diff --git a/server/lib/exitNodes/exitNodes.ts b/server/lib/exitNodes/exitNodes.ts
new file mode 100644
index 00000000..7b25873e
--- /dev/null
+++ b/server/lib/exitNodes/exitNodes.ts
@@ -0,0 +1,43 @@
+import { db, exitNodes } from "@server/db";
+import logger from "@server/logger";
+import { eq, and, or } from "drizzle-orm";
+
+export async function privateVerifyExitNodeOrgAccess(
+    exitNodeId: number,
+    orgId: string
+) {
+    const [exitNode] = await db
+    .select()
+    .from(exitNodes)
+    .where(eq(exitNodes.exitNodeId, exitNodeId));
+
+    // For any other type, deny access
+    return { hasAccess: true, exitNode };
+}
+
+export async function listExitNodes(orgId: string, filterOnline = false) {
+    // TODO: pick which nodes to send and ping better than just all of them that are not remote
+    const allExitNodes = await db
+        .select({
+            exitNodeId: exitNodes.exitNodeId,
+            name: exitNodes.name,
+            address: exitNodes.address,
+            endpoint: exitNodes.endpoint,
+            publicKey: exitNodes.publicKey,
+            listenPort: exitNodes.listenPort,
+            reachableAt: exitNodes.reachableAt,
+            maxConnections: exitNodes.maxConnections,
+            online: exitNodes.online,
+            lastPing: exitNodes.lastPing,
+            type: exitNodes.type,
+        })
+        .from(exitNodes);
+
+    // Filter the nodes. If there are NO remoteExitNodes then do nothing. If there are then remove all of the non-remoteExitNodes
+    if (allExitNodes.length === 0) {
+        logger.warn("No exit nodes found!");
+        return [];
+    }
+
+    return allExitNodes;
+}
diff --git a/server/lib/exitNodes/index.ts b/server/lib/exitNodes/index.ts
new file mode 100644
index 00000000..b29bce93
--- /dev/null
+++ b/server/lib/exitNodes/index.ts
@@ -0,0 +1 @@
+export * from "./privateExitNodes";
\ No newline at end of file