`Exit node with ID ${exitNodeId} not found`); throw new Error(`Exit node with ID ${exitNodeId} not found`);
} }
if (!exitNode.reachableAt) {
throw new Error(`Exit node with ID ${exitNodeId} is not reachable`); return await sendToExitNode(exitNode, {
} remoteType: "remoteExitNode/peers/remove",
try { localPath: "/peer",
const response = await axios.delete( method: "DELETE",
`${exitNode.reachableAt}/peer?public_key=${encodeURIComponent(publicKey)}` data: {
); publicKey: publicKey
logger.info("Peer deleted successfully:", response.data.status); },
return response.data; queryParams: {
} catch (error) { public_key: publicKey
if (axios.isAxiosError(error)) {
logger.error(
`Error deleting peer (can Pangolin see Gerbil HTTP API?) for exit node at ${exitNode.reachableAt} (status: ${error.response?.status}): ${error.message}`
);
} else {
logger.error(
`Error deleting peer for exit node at ${exitNode.reachableAt}: ${error}`
);
} }
} });
} }

63
server/routers/newt/handleGetConfigMessage.ts
View file

@ -13,7 +13,7 @@ import {
import { clients, clientSites, Newt, sites } from "@server/db"; import { clients, clientSites, Newt, sites } from "@server/db";
import { eq, and, inArray } from "drizzle-orm"; import { eq, and, inArray } from "drizzle-orm";
import { updatePeer } from "../olm/peers"; import { updatePeer } from "../olm/peers";
import axios from "axios"; import { sendToExitNode } from "../../lib/exitNodeComms";
const inputSchema = z.object({ const inputSchema = z.object({
publicKey: z.string(), publicKey: z.string(),
@ -102,41 +102,28 @@ export const handleGetConfigMessage: MessageHandler = async (context) => {
.from(exitNodes) .from(exitNodes)
.where(eq(exitNodes.exitNodeId, site.exitNodeId)) .where(eq(exitNodes.exitNodeId, site.exitNodeId))
.limit(1); .limit(1);
if (exitNode.reachableAt && existingSite.subnet && existingSite.listenPort) { if (
try { exitNode.reachableAt &&
const response = await axios.post( existingSite.subnet &&
`${exitNode.reachableAt}/update-proxy-mapping`, existingSite.listenPort
{ ) {
oldDestination: { const payload = {
destinationIP: existingSite.subnet?.split("/")[0], oldDestination: {
destinationPort: existingSite.listenPort destinationIP: existingSite.subnet?.split("/")[0],
}, destinationPort: existingSite.listenPort
newDestination: { },
destinationIP: site.subnet?.split("/")[0], newDestination: {
destinationPort: site.listenPort destinationIP: site.subnet?.split("/")[0],
} destinationPort: site.listenPort
},
{
headers: {
"Content-Type": "application/json"
}
}
);
logger.info("Destinations updated:", {
peer: response.data.status
});
} catch (error) {
if (axios.isAxiosError(error)) {
logger.error(
`Error updating proxy mapping (can Pangolin see Gerbil HTTP API?) for exit node at ${exitNode.reachableAt} (status: ${error.response?.status}): ${error.message}`
);
} else {
logger.error(
`Error updating proxy mapping for exit node at ${exitNode.reachableAt}: ${error}`
);
} }
} };
await sendToExitNode(exitNode, {
remoteType: "remoteExitNode/update-proxy-mapping",
localPath: "/update-proxy-mapping",
method: "POST",
data: payload
});
} }
} }
@ -237,7 +224,9 @@ export const handleGetConfigMessage: MessageHandler = async (context) => {
protocol: resources.protocol protocol: resources.protocol
}) })
.from(resources) .from(resources)
.where(and(eq(resources.siteId, siteId), eq(resources.http, false))); .where(
and(eq(resources.siteId, siteId), eq(resources.http, false))
);
// Get all enabled targets for these resources in a single query // Get all enabled targets for these resources in a single query
const resourceIds = resourcesList.map((r) => r.resourceId); const resourceIds = resourcesList.map((r) => r.resourceId);
@ -251,7 +240,7 @@ export const handleGetConfigMessage: MessageHandler = async (context) => {
method: targets.method, method: targets.method,
port: targets.port, port: targets.port,
internalPort: targets.internalPort, internalPort: targets.internalPort,
enabled: targets.enabled, enabled: targets.enabled
}) })
.from(targets) .from(targets)
.where( .where(