mirror/fosrl.pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2025-08-31 15:09:39 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Newt working

Browse source
This commit is contained in:
Owen Schwartz 2024-11-23 16:28:50 -05:00
parent f9e0c33368
commit 0670d48ac7
No known key found for this signature in database
GPG key ID: 8271FDFFD9E0CCBD
7 changed files with 112 additions and 53 deletions
Download patch file Download diff file Expand all files Collapse all files

4
server/routers/gerbil/peers.ts
View file

@ -43,9 +43,7 @@ export async function deletePeer(exitNodeId: number, publicKey: string) {
throw new Error(`Exit node with ID ${exitNodeId} is not reachable`);
}
try {
const response = await axios.delete(`${exitNode.reachableAt}/peer`, {
data: { publicKey } // Send public key in request body
});
const response = await axios.delete(`${exitNode.reachableAt}/peer?public_key=${encodeURIComponent(publicKey)}`);
logger.info('Peer deleted successfully:', response.data.status);
return response.data;
} catch (error) {

29
server/routers/newt/createNewt.ts
View file

@ -13,6 +13,7 @@ import {
generateSessionToken,
} from "@server/auth";
import { createNewtSession } from "@server/auth/newt";
import { fromError } from "zod-validation-error";
export const createNewtBodySchema = z.object({});
@ -24,6 +25,13 @@ export type CreateNewtResponse = {
secret: string;
};
const createNewtSchema = z
.object({
newtId: z.string(),
secret: z.string()
})
.strict();
export async function createNewt(
req: Request,
res: Response,
@ -31,8 +39,25 @@ export async function createNewt(
): Promise<any> {
try {
const parsedBody = createNewtSchema.safeParse(req.body);
if (!parsedBody.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedBody.error).toString()
)
);
}
const { newtId, secret } = parsedBody.data;
if (!req.userOrgRoleId) {
return next(
createHttpError(HttpCode.FORBIDDEN, "User does not have a role")
);
}
// generate a newtId and secret
const secret = generateId(48);
const secretHash = await hash(secret, {
memoryCost: 19456,
timeCost: 2,
@ -40,8 +65,6 @@ export async function createNewt(
parallelism: 1,
});
const newtId = generateId(15);
await db.insert(newts).values({
newtId: newtId,
secretHash,

30
server/routers/newt/handleRegisterMessage.ts
View file

@ -4,8 +4,6 @@ import { exitNodes, resources, sites, targets } from "@server/db/schema";
import { eq, inArray } from "drizzle-orm";
import { addPeer, deletePeer } from "../gerbil/peers";
import logger from "@server/logger";
import { findNextAvailableCidr } from "@server/utils/ip";
import { exit } from "process";
export const handleRegisterMessage: MessageHandler = async (context) => {
const { message, newt, sendToClient } = context;
@ -28,13 +26,18 @@ export const handleRegisterMessage: MessageHandler = async (context) => {
return;
}
// const [site] = await db
// .select()
// .from(sites)
// .where(eq(sites.siteId, siteId))
// .limit(1);
const [site] = await db
.select()
.from(sites)
.where(eq(sites.siteId, siteId))
.limit(1);
if (!site || !site.exitNodeId) {
logger.warn("Site not found or does not have exit node");
return;
}
const [updatedSite] = await db
.update(sites)
.set({
pubKey: publicKey
@ -43,11 +46,6 @@ export const handleRegisterMessage: MessageHandler = async (context) => {
.returning();
if (!site || !site.exitNodeId) {
logger.warn("Site not found or does not have exit node");
return;
}
const [exitNode] = await db
.select()
.from(exitNodes)
@ -100,10 +98,10 @@ export const handleRegisterMessage: MessageHandler = async (context) => {
message: {
type: "newt/wg/connect",
data: {
endpoint: exitNode.endpoint,
endpoint: `${exitNode.endpoint}:${exitNode.listenPort}`,
publicKey: exitNode.publicKey,
serverIP: exitNode.address,
tunnelIP: site.subnet,
serverIP: exitNode.address.split("/")[0],
tunnelIP: site.subnet.split("/")[0],
targets: {
udp: udpTargets,
tcp: tcpTargets,

54
server/routers/site/createSite.ts
View file

@ -10,6 +10,9 @@ import { eq, and } from "drizzle-orm";
import { getUniqueSiteName } from "@server/db/names";
import { addPeer } from "../gerbil/peers";
import { fromError } from "zod-validation-error";
import { hash } from "@node-rs/argon2";
import { newts } from "@server/db/schema";
import moment from "moment";
const createSiteParamsSchema = z.object({
orgId: z.string(),
@ -22,10 +25,14 @@ const createSiteSchema = z
subdomain: z.string().min(1).max(255).optional(),
pubKey: z.string().optional(),
subnet: z.string(),
newtId: z.string().optional(),
secret: z.string().optional(),
type: z.string(),
})
.strict();
export type CreateSiteBody = z.infer<typeof createSiteSchema>;
export type CreateSiteResponse = {
name: string;
siteId: number;
@ -49,7 +56,8 @@ export async function createSite(
);
}
const { name, type, exitNodeId, pubKey, subnet } = parsedBody.data;
const { name, type, exitNodeId, pubKey, subnet, newtId, secret } =
parsedBody.data;
const parsedParams = createSiteParamsSchema.safeParse(req.params);
if (!parsedParams.success) {
@ -80,7 +88,8 @@ export async function createSite(
type,
};
if (pubKey) {
if (pubKey && type == "wireguard") {
// we dont add the pubKey for newts because the newt will generate it
payload = {
...payload,
pubKey,
@ -114,19 +123,34 @@ export async function createSite(
});
}
if (pubKey) {
// add the peer to the exit node
if (type == "newt") {
await addPeer(exitNodeId, {
publicKey: pubKey,
allowedIps: [subnet],
});
} else if (type == "wireguard") {
await addPeer(exitNodeId, {
publicKey: pubKey,
allowedIps: [],
});
// add the peer to the exit node
if (type == "newt") {
const secretHash = await hash(secret!, {
memoryCost: 19456,
timeCost: 2,
outputLen: 32,
parallelism: 1,
});
await db.insert(newts).values({
newtId: newtId!,
secretHash,
siteId: newSite.siteId,
dateCreated: moment().toISOString(),
});
} else if (type == "wireguard") {
if (!pubKey) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"Public key is required for wireguard sites"
)
);
}
await addPeer(exitNodeId, {
publicKey: pubKey,
allowedIps: [],
});
}
return response(res, {
@ -142,7 +166,7 @@ export async function createSite(
status: HttpCode.CREATED,
});
} catch (error) {
logger.error(error);
throw error;
return next(
createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
);

8
server/routers/site/pickSiteDefaults.ts
View file

@ -7,6 +7,7 @@ import HttpCode from "@server/types/HttpCode";
import createHttpError from "http-errors";
import logger from "@server/logger";
import { findNextAvailableCidr } from "@server/utils/ip";
import { generateId } from "@server/auth";
export type PickSiteDefaultsResponse = {
exitNodeId: number;
@ -16,6 +17,8 @@ export type PickSiteDefaultsResponse = {
listenPort: number;
endpoint: string;
subnet: string;
newtId: string;
newtSecret: string;
};
export async function pickSiteDefaults(
@ -60,6 +63,9 @@ export async function pickSiteDefaults(
);
}
const newtId = generateId(15);
const secret = generateId(48);
return response<PickSiteDefaultsResponse>(res, {
data: {
exitNodeId: exitNode.exitNodeId,
@ -69,6 +75,8 @@ export async function pickSiteDefaults(
listenPort: exitNode.listenPort,
endpoint: exitNode.endpoint,
subnet: newSubnet,
newtId,
newtSecret: secret,
},
success: true,
error: false,

2
server/routers/target/createTarget.ts
View file

@ -91,7 +91,7 @@ export async function createTarget(
}
// make sure the target is within the site subnet
if (!isIpInCidr(targetData.ip, site.subnet!)) {
if (site.type == "wireguard" && !isIpInCidr(targetData.ip, site.subnet!)) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,