mirror/fosrl.pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2025-09-01 07:20:06 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Handle relaying change values in gerbil

Browse source
This commit is contained in:
Owen 2025-07-24 20:47:39 -07:00
parent 59cb06acf4
commit 5f75813e84
No known key found for this signature in database
GPG key ID: 8271FDFFD9E0CCBD
2 changed files with 104 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

40
server/routers/gerbil/updateHolePunch.ts
View file

@ -45,7 +45,6 @@ export async function updateHolePunch(
const { olmId, newtId, ip, port, timestamp, token } = parsedParams.data; const { olmId, newtId, ip, port, timestamp, token } = parsedParams.data;
let currentSiteId: number | undefined; let currentSiteId: number | undefined;
let destinations: PeerDestination[] = []; let destinations: PeerDestination[] = [];
@ -174,28 +173,29 @@ export async function updateHolePunch(
} }
// Find all clients that connect to this site // Find all clients that connect to this site
const sitesClientPairs = await db // const sitesClientPairs = await db
.select() // .select()
.from(clientSites) // .from(clientSites)
.where(eq(clientSites.siteId, newt.siteId)); // .where(eq(clientSites.siteId, newt.siteId));
// THE NEWT IS NOT SENDING RAW WG TO THE GERBIL SO IDK IF WE REALLY NEED THIS - REMOVING
// Get client details for each client // Get client details for each client
for (const pair of sitesClientPairs) { // for (const pair of sitesClientPairs) {
const [client] = await db // const [client] = await db
.select() // .select()
.from(clients) // .from(clients)
.where(eq(clients.clientId, pair.clientId)); // .where(eq(clients.clientId, pair.clientId));
if (client && client.endpoint) { // if (client && client.endpoint) {
const [host, portStr] = client.endpoint.split(':'); // const [host, portStr] = client.endpoint.split(':');
if (host && portStr) { // if (host && portStr) {
destinations.push({ // destinations.push({
destinationIP: host, // destinationIP: host,
destinationPort: parseInt(portStr, 10) // destinationPort: parseInt(portStr, 10)
}); // });
} // }
} // }
} // }
// If this is a newt/site, also add other sites in the same org // If this is a newt/site, also add other sites in the same org
// if (updatedSite.orgId) { // if (updatedSite.orgId) {

100
server/routers/newt/handleGetConfigMessage.ts
View file

@ -2,10 +2,11 @@ import { z } from "zod";
import { MessageHandler } from "../ws"; import { MessageHandler } from "../ws";
import logger from "@server/logger"; import logger from "@server/logger";
import { fromError } from "zod-validation-error"; import { fromError } from "zod-validation-error";
import { db } from "@server/db"; import { db, ExitNode, exitNodes } from "@server/db";
import { clients, clientSites, Newt, sites } from "@server/db"; import { clients, clientSites, Newt, sites } from "@server/db";
import { eq } from "drizzle-orm"; import { eq } from "drizzle-orm";
import { updatePeer } from "../olm/peers"; import { updatePeer } from "../olm/peers";
import axios from "axios";
const inputSchema = z.object({ const inputSchema = z.object({
publicKey: z.string(), publicKey: z.string(),
@ -54,7 +55,7 @@ export const handleGetConfigMessage: MessageHandler = async (context) => {
logger.warn("handleGetConfigMessage: Site not found"); logger.warn("handleGetConfigMessage: Site not found");
return; return;
} }
// we need to wait for hole punch success // we need to wait for hole punch success
if (!existingSite.endpoint) { if (!existingSite.endpoint) {
logger.warn(`Site ${existingSite.siteId} has no endpoint, skipping`); logger.warn(`Site ${existingSite.siteId} has no endpoint, skipping`);
@ -87,6 +88,48 @@ export const handleGetConfigMessage: MessageHandler = async (context) => {
return; return;
} }
let exitNode: ExitNode | undefined;
if (site.exitNodeId) {
[exitNode] = await db
.select()
.from(exitNodes)
.where(eq(exitNodes.exitNodeId, site.exitNodeId))
.limit(1);
if (exitNode.reachableAt) {
try {
const response = await axios.post(
`${exitNode.reachableAt}/update-proxy-mapping`,
{
oldDestination: {
destinationIP: existingSite.subnet?.split("/")[0],
destinationPort: existingSite.listenPort
},
newDestination: {
destinationIP: site.subnet?.split("/")[0],
destinationPort: site.listenPort
}
},
{
headers: {
"Content-Type": "application/json"
}
}
);
logger.info("Destinations updated:", {
peer: response.data.status
});
} catch (error) {
if (axios.isAxiosError(error)) {
throw new Error(
`Error communicating with Gerbil. Make sure Pangolin can reach the Gerbil HTTP API: ${error.response?.status}`
);
}
throw error;
}
}
}
// Get all clients connected to this site // Get all clients connected to this site
const clientsRes = await db const clientsRes = await db
.select() .select()
@ -107,33 +150,58 @@ export const handleGetConfigMessage: MessageHandler = async (context) => {
if (!client.clients.endpoint) { if (!client.clients.endpoint) {
return false; return false;
} }
if (!client.clients.online) {
return false;
}
return true; return true;
}) })
.map(async (client) => { .map(async (client) => {
// Add or update this peer on the olm if it is connected // Add or update this peer on the olm if it is connected
try { try {
if (site.endpoint && site.publicKey) { if (!site.publicKey) {
await updatePeer(client.clients.clientId, { logger.warn(
siteId: site.siteId, `Site ${site.siteId} has no public key, skipping`
endpoint: site.endpoint, );
publicKey: site.publicKey, return null;
serverIP: site.address,
serverPort: site.listenPort
});
} }
let endpoint = site.endpoint;
if (client.clientSites.isRelayed) {
if (!site.exitNodeId) {
logger.warn(
`Site ${site.siteId} has no exit node, skipping`
);
return null;
}
if (!exitNode) {
logger.warn(
`Exit node not found for site ${site.siteId}`
);
return null;
}
endpoint = `${exitNode.endpoint}:21820`;
}
if (!endpoint) {
logger.warn(
`Site ${site.siteId} has no endpoint, skipping`
);
return null;
}
await updatePeer(client.clients.clientId, {
siteId: site.siteId,
endpoint: endpoint,
publicKey: site.publicKey,
serverIP: site.address,
serverPort: site.listenPort
});
} catch (error) { } catch (error) {
logger.error( logger.error(
`Failed to add/update peer ${client.clients.pubKey} to newt ${newt.newtId}: ${error}` `Failed to add/update peer ${client.clients.pubKey} to olm ${newt.newtId}: ${error}`
); );
} }
return { return {
publicKey: client.clients.pubKey!, publicKey: client.clients.pubKey!,
allowedIps: [`${client.clients.subnet.split('/')[0]}/32`], // we want to only allow from that client allowedIps: [`${client.clients.subnet.split("/")[0]}/32`], // we want to only allow from that client
endpoint: client.clientSites.isRelayed endpoint: client.clientSites.isRelayed
? "" ? ""
: client.clients.endpoint! // if its relayed it should be localhost : client.clients.endpoint! // if its relayed it should be localhost